-
Notifications
You must be signed in to change notification settings - Fork 7
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Bug]: Snyk vulnerability SNYK-JS-INFLIGHT-6095116 #80
Comments
Hmm, Will consider forking this plugin! It hasn't been maintained for so long. |
yeah that plugin is abandoned due to that clean: true piece in webpack hence me asking. |
@DuCanhGH so i was thinking about this a little bit last night, and why don't you clean those files outside of webpack? You could maybe get rid of the webpack plugin all together and use either del or rimraf and run a delete right here: https://github.com/serwist/serwist/blob/main/packages/next/src/index.ts#L18 and don't rely on webpack for that at all, just a thought? |
@mick-feller good idea! That seems to make for a better choice. We will probably use the native |
Removed in 9.0.0-preview.10 :) |
thanks a lot! that cleared it up, I appreciate you! |
Provide environment information
"@serwist/next": "^9.0.0-preview.6",
"@serwist/precaching": "^9.0.0-preview.6",
"@serwist/sw": "^9.0.0-preview.6",
Which project is this issue for?
@serwist/next
Link to reproduction - Issues with a link to complete (but minimal) reproduction code help us address them faster
To reproduce
simply install the above packages
Describe the bug
It's not so much a bug perse, but there is a security vulnearbility in inflight that gets included in your package through the clean-webpack-plugin that i saw was being used in @serwist/next here:
https://github.com/serwist/serwist/blob/main/packages/next/src/index.ts#L6
and here:
https://github.com/serwist/serwist/blob/main/packages/next/src/index.ts#L147
is there any chance we can get rid of clean-webpack-plugin and use clean: true in the output as stated in the webpack docs like so:
https://webpack.js.org/guides/output-management/#cleaning-up-the-dist-folder
I know it might not be a big deal, but would clean up some snyk reports.
here is a link to the snyk finding:
https://security.snyk.io/vuln/SNYK-JS-INFLIGHT-6095116
Expected behavior
Nothing is really broken, just trying to do some cleanup
Screenshots (if relevant)
Additional information (if relevant)
No response
The text was updated successfully, but these errors were encountered: