search

uiwjs / next-remove-imports

The default behavior is to remove all .less/.css/.scss/.sass/.styl imports from all packages in node_modules.
https://uiwjs.github.io/next-remove-imports/
MIT License
17 stars 2 forks source link

Failed Synk vulnerability check #12

Closed DhiraPT closed 11 months ago

DhiraPT commented 11 months ago

Issues with no direct upgrade or patch: ✗ Regular Expression Denial of Service (ReDoS) [High Severity][https://security.snyk.io/vuln/SNYK-JS-SEMVER-3247795] in semver@7.3.8 introduced by next-remove-imports@1.0.11 > @babel/core@7.22.5 > semver@6.3.0 and 4 other path(s) This issue was fixed in versions: 5.7.2, 6.3.1, 7.5.2

jaywcjlove commented 11 months ago

@DhiraPT what do I need to do?

DhiraPT commented 11 months ago

@DhiraPT what do I need to do?

Upgrade @babel/core to the latest version

jaywcjlove commented 11 months ago

@DhiraPT Upgrade v1.0.12