[FOSSA] Issue with glob-parent - VULNERABILITY

[TerrySmithDC]

VULNERABILITY - glob-parent (5.1.1)

Component URL

https://github.com/es128/glob-parent

Affected Projects

• gazebo
• ruby-standard-1
• ruby-standard-2

Issue

Vulnerability - CVE-2020-28469

Description:
The software does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

---

Generated by FOSSA on 02/24/2021
Reported by FOSSA user: terry@codecov.io
Reported Issue: https://app.fossa.com/projects/git%2Bgithub.com%2Fcodecov%2Fgazebo/refs/branch/main/0f06ff096f658a2f8498db2b288823a1765df493/issues/security/607999?revisionScanId=4189094&status=any

[TerrySmithDC]

Waiting on one of two PRs to land in the package.

gulpjs/glob-parent#36
gulpjs/glob-parent#34

Depending on how long this takes to release (it takes more then 60~ days) we could also fork and install a version with the fix to comply with SOC II

[TerrySmithDC]

Package is now resolved with https://github.com/gulpjs/glob-parent/releases/tag/v5.1.2