npm audit reporting low level vulnerability from braces, transitive dependent of babel-cli
See original GitHub issueAfter installing the latest version available of this 4.0.2
I now get a failing npm audit
and it cannot be auto fixed. Is it possible to fix here? Can babel-cli
be removed as an installed dependency?
Low: Regular Expression Denial of Service
Package: braces
Patched in: >=2.3.1
Dependency of: @elastic/apm-rum
Path: @elastic/apm-rum > @elastic/apm-rum-core > babel-cli > chokidar > anymatch > micromatch > braces
More info: https://npmjs.com/advisories/786
Low: Regular Expression Denial of Service
Package: braces
Patched in: >=2.3.1
Dependency of: @elastic/apm-rum
Path: @elastic/apm-rum > babel-cli > chokidar > anymatch > micromatch > braces
More info: https://npmjs.com/advisories/786
Though I’m a bit confused, because I can’t find babel-cli
as any dependency in this repo:
https://github.com/elastic/apm-agent-rum-js/blob/%40elastic/apm-rum%404.0.2/packages/rum/package.json#L43-L46
https://github.com/elastic/apm-agent-rum-js/blob/%40elastic/apm-rum%404.0.2/packages/rum-core/package.json#L33-L38
What I can find is @babel/cli
, but that’s at v7, whilst I have 6.26.0 installed 😕 and a dev dependency at that, so it shouldn’t be installed (right?)
Related: Babel have said that babel-cli@6
is not maintained. See https://github.com/babel/babel/issues/9578#issuecomment-466922413
Issue Analytics
- State:
- Created 4 years ago
- Comments:5 (2 by maintainers)
Top GitHub Comments
@henrahmagix Thanks for reporting the issue, Seems like we did a bad release on the last version. We will publish a new version in the coming days and update the issue.
That’s worked for me, thanks @jahtalab!