Angular vulnerability inflight@1.0.6 deduped

Question

I'm having problems with the inflight@1.0.6 deduped lib, it is a child of some angular CORE libs, and I need to mitigate this vulnerability. At the moment I don't have time to migrate to angular 16, would there be some way to remove this inflight lib from the dependencies of other libs?

A way to do an exclude as it is done in java inside the .pom?

─┬ @angular-devkit/build-angular@13.3.11
│ ├─┬ babel-plugin-istanbul@6.1.1
│ │ └─┬ test-exclude@6.0.0
│ │   └─┬ glob@7.2.3
│ │     └── inflight@1.0.6  deduped
│ ├─┬ cacache@15.3.0
│ │ └─┬ glob@7.2.3
│ │   └── inflight@1.0.6  deduped
│ ├─┬ glob@7.2.0
│ │ └── inflight@1.0.6 
│ └─┬ stylus@0.56.0
│   └─┬ glob@7.2.3
│     └── inflight@1.0.6  deduped
├─┬ @angular/cli@13.3.11
│ └─┬ pacote@12.0.3
│   ├─┬ @npmcli/run-script@2.0.0
│   │ └─┬ node-gyp@8.4.1
│   │   └─┬ glob@7.2.3
│   │     └── inflight@1.0.6  deduped
│   ├─┬ npm-packlist@3.0.0
│   │ └─┬ glob@7.2.3
│   │   └── inflight@1.0.6  deduped
│   └─┬ npm-registry-fetch@12.0.2
│     └─┬ make-fetch-happen@10.2.1
│       └─┬ cacache@16.1.3
│         └─┬ glob@8.1.0
│           └── inflight@1.0.6  deduped

It's a vulnerability affecting the CLI, there is not runtime issue. It's not critical. — Matthieu Riegler, Aug 07 '23 at 20:35

Angular vulnerability inflight@1.0.6 deduped

0 Answers0