gulp-coverage icon indicating copy to clipboard operation
gulp-coverage copied to clipboard

Published 20 hours ago verified publisher icon dylanb

Update depenendencies for vulnerability fixes

Open mikecbrant opened this issue 6 years ago • 1 comments

Running npm audit against latest package version reveals several problems which likely need dependency updates in this library.

First and foremost is the fact that this package still relies on jade rather modern pug replacement. There are 5 vulnerabilities related to this package alone.

Second, an update should be made to multimatch to get latest version which would eliminate underlying lodash vulnerabilities as multimatch no longer uses this package as dependency.

This would leave only a single remaining vulnerability exposed by the multimatch library for which I have already opened an issue - https://github.com/sindresorhus/multimatch/issues/26

mikecbrant avatar Dec 18 '18 19:12 mikecbrant

Multimatch package 3.0.0 was just released and addresses which includes fix for vulnerability noted above.

mikecbrant avatar Dec 20 '18 18:12 mikecbrant