Comments (7)
we are hoping to get an MVP in Ember CLI 2.13, but as we're talking about an OSS project there are no guarantees at all
from broccoli-babel-transpiler.
what "vulnerability" is that?
from broccoli-babel-transpiler.
(+) 1 vulnerabilities found
┌───────────────┬───────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────┐
│ │ Regular Expression Denial of Service │
├───────────────┼───────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────┤
│ Name │ minimatch │
├───────────────┼───────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────┤
│ Installed │ 2.0.10 │
├───────────────┼───────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────┤
│ Vulnerable │ <=3.0.1 │
├───────────────┼───────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────┤
│ Patched │ >=3.0.2 │
├───────────────┼───────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────┤
│ Path │ [email protected] > [email protected] > [email protected] > [email protected] > [email protected] > [email protected] │
├───────────────┼───────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────┤
│ More Info │ https://nodesecurity.io/advisories/118 │
└───────────────┴──────────────────────────────────────────
from broccoli-babel-transpiler.
are you passing user input into minimatch
?
from broccoli-babel-transpiler.
I think we are not using it right now, but maybe other people do.
from broccoli-babel-transpiler.
to be honest I don't see how anyone could actually take advantage of that vulnerability through the broccoli-babel-transpiler
plugin. broccoli is usually used in the build pipeline where usually no user input is part of the build or could be harmful in any way. as there is no user input there is also no realistic way to take advantage of such a vulnerability. unless you can demonstrate that this is an actual issue I'd like to close this issue.
as for Babel 6: we (mainly @rwjblue) are actively working on supporting Babel 6 in Ember CLI (and Broccoli) in the near future, but we are not done yet.
from broccoli-babel-transpiler.
Ok 👍 Is there any deadline planned for your upcoming release?
from broccoli-babel-transpiler.
Related Issues (20)
- Version 6.1.4 not tagged "latest" on npm HOT 2
- Update babel-7 branch with latest changes on master. HOT 1
- Improve parallel errors further
- warn/error if duplicate plugins provided
- .babelrc changes do not bust cache HOT 5
- Confusing error message for non-parallelizable plugin HOT 2
- Parallelization Does Not Interop Between Babel 6 and 7 HOT 3
- TypeError: Cannot read property '_parallelBabel' of null HOT 1
- Polyfill missing in output due to bad path handling HOT 6
- upgrade node-workerpool for WorkerThread support HOT 3
- Share worker even if different babel version HOT 2
- Worker process not terminated when Babel emits ReferenceError on malformed options HOT 15
- Trouble getting transpiled JS to work in the browser HOT 4
- Suggest using core-js directly HOT 3
- Remove `options.browserPolyfill` option.
- Move babel specific options into `options.babel` property. HOT 1
- @babel/polyfill 7.4.0+ has been deprecated HOT 1
- New release HOT 3
- Does not support latest broccoli-persistent-filter HOT 3
- JOBS=1 does not result in babel transforms being run in the main ember-cli build process
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from broccoli-babel-transpiler.