Skip to content

fix: Update Glob to fix memory leak issue from inflight #430

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 7 commits into
base: master
Choose a base branch
from
Open

fix: Update Glob to fix memory leak issue from inflight #430

wants to merge 7 commits into from

Conversation

@mkonikov
Copy link

@mkonikov mkonikov commented Nov 17, 2025
edited
Loading

This PR updates the glob dependency to v10, which removes the dependency on the abandoned and vulnerable inflight package.

Glob 11 (the oldest non vulnerable version) updated the min required node version to 20, so made updates accordingly. Updated jest to recent version so tests will pass.

Workflows

Fixed the ci workflow that was trying to use a matrix for different node versions but was not actually using the intended node versions. Updated to checkout v4 at same time.

Associated Issues

Fixes #277
Fixes #429

@mkonikov mkonikov mentioned this pull request Nov 17, 2025
Open
@daniloab
Copy link
Collaborator

daniloab commented Nov 18, 2025

@mkonikov thanks for the PR! Can you help to fix the failed actions?

@mkonikov
Copy link
Author

mkonikov commented Nov 18, 2025

@daniloab Updated the lock files. Should work now. Please rerun.

@daniloab
Copy link
Collaborator

daniloab commented Nov 18, 2025
edited
Loading

@mkonikov would you mind check again audit and tests for 18x? Thanks for helping!

@daniloab daniloab mentioned this pull request Nov 18, 2025
Open
mkonikov and others added 3 commits November 18, 2025 09:52
@mkonikov
Update all vulnerable dependencies
5ae0e2b
@mkonikov
Update lock
4d3db0b
@mkonikov
Fix node versions in ci matrix (#3)
f8dcc93 
* Fix node versions in ci matrix

* Update cli.spec.js.snap

* Update ci.yml
@mkonikov
Copy link
Author

mkonikov commented Nov 18, 2025

@daniloab Fixed! (Needed to update Glob to v11 and other packages to pass audits)

@mkonikov
Copy link
Author

mkonikov commented Nov 20, 2025

@daniloab Look good?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Module is not supported or leak memory vulnerability issue with inflight @1.0.6

2 participants

@mkonikov @daniloab