Closed IridescentShadow closed 6 years ago
Since globule is tagged with ^1.0.0
it will install the latest minor version of globule, including 1.2.0
.
If you want to force the update, you can do npm cache clean && npm install
to get the latest dependencies.
Globule has released version 1.2.0 which updates the required version of minimatch to 3.0.2. This version patches the regular expression denial of service issue described in https://nodesecurity.io/advisories/118.
Gaze should be updated to require the new version of globule.