The current release of gulp-istanbul (1.1.1) (transitively) requires minimatch@2.0.10 which is deprecated. The warning we get on an npm install has management worried:
npm WARN deprecated minimatch@2.0.10:
Please update to minimatch 3.0.2 or higher to avoid a RegExp DoS issue
As far as I can see upgrading to a newer istanbul-threshold-checker would be sufficient to get minimatch@3.x. It looks like this is already done in package.json in master. Would it be possible to release a new version of gulp-istanbul so the latest version no longer installs deprecated dependencies?
SBoudrias
commented
7 years ago
The current release of gulp-istanbul (1.1.1) (transitively) requires minimatch@2.0.10 which is deprecated. The warning we get on an
npm installhas management worried:The dependency chain to minimatch is:
As far as I can see upgrading to a newer istanbul-threshold-checker would be sufficient to get
minimatch@3.x. It looks like this is already done in package.json in master. Would it be possible to release a new version of gulp-istanbul so the latest version no longer installs deprecated dependencies?