New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Update minimatch version #2952
Comments
(crickets) |
+1 |
1 similar comment
+1 |
Thanks for the report! There is a pull request available here: gh-2953. I can see that that many of you want this change; please have patience as |
gh-2953 is now merged. I'd like to get a few more bug fixes in for the next |
Should I be able to get the new version? Built a new PC last evening, can't get cordova working at all. I get this warning (tried updating "npm update -g minimatch@3.0.2" but that didn't work. I have uninstalled/reinstalled NPM and node. When I try to install cordova, I get the minimatch error, and then a bunch of garbage for the install results. It then will not let me use cordova commands: PM> npm update -g minimatch@3.0.2
npm package.json C:\Users\afriedman\AppData\Roaming\npm\cordova -> C:\Users\afriedman\AppData\Roaming\npm\node_modules\cordova\bin\cordova PM> cordova create testapp com.test.testapp testapp
PM> Trying to get to the bottom of this, hoping maybe this is the cause? I don't honestly think it's a cordova issue, but could be wrong. |
@afried101 please refer to my previous comment--this is not yet published to npm. I am surprised that a warning is causing your build to fail, though. That wasn't my understanding of how deprecation works in npm. Locally, I am still able to install JSHint without error (via |
npm WARN deprecated minimatch@2.0.10: Please update to minimatch 3.0.2 or higher to avoid a RegExp DoS issue what should i do??? any suggestion |
I would like to help, but this is not enough information. Besides the message |
Mike, my issue was not NPM/Node/Minimatch. I don't know what it was - the project was on a server - all that changed was a fresh VS15 install... But, I created a new project through the IDE instead of NPM, and I have my cordova command back in npm and all is well. Can't say what fixed it other than "create a new project through the IDE." |
Node Built output today - with latest version of repo... npm WARN deprecated minimatch@2.0.10: Please update to minimatch 3.0.2 or higher to avoid a RegExp DoS issue |
tq CarolinaKadix it worked perfectly. no issues till now |
Thank you so much CarolinaKadix, you helped me a lot, I use Ubuntu Mate and your tip leaded me to solve this problem. |
I just started to take the same errors and my cordova doesn't build anymore even I tried to re-install. I tried the @CarolinaKadix method with my Mac with "sudo" prefix hence, it all went the same till getting the same error with the screenshot below. Any opinion?? Update: I deleted all the "node_modules" files and uninstalled the npm & node 0.o then re-installed them hence still the same issue continues and it says it's a path problem even I fixed permissions issues again with npm. |
Having the same exact issue at @erhanyasar |
npm install -g minimatch@3.0.2 |
@pixelcanvas that hasn't worked either |
Yes already mentioned not working the same way 😕 |
I talked with npm on twitter and they replied it will be updated by today. Anyway today again I uninstalled both "node" and "npm" from both terminal and the folders on "usr/local/lib" & "usr/local/include" and users. Then tried "severe uninstall" incase. And tried to install node and npm again with mini match updated. Then it worked even says the same error once but it loads. @pixelcanvas @Landing-eagle hope you try and & succeed the same. |
@erhanyasar Actually it worked for me :-) |
he installed mini match in directory npm \ npm-modules \ minimatch \ they just need the file transferred direct to match npm\ |
@jugglinmike the minimatch version in cli has a security issue. If possible please upgrade cli to a current version- that will also upgrade minimatch imho. |
This patch updates all outdated development dependencies, but does not upgrade the two outdated production dependencies. - swagger-client, which is currently pinned at 2.1.17 due to a breaking change that is difficult to address (see #47 for details). - bluebird, which currently has a major version upgrade available that includes breaking changes. See http://bluebirdjs.com/docs/new-in-bluebird-3.html for details. These are workable changes for node-ari-client, but we expose bluebird Promises on our public API, so updating this would require a major version bump. For changes in the development dependencies, see the following changelog entries: - grunt: http://gruntjs.com/blog/2016-04-04-grunt-1.0.0-released - async: https://github.com/caolan/async/blob/master/CHANGELOG.md - mocha: https://github.com/mochajs/mocha/blob/master/CHANGELOG.md - mustache: https://github.com/janl/mustache.js/blob/master/CHANGELOG.md - portfinder: http-party/node-portfinder#20 No details regarding the major version bump of hock could be found. There are still some npm install warnings even after updating these dependencies: - jshint is throwing a warning about minimatch needing an upgrade. The fix for this is already in the jshint master branch, but no npm version has been cut for it yet. For additional details, see jshint/jshint#2952 - jsdoc is throwing warnings about minimatch needing an upgrade, wrench being completely deprecated in favor of another library, and the marked package not being meant to be installed as a dep. Upon investigation, it seems that the jsdoc package has actually been abandoned, so we need to start thinking about migrating away from it. Ticket #55 has been opened to investigate this. - grunt has a warning about coffee-script not being meant to be installed as a dep. This isn't really worth looking into, as we are gradually moving away from grunt anyway.
This patch updates all outdated development dependencies, but does not upgrade the two outdated production dependencies. - swagger-client, which is currently pinned at 2.1.17 due to a breaking change that is difficult to address (see #47 for details). - bluebird, which currently has a major version upgrade available that includes breaking changes. See http://bluebirdjs.com/docs/new-in-bluebird-3.html for details. These are workable changes for node-ari-client, but we expose bluebird Promises on our public API, so updating this would require a major version bump. For changes in the development dependencies, see the following changelog entries: - grunt: http://gruntjs.com/blog/2016-04-04-grunt-1.0.0-released - async: https://github.com/caolan/async/blob/master/CHANGELOG.md - mocha: https://github.com/mochajs/mocha/blob/master/CHANGELOG.md - mustache: https://github.com/janl/mustache.js/blob/master/CHANGELOG.md - portfinder: http-party/node-portfinder#20 No details regarding the major version bump of hock could be found, but it had a substantial change to its public api. Namely, it does not handle any of the actual http server stuff for you anymore. Changes are included in this PR to adapt the tests to this new api. There are still some npm install warnings even after updating these dependencies: - jshint is throwing a warning about minimatch needing an upgrade. The fix for this is already in the jshint master branch, but no npm version has been cut for it yet. For additional details, see jshint/jshint#2952 - jsdoc is throwing warnings about minimatch needing an upgrade, wrench being completely deprecated in favor of another library, and the marked package not being meant to be installed as a dep. Upon investigation, it seems that the jsdoc package has actually been abandoned, so we need to start thinking about migrating away from it. Ticket #55 has been opened to investigate this. - grunt has a warning about coffee-script not being meant to be installed as a dep. This isn't really worth looking into, as we are gradually moving away from grunt anyway.
We just released JSHint version 2.9.3, which contains an updated version of the "minimatch" library. |
I still have this issue after a clean installation. Any recommendations? Thanks in advance. |
Hi, @slashkite |
@CarolinaKadix thanks for the info. i have minimatch on 3.0.3 and grunt-sync 0.6.2 generally. When installing sails globally, it takes grunt-sync 0.5.2, which uses minimatch 2.0.10. ├─┬ grunt-sync@0.5.2 Am I doing something wrong? |
It's so weird that I have that warning
|
@tkhuynh Do note that |
@kenany any suggestion to bypass that warning? |
I think it's because of the old fileset version |
@slashkite any ways to update it?
|
@tkhuynh Installing |
same with me, doesnt fix at all |
npm install -g minimatch@latest |
Thanks CarolinaKadix it worked perfectly |
Could you please update your package to use the latest version of
minimatch
?The version currently used by
jshint
is throwing deprecation warnings:The text was updated successfully, but these errors were encountered: