next.js dependency vulnerability: Upgrade @babel/runtime to fix GHSA-968p-4wvh-cqc8 vulnerability #77879
Labels
Runtime
Related to Node.js or Edge Runtime with Next.js.
Comments
github-actions
bot
added
the
Runtime
|
This is a breaking vulnerability for us. Should this have been reported under the "Security" rather than an Issue? |
|
Hey. Unfortunately it's also breaking vulnerability for us. I believe there should be more comments coming soon. EDIT: @xendren Just created a report in Security tab I believe this one could be closed, after the vulnerability report is confirmed by maintainers. EDIT 2: This means we have to wait here. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Link to the code that reproduces this issue
https://github.com/chitturs/azure-rest-api-specs
To Reproduce
N/A – this is a dependency vulnerability.
Current vs. Expected behavior
Expected behavior:
Upgrade @babel/runtime to a patched version.
Provide environment information
Which area(s) are affected? (Select all that apply)
Runtime
Which stage(s) are affected? (Select all that apply)
Vercel (Deployed)
Additional context
The current version of @babel/runtime in the Next.js codebase contains a known vulnerability (GHSA-968p-4wvh-cqc8).
File: packages/next/src/compiled/@babel/runtime/package.json
Current version: [7.22.5]
Vulnerability: GHSA-968p-4wvh-cqc8
The text was updated successfully, but these errors were encountered: