github-actions[bot]
commented
2 months ago This issue is stale because it has been open 30 days with no activity. Remove stale label or comment or this will be closed in 30 days.
Closed majklfly closed 2 months ago
github-actions[bot]
commented
2 months ago This issue is stale because it has been open 30 days with no activity. Remove stale label or comment or this will be closed in 30 days.
SimenB
commented
2 months ago The fix is in semver range, so we don't need to do anything here
github-actions[bot]
commented
1 month ago This issue has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs. Please note this issue tracker is not a help forum. We recommend using StackOverflow or our discord channel for questions.
Version
latest
Steps to reproduce
install
Expected behavior
removed critical security finding
Actual behavior
present critical security finding
Additional context
For some reason I struggled to create directly a security issue, so please:
Updade package istanbul-lib-instrument 6.0.0 --> 6.0.2 in jest-reporters. (and all other packages, that are using this package). It appears, that version 6.0.2 is already using babel >7.23.2 which does not contain critical finding.
https://github.com/adviso2023-45133ries/GHSA-67hx-6x53-jw92 https://nvd.nist.gov/vuln/detail/CVE-2023-45133
Environment