paulmillr
commented
7 months ago It's probably much slower.
Closed 43081j closed 2 months ago
paulmillr
commented
7 months ago It's probably much slower.
dave-addition
commented
3 months ago Sort of related: CVE-2024-4068 on braces was just made public (see also: https://github.com/micromatch/braces/issues/35).
Hopefully that project fixes it, but... last publish was 5 years ago so we'll see.
paulmillr
commented
3 months ago tired of these useless "vulnerabilities"
dave-addition
commented
3 months ago I sympathize!
sheldonsequeira
commented
2 months ago braces has released version 3.0.3 which addresses CVE-2024-4068
paulmillr
commented
2 months ago @sheldonsequeira and?
dave-addition
commented
2 months ago @sheldonsequeira ho thanks for letting me know. I opened https://github.com/paulmillr/chokidar/pull/1326 to update
paulmillr
commented
2 months ago @dave-addition consider learning how version ranges work before opening useless pull requests
dave-addition
commented
2 months ago I'm well aware how version ranges work, but I also found #1324 and realize it's a waste of both of our times to argue the merits of the change.
43081j
commented
2 months ago fwiw this issue is fairly redundant now (the OP at least), since we want to release the next major that has no dependency on globs
👋 as part of the efforts going on over at the ecosystem-cleanup repo, we're helping projects move away from various packages to reduce dependency bloat
bracesis one such package.in most places, we can use
brace-expansionas a drop-in replacement instead (4-5x smaller, only 1 dependency)i'd be happy to open a PR with the change if you're happy with it