serve-handler This is not an issue but with High Vulnerable on one of dependency

This is not an issue but with High Vulnerable on one of dependency

Open brendonco opened this issue 3 years ago • 0 comments

Any plan on upgrading minimatch to latest to fix the vulnerable library?

Serve relies on serve-handler version 6.1.3.

https://github.com/vercel/serve/blob/13.0.2/package.json#L46

                  Regular Expression DoS

  Package         minimatch

  Patched in      3.0.5

  Dependency of   serve [dev]

  Path            serve > serve-handler > minimatch

  More info       https://github.com/isaacs/minimatch/commit/707e1b231d5ddf5b```

Feb 22 '22 07:02 brendonco

serve-handler serve-handler copied to clipboard

This is not an issue but with High Vulnerable on one of dependency

serve-handler
serve-handler copied to clipboard