glob-parent is vulnerable to Regular expression denial of service. The vulnerability exists due to an incorrect regex implementation on the enclosure variable. This vulnerability is caused by an incomplete fix of CVE-2020-28469.
enclosure