As the question states, we are seeing CVE-2022-3517 Reports from this package "This flaw allows a Regular Expression Denial of Service (ReDoS) when calling the braceExpand function with specific arguments, resulting in a Denial of Service"

Is this flaw still open, or has it been closed?

@MrBenGriffin as I know, it was fixed in version 3.0.5