Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Issue][<dependecies>] SNYK Inflight vulnerability in inflight@1.0.6 #1069

Closed
sebestenyb opened this issue May 3, 2024 · 3 comments
Closed

[Issue][<dependecies>] SNYK Inflight vulnerability in inflight@1.0.6 #1069

sebestenyb opened this issue May 3, 2024 · 3 comments
Assignees
@LouisMazel
Labels
BUG FIX Something isn't working

Comments

@sebestenyb
Copy link

Describe the bug

Medium severity memory leak in inflight@1.0.6: https://security.snyk.io/vuln/SNYK-JS-INFLIGHT-6095116

To Reproduce

Please see the dependency tree below, eslint updated their dependencies in v9 to fx the issue:
eslint/eslint#17872

Screenshots

Issues with no direct upgrade or patch:
  ✗ Missing Release of Resource after Effective Lifetime [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-INFLIGHT-6095116] in inflight@1.0.6
    introduced by maz-ui@3.43.0 > eslint@8.57.0 > file-entry-cache@6.0.1 > flat-cache@3.2.0 > rimraf@3.0.2 > glob@7.2.3 > inflight@1.0.6
  No upgrade or patch available

Additional context

Is it possible to update eslint to v9?
@sebestenyb sebestenyb added the BUG FIX Something isn't working label May 3, 2024
@LouisMazel
Copy link
Owner

Hi @sebestenyb,

By mistake, I included Eslint in the dependencies instead of devDependencies. I will fix it by moving Eslint to devDependencies and it will not be included in the maz-ui installation. This issue will disappear.

And just for more information:
Unfortunately, I can't migrate Eslint to v9 for the moment because many plugins used in the project are not ready, I have to wait for plugin updates:
image

And inflight@1.0.6 is always present in the v9. As you can see in your message "No upgrade or patch available".

@LouisMazel LouisMazel mentioned this issue May 3, 2024
Merged
11 tasks
@LouisMazel
Copy link
Owner

Solved in v3.43.2

@sebestenyb
Copy link
Author

Understand, thank you.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@LouisMazel LouisMazel

Labels
BUG FIX Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@sebestenyb @LouisMazel