You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
A security issue was detected in versions of ember-auto-import lower than 1.12.2, as it uses babel-traverse:6.26.0, would it be possible to remove the dependency on ember-auto-import 1.12.1?
@gabrieltrita I don't think this security warning is accurate because ember-auto-import only is used in development, nothing should be exposed in production.
Could you pin babel-traverse via a custom resolution to a higher version to get around this?
@mydea is it a good idea to drop ember-auto-import v1 for v8?
I think we can at the very least we can bump to 1.12.2. We could also think to drop 1.x overall (we are already in beta but I think this wouldn't be too bad to do still...)
This updates the versions of some dependencies for the Ember SDK:
* `ember-auto-import` is bumped to `^2.4.3`
* `ember-cli-babel` is bumped to `^8.2.0`
* `ember-cli-typescript` is bumped to `^5.3.0`
Closes#11730
Problem Statement
A security issue was detected in versions of ember-auto-import lower than 1.12.2, as it uses babel-traverse:6.26.0, would it be possible to remove the dependency on ember-auto-import 1.12.1?
Refs:
GHSA-67hx-6x53-jw92
Dependency Tree
→ ember-auto-import:1.12.2
→ ember-cli-babel:6.18.0
→ broccoli-babel-transpiler:6.5.1
→ babel-core:6.26.3
→ babel-traverse:6.26.0
Solution Brainstorm
Remove ember-auto-import 1.12.1:
https://github.com/getsentry/sentry-javascript/blob/d2d2e0af05bd1ab2a3b296ad3ebb976285775193/packages/ember/package.json#L39C5-L39C46
The text was updated successfully, but these errors were encountered: