Update dependency cpy to fix security advisory
rmuchall opened this issue · 5 comments
npm audit has the following security advisory for cpy-cli:
Moderate Regular expression denial of service
Package glob-parent
Patched in >=5.1.2
Dependency of cpy-cli [dev]
Path cpy-cli > cpy > globby > fast-glob > glob-parent
More info https://npmjs.com/advisories/1751
link: https://npmjs.com/advisories/1751
It looks like this has already been fixed in your library cpy.
details: sindresorhus/cpy#84
The version was updated in the code, but cpy didn't release a new version yet, see this comment, so currently this can't be fixed.
any update on this? it's the only vulnerability we have for several months
A version of cpy
implementing the fix has been released : https://github.com/sindresorhus/cpy/releases/tag/v9.0.0
@sindresorhus I am happy to help update the dependencies to use the latest version of cpy
if it would help save you some time - I saw you were committing in the last couple days though, so not sure if you're prepping to tag a new release and this is already on your agenda.
PR welcome :)