Dependency globby security vulnerability #96
Comments
|
Thank you for the fix. Could I ask, when is the next scheduled release, so that we can get this fix? |
|
When #92 is merged. |
|
@sindresorhus is there any chance to release a non-ESM version of cpy upgrading to globby 10+ (the one using fast-glob 3 and so a patched version of glob-parent), to allow upgrades for downstream packages that cannot migrate to ESM yet ? For instance, for a webpack plugin (I know some of them depending on cpy), it might be hard to migrate to ESM, as I don't think webpack supports ESM config files yet. |
|
I don't have any plans to backport. Most users use |
|
Hey guys! This is blocking security updates for Storybook. Any word on when we'll see #92 merged? Here are some relevant issues: Thanks! |
There is a vulnerability in the glob-parent library used.
cpy>globby 9.2.0 >fast-glob 2.2.6 > glob-parent 3.1.0
GHSA-ww39-953v-wcq6
Is there a change to update globby to v12.0.0 or a later one, so that it ends up using glop-parent v5.1.2 which is the patched version?
The text was updated successfully, but these errors were encountered: