search

browserify / watchify

watch mode for browserify builds
Other
1.79k stars 181 forks source link

Please update dependencies for security issues #358

Closed sseide closed 5 years ago

sseide commented 6 years ago

Two of your dependencies (anymatch and chokidar) needs to be updated to address some issues down the road on a dependend library.

Booth libs provide newer versions: anymatch 2.0.0 and chokidar 2.0.2 that has fixed this issue. Be aware that booth libs changed their behavoiur on handling backslashes to be posix compliant on file globbing. This may affect Windows users, but do not now as i do not use it...

✗ Low severity vulnerability found on braces@1.8.5
- desc: Regular Expression Denial of Service (ReDoS)
- info: https://snyk.io/vuln/npm:braces:20180219
- from watchify@3.11.0 > anymatch@1.3.2 > micromatch@2.3.11 > braces@1.8.5

✗ Low severity vulnerability found on braces@1.8.5
- desc: Regular Expression Denial of Service (ReDoS)
- info: https://snyk.io/vuln/npm:braces:20180219
- from: watchify@3.11.0 > chokidar@1.7.0 > anymatch@1.3.2 > micromatch@2.3.11 > braces@1.8.5
perenstrom commented 5 years ago

Seems like https://github.com/browserify/watchify/pull/362 fixes this?

goto-bus-stop commented 5 years ago

yes, published in :package: 3.11.1. thanks for the bump!

ile commented 4 years ago

Got this:

npm WARN deprecated chokidar@2.1.8: Chokidar 2 will break on node v14+. Upgrade to chokidar 3 with 15x less dependencies.