Closed driesdesmet closed 5 years ago
Looking more into this, I can see that surge has pinned the version of fstream-ignore to 1.0.2, which depends on minimatch 2.x.x. The latest version of fstream-ignore seems to be 1.0.5, depending on minimatch 3.x.x which would resolve this issue. Is there a known incompatiblity?
Github gave me a very obnoxious notification about lodash 3.10.1 when I added surge as a dev dependency to one of my projects.
I tried to trace down the dependency but I could not find it.
@sintaxi I'm also checking in on this and I'm kind of surprised that this isn't being addressed? The minimatch vulnerability is rated 'high' by npm audit
. That…should be a thing.
Much appreciated gents. Thanks for staying on top of this and bringing it to my attention again. As @driesdesmet points out there was a pin a one point because our integration tests were failing with updated libs.
I'll bump this up the priority list to see if I can get to the bottom of it.
I was able to bump the version on fstream-ignore
to 1.0.5, and set the dependency for cli-table2
to the github url (jamestalmage/cli-table2
) to get rid of the vulnerability alerts.
cli-table2
, while the cause of a minor warning might be more iffy—it hasn't been published in a while and the code in the repo is different from what's published (the old lodash version that causes the vulnerability wasn't being used, so it was just removed in the repo) while still having a 0.2.0
version in the package.json.
I was able to run mocha tests locally without issues the first time but I'm seeing timeouts and timeout related async warnings when I run it again. test:local
never succeeds but it's for the same reasons—timeouts and asyncs.
Hello guys.
Any update on that ? The version of minimatch
has been upgraded in fstream-ignore
since version 1.0.3.
Is there any plan to upgrade ?
Fixed. Thanks to everyone for waiting on this and nudging me from time to time. v0.20.3
has been released.
Thank you :)
This is due to
fstream-ignore
, which seems not te get updated lately.