http-proxy-middleware icon indicating copy to clipboard operation
http-proxy-middleware copied to clipboard

Published 20 hours ago verified publisher icon chimurai

micromatch vulnerable at v4.0.5

Open benjsmi opened this issue 1 month ago • 2 comments

Describe the feature you'd love to see

https://github.com/chimurai/http-proxy-middleware/blob/master/package.json#L93

micromatch is vulnerable at v4.0.5 as per https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-4067. To me, it doesn't look like they are going to cut a new release -- their last commit was in 2019.

So this is a feature request to move to a different matching package -- one that is maintained more regularly or at least isn't vulnerable to this CVE.

Additional context (optional)

No response

benjsmi avatar May 16 '24 14:05 benjsmi