Skip to content
This repository has been archived by the owner on Nov 3, 2020. It is now read-only.

Upgrade test-exclude to 5.x #4

Closed
Toxicable opened this issue Apr 29, 2019 · 1 comment
Closed

Upgrade test-exclude to 5.x #4

Toxicable opened this issue Apr 29, 2019 · 1 comment

Comments

@Toxicable
Copy link

Toxicable commented Apr 29, 2019
edited
Loading

Looking at test-exlcude it looks like they've removed the micromatch dep in favour of minimatch at some point, so upgrading to the latest should resolve this error in yarn audit
ref https://github.com/istanbuljs/istanbuljs/blob/master/packages/test-exclude/package.json#L31

┌───────────────┬──────────────────────────────────────────────────────────────┐
│ low           │ Regular Expression Denial of Service                         │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ braces                                                       │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in    │ >=2.3.1                                                      │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ @bazel/jasmine                                               │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ @bazel/jasmine > v8-coverage > test-exclude > micromatch >   │
│               │ braces                                                       │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://www.npmjs.com/advisories/786                         │
└───────────────┴──────────────────────────────────────────────────────────────┘
Eywek added a commit that referenced this issue Apr 30, 2019
@Eywek
meta: upgrade test-exclude #4
5f04c0d
@Eywek
Copy link
Owner

Eywek commented Apr 30, 2019

Hello,
Should be fixed with v8-coverage@1.0.9

@Eywek Eywek closed this as completed Apr 30, 2019
@Toxicable Toxicable mentioned this issue May 8, 2019
Closed
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Eywek @Toxicable