Please update to chokidar 2.x to avoid ReDOS vulnerability

[StephenWeatherford]

https://snyk.io/test/npm/chokidar/1.7.0

[danielfigueiredo]

Quick heads up, looks like the dependency "chokidar": "^1.6.0", has been removed from cpx, maybe just publishing a new version would do the trick?

[Misiu]

@mysticatea could you take a look at this please?

[flvyu]

@mysticatea Reviving this discussion again. Would you be able to get the new version published? Let me know if I can help.

[lietusme]

Any update on this? cpx 1.50 is latest and still contains vulnerabilities https://github.com/advisories/GHSA-ww39-953v-wcq6 https://nvd.nist.gov/vuln/detail/CVE-2018-1109

│ └─┬ [email protected]
│   └─┬ [email protected]
│     ├─┬ [email protected]
│     │ └─┬ [email protected]
│     │   └─┬ [email protected]
│     │     └─┬ [email protected]
│     │       └── [email protected] 
│     └── [email protected] 

├─┬ @bentley/[email protected]
│ └─┬ [email protected]
│   └─┬ [email protected]
│     ├─┬ [email protected]
│     │ └─┬ [email protected]
│     │   └── [email protected] 

Need to use glob-parent 5.1.2 and braces 2.3.1

[vladimiry]

@lietusme this project clearly looks abandoned, so you might want to explore its alive fork https://github.com/bcomnes/cpx2 (basically drop-in replacement).