[wp-trac] [WordPress Trac] #38199: Update npm dependencies for 4.7
WordPress Trac
noreply at wordpress.org
Tue Nov 1 07:53:21 UTC 2016
#38199: Update npm dependencies for 4.7
------------------------------+-----------------------
Reporter: jorbin | Owner: jorbin
Type: task (blessed) | Status: assigned
Priority: normal | Milestone: 4.7
Component: Build/Test Tools | Version:
Severity: normal | Resolution:
Keywords: | Focuses:
------------------------------+-----------------------
Comment (by swissspidy):
Out of curiosity I ran `yarn` to create a lock file and got the following
output which I think is worth considering:
> warning grunt > minimatch at 0.2.14: Please update to minimatch 3.0.2 or
higher to avoid a RegExp DoS issue
> warning grunt > glob > minimatch at 0.2.14: Please update to minimatch
3.0.2 or higher to avoid a RegExp DoS issue
> warning grunt > findup-sync > glob > minimatch at 0.3.0: Please update to
minimatch 3.0.2 or higher to avoid a RegExp DoS issue
> warning grunt > glob > graceful-fs at 1.2.3: graceful-fs v3.0.0 and before
will fail on node releases >= v7.0. Please update to `graceful-fs@^4.0.0`
as soon as possible. Use 'npm ls graceful-fs' to find it in the tree.
> warning grunt-patch-wordpress > request > tough-cookie at 2.2.2: ReDoS
vulnerability parsing Set-Cookie https://nodesecurity.io/advisories/130
--
Ticket URL: <https://core.trac.wordpress.org/ticket/38199#comment:4>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list