Vulnerability in minimatch dependency #26
Comments
SBoudrias
pushed a commit
to SBoudrias/mem-fs-editor
that referenced
this issue
Dec 20, 2018
## The dependency [multimatch](https://github.com/sindresorhus/multimatch) was updated from `2.1.0` to `3.0.0`. This version is **not covered** by your **current version range**. If you don’t accept this pull request, your project will work just like it did before. However, you might be missing out on a bunch of new features, fixes and/or performance improvements from the dependency update. --- <details> <summary>Release Notes for v3.0.0</summary> <p>Breaking:</p> <ul> <li>Require Node.js 6 <a class="commit-link" data-hovercard-type="commit" data-hovercard-url="https://github.com/sindresorhus/multimatch/commit/98a7290cd1f6dcf0c132e73cc5459a8b1dec6f5d/hovercard" href="https://urls.greenkeeper.io/sindresorhus/multimatch/commit/98a7290cd1f6dcf0c132e73cc5459a8b1dec6f5d"><tt>98a7290</tt></a></li> </ul> <p>Other:</p> <ul> <li>Bump <code>minimatch</code> (<a class="issue-link js-issue-link" data-error-text="Failed to load issue title" data-id="392293927" data-permission-text="Issue title is private" data-url="sindresorhus/multimatch#26" data-hovercard-type="issue" data-hovercard-url="/sindresorhus/multimatch/issues/26/hovercard" href="https://urls.greenkeeper.io/sindresorhus/multimatch/issues/26">#26</a>) <a class="commit-link" data-hovercard-type="commit" data-hovercard-url="https://github.com/sindresorhus/multimatch/commit/98a7290cd1f6dcf0c132e73cc5459a8b1dec6f5d/hovercard" href="https://urls.greenkeeper.io/sindresorhus/multimatch/commit/98a7290cd1f6dcf0c132e73cc5459a8b1dec6f5d"><tt>98a7290</tt></a></li> </ul> </details> <details> <summary>Commits</summary> <p>The new version differs by 24 commits ahead by 24, behind by 21.</p> <ul> <li><a href="https://urls.greenkeeper.io/sindresorhus/multimatch/commit/3aecd8a61afe5216a085d941b9bf00af73d3cf7b"><code>3aecd8a</code></a> <code>3.0.0</code></li> <li><a href="https://urls.greenkeeper.io/sindresorhus/multimatch/commit/98a7290cd1f6dcf0c132e73cc5459a8b1dec6f5d"><code>98a7290</code></a> <code>Require Node.js 6 and bump <code>minimatch</code></code></li> <li><a href="https://urls.greenkeeper.io/sindresorhus/multimatch/commit/7681aca457f1d6ee0cc6c3b42ea7d3884ebd280b"><code>7681aca</code></a> <code>Unify API-description (#25)</code></li> <li><a href="https://urls.greenkeeper.io/sindresorhus/multimatch/commit/512345a42ede4c29ce6b85a4683201fb24713ea1"><code>512345a</code></a> <code>Fix tests link in the readme (#24)</code></li> <li><a href="https://urls.greenkeeper.io/sindresorhus/multimatch/commit/3c71fd11ec39db81b6fb1cd6c5a2f6f1cf94ce51"><code>3c71fd1</code></a> <code>Require Node.js 4 and ES2015ify (#23)</code></li> <li><a href="https://urls.greenkeeper.io/sindresorhus/multimatch/commit/b8e93061c339b811a700dab6ab239fadf362d1e8"><code>b8e9306</code></a> <code>add related project to readme</code></li> <li><a href="https://urls.greenkeeper.io/sindresorhus/multimatch/commit/c59dcefdafe00eaff5f6abb614b5b229be2be88b"><code>c59dcef</code></a> <code>2.1.0</code></li> <li><a href="https://urls.greenkeeper.io/sindresorhus/multimatch/commit/471fee2de4e2a62438e63c00480d744dedcc037a"><code>471fee2</code></a> <code>bump deps</code></li> <li><a href="https://urls.greenkeeper.io/sindresorhus/multimatch/commit/4f15fdeb8ff85d530f55ddfb89a656f42dca6319"><code>4f15fde</code></a> <code>Close #17 PR: Clarify how multiple patterns work in the readme.</code></li> <li><a href="https://urls.greenkeeper.io/sindresorhus/multimatch/commit/78c95c33d274694ed4c99a1251acac131553ab7e"><code>78c95c3</code></a> <code>fixed misleading tests</code></li> <li><a href="https://urls.greenkeeper.io/sindresorhus/multimatch/commit/9d3dec3174d1760f76992ff5649e87287aa6bbb1"><code>9d3dec3</code></a> <code>Tweaks</code></li> <li><a href="https://urls.greenkeeper.io/sindresorhus/multimatch/commit/4e11c87fa1993b6fe824b88b2dd1744af5903d43"><code>4e11c87</code></a> <code>Use <code>arrify</code></code></li> <li><a href="https://urls.greenkeeper.io/sindresorhus/multimatch/commit/29aaae7cb0b8717814ef7b0a942024914d5db86a"><code>29aaae7</code></a> <code>Update .travis.yml</code></li> <li><a href="https://urls.greenkeeper.io/sindresorhus/multimatch/commit/7b53dce8b1202b3671a5b26bdcb178cbccac6414"><code>7b53dce</code></a> <code>2.0.0</code></li> <li><a href="https://urls.greenkeeper.io/sindresorhus/multimatch/commit/6888b42891fbd95ccbe877428eac4cfc1b079c8a"><code>6888b42</code></a> <code>bump <code>minimatch</code></code></li> </ul> <p>There are 24 commits in total.</p> <p>See the <a href="https://urls.greenkeeper.io/sindresorhus/multimatch/compare/5b56d1689ef475975682a514b8e1f863794af419...3aecd8a61afe5216a085d941b9bf00af73d3cf7b">full diff</a></p> </details> <details> <summary>FAQ and help</summary> There is a collection of [frequently asked questions](https://greenkeeper.io/faq.html). If those don’t help, you can always [ask the humans behind Greenkeeper](https://github.com/greenkeeperio/greenkeeper/issues/new). </details> --- Your [Greenkeeper](https://greenkeeper.io) bot 🌴
1 task
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Please update minimatch dependency to require ^3.0.2 to resolve vulnerability as noted at https://www.npmjs.com/advisories/118
I tried to create a branch and open PR for the fix, but I guess this repo is not set up to allow PR's from arbitrary users.
The text was updated successfully, but these errors were encountered: