react_native/codegen dependency glob is deprecated.

[kayakyakr]

Description

glob ^7 is deprecated and itself requires a deprecated package of inflight that has a security bulletin out on it.

It should be updated to version 9, at the least, if not all the was to current version 11. See:

https://www.npmjs.com/package/glob?activeTab=versions

Facebook security replied that they didn't consider this a security issue, so posting it publicly.

Steps to reproduce

See:

react-native/packages/react-native-codegen/package.json

Line 32 in 4ae86e6

"glob": "^7.1.1",

React Native Version

0.79.2

Affected Platforms

Build - Linux, Build - MacOS

Output of npx @react-native-community/cli info

na

Stacktrace or Logs

na

MANDATORY Reproducer

react-native/packages/react-native-codegen/package.json

Line 32 in 4ae86e6

"glob": "^7.1.1",

Screenshots and Videos

No response

[react-native-bot]

Warning

Missing reproducer: We could not detect a reproducible example in your issue report. Reproducers are mandatory and we can accept only one of those as a valid reproducer:

• For majority of bugs: send us a Pull Request with the RNTesterPlayground.js edited to reproduce your bug.
• If your bug is UI related: a Snack
• If your bug is build/upgrade related: a project using our Reproducer Template

You can read more about about it on our website: How to report a bug.

[cortinico]

See #48875

cc @huntie @byCedric to eventually move that PR further

[Lionhunt3r]

Are there any news on this issue?

@cortinico @huntie @byCedric

[Lionhunt3r]

How is it here? @cortinico @huntie @byCedric

[cortinico]

Please do not ping us multiple times @Lionhunt3r.
The latest updates on this are here:

• Upgrade glob@7 to glob@10 to resolve deprecation warnings #48875

[react-native-bot]

This issue is stale because it has been open 180 days with no activity. Remove stale label or comment or this will be closed in 7 days.