Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Snyk vulnerability detected for inflight #5721

Open
ak-seek opened this issue Nov 30, 2023 · 2 comments
Open

Snyk vulnerability detected for inflight #5721

ak-seek opened this issue Nov 30, 2023 · 2 comments

Comments

@ak-seek
Copy link

ak-seek commented Nov 30, 2023

What's going wrong?

inflight package that pm2 depends on (pm2@5.3.0yamljs@0.3.0glob@7.2.0inflight@1.0.6) seems to have a memory leak issue according to Snyk: https://security.snyk.io/vuln/SNYK-JS-INFLIGHT-6095116

glob have removed this dependency v9 onwards: isaacs/node-glob#435

yamljs has essentially be discontinued (last published version was over 6 years ago). Is there anyway we can get pm2 to move away from this package or resolve to a higher glob version?
@rbndg rbndg mentioned this issue Jan 2, 2024
Open
SeverinAlexB added a commit to SeverinAlexB/pm2 that referenced this issue Jan 5, 2024
@SeverinAlexB
fix: Replaced yamljs with yaml due to memory leak Unitech#5721
83a3269
@boxexchanger
Copy link

boxexchanger commented Jan 22, 2024
edited

Hi, @Unitech could you also review this issue please.

@GhassenRjab GhassenRjab mentioned this issue Feb 12, 2024
Open
@GhassenRjab
Copy link

This PR should fix it

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@GhassenRjab @ak-seek @boxexchanger