[GHSA-3ppc-4f35-3m26] minimatch has a ReDoS via repeated wildcards with non-matching literal in pattern#7003
[GHSA-3ppc-4f35-3m26] minimatch has a ReDoS via repeated wildcards with non-matching literal in pattern#7003
Conversation
|
Hi there @isaacs! A community member has suggested an improvement to your security advisory. If approved, this change will affect the global advisory listed at github.com/advisories. It will not affect the version listed in your project repository. This change will be reviewed by our Security Curation Team. If you have thoughts or feedback, please share them in a comment here! If this PR has already been closed, you can start a new community contribution for this advisory |
|
whoops, duplicate of #7002. |
There was a problem hiding this comment.
Pull request overview
This PR updates the security advisory for minimatch (GHSA-3ppc-4f35-3m26), a ReDoS vulnerability affecting multiple versions of the npm package. The changes correct the initial version range and add backported patch information for versions 3 through 9.
Changes:
- Corrects the minimum affected version from "0" to "10.0.0" for the v10.x range
- Adds seven new version range objects covering minimatch versions 3.x through 9.x, each with their respective fixed versions
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
2 participants
Updates
Comments
v3 - v9 had backports published.