From d871fd458d90978b704a0a4cdc74d195cc1cf246 Mon Sep 17 00:00:00 2001 From: Krys Wisnaskas Date: Wed, 21 Aug 2024 18:03:12 -0400 Subject: [PATCH 1/4] Fix on demand AR email notifications --- src/lib/mailer/index.js | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/src/lib/mailer/index.js b/src/lib/mailer/index.js index 7463d6471f..aba3b21253 100644 --- a/src/lib/mailer/index.js +++ b/src/lib/mailer/index.js @@ -1014,7 +1014,7 @@ export const processNotificationQueue = () => { notificationQueue.process( EMAIL_ACTIONS.NEEDS_ACTION, transactionQueueWrapper( - notifyApproverAssigned, + notifyChangesRequested, EMAIL_ACTIONS.NEEDS_ACTION, ), ); @@ -1030,7 +1030,7 @@ export const processNotificationQueue = () => { notificationQueue.process( EMAIL_ACTIONS.APPROVED, transactionQueueWrapper( - notifyApproverAssigned, + notifyReportApproved, EMAIL_ACTIONS.APPROVED, ), ); @@ -1038,7 +1038,7 @@ export const processNotificationQueue = () => { notificationQueue.process( EMAIL_ACTIONS.COLLABORATOR_ADDED, transactionQueueWrapper( - notifyApproverAssigned, + notifyCollaboratorAssigned, EMAIL_ACTIONS.COLLABORATOR_ADDED, ), ); @@ -1046,7 +1046,7 @@ export const processNotificationQueue = () => { notificationQueue.process( EMAIL_ACTIONS.RECIPIENT_REPORT_APPROVED, transactionQueueWrapper( - notifyApproverAssigned, + notifyRecipientReportApproved, EMAIL_ACTIONS.RECIPIENT_REPORT_APPROVED, ), ); From 59917570bf363aadbb463ec5cb11e5fd42e77700 Mon Sep 17 00:00:00 2001 From: Krys Wisnaskas Date: Thu, 22 Aug 2024 09:52:28 -0400 Subject: [PATCH 2/4] Add micromatch to resolutions --- frontend/package.json | 3 ++- package.json | 3 ++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/frontend/package.json b/frontend/package.json index 67f8feb690..fe8e4814a4 100644 --- a/frontend/package.json +++ b/frontend/package.json @@ -58,7 +58,8 @@ "sass": "^1.51.0", "url-join": "^4.0.1", "use-deep-compare-effect": "^1.6.1", - "uuid": "^8.3.2" + "uuid": "^8.3.2", + "micromatch": "^4.0.7" }, "engines": { "node": "18.20.3" diff --git a/package.json b/package.json index b00cc95938..d36aa6e824 100644 --- a/package.json +++ b/package.json @@ -129,7 +129,8 @@ "http-cache-semantics": "^4.1.1", "xml2js": "^0.5.0", "semver": "^7.5.3", - "tough-cookie": "^4.1.3" + "tough-cookie": "^4.1.3", + "micromatch": "^4.0.7" }, "eslintConfig": { "extends": [ From e469ac391250800ee819e8e7094b17274a7db154 Mon Sep 17 00:00:00 2001 From: Krys Wisnaskas Date: Thu, 22 Aug 2024 10:15:15 -0400 Subject: [PATCH 3/4] Update yarn.lock --- frontend/yarn.lock | 8 + yarn.lock | 565 +-------------------------------------------- 2 files changed, 20 insertions(+), 553 deletions(-) diff --git a/frontend/yarn.lock b/frontend/yarn.lock index 3764afef1e..ff427e426d 100644 --- a/frontend/yarn.lock +++ b/frontend/yarn.lock @@ -8320,6 +8320,14 @@ micromatch@^4.0.2, micromatch@^4.0.4, micromatch@^4.0.5: braces "^3.0.2" picomatch "^2.3.1" +micromatch@^4.0.7: + version "4.0.7" + resolved "https://registry.yarnpkg.com/micromatch/-/micromatch-4.0.7.tgz#33e8190d9fe474a9895525f5618eee136d46c2e5" + integrity sha512-LPP/3KorzCwBxfeUuZmaR6bG2kdeHSbe0P2tY3FLRU4vYrjYz5hI4QZwV0njUx3jeuKe67YukQ1LSPZBKDqO/Q== + dependencies: + braces "^3.0.3" + picomatch "^2.3.1" + mime-db@1.52.0, "mime-db@>= 1.43.0 < 2": version "1.52.0" resolved "https://registry.yarnpkg.com/mime-db/-/mime-db-1.52.0.tgz#bbabcdc02859f4987301c856e3387ce5ec43bf70" diff --git a/yarn.lock b/yarn.lock index 87e971c9fe..c7cbca146f 100644 --- a/yarn.lock +++ b/yarn.lock @@ -3952,21 +3952,6 @@ aria-query@^4.2.2: "@babel/runtime" "^7.10.2" "@babel/runtime-corejs3" "^7.10.2" -arr-diff@^4.0.0: - version "4.0.0" - resolved "https://registry.yarnpkg.com/arr-diff/-/arr-diff-4.0.0.tgz#d6461074febfec71e7e15235761a329a5dc7c520" - integrity sha512-YVIQ82gZPGBebQV/a8dar4AitzCQs0jjXwMPZllpXMaGjXPYVUawSxQrRsjhjupyVxEvbHgUmIhKVlND+j02kA== - -arr-flatten@^1.1.0: - version "1.1.0" - resolved "https://registry.yarnpkg.com/arr-flatten/-/arr-flatten-1.1.0.tgz#36048bbff4e7b47e136644316c99669ea5ae91f1" - integrity sha512-L3hKV5R/p5o81R7O02IGnwpDmkp6E982XhtbuwSe3O4qOtMMMtodicASA1Cny2U+aCXcNpml+m4dPsvsJ3jatg== - -arr-union@^3.1.0: - version "3.1.0" - resolved "https://registry.yarnpkg.com/arr-union/-/arr-union-3.1.0.tgz#e39b09aea9def866a8f206e288af63919bae39c4" - integrity sha512-sKpyeERZ02v1FeCZT8lrfJq5u6goHCtpTAzPwJYe7c8SPFOboNjNg1vz2L4VTn9T4PQxEx13TbXLmYUcS6Ug7Q== - array-differ@^3.0.0: version "3.0.0" resolved "https://registry.yarnpkg.com/array-differ/-/array-differ-3.0.0.tgz#3cbb3d0f316810eafcc47624734237d6aee4ae6b" @@ -3993,11 +3978,6 @@ array-union@^2.1.0: resolved "https://registry.yarnpkg.com/array-union/-/array-union-2.1.0.tgz#b798420adbeb1de828d84acd8a2e23d3efe85e8d" integrity sha512-HGyxoOTYUyCM6stUe6EJgnd4EoewAI7zMdfqO+kGjnlZmBDz/cR5pf8r/cR4Wq60sL/p0IkcjUEEPwS3GFrIyw== -array-unique@^0.3.2: - version "0.3.2" - resolved "https://registry.yarnpkg.com/array-unique/-/array-unique-0.3.2.tgz#a894b75d4bc4f6cd679ef3244a9fd8f46ae2d428" - integrity sha512-SleRWjh9JUud2wH1hPs9rZBZ33H6T9HOiL0uwGnGx9FpE6wKGyfWugmbkEOIs6qWrZhg0LWeLziLrEwQJhs5mQ== - array.prototype.flat@^1.2.5: version "1.3.0" resolved "https://registry.yarnpkg.com/array.prototype.flat/-/array.prototype.flat-1.3.0.tgz#0b0c1567bf57b38b56b4c97b8aa72ab45e4adc7b" @@ -4083,11 +4063,6 @@ assertion-error-formatter@^3.0.0: pad-right "^0.2.2" repeat-string "^1.6.1" -assign-symbols@^1.0.0: - version "1.0.0" - resolved "https://registry.yarnpkg.com/assign-symbols/-/assign-symbols-1.0.0.tgz#59667f41fadd4f20ccbc2bb96b8d4f7f78ec0367" - integrity sha512-Q+JC7Whu8HhmTdBph/Tq59IoRtoy6KAm5zzPv00WdujX82lbAL8K7WVjne7vdCsAmbF4AYaDOPyO3k0kl8qIrw== - ast-types-flow@^0.0.7: version "0.0.7" resolved "https://registry.yarnpkg.com/ast-types-flow/-/ast-types-flow-0.0.7.tgz#f70b735c6bca1a5c9c22d982c3e39e7feba3bdad" @@ -4127,11 +4102,6 @@ at-least-node@^1.0.0: resolved "https://registry.yarnpkg.com/at-least-node/-/at-least-node-1.0.0.tgz#602cd4b46e844ad4effc92a8011a3c46e0238dc2" integrity sha512-+q/t7Ekv1EDY2l6Gda6LLiX14rU9TV20Wa3ofeQmwPFZbOMo9DXrLbOjFaaclkXKWidIaopwAObQDqwWtGUjqg== -atob@^2.1.2: - version "2.1.2" - resolved "https://registry.yarnpkg.com/atob/-/atob-2.1.2.tgz#6d9517eb9e030d2436666651e86bd9f6f13533c9" - integrity sha512-Wm6ukoaOGJi/73p/cl2GvLjTI5JM1k/O14isD73YML8StrH/7/lRFgmg8nICZgD3bZZvjwCGxtMOD3wWNAu8cg== - available-typed-arrays@^1.0.5: version "1.0.5" resolved "https://registry.yarnpkg.com/available-typed-arrays/-/available-typed-arrays-1.0.5.tgz#92f95616501069d07d10edb2fc37d3e1c65123b7" @@ -4320,19 +4290,6 @@ base64-js@^1.0.2, base64-js@^1.3.1: resolved "https://registry.yarnpkg.com/base64-js/-/base64-js-1.5.1.tgz#1b1b440160a5bf7ad40b650f095963481903930a" integrity sha512-AKpaYlHn8t4SVbOHCy+b5+KKgvR4vrsD8vbvrbiQJps7fKDTkjkDry6ji0rUJjC0kzbNePLwzxq8iypo41qeWA== -base@^0.11.1: - version "0.11.2" - resolved "https://registry.yarnpkg.com/base/-/base-0.11.2.tgz#7bde5ced145b6d551a90db87f83c558b4eb48a8f" - integrity sha512-5T6P4xPgpp0YDFvSWwEZ4NoE3aM4QBQXDzmVbraCkFj8zHM+mba8SyqB5DbZWyR7mYHo6Y7BdQo3MoA4m0TeQg== - dependencies: - cache-base "^1.0.1" - class-utils "^0.3.5" - component-emitter "^1.2.1" - define-property "^1.0.0" - isobject "^3.0.1" - mixin-deep "^1.2.0" - pascalcase "^0.1.1" - bcrypt-pbkdf@^1.0.2: version "1.0.2" resolved "https://registry.yarnpkg.com/bcrypt-pbkdf/-/bcrypt-pbkdf-1.0.2.tgz#a4301d389b6a43f9b67ff3ca11a3f6637e360e9e" @@ -4461,23 +4418,7 @@ brace-expansion@^2.0.1: dependencies: balanced-match "^1.0.0" -braces@^2.3.1: - version "2.3.2" - resolved "https://registry.yarnpkg.com/braces/-/braces-2.3.2.tgz#5979fd3f14cd531565e5fa2df1abfff1dfaee729" - integrity sha512-aNdbnj9P8PjdXU4ybaWLK2IF3jc/EoDYbC7AazW6to3TRsfXxscC9UXOB5iDiEQrkyIbWp2SLQda4+QAa7nc3w== - dependencies: - arr-flatten "^1.1.0" - array-unique "^0.3.2" - extend-shallow "^2.0.1" - fill-range "^4.0.0" - isobject "^3.0.1" - repeat-element "^1.1.2" - snapdragon "^0.8.1" - snapdragon-node "^2.0.1" - split-string "^3.0.2" - to-regex "^3.0.1" - -braces@^3.0.2, braces@~3.0.2: +braces@^3.0.3, braces@~3.0.2: version "3.0.3" resolved "https://registry.yarnpkg.com/braces/-/braces-3.0.3.tgz#490332f40919452272d55a8480adc0c441358789" integrity sha512-yQbXgO/OSZVD2IsiLlro+7Hf6Q18EJrKSEsdoMzKePKXct3gvD8oLcOQdIzGupr5Fj+EDe8gO/lxc1BzfMpxvA== @@ -4674,21 +4615,6 @@ bytes@3.1.2: resolved "https://registry.yarnpkg.com/bytes/-/bytes-3.1.2.tgz#8b0beeb98605adf1b128fa4386403c009e0221a5" integrity sha512-/Nf7TyzTx6S3yRJObOAV7956r8cr2+Oj8AC5dt8wSP3BQAoeX58NoHyCU8P8zGkNXStjTSi6fzO6F0pBdcYbEg== -cache-base@^1.0.1: - version "1.0.1" - resolved "https://registry.yarnpkg.com/cache-base/-/cache-base-1.0.1.tgz#0a7f46416831c8b662ee36fe4e7c59d76f666ab2" - integrity sha512-AKcdTnFSWATd5/GCPRxr2ChwIJ85CeyrEyjRHlKxQ56d4XJMGym0uAiKn0xbLOGOl3+yRpOTi484dVCEc5AUzQ== - dependencies: - collection-visit "^1.0.0" - component-emitter "^1.2.1" - get-value "^2.0.6" - has-value "^1.0.0" - isobject "^3.0.1" - set-value "^2.0.0" - to-object-path "^0.3.0" - union-value "^1.0.0" - unset-value "^1.0.0" - cacheable-lookup@^5.0.3: version "5.0.4" resolved "https://registry.yarnpkg.com/cacheable-lookup/-/cacheable-lookup-5.0.4.tgz#5a6b865b2c44357be3d5ebc2a467b032719a7005" @@ -4913,16 +4839,6 @@ class-transformer@0.4.0: resolved "https://registry.yarnpkg.com/class-transformer/-/class-transformer-0.4.0.tgz#b52144117b423c516afb44cc1c76dbad31c2165b" integrity sha512-ETWD/H2TbWbKEi7m9N4Km5+cw1hNcqJSxlSYhsLsNjQzWWiZIYA1zafxpK9PwVfaZ6AqR5rrjPVUBGESm5tQUA== -class-utils@^0.3.5: - version "0.3.6" - resolved "https://registry.yarnpkg.com/class-utils/-/class-utils-0.3.6.tgz#f93369ae8b9a7ce02fd41faad0ca83033190c463" - integrity sha512-qOhPa/Fj7s6TY8H8esGu5QNpMMQxz79h+urzrNYN6mn+9BnxlDGf5QZ+XeCDsxSjPqsSR56XOZOJmpeurnLMeg== - dependencies: - arr-union "^3.1.0" - define-property "^0.2.5" - isobject "^3.0.0" - static-extend "^0.1.1" - classnames@^2.3.1: version "2.3.2" resolved "https://registry.yarnpkg.com/classnames/-/classnames-2.3.2.tgz#351d813bf0137fcc6a76a16b88208d2560a0d924" @@ -5043,14 +4959,6 @@ collect-v8-coverage@^1.0.0: resolved "https://registry.yarnpkg.com/collect-v8-coverage/-/collect-v8-coverage-1.0.1.tgz#cc2c8e94fc18bbdffe64d6534570c8a673b27f59" integrity sha512-iBPtljfCNcTKNAto0KEtDfZ3qzjJvqE3aTGZsbhjSBlorqpXJlaWWtPO35D+ZImoC3KWejX64o+yPGxhWSTzfg== -collection-visit@^1.0.0: - version "1.0.0" - resolved "https://registry.yarnpkg.com/collection-visit/-/collection-visit-1.0.0.tgz#4bc0373c164bc3291b4d368c829cf1a80a59dca0" - integrity sha512-lNkKvzEeMBBjUGHZ+q6z9pSJla0KWAQPvtzhEV9+iGyQYG+pBpl7xKDhxoNSOZH2hhv0v5k0y2yAM4o4SjoSkw== - dependencies: - map-visit "^1.0.0" - object-visit "^1.0.0" - color-convert@^1.9.0, color-convert@^1.9.3: version "1.9.3" resolved "https://registry.yarnpkg.com/color-convert/-/color-convert-1.9.3.tgz#bb71850690e1f136567de629d2d5471deda4c1e8" @@ -5151,7 +5059,7 @@ compare-versions@^5.0.1: resolved "https://registry.yarnpkg.com/compare-versions/-/compare-versions-5.0.3.tgz#a9b34fea217472650ef4a2651d905f42c28ebfd7" integrity sha512-4UZlZP8Z99MGEY+Ovg/uJxJuvoXuN4M6B3hKaiackiHrgzQFEe3diJi1mf1PNHbFujM7FvLrK2bpgIaImbtZ1A== -component-emitter@^1.2.1, component-emitter@^1.3.0: +component-emitter@^1.3.0: version "1.3.0" resolved "https://registry.yarnpkg.com/component-emitter/-/component-emitter-1.3.0.tgz#16e4070fba8ae29b679f2215853ee181ab2eabc0" integrity sha512-Rd3se6QB+sO1TwqZjscQrurpEPIfO0/yYnSin6Q/rD3mOutHvUrCAhJub3r90uNb+SESBuE0QYoB90YdfatsRg== @@ -5303,11 +5211,6 @@ cookies@0.8.0: depd "~2.0.0" keygrip "~1.1.0" -copy-descriptor@^0.1.0: - version "0.1.1" - resolved "https://registry.yarnpkg.com/copy-descriptor/-/copy-descriptor-0.1.1.tgz#676f6eb3c39997c2ee1ac3a924fd6124748f578d" - integrity sha512-XgZ0pFcakEUlbwQEVNg3+QAis1FyTL3Qel9FYy8pSkQqoG3PNoT0bOCQtOXcOkur21r2Eq2kI+IE+gsmAEVlYw== - core-js-compat@^3.25.1: version "3.25.3" resolved "https://registry.yarnpkg.com/core-js-compat/-/core-js-compat-3.25.3.tgz#d6a442a03f4eade4555d4e640e6a06151dd95d38" @@ -5596,7 +5499,7 @@ date-format@^4.0.14: resolved "https://registry.yarnpkg.com/date-format/-/date-format-4.0.14.tgz#7a8e584434fb169a521c8b7aa481f355810d9400" integrity sha512-39BOQLs9ZjKh0/patS9nrT8wc3ioX3/eA/zgbKNopnF2wCqJEoxywwwElATYvRsXdnOxA/OQeQoFZ3rFjVajhg== -debug@2.6.9, debug@^2.2.0, debug@^2.3.3, debug@^2.6.9: +debug@2.6.9, debug@^2.6.9: version "2.6.9" resolved "https://registry.yarnpkg.com/debug/-/debug-2.6.9.tgz#5d128515df134ff327e90a4c93f4e077a536341f" integrity sha512-bC7ElrdJaJnPbAP+1EotYvqZsb3ecl5wi6Bfi6BJTUcNowp6cvspg0jXznRTKDjm/E7AdgFBVeAPVMNcKGsHMA== @@ -5649,11 +5552,6 @@ decko@^1.2.0: resolved "https://registry.yarnpkg.com/decko/-/decko-1.2.0.tgz#fd43c735e967b8013306884a56fbe665996b6817" integrity sha512-m8FnyHXV1QX+S1cl+KPFDIl6NMkxtKsy6+U/aYyjrOqWMuwAwYWu7ePqrsUHtDR5Y8Yk2pi/KIDSgF+vT4cPOQ== -decode-uri-component@^0.2.0: - version "0.2.2" - resolved "https://registry.yarnpkg.com/decode-uri-component/-/decode-uri-component-0.2.2.tgz#e69dbe25d37941171dd540e024c444cd5188e1e9" - integrity sha512-FqUYQ+8o158GyGTrMFJms9qh3CqTKvAqgqsTnkLI8sKu0028orqBhxNMFkFen0zGyg6epACD32pjVk58ngIErQ== - decompress-response@^6.0.0: version "6.0.0" resolved "https://registry.yarnpkg.com/decompress-response/-/decompress-response-6.0.0.tgz#ca387612ddb7e104bd16d85aab00d5ecf09c66fc" @@ -5694,28 +5592,6 @@ define-properties@^1.1.3, define-properties@^1.1.4: has-property-descriptors "^1.0.0" object-keys "^1.1.1" -define-property@^0.2.5: - version "0.2.5" - resolved "https://registry.yarnpkg.com/define-property/-/define-property-0.2.5.tgz#c35b1ef918ec3c990f9a5bc57be04aacec5c8116" - integrity sha512-Rr7ADjQZenceVOAKop6ALkkRAmH1A4Gx9hV/7ZujPUN2rkATqFO0JZLZInbAjpZYoJ1gUx8MRMQVkYemcbMSTA== - dependencies: - is-descriptor "^0.1.0" - -define-property@^1.0.0: - version "1.0.0" - resolved "https://registry.yarnpkg.com/define-property/-/define-property-1.0.0.tgz#769ebaaf3f4a63aad3af9e8d304c9bbe79bfb0e6" - integrity sha512-cZTYKFWspt9jZsMscWo8sc/5lbPC9Q0N5nBLgb+Yd915iL3udB1uFgS3B8YCx66UVHq018DAVFoee7x+gxggeA== - dependencies: - is-descriptor "^1.0.0" - -define-property@^2.0.2: - version "2.0.2" - resolved "https://registry.yarnpkg.com/define-property/-/define-property-2.0.2.tgz#d459689e8d654ba77e02a817f8710d702cb16e9d" - integrity sha512-jwK2UV4cnPpbcG7+VRARKTZPUWowwXA8bzH5NP6ud0oeAxyYPuGZUAC7hMugpCdz4BeSZl2Dl9k66CHJ/46ZYQ== - dependencies: - is-descriptor "^1.0.2" - isobject "^3.0.1" - delayed-stream@~1.0.0: version "1.0.0" resolved "https://registry.yarnpkg.com/delayed-stream/-/delayed-stream-1.0.0.tgz#df3ae199acadfb7d440aaae0b29e2272b24ec619" @@ -6746,19 +6622,6 @@ exit@^0.1.2: resolved "https://registry.yarnpkg.com/exit/-/exit-0.1.2.tgz#0632638f8d877cc82107d30a0fff1a17cba1cd0c" integrity sha512-Zk/eNKV2zbjpKzrsQ+n1G6poVbErQxJ0LBOJXaKZ1EViLzH+hrLu9cdXI4zw9dBQJslwBEpbQ2P1oS7nDxs6jQ== -expand-brackets@^2.1.4: - version "2.1.4" - resolved "https://registry.yarnpkg.com/expand-brackets/-/expand-brackets-2.1.4.tgz#b77735e315ce30f6b6eff0f83b04151a22449622" - integrity sha512-w/ozOKR9Obk3qoWeY/WDi6MFta9AoMR+zud60mdnbniMcBxRuFJyDt2LdX/14A1UABeqk+Uk+LDfUpvoGKppZA== - dependencies: - debug "^2.3.3" - define-property "^0.2.5" - extend-shallow "^2.0.1" - posix-character-classes "^0.1.0" - regex-not "^1.0.0" - snapdragon "^0.8.1" - to-regex "^3.0.1" - expect@^26.6.2: version "26.6.2" resolved "https://registry.yarnpkg.com/expect/-/expect-26.6.2.tgz#c6b996bf26bf3fe18b67b2d0f51fc981ba934417" @@ -6855,33 +6718,11 @@ extend-shallow@^2.0.1: dependencies: is-extendable "^0.1.0" -extend-shallow@^3.0.0, extend-shallow@^3.0.2: - version "3.0.2" - resolved "https://registry.yarnpkg.com/extend-shallow/-/extend-shallow-3.0.2.tgz#26a71aaf073b39fb2127172746131c2704028db8" - integrity sha512-BwY5b5Ql4+qZoefgMj2NUmx+tehVTH/Kf4k1ZEtOHNFcm2wSxMRo992l6X3TIgni2eZVTZ85xMOjF31fwZAj6Q== - dependencies: - assign-symbols "^1.0.0" - is-extendable "^1.0.1" - extend@^3.0.2: version "3.0.2" resolved "https://registry.yarnpkg.com/extend/-/extend-3.0.2.tgz#f8b1136b4071fbd8eb140aff858b1019ec2915fa" integrity sha512-fjquC59cD7CyW6urNXK0FBufkZcoiGG80wTuPujX590cB5Ttln20E2UB4S/WARVqhXffZl2LNgS+gQdPIIim/g== -extglob@^2.0.4: - version "2.0.4" - resolved "https://registry.yarnpkg.com/extglob/-/extglob-2.0.4.tgz#ad00fe4dc612a9232e8718711dc5cb5ab0285543" - integrity sha512-Nmb6QXkELsuBr24CJSkilo6UHHgbekK5UiZgfE6UHD3Eb27YC6oD+bhcT+tJ6cl8dmsgdQxnWlcry8ksBIBLpw== - dependencies: - array-unique "^0.3.2" - define-property "^1.0.0" - expand-brackets "^2.1.4" - extend-shallow "^2.0.1" - fragment-cache "^0.2.1" - regex-not "^1.0.0" - snapdragon "^0.8.1" - to-regex "^3.0.1" - extract-zip@2.0.1, extract-zip@^2.0.1: version "2.0.1" resolved "https://registry.yarnpkg.com/extract-zip/-/extract-zip-2.0.1.tgz#663dca56fe46df890d5f131ef4a06d22bb8ba13a" @@ -7016,16 +6857,6 @@ file-uri-to-path@1.0.0: resolved "https://registry.yarnpkg.com/file-uri-to-path/-/file-uri-to-path-1.0.0.tgz#553a7b8446ff6f684359c445f1e37a05dacc33dd" integrity sha512-0Zt+s3L7Vf1biwWZ29aARiVYLx7iMGnEUl9x33fbB/j3jR81u/O2LbqK+Bm1CDSNDKVtJ/YjwY7TUd5SkeLQLw== -fill-range@^4.0.0: - version "4.0.0" - resolved "https://registry.yarnpkg.com/fill-range/-/fill-range-4.0.0.tgz#d544811d428f98eb06a63dc402d2403c328c38f7" - integrity sha512-VcpLTWqWDiTerugjj8e3+esbg+skS3M9e54UuR3iCeIDMXCLTsAH8hTSzDQU/X6/6t3eYkOKoZSef2PlU6U1XQ== - dependencies: - extend-shallow "^2.0.1" - is-number "^3.0.0" - repeat-string "^1.6.1" - to-regex-range "^2.1.0" - fill-range@^7.1.1: version "7.1.1" resolved "https://registry.yarnpkg.com/fill-range/-/fill-range-7.1.1.tgz#44265d3cac07e3ea7dc247516380643754a05292" @@ -7117,7 +6948,7 @@ for-in@^0.1.3: resolved "https://registry.yarnpkg.com/for-in/-/for-in-0.1.8.tgz#d8773908e31256109952b1fdb9b3fa867d2775e1" integrity sha512-F0to7vbBSHP8E3l6dCjxNOLuSFAACIxFy3UehTUlG7svlXi37HHsDkyVcHo0Pq8QwrE+pXvWSVX3ZT1T9wAZ9g== -for-in@^1.0.1, for-in@^1.0.2: +for-in@^1.0.1: version "1.0.2" resolved "https://registry.yarnpkg.com/for-in/-/for-in-1.0.2.tgz#81068d295a8142ec0ac726c6e2200c30fb6d5e80" integrity sha512-7EwmXrOjyL+ChxMhmG5lnW9MPt1aIeZEwKhQzoBUdTV0N3zuwWDZYVJatDvZ2OyzPUvdIAZDsCetk3coyMfcnQ== @@ -7176,13 +7007,6 @@ forwarded@0.2.0: resolved "https://registry.yarnpkg.com/forwarded/-/forwarded-0.2.0.tgz#2269936428aad4c15c7ebe9779a84bf0b2a81811" integrity sha512-buRG0fpBtRHSTCOASe6hD258tEubFoRLb4ZNA6NxMVHNw2gOcwHo9wyablzMzOA5z9xA9L1KNjk/Nt6MT9aYow== -fragment-cache@^0.2.1: - version "0.2.1" - resolved "https://registry.yarnpkg.com/fragment-cache/-/fragment-cache-0.2.1.tgz#4290fad27f13e89be7f33799c6bc5a0abfff0d19" - integrity sha512-GMBAbW9antB8iZRHLoGw0b3HANt57diZYFO/HL1JGIC1MjKrdmhxvrJbupnVvpys0zsz7yBApXdQyfepKly2kA== - dependencies: - map-cache "^0.2.2" - fresh@0.5.2: version "0.5.2" resolved "https://registry.yarnpkg.com/fresh/-/fresh-0.5.2.tgz#3d8cadd90d976569fa835ab1f8e4b23a105605a7" @@ -7348,11 +7172,6 @@ get-tsconfig@^4.2.0: resolved "https://registry.yarnpkg.com/get-tsconfig/-/get-tsconfig-4.3.0.tgz#4c26fae115d1050e836aea65d6fe56b507ee249b" integrity sha512-YCcF28IqSay3fqpIu5y3Krg/utCBHBeoflkZyHj/QcqI2nrLPC3ZegS9CmIo+hJb8K7aiGsuUl7PwWVjNG2HQQ== -get-value@^2.0.3, get-value@^2.0.6: - version "2.0.6" - resolved "https://registry.yarnpkg.com/get-value/-/get-value-2.0.6.tgz#dc15ca1c672387ca76bd37ac0a395ba2042a2c28" - integrity sha512-Ln0UQDlxH1BapMu3GPtf7CuYNwRZf2gwCuPqbyG6pB8WfmFpzqcy4xtAaAMUhnNqjMKTiCPZG2oMT3YSx8U2NA== - glob-parent@^5.1.2, glob-parent@~5.1.2: version "5.1.2" resolved "https://registry.yarnpkg.com/glob-parent/-/glob-parent-5.1.2.tgz#869832c58034fe68a4093c17dc15e8340d8401c4" @@ -7497,37 +7316,6 @@ has-tostringtag@^1.0.0: dependencies: has-symbols "^1.0.2" -has-value@^0.3.1: - version "0.3.1" - resolved "https://registry.yarnpkg.com/has-value/-/has-value-0.3.1.tgz#7b1f58bada62ca827ec0a2078025654845995e1f" - integrity sha512-gpG936j8/MzaeID5Yif+577c17TxaDmhuyVgSwtnL/q8UUTySg8Mecb+8Cf1otgLoD7DDH75axp86ER7LFsf3Q== - dependencies: - get-value "^2.0.3" - has-values "^0.1.4" - isobject "^2.0.0" - -has-value@^1.0.0: - version "1.0.0" - resolved "https://registry.yarnpkg.com/has-value/-/has-value-1.0.0.tgz#18b281da585b1c5c51def24c930ed29a0be6b177" - integrity sha512-IBXk4GTsLYdQ7Rvt+GRBrFSVEkmuOUy4re0Xjd9kJSUQpnTrWR4/y9RpfexN9vkAPMFuQoeWKwqzPozRTlasGw== - dependencies: - get-value "^2.0.6" - has-values "^1.0.0" - isobject "^3.0.0" - -has-values@^0.1.4: - version "0.1.4" - resolved "https://registry.yarnpkg.com/has-values/-/has-values-0.1.4.tgz#6d61de95d91dfca9b9a02089ad384bff8f62b771" - integrity sha512-J8S0cEdWuQbqD9//tlZxiMuMNmxB8PlEwvYwuxsTmR1G5RXUePEX/SJn7aD0GMLieuZYSwNH0cQuJGwnYunXRQ== - -has-values@^1.0.0: - version "1.0.0" - resolved "https://registry.yarnpkg.com/has-values/-/has-values-1.0.0.tgz#95b0b63fec2146619a6fe57fe75628d5a39efe4f" - integrity sha512-ODYZC64uqzmtfGMEAX/FvZiRyWLpAC3vYnNunURUnkGVTS+mI0smVsWaPydRBsE3g+ok7h960jChO8mFcWlHaQ== - dependencies: - is-number "^3.0.0" - kind-of "^4.0.0" - has-yarn@^2.1.0: version "2.1.0" resolved "https://registry.yarnpkg.com/has-yarn/-/has-yarn-2.1.0.tgz#137e11354a7b5bf11aa5cb649cf0c6f3ff2b2e77" @@ -8027,20 +7815,6 @@ ipaddr.js@1.9.1: resolved "https://registry.yarnpkg.com/ipaddr.js/-/ipaddr.js-1.9.1.tgz#bff38543eeb8984825079ff3a2a8e6cbd46781b3" integrity sha512-0KI/607xoxSToH7GjN1FfSbLoU0+btTicjsQSWQlh/hZykN8KpmMf7uYwPW3R+akZ6R/w18ZlXSHBYXiYUPO3g== -is-accessor-descriptor@^0.1.6: - version "0.1.6" - resolved "https://registry.yarnpkg.com/is-accessor-descriptor/-/is-accessor-descriptor-0.1.6.tgz#a9e12cb3ae8d876727eeef3843f8a0897b5c98d6" - integrity sha512-e1BM1qnDbMRG3ll2U9dSK0UMHuWOs3pY3AtcFsmvwPtKL3MML/Q86i+GilLfvqEs4GW+ExB91tQ3Ig9noDIZ+A== - dependencies: - kind-of "^3.0.2" - -is-accessor-descriptor@^1.0.0: - version "1.0.0" - resolved "https://registry.yarnpkg.com/is-accessor-descriptor/-/is-accessor-descriptor-1.0.0.tgz#169c2f6d3df1f992618072365c9b0ea1f6878656" - integrity sha512-m5hnHTkcVsPfqx3AKlyttIPb7J+XykHvJP2B9bZDjlhLIoEq4XoK64Vg7boZlVWYK6LUY94dYPEE7Lh0ZkZKcQ== - dependencies: - kind-of "^6.0.0" - is-arguments@^1.0.4: version "1.1.1" resolved "https://registry.yarnpkg.com/is-arguments/-/is-arguments-1.1.1.tgz#15b3f88fda01f2a97fec84ca761a560f123efa9b" @@ -8081,7 +7855,7 @@ is-boolean-object@^1.1.0: call-bind "^1.0.2" has-tostringtag "^1.0.0" -is-buffer@^1.1.5, is-buffer@~1.1.6: +is-buffer@~1.1.6: version "1.1.6" resolved "https://registry.yarnpkg.com/is-buffer/-/is-buffer-1.1.6.tgz#efaa2ea9daa0d7ab2ea13a97b2b8ad51fefbe8be" integrity sha512-NcdALwpXkTm5Zvvbk7owOUSvVvBKDgKP5/ewfXEznmQFfs4ZRmanOeKBTjRVjka3QFoN6XJ+9F3USqfHqTaU5w== @@ -8105,20 +7879,6 @@ is-core-module@^2.4.0, is-core-module@^2.8.1, is-core-module@^2.9.0: dependencies: has "^1.0.3" -is-data-descriptor@^0.1.4: - version "0.1.4" - resolved "https://registry.yarnpkg.com/is-data-descriptor/-/is-data-descriptor-0.1.4.tgz#0b5ee648388e2c860282e793f1856fec3f301b56" - integrity sha512-+w9D5ulSoBNlmw9OHn3U2v51SyoCd0he+bB3xMl62oijhrspxowjU+AIcDY0N3iEJbUEkB15IlMASQsxYigvXg== - dependencies: - kind-of "^3.0.2" - -is-data-descriptor@^1.0.0: - version "1.0.0" - resolved "https://registry.yarnpkg.com/is-data-descriptor/-/is-data-descriptor-1.0.0.tgz#d84876321d0e7add03990406abbbbd36ba9268c7" - integrity sha512-jbRXy1FmtAoCjQkVmIVYwuuqDFUbaOeDjmed1tOGPrsMhtJA4rD9tkgA0F1qJ3gRFRXcHYVkdeaP50Q5rE/jLQ== - dependencies: - kind-of "^6.0.0" - is-date-object@^1.0.1: version "1.0.5" resolved "https://registry.yarnpkg.com/is-date-object/-/is-date-object-1.0.5.tgz#0841d5536e724c25597bf6ea62e1bd38298df31f" @@ -8126,24 +7886,6 @@ is-date-object@^1.0.1: dependencies: has-tostringtag "^1.0.0" -is-descriptor@^0.1.0: - version "0.1.6" - resolved "https://registry.yarnpkg.com/is-descriptor/-/is-descriptor-0.1.6.tgz#366d8240dde487ca51823b1ab9f07a10a78251ca" - integrity sha512-avDYr0SB3DwO9zsMov0gKCESFYqCnE4hq/4z3TdUlukEy5t9C0YRq7HLrsN52NAcqXKaepeCD0n+B0arnVG3Hg== - dependencies: - is-accessor-descriptor "^0.1.6" - is-data-descriptor "^0.1.4" - kind-of "^5.0.0" - -is-descriptor@^1.0.0, is-descriptor@^1.0.2: - version "1.0.2" - resolved "https://registry.yarnpkg.com/is-descriptor/-/is-descriptor-1.0.2.tgz#3b159746a66604b04f8c81524ba365c5f14d86ec" - integrity sha512-2eis5WqQGV7peooDyLmNEPUrps9+SXX5c9pL3xEB+4e9HnGuDa7mB7kHxHw4CbqS9k1T2hOH3miL8n8WtiYVtg== - dependencies: - is-accessor-descriptor "^1.0.0" - is-data-descriptor "^1.0.0" - kind-of "^6.0.2" - is-docker@^2.0.0: version "2.2.1" resolved "https://registry.yarnpkg.com/is-docker/-/is-docker-2.2.1.tgz#33eeabe23cfe86f14bde4408a02c0cfb853acdaa" @@ -8162,13 +7904,6 @@ is-extendable@^0.1.0, is-extendable@^0.1.1: resolved "https://registry.yarnpkg.com/is-extendable/-/is-extendable-0.1.1.tgz#62b110e289a471418e3ec36a617d472e301dfc89" integrity sha512-5BMULNob1vgFX6EjQw5izWDxrecWK9AM72rugNr0TFldMOi0fj6Jk+zeKIt0xGj4cEfQIJth4w3OKWOJ4f+AFw== -is-extendable@^1.0.1: - version "1.0.1" - resolved "https://registry.yarnpkg.com/is-extendable/-/is-extendable-1.0.1.tgz#a7470f9e426733d81bd81e1155264e3a3507cab4" - integrity sha512-arnXMxT1hhoKo9k1LZdmlNyJdDDfy2v0fXjFlmok4+i8ul/6WlbVge9bhM74OpNPQPMGUToDtz+KXa1PneJxOA== - dependencies: - is-plain-object "^2.0.4" - is-extglob@^2.1.1: version "2.1.1" resolved "https://registry.yarnpkg.com/is-extglob/-/is-extglob-2.1.1.tgz#a88c02535791f02ed37c76a1b9ea9773c833f8c2" @@ -8233,13 +7968,6 @@ is-number-object@^1.0.4: dependencies: has-tostringtag "^1.0.0" -is-number@^3.0.0: - version "3.0.0" - resolved "https://registry.yarnpkg.com/is-number/-/is-number-3.0.0.tgz#24fd6201a4782cf50561c810276afc7d12d71195" - integrity sha512-4cboCqIpliH+mAvFNegjZQ4kgKc3ZUhQVr3HvWbSh5q3WH2v82ct+T2Y1hdU5Gdtorx/cLifQjqCbL7bpznLTg== - dependencies: - kind-of "^3.0.2" - is-number@^7.0.0: version "7.0.0" resolved "https://registry.yarnpkg.com/is-number/-/is-number-7.0.0.tgz#7535345b896734d5f80c4d06c50955527a14f12b" @@ -8339,11 +8067,6 @@ is-weakref@^1.0.2: dependencies: call-bind "^1.0.2" -is-windows@^1.0.2: - version "1.0.2" - resolved "https://registry.yarnpkg.com/is-windows/-/is-windows-1.0.2.tgz#d1850eb9791ecd18e6182ce12a30f396634bb19d" - integrity sha512-eXK1UInq2bPmjyX6e3VHIzMLobc4J94i4AWn+Hpq3OU5KkrRC96OAcR3PRJ/pGu6m8TRnBHP9dkXQVsT/COVIA== - is-wsl@^1.1.0: version "1.1.0" resolved "https://registry.yarnpkg.com/is-wsl/-/is-wsl-1.1.0.tgz#1f16e4aa22b04d1336b66188a66af3c600c3a66d" @@ -8375,7 +8098,7 @@ isarray@0.0.1: resolved "https://registry.yarnpkg.com/isarray/-/isarray-0.0.1.tgz#8a18acfca9a8f4177e09abfc6038939b05d1eedf" integrity sha512-D2S+3GLxWH+uhrNEcoh/fnmYeP8E8/zHl644d/jdA0g2uyXvy3sb0qxotE+ne0LtccHknQzWwZEzhak7oJ0COQ== -isarray@1.0.0, isarray@^1.0.0, isarray@~1.0.0: +isarray@^1.0.0, isarray@~1.0.0: version "1.0.0" resolved "https://registry.yarnpkg.com/isarray/-/isarray-1.0.0.tgz#bb935d48582cba168c06834957a54a3e07124f11" integrity sha512-VLghIWNM6ELQzo7zwmcg0NmTVyWKYjvIeM83yjp0wRDTmUnrM678fQbcKBo6n2CJEF0szoG//ytg+TKla89ALQ== @@ -8397,14 +8120,7 @@ isexe@^2.0.0: resolved "https://registry.yarnpkg.com/isexe/-/isexe-2.0.0.tgz#e8fbf374dc556ff8947a10dcb0572d633f2cfa10" integrity sha512-RHxMLp9lnKHGHRng9QFhRCMbYAcVpn69smSGcq3f36xjgVVWThj4qqLbTLlq7Ssj8B+fIQ1EuCEGI2lKsyQeIw== -isobject@^2.0.0: - version "2.1.0" - resolved "https://registry.yarnpkg.com/isobject/-/isobject-2.1.0.tgz#f065561096a3f1da2ef46272f815c840d87e0c89" - integrity sha512-+OUdGJlgjOBZDfxnDjYYG6zp487z0JGNQq3cYQYg5f5hKR+syHMsaztzGeml/4kGG55CSpKSpWTY+jYGgsHLgA== - dependencies: - isarray "1.0.0" - -isobject@^3.0.0, isobject@^3.0.1: +isobject@^3.0.1: version "3.0.1" resolved "https://registry.yarnpkg.com/isobject/-/isobject-3.0.1.tgz#4e431e92b11a9731636aa1f9c8d1ccbcfdab78df" integrity sha512-WhB9zCku7EGTj/HQQRz5aUQEUeoQZH2bWcltRErOpymJ4boYE6wL9Tbr23krRPSZ+C5zqNSrSw+Cc7sZZ4b7vg== @@ -9222,20 +8938,6 @@ keyv@^4.0.0: dependencies: json-buffer "3.0.1" -kind-of@^3.0.2, kind-of@^3.0.3, kind-of@^3.2.0: - version "3.2.2" - resolved "https://registry.yarnpkg.com/kind-of/-/kind-of-3.2.2.tgz#31ea21a734bab9bbb0f32466d893aea51e4a3c64" - integrity sha512-NOW9QQXMoZGg/oqnVNoNTTIFEIid1627WCffUBJEdMxYApq7mNE7CpzucIPc+ZQg25Phej7IJSmX3hO+oblOtQ== - dependencies: - is-buffer "^1.1.5" - -kind-of@^4.0.0: - version "4.0.0" - resolved "https://registry.yarnpkg.com/kind-of/-/kind-of-4.0.0.tgz#20813df3d712928b207378691a45066fae72dd57" - integrity sha512-24XsCxmEbRwEDbz/qz3stgin8TTzZ1ESR56OMCN0ujYg+vRutNSiOj9bHH9u85DKgXguraugV5sFuvbD4FW/hw== - dependencies: - is-buffer "^1.1.5" - kind-of@^5.0.0: version "5.1.0" resolved "https://registry.yarnpkg.com/kind-of/-/kind-of-5.1.0.tgz#729c91e2d857b7a419a1f9aa65685c4c33f5845d" @@ -9567,18 +9269,6 @@ makeerror@1.0.12: dependencies: tmpl "1.0.5" -map-cache@^0.2.2: - version "0.2.2" - resolved "https://registry.yarnpkg.com/map-cache/-/map-cache-0.2.2.tgz#c32abd0bd6525d9b051645bb4f26ac5dc98a0dbf" - integrity sha512-8y/eV9QQZCiyn1SprXSrCmqJN0yNRATe+PO8ztwqrvrbdRLA3eYJF0yaR0YayLWkMbsQSKWS9N2gPcGEc4UsZg== - -map-visit@^1.0.0: - version "1.0.0" - resolved "https://registry.yarnpkg.com/map-visit/-/map-visit-1.0.0.tgz#ecdca8f13144e660f1b5bd41f12f3479d98dfb8f" - integrity sha512-4y7uGv8bd2WdM9vpQsiQNo41Ln1NvhvDRuVt0k2JZQ+ezN2uaQes7lZeZ+QQUHOLQAtDaBJ+7wCbi+ab/KFs+w== - dependencies: - object-visit "^1.0.0" - mark.js@^8.11.1: version "8.11.1" resolved "https://registry.yarnpkg.com/mark.js/-/mark.js-8.11.1.tgz#180f1f9ebef8b0e638e4166ad52db879beb2ffc5" @@ -9656,31 +9346,12 @@ methods@^1.1.2, methods@~1.1.2: resolved "https://registry.yarnpkg.com/methods/-/methods-1.1.2.tgz#5529a4d67654134edcc5266656835b0f851afcee" integrity sha512-iclAHeNqNm68zFtnZ0e+1L2yUIdvzNoauKU4WBA3VvH/vPFieF7qfRlwUZU+DA9P9bPXIS90ulxoUoCH23sV2w== -micromatch@^3.1.4: - version "3.1.10" - resolved "https://registry.yarnpkg.com/micromatch/-/micromatch-3.1.10.tgz#70859bc95c9840952f359a068a3fc49f9ecfac23" - integrity sha512-MWikgl9n9M3w+bpsY3He8L+w9eF9338xRl8IAO5viDizwSzziFEyUzo2xrrloB64ADbTf8uA8vRqqttDTOmccg== - dependencies: - arr-diff "^4.0.0" - array-unique "^0.3.2" - braces "^2.3.1" - define-property "^2.0.2" - extend-shallow "^3.0.2" - extglob "^2.0.4" - fragment-cache "^0.2.1" - kind-of "^6.0.2" - nanomatch "^1.2.9" - object.pick "^1.3.0" - regex-not "^1.0.0" - snapdragon "^0.8.1" - to-regex "^3.0.2" - -micromatch@^4.0.2, micromatch@^4.0.4: - version "4.0.5" - resolved "https://registry.yarnpkg.com/micromatch/-/micromatch-4.0.5.tgz#bc8999a7cbbf77cdc89f132f6e467051b49090c6" - integrity sha512-DMy+ERcEW2q8Z2Po+WNXuw3c5YaUSFjAO5GsJqfEl7UjvtIuFKO6ZrKvcItdy98dwFI2N1tg3zNIdKaQT+aNdA== +micromatch@^3.1.4, micromatch@^4.0.2, micromatch@^4.0.4, micromatch@^4.0.7: + version "4.0.7" + resolved "https://registry.yarnpkg.com/micromatch/-/micromatch-4.0.7.tgz#33e8190d9fe474a9895525f5618eee136d46c2e5" + integrity sha512-LPP/3KorzCwBxfeUuZmaR6bG2kdeHSbe0P2tY3FLRU4vYrjYz5hI4QZwV0njUx3jeuKe67YukQ1LSPZBKDqO/Q== dependencies: - braces "^3.0.2" + braces "^3.0.3" picomatch "^2.3.1" miller-rabin@^4.0.0: @@ -9762,14 +9433,6 @@ minimist@^1.1.1, minimist@^1.2.0, minimist@^1.2.5, minimist@^1.2.6, minimist@^1. resolved "https://registry.yarnpkg.com/minimist/-/minimist-1.2.7.tgz#daa1c4d91f507390437c6a8bc01078e7000c4d18" integrity sha512-bzfL1YUZsP41gmu/qjrEk0Q6i2ix/cVeAhbCbqH9u3zYutS1cLg00qhrD0M2MVdCcx4Sc0UpP2eBWo9rotpq6g== -mixin-deep@^1.2.0: - version "1.3.2" - resolved "https://registry.yarnpkg.com/mixin-deep/-/mixin-deep-1.3.2.tgz#1120b43dc359a785dce65b55b82e257ccf479566" - integrity sha512-WRoDn//mXBiJ1H40rqa3vH0toePwSsGb45iInWlTySa+Uu4k3tYUSxa2v1KqAiLtvlrSzaExqS1gtk96A9zvEA== - dependencies: - for-in "^1.0.2" - is-extendable "^1.0.1" - mixin-object@^2.0.1: version "2.0.1" resolved "https://registry.yarnpkg.com/mixin-object/-/mixin-object-2.0.1.tgz#4fb949441dab182540f1fe035ba60e1947a5e57e" @@ -9926,23 +9589,6 @@ nanoid@^3.2.0, nanoid@^3.3.6: resolved "https://registry.yarnpkg.com/nanoid/-/nanoid-3.3.4.tgz#730b67e3cd09e2deacf03c027c81c9d9dbc5e8ab" integrity sha512-MqBkQh/OHTS2egovRtLk45wEyNXwF+cokD+1YPf9u5VfJiRdAiRwB2froX5Co9Rh20xs4siNPm8naNotSD6RBw== -nanomatch@^1.2.9: - version "1.2.13" - resolved "https://registry.yarnpkg.com/nanomatch/-/nanomatch-1.2.13.tgz#b87a8aa4fc0de8fe6be88895b38983ff265bd119" - integrity sha512-fpoe2T0RbHwBTBUOftAfBPaDEi06ufaUai0mE6Yn1kacc3SnTErfb/h+X94VXzI64rKFHYImXSvdwGGCmwOqCA== - dependencies: - arr-diff "^4.0.0" - array-unique "^0.3.2" - define-property "^2.0.2" - extend-shallow "^3.0.2" - fragment-cache "^0.2.1" - is-windows "^1.0.2" - kind-of "^6.0.2" - object.pick "^1.3.0" - regex-not "^1.0.0" - snapdragon "^0.8.1" - to-regex "^3.0.1" - natural-compare-lite@^1.4.0: version "1.4.0" resolved "https://registry.yarnpkg.com/natural-compare-lite/-/natural-compare-lite-1.4.0.tgz#17b09581988979fddafe0201e931ba933c96cbb4" @@ -10283,15 +9929,6 @@ object-assign@^4.0.1, object-assign@^4.1.1: resolved "https://registry.yarnpkg.com/object-assign/-/object-assign-4.1.1.tgz#2109adc7965887cfc05cbbd442cac8bfbb360863" integrity sha512-rJgTQnkUnH1sFw8yT6VSU3zD3sWmu6sZhIseY8VX+GRu3P6F7Fu+JNDoXfklElbLJSnc3FUQHVe4cU5hj+BcUg== -object-copy@^0.1.0: - version "0.1.0" - resolved "https://registry.yarnpkg.com/object-copy/-/object-copy-0.1.0.tgz#7e7d858b781bd7c991a41ba975ed3812754e998c" - integrity sha512-79LYn6VAb63zgtmAteVOWo9Vdj71ZVBy3Pbse+VqxDpEP83XuujMrGqHIwAXJ5I/aM0zU7dIyIAhifVTPrNItQ== - dependencies: - copy-descriptor "^0.1.0" - define-property "^0.2.5" - kind-of "^3.0.3" - object-inspect@^1.12.2, object-inspect@^1.9.0: version "1.12.2" resolved "https://registry.yarnpkg.com/object-inspect/-/object-inspect-1.12.2.tgz#c0641f26394532f28ab8d796ab954e43c009a8ea" @@ -10302,13 +9939,6 @@ object-keys@^1.1.1: resolved "https://registry.yarnpkg.com/object-keys/-/object-keys-1.1.1.tgz#1c47f272df277f3b1daf061677d9c82e2322c60e" integrity sha512-NuAESUOUMrlIXOfHKzD6bpPu3tYt3xvjNdRIQ+FeT0lNb4K8WR70CaDxhuNguS2XG+GjkyMwOzsN5ZktImfhLA== -object-visit@^1.0.0: - version "1.0.1" - resolved "https://registry.yarnpkg.com/object-visit/-/object-visit-1.0.1.tgz#f79c4493af0c5377b59fe39d395e41042dd045bb" - integrity sha512-GBaMwwAVK9qbQN3Scdo0OyvgPW7l3lnaVMj84uTOZlswkX0KpF6fyDBJhtTthf7pymztoN36/KEr1DyhF96zEA== - dependencies: - isobject "^3.0.0" - object.assign@^4.1.0, object.assign@^4.1.2, object.assign@^4.1.3, object.assign@^4.1.4: version "4.1.4" resolved "https://registry.yarnpkg.com/object.assign/-/object.assign-4.1.4.tgz#9673c7c7c351ab8c4d0b516f4343ebf4dfb7799f" @@ -10355,13 +9985,6 @@ object.hasown@^1.1.1: define-properties "^1.1.4" es-abstract "^1.19.5" -object.pick@^1.3.0: - version "1.3.0" - resolved "https://registry.yarnpkg.com/object.pick/-/object.pick-1.3.0.tgz#87a10ac4c1694bd2e1cbf53591a66141fb5dd747" - integrity sha512-tqa/UMy/CCoYmj+H5qc07qvSL9dqcs/WZENZ1JbtWBlATP+iVOe778gE6MSijnyCnORzDuX6hU+LA4SZ09YjFQ== - dependencies: - isobject "^3.0.1" - object.values@^1.1.5: version "1.1.5" resolved "https://registry.yarnpkg.com/object.values/-/object.values-1.1.5.tgz#959f63e3ce9ef108720333082131e4a459b716ac" @@ -10633,11 +10256,6 @@ parseurl@~1.3.3: resolved "https://registry.yarnpkg.com/parseurl/-/parseurl-1.3.3.tgz#9da19e7bee8d12dff0513ed5b76957793bc2e8d4" integrity sha512-CiyeOxFT/JZyN5m0z9PfXw4SCBJ6Sygz1Dpl0wqjlhDEGGBP1GnsUVEL0p63hoG1fcj3fHynXi9NYO4nWOL+qQ== -pascalcase@^0.1.1: - version "0.1.1" - resolved "https://registry.yarnpkg.com/pascalcase/-/pascalcase-0.1.1.tgz#b363e55e8006ca6fe21784d2db22bd15d7917f14" - integrity sha512-XHXfu/yOQRy9vYOtUDVMN60OEJjW013GoObG1o+xwQTpB9eYJX/BjXMsdW13ZDPruFhYYn0AG22w0xgQMwl3Nw== - path-browserify@0.0.1: version "0.0.1" resolved "https://registry.yarnpkg.com/path-browserify/-/path-browserify-0.0.1.tgz#e6c4ddd7ed3aa27c68a20cc4e50e1a4ee83bbc4a" @@ -10896,11 +10514,6 @@ popsicle@^12.0.5: servie "^4.3.3" throwback "^4.1.0" -posix-character-classes@^0.1.0: - version "0.1.1" - resolved "https://registry.yarnpkg.com/posix-character-classes/-/posix-character-classes-0.1.1.tgz#01eac0fe3b5af71a2a6c02feabb8c1fef7e00eab" - integrity sha512-xTgYBc3fuo7Yt7JbiuFxSYGToMoz8fLoE6TC9Wx1P/u+LfeThMOAqmuyECnlBaaJb+u1m9hHiXUEtwW4OzfUJg== - postcss-value-parser@^4.0.2: version "4.2.0" resolved "https://registry.yarnpkg.com/postcss-value-parser/-/postcss-value-parser-4.2.0.tgz#723c09920836ba6d3e5af019f92bc0971c02e514" @@ -11613,14 +11226,6 @@ regenerator-transform@^0.15.0: dependencies: "@babel/runtime" "^7.8.4" -regex-not@^1.0.0, regex-not@^1.0.2: - version "1.0.2" - resolved "https://registry.yarnpkg.com/regex-not/-/regex-not-1.0.2.tgz#1f4ece27e00b0b65e0247a6810e6a85d83a5752c" - integrity sha512-J6SDjUgDxQj5NusnOtdFxDwN/+HWykR8GELwctJ7mdqhcyy1xEc4SRFHUXvxTp661YaVKAjfRLZ9cCqS6tn32A== - dependencies: - extend-shallow "^3.0.2" - safe-regex "^1.1.0" - regexp-match-indices@1.0.2: version "1.0.2" resolved "https://registry.yarnpkg.com/regexp-match-indices/-/regexp-match-indices-1.0.2.tgz#cf20054a6f7d5b3e116a701a7b00f82889d10da6" @@ -11690,11 +11295,6 @@ remove-trailing-separator@^1.0.1: resolved "https://registry.yarnpkg.com/remove-trailing-separator/-/remove-trailing-separator-1.1.0.tgz#c24bce2a283adad5bc3f58e0d48249b92379d8ef" integrity sha512-/hS+Y0u3aOfIETiaiirUFwDBDzmXPvO+jAfKTitUngIPzdKc6Z0LoFjM/CK5PL4C+eKwHohlHAb6H0VFfmmUsw== -repeat-element@^1.1.2: - version "1.1.4" - resolved "https://registry.yarnpkg.com/repeat-element/-/repeat-element-1.1.4.tgz#be681520847ab58c7568ac75fbfad28ed42d39e9" - integrity sha512-LFiNfRcSu7KK3evMyYOuCzv3L10TW7yC1G2/+StMjK8Y6Vqd2MG7r/Qjw4ghtuCOjFvlnms/iMmLqpvW/ES/WQ== - repeat-string@^1.5.2, repeat-string@^1.6.1: version "1.6.1" resolved "https://registry.yarnpkg.com/repeat-string/-/repeat-string-1.6.1.tgz#8dcae470e1c88abc2d600fff4a776286da75e637" @@ -11768,11 +11368,6 @@ resolve-pkg@^2.0.0: dependencies: resolve-from "^5.0.0" -resolve-url@^0.2.1: - version "0.2.1" - resolved "https://registry.yarnpkg.com/resolve-url/-/resolve-url-0.2.1.tgz#2c637fe77c893afd2a663fe21aa9080068e2052a" - integrity sha512-ZuF55hVUQaaczgOIwqWzkEcEidmlD/xl44x1UZnhOXcYuFN2S6+rcxpG+C1N3So0wvNI3DmJICUFfu2SxhBmvg== - resolve@^1.10.0, resolve@^1.14.2, resolve@^1.15.1, resolve@^1.18.1, resolve@^1.19.0, resolve@^1.20.0, resolve@^1.22.0, resolve@^1.22.1: version "1.22.1" resolved "https://registry.yarnpkg.com/resolve/-/resolve-1.22.1.tgz#27cb2ebb53f91abb49470a928bba7558066ac177" @@ -11900,13 +11495,6 @@ safe-regex-test@^1.0.0: get-intrinsic "^1.1.3" is-regex "^1.1.4" -safe-regex@^1.1.0: - version "1.1.0" - resolved "https://registry.yarnpkg.com/safe-regex/-/safe-regex-1.1.0.tgz#40a3669f3b077d1e943d44629e157dd48023bf2e" - integrity sha512-aJXcif4xnaNUzvUuC5gcb46oTS7zvg4jpMTnuqtrEPlR3vFr4pxtdTwaF1Qs3Enjn9HK+ZlwQui+a7z0SywIzg== - dependencies: - ret "~0.1.10" - safe-stable-stringify@^2.3.1: version "2.4.0" resolved "https://registry.yarnpkg.com/safe-stable-stringify/-/safe-stable-stringify-2.4.0.tgz#95fadb1bcf8057a1363e11052122f5da36a69215" @@ -12113,16 +11701,6 @@ set-blocking@^2.0.0: resolved "https://registry.yarnpkg.com/set-blocking/-/set-blocking-2.0.0.tgz#045f9782d011ae9a6803ddd382b24392b3d890f7" integrity sha512-KiKBS8AnWGEyLzofFfmvKwpdPzqiy16LvQfK3yv/fVH7Bj13/wl3JSR1J+rfgRE9q7xUJK4qvgS8raSOeLUehw== -set-value@^2.0.0, set-value@^2.0.1: - version "2.0.1" - resolved "https://registry.yarnpkg.com/set-value/-/set-value-2.0.1.tgz#a18d40530e6f07de4228c7defe4227af8cad005b" - integrity sha512-JxHc1weCN68wRY0fhCoXpyK55m/XPHafOmK4UWD7m2CI14GMcFypt4w/0+NV5f/ZMby2F6S2wwA7fgynh9gWSw== - dependencies: - extend-shallow "^2.0.1" - is-extendable "^0.1.1" - is-plain-object "^2.0.3" - split-string "^3.0.1" - setimmediate@^1.0.4, setimmediate@^1.0.5, setimmediate@~1.0.4: version "1.0.5" resolved "https://registry.yarnpkg.com/setimmediate/-/setimmediate-1.0.5.tgz#290cbb232e306942d7d7ea9b83732ab7856f8285" @@ -12350,52 +11928,11 @@ smartsheet@^4.0.2: underscore "^1.8.2" winston "^2.3.1" -snapdragon-node@^2.0.1: - version "2.1.1" - resolved "https://registry.yarnpkg.com/snapdragon-node/-/snapdragon-node-2.1.1.tgz#6c175f86ff14bdb0724563e8f3c1b021a286853b" - integrity sha512-O27l4xaMYt/RSQ5TR3vpWCAB5Kb/czIcqUFOM/C4fYcLnbZUc1PkjTAMjof2pBWaSTwOUd6qUHcFGVGj7aIwnw== - dependencies: - define-property "^1.0.0" - isobject "^3.0.0" - snapdragon-util "^3.0.1" - -snapdragon-util@^3.0.1: - version "3.0.1" - resolved "https://registry.yarnpkg.com/snapdragon-util/-/snapdragon-util-3.0.1.tgz#f956479486f2acd79700693f6f7b805e45ab56e2" - integrity sha512-mbKkMdQKsjX4BAL4bRYTj21edOf8cN7XHdYUJEe+Zn99hVEYcMvKPct1IqNe7+AZPirn8BCDOQBHQZknqmKlZQ== - dependencies: - kind-of "^3.2.0" - -snapdragon@^0.8.1: - version "0.8.2" - resolved "https://registry.yarnpkg.com/snapdragon/-/snapdragon-0.8.2.tgz#64922e7c565b0e14204ba1aa7d6964278d25182d" - integrity sha512-FtyOnWN/wCHTVXOMwvSv26d+ko5vWlIDD6zoUJ7LW8vh+ZBC8QdljveRP+crNrtBwioEUWy/4dMtbBjA4ioNlg== - dependencies: - base "^0.11.1" - debug "^2.2.0" - define-property "^0.2.5" - extend-shallow "^2.0.1" - map-cache "^0.2.2" - source-map "^0.5.6" - source-map-resolve "^0.5.0" - use "^3.1.0" - "source-map-js@>=0.6.2 <2.0.0", source-map-js@^1.0.2: version "1.0.2" resolved "https://registry.yarnpkg.com/source-map-js/-/source-map-js-1.0.2.tgz#adbc361d9c62df380125e7f161f71c826f1e490c" integrity sha512-R0XvVJ9WusLiqTCEiGCmICCMplcCkIwwR11mOSD9CR5u+IXYdiseeEuXCVAjS54zqwkLcPNnmU4OeJ6tUrWhDw== -source-map-resolve@^0.5.0: - version "0.5.3" - resolved "https://registry.yarnpkg.com/source-map-resolve/-/source-map-resolve-0.5.3.tgz#190866bece7553e1f8f267a2ee82c606b5509a1a" - integrity sha512-Htz+RnsXWk5+P2slx5Jh3Q66vhQj1Cllm0zvnaY98+NFx+Dv2CF/f5O/t8x+KaNdrdIAsruNzoh/KpialbqAnw== - dependencies: - atob "^2.1.2" - decode-uri-component "^0.2.0" - resolve-url "^0.2.1" - source-map-url "^0.4.0" - urix "^0.1.0" - source-map-support@0.5.19: version "0.5.19" resolved "https://registry.yarnpkg.com/source-map-support/-/source-map-support-0.5.19.tgz#a98b62f86dcaf4f67399648c085291ab9e8fed61" @@ -12412,21 +11949,11 @@ source-map-support@^0.5.16, source-map-support@^0.5.21, source-map-support@^0.5. buffer-from "^1.0.0" source-map "^0.6.0" -source-map-url@^0.4.0: - version "0.4.1" - resolved "https://registry.yarnpkg.com/source-map-url/-/source-map-url-0.4.1.tgz#0af66605a745a5a2f91cf1bbf8a7afbc283dec56" - integrity sha512-cPiFOTLUKvJFIg4SKVScy4ilPPW6rFgMgfuZJPNoDuMs3nC1HbMUycBoJw77xFIp6z1UJQJOfx6C9GMH80DiTw== - source-map@0.5.6: version "0.5.6" resolved "https://registry.yarnpkg.com/source-map/-/source-map-0.5.6.tgz#75ce38f52bf0733c5a7f0c118d81334a2bb5f412" integrity sha512-MjZkVp0NHr5+TPihLcadqnlVoGIoWo4IBHptutGh9wI3ttUYvCG26HkSuDi+K6lsZ25syXJXcctwgyVCt//xqA== -source-map@^0.5.6: - version "0.5.7" - resolved "https://registry.yarnpkg.com/source-map/-/source-map-0.5.7.tgz#8a039d2d1021d22d1ea14c80d8ea468ba2ef3fcc" - integrity sha512-LbrmJOMUSdEVxIKvdcJzQC+nQhe8FUZQTXQy6+I75skNgn3OoQ0DZA8YnFa7gp8tqtL3KPf1kmo0R5DoApeSGQ== - source-map@^0.6.0, source-map@^0.6.1, source-map@~0.6.1: version "0.6.1" resolved "https://registry.yarnpkg.com/source-map/-/source-map-0.6.1.tgz#74722af32e9614e9c287a8d0bbde48b5e2f1a263" @@ -12473,13 +12000,6 @@ spdx-license-ids@^3.0.0: resolved "https://registry.yarnpkg.com/spdx-license-ids/-/spdx-license-ids-3.0.12.tgz#69077835abe2710b65f03969898b6637b505a779" integrity sha512-rr+VVSXtRhO4OHbXUiAF7xW3Bo9DuuF6C5jH+q/x15j2jniycgKbxU09Hr0WqlSLUs4i4ltHGXqTe7VHclYWyA== -split-string@^3.0.1, split-string@^3.0.2: - version "3.1.0" - resolved "https://registry.yarnpkg.com/split-string/-/split-string-3.1.0.tgz#7cb09dda3a86585705c64b39a6466038682e8fe2" - integrity sha512-NzNVhJDYpwceVVii8/Hu6DKfD2G+NrQHlS/V/qgv763EYudVwEcMQNxd2lh+0VrUByXN/oJkl5grOhYWvQUYiw== - dependencies: - extend-shallow "^3.0.0" - split2@^4.1.0: version "4.1.0" resolved "https://registry.yarnpkg.com/split2/-/split2-4.1.0.tgz#101907a24370f85bb782f08adaabe4e281ecf809" @@ -12562,14 +12082,6 @@ standard-as-callback@^2.1.0: resolved "https://registry.yarnpkg.com/standard-as-callback/-/standard-as-callback-2.1.0.tgz#8953fc05359868a77b5b9739a665c5977bb7df45" integrity sha512-qoRRSyROncaz1z0mvYqIE4lCd9p2R90i6GxW3uZv5ucSu8tU7B5HXUP1gG8pVZsYNVaXjk8ClXHPttLyxAL48A== -static-extend@^0.1.1: - version "0.1.2" - resolved "https://registry.yarnpkg.com/static-extend/-/static-extend-0.1.2.tgz#60809c39cbff55337226fd5e0b520f341f1fb5c6" - integrity sha512-72E9+uLc27Mt718pMHt9VMNiAL4LMsmDbBva8mxWUCkT07fSzEGMYUCk0XWY6lp0j6RBAG4cJ3mWuZv2OE3s0g== - dependencies: - define-property "^0.2.5" - object-copy "^0.1.0" - statuses@2.0.1: version "2.0.1" resolved "https://registry.yarnpkg.com/statuses/-/statuses-2.0.1.tgz#55cb000ccf1d48728bd23c685a063998cf1a1b63" @@ -13052,21 +12564,6 @@ to-fast-properties@^2.0.0: resolved "https://registry.yarnpkg.com/to-fast-properties/-/to-fast-properties-2.0.0.tgz#dc5e698cbd079265bc73e0377681a4e4e83f616e" integrity sha512-/OaKK0xYrs3DmxRYqL/yDc+FxFUVYhDlXMhRmv3z915w2HF1tnN1omB354j8VUGO/hbRzyD6Y3sA7v7GS/ceog== -to-object-path@^0.3.0: - version "0.3.0" - resolved "https://registry.yarnpkg.com/to-object-path/-/to-object-path-0.3.0.tgz#297588b7b0e7e0ac08e04e672f85c1f4999e17af" - integrity sha512-9mWHdnGRuh3onocaHzukyvCZhzvr6tiflAy/JRFXcJX0TjgfWA9pk9t8CMbzmBE4Jfw58pXbkngtBtqYxzNEyg== - dependencies: - kind-of "^3.0.2" - -to-regex-range@^2.1.0: - version "2.1.1" - resolved "https://registry.yarnpkg.com/to-regex-range/-/to-regex-range-2.1.1.tgz#7c80c17b9dfebe599e27367e0d4dd5590141db38" - integrity sha512-ZZWNfCjUokXXDGXFpZehJIkZqq91BcULFq/Pi7M5i4JnxXdhMKAK682z8bCW3o8Hj1wuuzoKcW3DfVzaP6VuNg== - dependencies: - is-number "^3.0.0" - repeat-string "^1.6.1" - to-regex-range@^5.0.1: version "5.0.1" resolved "https://registry.yarnpkg.com/to-regex-range/-/to-regex-range-5.0.1.tgz#1648c44aae7c8d988a326018ed72f5b4dd0392e4" @@ -13074,16 +12571,6 @@ to-regex-range@^5.0.1: dependencies: is-number "^7.0.0" -to-regex@^3.0.1, to-regex@^3.0.2: - version "3.0.2" - resolved "https://registry.yarnpkg.com/to-regex/-/to-regex-3.0.2.tgz#13cfdd9b336552f30b51f33a8ae1b42a7a7599ce" - integrity sha512-FWtleNAtZ/Ki2qtqej2CXTOayOH9bHDQF+Q48VpWyDXjbYxA4Yz8iDB31zXOBUlOHHKidDbqGVrTUvQMPmBGBw== - dependencies: - define-property "^2.0.2" - extend-shallow "^3.0.2" - regex-not "^1.0.2" - safe-regex "^1.1.0" - toidentifier@1.0.1: version "1.0.1" resolved "https://registry.yarnpkg.com/toidentifier/-/toidentifier-1.0.1.tgz#3be34321a88a820ed1bd80dfaa33e479fbb8dd35" @@ -13425,16 +12912,6 @@ unicode-property-aliases-ecmascript@^2.0.0: resolved "https://registry.yarnpkg.com/unicode-property-aliases-ecmascript/-/unicode-property-aliases-ecmascript-2.1.0.tgz#43d41e3be698bd493ef911077c9b131f827e8ccd" integrity sha512-6t3foTQI9qne+OZoVQB/8x8rk2k1eVy1gRXhV3oFQ5T6R1dqQ1xtin3XqSlx3+ATBkliTaR/hHyJBm+LVPNM8w== -union-value@^1.0.0: - version "1.0.1" - resolved "https://registry.yarnpkg.com/union-value/-/union-value-1.0.1.tgz#0b6fe7b835aecda61c6ea4d4f02c14221e109847" - integrity sha512-tJfXmxMeWYnczCVs7XAEvIV7ieppALdyepWMkHkwciRpZraG/xwT+s2JN8+pr1+8jCRf80FFzvr+MpQeeoF4Xg== - dependencies: - arr-union "^3.1.0" - get-value "^2.0.6" - is-extendable "^0.1.1" - set-value "^2.0.1" - unique-string@^2.0.0: version "2.0.0" resolved "https://registry.yarnpkg.com/unique-string/-/unique-string-2.0.0.tgz#39c6451f81afb2749de2b233e3f7c5e8843bd89d" @@ -13462,14 +12939,6 @@ unpipe@1.0.0, unpipe@~1.0.0: resolved "https://registry.yarnpkg.com/unpipe/-/unpipe-1.0.0.tgz#b2bf4ee8514aae6165b4817829d21b2ef49904ec" integrity sha512-pjy2bYhSsufwWlKwPc+l3cN7+wuJlK6uz0YdJEOlQDbl6jo/YlPi4mb8agUkVC8BF7V8NuzeyPNqRksA3hztKQ== -unset-value@^1.0.0: - version "1.0.0" - resolved "https://registry.yarnpkg.com/unset-value/-/unset-value-1.0.0.tgz#8376873f7d2335179ffb1e6fc3a8ed0dfc8ab559" - integrity sha512-PcA2tsuGSF9cnySLHTLSh2qrQiJ70mn+r+Glzxv2TWZblxsxCC52BDlZoPCsz7STd9pN7EZetkWZBAvk4cgZdQ== - dependencies: - has-value "^0.3.1" - isobject "^3.0.0" - unzipper@^0.10.14: version "0.10.14" resolved "https://registry.yarnpkg.com/unzipper/-/unzipper-0.10.14.tgz#d2b33c977714da0fbc0f82774ad35470a7c962b1" @@ -13528,11 +12997,6 @@ uri-js@^4.2.2: dependencies: punycode "^2.1.0" -urix@^0.1.0: - version "0.1.0" - resolved "https://registry.yarnpkg.com/urix/-/urix-0.1.0.tgz#da937f7a62e21fec1fd18d49b35c2935067a6c72" - integrity sha512-Am1ousAhSLBeB9cG/7k7r2R0zj50uDRlZHPGbazid5s9rlF1F/QKYObEKSIunSjIOkJZqwRRLpvewjEkM7pSqg== - url-join@^4.0.1: version "4.0.1" resolved "https://registry.yarnpkg.com/url-join/-/url-join-4.0.1.tgz#b642e21a2646808ffa178c4c5fda39844e12cde7" @@ -13567,11 +13031,6 @@ url@^0.11.0: punycode "1.3.2" querystring "0.2.0" -use@^3.1.0: - version "3.1.1" - resolved "https://registry.yarnpkg.com/use/-/use-3.1.1.tgz#d50c8cac79a19fbc20f2911f56eb973f4e10070f" - integrity sha512-cwESVXlO3url9YWlFW/TA9cshCEhtu7IKJ/p5soJ/gGpj7vbvFrAY/eIioQ6Dw23KjZhYgiIo8HOs1nQ2vr/oQ== - util-arity@^1.1.0: version "1.1.0" resolved "https://registry.yarnpkg.com/util-arity/-/util-arity-1.1.0.tgz#59d01af1fdb3fede0ac4e632b0ab5f6ce97c9330" From f2588cb774ab3349c23b5022cc4bb14bcda9c233 Mon Sep 17 00:00:00 2001 From: Krys Wisnaskas Date: Thu, 22 Aug 2024 11:40:01 -0400 Subject: [PATCH 4/4] Update known vulnerabilities --- frontend/yarn-audit-known-issues | 43 ++++++++++++++++++++++++++++++++ 1 file changed, 43 insertions(+) diff --git a/frontend/yarn-audit-known-issues b/frontend/yarn-audit-known-issues index e69de29bb2..b36de4ba33 100644 --- a/frontend/yarn-audit-known-issues +++ b/frontend/yarn-audit-known-issues @@ -0,0 +1,43 @@ +{"type":"auditAdvisory","data":{"resolution":{"id":1097682,"path":"react-scripts>jest>@jest/core>jest-config>jest-environment-jsdom>jsdom>tough-cookie","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"4.0.0","paths":["react-scripts>jest>@jest/core>jest-config>jest-environment-jsdom>jsdom>tough-cookie","react-scripts>jest>jest-cli>@jest/core>jest-config>jest-environment-jsdom>jsdom>tough-cookie","react-scripts>jest>jest-cli>@jest/core>jest-config>jest-runner>jest-environment-jsdom>jsdom>tough-cookie"]}],"metadata":null,"vulnerable_versions":"<4.1.3","module_name":"tough-cookie","severity":"moderate","github_advisory_id":"GHSA-72xf-g2v4-qvf3","cves":["CVE-2023-26136"],"access":"public","patched_versions":">=4.1.3","cvss":{"score":6.5,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},"updated":"2024-06-21T21:33:53.000Z","recommendation":"Upgrade to version 4.1.3 or later","cwe":["CWE-1321"],"found_by":null,"deleted":null,"id":1097682,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2023-26136\n- https://github.com/salesforce/tough-cookie/issues/282\n- https://github.com/salesforce/tough-cookie/commit/12d474791bb856004e858fdb1c47b7608d09cf6e\n- https://github.com/salesforce/tough-cookie/releases/tag/v4.1.3\n- https://security.snyk.io/vuln/SNYK-JS-TOUGHCOOKIE-5672873\n- https://lists.debian.org/debian-lts-announce/2023/07/msg00010.html\n- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3HUE6ZR5SL73KHL7XUPAOEL6SB7HUDT2\n- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6PVVPNSAGSDS63HQ74PJ7MZ3MU5IYNVZ\n- https://security.netapp.com/advisory/ntap-20240621-0006\n- https://github.com/advisories/GHSA-72xf-g2v4-qvf3","created":"2023-07-01T06:30:16.000Z","reported_by":null,"title":"tough-cookie Prototype Pollution vulnerability","npm_advisory_id":null,"overview":"Versions of the package tough-cookie before 4.1.3 are vulnerable to Prototype Pollution due to improper handling of Cookies when using CookieJar in `rejectPublicSuffixes=false` mode. This issue arises from the manner in which the objects are initialized.","url":"https://github.com/advisories/GHSA-72xf-g2v4-qvf3"}}} +{"type":"auditAdvisory","data":{"resolution":{"id":1097682,"path":"react-scripts>jest>jest-cli>@jest/core>jest-config>jest-environment-jsdom>jsdom>tough-cookie","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"4.0.0","paths":["react-scripts>jest>@jest/core>jest-config>jest-environment-jsdom>jsdom>tough-cookie","react-scripts>jest>jest-cli>@jest/core>jest-config>jest-environment-jsdom>jsdom>tough-cookie","react-scripts>jest>jest-cli>@jest/core>jest-config>jest-runner>jest-environment-jsdom>jsdom>tough-cookie"]}],"metadata":null,"vulnerable_versions":"<4.1.3","module_name":"tough-cookie","severity":"moderate","github_advisory_id":"GHSA-72xf-g2v4-qvf3","cves":["CVE-2023-26136"],"access":"public","patched_versions":">=4.1.3","cvss":{"score":6.5,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},"updated":"2024-06-21T21:33:53.000Z","recommendation":"Upgrade to version 4.1.3 or later","cwe":["CWE-1321"],"found_by":null,"deleted":null,"id":1097682,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2023-26136\n- https://github.com/salesforce/tough-cookie/issues/282\n- https://github.com/salesforce/tough-cookie/commit/12d474791bb856004e858fdb1c47b7608d09cf6e\n- https://github.com/salesforce/tough-cookie/releases/tag/v4.1.3\n- https://security.snyk.io/vuln/SNYK-JS-TOUGHCOOKIE-5672873\n- https://lists.debian.org/debian-lts-announce/2023/07/msg00010.html\n- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3HUE6ZR5SL73KHL7XUPAOEL6SB7HUDT2\n- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6PVVPNSAGSDS63HQ74PJ7MZ3MU5IYNVZ\n- https://security.netapp.com/advisory/ntap-20240621-0006\n- https://github.com/advisories/GHSA-72xf-g2v4-qvf3","created":"2023-07-01T06:30:16.000Z","reported_by":null,"title":"tough-cookie Prototype Pollution vulnerability","npm_advisory_id":null,"overview":"Versions of the package tough-cookie before 4.1.3 are vulnerable to Prototype Pollution due to improper handling of Cookies when using CookieJar in `rejectPublicSuffixes=false` mode. This issue arises from the manner in which the objects are initialized.","url":"https://github.com/advisories/GHSA-72xf-g2v4-qvf3"}}} +{"type":"auditAdvisory","data":{"resolution":{"id":1097682,"path":"react-scripts>jest>jest-cli>@jest/core>jest-config>jest-runner>jest-environment-jsdom>jsdom>tough-cookie","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"4.0.0","paths":["react-scripts>jest>@jest/core>jest-config>jest-environment-jsdom>jsdom>tough-cookie","react-scripts>jest>jest-cli>@jest/core>jest-config>jest-environment-jsdom>jsdom>tough-cookie","react-scripts>jest>jest-cli>@jest/core>jest-config>jest-runner>jest-environment-jsdom>jsdom>tough-cookie"]}],"metadata":null,"vulnerable_versions":"<4.1.3","module_name":"tough-cookie","severity":"moderate","github_advisory_id":"GHSA-72xf-g2v4-qvf3","cves":["CVE-2023-26136"],"access":"public","patched_versions":">=4.1.3","cvss":{"score":6.5,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},"updated":"2024-06-21T21:33:53.000Z","recommendation":"Upgrade to version 4.1.3 or later","cwe":["CWE-1321"],"found_by":null,"deleted":null,"id":1097682,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2023-26136\n- https://github.com/salesforce/tough-cookie/issues/282\n- https://github.com/salesforce/tough-cookie/commit/12d474791bb856004e858fdb1c47b7608d09cf6e\n- https://github.com/salesforce/tough-cookie/releases/tag/v4.1.3\n- https://security.snyk.io/vuln/SNYK-JS-TOUGHCOOKIE-5672873\n- https://lists.debian.org/debian-lts-announce/2023/07/msg00010.html\n- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3HUE6ZR5SL73KHL7XUPAOEL6SB7HUDT2\n- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6PVVPNSAGSDS63HQ74PJ7MZ3MU5IYNVZ\n- https://security.netapp.com/advisory/ntap-20240621-0006\n- https://github.com/advisories/GHSA-72xf-g2v4-qvf3","created":"2023-07-01T06:30:16.000Z","reported_by":null,"title":"tough-cookie Prototype Pollution vulnerability","npm_advisory_id":null,"overview":"Versions of the package tough-cookie before 4.1.3 are vulnerable to Prototype Pollution due to improper handling of Cookies when using CookieJar in `rejectPublicSuffixes=false` mode. This issue arises from the manner in which the objects are initialized.","url":"https://github.com/advisories/GHSA-72xf-g2v4-qvf3"}}} +{"type":"auditAdvisory","data":{"resolution":{"id":1098615,"path":"@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch","dev":false,"bundled":false,"optional":false},"advisory":{"findings":[{"version":"4.0.5","paths":["@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>fast-glob>micromatch","react-scripts>react-dev-utils>globby>fast-glob>micromatch","eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-resolve>jest-haste-map>micromatch","react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch"]},{"version":"4.0.5","paths":["react-scripts>babel-jest>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch"]},{"version":"4.0.5","paths":["react-scripts>eslint-webpack-plugin>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-message-util>micromatch","react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-config>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>micromatch","react-scripts>jest>jest-cli>@jest/core>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>micromatch"]},{"version":"4.0.5","paths":["http-proxy-middleware>micromatch","react-scripts>webpack-dev-server>http-proxy-middleware>micromatch"]},{"version":"4.0.7","paths":["micromatch"]}],"metadata":null,"vulnerable_versions":"<=4.0.7","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":"<0.0.0","cvss":{"score":0,"vectorString":null},"updated":"2024-08-21T22:59:40.000Z","recommendation":"None","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098615,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/d1641baf261e42ea437f3750c44f20cec0b33e1b\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} +{"type":"auditAdvisory","data":{"resolution":{"id":1098615,"path":"react-scripts>tailwindcss>fast-glob>micromatch","dev":false,"bundled":false,"optional":false},"advisory":{"findings":[{"version":"4.0.5","paths":["@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>fast-glob>micromatch","react-scripts>react-dev-utils>globby>fast-glob>micromatch","eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-resolve>jest-haste-map>micromatch","react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch"]},{"version":"4.0.5","paths":["react-scripts>babel-jest>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch"]},{"version":"4.0.5","paths":["react-scripts>eslint-webpack-plugin>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-message-util>micromatch","react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-config>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>micromatch","react-scripts>jest>jest-cli>@jest/core>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>micromatch"]},{"version":"4.0.5","paths":["http-proxy-middleware>micromatch","react-scripts>webpack-dev-server>http-proxy-middleware>micromatch"]},{"version":"4.0.7","paths":["micromatch"]}],"metadata":null,"vulnerable_versions":"<=4.0.7","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":"<0.0.0","cvss":{"score":0,"vectorString":null},"updated":"2024-08-21T22:59:40.000Z","recommendation":"None","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098615,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/d1641baf261e42ea437f3750c44f20cec0b33e1b\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} +{"type":"auditAdvisory","data":{"resolution":{"id":1098615,"path":"react-scripts>react-dev-utils>globby>fast-glob>micromatch","dev":false,"bundled":false,"optional":false},"advisory":{"findings":[{"version":"4.0.5","paths":["@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>fast-glob>micromatch","react-scripts>react-dev-utils>globby>fast-glob>micromatch","eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-resolve>jest-haste-map>micromatch","react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch"]},{"version":"4.0.5","paths":["react-scripts>babel-jest>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch"]},{"version":"4.0.5","paths":["react-scripts>eslint-webpack-plugin>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-message-util>micromatch","react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-config>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>micromatch","react-scripts>jest>jest-cli>@jest/core>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>micromatch"]},{"version":"4.0.5","paths":["http-proxy-middleware>micromatch","react-scripts>webpack-dev-server>http-proxy-middleware>micromatch"]},{"version":"4.0.7","paths":["micromatch"]}],"metadata":null,"vulnerable_versions":"<=4.0.7","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":"<0.0.0","cvss":{"score":0,"vectorString":null},"updated":"2024-08-21T22:59:40.000Z","recommendation":"None","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098615,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/d1641baf261e42ea437f3750c44f20cec0b33e1b\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} +{"type":"auditAdvisory","data":{"resolution":{"id":1098615,"path":"eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","dev":false,"bundled":false,"optional":false},"advisory":{"findings":[{"version":"4.0.5","paths":["@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>fast-glob>micromatch","react-scripts>react-dev-utils>globby>fast-glob>micromatch","eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-resolve>jest-haste-map>micromatch","react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch"]},{"version":"4.0.5","paths":["react-scripts>babel-jest>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch"]},{"version":"4.0.5","paths":["react-scripts>eslint-webpack-plugin>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-message-util>micromatch","react