nicolo-ribaudo
commented
3 years ago The goal of this package is to be a 1:1 copy of chokidar@2, with the only exception that it doesn't contain the fsevents optional dependency. For this reason, I'm not going to accept any change.
However, keep in mind that this package is only used by Babel and only if you are using Node.js 6: if you are using a non-deprecated Node.js version, this package won't cause the security vulnerability because it's never used.
glob-parent was flagged as of this morning with high severity security risk. The recommendation is to downgrade to 3.0.0, 2.0.0, or 1.0.0.