`glob` lib dependency, depends on `Inflight` lib which is now introducing a security vulnerability

[markgrichani]

Current Behavior

inflight@1.0.6 has a vulnerability of "Missing Release of Resource after Effective Lifetime". https://security.snyk.io/vuln/SNYK-JS-INFLIGHT-6095116 Nx depends on glob@7.1.4 which depends on inflight@1.0.6.

Expected Behavior

No vulnerability. As suggested in https://security.snyk.io/vuln/SNYK-JS-INFLIGHT-6095116 glob lib should be updated to latest 10.x.x version (which is not depends on inflight)

GitHub Repo

No response

Steps to Reproduce

1. nx/package.json file includes:

2. Navigate to https://security.snyk.io/vuln/?search=inflight

Nx Report

Node   : 20.0.0
   OS     : darwin-x64
   npm    : 9.6.4

   nx (global)        : 16.9.1
   nx                 : 16.9.1
   @nx/js             : 16.9.1
   @nx/jest           : 16.9.1
   @nx/linter         : 16.9.1
   @nx/workspace      : 16.9.1
   @nx/cypress        : 16.9.1
   @nx/devkit         : 16.9.1
   @nx/eslint-plugin  : 16.9.1
   @nx/plugin         : 16.9.1
   @nx/react          : 16.9.1
   @nx/rollup         : 16.9.1
   @nx/storybook      : 16.9.1
   @nrwl/tao          : 16.9.1
   @nx/web            : 16.9.1
   @nx/webpack        : 16.9.1
   typescript         : 5.1.6
   ---------------------------------------
   Community plugins:
   nx-stylelint : 16.0.1
   ---------------------------------------
   Local workspace plugins:
         @cyberark-ui/nx-version-manager-plugin

Failure Logs

No response

Package Manager Version

No response

Operating System

• [X] macOS
• [ ] Linux
• [ ] Windows
• [ ] Other (Please specify)

Additional Information

No response

[Djontleman]

Can second this, we are getting alerted for this on latest (nx@17.1.3).

[FrozenPandaz]

The nx package no longer depends on glob since rimraf@4.0.0 was released.

[github-actions[bot]]

This issue has been closed for more than 30 days. If this issue is still occuring, please open a new issue with more recent context.