Skip to content

Update micromatch to 4.8.0to fix cve issue #1597

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 3 commits into
base: main
Choose a base branch
from

remover webpack dev serve

cb6cbdc
Select commit
Loading
Failed to load commit list.
Open

Update micromatch to 4.8.0to fix cve issue #1597

remover webpack dev serve
cb6cbdc
Select commit
Loading
Failed to load commit list.
Mend for GitHub.com / Mend Security Check failed Jul 8, 2025 in 2m 36s

Security Report

You have successfully remediated 12 vulnerabilities, but introduced 3 new vulnerabilities in this branch.

❌ New vulnerabilities:

Vulnerability Severity CVSS Score Vulnerable Library Suggested Fix Issue
CVE-2021-33587

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> postcss-inline-svg-5.0.0.tgz (Root Library)

   -> css-select-3.1.2.tgz

     -> ❌ css-what-4.0.0.tgz (Vulnerable Library)

High 7.5 css-what-4.0.0.tgz Upgrade to version: css-what - 5.0.1 None
CVE-2024-11831

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> terser-webpack-plugin-4.2.3.tgz (Root Library)

   -> ❌ serialize-javascript-5.0.1.tgz (Vulnerable Library)

Medium 5.4 serialize-javascript-5.0.1.tgz Upgrade to version: serialize-javascript - 6.0.2 None
CVE-2024-47764

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> sass-lint-auto-fix-0.21.2.tgz (Root Library)

   -> node-5.30.0.tgz

     -> ❌ cookie-0.4.2.tgz (Vulnerable Library)

Medium 5.3 cookie-0.4.2.tgz Upgrade to version: cookie - 0.7.0 #1445

✔️ Remediated vulnerabilities:

Vulnerability Vulnerable Library
CVE-2024-29415 ip-2.0.1.tgz
CVE-2024-11831 serialize-javascript-3.1.0.tgz
CVE-2024-4067 micromatch-4.0.5.tgz
CVE-2024-4067 micromatch-3.1.10.tgz
CVE-2025-25285 endpoint-6.0.12.tgz
CVE-2024-4067 micromatch-4.0.2.tgz
CVE-2025-25289 request-error-2.1.0.tgz
CVE-2025-25288 plugin-paginate-rest-2.21.3.tgz
CVE-2024-47764 cookie-0.4.1.tgz
CVE-2025-27789 helpers-7.21.0.tgz
CVE-2025-5889 brace-expansion-2.0.1.tgz
CVE-2025-25290 request-5.6.3.tgz

Base branch total remaining vulnerabilities: 16
Base branch commit: e825f8554ee1bff52aee352a2b5a181afd187152


Total libraries scanned: 2044

Scan token: 125c32525fa24d5188f173e52683d412

View more details on Mend for GitHub.com