Hope this issue is the way to go, as the security vulnerability itself is not owned by SAP but only used in this repository.
Current Behavior
A github bot / npm security warning due to dependency "micromatch" 4.0.7 in ui5/cli is failing our builds (Whitesource ccompliance). We are using ui5/cli 3.11.1 but it seems the same issue occurs in ui5/cli 4.0.5.
Expected Behavior
No security finding is found by github, by unpinning micromatch 4.0.7 / increasing to 4.0.8
If possible for a ui5 cli version 3.X.X, likely 3.11.2, as we cannot update yet to 4.X.X.
Steps to Reproduce the Issue
Create a new project using ui5/cli via npm
Commit project to github with dependency checks enabled
See security tab
Context
Micromatch 4.0.7 used and pinned by ui5/cli 3.11.1 - 4.0.5
Hope this issue is the way to go, as the security vulnerability itself is not owned by SAP but only used in this repository.
Current Behavior
A github bot / npm security warning due to dependency "micromatch" 4.0.7 in ui5/cli is failing our builds (Whitesource ccompliance). We are using ui5/cli 3.11.1 but it seems the same issue occurs in ui5/cli 4.0.5.
Expected Behavior
No security finding is found by github, by unpinning micromatch 4.0.7 / increasing to 4.0.8 If possible for a ui5 cli version 3.X.X, likely 3.11.2, as we cannot update yet to 4.X.X.
Steps to Reproduce the Issue
Context