Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Deprecated minimatch@2.0.10 #123

Open
wvanderdeijl opened this issue Jun 7, 2017 · 1 comment
Open

Deprecated minimatch@2.0.10 #123

wvanderdeijl opened this issue Jun 7, 2017 · 1 comment

Comments

@wvanderdeijl
Copy link

The current release of gulp-istanbul (1.1.1) (transitively) requires minimatch@2.0.10 which is deprecated. The warning we get on an npm install has management worried:

npm WARN deprecated minimatch@2.0.10: 
    Please update to minimatch 3.0.2 or higher to avoid a RegExp DoS issue

The dependency chain to minimatch is:

gulp-istanbul@1.1.1
    istanbul-threshold-checker@0.1.0
        istanbul@0.3.22
            fileset@0.2.1
                minimatch@2.0.10

As far as I can see upgrading to a newer istanbul-threshold-checker would be sufficient to get minimatch@3.x. It looks like this is already done in package.json in master. Would it be possible to release a new version of gulp-istanbul so the latest version no longer installs deprecated dependencies?
@SBoudrias
Copy link
Owner

Done

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@SBoudrias @wvanderdeijl