Skip to content
This repository was archived by the owner on Jul 31, 2025. It is now read-only.

[Snyk] Upgrade: , , minimist, braces, eslint, eslint-config-prettier, rollup, tape, uglify-js #4

Closed
wants to merge 1 commit into from
Closed

[Snyk] Upgrade: , , minimist, braces, eslint, eslint-config-prettier, rollup, tape, uglify-js #4

wants to merge 1 commit into from

Conversation

steven-hadfield
Copy link

snyk-top-banner

Snyk has created this PR to upgrade multiple dependencies.

👯 The following dependencies are linked and will therefore be updated together.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

Name Versions Released on

@babel/core
from 7.14.0 to 7.25.2 | 80 versions ahead of your current version | 2 months ago
on 2024-07-30
@babel/preset-env
from 7.14.1 to 7.25.4 | 67 versions ahead of your current version | a month ago
on 2024-08-22
minimist
from 1.2.5 to 1.2.8 | 3 versions ahead of your current version | 2 years ago
on 2023-02-09
braces
from 3.0.2 to 3.0.3 | 1 version ahead of your current version | 4 months ago
on 2024-05-21
eslint
from 7.26.0 to 7.32.0 | 6 versions ahead of your current version | 3 years ago
on 2021-07-30
eslint-config-prettier
from 8.3.0 to 8.10.0 | 7 versions ahead of your current version | a year ago
on 2023-08-03
rollup
from 2.47.0 to 2.79.1 | 90 versions ahead of your current version | 2 years ago
on 2022-09-22
tape
from 5.2.2 to 5.8.1 | 24 versions ahead of your current version | 3 months ago
on 2024-06-16
uglify-js
from 3.13.6 to 3.19.3 | 30 versions ahead of your current version | 21 days ago
on 2024-08-29

Issues fixed by the recommended upgrade:

Issue Score Exploit Maturity
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-UGLIFYJS-1727251		 479 No Known Exploit
critical severity Incomplete List of Disallowed Inputs
SNYK-JS-BABELTRAVERSE-5962462		 479 Proof of Concept
high severity Uncontrolled resource consumption
SNYK-JS-BRACES-6838727		 479 Proof of Concept
medium severity Prototype Pollution
SNYK-JS-JSON5-3182856		 479 Proof of Concept
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-MINIMATCH-3050818		 479 No Known Exploit
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-PATHPARSE-1077067		 479 Proof of Concept
low severity Prototype Pollution
SNYK-JS-MINIMIST-2429795		 479 Proof of Concept
Release notes
Package name: @babel/core
  • 7.25.2 - 2024-07-30

    v7.25.2 (2024-07-30)

    🐛 Bug Fix

    • babel-core, babel-traverse

    Committers: 2

  • 7.24.9 - 2024-07-15

    v7.24.9 (2024-07-15)

