[BUG] Replace vulnerable inflight package #2418
Labels
bug
Something isn't working
Comments
|
Thanks for reporting this issue, don't forget to star this project if you haven't already to help us reach a wider audience. |
|
HI @random-forest1, since this is a peer dependency, It needs to be handled in the glob package as such, not something that would be fixed in this action |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Is there an existing issue for this?
Does this issue exist in the latest version?
Describe the bug?
Hello,
Our security team has identified that the inflight package that the action uses under the hood is vulnerable and needs to be replaced with something else. In addition, that package is also deprecated. See: isaacs/inflight-DEPRECATED-DO-NOT-USE#5
I do not have enough knowledge of how the action is built to identify which dependency needs to be fixed for the above to be resolved. Maybe node-glob?
To Reproduce
Not applicable
What OS are you seeing the problem on?
ubuntu-20.04, ubuntu-latest or ubuntu-22.04
Expected behavior?
Not applicable
Relevant log output
Has all relevant logs been included?
Anything else?
No response
Code of Conduct
The text was updated successfully, but these errors were encountered: