Return-Path: X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183]) by cust-asf2.ponee.io (Postfix) with ESMTP id 2CE51200B5B for ; Fri, 5 Aug 2016 20:03:18 +0200 (CEST) Received: by cust-asf.ponee.io (Postfix) id 26AFB160A8E; Fri, 5 Aug 2016 18:03:18 +0000 (UTC) Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by cust-asf.ponee.io (Postfix) with SMTP id 6DB39160A64 for ; Fri, 5 Aug 2016 20:03:17 +0200 (CEST) Received: (qmail 47775 invoked by uid 500); 5 Aug 2016 18:03:16 -0000 Mailing-List: contact dev-help@cordova.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@cordova.apache.org Delivered-To: mailing list dev@cordova.apache.org Received: (qmail 47763 invoked by uid 99); 5 Aug 2016 18:03:16 -0000 Received: from git1-us-west.apache.org (HELO git1-us-west.apache.org) (140.211.11.23) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 05 Aug 2016 18:03:16 +0000 Received: by git1-us-west.apache.org (ASF Mail Server at git1-us-west.apache.org, from userid 33) id 3532EEC22C; Fri, 5 Aug 2016 18:03:16 +0000 (UTC) From: paulmillr To: dev@cordova.apache.org Reply-To: dev@cordova.apache.org Message-ID: Subject: [GitHub] cordova-js pull request #135: SECURITY ISSUE: Resolve minimatch DDOS issue. Content-Type: text/plain Date: Fri, 5 Aug 2016 18:03:16 +0000 (UTC) archived-at: Fri, 05 Aug 2016 18:03:18 -0000 GitHub user paulmillr opened a pull request: https://github.com/apache/cordova-js/pull/135 SECURITY ISSUE: Resolve minimatch DDOS issue. `browserify@10.1.3` depends on `glob@4.5.3`; which depends on `minimatch@2.0.10`. Every installation of the minimatch outputs this to every user machine: >npm WARN deprecated minimatch@2.0.10: Please update to minimatch 3.0.2 or higher to avoid a RegExp DoS issue And this is still a RegExp DoS issue. You can merge this pull request into a Git repository by running: $ git pull https://github.com/paulmillr/cordova-js patch-1 Alternatively you can review and apply these changes as the patch at: https://github.com/apache/cordova-js/pull/135.patch To close this pull request, make a commit to your master/trunk branch with (at least) the following in the commit message: This closes #135 ---- commit b9af9495dc6aeed0ca55a853d7ac925dc025e6dd Author: Paul Miller Date: 2016-08-05T18:02:01Z SECURITY ISSUE: Resolve minimatch DDOS issue. `browserify@10.1.3` depends on `glob@4.5.3`; which depends on `minimatch@2.0.10`. Every installation of the minimatch outputs this to every user machine: >npm WARN deprecated minimatch@2.0.10: Please update to minimatch 3.0.2 or higher to avoid a RegExp DoS issue And this is still a RegExp DoS issue. ---- --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastructure@apache.org or file a JIRA ticket with INFRA. --- --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscribe@cordova.apache.org For additional commands, e-mail: dev-help@cordova.apache.org