Closed 43081j closed 2 months ago
It's probably much slower.
Sort of related: CVE-2024-4068 on braces
was just made public (see also: https://github.com/micromatch/braces/issues/35).
Hopefully that project fixes it, but... last publish was 5 years ago so we'll see.
tired of these useless "vulnerabilities"
I sympathize!
braces
has released version 3.0.3 which addresses CVE-2024-4068
@sheldonsequeira and?
@sheldonsequeira ho thanks for letting me know. I opened https://github.com/paulmillr/chokidar/pull/1326 to update
@dave-addition consider learning how version ranges work before opening useless pull requests
I'm well aware how version ranges work, but I also found #1324 and realize it's a waste of both of our times to argue the merits of the change.
fwiw this issue is fairly redundant now (the OP at least), since we want to release the next major that has no dependency on globs
👋 as part of the efforts going on over at the ecosystem-cleanup repo, we're helping projects move away from various packages to reduce dependency bloat
braces
is one such package.in most places, we can use
brace-expansion
as a drop-in replacement instead (4-5x smaller, only 1 dependency)i'd be happy to open a PR with the change if you're happy with it