Skip to content

outdated dependency - minimatch:3.0.4 #832

New issue
New issue
Closed
Closed
outdated dependency - minimatch:3.0.4#832
Assignees
kirill-ivlev
Labels
Area: TaskLibbug
@txk0705

Description

@txk0705
txk0705
opened on Apr 18, 2022

Please check our current Issues to see if someone already reported this https://github.com/Microsoft/azure-pipelines-task-lib/issues.

Environment

azure-pipelines-task-lib version: 3.2.0

Issue Description

minimatch:3.0.4 is out dated and has vulnerabilities requires to update to latest version. it is no more supported. Outdated library blocks azure task lib installation due to security policies now.

Logs

Audit log:
High minimatch minimatch.js braceExpand() Function Improper
Regular Expression DoS
Package minimatch
Patched in 3.0.5
Dependency of azure-pipelines-task-lib
Path azure-pipelines-task-lib > minimatch
More info https://nodesecurity.io/advisories/198521

Metadata

Metadata

Assignees

Labels

Area: TaskLibbug

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions