CROSSSPAWN-8303230: Regular Expression Denial of Service (ReDoS) affecting cross-spawn package in versión 11.0.0 of Glob

[Miguelmatas998]

There is a vulnerability in version 11.0.0 of Glob originating from the cross-spawn 7.0.4 (CVE-2024-21538).

I am requesting a fix, as the cross-spawn library has already addressed this issue in version 7.0.5.

I appreciate your prompt attention to this matter. I look forward to a resolution.

[beavuck]

I have a PR open to fix the vuln in the relevant dependency: tapjs/foreground-child#60

[maury91]

The dependency affected by this issue ( foreground-child ) has now fixed it, any news on updating node-glob to use version 3.3.1 of foreground-child?