Please update to minimatch 3.0.2 or higher to avoid a RegExp DoS issue

[TuguldurJ]

When installing this package via NPM, I get the following warnings and errors:
npm install highlight.js vue-highlight.js

npm WARN deprecated minimatch@2.0.10: Please update to minimatch 3.0.2 or higher to avoid a RegExp DoS issue
npm WARN deprecated minimatch@0.3.0: Please update to minimatch 3.0.2 or higher to avoid a RegExp DoS issue
npm WARN deprecated minimatch@1.0.0: Please update to minimatch 3.0.2 or higher to avoid a RegExp DoS issue
npm WARN deprecated graceful-fs@3.0.11: please upgrade to graceful-fs 4 for compatibility with current and future versions of Node.js
npm WARN deprecated node-uuid@1.4.8: Use uuid module instead
npm WARN deprecated hoek@0.9.1: The major version is no longer supported. Please update to 4.x or newer
npm ERR! path /Users//node_modules/highlight.js/tools/build.js
npm ERR! code ENOENT
npm ERR! errno -2
npm ERR! syscall chmod
npm ERR! enoent ENOENT: no such file or directory, chmod '/Users//node_modules/highlight.js/tools/build.js'
npm ERR! enoent This is related to npm not being able to find a file.

This is not vue-highlight.js issue.

[ritikasib]

same issue faced

[slinkardbrandon]

Yeah I'm facing the same problem and I'm not using vue at all.

[marcoscaceres]

Duplicate of #1984

[Cherry]

I think this may have been erroneously marked as a duplicate when 9.15+ was having install issues. The package installs fine now (woot thanks!), but...

9.14.2 had no dependency deprecation warnings, whereas 9.15.5 when installed without any other packages reports:

npm install highlight.js
npm WARN deprecated minimatch@2.0.10: Please update to minimatch 3.0.2 or higher to avoid a RegExp DoS issue
npm WARN deprecated minimatch@0.3.0: Please update to minimatch 3.0.2 or higher to avoid a RegExp DoS issue
npm WARN deprecated minimatch@1.0.0: Please update to minimatch 3.0.2 or higher to avoid a RegExp DoS issue
npm WARN deprecated graceful-fs@3.0.11: please upgrade to graceful-fs 4 for compatibility with current and future versions of Node.js
npm WARN deprecated node-uuid@1.4.8: Use uuid module instead
npm WARN deprecated hoek@0.9.1: The major version is no longer supported. Please update to 4.x or newer

This then results in npm audit reporting 25 vulnerabilities (6 low, 11 moderate, 8 high). Some of these packages look to only be used in tools or tests - do they need to be shipped as dependencies, creating these audit issues?

[Cherry]

Actually looks like this may be a duplicate-ish of #1369, sorry. It wasn't a big issue in the past as the build deps weren't shipped with the release, but that seems to have changed with 9.15.x.

[marcoscaceres]

Can leave this open and close it when we actually deal with #1369.

[marcoscaceres]

Fixed in 9.15.6

[TuguldurJ]

Thank you! @marcoscaceres

[marcoscaceres]

As a bonus, we fixes all the outdated dependencies by forking gear and gear-lib :) We only have 1 low severity security warning 🎉

[TuguldurJ]

You guys worked very well, I will go ahead with highlight.js
Thank you!