Vulnerable versions of the micromatch package are embedded in: - openSUSE:Factory/python-plotly micromatch (4.0.5) Upstream issue: https://github.com/micromatch/micromatch/issues/243