Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

@babel/traverse security vulnerability #80

Closed
andreyfel opened this issue Dec 13, 2023 · 2 comments · Fixed by #106
Closed

@babel/traverse security vulnerability #80

andreyfel opened this issue Dec 13, 2023 · 2 comments · Fixed by #106

Comments

@andreyfel
Copy link

@babel/traverse below 7.23.2 is vulnerable.
GHSA-67hx-6x53-jw92
All the apps updated to ember-cli 5.5.0 became vulnerable.
This package should allow ranges in the dependencies instead of locked versions.
andreyfel added a commit to retailnext/ember-bem-helpers that referenced this issue Dec 13, 2023
@andreyfel
Fix @babel/traverse vulnerability
eee744e 
https://github.com/retailnext/ember-bem-helpers/security/dependabot/26
ember-cli was updated to v5.5.0 and it got a new dependency from
ember-template-tag which has dependencies locked at certain (vulnerable)
versions:
patricklx/ember-template-tag#80

Use pnpm overrides to fix that.
@andreyfel andreyfel mentioned this issue Dec 13, 2023
Merged
andreyfel added a commit to retailnext/ember-bem-helpers that referenced this issue Dec 13, 2023
@andreyfel
Fix @babel/traverse vulnerability
b55bb7c 
https://github.com/retailnext/ember-bem-helpers/security/dependabot/26
ember-cli was updated to v5.5.0 and it got a new dependency from
ember-template-tag which has dependencies locked at certain (vulnerable)
versions:
patricklx/ember-template-tag#80

Use pnpm overrides to fix that.
@andreyfel andreyfel mentioned this issue Dec 13, 2023
Closed
@andreyfel andreyfel changed the title @babel/traverse swcurity vulnerability @babel/traverse security vulnerability Dec 15, 2023
@valterfab
Copy link

valterfab commented Jan 22, 2024
edited
Loading

@patricklx Any ETA on this? Thank you

@mkszepp
Copy link

mkszepp commented Feb 13, 2024
edited
Loading

@patricklx would be great to update this dependency to alllow range

@patricklx patricklx mentioned this issue Feb 14, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Bump @babel/traverse and @types/babel__traverse patricklx/ember-template-tag
3 participants
@andreyfel @mkszepp @valterfab