joepie91
/
fix-esm
1
0
Fork 2
Code Issues 7 Pull Requests 2 Projects Releases Wiki Activity

Labels Milestones

New Issue

There is CVE-2022-25883 against semver which this package indirectly depends on via @babel/core. #11

Open
opened 7 months ago by bbuck · 0 comments
bbuck commented 7 months ago

Recently had our security scanner flag our container due to the version of semver being used by @babel/core as part of this package.

https://nvd.nist.gov/vuln/detail/CVE-2022-25883

It seems like a non-issue, but since there have no updates in 2 years it might be benenficial to update some dependency versions if they're simple.

Recently had our security scanner flag our container due to the version of `semver` being used by `@babel/core` as part of this package. https://nvd.nist.gov/vuln/detail/CVE-2022-25883 It seems like a non-issue, but since there have no updates in 2 years it might be benenficial to update some dependency versions if they're simple.
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
master
Labels
Apply labels
Clear labels
No items
No Label
Milestone
Set milestone
Clear milestone
No items
No Milestone
Projects
Set Project
Clear projects
No project
Assignees
Assign users
Clear assignees
No Assignees
1 Participants
Notifications
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: joepie91/fix-esm#11
Write Preview
Loading…
Cancel
Save
There is no content yet.
Delete Branch '%!s(<nil>)'

Deleting a branch is permanent. It CANNOT be undone. Continue?

No
Yes