Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

test-exclude pulling in vulnerability from inflight. #529

Closed
morganney opened this issue May 26, 2024 · 2 comments · Fixed by #531
Closed

test-exclude pulling in vulnerability from inflight. #529

morganney opened this issue May 26, 2024 · 2 comments · Fixed by #531

Comments

@morganney
Copy link

morganney commented May 26, 2024

CWE-772 from inflight as a transitive dep of test-exclude which relies on an old version of glob.

Similar to #506.

test-exclude appears to have no activity, but there is a PR to fix this: istanbuljs/test-exclude#54. Might want to consider using overrides. FWIW node has experimental support for glob from node:fs in v22.

  • Version:
    Node.js v22.2.0
  • Platform:
    Linux machine 6.8.0-76060800daily20240311-generic #202403110203~1715181801~22.04~aba43ee~dev-Ubuntu SMP PREEMPT_DY x86_64 x86_64 x86_64 GNU/Linux
npm warn deprecated inflight@1.0.6: This module is not supported, and leaks memory. Do not use it. Check out lru-cache if you want a good and tested way to coalesce async requests by a key value, which is much more comprehensive and powerful.
morgan@machine:~/code/module-type (develop)$ npm ls inflight
node-module-type@1.0.0-alpha.1 /home/morgan/code/module-type
└─┬ c8@9.1.0
  └─┬ test-exclude@6.0.0
    └─┬ glob@7.2.3
      └── inflight@1.0.6
@bcoe
Copy link
Owner

bcoe commented Jun 10, 2024

@morganney please let me know if v10 of c8 does the trick for you.

@morganney
Copy link
Author

@bcoe thank you, the issue has been resolved 👍

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging a pull request may close this issue.

2 participants