Bump @babel/traverse to 7.23.2

hashicorp / setup-terraform

Sets up Terraform CLI in your GitHub Actions workflow.

https://developer.hashicorp.com/terraform/tutorials/automation/github-actions

Mozilla Public License 2.0

1.35k stars 237 forks source link

Bump @babel/traverse to 7.23.2 #357

Closed austinvalle closed 10 months ago

austinvalle commented 10 months ago

Fixes npm audit in our CI, babel is only a dev dependency, so no /dist changes.

 $ npm audit              
# npm audit report

@babel/traverse  <7.23.2
Severity: critical
Babel vulnerable to arbitrary code execution when compiling specifically crafted malicious code - https://github.com/advisories/GHSA-67hx-6x53-jw92
fix available via `npm audit fix`
node_modules/@babel/traverse

1 critical severity vulnerability

To address all issues, run:
  npm audit fix

austinvalle commented 10 months ago

Fixed by #356

github-actions[bot] commented 3 months ago

I'm going to lock this pull request because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active contributions. If you have found a problem that seems related to this change, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.