vite-pwa / vite-plugin-pwa

Zero-config PWA for Vite
https://vite-pwa-org.netlify.app/
MIT License
3.23k stars 210 forks source link

Uncontrolled resource consumption in braces - https://github.com/advisories/GHSA-grv7-fg5c-xmjg #724

Closed fabianszabo closed 2 months ago

fabianszabo commented 4 months ago
# npm audit report

braces  <3.0.3
Severity: high
Uncontrolled resource consumption in braces - https://github.com/advisories/GHSA-grv7-fg5c-xmjg

npm explain braces prints this:

braces@3.0.2 dev
node_modules/braces
  braces@"^3.0.2" from micromatch@4.0.5
  node_modules/micromatch
    micromatch@"^4.0.4" from fast-glob@3.3.2
    node_modules/fast-glob
      fast-glob@"^3.3.2" from vite-plugin-pwa@0.20.0
      node_modules/vite-plugin-pwa
        dev vite-plugin-pwa@"^0.20.0" from the root project
fabianszabo commented 2 months ago

Fixed in:

Released in v0.20.1