Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Vulnerability warning in glob-parent #107

Open
1 task done
Lucidiot opened this issue Jun 9, 2021 · 1 comment
Open
1 task done

Vulnerability warning in glob-parent #107

Lucidiot opened this issue Jun 9, 2021 · 1 comment
Labels
bug Something isn't working

Comments

@Lucidiot
Copy link

Lucidiot commented Jun 9, 2021

  • I'd be willing to submit the fix

Describe the bug

An NPM vulnerability advisory is shown with glob-parent, a dependency of mochapack. Bumping it to ^5.1.2 or at least ~5.1.0 could remove the warning.

┌──────────────────────────────────────────────────────────────────────────────┐
│                                Manual Review                                 │
│            Some vulnerabilities require your attention to resolve            │
│                                                                              │
│         Visit https://go.npm.me/audit-guide for additional guidance          │
└──────────────────────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ Moderate      │ Regular expression denial of service                         │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ glob-parent                                                  │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in    │ >=5.1.2                                                      │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ mochapack                                                    │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ mochapack > glob-parent                                      │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://npmjs.com/advisories/1751                            │
└───────────────┴──────────────────────────────────────────────────────────────┘

To Reproduce

  1. Install [email protected] as a dependency of any project
  2. Run npm audit

Environment if relevant (please complete the following information):

  • Ubuntu 20.04
  • Node 12.13.0
  • npm 6.14.6
  • Webpack 4.42.1
  • Mochapack 2.1.2
@Lucidiot Lucidiot added the bug Something isn't working label Jun 9, 2021
@bafolts bafolts mentioned this issue Jul 27, 2021
Closed
@karlpatrickespiritu
Copy link

+1

GiantVlad added a commit to GiantVlad/mochapack that referenced this issue Jan 15, 2022
@GiantVlad
Vulnerability warning in glob-parent fix.
6197942 
sysgears#107
@GiantVlad GiantVlad mentioned this issue Jan 15, 2022
Closed
GiantVlad added a commit to GiantVlad/mochapack that referenced this issue Jan 16, 2022
@GiantVlad
Vulnerability warning in glob-parent fix.
7f66cba 
sysgears#107
This was referenced Jan 22, 2022
Closed
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@karlpatrickespiritu @Lucidiot