gulp-order and minimatch security issue
Opened this issue · 0 comments
tituspijean commented
When I do npm install in a js/forum or js/admin extension folder, I am getting several warnings that invite me to do a npm audit fix, after which remains one report which requires a manual fix on your end.
=== npm audit security report ===
┌──────────────────────────────────────────────────────────────────────────────┐
│ Manual Review │
│ Some vulnerabilities require your attention to resolve │
│ │
│ Visit https://go.npm.me/audit-guide for additional guidance │
└──────────────────────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ High │ Regular Expression Denial of Service │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ minimatch │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in │ >=3.0.2 │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ flarum-gulp [dev] │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ flarum-gulp > gulp-order > minimatch │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://nodesecurity.io/advisories/118 │
└───────────────┴──────────────────────────────────────────────────────────────┘
found 1 high severity vulnerability in 6952 scanned packages
1 vulnerability requires manual review. See the full report for details.
Both minimatch and gulp-order have been fixed, the latter as of version 1.2.0.