Security: Update `find-node-modules` to resolve `braces` vulnerability
G-Rath opened this issue · 1 comments
G-Rath commented
Low Regular Expression Denial of Service
Package braces
Patched in >=2.3.1
Dependency of browserify-css [dev]
Path browserify-css > find-node-modules > findup-sync >
micromatch > bracesMore info https://npmjs.com/advisories/786
I have made an comment requesting a new version of micromatch@2.x.x
be released with an update to the braces
dependency, which might happen and thus resolve this.
However, ideally browserify-css
should update find-node-modules
to v2.0.0
, to resolve this security vulnerability.
AsinusRex commented
Also hoping for a dependency version bump up to get rid of the vulnerability. Doing it by hand introduces a whole new process to deployment.