Stuck on an issue?
Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Update dependency cpy to fix security advisory
See original GitHub issuenpm audit has the following security advisory for cpy-cli:
Moderate Regular expression denial of service
Package glob-parent
Patched in >=5.1.2
Dependency of cpy-cli [dev]
Path cpy-cli > cpy > globby > fast-glob > glob-parent
More info https://npmjs.com/advisories/1751
link: https://npmjs.com/advisories/1751
It looks like this has already been fixed in your library cpy. details: https://github.com/sindresorhus/cpy/issues/84
Issue Analytics
- State:
- Created 2 years ago
- Reactions:17
- Comments:5 (2 by maintainers)
Top Results From Across the Web
Auditing package dependencies for security vulnerabilities
Check for mitigating factors; Update dependent packages if a fix exists; Fix the vulnerability; Open an issue in the package or dependent package...
Read more >Fix security vulnerabilities in your dependencies - YouTube
Learn how to resolve potential security vulnerabilities in your web application that are inherited from unsafe npm dependencies.
Read more >Upgrade Package to Fix Security Vulnerability - YouTube
How to investigate and address a GitHub security vulnerability with a "transitive dependency " (a sub- dependency of one of your dependencies ) ......
Read more >Microsoft Security Advisory 4010983
Core or you have already fixed the problem by updating the direct dependencies. If your transitive dependency review found references to the ...
Read more >github - Proper way to fix potential security vulnerability in a ...
A dependency defined in ./package-lock.json has known security vulnerabilities and should be updated. The dependency is not defined in our ...
Read more >
Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free
Top Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
@sindresorhus I am happy to help update the dependencies to use the latest version of
cpyif it would help save you some time - I saw you were committing in the last couple days though, so not sure if you’re prepping to tag a new release and this is already on your agenda.any update on this? it’s the only vulnerability we have for several months