Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update anymatch version in package.json #335

Open
JonnyVaine opened this issue Jan 21, 2020 · 4 comments
Open

Update anymatch version in package.json #335

JonnyVaine opened this issue Jan 21, 2020 · 4 comments

Comments

@JonnyVaine
Copy link

Hello,

Could you please update the version of anymatch in your package.json file?

While running npm audit, I get the following issue:

=== npm audit security report ===

Low | Regular Expression Denial of Service
Package | braces
Patched in | >=2.3.1
Dependency of | gulp-watch [dev]
Path | gulp-watch > anymatch > micromatch > braces
More info | https://nodesecurity.io/advisories/786

While only a low priority, would be good to be using most up to date versions.
@JonnyVaine
Copy link
Author

@aglotoff @floatdrop

@thezealousfool
Copy link

Duplicate #321

@JayBox325
Copy link

I'm on 5.0.1 and yarn audit is still flagging this as a security issue.

@RubenT86
Copy link

Still an issue.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@JayBox325 @thezealousfool @JonnyVaine @RubenT86