test-exclude pulling in vulnerability from inflight.

[morganney]

CWE-772 from inflight as a transitive dep of test-exclude which relies on an old version of glob.

Similar to #506.

test-exclude appears to have no activity, but there is a PR to fix this: istanbuljs/test-exclude#54. Might want to consider using overrides. FWIW node has experimental support for glob from node:fs in v22.

• Version:
  Node.js v22.2.0
• Platform:
  Linux machine 6.8.0-76060800daily20240311-generic #202403110203~1715181801~22.04~aba43ee~dev-Ubuntu SMP PREEMPT_DY x86_64 x86_64 x86_64 GNU/Linux

npm warn deprecated inflight@1.0.6: This module is not supported, and leaks memory. Do not use it. Check out lru-cache if you want a good and tested way to coalesce async requests by a key value, which is much more comprehensive and powerful.

morgan@machine:~/code/module-type (develop)$ npm ls inflight
node-module-type@1.0.0-alpha.1 /home/morgan/code/module-type
└─┬ c8@9.1.0
  └─┬ test-exclude@6.0.0
    └─┬ glob@7.2.3
      └── inflight@1.0.6

[bcoe]

@morganney please let me know if v10 of c8 does the trick for you.

[morganney]

@bcoe thank you, the issue has been resolved 👍