a vulnerability CVE-2020-28469 is introduced in pri

Hi, a vulnerability CVE-2020-28469 is introduced in pri via:
●  pri@4.3.10 ➔ gulp-watch@5.0.1 ➔ glob-parent@3.1.0

However, **gulp-watch** is a legacy package, which has not been maintained for about 3 years.
Is it possible to migrate **gulp-watch** to other package to remediate this vulnerability?

I noticed several migration records in other js repo for **gulp-watch**:

1. in babel, version 2.10.1 ➔ 3.0.0, replace gulp-watch by gulp.watch via [commit](https://github.com/babel/babel/commit/e9ea523c5bd0d76c5966489f8923695ef619adbf) 
2. in whoisaurel/blendid-accessibility, replaces gulp-watch by  gulp's watch via [commit](https://github.com/Delta-CI/babel/commit/e9ea523c5bd0d76c5966489f8923695ef619adbf) 

Are there any efforts planned that would remediate this vulnerability or migrate **gulp-watch**?

Thanks.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

a vulnerability CVE-2020-28469 is introduced in pri #144

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

a vulnerability CVE-2020-28469 is introduced in pri #144

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions