If you, like me, love reveal.js but are annoyed by dependabot security alerts and like to fix them, I have good-ish news on the vulns it is flagging in glob-parent as pulled in transitively through gulp's dependencies. First off, Gulpjs is not going to address this directly: gulpjs/gulp#2640, but per this stackoverflow: https://stackoverflow.com/questions/68333071/how-to-solve-this-npm-glob-parent-problem , you can hardwire the resolution of glob to an updated version, which does not appear to have any problems (testing on serving static reveal presentations, no testing on reveal.js server functionality, so ymmv).

(not a bug, but I suppose with additional testing this could be baked in to reveal's package.json directly?)