Closed LVSant closed 2 years ago
glob-parent
The latest stable version of serverless-layers that is 2.5.3 is using glob-parent@2.0.0 which is vulnerable to regular expression denial of service.
serverless-layers
2.5.3
glob-parent@2.0.0
Please release a new version that is stable (not 2.5.4-beta.1) that contains this fix.
It's a High vulnerability that's impacting users of your library.
done
Update
glob-parent
to 5.1.2The latest stable version of
serverless-layers
that is2.5.3
is usingglob-parent@2.0.0
which is vulnerable to regular expression denial of service.Please release a new version that is stable (not 2.5.4-beta.1) that contains this fix.
It's a High vulnerability that's impacting users of your library.