Skip to content

This is not an issue but with High Vulnerable on one of dependency #165

Open
Open
This is not an issue but with High Vulnerable on one of dependency#165
@brendonco

Description

@brendonco
brendonco
opened on Feb 22, 2022

Any plan on upgrading minimatch to latest to fix the vulnerable library?

Serve relies on serve-handler version 6.1.3.

https://github.com/vercel/serve/blob/13.0.2/package.json#L46

                  Regular Expression DoS

  Package         minimatch

  Patched in      3.0.5

  Dependency of   serve [dev]

  Path            serve > serve-handler > minimatch

  More info       https://github.com/isaacs/minimatch/commit/707e1b231d5ddf5b```

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions