Upgrade minimatch to >=3.0.5

Browse Source

`<=3.0.4` is vulnerable but we only have it as a subdependency of dev dependencies.
https://nvd.nist.gov/vuln/detail/CVE-2022-3517.

```
yarn why minimatch
yarn why v1.22.19
[1/4] Why do we have the module "minimatch"...?
[2/4] Initialising dependency graph...
[3/4] Finding dependency...
[4/4] Calculating file sizes...
=> Found "minimatch@3.0.4"
info Has been hoisted to "minimatch"
info Reasons this module exists
   - Hoisted from "eslint#minimatch"
   - Hoisted from "tslint#minimatch"
   - Hoisted from "eslint#@eslint#eslintrc#minimatch"
   - Hoisted from "eslint#@humanwhocodes#config-array#minimatch"
   - Hoisted from "mocha#glob#minimatch"
info Disk size without dependencies: "44KB"
info Disk size with unique dependencies: "64KB"
info Disk size with transitive dependencies: "124KB"
info Number of shared dependencies: 1
=> Found "mocha#minimatch@4.2.1"
info This module exists because "mocha" depends on it.
info Disk size without dependencies: "44KB"
info Disk size with unique dependencies: "64KB"
info Disk size with transitive dependencies: "124KB"
info Number of shared dependencies: 1
Done in 0.21s.
yarn upgrade --recursive "minimatch@>=3.0.5"
```

and afterwards:

```
yarn why minimatch                                                                                                             ✔  2m 11s   16.15.0 
yarn why v1.22.19
[1/4] Why do we have the module "minimatch"...?
[2/4] Initialising dependency graph...
[3/4] Finding dependency...
[4/4] Calculating file sizes...
=> Found "minimatch@3.1.2"
info Has been hoisted to "minimatch"
info Reasons this module exists
   - Hoisted from "eslint#minimatch"
   - Hoisted from "tslint#minimatch"
   - Hoisted from "glob#minimatch"
   - Hoisted from "eslint#@eslint#eslintrc#minimatch"
   - Hoisted from "eslint#@humanwhocodes#config-array#minimatch"
info Disk size without dependencies: "44KB"
info Disk size with unique dependencies: "64KB"
info Disk size with transitive dependencies: "124KB"
info Number of shared dependencies: 1
=> Found "mocha#minimatch@4.2.1"
info This module exists because "mocha" depends on it.
info Disk size without dependencies: "44KB"
info Disk size with unique dependencies: "64KB"
info Disk size with transitive dependencies: "124KB"
info Number of shared dependencies: 1
=> Found "mocha#glob#minimatch@3.1.2"
info This module exists because "mocha#glob" depends on it.
info Disk size without dependencies: "44KB"
info Disk size with unique dependencies: "64KB"
info Disk size with transitive dependencies: "124KB"
info Number of shared dependencies: 1
Done in 0.23s.
```

...

This commit is contained in:

gnuxie 2022-11-15 11:29:03 +00:00

parent fb52e3dcb2

commit 50df88a3ec

1 changed files with 496 additions and 435 deletions

Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL

Show Stats Download Patch File Download Diff File Expand all files Collapse all files

931

yarn.lock

View File

File diff suppressed because it is too large Load Diff