Vulnerability due to cpy@8.1.2

[coeing]

  High            glob-parent before 5.1.2 vulnerable to Regular Expression     
                  Denial of Service in enclosure regex                          

  Package         glob-parent                                                   

  Patched in      >=5.1.2                                                       

  Dependency of   @ngx-env/builder [dev]                                        

  Path            @ngx-env/builder > cpy > globby > fast-glob > glob-parent     

  More info       https://github.com/advisories/GHSA-ww39-953v-wcq6   

Should be easy fixed when updating to cpy@9 :)

[coeing]

Ah, just saw that there was already an issue https://github.com/chihab/ngx-env/issues/20 But as I see it, updating cpy should fix the vulnerability.

[EtienneFK]

Hello, i'm facing the same problem :

glob-parent  <5.1.2
Severity: high
glob-parent before 5.1.2 vulnerable to Regular Expression Denial of Service in enclosure regex - https://github.com/advisories/GHSA-ww39-953v-wcq6
No fix available
node_modules/cpy/node_modules/glob-parent
  fast-glob  <=2.2.7
  Depends on vulnerable versions of glob-parent
  node_modules/cpy/node_modules/fast-glob
    globby  8.0.0 - 9.2.0
    Depends on vulnerable versions of fast-glob
    node_modules/cpy/node_modules/globby
      cpy  7.0.0 - 8.1.2
      Depends on vulnerable versions of globby
      node_modules/cpy
        @ngx-env/builder  *
        Depends on vulnerable versions of cpy
        node_modules/@ngx-env/builder

5 high severity vulnerabilities

But even if I update cpy to version 9, I got the same message.

Am I missing something to solve this issue?

Thanks in advance.

[chihab]

The package has been moved to devDependencies so it should not bother you anymore.

Closing the issue, let me know if you still encounter it.