However, watch is a legacy package, which has not been maintained for about 4 years.
Is it possible to migrate watch to other package or remove it to remediate this vulnerability?
I noticed a migration record in other js repo for watch:
● in @google/clasp, version 2.3.2 ➔ 2.4.0, Migrate from watch to chokidar via commit
● in forever-monitor, version 1.5.2 ➔ 1.6.0, Migrate from watch to chokidar via commit
Are there any efforts planned that would remediate this vulnerability or migrate watch?
Hi, a vulnerability https://snyk.io/vuln/SNYK-JS-MERGE-1040469 is introduced in postmark-cli via: ● postmark-cli@1.5.11 ➔ watch@1.0.2 ➔ exec-sh@0.2.2 ➔ merge@1.2.1
However, watch is a legacy package, which has not been maintained for about 4 years. Is it possible to migrate watch to other package or remove it to remediate this vulnerability?
I noticed a migration record in other js repo for watch:
● in @google/clasp, version 2.3.2 ➔ 2.4.0, Migrate from watch to chokidar via commit ● in forever-monitor, version 1.5.2 ➔ 1.6.0, Migrate from watch to chokidar via commit
Are there any efforts planned that would remediate this vulnerability or migrate watch?
Thanks ; )