You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Hi, a vulnerability CVE-2020-28469 is introduced in pri via:
● pri@4.3.10 ➔ gulp-watch@5.0.1 ➔ glob-parent@3.1.0
However, gulp-watch is a legacy package, which has not been maintained for about 3 years.
Is it possible to migrate gulp-watch to other package to remediate this vulnerability?
I noticed several migration records in other js repo for gulp-watch:
in babel, version 2.10.1 ➔ 3.0.0, replace gulp-watch by gulp.watch via commit
in whoisaurel/blendid-accessibility, replaces gulp-watch by gulp's watch via commit
Are there any efforts planned that would remediate this vulnerability or migrate gulp-watch?
Thanks.
The text was updated successfully, but these errors were encountered:
Hi, a vulnerability CVE-2020-28469 is introduced in pri via:
● pri@4.3.10 ➔ gulp-watch@5.0.1 ➔ glob-parent@3.1.0
However, gulp-watch is a legacy package, which has not been maintained for about 3 years.
Is it possible to migrate gulp-watch to other package to remediate this vulnerability?
I noticed several migration records in other js repo for gulp-watch:
Are there any efforts planned that would remediate this vulnerability or migrate gulp-watch?
Thanks.
The text was updated successfully, but these errors were encountered: