@cucumber/cucumber@9.5.1 depends on glob@7.2.3 package which also has a vulnerable dependency 'infligh@1.0.6'.
As per 'https://github.com/isaacs/inflight/issues/18' vulnerable dependency is being fixed in glob@9.0.0.
✅ What did you expect to see?
Cucumber lib using an updated version of glob. > 9.0.0 without any vulnerabilities
📦 Which tool/library version are you using?
9.5.1
🔬 How could we reproduce it?
Steps to reproduce the behavior:
Install @cucumber/cucumber@9.5.19.5.1
npm list inflight
Observe that cucumber is dependent is glob@7.2.3 -> inflight@1.0.6
👓 What did you see?
@cucumber/cucumber@9.5.1 depends on glob@7.2.3 package which also has a vulnerable dependency 'infligh@1.0.6'. As per 'https://github.com/isaacs/inflight/issues/18' vulnerable dependency is being fixed in glob@9.0.0.
✅ What did you expect to see?
Cucumber lib using an updated version of glob. > 9.0.0 without any vulnerabilities
📦 Which tool/library version are you using?
9.5.1
🔬 How could we reproduce it?
Steps to reproduce the behavior: