gethue uses babel/traverse version with critical security vulnerability

[HiggsWRX]

Is there an existing issue for this?

• I have searched the existing issues

Description

gethue package uses babel/traverse dependency that has critical security issue. Please update your babel/traverse dependency to a version that has at least the fixed critical vulnerability

Steps To Reproduce

1. install gethue npm package
2. run npm/pnpm/yarn audit
3. You will see gethue at the top of critical vulnerabilities due to babel/traverse

Logs

Paths
│ . > [email protected] > [email protected] > │
│ │ [email protected] > │
│ │ [email protected] > [email protected] │
│ │ │
│ │ . > [email protected] > [email protected] > │
│ │ [email protected] > │
│ │ [email protected] > │
│ │ [email protected] > [email protected] │
│ │ │
│ │ . > [email protected] > [email protected] > │
│ │ [email protected] > │
│ │ [email protected] > │
│ │ [email protected]

there's 34 more paths that use babel/traverse in gethue but you get the idea

Hue version

6.0.1

[HiggsWRX]

I forgot to add the link for the critical severity report: GHSA-67hx-6x53-jw92

[github-actions]

This issue is stale because it has been open 30 days with no activity and is not labeled "Prevent stale". Remove "stale" label or comment or this will be closed in 10 days.

[Harshg999]

Hey @HiggsWRX , thanks for reporting the issue! This is already addressed in latest master but the package is not updated.

We'll do another NPM release soon.