High Severity Mend Vulnerability

cap-js-community / odata-v2-adapter

OData V2 adapter for CDS. Exposes a full-fledged OData V2 service, converting OData V2 requests to CDS OData V4 service calls and responses back.

https://www.npmjs.com/package/@cap-js-community/odata-v2-adapter

Apache License 2.0

23 stars 8 forks source link

High Severity Mend Vulnerability #62

Closed krishraheja-sap closed 1 month ago

krishraheja-sap commented 1 month ago

Hi Colleague,

There is a High severity mend vulnerability for micromatch library in @cap-js-community/odata-v2-adapter 1.13.1. Please refer to below screenshot for your reference.

Please do the needful and provide a fix for the same.

Best Regards Krishan

oklemenz2 commented 1 month ago

Fixed with https://github.com/micromatch/micromatch/releases/tag/4.0.8
Currently no more current release of http-proxy-middleware with min dependency of 4.0.8
But: http-proxy-middleware has an open dependency, so an npm update for customer project will update to 4.0.8
So consumer can fix this issue automatically, by updating his package-lock
I will update all dependencies, once available...
Is considered in addition as low-priority issue by micro match
So no further action here
Close