Closed jimjaeger closed 2 months ago
When can we expect a new version of the "fast-glob" with the fix?
Here is an MR to fix this issue https://github.com/mrmlnc/fast-glob/pull/444
We will probably have to fork this repo, not sure who are the maintainers.
Hello,
could you please provide a rebuild / new version from fast-glob to bump to new micromatch dependency version 4.0.6
fast-glob 3.3.2 defines a dependency to micromatch. ├─┬ fast-glob@3.3.2 │ │ ├── @nodelib/fs.stat@2.0.5 │ │ ├── @nodelib/fs.walk@1.2.8 deduped │ │ ├─┬ glob-parent@5.1.2 │ │ │ └── is-glob@4.0.3 deduped │ │ ├── merge2@1.4.1 │ │ └─┬ micromatch@4.0.5
How to fix? Upgrade micromatch to version 4.0.6 or higher. See: https://security.snyk.io/vuln/SNYK-JS-MICROMATCH-6838728
Thanks.