Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update to ember-cli-babel@8+ to fix a json5 vulnerability #1448

Closed
Z-Zhao opened this issue Apr 5, 2024 · 3 comments
Closed

Update to ember-cli-babel@8+ to fix a json5 vulnerability #1448

Z-Zhao opened this issue Apr 5, 2024 · 3 comments

Comments

@Z-Zhao
Copy link

Z-Zhao commented Apr 5, 2024

Latest version has dependency on [email protected] which is high Severity reported by "npm audit"
json5 <1.0.2
Severity: high
Prototype Pollution in JSON5 via Parse Method - GHSA-9c47-m6qq-7p4h

Below is the result of "npm list json5"
├─┬ @ember/[email protected]
│ └─┬ [email protected]
│ └─┬ [email protected]
│ └─┬ [email protected]
│ └── [email protected]

you should update to ember-cli-babel@^8.0.0 which includes the below change
https://github.com/emberjs/ember-cli-babel/pull/492

@Z-Zhao
Copy link
Author

Z-Zhao commented Apr 5, 2024

"ember-cli-babel": "^7.26.11",

@NullVoxPopuli
Copy link
Collaborator

want to submit a PR?

@NullVoxPopuli
Copy link
Collaborator

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants