glob-parent before 6.0.1 vulnerable to Regular Expression Denial of Service (ReDoS) npm audit error #1748

Waujito · 2022-07-19T10:20:06Z

Today i got glob-parent error on npm audit fix.

# npm audit report

glob-parent  <6.0.1
Severity: moderate
glob-parent before 6.0.1 vulnerable to Regular Expression Denial of Service (ReDoS) - https://github.com/advisories/GHSA-cj88-88mr-972w
fix available via `npm audit fix --force`
Will install sass@1.5.1, which is a breaking change
node_modules/chokidar/node_modules/glob-parent
  chokidar  >=1.0.0-rc1
  Depends on vulnerable versions of glob-parent
  node_modules/chokidar
    sass  >=1.6.0
    Depends on vulnerable versions of chokidar
    node_modules/sass

3 moderate severity vulnerabilities

Is this error important?
npm audit fix --force downgrades sass package to version 1.5.1

The text was updated successfully, but these errors were encountered:

nex3 · 2022-08-02T20:48:27Z

This is apparently an incorrect report: paulmillr/chokidar#1191. In any case, we can't do anything about it unless Chokidar does, since we only depend on this transitively through Chokidar.

nex3 closed this as not planned Won't fix, can't repro, duplicate, stale Aug 2, 2022

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

glob-parent before 6.0.1 vulnerable to Regular Expression Denial of Service (ReDoS) npm audit error #1748

glob-parent before 6.0.1 vulnerable to Regular Expression Denial of Service (ReDoS) npm audit error #1748

Waujito commented Jul 19, 2022 •

edited

nex3 commented Aug 2, 2022 •

edited

glob-parent before 6.0.1 vulnerable to Regular Expression Denial of Service (ReDoS) npm audit error #1748

glob-parent before 6.0.1 vulnerable to Regular Expression Denial of Service (ReDoS) npm audit error #1748

Comments

Waujito commented Jul 19, 2022 • edited

nex3 commented Aug 2, 2022 • edited

Waujito commented Jul 19, 2022 •

edited

nex3 commented Aug 2, 2022 •

edited