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-config>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>micromatch","react-scripts>jest>jest-cli>@jest/core>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>micromatch"]},{"version":"4.0.5","paths":["http-proxy-middleware>micromatch","react-scripts>webpack-dev-server>http-proxy-middleware>micromatch"]},{"version":"4.0.7","paths":["micromatch"]}],"metadata":null,"vulnerable_versions":"<=4.0.7","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":"<0.0.0","cvss":{"score":0,"vectorString":null},"updated":"2024-08-21T22:59:40.000Z","recommendation":"None","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098615,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/d1641baf261e42ea437f3750c44f20cec0b33e1b\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} +{"type":"auditAdvisory","data":{"resolution":{"id":1098615,"path":"react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","dev":false,"bundled":false,"optional":false},"advisory":{"findings":[{"version":"4.0.5","paths":["@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>fast-glob>micromatch","react-scripts>react-dev-utils>globby>fast-glob>micromatch","eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-resolve>jest-haste-map>micromatch","react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch"]},{"version":"4.0.5","paths":["react-scripts>babel-jest>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch"]},{"version":"4.0.5","paths":["react-scripts>eslint-webpack-plugin>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-message-util>micromatch","react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-config>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>micromatch","react-scripts>jest>jest-cli>@jest/core>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>micromatch"]},{"version":"4.0.5","paths":["http-proxy-middleware>micromatch","react-scripts>webpack-dev-server>http-proxy-middleware>micromatch"]},{"version":"4.0.7","paths":["micromatch"]}],"metadata":null,"vulnerable_versions":"<=4.0.7","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":"<0.0.0","cvss":{"score":0,"vectorString":null},"updated":"2024-08-21T22:59:40.000Z","recommendation":"None","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098615,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/d1641baf261e42ea437f3750c44f20cec0b33e1b\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} +{"type":"auditAdvisory","data":{"resolution":{"id":1098615,"path":"react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","dev":false,"bundled":false,"optional":false},"advisory":{"findings":[{"version":"4.0.5","paths":["@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>fast-glob>micromatch","react-scripts>react-dev-utils>globby>fast-glob>micromatch","eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-resolve>jest-haste-map>micromatch","react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch"]},{"version":"4.0.5","paths":["react-scripts>babel-jest>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch"]},{"version":"4.0.5","paths":["react-scripts>eslint-webpack-plugin>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-message-util>micromatch","react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-config>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>micromatch","react-scripts>jest>jest-cli>@jest/core>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>micromatch"]},{"version":"4.0.5","paths":["http-proxy-middleware>micromatch","react-scripts>webpack-dev-server>http-proxy-middleware>micromatch"]},{"version":"4.0.7","paths":["micromatch"]}],"metadata":null,"vulnerable_versions":"<=4.0.7","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":"<0.0.0","cvss":{"score":0,"vectorString":null},"updated":"2024-08-21T22:59:40.000Z","recommendation":"None","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098615,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/d1641baf261e42ea437f3750c44f20cec0b33e1b\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} +{"type":"auditAdvisory","data":{"resolution":{"id":1098615,"path":"react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","dev":false,"bundled":false,"optional":false},"advisory":{"findings":[{"version":"4.0.5","paths":["@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>fast-glob>micromatch","react-scripts>react-dev-utils>globby>fast-glob>micromatch","eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-resolve>jest-haste-map>micromatch","react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch"]},{"version":"4.0.5","paths":["react-scripts>babel-jest>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch"]},{"version":"4.0.5","paths":["react-scripts>eslint-webpack-plugin>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-message-util>micromatch","react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-config>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>micromatch","react-scripts>jest>jest-cli>@jest/core>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>micromatch"]},{"version":"4.0.5","paths":["http-proxy-middleware>micromatch","react-scripts>webpack-dev-server>http-proxy-middleware>micromatch"]},{"version":"4.0.7","paths":["micromatch"]}],"metadata":null,"vulnerable_versions":"<=4.0.7","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":"<0.0.0","cvss":{"score":0,"vectorString":null},"updated":"2024-08-21T22:59:40.000Z","recommendation":"None","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098615,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/d1641baf261e42ea437f3750c44f20cec0b33e1b\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} +{"type":"auditAdvisory","data":{"resolution":{"id":1098615,"path":"react-scripts>jest-resolve>jest-haste-map>micromatch","dev":false,"bundled":false,"optional":false},"advisory":{"findings":[{"version":"4.0.5","paths":["@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>fast-glob>micromatch","react-scripts>react-dev-utils>globby>fast-glob>micromatch","eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-resolve>jest-haste-map>micromatch","react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch"]},{"version":"4.0.5","paths":["react-scripts>babel-jest>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch"]},{"version":"4.0.5","paths":["react-scripts>eslint-webpack-plugin>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-message-util>micromatch","react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-config>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>micromatch","react-scripts>jest>jest-cli>@jest/core>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>micromatch"]},{"version":"4.0.5","paths":["http-proxy-middleware>micromatch","react-scripts>webpack-dev-server>http-proxy-middleware>micromatch"]},{"version":"4.0.7","paths":["micromatch"]}],"metadata":null,"vulnerable_versions":"<=4.0.7","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":"<0.0.0","cvss":{"score":0,"vectorString":null},"updated":"2024-08-21T22:59:40.000Z","recommendation":"None","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098615,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/d1641baf261e42ea437f3750c44f20cec0b33e1b\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} +{"type":"auditAdvisory","data":{"resolution":{"id":1098615,"path":"react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","dev":false,"bundled":false,"optional":false},"advisory":{"findings":[{"version":"4.0.5","paths":["@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>fast-glob>micromatch","react-scripts>react-dev-utils>globby>fast-glob>micromatch","eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-resolve>jest-haste-map>micromatch","react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch"]},{"version":"4.0.5","paths":["react-scripts>babel-jest>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch"]},{"version":"4.0.5","paths":["react-scripts>eslint-webpack-plugin>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-message-util>micromatch","react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-config>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>micromatch","react-scripts>jest>jest-cli>@jest/core>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>micromatch"]},{"version":"4.0.5","paths":["http-proxy-middleware>micromatch","react-scripts>webpack-dev-server>http-proxy-middleware>micromatch"]},{"version":"4.0.7","paths":["micromatch"]}],"metadata":null,"vulnerable_versions":"<=4.0.7","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":"<0.0.0","cvss":{"score":0,"vectorString":null},"updated":"2024-08-21T22:59:40.000Z","recommendation":"None","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098615,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/d1641baf261e42ea437f3750c44f20cec0b33e1b\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} +{"type":"auditAdvisory","data":{"resolution":{"id":1098615,"path":"react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","dev":false,"bundled":false,"optional":false},"advisory":{"findings":[{"version":"4.0.5","paths":["@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>fast-glob>micromatch","react-scripts>react-dev-utils>globby>fast-glob>micromatch","eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-resolve>jest-haste-map>micromatch","react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch"]},{"version":"4.0.5","paths":["react-scripts>babel-jest>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch"]},{"version":"4.0.5","paths":["react-scripts>eslint-webpack-plugin>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-message-util>micromatch","react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-config>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>micromatch","react-scripts>jest>jest-cli>@jest/core>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>micromatch"]},{"version":"4.0.5","paths":["http-proxy-middleware>micromatch","react-scripts>webpack-dev-server>http-proxy-middleware>micromatch"]},{"version":"4.0.7","paths":["micromatch"]}],"metadata":null,"vulnerable_versions":"<=4.0.7","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":"<0.0.0","cvss":{"score":0,"vectorString":null},"updated":"2024-08-21T22:59:40.000Z","recommendation":"None","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098615,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/d1641baf261e42ea437f3750c44f20cec0b33e1b\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} +{"type":"auditAdvisory","data":{"resolution":{"id":1098615,"path":"react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","dev":false,"bundled":false,"optional":false},"advisory":{"findings":[{"version":"4.0.5","paths":["@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>fast-glob>micromatch","react-scripts>react-dev-utils>globby>fast-glob>micromatch","eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-resolve>jest-haste-map>micromatch","react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch"]},{"version":"4.0.5","paths":["react-scripts>babel-jest>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch"]},{"version":"4.0.5","paths":["react-scripts>eslint-webpack-plugin>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-message-util>micromatch","react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-config>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>micromatch","react-scripts>jest>jest-cli>@jest/core>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>micromatch"]},{"version":"4.0.5","paths":["http-proxy-middleware>micromatch","react-scripts>webpack-dev-server>http-proxy-middleware>micromatch"]},{"version":"4.0.7","paths":["micromatch"]}],"metadata":null,"vulnerable_versions":"<=4.0.7","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":"<0.0.0","cvss":{"score":0,"vectorString":null},"updated":"2024-08-21T22:59:40.000Z","recommendation":"None","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098615,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/d1641baf261e42ea437f3750c44f20cec0b33e1b\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} +{"type":"auditAdvisory","data":{"resolution":{"id":1098615,"path":"react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","dev":false,"bundled":false,"optional":false},"advisory":{"findings":[{"version":"4.0.5","paths":["@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>fast-glob>micromatch","react-scripts>react-dev-utils>globby>fast-glob>micromatch","eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-resolve>jest-haste-map>micromatch","react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch"]},{"version":"4.0.5","paths":["react-scripts>babel-jest>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch"]},{"version":"4.0.5","paths":["react-scripts>eslint-webpack-plugin>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-message-util>micromatch","react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-config>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>micromatch","react-scripts>jest>jest-cli>@jest/core>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>micromatch"]},{"version":"4.0.5","paths":["http-proxy-middleware>micromatch","react-scripts>webpack-dev-server>http-proxy-middleware>micromatch"]},{"version":"4.0.7","paths":["micromatch"]}],"metadata":null,"vulnerable_versions":"<=4.0.7","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":"<0.0.0","cvss":{"score":0,"vectorString":null},"updated":"2024-08-21T22:59:40.000Z","recommendation":"None","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098615,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/d1641baf261e42ea437f3750c44f20cec0b33e1b\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} +{"type":"auditAdvisory","data":{"resolution":{"id":1098615,"path":"react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","dev":false,"bundled":false,"optional":false},"advisory":{"findings":[{"version":"4.0.5","paths":["@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>fast-glob>micromatch","react-scripts>react-dev-utils>globby>fast-glob>micromatch","eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-resolve>jest-haste-map>micromatch","react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch"]},{"version":"4.0.5","paths":["react-scripts>babel-jest>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch"]},{"version":"4.0.5","paths":["react-scripts>eslint-webpack-plugin>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-message-util>micromatch","react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-config>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>micromatch","react-scripts>jest>jest-cli>@jest/core>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>micromatch"]},{"version":"4.0.5","paths":["http-proxy-middleware>micromatch","react-scripts>webpack-dev-server>http-proxy-middleware>micromatch"]},{"version":"4.0.7","paths":["micromatch"]}],"metadata":null,"vulnerable_versions":"<=4.0.7","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":"<0.0.0","cvss":{"score":0,"vectorString":null},"updated":"2024-08-21T22:59:40.000Z","recommendation":"None","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098