Depending on vulnerable version of cosmiconfig

- `babel-plugin-macros` version: v3.1.0
- `node` version: v18.15.0
- `npm` version: v9.5.0

In `package.json`:
```javascript
  "dependencies": {
    "cosmiconfig": "^7.0.0",
```

What you did:
`npm audit`

What happened:

```
  cosmiconfig  6.0.0 - 7.1.0
  Depends on vulnerable versions of yaml
```

Problem description:

`babel-plugin-macros` depends on an older version of `cosmicconfig` which has a vulnerability.

Suggested solution:

Update `cosmicconfig` (at this time, v8.1.3 is available).

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Depending on vulnerable version of cosmiconfig #192

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Depending on vulnerable version of cosmiconfig #192

Description

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions