transloco Bug(scope): inflight 1.0.6 dependency has security issue.

Bug(scope): inflight 1.0.6 dependency has security issue.

Open iChicago opened this issue 1 year ago • 2 comments

Is there an existing issue for this?

[X] I have searched the existing issues

Which Transloco package(s) are the source of the bug?

Transloco

Is this a regression?

Current behavior

We ran a security check for transloco dependency in Angular and we found that it uses inflight 1.0.6 which may lead to Denial of Service (DoS) after memory leakage.

the package inflight in not actively maintained https://www.npmjs.com/package/inflight

Expected behavior

Use alternative package other than inflight or remove it if it is not used.

Please provide a link to a minimal reproduction of the bug, if you won't provide a link the issue won't be handled.

no need

Transloco Config

no need

Please provide the environment you discovered this bug in

Transloco: 6.0.0
Angular: 16
Node: v18.10.0
Package Manager: npm
OS: windows

Browser

All

Additional context

No response

I would like to make a pull request for this bug

Jan 25 '24 13:01 iChicago

transloco transloco copied to clipboard

Bug(scope): inflight 1.0.6 dependency has security issue.

Is there an existing issue for this?

Which Transloco package(s) are the source of the bug?

Is this a regression?

Current behavior

Expected behavior

Please provide a link to a minimal reproduction of the bug, if you won't provide a link the issue won't be handled.

Transloco Config

Please provide the environment you discovered this bug in

Browser

Additional context

I would like to make a pull request for this bug

transloco
transloco copied to clipboard