[Snyk] Upgrade fast-glob from 2.2.6 to 3.2.2

[snyk-bot]

Snyk has created this PR to upgrade fast-glob from 2.2.6 to 3.2.2.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

Warning: This is a major version upgrade, and may be a breaking change.

• The recommended version is 15 versions ahead of your current version.
• The recommended version was released 2 months ago, on 2020-02-21.

The recommended version fixes:

Severity	Issue	Exploit Maturity
	Prototype Pollution SNYK-JS-SETVALUE-450213	Proof of Concept
	Prototype Pollution SNYK-JS-SETVALUE-450213	Proof of Concept
	Prototype Pollution SNYK-JS-MIXINDEEP-450212	Proof of Concept
	Information Disclosure SNYK-JS-KINDOF-537849	Proof of Concept

Release notes

Package name: fast-glob

• 3.2.2 - 2020-02-21
  

  🐛 Bug fixes

  • Fix a problem with patterns with leading dot segment (like ./… or .\\…) (#257)
• 3.2.1 - 2020-02-20
  

  💬 Common

  • Temporary fix for #253.
• 3.2.1-beta.1 - 2020-02-20
• 3.2.1-beta.0 - 2020-02-20
• 3.2.0 - 2020-02-15
  

  💬 Common

  • An empty pattern now causes an error (#247)

  🚀 Improvements

  In the #156 issue we've redesigned the deep filter, which controls the reading of directories in depth.

  Previously, this filter did not use positive patterns directly (only their maximum depth). The example below shows how many extra directories we read:

  {src,fixtures}/**
  src → read
  
  fixtures → read
  
  out → read
  
  node_modules → read
  
  

  Now we apply positive patterns.

  {src,fixtures}/**
  src → read
  
  fixtures → read
  
  out → skip
  
  node_modules → skip
  
  

  Synthetic benchmark

  More benchmarks can be found here.

  {fixtures,out}/{first,second}/*

  	sync, ms	async, ms	stream, ms
  3.x.x	13	22	20
  3.2.0	5	9	8

  {fixtures,out}/**

  	sync, ms	async, ms	stream, ms
  3.x.x	37	49	52
  3.2.0	6	10	12

  Real world benchmark

  • Globby
  • Prettier
  • {blocks-*,construct}/**/*.styl (a very large project) 13s → 0.16s

  Known issues

  • For some cases, there is a noticeable slowdown of 3-6%.
  • Patterns containing {a..z} (or similar) may introduce some slowdown.
  • Actually, fast-glob is 2 times slower than node-glob in this scenario.

  We will work on this in the future.

  🎉 Thanks

  • @jonschlinkert for the scan method in picomatch that returns parts of the pattern.
  • @fisker for early beta feedback.
• 3.2.0-beta.2 - 2020-02-09
• 3.2.0-beta - 2020-02-04
• 3.1.1 - 2019-12-01
  

  🐛 Bug fixes

  Stream is not closed when the receiver is closed (#239)

  Previously, we read directories in the stream, even after the receiver is closed. Now we stop reading after closing the receiver by .emit('end'), .destroy() or for await...of.

  const fg = require('fast-glob');
  (async () => {
  
  const stream = fg.stream('**');
  <span class="pl-k">for</span> <span class="pl-en">await</span> (<span class="pl-k">const</span> <span class="pl-c1">entry</span> <span class="pl-k">of</span> <span class="pl-smi">stream</span>) {
      <span class="pl-en">console</span>.<span class="pl-c1">log</span>(entry);
  
      <span class="pl-k">return</span>;
  }
  
  })();

  Most likely, in future releases, we will improve integration with streams (#243).

• 3.1.0 - 2019-10-06
  

  💬 Common

  • New method isDynamicPattern as an alternative to glob.hasMagic (#105)
  • New method escapePath for escaping parts of the paths of the pattern (#158)

  📖 Documentation

  • Add documentation for generateTasks helper.
  • Fix examples for the dot option.

  🐛 Bug Fixes

  • Matching specific file is not found when pattern contains parentheses (#223)
    • ⚠️ Now we route patterns with escape symbol to dynamic patterns
  • Match subdirectories starting with . in {dot: false} mode (#226)

  ⚙️ Infrastructure

  • Move from TSLint to ESLint (#233)
• 3.0.4 - 2019-07-05
  

  This is a maintenance release.

  💬 Common

  • Set correct default value for the onlyFiles option in the documentation (thanks, @garyking)
  • Disable the strictSlashes option (internal) for the micromatch package. Related to micromatch/picomatch#21.
• 3.0.3 - 2019-06-27
  

  💬

  • Correct method for the Stream API in the documentation (#217, thanks @bluelovers)
  • We have divided the benchmark into two types:
    • The product benchmark is a comparison of performance relative to competitors.
    • The regression benchmark is a comparison of performance relative to the previous version.
  • We added a launch of both types of benchmark in CI. Automatically starts only when the master branch is built.
  • Now the smoke tests are run for all API's (sync, async, stream).

  🐛 Bug fixes

  • Non-existing directories in the globbing pattern throw an error with the asynchronous API (#211)
  • The markDirectories option adds extra slashes for every directory in the path with the asynchronous API (#214)
• 3.0.2 - 2019-06-23
  

  The fast-glob3.0.0 was released with one known bug. This release fixes it.

  🐛 Bug fixes

  High memory usage for very big directories (#204)

  Highlights

  • Entries: 4 000 000
  • Before: 4.1GB of RAM (37s)
  • After: 0.8GB of RAM (25s)

  Explanation

  In short, we called 2x replace and startsWith on every entry. Together, that's 12 million calls.

• 3.0.1 - 2019-06-17
  

  💬 Common

  • Fix TypeScript import issue (#206, thanks @zkochan).
• 3.0.0 - 2019-06-16
  

  🌮 Thanks

  • Node.js team (@bengl) for the withFileTypes option in the fs.readdir method.
  • Jon Schlinkert (@jonschlinkert) for the new version of the micromatch package.
  • Community for using my package.
  • Special thanks for the issues and pull requests.

  📑 Summary

  This release aims to fix architectural issues, increase performance and reduce size of package.

  💣 Breaking changes

  Since this is a major release, we are introducing a few breaking changes:

  • Support for the fast-glob@2 is ending.
  • Require Node.js 8+. But we recommend using 10.10+ for performance issues.
  • Only forward-slashes in glob expression. Previously, we convert all slashes to the forward-slashes, which did not allow the use of escaping. See pattern syntax section in the README.md file.
  • Removed options: nobrace, noglobstar, noext, nocase, transform.
  • Renamed options:
    • extension → extglob
    • followSymlinkedDirectories → followSymbolicLinks
    • case → caseSensitiveMatch
    • brace → braceExpansion
    • matchBase → baseNameMatch
  • The deep option now accepts only number type and default value now is Infinity instead of true.
  • The async method was removed. Use fg(/* … */) instead.
  • The type of returned object when the stats option is enabled is completely changed.

  🐛 Bug fixes

  • After update from micromatch@3 to micromatch@4:
    • Incorrect matching with curly braces and globstar (#159).
    • Inaccurate comparison within a regular expression (#123, #138).
    • A very long initialization time of filters (#92).
  • Now we do not convert slashes in the patterns (#173).
  • Previously, the baseNameMatch option never worked (#199).

  🚀 Improvements

  💬 Common

  • Package size after installation is decreased: 2.47MB → 0.42MB.
  • Package require time decreased: 534ms → 78ms.

  🌪️ Speed

  Wow! The new version is very fast. At least twice as fast as the previous version. Probably this is the fastest solution in the Node.js world. And that's not all! We will work on performance issues in the future 🐢.

  • Speed up between versions for directory with 265k entries: 5x (19s → 4s).
  • Speed up between versions for directory with 4kk entries: 4x (4m → 1m).

  Look at the benchmarks section in the README.md file.

  ⚙️ Flexibility

  Also in this release we have worked on simplifying some scenarios.

  Now, thanks to the new mechanism, you can get the type of entry without additional costs! Works only on Node.js 10.10+. Look at the objectMode option.

  • concurrency
  • fs
  • suppressErrors
  • throwErrorOnBrokenSymbolicLink
  • objectMode

  🤕 Known issues in this update

  • High memory usage for very big directories
• 2.2.7 - 2019-05-18
• 2.2.6 - 2019-01-07

from fast-glob GitHub release notes

Commit messages

Package name: fast-glob

• 5d1ac28 3.2.2
• feee3bd Merge pull request #258 from mrmlnc/ISSUE-257_fix_patterns_with_leading_dot
• abe17b6 refactor(filters): use utility instead of regex
• 8851e0f refactor(utils): add leading dot segment removal utility
• 2466aea fix(filters/deep): fix a problem with matching for patterns with leading dot
• 78c7780 3.2.1
• f9af597 refactor(utils): use picomatch instead of micromatch to scan a pattern
• 60d2d27 Merge pull request #255 from mrmlnc/ISSUE-253_avoid_yarn_error
• 69be6a2 build(package): add picomatch dependency
• 1757299 3.2.0
• 27ab96c Merge pull request #252 from mrmlnc/ISSUE-156_improve_partial_matcher
• 3c33e23 fix(matchers): pass settings to "isDynamicPattern" method
• 087c51e test(utils/pattern): add more tests for "isDynamicPattern" method
• 9444563 refactor(utils): drop unused code
• f043c84 fix(matchers): correctly handle multiple patterns
• 6474bf4 fix(matchers): correctly handle pattern with difference levels
• 0923f9b Merge pull request #249 from mrmlnc/ISSUE-156_partial_matcher
• d16282c Merge pull request #250 from mrmlnc/ISSUE-247_input_data_validation
• d5bd15f feat: improve input data validation
• 2f5f18e refactor(matcher): extract base methods to the abstract class
• 0d2ee18 test(smoke): add smoke tests for partial matching
• c884233 build(package): add benchmark for partial matching
• aefa86d feat(utils/pattern): add method to match pattern parts
• 8cef9e8 refactor(providers): introduce matchers

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs