gulp-istanbul icon indicating copy to clipboard operation
gulp-istanbul copied to clipboard

Published 20 hours ago verified publisher icon SBoudrias

Deprecated [email protected]

Open wvanderdeijl opened this issue 7 years ago • 1 comments

The current release of gulp-istanbul (1.1.1) (transitively) requires [email protected] which is deprecated. The warning we get on an npm install has management worried:

npm WARN deprecated [email protected]: 
    Please update to minimatch 3.0.2 or higher to avoid a RegExp DoS issue

The dependency chain to minimatch is:

[email protected]
    [email protected]
        [email protected]
            [email protected]
                [email protected]

As far as I can see upgrading to a newer istanbul-threshold-checker would be sufficient to get [email protected]. It looks like this is already done in package.json in master. Would it be possible to release a new version of gulp-istanbul so the latest version no longer installs deprecated dependencies?

wvanderdeijl avatar Jun 07 '17 14:06 wvanderdeijl

Done

SBoudrias avatar Jun 07 '17 14:06 SBoudrias