Memory leak detected in version inflight-1.0.6 by veracode

[rahmanfasalu]

npm-check-updates has a transient dependency, 'inflight,' which has a memory leak detected by Veracode. Therefore, this should be addressed

npm-check-updates@16.14.11
| `-- pacote@15.2.0
|   `-- @npmcli/run-script@6.0.2
|     `-- node-gyp@9.4.1
|       `-- make-fetch-happen@10.2.1
|         `-- cacache@16.1.3
|           `-- glob@8.1.0
|             `-- inflight@1.0.6 

ref: isaacs/inflight#18

[raineorshine]

Hi, thanks for reporting.

In the upcoming v17 release (currently in the main branch), inflight does not appear to be used by any prod dependency, so this won't be an issue any more.

All of these are devDependencies:

$ npm ls inflight
npm-check-updates@17.0.0-0 /Users/raine/projects/npm-check-updates
├─┬ c8@8.0.1
│ ├─┬ rimraf@3.0.2
│ │ └─┬ glob@7.2.3
│ │   └── inflight@1.0.6 deduped
│ └─┬ test-exclude@6.0.0
│   └─┬ glob@7.2.3
│     └── inflight@1.0.6 deduped
├─┬ eslint@8.53.0
│ └─┬ file-entry-cache@6.0.1
│   └─┬ flat-cache@3.0.4
│     └─┬ rimraf@3.0.2
│       └─┬ glob@7.2.3
│         └── inflight@1.0.6 deduped
├─┬ mocha@10.2.0
│ └─┬ glob@7.2.0
│   └── inflight@1.0.6
└─┬ typescript-json-schema@0.57.0
  └─┬ glob@7.2.3
    └── inflight@1.0.6 deduped