Is there an existing issue for this?
How do you use Sentry?
Sentry Saas (sentry.io)
Which SDK are you using?
@sentry/node - express
SDK Version
latest
Framework Version
No response
Link to Sentry event
No response
Reproduction Example/SDK Setup
Sentry/node depends on a vulnerable minimatch version, which has a high CVE score.
Please update to >=10.2.1
See: GHSA-3ppc-4f35-3m26
Steps to Reproduce
Run npm audit --omit=dev
Expected Result
no vulnerabilities
Actual Result
minimatch high vulnerability is shown
Additional Context
No response
Priority
React with 👍 to help prioritize this issue. Please use comments to provide useful context, avoiding +1 or me too, to help us triage it.
Is there an existing issue for this?
How do you use Sentry?
Sentry Saas (sentry.io)
Which SDK are you using?
@sentry/node - express
SDK Version
latest
Framework Version
No response
Link to Sentry event
No response
Reproduction Example/SDK Setup
Sentry/node depends on a vulnerable minimatch version, which has a high CVE score.
Please update to >=10.2.1
See: GHSA-3ppc-4f35-3m26
Steps to Reproduce
Run
npm audit --omit=devExpected Result
no vulnerabilities
Actual Result
minimatch high vulnerability is shown
Additional Context
No response
Priority
React with 👍 to help prioritize this issue. Please use comments to provide useful context, avoiding
+1orme too, to help us triage it.