vue-cli-plugin-electron-builder icon indicating copy to clipboard operation
vue-cli-plugin-electron-builder copied to clipboard

Published 20 hours ago verified publisher icon nklayman

glob-parent high security issue in webpack!

Open Leetcore opened this issue 2 years ago • 1 comments

Describe the bug glob-parent <5.1.2 Severity: high Regular expression denial of service in glob-parent - https://github.com/advisories/GHSA-ww39-953v-wcq6

To Reproduce Steps to reproduce the behavior:

  • Install plugin
  • shows security audit warning

Expected behavior Secure and updated dependencies.

Additional context node_modules/watchpack-chokidar2/node_modules/glob-parent chokidar 1.0.0-rc1 - 2.1.8 Depends on vulnerable versions of glob-parent node_modules/watchpack-chokidar2/node_modules/chokidar watchpack-chokidar2 * Depends on vulnerable versions of chokidar node_modules/watchpack-chokidar2 watchpack 1.7.2 - 1.7.5 Depends on vulnerable versions of watchpack-chokidar2 node_modules/vue-cli-plugin-electron-builder/node_modules/watchpack webpack 4.44.0 - 4.46.0 Depends on vulnerable versions of watchpack node_modules/vue-cli-plugin-electron-builder/node_modules/webpack

Leetcore avatar Apr 10 '22 10:04 Leetcore

+1

High Regular expression denial of service in glob-parent

Package glob-parent

Patched in >=5.1.2

Dependency of vue-cli-plugin-electron-builder [dev]

Path vue-cli-plugin-electron-builder > webpack > watchpack > watchpack-chokidar2 > chokidar > glob-parent

More info https://github.com/advisories/GHSA-ww39-953v-wcq6

NeluQi avatar Apr 11 '22 09:04 NeluQi