Vulnerability Found: Missing Release of Resource after Effective Lifetime (SNYK-JS-INFLIGHT-6095116)

[lacort]

Hello !!

It has been identified that bcrypt@5.1.1 introduces a missing release of resource after effective lifetime vulnerability via a transitive dependency. The vulnerability is linked to the package inflight@1.0.6, as reported in the Snyk vulnerability database: SNYK-JS-INFLIGHT-6095116.

Vulnerability Path:

• bcrypt@5.1.1
  • @mapbox/node-pre-gyp@1.0.11
    • rimraf@3.0.2
      • glob@7.2.0
        • inflight@1.0.6

Severity: Medium Severity

Recommended Actions:

Currently, no patch or upgrade is available to address this vulnerability. I recommend that the team investigate possible mitigations, whether by updating or removing the affected transitive dependencies, or by finding alternative solutions to reduce the security risk.

Thank you for your attention to this issue.

[madugba]

This has been a major challenge for me, I try writing an alternative patch for it seems not to still work. I know this is not yet been exploited but I think an urgent update is needed.
inflight Missing Release of Resource after Effective Lifetime And to the best of my knowledge, inflight is out dated and is not being maintained.