joshcartme
commented
6 months ago I see that renovate attempted to upgrade glob to 9 in https://github.com/protobufjs/protobuf.js/pull/1869. Something went wrong but the logs from what failed are gone. Locally I've tried upgrading it to the latest 9 and for my purposes, which are not comprehensive, it works fine.
avifenesh
protobuf.js version: 7.2.6 protobufjs-cli version: 1.1.2
The CLI pulls in
"glob": "^8.0.0",. glob less than 9 hasinflightas a dependency.inflighthas a known vulnerability, https://security.snyk.io/package/npm/inflight, and as it appears to be abandonware will likely never be fixed. It is also not going to be fixed in the8.xbranch of glob, https://github.com/isaacs/node-glob/issues/573.It appears the the use of glob in the cli is compatible with 9 or 10, I'm not entirely sure how to evaluate that myself.