Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update rimraf to latest v5 to fix vulnerability from inflight dependency of glob package #343

Open
cherviakovtaskworld opened this issue Jan 4, 2024 · 0 comments
Open

Update rimraf to latest v5 to fix vulnerability from inflight dependency of glob package #343

cherviakovtaskworld opened this issue Jan 4, 2024 · 0 comments

Comments

@cherviakovtaskworld
Copy link

Issue description

ts-node-dev depends on rimraf v2, which in turn depends on glob 7.1.5, which itself depends on unmaintained vulnerable package inflight

Context

Inflight last release was 7 years ago and there lots of vulnerabilities, latest glob v10 no longer depends on it, please update rimraf to latest version or remove it completed as dependency

https://security.snyk.io/package/npm/inflight

OS version (is it docker or host?), ts-node-dev version
ArchLinux 6.6.9-arch1-1 ts-node-dev 2.0.0

Did you try to run with ts-node?
Yes, but I need ts-node-dev to be working for development

Did you try to run with --files option enabled?
No, not required

Did you try to run with --debug option enabled?
No. not required

Do you have a repro example (git repo) with simple steps to reproduce your problem?
Getting error from this line, when trying to override rimraf to be latest version for ts-node-dev

ts-node-dev/src/compiler.ts

Line 138 in 32bdc92

rimraf.sync(getCompiledDir())

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@cherviakovtaskworld