cz-cli icon indicating copy to clipboard operation
cz-cli copied to clipboard
verified publisher icon commitizen

Outdated `glob` dependency

Open nbouvrette opened this issue 4 months ago • 2 comments

I noticed this old-ish PR: https://github.com/commitizen/cz-cli/pull/997

Would it be possible to at least update to version 9 and ideally update to the latest version and fix the test? Right now when we install a package that include commitizen we get the following errors:

npm warn deprecated [email protected]: This module is not supported, and leaks memory. Do not use it. Check out lru-cache if you want a good and tested way to coalesce async requests by a key value, which is much more comprehensive and powerful.
npm warn deprecated [email protected]: Glob versions prior to v9 are no longer supported

When checking what uses inflight:

└─┬ [email protected]
  └─┬ [email protected]
    └── [email protected]

nbouvrette avatar Aug 08 '25 04:08 nbouvrette

Even more important now that the glob package has a high vulnerability: https://nvd.nist.gov/vuln/detail/CVE-2025-64756

IuryAlves avatar Nov 28 '25 08:11 IuryAlves

Is this project not being maintained anymore?

krishnabrq avatar Dec 08 '25 17:12 krishnabrq

Are there any updates?

hvargas-endpoint avatar Dec 10 '25 21:12 hvargas-endpoint