tailwindcss-3.4.10.tgz: 2 vulnerabilities (highest severity is: 7.5)

[fedu]

What version of Tailwind CSS are you using?

3.4.10

What build tool (or framework if it abstracts the build tool) are you using?

Mend security scan

What version of Node.js are you using?

v20.9.0

What browser are you using?

Chrome

What operating system are you using?

Windows

Info

Describe your issue

I'm getting Mend security warning for braces and micromatch from Mend security scan. If this something that needs to fixed into this package or is there a workaround?

CVE-2024-4068

High
7.5
braces-3.0.2.tgz
Transitive
N/A*
❌

CVE-2024-4067

High
7.5
micromatch-4.0.5.tgz
Transitive
N/A*
❌

[thecrypticace]

micromatch v4.0.8 has the fix for this and will be installed alongside any new instals of Tailwind CSS — there's nothing we need to do to support this.

Running npm upgrade micromatch in your project should address the problems.

[fedu]

pnpm upgrade micromatch braces did the trick 👍

For Information:

chokidar still has older braces

└─┬ tailwindcss@3.4.11
├─┬ chokidar@3.5.3
│ └── braces@3.0.2
└─┬ micromatch@4.0.7
└── braces@3.0.3