New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
braces: please read! #148
Comments
I was just about to come and close my issue as I realised this but you beat me to it! Thanks for the explanation and apologies for the spam issue 👍 |
Lol, I think I've closed at least 20 braces issues in the past week. No worries, I know no one is doing it intentionally. |
And if you were wondering why, that's because no one did explained CLEAR what we should do to fix that. I will use semver, ok, thanks... But I had just added it through npm add received the same error .... |
Hi, Greetings! Dependency on insecure version of braces. I am currently learning the electron and when i used the "npm install" command to install packages. I think electron is using use "check-for-leaks" and dependencies of packages is show below: check-for-leaks > anymatch > micromatch > braces So, request to update the micromatch dependency on braces version 1.8.5 to braces version >= 2.3.1. for more info https://nodesecurity.io/advisories/786 If anyone have idea about the resolution of the issue with "check-for-leaks" with electron then please guide. |
@jonschlinkert Sorry to hear you are getting bombarded about the issue with braces. You mention
What is your best practice for patching root libraries? I tried to use |
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
@G-Rath the way you solve this issue is not to try to backport breaking changes (as indicated by the semver major increase) into an older semver version, because that isn't possible when following semver. You need to update the effected library that is using outdated dependencies, remove it from your dependency chain, or (my recommended solution) don't just blindly try to remove npm audit reports because the braces issue doesn't effect development tooling. |
This comment has been minimized.
This comment has been minimized.
…nd resolve braces CVE report in cli-node-scan
…nd resolve braces CVE report in cli-node-scan (#209)
Do not create issues related to braces
TLDR; Delete all lock files, then reinstall. This was fixed a long time ago. If you're still not sure what to do, please don't comment here, you will find more information and support by searching Google and StackOverflow.
braces
was fixed ages ago, within a day or two of the report being createdMore info here
The text was updated successfully, but these errors were encountered: