search

Unitech / pm2

Node.js Production Process Manager with a built-in Load Balancer.
https://pm2.keymetrics.io/docs/usage/quick-start/
Other
41.34k stars 2.61k forks source link

Snyk vulnerability detected for inflight #5721

Open ak-seek opened 9 months ago

ak-seek commented 9 months ago

What's going wrong?

inflight package that pm2 depends on (pm2@5.3.0yamljs@0.3.0glob@7.2.0inflight@1.0.6) seems to have a memory leak issue according to Snyk: https://security.snyk.io/vuln/SNYK-JS-INFLIGHT-6095116

glob have removed this dependency v9 onwards: https://github.com/isaacs/node-glob/issues/435

yamljs has essentially be discontinued (last published version was over 6 years ago). Is there anyway we can get pm2 to move away from this package or resolve to a higher glob version?

boxexchanger commented 7 months ago

Hi, @Unitech could you also review this issue please.

GhassenRjab commented 7 months ago

This PR should fix it