[Snyk] Upgrade fast-glob from 3.2.4 to 3.2.7 #5

snyk-bot · 2021-10-31T00:11:54Z

Snyk has created this PR to upgrade fast-glob from 3.2.4 to 3.2.7.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

The recommended version is 3 versions ahead of your current version.
The recommended version was released 4 months ago, on 2021-07-08.

The recommended version fixes:

Severity	Issue	PriorityScore (*)	Exploit Maturity
	Regular Expression Denial of Service (ReDoS) SNYK-JS-GLOBPARENT-1016905	372/1000 Why? Proof of Concept exploit, CVSS 5.3	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: fast-glob

3.2.7 - 2021-07-08
🐛 Bug fixes

The previous release (3.2.6) introduced a regression, thanks to which negative patterns were not applied to patterns outside the current directory.

This release fixes the issue.
3.2.6 - 2021-06-27
🐛 Bug fixes
- Now you can use patterns related to the parent directory along with the regular ones. (#310, #316)
// Patterns inside current directory → ['', './.js']
// Patterns outside current directory → ['../', './../*.js']

// Previously you could specify a patterns outside current directory.
fg.sync(['../*.txt']) → ['../file.txt']

// But when the pattern inside current directory was added to them, the behavior broke down.
fg.sync(['.md', '../.txt']) → ['file.md'] // The '../file.txt' file exists

// After this fix you can mix both kinds of patterns.
fg.sync(['.md', '../.txt']) → ['file.md', '../file.txt']

// Right now we do not support patterns like '{.,..}/*.md'.

📖 Documentation
- Added clarifications for the followSymbolicLinks option.
⚙️ Infrastructure
- The glob-parent package has been updated to fix vulnerabilities. (#304)
- The micromatch package has been updated to eliminate dependency on the picomatch package from this package. (#256)
- Node.js 16 has been added to the CI configuration to run tests and benchmarks. Now benchmarks will run only on this version. (#311)
- The tiny-glob package has been added to the synchronous product benchmarks. (#323)
- The fdir package has been added to synchronous and asynchronous product benchmarks. The latest launch. (#322)
- The .npmignore file has been replaced by the files field in the package.json file. (#321)
3.2.5 - 2021-01-17
🐛 Bug fixes
- Now this packages correctly supports ARM processors (#296, thanks @ yozman).
- Fixed behavior that led to Uncaught Error when the package tried to destroy stream multiple times (#282).
  - nodelib/nodelib#53, nodelib/nodelib#58
- Fixed an issue with patterns that starts with the leading slash (#277).
  - Related to patterns with various kinds: /*, /tmp/*, //?/C:/*.
  - nodelib/nodelib#54, nodelib/nodelib#63
📖 Documentation
- Fix examples for the markDirectories option (#287, thanks @ yarastqt).
⚙️ Infrastructure
- Use the latest versions of OS in CI (#279).
- Move from Azure Pipelines to GitHub Actions (#299).
3.2.4 - 2020-06-16
🐛 Bug fixes
- Fixed a regression in 3.2.3 when the caseSensitiveMatch option is disabled (#276)

from fast-glob GitHub release notes

Commit messages

Package name: fast-glob

676bbd6 3.2.7
c64bb1e Merge pull request CB-11771 Deep symlink directories to target project instead of linking the directory itself apache/cordova-android#326 from mrmlnc/ISSUE-325_fix_relative_ignore_patterns
8a3e6d6 fix: do not ignore negative patterns for patterns outside cwd
d22afc5 3.2.6
a7a6556 Merge pull request CB-11726 - Update appveyor node versions to 4 and 6, so they will always use the latest versions apache/cordova-android#324 from mrmlnc/ISSUE-300_update_documentation
1a28354 docs: clarification for `followSymbolicLinks` option
190e6bf Merge pull request Changes for Cordova-Android 6.0.0 - Android Modules as Plugins apache/cordova-android#323 from mrmlnc/TRIVIAL_update_tiny-glob_benchmark
0ed6291 build: add `tiny-glob` to product synchronous benchmark
6257af0 Merge pull request CB-11683 android: Fixed linking to directories apache/cordova-android#322 from mrmlnc/TRIVIAL_fdir_benchmark
9bcc78f Merge pull request CB-8978 Prepare copy resource-files from config.xml apache/cordova-android#321 from mrmlnc/TRIVIAL_drop_npmignore
d046b51 build: add `fdir` to product benchmark
7f0fd0f build: use 'files' field instead of '.npmignore' file
c9f7a81 Merge pull request Changes for Cordova-Android 6.0.0 - Evaluate Javascript bridge as default apache/cordova-android#320 from mrmlnc/ISSUE-316_fix_mixed_base_directories
4c36f6d fix(managers): fix issue with patterns that refers to the parent directory
295db2a feat(utils): add uilities for obtaining patterns relative to the current directory
e4a3e7f Merge pull request Android Keyboard apache/cordova-android#318 from mrmlnc/ISSUE-256_remove_picomatch_dependency
707fd21 build: update micromatch
08951de Merge pull request CB-11078 "Empty string for BackgroundColor preference crashes application" issue apache/cordova-android#315 from maugares/patch-1
b7458b8 Update package.json
226a495 Merge pull request Install Cordova help apache/cordova-android#311 from mrmlnc/TRIVIAL_update_configs
aa3aadd build: update CI config
ffff3ec 3.2.5
f22f40c Merge pull request Revert "CB-10881: Logging to further investigations" apache/cordova-android#287 from yarastqt/yarastqt.fix-readme-typo
19cdcb7 Merge pull request CB-11138 Reuse PluginManager from common to add/rm plugins apache/cordova-android#301 from mrmlnc/FG-277_smoke_tests_for_root_case

Compare

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

Snyk has created this PR to upgrade fast-glob from 3.2.4 to 3.2.7. See this package in npm: https://www.npmjs.com/package/fast-glob See this project in Snyk: https://app.snyk.io/org/outsystems-pilot-org/project/8b2b29f1-04bb-404e-ac60-69bc99a09497?utm_source=github&utm_medium=referral&page=upgrade-pr

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

[Snyk] Upgrade fast-glob from 3.2.4 to 3.2.7 #5

[Snyk] Upgrade fast-glob from 3.2.4 to 3.2.7 #5

Uh oh!

snyk-bot commented Oct 31, 2021

🐛 Bug fixes

🐛 Bug fixes

📖 Documentation

⚙️ Infrastructure

🐛 Bug fixes

📖 Documentation

⚙️ Infrastructure

🐛 Bug fixes

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

[Snyk] Upgrade fast-glob from 3.2.4 to 3.2.7 #5

Are you sure you want to change the base?

[Snyk] Upgrade fast-glob from 3.2.4 to 3.2.7 #5

Uh oh!

Conversation

snyk-bot commented Oct 31, 2021

Snyk has created this PR to upgrade fast-glob from 3.2.4 to 3.2.7.

🐛 Bug fixes

🐛 Bug fixes

📖 Documentation

⚙️ Infrastructure

🐛 Bug fixes

📖 Documentation

⚙️ Infrastructure

🐛 Bug fixes

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants