search

micromatch / braces

Faster brace expansion for node.js. Besides being faster, braces is not subject to DoS attacks like minimatch, is more accurate, and has more complete support for Bash 4.3.
https://github.com/jonschlinkert
MIT License
220 stars 61 forks source link

Reduce maxLength default to 10,000 and revert maxSymbols change #40

Closed AaronMoat closed 4 months ago

AaronMoat commented 4 months ago

Loved this comment @jonschlinkert : https://github.com/micromatch/braces/pull/37#issuecomment-2121649614

I have a bias for explicit configuration closer to the process - rather than an env var. Are we happy with simply lowering it?

thanhnhan2tn commented 4 months ago

thanks for the merge, however I still see the issue still open, how should we resolve it?

AaronMoat commented 4 months ago

@thanhnhan2tn do you mean the flagged security vulnerability in Snyk/Blackduck/et al? You'll need to talk to your security vendor and have them fix it on their end, as maintainers of OSS software cannot do that for you