const inflight = require('inflight');
function testInflight() {
let i = 0;
function scheduleNext() {
let key = `key-${i++}`;
const callback = () => {
};
for (let j = 0; j < 1000000; j++) {
inflight(key, callback);
}
setImmediate(scheduleNext);
}
if (i % 100 === 0) {
console.log(process.memoryUsage());
}
scheduleNext();
}
testInflight();
As an Enterprise customer, I expect libraries which are maintained, managed and endorsed by Adobe to meet basic vulnerability scanning standards. This library in its current form introduces CVE's into organizations.
Actual Behavior: 2 medium severity vulnerabilities have indeed been detected.
Reproduce Scenario (including but not limited to)
Steps to reproduce can be found on Synk Security Vulnerability Database: https://security.snyk.io/vuln/SNYK-JS-INFLIGHT-6095116
Platform and Version
N/A
Sample Code that illustrates the problem
Logs taken while reproducing problem
isaacs/inflight-DEPRECATED-DO-NOT-USE#5