Open scoobster17 opened 3 years ago
I'd accept a PR fixing this @scoobster17!
I had to revert this, it broke several personal projects of mine that use next-offline:
Ahh, I didn't see any globs in the file I edited, but there was a breaking change for handling globs in copy-webpack-plugin@6 too as per the release notes. Try this? Not sure if you'll have to make further changes to next-offline or your specific project(s).
https://github.com/webpack-contrib/copy-webpack-plugin/releases/tag/v6.0.0
Any luck with the globs/progressing this issue?
@scoobster17 I haven't looked at it, I've been on vacation the last couple of weeks.
If you want to take a stab at it, I could review a PR and could release a prerelease version of next-offline so we can both verify it's working before releasing in a stable version
@hanford hope you had a nice break.
From your error message, the problem seems it might be with this line. Perhaps this path has changed? At this point I feel you are best suited to investigate this issue, I'm a bit clueless as to how to fix this.
Any update regarding this issue?
Hi, an audit at our worksite has flagged this same CVE, CVE-2020-28469. We are very grateful for what next-offline has provided to us and still provides, but we need to provide a response to the business regarding the potential of a fixed (we do not not need to provide an ETA for now, I think they just want to know we are acting on it, when we can).
Question: Is this project still maintained? Sorry to ask very directly. We tried a few PWA frameworks for nextjs back in the day, and this was our favorite by far as it was easy getting started with. :)
Hello, this package is flagging up a high severity vulnerability due to copy-webpack-plugin@5.1.2 being a dependency, which is itself using glob-parent@3.0.1.
Upgrading to copy-webpack-plugin@6.4.1, or higher seems like it will fix the issue, or at least allow
npm update glob-parent
to be applied to repositories that use this package, as those versions of copy-webpack-plugin technically use ^5.1.1, whereas the fix is in v5.1.2.