minimatch ReDoS vulnerability #18053
Labels
CMS Team
CMS Product team that manages both editor exp and devops
content-build
Defect
Something isn't working (issue type)
Description
This is partly a discovery ticket. If you find this is blocked because of version issues, especially with node please annotate that in the Confluence page and here in the ticket.
3 versions of minimatch are installed. The oldest “0.3.0” is required by 4 other dependencies. We will need to untangle that a bit before we can remove 0.3.0 in favor of one of the more recent patched versions.
This is also needed for metalsmith-assets@0.1.0 requires minimatch@0.3.0 via recursive-readdir@1.3.0
need upgraded metalsmith-assets
Acceptance Criteria
The text was updated successfully, but these errors were encountered: