Closed pdehaan closed 7 years ago
@pdehaan is there anything else you would like to see to get this merged?
Sorry I meant to mention @jmcriffey please see above
👍 would be nice to get this merged to avoid npm install
warnings
I'm going to see about updating the the current version of istanbul. They have addressed this security issue already. I'll keep this PR open though until I get it all merged. Thanks!
@jmcriffey Any update on this?
Sorry for the delay. There is a regression in istanbul
directly related to the glob update. I just now had some time to figure out what was going on. There is a now an updated version of babel-istanbul
published at 0.12.1
.
Re: https://nodesecurity.io/advisories/118
It looks like minimatch@<=3.0.1 may have a potential ReDoS. This PR just bumps fileset to
2.x
which includes the latest minimatch.Before:
After: