Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

npm audit reporting low level vulnerability from braces, transitive dependent of babel-cli

See original GitHub issue

After installing the latest version available of this 4.0.2 I now get a failing npm audit and it cannot be auto fixed. Is it possible to fix here? Can babel-cli be removed as an installed dependency?

Low: Regular Expression Denial of Service
Package: braces
Patched in: >=2.3.1
Dependency of: @elastic/apm-rum
Path: @elastic/apm-rum > @elastic/apm-rum-core > babel-cli > chokidar > anymatch > micromatch > braces
More info: https://npmjs.com/advisories/786

Low: Regular Expression Denial of Service
Package: braces
Patched in: >=2.3.1
Dependency of: @elastic/apm-rum
Path: @elastic/apm-rum > babel-cli > chokidar > anymatch > micromatch > braces
More info: https://npmjs.com/advisories/786

Though I’m a bit confused, because I can’t find babel-cli as any dependency in this repo: https://github.com/elastic/apm-agent-rum-js/blob/%40elastic/apm-rum%404.0.2/packages/rum/package.json#L43-L46 https://github.com/elastic/apm-agent-rum-js/blob/%40elastic/apm-rum%404.0.2/packages/rum-core/package.json#L33-L38

What I can find is @babel/cli, but that’s at v7, whilst I have 6.26.0 installed 😕 and a dev dependency at that, so it shouldn’t be installed (right?)

Related: Babel have said that babel-cli@6 is not maintained. See https://github.com/babel/babel/issues/9578#issuecomment-466922413

Issue Analytics

State:
Created 4 years ago
Comments:5 (2 by maintainers)

Top GitHub Comments

1reaction

vigneshshanmugamcommented, Jun 7, 2019

@henrahmagix Thanks for reporting the issue, Seems like we did a bad release on the last version. We will publish a new version in the coming days and update the issue.

0reactions

henrahmagixcommented, Jun 13, 2019

That’s worked for me, thanks @jahtalab!

Top Results From Across the Web

How do you update a dependency inside Babel-CLI?

You need to update your version of babel since it has a transitive dependency on the mentioned package. Manually updating anything won't ...

Dependencies | hlp | npm - Open Source Insights

arrow_right @babel/cli. 7.19.3 Notes Relation Licenses Dependencies 37 Version 7.19.3 Published Description arrow_right @babel/core. 7.20.5 Notes Relation Licenses Dependencies 51 Version 7.20.5 Published Description

Dependency-Check Report

Dependency Highest Severity CVE Count Confidence Evidence Count @ampproject/remapping:2.2.0 0 6 @babel/cli:7.19.3 HIGH 1 Low 8 @babel/code‑frame:7.18.6 0 8

@babel/cli - npm

Start using @babel/cli in your project by running `npm i @babel/cli`. There are 4114 other projects in the npm registry using @babel/cli.

force site to use https htaccess Code Example - Code Grepper

RewriteEngine On RewriteCond %{HTTPS} !=on RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301,NE]