    🐛 Bug Fix

    💅 Polish

    • babel-generator, babel-plugin-transform-optional-chaining

    🏠 Internal

    • babel-helper-module-transforms

    Committers: 5

  • 7.24.8 - 2024-07-11
  • 7.24.7 - 2024-06-05
  • 7.24.6 - 2024-05-24
  • 7.24.5 - 2024-04-29
  • 7.24.4 - 2024-04-03
  • 7.24.3 - 2024-03-20
  • 7.24.1 - 2024-03-19
  • 7.24.0 - 2024-02-28
  • 7.23.9 - 2024-01-25
  • 7.23.7 - 2023-12-29
  • 7.23.6 - 2023-12-11
  • 7.23.5 - 2023-11-29
  • 7.23.3 - 2023-11-09
  • 7.23.2 - 2023-10-12
  • 7.23.0 - 2023-09-25
  • 7.22.20 - 2023-09-16
  • 7.22.19 - 2023-09-14
  • 7.22.18 - 2023-09-14
  • 7.22.17 - 2023-09-08
  • 7.22.15 - 2023-09-04
  • 7.22.11 - 2023-08-24
  • 7.22.10 - 2023-08-07
  • 7.22.9 - 2023-07-12
  • 7.22.8 - 2023-07-06
  • 7.22.7 - 2023-07-06
  • 7.22.6 - 2023-07-04
  • 7.22.5 - 2023-06-08
  • 7.22.1 - 2023-05-26
  • 7.22.0 - 2023-05-26
  • 7.21.8 - 2023-05-02
  • 7.21.5 - 2023-04-28
  • 7.21.4 - 2023-03-31
  • 7.21.4-esm.4 - 2023-04-04
  • 7.21.4-esm.3 - 2023-04-04
  • 7.21.4-esm.2 - 2023-04-04
  • 7.21.4-esm.1 - 2023-04-04
  • 7.21.4-esm - 2023-04-04
  • 7.21.3 - 2023-03-14
  • 7.21.0 - 2023-02-20
  • 7.20.12 - 2023-01-04
  • 7.20.7 - 2022-12-22
  • 7.20.5 - 2022-11-28
  • 7.20.2 - 2022-11-04
  • 7.19.6 - 2022-10-20
  • 7.19.3 - 2022-09-27
  • 7.19.1 - 2022-09-14
  • 7.19.0 - 2022-09-05
  • 7.18.13 - 2022-08-22
  • 7.18.10 - 2022-08-01
  • 7.18.9 - 2022-07-18
  • 7.18.6 - 2022-06-27
  • 7.18.5 - 2022-06-13
  • 7.18.2 - 2022-05-25
  • 7.18.0 - 2022-05-19
  • 7.17.12 - 2022-05-16
  • 7.17.10 - 2022-04-29
  • 7.17.9 - 2022-04-06
  • 7.17.8 - 2022-03-18
  • 7.17.7 - 2022-03-14
  • 7.17.5 - 2022-02-17
  • 7.17.4 - 2022-02-15
  • 7.17.3 - 2022-02-15
  • 7.17.2 - 2022-02-08
  • 7.17.0 - 2022-02-02
  • 7.16.12 - 2022-01-22
  • 7.16.10 - 2022-01-19
  • 7.16.7 - 2021-12-31
  • 7.16.5 - 2021-12-13
  • 7.16.0 - 2021-10-29
  • 7.15.8 - 2021-10-06
  • 7.15.5 - 2021-09-04
  • 7.15.4 - 2021-09-02
  • 7.15.0 - 2021-08-04
  • 7.14.8 - 2021-07-20
  • 7.14.6 - 2021-06-14
  • 7.14.5 - 2021-06-09
  • 7.14.3 - 2021-05-17
  • 7.14.2 - 2021-05-12
  • 7.14.0 - 2021-04-29
from @babel/core GitHub release notes
Package name: @babel/preset-env
  • 7.25.4 - 2024-08-22

    v7.25.4 (2024-08-22)

    🐛 Bug Fix

    💅 Polish

    • babel-generator, babel-plugin-proposal-decorators, babel-plugin-proposal-destructuring-private, babel-plugin-proposal-pipeline-operator, babel-plugin-transform-class-properties, babel-plugin-transform-destructuring, babel-plugin-transform-optional-chaining, babel-plugin-transform-private-methods, babel-plugin-transform-private-property-in-object, babel-plugin-transform-typescript, babel-runtime-corejs2, babel-runtime, babel-traverse
    • babel-generator, babel-plugin-transform-class-properties
    • babel-generator, babel-plugin-proposal-decorators, babel-plugin-proposal-destructuring-private, babel-plugin-transform-object-rest-spread

    🔬 Output optimization

    Committers: 4

  • 7.25.3 - 2024-07-31

    v7.25.3 (2024-07-31)

    🐛 Bug Fix

    • babel-plugin-bugfix-firefox-class-in-computed-class-key, babel-traverse

    🏠 Internal

    Committers: 2

  • 7.25.2 - 2024-07-30

    v7.25.2 (2024-07-30)

    🐛 Bug Fix

    • babel-core, babel-traverse

    Committers: 2

  • 7.25.0 - 2024-07-26

    v7.25.0 (2024-07-26)

    Thanks @ davidtaylorhq and @ slatereax for your first PR!

    You can find the release blog post with some highlights at https://babeljs.io/blog/2024/07/26/7.25.0.

