Vulnerability in minimatch 3.0.4

Details: https://nvd.nist.gov/vuln/detail/CVE-2022-3517

The version of `minimatch` is pinned in `package.json`:
https://github.com/vercel/serve-handler/blob/c7a40435bc28b420a725e6dc1e9565d5b845dee2/package.json#L70

Number of weekly package downloads: 2.5M

<img width="381" alt="Screenshot 2022-10-21 at 14 23 36" src="https://user-images.githubusercontent.com/608862/197206203-d191a40b-1273-4109-b967-d934704d99b4.png">

Could you please merge https://github.com/vercel/serve-handler/pull/180 and release a new version? 🙏

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Vulnerability in minimatch 3.0.4 #179

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Vulnerability in minimatch 3.0.4 #179

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions