mirror of https://github.com/pulumi/pulumi.git
3993499eed
# Description https://security.snyk.io/vuln/SNYK-JS-INFLIGHT-6095116 Ref https://github.com/pulumi/customer-support/issues/1405 Snyk is flagging the `inflight` package. We pull this in via `glob@8.1.0`. More recent versions of glob do not use the vulnerable package, but we can't upgrade to those versions because of the Typescript version we use. Instead, replace glob with fdir. Note that we still pull in inflight via mocha, however that is a devDependency and won't be included in user installations of pulumi. To test, I ran: ```bash cd sdks/nodejs make build cd bi npm pack ``` Then I created a simple Pulumi Typescript program and installed the packed file, and was able to run `./node_modules/.bin/tsc` successfully (after adding @types/node@^17) ## Checklist - [ ] I have run `make tidy` to update any new dependencies - [ ] I have run `make lint` to verify my code passes the lint check - [ ] I have formatted my code using `gofumpt` <!--- Please provide details if the checkbox below is to be left unchecked. --> - [ ] I have added tests that prove my fix is effective or that my feature works <!--- User-facing changes require a CHANGELOG entry. --> - [ ] I have run `make changelog` and committed the `changelog/pending/<file>` documenting my change <!-- If the change(s) in this PR is a modification of an existing call to the Pulumi Cloud, then the service should honor older versions of the CLI where this change would not exist. You must then bump the API version in /pkg/backend/httpstate/client/api.go, as well as add it to the service. --> - [ ] Yes, there are changes in this PR that warrants bumping the Pulumi Cloud API version <!-- @Pulumi employees: If yes, you must submit corresponding changes in the service repo. --> --------- Co-authored-by: Thomas Gummerer <t.gummerer@gmail.com> |
||
|---|---|---|
| .. | ||
| closure | ||
| asyncIterableUtil.ts | ||
| callbacks.ts | ||
| config.ts | ||
| debuggable.ts | ||
| index.ts | ||
| invoke.ts | ||
| mocks.ts | ||
| resource.ts | ||
| rpc.ts | ||
| settings.ts | ||
| stack.ts | ||
| state.ts | ||