serverless-offline-python icon indicating copy to clipboard operation
serverless-offline-python copied to clipboard

Published 20 hours ago verified publisher icon alhazmy13

Security vulnerability for Json5 library

Open seamus-sc opened this issue 2 years ago • 0 comments

serverless-offline-python depends on "babel-register": "^6.18.0", which in turn depends on "babel-core": "^6.26.0" which includes the dependency "json5": "^0.5.1", which has a security vulnerability.

Babel updated the Json5 library to 2.1.0 in 2018, but they've bumped it a few more times since then (including 2 weeks ago, which is why I'm here now).

It'd be great if we could bump the version of babel-register to the current 7.18.9, which would get us all the necessary security updates.

Thanks!

seamus-sc avatar Jan 12 '23 17:01 seamus-sc