FOSJsRoutingBundle icon indicating copy to clipboard operation
FOSJsRoutingBundle copied to clipboard
verified publisher icon FriendsOfSymfony

glob-parent package vulnerability

Open tsiatka opened this issue 1 year ago • 0 comments

When installing the npm package locally with webpack

glob-parent  <5.1.2
Severity: high
glob-parent vulnerable to Regular Expression Denial of Service in enclosure regex - https://github.com/advisories/GHSA-ww39-953v-wcq6
fix available via `npm audit fix --force`
Will install [email protected], which is a breaking change
node_modules/chokidar/node_modules/glob-parent
node_modules/glob-stream/node_modules/glob-parent
  chokidar  1.0.0-rc1 - 2.1.8
  Depends on vulnerable versions of glob-parent
  node_modules/chokidar
    glob-watcher  3.0.0 - 5.0.5
    Depends on vulnerable versions of chokidar
    node_modules/glob-watcher
  glob-stream  5.3.0 - 6.1.0
  Depends on vulnerable versions of glob-parent
  node_modules/glob-stream
    vinyl-fs  2.4.2 - 3.0.3
    Depends on vulnerable versions of glob-stream
    node_modules/vinyl-fs
      gulp  4.0.0 - 4.0.2
      Depends on vulnerable versions of glob-watcher
      Depends on vulnerable versions of vinyl-fs
      node_modules/gulp
      gulp-typescript  >=2.13.0
      Depends on vulnerable versions of vinyl-fs
      node_modules/gulp-typescript

tsiatka avatar Jun 10 '24 07:06 tsiatka