Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

update fast-glob 3.3.2 which will fix micromatch 4.0.8 dependency (ReDoS) issue #14696

Closed
zanuka opened this issue Oct 17, 2024 · 1 comment
Closed

update fast-glob 3.3.2 which will fix micromatch 4.0.8 dependency (ReDoS) issue #14696

zanuka opened this issue Oct 17, 2024 · 1 comment
Assignees
@RobinMalfait

Comments

@zanuka
Copy link

zanuka commented Oct 17, 2024
edited
Loading

What version of Tailwind CSS are you using?

3.4.14

What build tool (or framework if it abstracts the build tool) are you using?

Vue 3.4.21, Vite 5.1.5

What version of Node.js are you using?

Node 20.15.1

What browser are you using?

N/A

What operating system are you using?

macOS

Reproduction URL

N/A

Describe your issue

Once this fast-glob PR gets merged: mrmlnc/fast-glob#456

am proposing an update to their next release ( current is 3.3.2 ) and causes the following audit issue

Regular Expression Denial of Service (ReDoS) in micromatch (Severity: moderate)
  - Affected package: micromatch
  - Patched in: >=4.0.8
@RobinMalfait RobinMalfait self-assigned this Oct 17, 2024
@RobinMalfait
Copy link
Member

Hey! This should be fixed by #14697, and will be available in the next release.

You can already try it by using the insiders build npm install tailwindcss@insiders.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@RobinMalfait RobinMalfait

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@zanuka @RobinMalfait