danielfigueiredo
commented
5 years ago Quick heads up, looks like the dependency "chokidar": "^1.6.0", has been removed from cpx, maybe just publishing a new version would do the trick?
Open StephenWeatherford opened 5 years ago
danielfigueiredo
commented
5 years ago Quick heads up, looks like the dependency "chokidar": "^1.6.0", has been removed from cpx, maybe just publishing a new version would do the trick?
Misiu
commented
4 years ago @mysticatea could you take a look at this please?
flvyu
commented
3 years ago @mysticatea Reviving this discussion again. Would you be able to get the new version published? Let me know if I can help.
lietusme
commented
3 years ago Any update on this? cpx 1.50 is latest and still contains vulnerabilities https://github.com/advisories/GHSA-ww39-953v-wcq6 https://nvd.nist.gov/vuln/detail/CVE-2018-1109
│ └─┬ cpx@1.5.0
│ └─┬ chokidar@1.7.0
│ ├─┬ anymatch@1.3.2
│ │ └─┬ micromatch@2.3.11
│ │ └─┬ parse-glob@3.0.4
│ │ └─┬ glob-base@0.3.0
│ │ └── glob-parent@2.0.0
│ └── glob-parent@2.0.0
├─┬ @bentley/build-tools@2.19.17
│ └─┬ cpx@1.5.0
│ └─┬ chokidar@1.7.0
│ ├─┬ anymatch@1.3.2
│ │ └─┬ micromatch@2.3.11
│ │ └── braces@1.8.5 Need to use glob-parent 5.1.2 and braces 2.3.1
vladimiry
commented
3 years ago @lietusme this project clearly looks abandoned, so you might want to explore its alive fork https://github.com/bcomnes/cpx2 (basically drop-in replacement).
https://snyk.io/test/npm/chokidar/1.7.0