Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Updating babel library which have migrated to new package. #4112

Merged
merged 1 commit into from
Feb 13, 2023
Merged

Updating babel library which have migrated to new package. #4112

merged 1 commit into from
Feb 13, 2023

Conversation

KoenDG
Copy link
Contributor

@KoenDG KoenDG commented Feb 12, 2023

Fixes 1 critical vulnerability.

Description

npm audit generated a critical vulnerability

Related Issues

N/A

Appearance

N/A

The vulnerability was this:

loader-utils  2.0.0 - 2.0.3
Severity: critical
loader-utils is vulnerable to Regular Expression Denial of Service (ReDoS) via url variable - https://github.com/advisories/GHSA-3rfm-jhwj-7488
loader-utils is vulnerable to Regular Expression Denial of Service (ReDoS) - https://github.com/advisories/GHSA-hhq3-ff78-jv3g
Prototype pollution in webpack loader-utils - https://github.com/advisories/GHSA-76p3-8jx3-jpfq
fix available via `npm audit fix`
node_modules/loader-utils

Warning: I only updated the library and regenerated the yarn lockfile. No test was done for this, didn't see a test script in the package.json

@KoenDG KoenDG requested a review from h3poteto as a code owner February 12, 2023 18:55
h3poteto
h3poteto approved these changes Feb 13, 2023
View reviewed changes
Copy link
Owner

@h3poteto h3poteto left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you!

@h3poteto h3poteto merged commit 2db23f1 into h3poteto:master Feb 13, 2023
@KoenDG KoenDG deleted the babel_dep_update branch February 13, 2023 16:41
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@h3poteto h3poteto h3poteto approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@KoenDG @h3poteto