workbox icon indicating copy to clipboard operation
workbox copied to clipboard

Published 20 hours ago • verified publisher icon GoogleChrome

Memory leak vulnerability by inflight package

Open ornew opened this issue 1 year ago • 1 comments

The workbox depends on the inflight package, which has a reported memory leak vulnerability.

https://security.snyk.io/vuln/SNYK-JS-INFLIGHT-6095116

https://github.com/isaacs/inflight/issues/5

Library Affected: workbox-build

Browser & Platform: all

Issue or Feature Request Description: To fix this, you will need to use fast-glob or upgrade the dependency to glob v9 where the dependency on inflight has been removed.

https://github.com/isaacs/node-glob/issues/435 https://github.com/angular/angular/pull/50632

ornew avatar Dec 04 '23 03:12 ornew

Not a really vulnerability

TheNewSound avatar Dec 28 '23 03:12 TheNewSound

Hi there,

Workbox is moving to a new engineering team within Google. As part of this move, we're declaring a partial bug bankruptcy to allow the new team to start fresh. We realize this isn't optimal, but realistically, this is the only way we see it working. For transparency, here're the criteria we applied:

Thanks, and we hope for your understanding! The Workbox team

tomayac avatar Apr 25 '24 08:04 tomayac