one-app-bundler has dependency on old version of glob-parent

[smackfu]

🐞 Bug Report

Describe the bug

@americanexpress/one-app-bundler is dependent on glob-parent@3.1.0 which is six years old and has security vulnerabilities.

To Reproduce

Run npm ls glob-parent from a repo using one-app-bundler.

│ └─┬ webpack@4.46.0
│   └─┬ watchpack@1.7.5
│     └─┬ watchpack-chokidar2@2.0.1
│       └─┬ chokidar@2.1.8
│         └── glob-parent@3.1.0

Expected behavior

The package should be dependent on more recent versions of dependencies, especially for non-dev deps.

[smackfu]

This is probably not fixable without upgrading to webpack 5.

webpack@4 depends on watchpack@1. Current version of watchpack is v2, which doesn't even have a chokidar dependency anymore.

[github-actions]

This issue is stale because it has been open 30 days with no activity.

[JAdshead]

should be fixed by #568

[github-actions]

This issue is stale because it has been open 30 days with no activity.