search

adamreisnz / replace-in-file

A simple utility to quickly replace contents in one or more files
580 stars 65 forks source link

Update Glob to v10 to resolve CWE-772 in inflight #189

Closed sohaisha closed 3 months ago

sohaisha commented 7 months ago

Inflight has a medium security vulnerability:

  1. CWE-772 - https://cwe.mitre.org/data/definitions/772.html
  2. https://security.snyk.io/package/npm/inflight/1.0.6
  3. There is no fixed version for inflight
  4. This library is not maintained, and currently, there is no fix for this issue. To overcome this vulnerability, several dependent packages have eliminated the use of this library.

The only solution is to update glob to v10 in replace-in-file.