How to Remediate: Vulnerability Detected in inflight package (Missing Release of Resource after Effective Lifetime)
I recently ran a security scan using Checkmarx One and detected a high vulnerability in the npm inflight package (version 1.0.6).
Package: inflight
Version: 1.0.6 (latest)
CWE: CWE-722 (Missing Release of Resource after Effective Lifetime)
Description: In NPM inflight there is a Memory Leak because some resources are not freed correctly after being used. It appears to affect all versions, as the issue was not addressed and no fix is found. NOTE: In the meantime, logdna-agent, a package that depends on inflight, has merged a commit to address this solely in their package (so it should be fixed in logdna-agent in versions 1.6.5 and later). Node-glob, a package that also depends on inflight, was also planning to address this by not using inflight after version 8 is released, but it is still being used.
I did not directly install and use the inflight package. It is a dependency of the package that I am currently using which is mocha @ 10.2.0.
Screenshot of Checkmarx One description of the vulnerability
Is there any recommended remediation for this vulnerability?
