Skip to content

eemeli/yaml is included and is subject to CVE-2023-2251, can you upgrade bable-plugin-macros to remove that venerable dependency #1053

Description

@jchambers-ln

The dependency below is reporting CVE-2023-2251 in security scanners, would it be possible to upgrade the version of babel-plugin-macros to a higher version so that it removes the dependency on eemeli/yaml@1.10.2 (cosmicconfig moves to a different yaml library in newer versions) -- I initially thought this was a false positive in my scanner until I dug deep and realized the older cosmicconfig used that library but changed in newer versions.

babel-plugin-macros@3.1.0
cosmiconfig@7.1.0
yaml@1.10.2

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions