Dependencies have security vulnerabilities in inflight

[HalaburdaAndrei]

Note
For @salesforce/cli even the latest 2.75.5 version

Summary

Hello @Salesforce/CLI team. We scanned @Salesforce/CLI source code with Snyk
Missing Release of Resource after Effective Lifetime [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-INFLIGHT-6095116] in inflight@1.0.6
introduced by @salesforce/cli@2.75.5 > @salesforce/plugin-trust@3.7.59 > shelljs@0.8.5 > glob@7.2.3 > inflight@1.0.6 and 5 other path(s)

This library is not maintained, and currently, there is no fix for this issue. To overcome this vulnerability, several dependent packages have eliminated the use of this library. Will there be an opportunity to fix this?

[github-actions]

Thank you for filing this issue. We appreciate your feedback and will review the issue as soon as possible. Remember, however, that GitHub isn't a mechanism for receiving support under any agreement or SLA. If you require immediate assistance, contact Salesforce Customer Support.

[github-actions]

Hello @HalaburdaAndrei 👋 It looks like you didn't include the full Salesforce CLI version information in your issue.
Please provide the output of version --verbose --json for the CLI you're using (sf or sfdx).

A few more things to check:

• Make sure you've provided detailed steps to reproduce your issue.
  • A repository that clearly demonstrates the bug is ideal.
• Make sure you've installed the latest version of Salesforce CLI. (docs)
  • Better yet, try the rc or nightly versions. (docs)
• Try running the doctor command to diagnose common issues.
• Search GitHub for existing related issues.

Thank you!

[cristiand391]

shelljs doesn't seem to be really affected by this, see: shelljs/shelljs#1149 (comment)