fix(deps): update deps addressing CVE-2023-45133 #762
Merged
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Updated
@babel/*
packages to fix@babel/traverse
critical vulnerabilityWhat is in this PR?
Updated inside packages/istanbul-lib-instrument:
Why?
The sub dependency @babel/traverse inside @babel/core has a critical vulnerability
https://security.snyk.io/vuln/SNYK-JS-BABELTRAVERSE-5962462
Updated @babel/core which has a more recent version of @babel/traverse to fix this security vulnerability
Additional Info
While this may or may not effect the end user we do use snyk at work and this was flagged in our dependency tree and I thought i'd be great to push a small update to fix it 馃檪.
Let me know if you all have any thoughts please! I'd love to help out in any way possible to get this through along with doing any tasks moving forward in istanbuljs since you all do so much!