The problem in depth

We recently upgraded our MUI pro license to MUI premium, but after making the code changes our Static Application Security Testing software (Snyk) is now surfacing a vulnerability introduced by @mui/x-data-grid-premium

It seems it is introduced through this path: @mui/[email protected] › [email protected] › [email protected] › [email protected] › [email protected] › [email protected]

(I know above it says @mui/[email protected], but v7.5.0 also uses [email protected] and this was tested)

Here is the relevant link to the issue in inflight: isaacs/inflight-DEPRECATED-DO-NOT-USE#5

We are unable to use MUI Pro if it does not meet our security requirements and we are unsure how to get around this one.

I am noticing glob v9.0.0 does not have this vulnerability, archiver-utils v5.0.0 does not have this vulnerability, archiver v7.0.0 does not have this vulnerability. Any chance either of those could be pinned on your end? No clue if this is helpful, just sharing what I have found

Your environment

   System:
    OS: macOS 13.6
  Binaries:
    Node: 18.6.0 - /opt/homebrew/bin/node
    npm: 8.19.2 - /opt/homebrew/bin/npm
    pnpm: Not Found
  Browsers:
    Chrome: 124.0.6367.208
    Edge: Not Found
    Safari: 16.6

Search keywords: [email protected], security vulnerability

Duplicates

• https://groups.google.com/a/mui.com/g/security/c/6nR3Cqtl1OI
• https://mui.zendesk.com/agent/tickets/19538