Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update to ember-cli-babel@8+ to fix a json5 vulnerability #1448

Closed
Z-Zhao opened this issue Apr 5, 2024 · 3 comments
Closed

Update to ember-cli-babel@8+ to fix a json5 vulnerability #1448

Z-Zhao opened this issue Apr 5, 2024 · 3 comments

Comments

@Z-Zhao
Copy link

Z-Zhao commented Apr 5, 2024
edited
Loading

Latest version has dependency on [email protected] which is high Severity reported by "npm audit"
json5 <1.0.2
Severity: high
Prototype Pollution in JSON5 via Parse Method - GHSA-9c47-m6qq-7p4h

Below is the result of "npm list json5"
├─┬ @ember/[email protected]
│ └─┬ [email protected]
│ └─┬ [email protected]
│ └─┬ [email protected]
│ └── [email protected]

you should update to ember-cli-babel@^8.0.0 which includes the below change
https://github.com/emberjs/ember-cli-babel/pull/492
@Z-Zhao
Copy link
Author

Z-Zhao commented Apr 5, 2024

ember-test-helpers/addon/package.json

Line 55 in 9cec68d

"ember-cli-babel": "^7.26.11",

@NullVoxPopuli
Copy link
Collaborator

want to submit a PR?

@NullVoxPopuli NullVoxPopuli mentioned this issue Jul 19, 2024
Merged
@NullVoxPopuli
Copy link
Collaborator

This was resolved in https://github.com/emberjs/ember-test-helpers/releases/tag/v3.3.1-%40ember%2Ftest-helpers

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@NullVoxPopuli @Z-Zhao