fix: use package.json overrides to bump `@babel/runtime` & `prismjs` to fix npm audit warnings #396

alex-mcgovern · 2025-03-17T09:08:06Z

┌────────────────┬────────────────┬──────────┬────────┬───────────────────┬─────────────────────────┬─────────────────────────────────────────────────────────────┐
│    Library     │ Vulnerability  │ Severity │ Status │ Installed Version │      Fixed Version      │                            Title                            │
├────────────────┼────────────────┼──────────┼────────┼───────────────────┼─────────────────────────┼─────────────────────────────────────────────────────────────┤
│ @babel/runtime │ CVE-2025-27789 │ MEDIUM   │ fixed  │ 7.26.0            │ 7.26.10, 8.0.0-alpha.17 │ Babel is a compiler for writing next generation JavaScript. │
│                │                │          │        │                   │                         │ When using ......                                           │
│                │                │          │        │                   │                         │ https://avd.aquasec.com/nvd/cve-2025-27789                  │
├────────────────┼────────────────┤          │        ├───────────────────┼─────────────────────────┼─────────────────────────────────────────────────────────────┤
│ prismjs        │ CVE-2024-53382 │          │        │ 1.27.0            │ 1.30.0                  │ prismjs: DOM Clobbering vulnerability within the Prism      │
│                │                │          │        │                   │                         │ library's prism-autoloader plugin                           │
│                │                │          │        │                   │                         │ https://avd.aquasec.com/nvd/cve-2024-53382                  │
│                │                │          │        ├───────────────────┤                         │                                                             │
│                │                │          │        │ 1.29.0            │                         │                                                             │
│                │                │          │        │                   │                         │                                                             │
│                │                │          │        │                   │                         │                                                             │
└────────────────┴────────────────┴──────────┴────────┴───────────────────┴─────────────────────────┴─────────────────────────────────────────────────────────────┘

ghost · 2025-03-17T09:08:10Z

Minder Vulnerability Report ✅

Minder analyzed this PR and found it does not add any new vulnerable dependencies.

Vulnerability scan of 27727f04:

🐞 vulnerable packages: 0

🛠 fixes available for: 0

…to fix npm audit warnings

coveralls · 2025-03-17T09:11:16Z

Pull Request Test Coverage Report for Build 13895587926

Details

0 of 0 changed or added relevant lines in 0 files are covered.
No unchanged relevant lines lost coverage.
Overall coverage increased (+0.05%) to 66.498%

Totals
Change from base Build 13895469654:	0.05%
Covered Lines:	896
Relevant Lines:	1276

💛 - Coveralls

fix: use package.json overrides to bump @babel/runtime & prismjs …

da22fe8

…to fix npm audit warnings

alex-mcgovern force-pushed the fix/npm-audit-fixes branch from 27727f0 to da22fe8 Compare March 17, 2025 09:09

alex-mcgovern enabled auto-merge (squash) March 17, 2025 09:18

davolokh approved these changes Mar 17, 2025

View reviewed changes

alex-mcgovern merged commit 79041a1 into main Mar 17, 2025
8 checks passed

alex-mcgovern deleted the fix/npm-audit-fixes branch March 17, 2025 09:18

stacklokbot mentioned this pull request Mar 17, 2025

chore(main): release 0.20.0 #397

Merged

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

fix: use package.json overrides to bump `@babel/runtime` & `prismjs` to fix npm audit warnings #396

fix: use package.json overrides to bump `@babel/runtime` & `prismjs` to fix npm audit warnings #396

Uh oh!

alex-mcgovern commented Mar 17, 2025 •

edited

Loading

Uh oh!

ghost commented Mar 17, 2025

Vulnerability scan of `27727f04:`

Uh oh!

coveralls commented Mar 17, 2025 •

edited

Loading

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

4 participants

fix: use package.json overrides to bump @babel/runtime & prismjs to fix npm audit warnings #396

fix: use package.json overrides to bump @babel/runtime & prismjs to fix npm audit warnings #396

Uh oh!

Conversation

alex-mcgovern commented Mar 17, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

ghost commented Mar 17, 2025

Minder Vulnerability Report ✅

Vulnerability scan of 27727f04:

Uh oh!

coveralls commented Mar 17, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Pull Request Test Coverage Report for Build 13895587926

Details

💛 - Coveralls

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

4 participants

fix: use package.json overrides to bump `@babel/runtime` & `prismjs` to fix npm audit warnings #396

fix: use package.json overrides to bump `@babel/runtime` & `prismjs` to fix npm audit warnings #396

alex-mcgovern commented Mar 17, 2025 •

edited

Loading

Vulnerability scan of `27727f04:`

coveralls commented Mar 17, 2025 •

edited

Loading