Update dependency cpy to fix security advisory

Question

Update dependency cpy to fix security advisory

rmuchall opened this issue 3 years ago · 5 comments

npm audit has the following security advisory for cpy-cli:

  Moderate        Regular expression denial of service
  Package         glob-parent
  Patched in      >=5.1.2
  Dependency of   cpy-cli [dev]
  Path            cpy-cli > cpy > globby > fast-glob > glob-parent
  More info       https://npmjs.com/advisories/1751

link: https://npmjs.com/advisories/1751

It looks like this has already been fixed in your library cpy.
details: sindresorhus/cpy#84

Answer 1 · 2021-08-18T11:07:55.000Z

The version was updated in the code, but cpy didn't release a new version yet, see this comment, so currently this can't be fixed.

Answer 2 · 2022-02-16T17:24:13.000Z

any update on this? it's the only vulnerability we have for several months

Answer 3 · 2022-02-28T16:17:46.000Z

A version of cpy implementing the fix has been released : https://github.com/sindresorhus/cpy/releases/tag/v9.0.0

Answer 4 · 2022-03-01T01:21:33.000Z

@sindresorhus I am happy to help update the dependencies to use the latest version of cpy if it would help save you some time - I saw you were committing in the last couple days though, so not sure if you're prepping to tag a new release and this is already on your agenda.

Answer 5 · 2022-03-01T01:29:49.000Z

PR welcome :)