[BUG] Transitive Dependency Vulnerability: inflight: 1.0.6 #2609

fmaiavieira · 2023-12-01T20:29:18Z

🐛 Bug Report

Transitive Dependency Vulnerability: exceljs > archiver > archiver-utils > glob > inflight: 1.0.6

Lib version: 4.4.0

vulnerability: https://security.snyk.io/vuln/SNYK-JS-INFLIGHT-6095116

yikenman · 2023-12-04T06:30:59Z

relate to isaacs/inflight-DEPRECATED-DO-NOT-USE#18

raffaele-moodys · 2023-12-18T12:00:34Z

Hi @yikenman, are you sure the issue can be related to the one in inflight repo?

As far as I know the chain of dependencies is exceljs@4.4.0 -> archiver@5.3.2 -> archiver-utils@2.1.0 -> glob@7.2.3 -> inflight@1.0.6, but glob removed the inflight dependency since version 9.0.0.

I think the related issue is archiverjs/archiver-utils#168 and that makes the issues in inflight irrelevant for this library.

Update:

archiver@6 currently updated the glob dependency from version 8 to version 10 and they dropped dependencies from inflight.

relaxedleaf · 2024-02-29T17:50:54Z

Is there an update on this?

henryfung3a27 · 2024-10-18T04:33:00Z

Try #2829 (comment)

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[BUG] Transitive Dependency Vulnerability: inflight: 1.0.6 #2609

[BUG] Transitive Dependency Vulnerability: inflight: 1.0.6 #2609

fmaiavieira commented Dec 1, 2023 •

edited

Loading

yikenman commented Dec 4, 2023

raffaele-moodys commented Dec 18, 2023 •

edited

Loading

relaxedleaf commented Feb 29, 2024

henryfung3a27 commented Oct 18, 2024

[BUG] Transitive Dependency Vulnerability: inflight: 1.0.6 #2609

[BUG] Transitive Dependency Vulnerability: inflight: 1.0.6 #2609

Comments

fmaiavieira commented Dec 1, 2023 • edited Loading

🐛 Bug Report

yikenman commented Dec 4, 2023

raffaele-moodys commented Dec 18, 2023 • edited Loading

Update:

relaxedleaf commented Feb 29, 2024

henryfung3a27 commented Oct 18, 2024

fmaiavieira commented Dec 1, 2023 •

edited

Loading

raffaele-moodys commented Dec 18, 2023 •

edited

Loading