Minor security vulnerability via babel-traverse 6.26.0 #12010
Labels
Comments
|
The alert says in bold: "Users that only compile trusted code are not impacted." You're welcome to PR the repo with the upgrade. I'm not aware of much activity in https://github.com/prebid/Prebid.js/tree/cda06f40bb1958f77888c0ae0bb486c5c55ac8d7/test/spec/e2e |
patmmccann
changed the title
1 task
|
Fixed in #12259 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Type of issue
Security vulnerability
Description
We maintain a fork of Prebid.js that is being flagged by Dependabot as containing a critical security vulnerability, introduced by
babel-traverse(ID: CVE-2023-45133)In Prebid.js, it looks to be coming from
babel-registervia:Relevant line in package.json
babel-registeris used to add Babel support to the end-to-end testing task.It is reasonable to assume that the end-to-end testing tasks (
gulp e2e-test) are currently insecure. Do you agree, and if so, would it be possible to upgrade[email protected]to@babel/[email protected]or higher?Platform details
This affects at least versions v8.52.0 and v9 (latest) of Prebid.js
The text was updated successfully, but these errors were encountered: