Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Security vulnerability in dependency glob-parent@5.1.2 #376

Closed
pgillislb opened this issue Jan 5, 2023 · 5 comments
Closed

Security vulnerability in dependency glob-parent@5.1.2 #376

pgillislb opened this issue Jan 5, 2023 · 5 comments

Comments

@pgillislb
Copy link

The following vulnerability is being reported when building our NodeJs apps that depend on this library:

https://nvd.nist.gov/vuln/detail/CVE-2021-35065

The issue is resolved in glob-parent@6.0.1

I will attempt to put up a PR for the resolution of this issue.

@nutkur
Copy link

nutkur commented Jan 12, 2023

Thank you @pgillislb is there anyway I can help to fasttrack this? This issue is blocker for our release too.

@pgillislb
Copy link
Author

Hi @nutkur I'm not sure. I see you commented on the related PR as well. I'm not sure what the process is to get the PR merged.

@nutkur
Copy link

nutkur commented Jan 12, 2023

Thank you for your fast response. Let's wait for the author to reply on the PR. In the mean while if you figure out another way navigate this security issue, please let me know!

@Berit59
Copy link

Berit59 commented Jan 13, 2023

Same issue here, please let me know if you have a solution!

@mrmlnc
Copy link
Owner

mrmlnc commented Jan 13, 2023

This is not a problem of this package or its dependencies. This is the problem of yet another vulnerability scanner and its knowledge base.

#367 (comment)
github/advisory-database#531


Related issues:

#368
#367
#377


This dependency will be updated in the next major version of the package (#371).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

4 participants