search

nvuillam / npm-groovy-lint

Lint, format and auto-fix your Groovy / Jenkinsfile / Gradle files using command line
https://nvuillam.github.io/npm-groovy-lint/
MIT License
207 stars 63 forks source link

Transversal dependency to Inflight 1.0.6 #407

Closed dacloutier-logmein closed 1 month ago

dacloutier-logmein commented 2 months ago

source: https://www.npmjs.com/package/inflight

This package has been deprecated

Author message:

This module is not supported, and leaks memory. Do not use it. Check out lru-cache if you want a good and tested way to coalesce async requests by a key value, which is much more comprehensive and powerful.

here is a transitive dependency to inflight, via glob 7.2.3

npm-groovy-lint 14.6.0
├─┬ glob 7.2.3
│ ├─┬ inflight 1.0.6

It is flagged by sonatype for potential security issues:

https://github.com/user-attachments/assets/4a23f507-1c1f-489c-934b-392858c27c11

Dunno if this can be avoided.

nvuillam commented 2 months ago

@dacloutier-logmein I'm currently preparing a new version of npm-groovy-lint with many upgraded dependencies, it's hard to find the time but it's in my backlog, you can count for sure that it will be taken care of with an upgrade of glob library :)

github-actions[bot] commented 1 month ago

This issue has been automatically marked as stale because it has not had recent activity. It will be closed in 14 days if no further activity occurs. Thank you for your contributions.

If you think this issue should stay open, please remove the O: stale 🤖 label or comment on the issue.