mochapack
mochapack copied to clipboard
Published
20 hours ago •
sysgears
sysgears
Vulnerability warning in glob-parent
- [x] I'd be willing to submit the fix
Describe the bug
An NPM vulnerability advisory is shown with glob-parent, a dependency of mochapack. Bumping it to ^5.1.2 or at least ~5.1.0 could remove the warning.
┌──────────────────────────────────────────────────────────────────────────────┐
│ Manual Review │
│ Some vulnerabilities require your attention to resolve │
│ │
│ Visit https://go.npm.me/audit-guide for additional guidance │
└──────────────────────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ Moderate │ Regular expression denial of service │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ glob-parent │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in │ >=5.1.2 │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ mochapack │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ mochapack > glob-parent │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://npmjs.com/advisories/1751 │
└───────────────┴──────────────────────────────────────────────────────────────┘
To Reproduce
- Install
[email protected]as a dependency of any project - Run
npm audit
Environment if relevant (please complete the following information):
- Ubuntu 20.04
- Node 12.13.0
- npm 6.14.6
- Webpack 4.42.1
- Mochapack 2.1.2
