Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: use package.json overrides to bump @babel/runtime & prismjs to fix npm audit warnings #396

Merged
merged 1 commit into from
Mar 17, 2025
Merged

fix: use package.json overrides to bump @babel/runtime & prismjs to fix npm audit warnings #396

merged 1 commit into from
Mar 17, 2025

Conversation

alex-mcgovern
Copy link
Collaborator

@alex-mcgovern alex-mcgovern commented Mar 17, 2025
edited
Loading 

┌────────────────┬────────────────┬──────────┬────────┬───────────────────┬─────────────────────────┬─────────────────────────────────────────────────────────────┐
│    Library     │ Vulnerability  │ Severity │ Status │ Installed Version │      Fixed Version      │                            Title                            │
├────────────────┼────────────────┼──────────┼────────┼───────────────────┼─────────────────────────┼─────────────────────────────────────────────────────────────┤
│ @babel/runtime │ CVE-2025-27789 │ MEDIUM   │ fixed  │ 7.26.0            │ 7.26.10, 8.0.0-alpha.17 │ Babel is a compiler for writing next generation JavaScript. │
│                │                │          │        │                   │                         │ When using ......                                           │
│                │                │          │        │                   │                         │ https://avd.aquasec.com/nvd/cve-2025-27789                  │
├────────────────┼────────────────┤          │        ├───────────────────┼─────────────────────────┼─────────────────────────────────────────────────────────────┤
│ prismjs        │ CVE-2024-53382 │          │        │ 1.27.0            │ 1.30.0                  │ prismjs: DOM Clobbering vulnerability within the Prism      │
│                │                │          │        │                   │                         │ library's prism-autoloader plugin                           │
│                │                │          │        │                   │                         │ https://avd.aquasec.com/nvd/cve-2024-53382                  │
│                │                │          │        ├───────────────────┤                         │                                                             │
│                │                │          │        │ 1.29.0            │                         │                                                             │
│                │                │          │        │                   │                         │                                                             │
│                │                │          │        │                   │                         │                                                             │
└────────────────┴────────────────┴──────────┴────────┴───────────────────┴─────────────────────────┴─────────────────────────────────────────────────────────────┘

@stacklok-cloud-staging Stacklok Cloud (Staging)
Copy link

Minder Vulnerability Report ✅

Minder analyzed this PR and found it does not add any new vulnerable dependencies.

Vulnerability scan of 27727f04:

  • 🐞 vulnerable packages: 0
  • 🛠 fixes available for: 0

@coveralls
Copy link
Collaborator

coveralls commented Mar 17, 2025
edited
Loading

Pull Request Test Coverage Report for Build 13895587926

Details

  • 0 of 0 changed or added relevant lines in 0 files are covered.
  • No unchanged relevant lines lost coverage.
  • Overall coverage increased (+0.05%) to 66.498%
Totals Coverage Status
Change from base Build 13895469654: 0.05%
Covered Lines: 896
Relevant Lines: 1276
💛 - Coveralls

@alex-mcgovern alex-mcgovern enabled auto-merge (squash) March 17, 2025 09:18
@alex-mcgovern alex-mcgovern merged commit 79041a1 into main Mar 17, 2025
8 checks passed
@alex-mcgovern alex-mcgovern deleted the fix/npm-audit-fixes branch March 17, 2025 09:18
@stacklokbot stacklokbot mentioned this pull request Mar 17, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@davolokh davolokh davolokh approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@alex-mcgovern @coveralls @davolokh