-
-
Notifications
You must be signed in to change notification settings - Fork 142
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
High vulnerability in 'braces' dependency #254
Comments
I encountered the same problem. Maybe Braces team is working on resolving this issue. Refer to micromatch/braces#36 |
|
If anyone is hoping to release software without any knownvulnerabilities this is a problem, however we judge the severity ourselves. The problem exists, colleagues/coworkers/clients/customers of us all will likely be put off by this issue as more and more security tools flag this issue. As the screenshot below indicates, "braces" has not had any updates in 5 years, so maybe micromatch can look at switching to an alternative that is better maintained? |
micromatch is made by braces founders... |
anyways will close it since braces fix is in and we just need to release it. micromatch will autofetch the update. |
Hey Team
Snyk found high vulnerability in your package connected to 'braces' dependency
https://security.snyk.io/vuln/SNYK-JS-BRACES-6838727
https://www.cve.org/CVERecord?id=CVE-2024-4068
Is there any chance to fix it?
The text was updated successfully, but these errors were encountered: