Remove ember-auto-import 1.12.1 DependencyTrack #11730
Labels
Comments
|
@gabrieltrita I don't think this security warning is accurate because Could you pin @mydea is it a good idea to drop |
|
I think we can at the very least we can bump to 1.12.2. We could also think to drop 1.x overall (we are already in beta but I think this wouldn't be too bad to do still...) |
mydea
added a commit
that referenced
this issue
Apr 30, 2024
This updates the versions of some dependencies for the Ember SDK: * `ember-auto-import` is bumped to `^2.4.3` * `ember-cli-babel` is bumped to `^8.2.0` * `ember-cli-typescript` is bumped to `^5.3.0` Closes #11730
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Problem Statement
A security issue was detected in versions of ember-auto-import lower than 1.12.2, as it uses babel-traverse:6.26.0, would it be possible to remove the dependency on ember-auto-import 1.12.1?
Refs:
GHSA-67hx-6x53-jw92
Dependency Tree
→ ember-auto-import:1.12.2
→ ember-cli-babel:6.18.0
→ broccoli-babel-transpiler:6.5.1
→ babel-core:6.26.3
→ babel-traverse:6.26.0
Solution Brainstorm
Remove ember-auto-import 1.12.1:
https://github.com/getsentry/sentry-javascript/blob/d2d2e0af05bd1ab2a3b296ad3ebb976285775193/packages/ember/package.json#L39C5-L39C46
The text was updated successfully, but these errors were encountered: