bash-language-server icon indicating copy to clipboard operation
bash-language-server copied to clipboard
verified publisher icon bash-lsp

Update pnpm-lock to address CVE issues

Open cryptomilk opened this issue 1 year ago • 0 comments

There are two security vulnerabilities in packages which are listed in pnpm-lock files:

pnpm-lock.yaml 635: micromatch: 4.0.5 pnpm-lock.yaml 1358: /[email protected]:

micromatch: https://devhub.checkmarx.com/cve-details/CVE-2024-4067/

braces: https://devhub.checkmarx.com/cve-details/CVE-2024-4068/

In order to address them the pnpm-locks files need to be updated so braces 3.0.3 and micromatch 4.0.6 are used.

cryptomilk avatar Jun 17 '24 09:06 cryptomilk