Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump minimatch version to >=3.0.2 #268

Closed
TDA opened this issue Jun 20, 2016 · 1 comment
Closed

Bump minimatch version to >=3.0.2 #268

TDA opened this issue Jun 20, 2016 · 1 comment

Comments

@TDA
Copy link

TDA commented Jun 20, 2016

According to NSP https://nodesecurity.io/advisories/118, minimatch is vulnerable to a regex DoS attack. Better to explicitly bump it to >= 3.0.2.
TDA added a commit to TDA/node-glob that referenced this issue Jun 20, 2016
@TDA
update(minimatch): bump minimatch version to >=3.0.2
f3f2b6e 
Fixes isaacs#268
This was referenced Jun 20, 2016
Closed
Closed
@lucioperca lucioperca mentioned this issue Jun 21, 2016
Closed
@jeremyfa jeremyfa mentioned this issue Jun 22, 2016
Closed
@tamzinblake
Copy link

Fixed in v7.0.5 - this should be closed

@TDA TDA closed this as completed Jun 23, 2016
@shazron shazron mentioned this issue Jun 25, 2016
Closed
@Ilshidur Ilshidur mentioned this issue Apr 12, 2017
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@tamzinblake @TDA