High vulnerability in dependency package vinyl-fs > glob-stream > glob-parent #684
Comments
|
If you run npm v8.3+, you can add an override to package.json until it is fixed: "overrides": {
"glob-parent": "^5.1.2"
} |
|
Hi maintainers, any chance of an update on this? |
|
@chidg I have limited bandwidth atm, would you be available to make a PR? |
|
I've spent about an hour trying to debug this and couldn't find why the test fail. It looks like the files are not being parsed for some obscure reason. |
|
Same experience I had! |
|
Spent well over an hour debugging; turned out glob-stream, used by vinyl-fs, only scans from the current directory and upwards, thus not finding temporary files created by Broccoli and in turn not creating translation files. This all should be solved in #930. |
|
This should be fixed as of |
π Bug Report
High vulnerability found in package glob-parent
βββββββββββββββββ¬βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β high β glob-parent before 5.1.2 vulnerable to Regular Expression β
β β Denial of Service in enclosure regex β
βββββββββββββββββΌβββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€
β Package β glob-parent β
βββββββββββββββββΌβββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€
β Patched in β >=5.1.2 β
βββββββββββββββββΌβββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€
β Dependency of β i18next-parser β
βββββββββββββββββΌβββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€
β Path β i18next-parser > vinyl-fs > glob-stream > glob-parent β
βββββββββββββββββΌβββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€
β More info β https://www.npmjs.com/advisories/1081884 β
βββββββββββββββββ΄βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
To Reproduce
Expected behavior
No vulnerabilities found
Your Environment
The text was updated successfully, but these errors were encountered: