The minimatch NPM module has been patched due to a regular expression denial of service:
istanbul uses the fileset module which depends on minimatchfileset here: https://github.com/mklabs/node-fileset/pull/25Once this is merged and a new release of fileset is released then a pull request can be created
Fileset 2.0.2 has now been released with this minimatch dependency update:
https://github.com/mklabs/node-fileset/compare/v1.0.1...v2.0.2
Any updates here?
Hi, is there any news on this?
Bump.
I've not had time to take a look and it is not a simple update since one of the tests fail and I need to figure out why. Will get to it soon,
fileset has always ignored node_modules https://github.com/mklabs/node-fileset/commit/c6593c09d6b998882ddf6232480a43c03f3a1a91
So this testcase failed.
+1
Looks, like there is an overall solution: #673
Most helpful comment
I've not had time to take a look and it is not a simple update since one of the tests fail and I need to figure out why. Will get to it soon,