fix: replacing micromatch with minimatch due to CVEs

snyk / nodejs-lockfile-parser

Generate a Snyk dependency tree from package-lock.json or yarn.lock file

Other

59 stars 28 forks source link

fix: replacing micromatch with minimatch due to CVEs #226

Closed dotkas closed 4 months ago

dotkas commented 4 months ago

There's a bunfight going on over at Micromatch, to which I won't link, as it will show up in their conversation, but the link is https://github.com/micromatch/micromatch and the issue is 243 in case you're interested.

In any event that looks like it will never be sorted any time soon, so let's just fix the paperwork the easy way.

CLAassistant commented 4 months ago

All committers have signed the CLA.

dotkas commented 4 months ago

Looks like a fix was released, dropping this.