Skip to content

[Snyk] Security upgrade @babel/runtime from 7.23.9 to 7.26.10#369

Closed
theKashey wants to merge 1 commit into
masterfrom
snyk-fix-2902c2bdd1c372bd0a383e70a0aa659c
Closed

[Snyk] Security upgrade @babel/runtime from 7.23.9 to 7.26.10#369
theKashey wants to merge 1 commit into
masterfrom
snyk-fix-2902c2bdd1c372bd0a383e70a0aa659c

Conversation

@theKashey
Copy link
Copy Markdown
Owner

@theKashey theKashey commented May 8, 2025

snyk-top-banner

Snyk has created this PR to fix 1 vulnerabilities in the yarn dependencies of this project.

Snyk changed the following file(s):

  • package.json
  • yarn.lock

Note for zero-installs users

If you are using the Yarn feature zero-installs that was introduced in Yarn V2, note that this PR does not update the .yarn/cache/ directory meaning this code cannot be pulled and immediately developed on as one would expect for a zero-install project - you will need to run yarn to update the contents of the ./yarn/cache directory.
If you are not using zero-install you can ignore this as your flow should likely be unchanged.

Vulnerabilities that will be fixed with an upgrade:

Issue Score
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-BABELRUNTIME-10044504		   738  

Important

  • Check the changes in this PR to ensure they won't cause issues with your project.
  • Max score is 1000. Note that the real score may have changed since the PR was raised.
  • This PR was automatically created by Snyk using the credentials of a real user.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)

@JohnAllenTech
Copy link
Copy Markdown

JohnAllenTech commented Jun 25, 2025

Hey @theKashey is there any chance we can merge a few of these security upgrades please. This one in particular would be great to merge as its showing a medium vulnerability in Snyk.

https://security.snyk.io/vuln/SNYK-JS-BABELRUNTIME-10044504

@theKashey
Copy link
Copy Markdown
Owner Author

theKashey commented Jul 14, 2025

In general this change would not do much, as dependency is not "fixed" and controlled by lock file at my and your sides.
In other words - to resolve the problem you need to update babel-runtime, and focus-lock will pick a version from you.

@stale
Copy link
Copy Markdown

stale Bot commented Sep 12, 2025

This issue has been marked as "stale" because there has been no activity for 2 months. If you have any new information or would like to continue the discussion, please feel free to do so. If this issue got buried among other tasks, maybe this message will reignite the conversation. Otherwise, this issue will be closed in 7 days. Thank you for your contributions so far.

@stale stale Bot added the state label Sep 12, 2025
@stale stale Bot closed this Sep 19, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

state

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@theKashey @JohnAllenTech @snyk-bot