Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

outdated dependency - minimatch:3.0.4 #832

Closed
txk0705 opened this issue Apr 18, 2022 · 2 comments
Closed

outdated dependency - minimatch:3.0.4 #832

txk0705 opened this issue Apr 18, 2022 · 2 comments
Assignees
@kirill-ivlev
Labels
Area: TaskLib bug

Comments

@txk0705
Copy link

txk0705 commented Apr 18, 2022
edited
Loading

Please check our current Issues to see if someone already reported this https://github.com/Microsoft/azure-pipelines-task-lib/issues.

Environment

azure-pipelines-task-lib version: 3.2.0

Issue Description

minimatch:3.0.4 is out dated and has vulnerabilities requires to update to latest version. it is no more supported. Outdated library blocks azure task lib installation due to security policies now.

Logs

Audit log:
High minimatch minimatch.js braceExpand() Function Improper
Regular Expression DoS
Package minimatch
Patched in 3.0.5
Dependency of azure-pipelines-task-lib
Path azure-pipelines-task-lib > minimatch
More info https://nodesecurity.io/advisories/198521
@txk0705 txk0705 changed the title outdated dependency - minimatch:3.0.2 outdated dependency - minimatch:3.0.4 Apr 18, 2022
@SvetlanaMaliugina
Copy link
Contributor

Hi @txk0705. We will take a look at this issue in near time.

@kirill-ivlev kirill-ivlev mentioned this issue May 2, 2022
Merged
@kirill-ivlev kirill-ivlev self-assigned this May 25, 2022
@kirill-ivlev
Copy link
Contributor

Changes were merged.

@mmrazik could you please publish a new version of task-lib?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@kirill-ivlev kirill-ivlev

Labels
Area: TaskLib bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@txk0705 @SvetlanaMaliugina @kirill-ivlev