New fast-glob version required due to dependency CVE in micromatch

[jimjaeger]

Hello,

could you please provide a rebuild / new version from fast-glob to bump to new micromatch dependency version 4.0.6

fast-glob 3.3.2 defines a dependency to micromatch. ├─┬ fast-glob@3.3.2 │ │ ├── @nodelib/fs.stat@2.0.5 │ │ ├── @nodelib/fs.walk@1.2.8 deduped │ │ ├─┬ glob-parent@5.1.2 │ │ │ └── is-glob@4.0.3 deduped │ │ ├── merge2@1.4.1 │ │ └─┬ micromatch@4.0.5

How to fix? Upgrade micromatch to version 4.0.6 or higher. See: https://security.snyk.io/vuln/SNYK-JS-MICROMATCH-6838728

Thanks.

[hrgondaliya]

When can we expect a new version of the "fast-glob" with the fix?

[indera]

Here is an MR to fix this issue https://github.com/mrmlnc/fast-glob/pull/444

[indera]

We will probably have to fork this repo, not sure who are the maintainers.