New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Bug]: glob-parent@5.1.0 introduces ReDoS vulnerability #4415
Comments
Hey! This is a transitive dependency for us but we are on 5.1.2 in our lock file already. For anyone who installs Tailwind, the lock file will be ignored but they should get the latest version. |
@adamwathan I am experiencing this in a current project:
I have the following in my
Installing the package directly doesn't help, of course. After some digging, it looks like glob-base has an open issue to update glob-parent: |
🥇
That's a great solution and you all implemented very quickly, as well. You + team are awesome. Thanks for all the good work! |
What version of Tailwind CSS are you using?
2.1.2
What build tool (or framework if it abstracts the build tool) are you using?
webpack@5.14.0
What version of Node.js are you using?
v14.11.0
What browser are you using?
Chrome
What operating system are you using?
macOS
Reproduction repository
https://github.com/tailwindlabs/tailwindcss
Describe your issue
The dependency glob-parent@5.1.0 introduces a ReDoS vulnerability
(https://app.snyk.io/vuln/SNYK-JS-GLOBPARENT-1016905)
The vulnerability was fixed in glob-parent@5.1.2
The text was updated successfully, but these errors were encountered: