pm2 icon indicating copy to clipboard operation
pm2 copied to clipboard
verified publisher icon Unitech

Snyk vulnerability detected for inflight

Open ak-seek opened this issue 2 years ago • 2 comments

What's going wrong?

inflight package that pm2 depends on ([email protected][email protected][email protected][email protected]) seems to have a memory leak issue according to Snyk: https://security.snyk.io/vuln/SNYK-JS-INFLIGHT-6095116

glob have removed this dependency v9 onwards: https://github.com/isaacs/node-glob/issues/435

yamljs has essentially be discontinued (last published version was over 6 years ago). Is there anyway we can get pm2 to move away from this package or resolve to a higher glob version?

ak-seek avatar Nov 30 '23 23:11 ak-seek

Hi, @Unitech could you also review this issue please.

boxexchanger avatar Jan 22 '24 21:01 boxexchanger

This PR should fix it

GhassenRjab avatar Feb 12 '24 16:02 GhassenRjab