Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update glob-parent dependency #1232

Closed
Nnanyielugo opened this issue Jul 19, 2022 · 3 comments
Closed

Update glob-parent dependency #1232

Nnanyielugo opened this issue Jul 19, 2022 · 3 comments

Comments

@Nnanyielugo
Copy link

Update glob-parent dependency

glob-parent before 6.0.1 is vulnerable to Regular Expression Denial of Service (ReDoS).

Versions (please complete the following information):

  • Chokidar version 3.5.3

Additional context
This issue gets caught by github actions package audit. chokidar currently uses glob-parent 5xx.
More here: https://snyk.io/vuln/npm:glob-parent
@ovideozn
Copy link

Why was this issue closed as soon as it was opened? We're having the same issue and npm audit fix is not able to find a fix for it

@Nnanyielugo
Copy link
Author

Because I saw this issue that directly references the problem: #1191. So it seems like the problem does not actually exist and should be an issue with the build tool @ovideozn

@Nnanyielugo
Copy link
Author

I can reopen if you think that would be useful.

Repository owner locked and limited conversation to collaborators Jul 19, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@ovideozn @Nnanyielugo