Vulnerability in @babel/[email protected] due to @babel/[email protected]

[diveshpanwar]

Library Affected: [email protected] @babel/[email protected] @babel/[email protected]

Browser & Platform: all browsers

Issue or Feature Request Description: The reported version of [email protected] uses a version of @babel/[email protected] which depends on @babel/[email protected]. This babel traverse version is said to have a severe vulnerability as reported here NVD Bug Description and Github Advisory.

Since this is a severe vulnerability it is being flagged by many vulnerability detection tools.

Kindly consider upgrading the @babel/core version to >=7.23.2 or please suggest a workaround.

[vitalij931]

I concur, there is a PR https://github.com/GoogleChrome/workbox/pull/3265 waiting for approval, hopefully it will go through soon

[tomayac]

Hi there,

Workbox is moving to a new engineering team within Google. As part of this move, we're declaring a partial bug bankruptcy to allow the new team to start fresh. We realize this isn't optimal, but realistically, this is the only way we see it working. For transparency, here're the criteria we applied:

• For PRs, we closed everything that doesn't target the current v7 branch.
• For Issues, we closed everything that was created before 2024.

Thanks, and we hope for your understanding! The Workbox team