Transitive dependency to inflight 1.0.6

[dacloutier-logmein]

source: https://www.npmjs.com/package/inflight

This package has been deprecated

Author message:

This module is not supported, and leaks memory. Do not use it. Check out lru-cache if you want a good and tested way to coalesce async requests by a key value, which is much more comprehensive and powerful.

There is a transitive dependency to inflight, via rimraf.

axe-html-reporter 2.2.5
├── axe-core 4.9.1 peer
├── mustache 4.2.0
└─┬ rimraf 3.0.2
  └─┬ glob 7.2.3
    ├── fs.realpath 1.0.0
    ├─┬ inflight 1.0.6
    │ ├─┬ once 1.4.0
    │ │ └── wrappy 1.0.2
    │ └── wrappy 1.0.2
    ├── inherits 2.0.4
    ├─┬ minimatch 3.1.2
    │ └─┬ brace-expansion 1.1.11
    │   ├── balanced-match 1.0.2
    │   └── concat-map 0.0.1
    ├─┬ once 1.4.0
    │ └── wrappy 1.0.2
    └── path-is-absolute 1.0.1

latest version of rimraf is 6.0.1 and no longer pulls on inflight

Also, it is flagged by sonatype for potential security issues:

[lpelypenko]

Hi @dacloutier-logmein, Thank you for reporting it. I realized that dependency on rimraf is not needed and removed it and updated jest that also pulled older version of glob with inflight 1.0.6. Unfortunately, upgrade of jest did not help, latest versions are still using old glob 7 that uses old rimraf with inflight 1.x.x. The issue is solved only in jest v30.0.0-alpha.6 which is using the latest glob that uses a higher inflight version.

I will monitor jest release and as soon as I can bump jest I will do it in a separate patch.

Removed dependency on rimraf in this library is released in axe-html-reporter v2.2.6.