•  
      request #39336 Ignore micromatch CVE-2024-4067
    Infos
    #39336
    Thomas Gerbet (tgerbet)
    2024-08-22 12:24
    2024-08-22 10:08
    40963
    Details
    Ignore micromatch CVE-2024-4067

    We only use it during development on trusted inputs so a ReDoS issue is not really problematic.

    I would prefer to upgrade anyway but they have weird things with their tags and the fix is not part of something that has been released/tagged.

    https://github.com/micromatch/micromatch/pull/247#issuecomment-2275665010

    Dev tools
    Empty
    Empty
    • [ ] enhancement
    • [ ] internal improvement
    Empty
    Stage
    Thomas Gerbet (tgerbet)
    Closed
    2024-08-22
    Attachments
    Empty
    References

    Follow-ups