    👓 Spec Compliance

    • babel-helpers, babel-plugin-proposal-explicit-resource-management, babel-runtime-corejs3
    • babel-plugin-transform-typescript
      • #16602 Ensure enum members syntactically determinable to be strings do not get reverse mappings (@ liuxingbaoyu)

    🚀 New Feature

    • babel-helper-create-class-features-plugin, babel-helper-function-name, babel-helper-plugin-utils, babel-helper-wrap-function, babel-plugin-bugfix-safari-class-field-initializer-scope, babel-plugin-bugfix-safari-id-destructuring-collision-in-function-expression, babel-plugin-transform-classes, babel-plugin-transform-function-name, babel-preset-env, babel-traverse, babel-types
    • babel-helper-hoist-variables, babel-helper-plugin-utils, babel-plugin-proposal-async-do-expressions, babel-plugin-transform-modules-systemjs, babel-traverse
    • babel-helper-create-class-features-plugin, babel-helper-module-transforms, babel-helper-plugin-utils, babel-helper-split-export-declaration, babel-plugin-transform-classes, babel-traverse, babel-types
    • babel-helper-create-class-features-plugin, babel-helper-environment-visitor, babel-helper-module-transforms, babel-helper-plugin-utils, babel-helper-remap-async-to-generator, babel-helper-replace-supers, babel-plugin-bugfix-firefox-class-in-computed-class-key, babel-plugin-bugfix-v8-static-class-fields-redefine-readonly, babel-plugin-transform-async-generator-functions, babel-plugin-transform-classes, babel-traverse
    • babel-core, babel-parser
    • babel-compat-data, babel-plugin-bugfix-safari-class-field-initializer-scope, babel-preset-env
    • babel-plugin-transform-block-scoping, babel-traverse, babel-types
    • babel-helper-import-to-platform-api, babel-plugin-proposal-json-modules
    • babel-helper-transform-fixture-test-runner, babel-node
    • babel-compat-data, babel-helper-create-regexp-features-plugin, babel-plugin-proposal-duplicate-named-capturing-groups-regex, babel-plugin-transform-duplicate-named-capturing-groups-regex, babel-preset-env, babel-standalone
      • #16445 Add duplicate-named-capturing-groups-regex to preset-env (@ JLHwung)

    🐛 Bug Fix

    🏠 Internal

    • Other
    • babel-generator
    • babel-helper-function-name, babel-plugin-transform-arrow-functions, babel-plugin-transform-function-name, babel-preset-env, babel-traverse

    🏃‍♀️ Performance

    • babel-parser, babel-plugin-proposal-pipeline-operator

    🔬 Output optimization

    • babel-plugin-transform-classes
    • babel-helper-create-class-features-plugin, babel-helper-replace-supers, babel-helpers, babel-plugin-proposal-decorators, babel-plugin-transform-class-properties, babel-plugin-transform-classes, babel-plugin-transform-exponentiation-operator, babel-plugin-transform-object-super, babel-plugin-transform-private-methods, babel-runtime-corejs2, babel-runtime-corejs3, babel-runtime
    • babel-plugin-transform-class-properties, babel-plugin-transform-classes

    Committers: 6

  • 7.24.8 - 2024-07-11
  • 7.24.7 - 2024-06-05
  • 7.24.6 - 2024-05-24
  • 7.24.5 - 2024-04-29
  • 7.24.4 - 2024-04-03
  • 7.24.3 - 2024-03-20
  • 7.24.1 - 2024-03-19
  • 7.24.0 - 2024-02-28
  • 7.23.9 - 2024-01-25
  • 7.23.8 - 2024-01-08
  • 7.23.7 - 2023-12-29
  • 7.23.6 - 2023-12-11
  • 7.23.5 - 2023-11-29
  • 7.23.3 - 2023-11-09
  • 7.23.2 - 2023-10-11
  • 7.22.20 - 2023-09-16
  • 7.22.15 - 2023-09-04
  • 7.22.14 - 2023-08-30
  • 7.22.10 - 2023-08-07
  • 7.22.9 - 2023-07-12
  • 7.22.7 - 2023-07-06
  • 7.22.6 - 2023-07-04
  • 7.22.5 - 2023-06-08
  • 7.22.4 - 2023-05-29
  • 7.22.2 - 2023-05-26
  • 7.22.1 - 2023-05-26
  • 7.22.0 - 2023-05-26
  • 7.21.5 - 2023-04-28
  • 7.21.4 - 2023-03-31
  • 7.21.4-esm.4 - 2023-04-04
  • 7.21.4-esm.3 - 2023-04-04
  • 7.21.4-esm.2 - 2023-04-04
  • 7.21.4-esm.1 - 2023-04-04
  • 7.21.4-esm - 2023-04-04
  • 7.20.2 - 2022-11-04
  • 7.19.4 - 2022-10-10
  • 7.19.3 - 2022-09-27
  • 7.19.1 - 2022-09-14
  • 7.19.0 - 2022-09-05
  • 7.18.10 - 2022-08-01
  • 7.18.9 - 2022-07-18
  • 7.18.6 - 2022-06-27
  • 7.18.2 - 2022-05-25
  • 7.18.0 - 2022-05-19
  • 7.17.12 - 2022-05-16
  • 7.17.10 - 2022-04-29
  • 7.16.11 - 2022-01-20
  • 7.16.10 - 2022-01-19
  • 7.16.8 - 2022-01-10
  • 7.16.7 - 2021-12-31
  • 7.16.5 - 2021-12-13
  • 7.16.4 - 2021-11-16
  • 7.16.0 - 2021-10-29
  • 7.15.8 - 2021-10-06
  • 7.15.6 - 2021-09-09
  • 7.15.4 - 2021-09-02
  • 7.15.0 - 2021-08-04
  • 7.14.9 - 2021-08-01
  • 7.14.8 - 2021-07-20
  • 7.14.7 - 2021-06-21
  • 7.14.5 - 2021-06-09
  • 7.14.4 - 2021-05-28
  • 7.14.2 - 2021-05-12
  • 7.14.1 - 2021-05-04
from @babel/preset-env GitHub release notes
Package name: minimist from minimist GitHub release notes
Package name: braces from braces GitHub release notes
Package name: eslint
  • 7.32.0 - 2021-07-30
    • 3c78a7b Chore: Adopt eslint-plugin/prefer-message-ids rule internally (#14841) (Bryan Mishkin)
    • faecf56 Update: change reporting location for curly rule (refs #12334) (#14766) (Nitin Kumar)
    • d7dc07a Fix: ignore lines with empty elements (fixes #12756) (#14837) (Soufiane Boutahlil)
    • 1bfbefd New: Exit on fatal error (fixes #13711) (#14730) (Antonios Katopodis)
    • ed007c8 Chore: Simplify internal no-invalid-meta rule (#14842) (Bryan Mishkin)
    • d53d906 Docs: Prepare data for website to indicate rules with suggestions (#14830) (Bryan Mishkin)
    • d28f2ff Docs: Reference eslint-config-eslint to avoid potential for staleness (#14805) (Brett Zamir)
    • 8be8a36 Chore: Adopt eslint-plugin/require-meta-docs-url rule internally (#14823) (Bryan Mishkin)
    • f9c164f Docs: New syntax issue template (#14826) (Nicholas C. Zakas)
    • eba0c45 Chore: assertions on reporting loc in unicode-bom (refs #12334) (#14809) (Nitin Kumar)
    • ed945bd Docs: fix multiple broken links (#14833) (Sam Chen)
    • 60df44c Chore: use actions/setup-node@v2 (#14816) (Nitin Kumar)
    • 6641d88 Docs: Update README team and sponsors (ESLint Jenkins)
  • 7.31.0 - 2021-07-17
  • 7.30.0 - 2021-07-02
    • 5f74642 Chore: don't check Program.start in SourceCode#getComments (refs #14744) (#14748) (Milos Djermanovic)
    • 19a871a Docs: Suggest linting plugins for ESLint plugin developers (#14754) (Bryan Mishkin)
    • aa87329 Docs: fix broken links (#14756) (Sam Chen)
    • 278813a Docs: fix and add more examples for new-cap rule (fixes #12874) (#14725) (Nitin Kumar)
    • ed1da5d Update: ecmaVersion allows "latest" (#14720) (薛定谔的猫)
    • 104c0b5 Update: improve use-isnan rule to detect Number.NaN (fixes #14715) (#14718) (Nitin Kumar)
    • b08170b Update: Implement FlatConfigArray (refs #13481) (#14321) (Nicholas C. Zakas)
    • f113cdd Chore: upgrade eslint-plugin-eslint-plugin (#14738) (薛定谔的猫)
    • 1b8997a Docs: Fix getRulesMetaForResults link syntax (#14723) (Brandon Mills)
    • aada733 Docs: fix two broken links (#14726) (Sam Chen)
    • 8972529 Docs: Update README team and sponsors (ESLint Jenkins)
  • 7.29.0 - 2021-06-18
    • bfbfe5c New: Add only to RuleTester (refs eslint/rfcs#73) (#14677) (Brandon Mills)
    • c2cd7b4 New: Add ESLint#getRulesMetaForResults() (refs #13654) (#14716) (Nicholas C. Zakas)
    • eea7e0d Chore: remove duplicate code (#14719) (Nitin Kumar)
    • 6a1c7a0 Fix: allow fallthrough comment inside block (fixes #14701) (#14702) (Kevin Gibbons)
    • a47e5e3 Docs: Add Mega-Linter to the list of integrations (#14707) (Nicolas Vuillamy)
    • 353ddf9 Chore: enable reportUnusedDisableDirectives in eslint-config-eslint (#14699) (薛定谔的猫)
    • 757c495 Chore: add some rules to eslint-config-eslint (#14692) (薛定谔的猫)
    • c93a222 Docs: fix a broken link (#14697) (Sam Chen)
    • 655c118 Sponsors: Sync README with website (ESLint Jenkins)
    • e2bed2e Sponsors: Sync README with website (ESLint Jenkins)
    • 8490fb4 Sponsors: Sync README with website (ESLint Jenkins)
    • ddbe877 Sponsors: Sync README with website (ESLint Jenkins)
  • 7.28.0 - 2021-06-04
    • 1237705 Upgrade: @ eslint/eslintrc to 0.4.2 (#14672) (Milos Djermanovic)
    • 123fb86 Docs: Add Feedback Needed triage description (#14670) (Nicholas C. Zakas)
    • c545163 Update: support multiline /eslint-env/ directives (fixes #14652) (#14660) (薛定谔的猫)
    • 8d1e75a Upgrade: glob-parent version in package.json (#14658) (Hamza Najeeb)
    • 1f048cb Fix: no-implicit-coercion false positive with String() (fixes #14623) (#14641) (Milos Djermanovic)
    • d709abf Chore: fix comment location in no-unused-vars (#14648) (Milos Djermanovic)
    • e44ce0a Fix: no-duplicate-im...

@snyk-bot
fix: upgrade multiple dependencies with Snyk
4b20113 
Snyk has created this PR to upgrade:
  - @babel/core from 7.14.0 to 7.25.2.
    See this package in npm: https://www.npmjs.com/package/@babel/core
  - @babel/preset-env from 7.14.1 to 7.25.4.
    See this package in npm: https://www.npmjs.com/package/@babel/preset-env
  - minimist from 1.2.5 to 1.2.8.
    See this package in npm: https://www.npmjs.com/package/minimist
  - braces from 3.0.2 to 3.0.3.
    See this package in npm: https://www.npmjs.com/package/braces
  - eslint from 7.26.0 to 7.32.0.
    See this package in npm: https://www.npmjs.com/package/eslint
  - eslint-config-prettier from 8.3.0 to 8.10.0.
    See this package in npm: https://www.npmjs.com/package/eslint-config-prettier
  - rollup from 2.47.0 to 2.79.1.
    See this package in npm: https://www.npmjs.com/package/rollup
  - tape from 5.2.2 to 5.8.1.
    See this package in npm: https://www.npmjs.com/package/tape
  - uglify-js from 3.13.6 to 3.19.3.
    See this package in npm: https://www.npmjs.com/package/uglify-js

See this project in Snyk:
https://app.snyk.io/org/hk/project/9678ed76-9ba7-4890-8851-2316125fc36e?utm_source=github&utm_medium=referral&page=upgrade-pr
@patrixr patrixr closed this Apr 10, 2025
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
3 participants
@steven-hadfield @patrixr @snyk-bot