security: update micromatch dependency to address CVE#19665
security: update micromatch dependency to address CVE#19665stecurran-est-tech wants to merge 1 commit intotailwindlabs:mainfrom
Conversation
This updates the micromatch dependency using override from 4.0.7 to 4.0.8 to address CVE-2024-4067 Changes: - Added pnpm override for micromatch 4.0.8 - Resolved pnpm-lock.yaml Testing: - Ran 'pnpm install' to verify lockfile resolution - Ran 'pnpm build' to ensure all packages build successfully - Ran 'pnpm test', 'pnpm test:integrations', 'pnpm test:ui' to verify all existing tests pass
WalkthroughThe pull request modifies the package.json file by adding an overrides block to the package manager configuration. This block pins the micromatch dependency to version 4.0.8. The change is added alongside existing patchedDependencies entries. This update affects runtime dependency resolution, ensuring that micromatch resolves to the specified version regardless of transitive dependency versions. The change introduces 3 new lines and does not alter the control flow or behavioral logic of the codebase. 🚥 Pre-merge checks | ✅ 2✅ Passed checks (2 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. No actionable comments were generated in the recent review. 🎉 Tip Issue Planner is now in beta. Read the docs and try it out! Share your feedback on Discord. Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
1 participant
Summary
This updates the micromatch dependency using override from 4.0.7 to 4.0.8 to address CVE-2024-4067
Changes:
Test plan
Note: pnpm install after override regenerated lock file (pnpm-lock.yaml) - this triggered check of esbuild and updated 0.23.1 -> 0.27.0. Resolved CVE - GHSA-67mh-4wv8-2f99