Bug(scope): inflight 1.0.6 dependency has security issue.

[iChicago]

Is there an existing issue for this?

• I have searched the existing issues

Which Transloco package(s) are the source of the bug?

Transloco

Is this a regression?

No

Current behavior

We ran a security check for transloco dependency in Angular and we found that it uses inflight 1.0.6 which may lead to Denial of Service (DoS) after memory leakage.

the package inflight in not actively maintained https://www.npmjs.com/package/inflight

Expected behavior

Use alternative package other than inflight or remove it if it is not used.

Please provide a link to a minimal reproduction of the bug, if you won't provide a link the issue won't be handled.

no need

Transloco Config

no need

Please provide the environment you discovered this bug in

Transloco: 6.0.0
Angular: 16
Node: v18.10.0
Package Manager: npm
OS: windows

Browser

All

Additional context

No response

I would like to make a pull request for this bug

No

[abdallahbedir2]

Yes, please stop using inflight

npm warn deprecated [email protected]: This module is not supported, and leaks memory. Do not use it. Check out lru-cache if you want a good and tested way to coalesce async requests by a key value, which is much more comprehensive and powerful.

[shaharkazaz]

@iChicago @abdallahbedir2 This isn't used in production, it's used by the schematics.
This is related to #768, once the schematics are upgraded to ESM with the latest packages this will be resolved.