Closed SamFromDaUk closed 7 years ago
so it looks like we just need to update handlebars. I'm not sure what the ramifications of that will be, I'll have to do some poking around, but that's good to know.
Is this related to minimatch? I can see that koa-hbs's depends on a very outdated version of glob, which in turn depends on an outdated version of minimatch (0.3.0). When npm installing, I get the following warning:
npm WARN deprecated minimatch@2.0.10: Please update to minimatch 3.0.2 or
higher to avoid a RegExp DoS issue.
Can we update just that for now? I'm passing in my own handlebars instance.
this week is a little nuts because of the short workweek. a PR that passes tests would be welcome, otherwise it may have to wait until this weekend/next week.
Sure, I can check that.
There you go 😄
As of 0.9.0 (pending release) nsp reports no vulnerabilities found.
Hi Guys
Ive been running nsp on some of my apps and nsp is reporting 3 vulnerabilities in the dependencies