sindresorhus / cpy

Copy files
MIT License
425 stars 63 forks source link

Upgrade to globby 11 #82

Closed stof closed 3 years ago

stof commented 3 years ago

globby 9.2 depends on fast-glob 2, which itself depends on an old version of glob-parent vulnerable to ReDoS attacks. globby 11 depends on fast-glob 3, which uses the latest glob-parent that has been patched.

This requires a major version bump for 2 reasons:

stof commented 3 years ago

hmm, I don't have a windows environment to debug the test failure on windows.

sindresorhus commented 3 years ago

Closing for lack of activity.

flvyu commented 3 years ago

@sindresorhus Can we reopen this as updating globby version will get rid of the vulnerability in glob-parent versions less than 5.0.1 We just need your help with fixing the failing tests related to the upgrade.