Closed kkmavr closed 2 years ago
Thank you for the fix. Could I ask, when is the next scheduled release, so that we can get this fix?
When https://github.com/sindresorhus/cpy/pull/92 is merged.
@sindresorhus is there any chance to release a non-ESM version of cpy upgrading to globby 10+ (the one using fast-glob 3 and so a patched version of glob-parent), to allow upgrades for downstream packages that cannot migrate to ESM yet ? For instance, for a webpack plugin (I know some of them depending on cpy), it might be hard to migrate to ESM, as I don't think webpack supports ESM config files yet.
I don't have any plans to backport. Most users use globby
asynchronously and can use the ESM from CommonJS by using await import(…)
.
Hey guys! This is blocking security updates for Storybook. Any word on when we'll see #92 merged?
Here are some relevant issues: https://github.com/storybookjs/storybook/issues/15174 https://github.com/nrwl/nx/issues/5998
Thanks!
There is a vulnerability in the glob-parent library used. cpy>globby 9.2.0 >fast-glob 2.2.6 > glob-parent 3.1.0
GHSA-ww39-953v-wcq6
Is there a change to update globby to v12.0.0 or a later one, so that it ends up using glop-parent v5.1.2 which is the patched version?