Skip to content

Fix CVE-2026-33671, CVE-2026-33672 in picomatch#22

Merged
shellicar merged 1 commit intomainfrom
security/picomatch-CVE-2026-33671
Mar 26, 2026
Merged

Fix CVE-2026-33671, CVE-2026-33672 in picomatch#22
shellicar merged 1 commit intomainfrom
security/picomatch-CVE-2026-33671

Conversation

@shellicar
Copy link
Copy Markdown
Owner

@shellicar shellicar commented Mar 26, 2026

Summary

  • Fix 2 vulnerabilities (1 high, 1 moderate) via pnpm override for picomatch >=4.0.4

Security Advisories

@shellicar shellicar added this to the 1.0 milestone Mar 26, 2026
@shellicar shellicar added the dependencies Dependency updates label Mar 26, 2026
@shellicar shellicar self-assigned this Mar 26, 2026
@shellicar shellicar enabled auto-merge (squash) March 26, 2026 14:25
bananabot9000
bananabot9000 approved these changes Mar 26, 2026
View reviewed changes
Copy link
Copy Markdown
Collaborator

@bananabot9000 bananabot9000 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Clean CVE fix. Override scoped to the vulnerable range (>=4.0.0 <4.0.4), lockfile updated. Ship it. 🍌

@shellicar shellicar merged commit fd27056 into main Mar 26, 2026
3 checks passed
@shellicar shellicar deleted the security/picomatch-CVE-2026-33671 branch March 26, 2026 14:26
shellicar pushed a commit that referenced this pull request Mar 26, 2026
Session log: picomatch CVE fix and PR #22
bf4a16b
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@bananabot9000 bananabot9000 bananabot9000 approved these changes

Assignees

@shellicar shellicar

Labels

dependencies Dependency updates

Projects

None yet

Milestone

1.0

Development

Successfully merging this pull request may close these issues.

2 participants

@shellicar @bananabot9000