fast-glob Update glob-parent to 6.0.1

Update glob-parent to 6.0.1

Open martijnversluis opened this issue 3 years ago • 6 comments

What is the purpose of this pull request?

Solving CVE-2021-35065 (https://github.com/advisories/GHSA-cj88-88mr-972w)

What changes did you make? (Give an overview)

Updating glob-parent to 6.0.1

Jul 18 '22 19:07 martijnversluis

Fixes #368.

Jul 19 '22 01:07 Kurt-von-Laven

LGTM :rocket:

Jul 19 '22 08:07 sawilde

JFYI: https://github.com/mrmlnc/fast-glob/pull/331#issuecomment-1005202259 and below.

Jul 19 '22 09:07 mrmlnc

This is useless, it does not fix anything. There is no vulnerability in glob-parent 5.1.2. https://github.com/advisories/GHSA-cj88-88mr-972w is wrong, see https://snyk.io/vuln/npm:glob-parent
This would break your support for nodejs v8.

Jul 19 '22 11:07 paulmillr

The alert is false, report this to GitHub: https://github.com/github/advisory-database/pull/531

Jul 19 '22 11:07 paulmillr

Another solution for that is using npm-force-resolutions, so you need to run npm install npm-force-resolutions, then you need to add "preinstall": "node_modules/.bin/npm-force-resolutions" into package.json scripts, and then add this below

"resolutions": {
    "glob-parent": "^6.0.1"
  },

and run npm install again

Jul 19 '22 13:07 nicososadmi

fast-glob fast-glob copied to clipboard

Update glob-parent to 6.0.1

What is the purpose of this pull request?

What changes did you make? (Give an overview)

fast-glob
fast-glob copied to clipboard