NPM micromatch reported as moderate security risk

[LarsEmbloom]

Reporting a bug?

NPM micromatch vulnerablity

Expected behavior

Expected Behavior:
No vulnerabilities found

Actual Behavior:
The following vulnerablity is found:

micromatch  <4.0.8
Severity: moderate
Regular Expression Denial of Service (ReDoS) in micromatch - https://github.com/advisories/GHSA-952p-6rrq-rcjv
fix available via `npm audit fix`
node_modules/micromatch

Reproduction

With NPM run: npm i @intlify/unplugin-vue-i18n

Issue Package

vite-plugin-vue-i18n

System Info

System:
    OS: Windows 10 10.0.19045
    CPU: (4) x64 Intel(R) Core(TM) i7-6560U CPU @ 2.20GHz
    Memory: 3.56 GB / 15.85 GB
  Binaries:
    Node: 20.11.1 - C:\Program Files\nodejs\node.EXE
    npm: 10.2.4 - C:\Program Files\nodejs\npm.CMD
  Browsers:
    Chrome: 130.0.6723.117
    Edge: Chromium (127.0.2651.98)
    Internet Explorer: 11.0.19041.4355
  npmPackages:
    vite: ^5.4.6 => 5.4.10
    vue: ^3.3.8 => 3.5.12
    vue-i18n: ^10.0.3 => 10.0.4

Screenshot

No response

Additional context

Output from: npm ls micromatch

`-- @intlify/unplugin-vue-i18n@5.3.1
  `-- fast-glob@3.3.2
    `-- micromatch@4.0.5

Validations

• Read the Contributing Guidelines.
• Read the README
• Check that there isn't already an issue that reports the same bug to avoid creating a duplicate.
• Check that this is a concrete bug. For Q&A open a GitHub Discussion.

[kazupon]

Thank you for your reporting!
This is upstream issue.
mrmlnc/fast-glob#457

This issue should be resolved at fast-glob.

And You can work-around with use overrides feature of package manager.
https://docs.npmjs.com/cli/v9/configuring-npm/package-json#overrides

Thanks