Relies (transitively) on vulnerable version of inflight #17
Comments
|
Would you like to send a PR to address this issue? |
|
Added a PR: One unit test is skipped temporarily, until I have time to figure out what's going wrong.... |
This was referenced Dec 7, 2023
|
Can we get this merged ? Needed for Pino fix |
|
unit tests are still not passing. Will take a look asap. |
Merged
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Seems that inflight is not expected to be fixed (see this comment). So, the upstream libs using it should fix by updating to later versions of the in between dependency (glob).
For my app, the dependency chain starts with pino-pretty, but this help-me lib would be the point of upgrading to newer version of glob to resolve:
pino-pretty@10.2.3 › help-me@4.2.0 › glob@8.1.0 › inflight@1.0.6
The Snyk issue, for reference:
https://security.snyk.io/vuln/SNYK-JS-INFLIGHT-6095116
The text was updated successfully, but these errors were encountered: