Closed tomkdgun closed 1 month ago
If 3.0.3 is out, why would there be an npm audit fix? Purge your node_modules and reinstall, you'll pick up the latest patch.
@remy The npm audit fix will update the package-lock.json entry for nodemon https://github.com/remy/nodemon/blob/main/package-lock.json#L1480
Regarding https://github.com/remy/nodemon/issues/2203
The braces released new version 3.0.3 with different default limits: https://github.com/micromatch/braces/commit/415d660c3002d1ab7e63dbf490c9851da80596ff
Are there any plans to perform
npm audit fix
, to make CVE scanners happy ?Background:
Snyk reported a vulnerability in the nodemon 3.1.0 dependency.
https://security.snyk.io/vuln/SNYK-JS-BRACES-6838727