You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I found minimatch v3.0.4 currently resolved version by the latest glob contains an RDOS vulnerability: https://www.huntr.dev/bounties/e4e1393c-d590-4492-9f43-8be3f3321629/ . Since critical changes in v3.0.5 (isaacs/minimatch#153) the minimatch version will not update itself (glob package.json accepts only patch versions updates). Do you plan to upgrade minimatch dependencies to v3.0.5 or higher?
The text was updated successfully, but these errors were encountered:
I see the new release tag 7.2.1 which has the changes for minimatch. And its not pushed to npm registry. When can we expect this version to be pushed to registry?
I found minimatch v3.0.4 currently resolved version by the latest glob contains an RDOS vulnerability: https://www.huntr.dev/bounties/e4e1393c-d590-4492-9f43-8be3f3321629/ . Since critical changes in v3.0.5 (isaacs/minimatch#153) the minimatch version will not update itself (glob package.json accepts only patch versions updates). Do you plan to upgrade minimatch dependencies to v3.0.5 or higher?
The text was updated successfully, but these errors were encountered: