ember-cli-babel version 7.x is still widely used in the ember community, over 65% of downloads from npm are still on 7.x. There is a vulnerability in JSON5 being brought in from a transitive dependency of this package, that has been updated in ember-cli-babel 8.x. However it is impossible to remove version 7.x from ember projects given ember-source itself still depends on 7.x, along with many other ember community packages. I am hoping a patch version of ember 7.x could be released to remove this vulnerability.
This PR is based off the v7.26.11 tag, but there is no 7.x branch to choose as the base for this PR so its currently pointed at master.
ember-cli-babel version 7.x is still widely used in the ember community, over 65% of downloads from npm are still on 7.x. There is a vulnerability in JSON5 being brought in from a transitive dependency of this package, that has been updated in ember-cli-babel 8.x. However it is impossible to remove version 7.x from ember projects given ember-source itself still depends on 7.x, along with many other ember community packages. I am hoping a patch version of ember 7.x could be released to remove this vulnerability.
This PR is based off the v7.26.11 tag, but there is no 7.x branch to choose as the base for this PR so its currently pointed at master.
Thank you!