Skip to content

[Snyk] Fix for 1 vulnerabilities#328

Open
rvu-snyk wants to merge 1 commit into
masterfrom
snyk-fix-ff6a4a79cc9eaf09f9dc297fef2da712
Open

[Snyk] Fix for 1 vulnerabilities#328
rvu-snyk wants to merge 1 commit into
masterfrom
snyk-fix-ff6a4a79cc9eaf09f9dc297fef2da712

Conversation

@rvu-snyk

Copy link
Copy Markdown
Contributor

snyk-top-banner

Snyk has created this PR to fix 1 vulnerabilities in the npm dependencies of this project.

Snyk changed the following file(s):

  • package.json
⚠️ Warning
Failed to update the package-lock.json, please update manually before merging.

Vulnerabilities that will be fixed with an upgrade:

Issue Score
high severity Inefficient Algorithmic Complexity
SNYK-JS-BRACEEXPANSION-17706650
  721  

Breaking Change Risk

Merge Risk: High

Notice: This assessment is enhanced by AI.


Important

  • Check the changes in this PR to ensure they won't cause issues with your project.
  • Max score is 1000. Note that the real score may have changed since the PR was raised.
  • This PR was automatically created by Snyk using the credentials of a real user.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic


Learn how to fix vulnerabilities with free interactive lessons:

🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.

@rvu-snyk

Copy link
Copy Markdown
Contributor Author

Merge Risk: High

This update includes two major version upgrades, both of which are high-risk and require developer action.

@babel/cli from 7.28.6 to 8.0.0

Risk: HIGH

This is a significant upgrade that modernizes the entire Babel ecosystem. It introduces several breaking changes that require configuration updates and environment changes.

Key Breaking Changes:

  • Node.js Requirement: Babel 8 requires Node.js v22 or newer. [1, 5]
  • ESM Only: All Babel packages are now published as ESM, which may affect your build tooling and configuration. [1, 2, 3]
  • Default Target Changed: Babel no longer compiles to ES5 by default. It now targets modern browsers according to browserslist defaults. If you need to support older browsers, you must explicitly configure the targets option. [1, 3, 5]
  • Configuration Migration:
    • The loose and spec options are removed in favor of the top-level assumptions option. [1, 5]
    • Polyfill injection via useBuiltIns and corejs options has been removed from @babel/preset-env. You must now use a dedicated package like babel-plugin-polyfill-corejs3. [1, 4]

Recommendation:
Follow the official Babel 8 Migration Guide before upgrading. It is recommended to first update your Babel 7 configuration to align with Babel 8's new defaults, ensure your build works, and then perform the package upgrade. [5]

del from 3.0.0 to 8.0.0

Risk: HIGH

This upgrade spans five major versions (v4 through v8). While a direct changelog is not available, packages from this author have consistently migrated to pure ESM modules, which is a significant breaking change.

Key Breaking Changes:

  • Pure ESM Module: The package is almost certainly now a pure ESM module. This requires you to change how you import it, from const del = require('del') to import { del } from 'del'. This is a mandatory code modification.
  • Node.js Support: Support for older, end-of-life Node.js versions has been dropped. A modern version of Node.js is required.

Recommendation:
Update your code to use ES module import syntax. Given the large version gap and lack of a consolidated changelog, thorough testing is critical to ensure all functionality works as expected after the upgrade.

Notice 🤖: This content was augmented using artificial intelligence. AI-generated content may contain errors and should be reviewed for accuracy before use.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants