Skip to content

npm audit fix to address minmatch vulnerability#12

Merged
stevendborrelli merged 1 commit intocrossplane:mainfrom
stevendborrelli:2026-03-03-audit-fix
Mar 3, 2026
Merged

npm audit fix to address minmatch vulnerability#12
stevendborrelli merged 1 commit intocrossplane:mainfrom
stevendborrelli:2026-03-03-audit-fix

Conversation

@stevendborrelli
Copy link
Member

@stevendborrelli stevendborrelli commented Mar 3, 2026
edited
Loading

Description of your changes

Update mismatch packages to address vulnerability. After update npm audit report will report found 0 vulnerabilities.

# npm audit report

minimatch  10.0.0 - 10.2.2
Severity: high
minimatch has ReDoS: matchOne() combinatorial backtracking via multiple non-adjacent GLOBSTAR segments - https://github.com/advisories/GHSA-7r86-cg39-jmmj
minimatch ReDoS: nested *() extglobs generate catastrophically backtracking regular expressions - https://github.com/advisories/GHSA-23c5-xmqv-rm74
fix available via `npm audit fix`
node_modules/minimatch

1 high severity vulnerability

Fixes #

I have:

@stevendborrelli
npm audit fix to address vulns
0f6b980 
Signed-off-by: Steven Borrelli <steve@borrelli.org>
@stevendborrelli stevendborrelli merged commit 35d01f8 into crossplane:main Mar 3, 2026
7 checks passed
@stevendborrelli stevendborrelli deleted the 2026-03-03-audit-fix branch March 3, 2026 09:06
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@stevendborrelli