#376 - Fix security vulnerability in glob-parent #377

pgillislb · 2023-01-05T20:53:42Z

Update the version of glob-parent to resolve security vulnerability

There are no functional changes here, just a dependency update

Change version of glob-parent to 6.0.2 for a security vulnerability Closes mrmlnc#376

alexgleason · 2023-01-10T19:48:35Z

@mrmlnc Plz merge this, copy-webpack-plugin depends on it so multiple steps are needed to get this out of our vulnerability reports.

nutkur · 2023-01-12T18:20:31Z

Thank you @alexgleason and @pgillislb for this PR. @mrmlnc can we get this merged sooner? The vulnerability reports are blocking our release

johndiiorio · 2023-01-12T23:22:10Z

@pgillislb @alexgleason @nutkur glob-parent@5.1.2 is not vulnerable, see #368. This should not be merged.

alexgleason · 2023-01-12T23:32:00Z

@johndiiorio Thank you. That was enlightening!

mrmlnc · 2023-01-13T06:20:50Z

I do not plan to merge this PR, as it is not a real vulnerability, but a problem in yet another security scanner.

This dependency will be updated in the next major version of the package (#371).

Peter Gillis added 2 commits January 5, 2023 15:37

chore: Change glob-parent version to 6.0.2

928c22a

Change version of glob-parent to 6.0.2 for a security vulnerability Closes mrmlnc#376

Add carot to dependency

6695e70

mrmlnc closed this Jan 13, 2023

mrmlnc mentioned this pull request Jan 13, 2023

Security vulnerability in dependency glob-parent@5.1.2 #376

Closed

Provide feedback