Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

glob lib dependency, depends on Inflight lib which is now introducing a security vulnerability #821

Closed
elvisjfer opened this issue Dec 7, 2023 · 2 comments
Closed

glob lib dependency, depends on Inflight lib which is now introducing a security vulnerability #821

elvisjfer opened this issue Dec 7, 2023 · 2 comments

Comments

@elvisjfer
Copy link

inflight@1.0.6 has a vulnerability of "Missing Release of Resource after Effective Lifetime".
https://security.snyk.io/vuln/SNYK-JS-INFLIGHT-6095116
Nx depends on glob@7.1.6 which depends on inflight@1.0.6.

Expected Behavior
No vulnerability.
As suggested in https://security.snyk.io/vuln/SNYK-JS-INFLIGHT-6095116
glob lib should be updated to latest 10.x.x version (which is not depends on inflight)

Steps to Reproduce
package.json file includes:
"glob": "7.1.6",

Navigate to https://security.snyk.io/vuln/?search=inflight
@pnappa
Copy link
Contributor

pnappa commented Dec 15, 2023

I just opened #822 which should resolve this.

@alangpierce
Copy link
Owner

Fixed in #822 and released in v3.35.0.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@alangpierce @pnappa @elvisjfer