Dependency vulnerability with CVSS 7.5 with braces v3.0.2

paulmillr / chokidar

Minimal and efficient cross-platform file watching library

https://paulmillr.com

MIT License

10.8k stars 574 forks source link

Dependency vulnerability with CVSS 7.5 with braces v3.0.2 #1331

Closed xLexip closed 2 months ago

xLexip commented 2 months ago

~~The latest version of this project uses braces v3.0.2 which is vulnerable to CVE-2024-4068. Severity 7.5 (high).~~ ~~The issue was fixed with braces#40 in a patch release (v3.0.3).~~

~~Please consider updating braces from v3.0.2 to v3.0.3 as chokidar forwards this vulnerability to other projects like @wdio/cli.~~

paulmillr commented 2 months ago

learn how version ranges work

xLexip commented 2 months ago

My bad. 🤡 I trusted npm ls too much.