Security Issue with Minimatch (Update Minimatch) #83
Comments
|
would be great if the team can help to apply this patch. Our team tested with minimatch 3.0.5 and it works with recursive-readdir. |
|
In our react project, react-dev-utils has a transitive dependency on recursive-readdir which uses minimatch 3.0.4 vulnerable version. Maintainer, could you please upgrade minimatch to the latest version? |
|
See #85 (comment) re: npm overrides example workaround |
|
Resolved #85 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Description
recursive-readdir depends on minimatch which includes a security vulnerability described here
Steps to Reproduce
N/A
Expected behavior:
Passes security scans (Prisma Cloud)
Actual behavior:
Fails security scans
Reproduces how often: [What percentage of the time does it reproduce?]
100%
Versions
All
Additional Information
https://huntr.dev/bounties/e4e1393c-d590-4492-9f43-8be3f3321629/
isaacs/minimatch#146
The text was updated successfully, but these errors were encountered: