Skip to content

[Aikido] Fix security issue in @babel/traverse via minor version upgrade from 7.10.4 to 7.23.2 in docs#28

Open
aikido-autofix[bot] wants to merge 1 commit intomasterfrom
fix/aikido-security-update-packages-20994978-ma2a
Open

[Aikido] Fix security issue in @babel/traverse via minor version upgrade from 7.10.4 to 7.23.2 in docs#28
aikido-autofix[bot] wants to merge 1 commit intomasterfrom
fix/aikido-security-update-packages-20994978-ma2a

Conversation

@aikido-autofix
Copy link
Copy Markdown

@aikido-autofix aikido-autofix bot commented Mar 29, 2026

Upgrade @babel/traverse to fix remote code execution vulnerability in compilation when processing malicious input with path evaluation methods.

✅ 1 CVE resolved by this upgrade

This PR will resolve the following CVEs:

Issue Severity           Description 
AIKIDO-2025-10745
 
MEDIUM
 [@babel/traverse] A vulnerability allows remote code execution during compilation when processing malicious input with certain plugins that use internal evaluation methods. This affects plugins like @babel/plugin-transform-runtime and @babel/preset-env with useBuiltIns option.

@github-actions
Copy link
Copy Markdown

github-actions bot commented Mar 29, 2026

Package lock diff

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants