search

mysticatea / npm-run-all

A CLI tool to run multiple npm-scripts in parallel or sequential.
MIT License
5.72k stars 240 forks source link

OWASP Dependency scan results #247

Open luidude opened 1 year ago

luidude commented 1 year ago

minimatch v3.0.4 triggering this waring in our vulnerabiilty scans.

https://nvd.nist.gov/vuln/detail/CVE-2022-3517#:~:text=A%20vulnerability%20was%20found%20in,in%20a%20Denial%20of%20Service.

levpachmanov commented 10 months ago

Hey @luidude, We're part of a startup called Seal Security that mitigates software vulnerabilities in older open source versions by backporting/creating standalone security patches - enabling more straightforward remediation in cases like this. We created an minimatch 3.0.4-sp1 that's vulnerability-free. As with all of our patches, it's open-source and available for free.

If relevant, check out our GitHub repo if you wish to learn more, or start using our app.

Please feel free to reach us at info@seal.security if you have any requests/questions.