Blockstack has a dependency that causes a vulnerability?

stacks-archive / blockstack-app-generator

Blockstack app generator

MIT License

43 stars 28 forks source link

Blockstack has a dependency that causes a vulnerability? #22

Closed eddiejibson closed 6 years ago

eddiejibson commented 6 years ago


                       === npm audit security report ===

# Run  npm install blockstack@17.2.0  to resolve 1 vulnerability
SEMVER WARNING: Recommended action is a potentially breaking change

  High            Regular Expression Denial of Service

  Package         minimatch

  Dependency of   blockstack

  Path            blockstack > hasprop > tape > glob > minimatch

  More info       https://nodesecurity.io/advisories/118

Any ideas?

larrysalibra commented 6 years ago

This should be fixed in the 18.0.0 release.