htmlhint-loader icon indicating copy to clipboard operation
htmlhint-loader copied to clipboard
verified publisher icon htmlhint

Latest version stills installs htmlhint 0.9.13 which installs also minimatch 0.3.0 with vulnerabilities

Open juansaab opened this issue 7 years ago • 3 comments

Describe the bug When I install the latest version of the module I got a warning of security vulnerability

npm WARN deprecated [email protected]: Please update to minimatch 3.0.2 or higher to avoid a RegExp DoS issue
npm WARN deprecated [email protected]: Please update to minimatch 3.0.2 or higher to avoid a RegExp DoS issue

To Reproduce Steps to reproduce the behavior:

  1. Run `npm install htmlhint-loader --save-dev
  2. Error appears

Expected behavior Install the latest version of htmlhint which already uses the correr minimatch package

Screenshots

image

juansaab avatar Nov 08 '18 19:11 juansaab

This is affecting me as well...are there any plans to release an update? I see the Synk PR was merged into master over a year ago but I don't see a corresponding NPM release?

codingpierogi avatar Nov 18 '19 20:11 codingpierogi

I am also wondering about when this package will be updated to resolve security vulnerabilities.

camiblanch avatar Mar 05 '20 18:03 camiblanch

@mattlewis92 It's been a few months since my last comment. Are there plans to update this repo in the near future?

camiblanch avatar Oct 12 '20 19:10 camiblanch