Consider alternative glob library

[jenkoian]

This package depends on glob-all which (although not officially) appears to be abandoned. This is a concern as some of it's dependencies (well dependency of dependencies) now have open vulnerabilities (which leads to failed builds etc.).

I'm wondering if you'd consider alternative globbing libraries that are a bit more maintained. From a quick look, something like https://github.com/isaacs/node-glob might be a good fit as the API seems very similar, if not identical.

Happy to provide a PR if happy with that library, but don't want to waste my efforts if of no interest.

Thanks!

[brittag]

@jenkoian I know this issue is four years old, but thank you for filing it! I'd also like to encourage considering an alternative globbing library. My team is required to run Snyk vulnerability scanning on our dependencies, and it highlights the following series of dependencies:

[email protected] › [email protected] › [email protected] › [email protected]

Inflight (https://www.npmjs.com/package/inflight) brings up a vulnerability finding in Snyk (https://security.snyk.io/vuln/SNYK-JS-INFLIGHT-6095116) and is also deprecated:

This package has been deprecated

This module is not supported, and leaks memory. Do not use it. Check out lru-cache if you want a good and tested way to coalesce async requests by a key value, which is much more comprehensive and powerful.