[VULNERABILITY] Update to latest glob-all (depends on glob-all update)

iandotkelly / nlf

Node License Finder

MIT License

153 stars 41 forks source link

[VULNERABILITY] Update to latest glob-all (depends on glob-all update) #40

Closed shazron closed 8 years ago

shazron commented 8 years ago

See: https://github.com/jpillora/node-glob-all/issues/12

iandotkelly commented 8 years ago

Thanks - I'll take a look

iandotkelly commented 8 years ago

Its a potential denial of service - which isn't such a big deal for this application. That said, I will update, test and release a patch for this.

iandotkelly commented 8 years ago

I've submitted a PR to node-glob-all fixing this vulnerability - i'm not dependent on him merging it or fixing it himself. I'd rather not fork his solution at the moment.

iandotkelly commented 8 years ago

Fixed in https://github.com/iandotkelly/nlf/commit/24137c65df06154646abc6b368a6510eebb24386