Update pnpm-lock to address CVE issues
cryptomilk opened this issue · 0 comments
cryptomilk commented
There are two security vulnerabilities in packages which are listed in pnpm-lock files:
pnpm-lock.yaml
635: micromatch: 4.0.5
pnpm-lock.yaml
1358: /braces@3.0.2:
micromatch:
https://devhub.checkmarx.com/cve-details/CVE-2024-4067/
braces:
https://devhub.checkmarx.com/cve-details/CVE-2024-4068/
In order to address them the pnpm-locks files need to be updated so braces 3.0.3 and micromatch 4.0.6 are used.