postcss-at2x icon indicating copy to clipboard operation
postcss-at2x copied to clipboard

Published 20 hours ago verified publisher icon simonsmith

a vulnerability CVE-2020-28469 is introduced in postcss-at2x

Open ayaka-kms opened this issue 3 years ago • 0 comments

Hi, a vulnerability CVE-2020-28469 is introduced in postcss-at2x via: ● [email protected][email protected][email protected][email protected]

babel-cli is a legacy package. It has not been maintained for about 4 years, and is not likely to be updated. Is it possible to migrate babel-cli to other package to remediate this vulnerability?

I noticed several migration records for babel-cli in other js repos, such as

  1. in AlNuN/learn-webpack, Migrate from babel-cli to webpack + babel-core via commit
  2. in tsub/serverless-plugin-subscription-filter, Migrate babel-cli to @babel/cli via commit

Are there any efforts planned that would remediate this vulnerability or migrate babel-cli?

Thanks ; )

ayaka-kms avatar Aug 24 '21 14:08 ayaka-kms