You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
So this is a feature request to move to a different matching package -- one that is maintained more regularly or at least isn't vulnerable to this CVE.
Additional context (optional)
No response
The text was updated successfully, but these errors were encountered:
To get some facts right: micromatch last commit dates 2 months ago (March 28th 2024) (not 2019 like you mentioned).
See commit: micromatch/micromatch@6b3526f
Please follow threads in micromatch with ongoing updates:
Describe the feature you'd love to see
https://github.com/chimurai/http-proxy-middleware/blob/master/package.json#L93
micromatch
is vulnerable at v4.0.5 as per https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-4067. To me, it doesn't look like they are going to cut a new release -- their last commit was in 2019.So this is a feature request to move to a different matching package -- one that is maintained more regularly or at least isn't vulnerable to this CVE.
Additional context (optional)
No response
The text was updated successfully, but these errors were encountered: