You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Hey @pamo — thanks for raising this issue. This shouldn't be a problem though for your blog or Gatsby sites in general as minimatch code is only run by Gatsby while developing so safely protected from any malicious actors. I don't recommend exposing a Gatsby development server to the public generally speaking. This is one of the great things about static sites is that they're just files, so not an attack vector.
And yes — postcss-import would need to apply the update for this.
Ran snyk on my blog and found a vulnerable dependency in Gatsby.
Regular Expression Denial of Service
Snyk Details
The text was updated successfully, but these errors were encountered: