[Snyk] Upgrade fast-glob from 3.0.2 to 3.2.2

[snyk-bot]

Snyk has created this PR to upgrade fast-glob from 3.0.2 to 3.2.2.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 11 versions ahead of your current version.
• The recommended version was released 17 days ago, on 2020-02-21.

The recommended version fixes:

Severity	Issue	Exploit Maturity
	Prototype Pollution SNYK-JS-LODASH-450202	Proof of Concept
	Denial of Service (DoS) SNYK-JS-NODESASS-542662	No Known Exploit

Release notes

Package name: fast-glob

• 3.2.2 - 2020-02-21
  

  🐛 Bug fixes

  • Fix a problem with patterns with leading dot segment (like ./… or .\\…) (#257)
• 3.2.1 - 2020-02-20
  

  💬 Common

  • Temporary fix for #253.
• 3.2.1-beta.1 - 2020-02-20
• 3.2.1-beta.0 - 2020-02-20
• 3.2.0 - 2020-02-15
  

  💬 Common

  • An empty pattern now causes an error (#247)

  🚀 Improvements

  In the #156 issue we've redesigned the deep filter, which controls the reading of directories in depth.

  Previously, this filter did not use positive patterns directly (only their maximum depth). The example below shows how many extra directories we read:

  {src,fixtures}/**
  src → read
  
  fixtures → read
  
  out → read
  
  node_modules → read
  
  

  Now we apply positive patterns.

  {src,fixtures}/**
  src → read
  
  fixtures → read
  
  out → skip
  
  node_modules → skip
  
  

  Synthetic benchmark

  More benchmarks can be found here.

  {fixtures,out}/{first,second}/*

  	sync, ms	async, ms	stream, ms
  3.x.x	13	22	20
  3.2.0	5	9	8

  {fixtures,out}/**

  	sync, ms	async, ms	stream, ms
  3.x.x	37	49	52
  3.2.0	6	10	12

  Real world benchmark

  • Globby
  • Prettier
  • {blocks-*,construct}/**/*.styl (a very large project) 13s → 0.16s

  Known issues

  • For some cases, there is a noticeable slowdown of 3-6%.
  • Patterns containing {a..z} (or similar) may introduce some slowdown.
  • Actually, fast-glob is 2 times slower than node-glob in this scenario.

  We will work on this in the future.

  🎉 Thanks

  • @jonschlinkert for the scan method in picomatch that returns parts of the pattern.
  • @fisker for early beta feedback.
• 3.2.0-beta.2 - 2020-02-09
• 3.2.0-beta - 2020-02-04
• 3.1.1 - 2019-12-01
  

  🐛 Bug fixes

  Stream is not closed when the receiver is closed (#239)

  Previously, we read directories in the stream, even after the receiver is closed. Now we stop reading after closing the receiver by .emit('end'), .destroy() or for await...of.

  const fg = require('fast-glob');
  (async () => {
  
  const stream = fg.stream('**');
  <span class="pl-k">for</span> <span class="pl-en">await</span> (<span class="pl-k">const</span> <span class="pl-c1">entry</span> <span class="pl-k">of</span> <span class="pl-smi">stream</span>) {
      <span class="pl-en">console</span>.<span class="pl-c1">log</span>(entry);
  
      <span class="pl-k">return</span>;
  }
  
  })();

  Most likely, in future releases, we will improve integration with streams (#243).

• 3.1.0 - 2019-10-06
  

  💬 Common

  • New method isDynamicPattern as an alternative to glob.hasMagic (#105)
  • New method escapePath for escaping parts of the paths of the pattern (#158)

  📖 Documentation

  • Add documentation for generateTasks helper.
  • Fix examples for the dot option.

  🐛 Bug Fixes

  • Matching specific file is not found when pattern contains parentheses (#223)
    • ⚠️ Now we route patterns with escape symbol to dynamic patterns
  • Match subdirectories starting with . in {dot: false} mode (#226)

  ⚙️ Infrastructure

  • Move from TSLint to ESLint (#233)
• 3.0.4 - 2019-07-05
  

  This is a maintenance release.

