[Snyk] Security upgrade babel-loader from 8.4.1 to 10.0.0#4
Conversation
The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-AJV-15274295
|
There was a problem hiding this comment.
Pull request overview
This PR is an automated security upgrade proposed by Snyk to fix a high-severity Regular Expression Denial of Service (ReDoS) vulnerability in the ajv dependency by upgrading babel-loader from version 8.4.1 to 10.0.0. The vulnerability (SNYK-JS-AJV-15274295) has a severity score of 803/1000.
Changes:
- Upgrades babel-loader from ^8.2.3 to ^10.0.0 to address the ReDoS vulnerability in ajv
| "@tweenjs/tween.js": "^18.6.4", | ||
| "@types/tweenjs": "^1.0.4", | ||
| "babel-loader": "^8.2.3", | ||
| "babel-loader": "^10.0.0", |
There was a problem hiding this comment.
The project uses @babel/core version 7.16.12 (from early 2022), along with similarly dated @babel/preset-env, @babel/preset-react, and @babel/preset-typescript packages. babel-loader 10.x (if it exists) likely requires a newer version of @babel/core as a peer dependency. This major version upgrade may fail to install or cause runtime errors due to peer dependency mismatches. Consider upgrading @babel/core and related packages to compatible versions, or verify the peer dependency requirements of babel-loader 10.0.0.



Snyk has created this PR to fix 1 vulnerabilities in the npm dependencies of this project.
Snyk changed the following file(s):
package.jsonVulnerabilities that will be fixed with an upgrade:
SNYK-JS-AJV-15274295
Important
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic
Learn how to fix vulnerabilities with free interactive lessons:
🦉 Regular Expression Denial of Service (ReDoS)