Security Vulnerability in @babel/runtime (GHSA-968p-4wvh-cqc8) affecting @testing-library/react-hooks

[vanGalilea]

A moderate severity security vulnerability has been identified in @babel/runtime versions prior to 7.26.10 and between 8.0.0-alpha.0 and 8.0.0-alpha.16. This vulnerability arises from inefficient regular expression complexity in generated code when transpiling named capturing groups, potentially leading to performance degradation.

The @testing-library/react-hooks library includes @babel/runtime indirectly through its dependency on react-error-boundary, which specifies @babel/runtime as a peer dependency.

Recommended Actions:

Update react-error-boundary: Ensure that react-error-boundary is updated to a version that specifies a patched version of @babel/runtime (>= 7.26.10 or >= 8.0.0-alpha.17).

Update @babel/runtime: Verify that the project using @testing-library/react-hooks has @babel/runtime updated to a secure version (>= 7.26.10 or >= 8.0.0-alpha.17) to mitigate the vulnerability.

Audit Dependencies: Run a thorough audit of all dependencies to identify and update any other packages that might be affected by this vulnerability.

By taking these steps, the security vulnerability can be effectively mitigated, ensuring the integrity and performance of projects utilizing @testing-library/react-hooks.

Thanks guys!