lodash and minimatch vulnerabilities

[ChadRidings]

Dependencies need to be updated (grunt-assemble": "^0.6.3)
See the following when running an audit...

High: Regular Expression Denial of Service
Package: minimatch
Patched in: >=3.0.2
Dependency of: grunt-assemble [dev]
Paths:

• grunt-assemble
• gray-matter > fs-utils > globule > glob > minimatch
• grunt-assemble > gray-matter > fs-utils > globule > minimatch
• grunt-assemble > resolve-dep > cwd > findup-sync > glob > minimatch
• grunt-assemble > resolve-dep > globby > glob > minimatch

Low: Prototype Pollution
Package: lodash
Patched in: >=4.17.5
Dependency of: grunt-assemble [dev]
Paths:

• grunt-assemble
• gray-matter > delims > lodash
• grunt-assemble > gray-matter > fs-utils > globule > lodash
• grunt-assemble > gray-matter > fs-utils > lodash
• grunt-assemble > gray-matter > lodash
• grunt-assemble > lodash
• grunt-assemble > resolve-dep > cwd > findup-sync > lodash

[assemblebot]

@ChadRidings Thanks for the issue! If you're reporting a bug, please be sure to include:

• The version of assemble you are using.
• Your assemblefile.js (This can be in a gist)
• The commandline output. (Screenshot or gist is fine)
• What you expected to happen instead.

[therealshark]

Is this project dead? Those dependencies with security issues are unfixed since two years.

[olegmeglin]

I would be interested in that too. Currently grunt-assemble has 30+ vulnerabilities. Will this be fixed one happy day?

[dprensha]

Bumping this thread. Currently running into lots of vulnerabilities with this library as well.