MikelArnaiz
commented
3 weeks ago +1 keeping micromatch at version "4.0.2" it's a security vulnerability
https://github.com/juliuscc/semantic-release-slack-bot/pull/123
Open carlosjgp opened 1 month ago
MikelArnaiz
commented
3 weeks ago +1 keeping micromatch at version "4.0.2" it's a security vulnerability
https://github.com/juliuscc/semantic-release-slack-bot/pull/123
gazpachu
commented
3 weeks ago @juliuscc @tripodsan I understand you might be busy with other things, but the semantic-release community needs to move forward. This issue has been around since June. Are you still committed to maintaining this repository? if not, would you be willing to transfer the ownership to someone else with time to fix it? Thanks
arnaudbesnier
commented
1 week ago In the meantime, this is the workaround we decided to apply to all the repositories of our organization:
"resolutions": {
"semantic-release-slack-bot/**/micromatch": "^4.0.8"
},We are using Yarn. ๐งถ Using NPM, overrides is probably the way to go.
https://app.circleci.com/jobs/github/juliuscc/semantic-release-slack-bot/520
https://github.com/juliuscc/semantic-release-slack-bot/commit/34e721ad6d38d73ee793e941ff037df13e51df7c