Skip to content

Upgrade Node packages to patch critical vulnerability in Babel#9389

Merged
mitchellhenke merged 1 commit intomainfrom
mitchellhenke/update-babel-critical-vulnerability
Oct 16, 2023
Merged

Upgrade Node packages to patch critical vulnerability in Babel#9389
mitchellhenke merged 1 commit intomainfrom
mitchellhenke/update-babel-critical-vulnerability

Conversation

@mitchellhenke
Copy link
Contributor

@mitchellhenke mitchellhenke commented Oct 16, 2023

🛠 Summary of changes

Attempts to upgrade dependencies that have known security vulnerabilities.

yarn audit:

┌───────────────┬──────────────────────────────────────────────────────────────┐
│ critical      │ Babel vulnerable to arbitrary code execution when compiling  │
│               │ specifically crafted malicious code                          │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ @babel/traverse                                              │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in    │ >=7.23.2                                                     │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ @babel/core                                                  │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ @babel/core > @babel/traverse                                │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://www.npmjs.com/advisories/1094349                     │
└───────────────┴──────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ critical      │ Babel vulnerable to arbitrary code execution when compiling  │
│               │ specifically crafted malicious code                          │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ @babel/traverse                                              │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in    │ >=7.23.2                                                     │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ @babel/core                                                  │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ @babel/core > @babel/helper-module-transforms >              │
│               │ @babel/traverse                                              │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://www.npmjs.com/advisories/1094349                     │
└───────────────┴──────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ critical      │ Babel vulnerable to arbitrary code execution when compiling  │
│               │ specifically crafted malicious code                          │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ @babel/traverse                                              │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in    │ >=7.23.2                                                     │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ @babel/preset-env                                            │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ @babel/preset-env > @babel/plugin-transform-modules-amd >    │
│               │ @babel/helper-module-transforms > @babel/traverse            │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://www.npmjs.com/advisories/1094349                     │
└───────────────┴──────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ critical      │ Babel vulnerable to arbitrary code execution when compiling  │
│               │ specifically crafted malicious code                          │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ @babel/traverse                                              │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in    │ >=7.23.2                                                     │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ @babel/preset-env                                            │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ @babel/preset-env >                                          │
│               │ @babel/plugin-proposal-async-generator-functions >           │
│               │ @babel/helper-remap-async-to-generator >                     │
│               │ @babel/helper-wrap-function > @babel/traverse                │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://www.npmjs.com/advisories/1094349                     │
└───────────────┴──────────────────────────────────────────────────────────────┘

@mitchellhenke mitchellhenke requested a review from aduth October 16, 2023 14:21
Upgrade Node packages to patch critical vulnerability in Babel
253ca0c 
changelog: Internal, Dependencies, Upgrade Node packages to patch critical vulnerability in Babel
@mitchellhenke mitchellhenke force-pushed the mitchellhenke/update-babel-critical-vulnerability branch from 91c3c11 to 253ca0c Compare October 16, 2023 14:47
aduth
aduth approved these changes Oct 16, 2023
View reviewed changes
Copy link
Contributor

@aduth aduth left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@mitchellhenke mitchellhenke merged commit b488428 into main Oct 16, 2023
@mitchellhenke mitchellhenke deleted the mitchellhenke/update-babel-critical-vulnerability branch October 16, 2023 14:56
@aduth aduth mentioned this pull request Oct 16, 2023
Merged
@soniaconnolly soniaconnolly mentioned this pull request Oct 17, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@aduth aduth aduth approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@mitchellhenke @aduth