Update minimatch version

[adamreisnz]

Could you please update your package to use the latest version of minimatch?
The version currently used by jshint is throwing deprecation warnings:

npm WARN deprecated minimatch@2.0.10: Please update to minimatch 3.0.2 or higher to avoid a RegExp DoS issue

[SOSANA]

(crickets)

[scottjason]

+1

[biancama]

+1

[jugglinmike]

Thanks for the report! There is a pull request available here: gh-2953.

I can see that that many of you want this change; please have patience as
responsibly updating dependencies requires careful review of change logs.

[jugglinmike]

gh-2953 is now merged. I'd like to get a few more bug fixes in for the next
patch release, but this should be available on npm within the week.

[afried101]

Should I be able to get the new version? Built a new PC last evening, can't get cordova working at all. I get this warning (tried updating "npm update -g minimatch@3.0.2" but that didn't work. I have uninstalled/reinstalled NPM and node. When I try to install cordova, I get the minimatch error, and then a bunch of garbage for the install results. It then will not let me use cordova commands:

PM> npm update -g minimatch@3.0.2
PM> npm install -g cordova
npm : npm WARN deprecated minimatch@2.0.10: Please update to minimatch 3.0.2 or higher to avoid a RegExp DoS issue
At line:1 char:1

• npm install -g cordova

• - CategoryInfo          : NotSpecified: (npm WARN deprec...egExp DoS issue:String) [], RemoteException
  - FullyQualifiedErrorId : NativeCommandError
  
  

npm
WARN

package.json
glob@7.0.4 No README data

C:\Users\afriedman\AppData\Roaming\npm\cordova -> C:\Users\afriedman\AppData\Roaming\npm\node_modules\cordova\bin\cordova
cordova@6.2.0 C:\Users\afriedman\AppData\Roaming\npm\node_modules\cordova
Γö£ΓöÇΓöÇ underscore@1.7.0
Γö£ΓöÇΓöÇ q@1.0.1
Γö£ΓöÇΓöÇ nopt@3.0.1 (abbrev@1.0.9)
Γö£ΓöÇΓöÇ update-notifier@0.5.0 (is-npm@1.0.0, string-length@1.0.1, chalk@1.1.3, semver-diff@2.1.0, repeating@1.1.3, configstore@1.4.0, latest-version@1.0.1)
Γö£ΓöÇΓöÇ insight@0.8.2 (object-assign@4.1.0, lodash.debounce@3.1.1, node-uuid@1.4.7, chalk@1.1.3, async@1.5.2, os-name@1.0.3, configstore@1.4.0, tough-cookie@2.2.2, request@2.72.0, inquirer@0.10.1)
Γö£ΓöÇΓöÇ cordova-common@1.3.0 (cordova-registry-mapper@1.1.15, ansi@0.3.1, semver@5.2.0, osenv@0.1.3, underscore@1.8.3, q@1.4.1, unorm@1.4.1, minimatch@3.0.2, glob@5.0.15, shelljs@0.5.3, bplist-parser@0.1.1, elementtree@0.1.6, plist@1.2.0)
ΓööΓöÇΓöÇ cordova-lib@6.2.0 (valid-identifier@0.0.1, opener@1.4.1, cordova-registry-mapper@1.1.15, properties-parser@0.2.3, nopt@3.0.6, unorm@1.3.3, shelljs@0.3.0, semver@4.3.6, dep-graph@1.1.0, glob@5.0.15, init-package-json@1.9.4, xcode@0.8.8, elementtree@0.1.6, cordova-serve@1.0.0, request@2.47.0, tar@1.0.2, cordova-fetch@1.0.0, aliasify@1.9.0, plist@1.2.0, cordova-js@4.1.4, cordova-app-hello-world@3.10.0, npm@2.15.8)

PM> cordova create testapp com.test.testapp testapp
cordova : The term 'cordova' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct
and try again.
At line:1 char:1

• cordova create testapp com.test.testapp testapp

• - CategoryInfo          : ObjectNotFound: (cordova:String) [], CommandNotFoundException
  - FullyQualifiedErrorId : CommandNotFoundException
  
  

PM>

Trying to get to the bottom of this, hoping maybe this is the cause? I don't honestly think it's a cordova issue, but could be wrong.

[jugglinmike]

@afried101 please refer to my previous comment--this is not yet published to npm.

I am surprised that a warning is causing your build to fail, though. That wasn't my understanding of how deprecation works in npm. Locally, I am still able to install JSHint without error (via npm install jshint, using Node 6.2.0 and npm 3.8.9

[razn12]

npm WARN deprecated minimatch@2.0.10: Please update to minimatch 3.0.2 or higher to avoid a RegExp DoS issue

what should i do??? any suggestion

[jugglinmike]

I would like to help, but this is not enough information. Besides the message
printed to the terminal, can you please explain the effect this is having on
your work flow? Also please include the version of Node.js and npm you are
using.

[afried101]

Mike, my issue was not NPM/Node/Minimatch. I don't know what it was - the project was on a server - all that changed was a fresh VS15 install... But, I created a new project through the IDE instead of NPM, and I have my cordova command back in npm and all is well. Can't say what fixed it other than "create a new project through the IDE."

[francoaban]

show next link
https://github.com/ashleygwilliams/npm-sandbox/tree/master/npm3/example1

[codeuniquely]

Node Built output today - with latest version of repo...

npm WARN deprecated minimatch@2.0.10: Please update to minimatch 3.0.2 or higher to avoid a RegExp DoS issue

[CarolinaKadix]

try this

[ramsaikumar]

tq CarolinaKadix it worked perfectly. no issues till now

[caiodev]

Thank you so much CarolinaKadix, you helped me a lot, I use Ubuntu Mate and your tip leaded me to solve this problem.

[erhanyasar]

I just started to take the same errors and my cordova doesn't build anymore even I tried to re-install. I tried the @CarolinaKadix method with my Mac with "sudo" prefix hence, it all went the same till getting the same error with the screenshot below. Any opinion??

Update: I deleted all the "node_modules" files and uninstalled the npm & node 0.o then re-installed them hence still the same issue continues and it says it's a path problem even I fixed permissions issues again with npm.

[adh148]

Having the same exact issue at @erhanyasar

[pixelcanvas]

npm install -g minimatch@3.0.2

[adh148]

@pixelcanvas that hasn't worked either

[erhanyasar]

Yes already mentioned not working the same way 😕

[erhanyasar]

I talked with npm on twitter and they replied it will be updated by today. Anyway today again I uninstalled both "node" and "npm" from both terminal and the folders on "usr/local/lib" & "usr/local/include" and users. Then tried "severe uninstall" incase. And tried to install node and npm again with mini match updated. Then it worked even says the same error once but it loads. @pixelcanvas @Landing-eagle hope you try and & succeed the same.

[pixelcanvas]

@erhanyasar Actually it worked for me :-)

[NormanID]

he installed mini match in directory npm \ npm-modules \ minimatch \ they just need the file transferred direct to match npm\

[andig]

can you please explain the effect this is having on your work flow?

@jugglinmike the minimatch version in cli has a security issue. If possible please upgrade cli to a current version- that will also upgrade minimatch imho.

[jugglinmike]

We just released JSHint version 2.9.3, which contains an updated version of the "minimatch" library.

[slashkite]

I still have this issue after a clean installation. Any recommendations? Thanks in advance.

[CarolinaKadix]

Hi, @slashkite
Did you clean it, did a fresh install, and updated the minimatch for example?

[slashkite]

@CarolinaKadix thanks for the info.

i have minimatch on 3.0.3 and grunt-sync 0.6.2 generally.

When installing sails globally, it takes grunt-sync 0.5.2, which uses minimatch 2.0.10.

├─┬ grunt-sync@0.5.2
│ ├─┬ glob@4.5.3
│ │ └── minimatch@2.0.10
│ ├── md5-file@2.0.7
│ └── promised-io@0.3.3

Am I doing something wrong?

[tkhuynh]

It's so weird that I have that warning
npm WARN deprecated minimatch@2.0.10: Please update to minimatch 3.0.2 or higher to avoid a RegExp DoS issue /usr/local/bin/ng -> /usr/local/lib/node_modules/angular-cli/bin/ng
Even though
➜ ~ npm -v minimatch
4.1.1

/usr/local/lib
├─┬ angular-cli@1.0.0-beta.25.5
│ ├── minimatch@3.0.3 
│ ├─┬ remap-istanbul@0.6.4
│ │ └─┬ istanbul@0.4.3
│ │   └─┬ fileset@0.2.1
│ │     └── minimatch@2.0.10 
│ └─┬ webpack-dev-server@2.2.0-rc.0
│   └─┬ chokidar@1.6.1
│     └─┬ fsevents@1.0.17
│       └─┬ node-pre-gyp@0.6.32
│         └─┬ rimraf@2.5.4
│           └─┬ glob@7.1.1
│             └── minimatch@3.0.3 

[kenany]

@tkhuynh Do note that npm -v minimatch will print the version of npm you have installed.

[tkhuynh]

@kenany any suggestion to bypass that warning?

[slashkite]

I think it's because of the old fileset version

[tkhuynh]

@slashkite any ways to update it?
I even did this before I install angular-cli, I still get that warning

sudo npm install -g minimatch@3.0.2
/usr/local/lib
└── minimatch@3.0.2 

[kenany]

@tkhuynh Installing minimatch globally won't help. You gotta get fileset's dependency on minimatch updated and then ensure that it gets propagated up the dep tree.

[consistime]

same with me, doesnt fix at all

[NormanID]

npm install -g minimatch@latest

[fmarrot]

Thanks CarolinaKadix it worked perfectly