  💬 Common

  • Set correct default value for the onlyFiles option in the documentation (thanks, @garyking)
  • Disable the strictSlashes option (internal) for the micromatch package. Related to micromatch/picomatch#21.
• 3.0.3 - 2019-06-27
  

  💬

  • Correct method for the Stream API in the documentation (#217, thanks @bluelovers)
  • We have divided the benchmark into two types:
    • The product benchmark is a comparison of performance relative to competitors.
    • The regression benchmark is a comparison of performance relative to the previous version.
  • We added a launch of both types of benchmark in CI. Automatically starts only when the master branch is built.
  • Now the smoke tests are run for all API's (sync, async, stream).

  🐛 Bug fixes

  • Non-existing directories in the globbing pattern throw an error with the asynchronous API (#211)
  • The markDirectories option adds extra slashes for every directory in the path with the asynchronous API (#214)
• 3.0.2 - 2019-06-23
  

  The fast-glob3.0.0 was released with one known bug. This release fixes it.

  🐛 Bug fixes

  High memory usage for very big directories (#204)

  Highlights

  • Entries: 4 000 000
  • Before: 4.1GB of RAM (37s)
  • After: 0.8GB of RAM (25s)

  Explanation

  In short, we called 2x replace and startsWith on every entry. Together, that's 12 million calls.

from fast-glob GitHub release notes

Commit messages

Package name: fast-glob

• 5d1ac28 3.2.2
• feee3bd Merge pull request #258 from mrmlnc/ISSUE-257_fix_patterns_with_leading_dot
• abe17b6 refactor(filters): use utility instead of regex
• 8851e0f refactor(utils): add leading dot segment removal utility
• 2466aea fix(filters/deep): fix a problem with matching for patterns with leading dot
• 78c7780 3.2.1
• f9af597 refactor(utils): use picomatch instead of micromatch to scan a pattern
• 60d2d27 Merge pull request #255 from mrmlnc/ISSUE-253_avoid_yarn_error
• 69be6a2 build(package): add picomatch dependency
• 1757299 3.2.0
• 27ab96c Merge pull request #252 from mrmlnc/ISSUE-156_improve_partial_matcher
• 3c33e23 fix(matchers): pass settings to "isDynamicPattern" method
• 087c51e test(utils/pattern): add more tests for "isDynamicPattern" method
• 9444563 refactor(utils): drop unused code
• f043c84 fix(matchers): correctly handle multiple patterns
• 6474bf4 fix(matchers): correctly handle pattern with difference levels
• 0923f9b Merge pull request #249 from mrmlnc/ISSUE-156_partial_matcher
• d16282c Merge pull request #250 from mrmlnc/ISSUE-247_input_data_validation
• d5bd15f feat: improve input data validation
• 2f5f18e refactor(matcher): extract base methods to the abstract class
• 0d2ee18 test(smoke): add smoke tests for partial matching
• c884233 build(package): add benchmark for partial matching
• aefa86d feat(utils/pattern): add method to match pattern parts
• 8cef9e8 refactor(providers): introduce matchers

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

[//]: # (snyk:metadata:{"dependencies":[{"name":"fast-glob","from":"3.0.2","to":"3.2.2"}],"packageManager":"npm","type":"auto","projectUrl":"https://app.snyk.io/org/skyscanner/project/cd451162-97a6-4988-8274-d2d4326c8b96?utm_source=github&utm_medium=upgrade-pr","projectPublicId":"cd451162-97a6-4988-8274-d2d4326c8b96","env":"prod","prType":"upgrade","vulns":["SNYK-JS-LODASH-450202","SNYK-JS-NODESASS-542662"],"issuesToFix":[{"issueId":"SNYK-JS-LODASH-450202","severity":"high","title":"Prototype Pollution","exploitMaturity":"proof-of-concept"},{"issueId":"SNYK-JS-NODESASS-542662","severity":"medium","title":"Denial of Service (DoS)","exploitMaturity":"no-known-exploit"}],"upgrade":["SNYK-JS-LODASH-450202","SNYK-JS-NODESASS-542662"],"upgradeInfo":{"versionsDiff":11,"publishedDate":"2020-02-21T20:49:35.804Z"},"templateVariants":[],"hasFixes":true,"isMajorUpgrade":false,"isBreakingChange":false})