updated anymatch to 2.0.0

[EugeneBalabai]

Updated anymatch to 2.0.0 for fix vulnerable

[arturopie]

@floatdrop @EugeneBalabai what's the status of this PR? Can it be merged?

[EugeneBalabai]

@arturopie It doesn't work for node v4, but works fall all other versions

[arturopie]

@EugeneBalabai I don't think this PR broke Node v4. Node v4 has been broken on the master branch for very log. You can see it here: https://ci.appveyor.com/project/floatdrop/gulp-watch/builds/17490684

@floatdrop is Node V4 not supported anymore? Can we remove it from here: https://github.com/floatdrop/gulp-watch/blob/master/appveyor.yml#L5 ?

[erikeckhardt]

Could we get some attention on this, please?

The latest gulp-watch uses anymatch 1.3.2 which uses micromatch 2.3.11 which uses braces 1.8.5 which has a vulnerability. Anymatch, micromatch, and braces all offer major versions that fix this problem. Anymatch 2.0.0 or 3.0.2 would be fine. I get that there's a Node v4 dependency, but it seems ok to drop support for that. Version 5.0.0 of gulp-watch dropped support for some node versions. 6.0.0 can do the same thing.

Make it easy for people to fix their problems. It's barely any code to change.

It seems like this project is not maintained much anymore, but given there are 160,000 downloads a week right now, a lot of folks are depending on it, and this is a blocking issue.

[voxxit]

Can we get some ❤️❤️❤️❤️ on this PR? Node 4 is long gone...

[matracey]

@floatdrop Do you still maintain this package? Are you able to help close this PR to fix the open vulnerability? Not sure if the Node 4 failure is a new thing - is support for Node 4 important?

[DanielWidmayer]

This is still an existing issue.

[JoyceBabu]

This is still an existing issue.

Looks like this is already fixed in master.