fontmin-webpack brings an insecure version of glob-parent

patrickhulce / fontmin-webpack

Minifies icon fonts to just the used glyphs.

MIT License

139 stars 19 forks source link

Open Rudloff opened 1 year ago

Rudloff commented 1 year ago

fontmin-webpack@4.0.0 requires glob-parent@^3.1.0 via a transitive dependency on glob-stream@6.1.0

kosmeln commented 1 year ago

We are experiencing the same issue. Any chance to resolve this?

kosmeln commented 1 year ago

Any updates here? This vulnerability is marked as "severe" and it has been month since this issue was posted. Did anybody find a workaround?