615,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/d1641baf261e42ea437f3750c44f20cec0b33e1b\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} +{"type":"auditAdvisory","data":{"resolution":{"id":1098615,"path":"react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","dev":false,"bundled":false,"optional":false},"advisory":{"findings":[{"version":"4.0.5","paths":["@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>fast-glob>micromatch","react-scripts>react-dev-utils>globby>fast-glob>micromatch","eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-resolve>jest-haste-map>micromatch","react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch"]},{"version":"4.0.5","paths":["react-scripts>babel-jest>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch"]},{"version":"4.0.5","paths":["react-scripts>eslint-webpack-plugin>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-message-util>micromatch","react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-config>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>micromatch","react-scripts>jest>jest-cli>@jest/core>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>micromatch"]},{"version":"4.0.5","paths":["http-proxy-middleware>micromatch","react-scripts>webpack-dev-server>http-proxy-middleware>micromatch"]},{"version":"4.0.7","paths":["micromatch"]}],"metadata":null,"vulnerable_versions":"<=4.0.7","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":"<0.0.0","cvss":{"score":0,"vectorString":null},"updated":"2024-08-21T22:59:40.000Z","recommendation":"None","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098615,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/d1641baf261e42ea437f3750c44f20cec0b33e1b\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} +{"type":"auditAdvisory","data":{"resolution":{"id":1098615,"path":"react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch","dev":false,"bundled":false,"optional":false},"advisory":{"findings":[{"version":"4.0.5","paths":["@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>fast-glob>micromatch","react-scripts>react-dev-utils>globby>fast-glob>micromatch","eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-resolve>jest-haste-map>micromatch","react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch"]},{"version":"4.0.5","paths":["react-scripts>babel-jest>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch"]},{"version":"4.0.5","paths":["react-scripts>eslint-webpack-plugin>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-message-util>micromatch","react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-config>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>micromatch","react-scripts>jest>jest-cli>@jest/core>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>micromatch"]},{"version":"4.0.5","paths":["http-proxy-middleware>micromatch","react-scripts>webpack-dev-server>http-proxy-middleware>micromatch"]},{"version":"4.0.7","paths":["micromatch"]}],"metadata":null,"vulnerable_versions":"<=4.0.7","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":"<0.0.0","cvss":{"score":0,"vectorString":null},"updated":"2024-08-21T22:59:40.000Z","recommendation":"None","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098615,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/d1641baf261e42ea437f3750c44f20cec0b33e1b\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} +{"type":"auditAdvisory","data":{"resolution":{"id":1098615,"path":"react-scripts>babel-jest>@jest/transform>micromatch","dev":false,"bundled":false,"optional":false},"advisory":{"findings":[{"version":"4.0.5","paths":["@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>fast-glob>micromatch","react-scripts>react-dev-utils>globby>fast-glob>micromatch","eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-resolve>jest-haste-map>micromatch","react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch"]},{"version":"4.0.5","paths":["react-scripts>babel-jest>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch"]},{"version":"4.0.5","paths":["react-scripts>eslint-webpack-plugin>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-message-util>micromatch","react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-config>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>micromatch","react-scripts>jest>jest-cli>@jest/core>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>micromatch"]},{"version":"4.0.5","paths":["http-proxy-middleware>micromatch","react-scripts>webpack-dev-server>http-proxy-middleware>micromatch"]},{"version":"4.0.7","paths":["micromatch"]}],"metadata":null,"vulnerable_versions":"<=4.0.7","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":"<0.0.0","cvss":{"score":0,"vectorString":null},"updated":"2024-08-21T22:59:40.000Z","recommendation":"None","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098615,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/d1641baf261e42ea437f3750c44f20cec0b33e1b\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} +{"type":"auditAdvisory","data":{"resolution":{"id":1098615,"path":"react-scripts>jest>@jest/core>@jest/transform>micromatch","dev":false,"bundled":false,"optional":false},"advisory":{"findings":[{"version":"4.0.5","paths":["@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>fast-glob>micromatch","react-scripts>react-dev-utils>globby>fast-glob>micromatch","eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-resolve>jest-haste-map>micromatch","react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch"]},{"version":"4.0.5","paths":["react-scripts>babel-jest>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch"]},{"version":"4.0.5","paths":["react-scripts>eslint-webpack-plugin>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-message-util>micromatch","react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-config>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>micromatch","react-scripts>jest>jest-cli>@jest/core>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>micromatch"]},{"version":"4.0.5","paths":["http-proxy-middleware>micromatch","react-scripts>webpack-dev-server>http-proxy-middleware>micromatch"]},{"version":"4.0.7","paths":["micromatch"]}],"metadata":null,"vulnerable_versions":"<=4.0.7","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":"<0.0.0","cvss":{"score":0,"vectorString":null},"updated":"2024-08-21T22:59:40.000Z","recommendation":"None","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098615,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/d1641baf261e42ea437f3750c44f20cec0b33e1b\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} +{"type":"auditAdvisory","data":{"resolution":{"id":1098615,"path":"react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","dev":false,"bundled":false,"optional":false},"advisory":{"findings":[{"version":"4.0.5","paths":["@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>fast-glob>micromatch","react-scripts>react-dev-utils>globby>fast-glob>micromatch","eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-resolve>jest-haste-map>micromatch","react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch"]},{"version":"4.0.5","paths":["react-scripts>babel-jest>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch"]},{"version":"4.0.5","paths":["react-scripts>eslint-webpack-plugin>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-message-util>micromatch","react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-config>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>micromatch","react-scripts>jest>jest-cli>@jest/core>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>micromatch"]},{"version":"4.0.5","paths":["http-proxy-middleware>micromatch","react-scripts>webpack-dev-server>http-proxy-middleware>micromatch"]},{"version":"4.0.7","paths":["micromatch"]}],"metadata":null,"vulnerable_versions":"<=4.0.7","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":"<0.0.0","cvss":{"score":0,"vectorString":null},"updated":"2024-08-21T22:59:40.000Z","recommendation":"None","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098615,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/d1641baf261e42ea437f3750c44f20cec0b33e1b\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} +{"type":"auditAdvisory","data":{"resolution":{"id":1098615,"path":"react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","dev":false,"bundled":false,"optional":false},"advisory":{"findings":[{"version":"4.0.5","paths":["@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>fast-glob>micromatch","react-scripts>react-dev-utils>globby>fast-glob>micromatch","eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-resolve>jest-haste-map>micromatch","react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch"]},{"version":"4.0.5","paths":["react-scripts>babel-jest>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch"]},{"version":"4.0.5","paths":["react-scripts>eslint-webpack-plugin>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-message-util>micromatch","react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-config>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>micromatch","react-scripts>jest>jest-cli>@jest/core>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>micromatch"]},{"version":"4.0.5","paths":["http-proxy-middleware>micromatch","react-scripts>webpack-dev-server>http-proxy-middleware>micromatch"]},{"version":"4.0.7","paths":["micromatch"]}],"metadata":null,"vulnerable_versions":"<=4.0.7","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":"<0.0.0","cvss":{"score":0,"vectorString":null},"updated":"2024-08-21T22:59:40.000Z","recommendation":"None","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098615,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/d1641baf261e42ea437f3750c44f20cec0b33e1b\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} +{"type":"auditAdvisory","data":{"resolution":{"id":1098615,"path":"react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","dev":false,"bundled":false,"optional":false},"advisory":{"findings":[{"version":"4.0.5","paths":["@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>fast-glob>micromatch","react-scripts>react-dev-utils>globby>fast-glob>micromatch","eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-resolve>jest-haste-map>micromatch","react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch"]},{"version":"4.0.5","paths":["react-scripts>babel-jest>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch"]},{"version":"4.0.5","paths":["react-scripts>eslint-webpack-plugin>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-message-util>micromatch","react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-config>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>micromatch","react-scripts>jest>jest-cli>@jest/core>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>micromatch"]},{"version":"4.0.5","paths":["http-proxy-middleware>micromatch","react-scripts>webpack-dev-server>http-proxy-middleware>micromatch"]},{"version":"4.0.7","paths":["micromatch"]}],"metadata":null,"vulnerable_versions":"<=4.0.7","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":"<0.0.0","cvss":{"score":0,"vectorString":null},"updated":"2024-08-21T22:59:40.000Z","recommendation":"None","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098615,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/d1641baf261e42ea437f3750c44f20cec0b33e1b\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} +{"type":"auditAdvisory","data":{"resolution":{"id":1098615,"path":"react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","dev":false,"bundled":false,"optional":false},"advisory":{"findings":[{"version":"4.0.5","paths":["@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>fast-glob>micromatch","react-scripts>react-dev-utils>globby>fast-glob>micromatch","eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-resolve>jest-haste-map>micromatch","react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch"]},{"version":"4.0.5","paths":["react-scripts>babel-jest>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch"]},{"version":"4.0.5","paths":["react-scripts>eslint-webpack-plugin>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-message-util>micromatch","react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-config>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>micromatch","react-scripts>jest>jest-cli>@jest/core>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>micromatch"]},{"version":"4.0.5","paths":["http-proxy-middleware>micromatch","react-scripts>webpack-dev-server>http-proxy-middleware>micromatch"]},{"version":"4.0.7","paths":["micromatch"]}],"metadata":null,"vulnerable_versions":"<=4.0.7","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":"<0.0.0","cvss":{"score":0,"vectorString":null},"updated":"2024-08-21T22:59:40.000Z","recommendation":"None","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098615,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/d1641baf261e42ea437f3750c44f20cec0b33e1b\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} +{"type":"auditAdvisory","data":{"resolution":{"id":1098615,"path":"react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch","dev":false,"bundled":false,"optional":false},"advisory":{"findings":[{"version":"4.0.5","paths":["@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>fast-glob>micromatch","react-scripts>react-dev-utils>globby>fast-glob>micromatch","eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-resolve>jest-haste-map>micromatch","react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch"]},{"version":"4.0.5","paths":["react-scripts>babel-jest>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch"]},{"version":"4.0.5","paths":["react-scripts>eslint-webpack-plugin>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-message-util>micromatch","react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-config>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>micromatch","react-scripts>jest>jest-cli>@jest/core>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>micromatch"]},{"version":"4.0.5","paths":["http-proxy-middleware>micromatch","react-scripts>webpack-dev-server>http-proxy-middleware>micromatch"]},{"version":"4.0.7","paths":["micromatch"]}],"metadata":null,"vulnerable_versions":"<=4.0.7","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":"<0.0.0","cvss":{"score":0,"vectorString":null},"updated":"2024-08-21T22:59:40.000Z","recommendation":"None","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098615,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/d1641baf261e42ea437f3750c44f20cec0b33e1b\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} +{"type":"auditAdvisory","data":{"resolution":{"id":1098615,"path":"react-scripts>eslint-webpack-plugin>micromatch","dev":false,"bundled":false,"optional":false},"advisory":{"findings":[{"version":"4.0.5","paths":["@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>fast-glob>micromatch","react-scripts>react-dev-utils>globby>fast-glob>micromatch","eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-resolve>jest-haste-map>micromatch","react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch"]},{"version":"4.0.5","paths":["react-scripts>babel-jest>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch"]},{"version":"4.0.5","paths":["react-scripts>eslint-webpack-plugin>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-message-util>micromatch","react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-config>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>micromatch","react-scripts>jest>jest-cli>@jest/core>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>micromatch"]},{"version":"4.0.5","paths":["http-proxy-middleware>micromatch","react-scripts>webpack-dev-server>http-proxy-middleware>micromatch"]},{"version":"4.0.7","paths":["micromatch"]}],"metadata":null,"vulnerable_versions":"<=4.0.7","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":"<0.0.0","cvss":{"score":0,"vectorString":null},"updated":"2024-08-21T22:59:40.000Z","recommendation":"None","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098615,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/d1641baf261e42ea437f3750c44f20cec0b33e1b\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} +{"type":"auditAdvisory","data":{"resolution":{"id":1098615,"path":"react-scripts>jest>@jest/core>jest-message-util>micromatch","dev":false,"bundled":false,"optional":false},"advisory":{"findings":[{"version":"4.0.5","paths":["@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>fast-glob>micromatch","react-scripts>react-dev-utils>globby>fast-glob>micromatch","eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-resolve>jest-haste-map>micromatch","react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch"]},{"version":"4.0.5","paths":["react-scripts>babel-jest>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch"]},{"version":"4.0.5","paths":["react-scripts>eslint-webpack-plugin>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-message-util>micromatch","react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-config>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>micromatch","react-scripts>jest>jest-cli>@jest/core>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>micromatch"]},{"version":"4.0.5","paths":["http-proxy-middleware>micromatch","react-scripts>webpack-dev-server>http-proxy-middleware>micromatch"]},{"version":"4.0.7","paths":["micromatch"]}],"metadata":null,"vulnerable_versions":"<=4.0.7","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":"<0.0.0","cvss":{"score":0,"vectorString":null},"updated":"2024-08-21T22:59:40.000Z","recommendation":"None","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098615,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/d1641baf261e42ea437f3750c44f20cec0b33e1b\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} +{"type":"auditAdvisory","data":{"resolution":{"id":1098615,"path":"react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","dev":false,"bundled":false,"optional":false},"advisory":{"findings":[{"version":"4.0.5","paths":["@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>fast-glob>micromatch","react-scripts>react-dev-utils>globby>fast-glob>micromatch","eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-resolve>jest-haste-map>micromatch","react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch"]},{"version":"4.0.5","paths":["react-scripts>babel-jest>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch"]},{"version":"4.0.5","paths":["react-scripts>eslint-webpack-plugin>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-message-util>micromatch","react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-config>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>micromatch","react-scripts>jest>jest-cli>@jest/core>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>micromatch"]},{"version":"4.0.5","paths":["http-proxy-middleware>micromatch","react-scripts>webpack-dev-server>http-proxy-middleware>micromatch"]},{"version":"4.0.7","paths":["micromatch"]}],"metadata":null,"vulnerable_versions":"<=4.0.7","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":"<0.0.0","cvss":{"score":0,"vectorString":null},"updated":"2024-08-21T22:59:40.000Z","recommendation":"None","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098615,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/d1641baf261e42ea437f3750c44f20cec0b33e1b\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} +{"type":"auditAdvisory","data":{"resolution":{"id":1098615,"path":"react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","dev":false,"bundled":false,"optional":false},"advisory":{"findings":[{"version":"4.0.5","paths":["@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>fast-glob>micromatch","react-scripts>react-dev-utils>globby>fast-glob>micromatch","eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-resolve>jest-haste-map>micromatch","react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch"]},{"version":"4.0.5","paths":["react-scripts>babel-jest>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch"]},{"version":"4.0.5","paths":["react-scripts>eslint-webpack-plugin>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-message-util>micromatch","react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-config>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>micromatch","react-scripts>jest>jest-cli>@jest/core>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>micromatch"]},{"version":"4.0.5","paths":["http-proxy-middleware>micromatch","react-scripts>webpack-dev-server>http-proxy-middleware>micromatch"]},{"version":"4.0.7","paths":["micromatch"]}],"metadata":null,"vulnerable_versions":"<=4.0.7","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":"<0.0.0","cvss":{"score":0,"vectorString":null},"updated":"2024-08-21T22:59:40.000Z","recommendation":"None","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098615,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/d1641baf261e42ea437f3750c44f20cec0b33e1b\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} +{"type":"auditAdvisory","data":{"resolution":{"id":1098615,"path":"react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","dev":false,"bundled":false,"optional":false},"advisory":{"findings":[{"version":"4.0.5","paths":["@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>fast-glob>micromatch","react-scripts>react-dev-utils>globby>fast-glob>micromatch","eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-resolve>jest-haste-map>micromatch","react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch"]},{"version":"4.0.5","paths":["react-scripts>babel-jest>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch"]},{"version":"4.0.5","paths":["react-scripts>eslint-webpack-plugin>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-message-util>micromatch","react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-config>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>micromatch","react-scripts>jest>jest-cli>@jest/core>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>micromatch"]},{"version":"4.0.5","paths":["http-proxy-middleware>micromatch","react-scripts>webpack-dev-server>http-proxy-middleware>micromatch"]},{"version":"4.0.7","paths":["micromatch"]}],"metadata":null,"vulnerable_versions":"<=4.0.7","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":"<0.0.0","cvss":{"score":0,"vectorString":null},"updated":"2024-08-21T22:59:40.000Z","recommendation":"None","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098615,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/d1641baf261e42ea437f3750c44f20cec0b33e1b\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} +{"type":"auditAdvisory","data":{"resolution":{"id":1098615,"path":"react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","dev":false,"bundled":false,"optional":false},"advisory":{"findings":[{"version":"4.0.5","paths":["@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>fast-glob>micromatch","react-scripts>react-dev-utils>globby>fast-glob>micromatch","eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-resolve>jest-haste-map>micromatch","react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch"]},{"version":"4.0.5","paths":["react-scripts>babel-jest>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch"]},{"version":"4.0.5","paths":["react-scripts>eslint-webpack-plugin>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-message-util>micromatch","react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-config>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>micromatch","react-scripts>jest>jest-cli>@jest/core>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>micromatch"]},{"version":"4.0.5","paths":["http-proxy-middleware>micromatch","react-scripts>webpack-dev-server>http-proxy-middleware>micromatch"]},{"version":"4.0.7","paths":["micromatch"]}],"metadata":null,"vulnerable_versions":"<=4.0.7","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":"<0.0.0","cvss":{"score":0,"vectorString":null},"updated":"2024-08-21T22:59:40.000Z","recommendation":"None","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098615,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/d1641baf261e42ea437f3750c44f20cec0b33e1b\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} +{"type":"auditAdvisory","data":{"resolution":{"id":1098615,"path":"react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","dev":false,"bundled":false,"optional":false},"advisory":{"findings":[{"version":"4.0.5","paths":["@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>fast-glob>micromatch","react-scripts>react-dev-utils>globby>fast-glob>micromatch","eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-resolve>jest-haste-map>micromatch","react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch"]},{"version":"4.0.5","paths":["react-scripts>babel-jest>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch"]},{"version":"4.0.5","paths":["react-scripts>eslint-webpack-plugin>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-message-util>micromatch","react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-config>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>micromatch","react-scripts>jest>jest-cli>@jest/core>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>micromatch"]},{"version":"4.0.5","paths":["http-proxy-middleware>micromatch","react-scripts>webpack-dev-server>http-proxy-middleware>micromatch"]},{"version":"4.0.7","paths":["micromatch"]}],"metadata":null,"vulnerable_versions":"<=4.0.7","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":"<0.0.0","cvss":{"score":0,"vectorString":null},"updated":"2024-08-21T22:59:40.000Z","recommendation":"None","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098615,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/d1641baf261e42ea437f3750c44f20cec0b33e1b\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} +{"type":"auditAdvisory","data":{"resolution":{"id":1098615,"path":"react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","dev":false,"bundled":false,"optional":false},"advisory":{"findings":[{"version":"4.0.5","paths":["@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>fast-glob>micromatch","react-scripts>react-dev-utils>globby>fast-glob>micromatch","eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-resolve>jest-haste-map>micromatch","react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch"]},{"version":"4.0.5","paths":["react-scripts>babel-jest>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch"]},{"version":"4.0.5","paths":["react-scripts>eslint-webpack-plugin>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-message-util>micromatch","react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-config>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>micromatch","react-scripts>jest>jest-cli>@jest/core>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>micromatch"]},{"version":"4.0.5","paths":["http-proxy-middleware>micromatch","react-scripts>webpack-dev-server>http-proxy-middleware>micromatch"]},{"version":"4.0.7","paths":["micromatch"]}],"metadata":null,"vulnerable_versions":"<=4.0.7","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":"<0.0.0","cvss":{"score":0,"vectorString":null},"updated":"2024-08-21T22:59:40.000Z","recommendation":"None","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098615,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/d1641baf261e42ea437f3750c44f20cec0b33e1b\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} +{"type":"auditAdvisory","data":{"resolution":{"id":1098615,"path":"react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch","dev":false,"bundled":false,"optional":false},"advisory":{"findings":[{"version":"4.0.5","paths":["@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>fast-glob>micromatch","react-scripts>react-dev-utils>globby>fast-glob>micromatch","eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-resolve>jest-haste-map>micromatch","react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch"]},{"version":"4.0.5","paths":["react-scripts>babel-jest>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch"]},{"version":"4.0.5","paths":["react-scripts>eslint-webpack-plugin>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-message-util>micromatch","react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-config>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>micromatch","react-scripts>jest>jest-cli>@jest/core>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>micromatch"]},{"version":"4.0.5","paths":["http-proxy-middleware>micromatch","react-scripts>webpack-dev-server>http-proxy-middleware>micromatch"]},{"version":"4.0.7","paths":["micromatch"]}],"metadata":null,"vulnerable_versions":"<=4.0.7","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":"<0.0.0","cvss":{"score":0,"vectorString":null},"updated":"2024-08-21T22:59:40.000Z","recommendation":"None","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098615,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/d1641baf261e42ea437f3750c44f20cec0b33e1b\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} +{"type":"auditAdvisory","data":{"resolution":{"id":1098615,"path":"react-scripts>jest>@jest/core>jest-config>micromatch","dev":false,"bundled":false,"optional":false},"advisory":{"findings":[{"version":"4.0.5","paths":["@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>fast-glob>micromatch","react-scripts>react-dev-utils>globby>fast-glob>micromatch","eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-resolve>jest-haste-map>micromatch","react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch"]},{"version":"4.0.5","paths":["react-scripts>babel-jest>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch"]},{"version":"4.0.5","paths":["react-scripts>eslint-webpack-plugin>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-message-util>micromatch","react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-config>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>micromatch","react-scripts>jest>jest-cli>@jest/core>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>micromatch"]},{"version":"4.0.5","paths":["http-proxy-middleware>micromatch","react-scripts>webpack-dev-server>http-proxy-middleware>micromatch"]},{"version":"4.0.7","paths":["micromatch"]}],"metadata":null,"vulnerable_versions":"<=4.0.7","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":"<0.0.0","cvss":{"score":0,"vectorString":null},"updated":"2024-08-21T22:59:40.000Z","recommendation":"None","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098615,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/d1641baf261e42ea437f3750c44f20cec0b33e1b\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} +{"type":"auditAdvisory","data":{"resolution":{"id":1098615,"path":"react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch","dev":false,"bundled":false,"optional":false},"advisory":{"findings":[{"version":"4.0.5","paths":["@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>fast-glob>micromatch","react-scripts>react-dev-utils>globby>fast-glob>micromatch","eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-resolve>jest-haste-map>micromatch","react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch"]},{"version":"4.0.5","paths":["react-scripts>babel-jest>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch"]},{"version":"4.0.5","paths":["react-scripts>eslint-webpack-plugin>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-message-util>micromatch","react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-config>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>micromatch","react-scripts>jest>jest-cli>@jest/core>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>micromatch"]},{"version":"4.0.5","paths":["http-proxy-middleware>micromatch","react-scripts>webpack-dev-server>http-proxy-middleware>micromatch"]},{"version":"4.0.7","paths":["micromatch"]}],"metadata":null,"vulnerable_versions":"<=4.0.7","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":"<0.0.0","cvss":{"score":0,"vectorString":null},"updated":"2024-08-21T22:59:40.000Z","recommendation":"None","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098615,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/d1641baf261e42ea437f3750c44f20cec0b33e1b\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} +{"type":"auditAdvisory","data":{"resolution":{"id":1098615,"path":"react-scripts>jest>@jest/core>micromatch","dev":false,"bundled":false,"optional":false},"advisory":{"findings":[{"version":"4.0.5","paths":["@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>fast-glob>micromatch","react-scripts>react-dev-utils>globby>fast-glob>micromatch","eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-resolve>jest-haste-map>micromatch","react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch"]},{"version":"4.0.5","paths":["react-scripts>babel-jest>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch"]},{"version":"4.0.5","paths":["react-scripts>eslint-webpack-plugin>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-message-util>micromatch","react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-config>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>micromatch","react-scripts>jest>jest-cli>@jest/core>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>micromatch"]},{"version":"4.0.5","paths":["http-proxy-middleware>micromatch","react-scripts>webpack-dev-server>http-proxy-middleware>micromatch"]},{"version":"4.0.7","paths":["micromatch"]}],"metadata":null,"vulnerable_versions":"<=4.0.7","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":"<0.0.0","cvss":{"score":0,"vectorString":null},"updated":"2024-08-21T22:59:40.000Z","recommendation":"None","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098615,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/d1641baf261e42ea437f3750c44f20cec0b33e1b\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} +{"type":"auditAdvisory","data":{"resolution":{"id":1098615,"path":"react-scripts>jest>jest-cli>@jest/core>micromatch","dev":false,"bundled":false,"optional":false},"advisory":{"findings":[{"version":"4.0.5","paths":["@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>fast-glob>micromatch","react-scripts>react-dev-utils>globby>fast-glob>micromatch","eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-resolve>jest-haste-map>micromatch","react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch"]},{"version":"4.0.5","paths":["react-scripts>babel-jest>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch"]},{"version":"4.0.5","paths":["react-scripts>eslint-webpack-plugin>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-message-util>micromatch","react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-config>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>micromatch","react-scripts>jest>jest-cli>@jest/core>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>micromatch"]},{"version":"4.0.5","paths":["http-proxy-middleware>micromatch","react-scripts>webpack-dev-server>http-proxy-middleware>micromatch"]},{"version":"4.0.7","paths":["micromatch"]}],"metadata":null,"vulnerable_versions":"<=4.0.7","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":"<0.0.0","cvss":{"score":0,"vectorString":null},"updated":"2024-08-21T22:59:40.000Z","recommendation":"None","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098615,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/d1641baf261e42ea437f3750c44f20cec0b33e1b\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} +{"type":"auditAdvisory","data":{"resolution":{"id":1098615,"path":"react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch","dev":false,"bundled":false,"optional":false},"advisory":{"findings":[{"version":"4.0.5","paths":["@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>fast-glob>micromatch","react-scripts>react-dev-utils>globby>fast-glob>micromatch","eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-resolve>jest-haste-map>micromatch","react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch"]},{"version":"4.0.5","paths":["react-scripts>babel-jest>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch"]},{"version":"4.0.5","paths":["react-scripts>eslint-webpack-plugin>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-message-util>micromatch","react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-config>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>micromatch","react-scripts>jest>jest-cli>@jest/core>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>micromatch"]},{"version":"4.0.5","paths":["http-proxy-middleware>micromatch","react-scripts>webpack-dev-server>http-proxy-middleware>micromatch"]},{"version":"4.0.7","paths":["micromatch"]}],"metadata":null,"vulnerable_versions":"<=4.0.7","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":"<0.0.0","cvss":{"score":0,"vectorString":null},"updated":"2024-08-21T22:59:40.000Z","recommendation":"None","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098615,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/d1641baf261e42ea437f3750c44f20cec0b33e1b\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} +{"type":"auditAdvisory","data":{"resolution":{"id":1098615,"path":"react-scripts>tailwindcss>micromatch","dev":false,"bundled":false,"optional":false},"advisory":{"findings":[{"version":"4.0.5","paths":["@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>fast-glob>micromatch","react-scripts>react-dev-utils>globby>fast-glob>micromatch","eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-resolve>jest-haste-map>micromatch","react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch"]},{"version":"4.0.5","paths":["react-scripts>babel-jest>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch"]},{"version":"4.0.5","paths":["react-scripts>eslint-webpack-plugin>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-message-util>micromatch","react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-config>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>micromatch","react-scripts>jest>jest-cli>@jest/core>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>micromatch"]},{"version":"4.0.5","paths":["http-proxy-middleware>micromatch","react-scripts>webpack-dev-server>http-proxy-middleware>micromatch"]},{"version":"4.0.7","paths":["micromatch"]}],"metadata":null,"vulnerable_versions":"<=4.0.7","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":"<0.0.0","cvss":{"score":0,"vectorString":null},"updated":"2024-08-21T22:59:40.000Z","recommendation":"None","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098615,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/d1641baf261e42ea437f3750c44f20cec0b33e1b\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} +{"type":"auditAdvisory","data":{"resolution":{"id":1098615,"path":"http-proxy-middleware>micromatch","dev":false,"bundled":false,"optional":false},"advisory":{"findings":[{"version":"4.0.5","paths":["@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>fast-glob>micromatch","react-scripts>react-dev-utils>globby>fast-glob>micromatch","eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-resolve>jest-haste-map>micromatch","react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch"]},{"version":"4.0.5","paths":["react-scripts>babel-jest>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch"]},{"version":"4.0.5","paths":["react-scripts>eslint-webpack-plugin>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-message-util>micromatch","react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-config>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>micromatch","react-scripts>jest>jest-cli>@jest/core>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>micromatch"]},{"version":"4.0.5","paths":["http-proxy-middleware>micromatch","react-scripts>webpack-dev-server>http-proxy-middleware>micromatch"]},{"version":"4.0.7","paths":["micromatch"]}],"metadata":null,"vulnerable_versions":"<=4.0.7","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":"<0.0.0","cvss":{"score":0,"vectorString":null},"updated":"2024-08-21T22:59:40.000Z","recommendation":"None","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098615,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/d1641baf261e42ea437f3750c44f20cec0b33e1b\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} +{"type":"auditAdvisory","data":{"resolution":{"id":1098615,"path":"react-scripts>webpack-dev-server>http-proxy-middleware>micromatch","dev":false,"bundled":false,"optional":false},"advisory":{"findings":[{"version":"4.0.5","paths":["@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>fast-glob>micromatch","react-scripts>react-dev-utils>globby>fast-glob>micromatch","eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-resolve>jest-haste-map>micromatch","react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch"]},{"version":"4.0.5","paths":["react-scripts>babel-jest>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch"]},{"version":"4.0.5","paths":["react-scripts>eslint-webpack-plugin>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-message-util>micromatch","react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-config>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>micromatch","react-scripts>jest>jest-cli>@jest/core>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>micromatch"]},{"version":"4.0.5","paths":["http-proxy-middleware>micromatch","react-scripts>webpack-dev-server>http-proxy-middleware>micromatch"]},{"version":"4.0.7","paths":["micromatch"]}],"metadata":null,"vulnerable_versions":"<=4.0.7","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":"<0.0.0","cvss":{"score":0,"vectorString":null},"updated":"2024-08-21T22:59:40.000Z","recommendation":"None","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098615,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/d1641baf261e42ea437f3750c44f20cec0b33e1b\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}} +{"type":"auditAdvisory","data":{"resolution":{"id":1098615,"path":"micromatch","dev":false,"bundled":false,"optional":false},"advisory":{"findings":[{"version":"4.0.5","paths":["@testing-library/jest-dom>@types/testing-library__jest-dom>@types/jest>expect>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>fast-glob>micromatch","react-scripts>react-dev-utils>globby>fast-glob>micromatch","eslint-plugin-jest>@typescript-eslint/experimental-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/parser>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch","react-scripts>eslint-config-react-app>@typescript-eslint/eslint-plugin>@typescript-eslint/type-utils>@typescript-eslint/utils>@typescript-eslint/typescript-estree>globby>fast-glob>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-resolve>jest-haste-map>micromatch","react-scripts>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>jest-haste-map>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>jest-haste-map>micromatch"]},{"version":"4.0.5","paths":["react-scripts>babel-jest>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/transform>micromatch","react-scripts>jest>@jest/core>@jest/reporters>@jest/transform>micromatch","react-scripts>jest>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>micromatch"]},{"version":"4.0.5","paths":["react-scripts>eslint-webpack-plugin>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-message-util>micromatch","react-scripts>jest>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>@jest/reporters>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/test-result>@jest/console>jest-message-util>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/globals>@jest/environment>@jest/fake-timers>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>jest-config>micromatch","react-scripts>jest>jest-cli>@jest/core>jest-config>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest>@jest/core>micromatch","react-scripts>jest>jest-cli>@jest/core>micromatch"]},{"version":"4.0.5","paths":["react-scripts>jest-watch-typeahead>jest-watcher>@jest/test-result>@jest/console>jest-message-util>micromatch"]},{"version":"4.0.5","paths":["react-scripts>tailwindcss>micromatch"]},{"version":"4.0.5","paths":["http-proxy-middleware>micromatch","react-scripts>webpack-dev-server>http-proxy-middleware>micromatch"]},{"version":"4.0.7","paths":["micromatch"]}],"metadata":null,"vulnerable_versions":"<=4.0.7","module_name":"micromatch","severity":"moderate","github_advisory_id":"GHSA-952p-6rrq-rcjv","cves":["CVE-2024-4067"],"access":"public","patched_versions":"<0.0.0","cvss":{"score":0,"vectorString":null},"updated":"2024-08-21T22:59:40.000Z","recommendation":"None","cwe":["CWE-1333"],"found_by":null,"deleted":null,"id":1098615,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-4067\n- https://github.com/micromatch/micromatch/issues/243\n- https://github.com/micromatch/micromatch/pull/247\n- https://devhub.checkmarx.com/cve-details/CVE-2024-4067\n- https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448\n- https://github.com/micromatch/micromatch/commit/d1641baf261e42ea437f3750c44f20cec0b33e1b\n- https://github.com/advisories/GHSA-952p-6rrq-rcjv","created":"2024-05-14T18:30:54.000Z","reported_by":null,"title":"Regular Expression Denial of Service (ReDoS) in micromatch","npm_advisory_id":null,"overview":"The NPM package `micromatch` is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.\n","url":"https://github.com/advisories/GHSA-952p-6rrq-rcjv"}}}