Comments (5)
MelleB
commented on May 22, 2024
3
Fixed in PR #52
Could this PR be merged?
from babel-plugin-transform-define.
pdf13
commented on May 22, 2024
1
There is a 4.17.10 version
https://www.npmjs.com/package/lodash
from babel-plugin-transform-define.
ryan-roemer
commented on May 22, 2024
1
Fixed in #52
from babel-plugin-transform-define.
tnir
commented on May 22, 2024
Found there is some suspicion even in 4.17.5:
from babel-plugin-transform-define.
underblob
commented on May 22, 2024
npm audit says >= 4.17.5:
┌──────────────────────────────────────────────────────────────────────────────┐
│ Manual Review │
│ Some vulnerabilities require your attention to resolve │
│ │
│ Visit https://go.npm.me/audit-guide for additional guidance │
└──────────────────────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ Low │ Prototype Pollution │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ lodash │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in │ >=4.17.5 │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ babel-plugin-transform-define [dev] │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ babel-plugin-transform-define > lodash │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://nodesecurity.io/advisories/577 │
└───────────────┴──────────────────────────────────────────────────────────────┘
found 1 low severity vulnerability in 59560 scanned packages
1 vulnerability requires manual review. See the full report for details.
Would be great to get this fixed.
from babel-plugin-transform-define.
Related Issues (15)
- Unclear errors with external/requirable config file HOT 2
- Accepting `baseDir` in plugin config HOT 1
- Can't define some values that equals false with Boolean operation HOT 3
- Getting cryptic error if the file to return ENV object return null or {} instead HOT 1
- Issue with babel 7 HOT 14
- Deprecate it HOT 2
- wrong babel cache using filepath as entry point HOT 3
- Infra: Add `test` to linting.
- Infra: Don't transpile `src/index.js`
- ES module identifier imports throwing
- Calling `getSortedObjectPaths` frequently leads to performance issues
- should not transform identifiers with binding
- Error when replacing with booleans HOT 8
- OptionalMemberExpression?
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from babel-plugin-transform-define.