Skip to content

fix(js): update @swc/cli version to fix vulnerability #30575

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Apr 2, 2025
Merged

fix(js): update @swc/cli version to fix vulnerability #30575

merged 1 commit into from
Apr 2, 2025

Conversation

jaysoo
Copy link
Member

@jaysoo jaysoo commented Apr 1, 2025
edited
Loading

The @swc/cli version we're currently using has a security vulnerability due to dependency on cross-spawn. This PR updates it to the version that fixes the vulnerability.

Advisory: GHSA-3xgq-45jj-v275

Current Behavior

Existing and new JS workspaces have a high security warning.

Expected Behavior

No high security warning for new workspaces, and existing ones are updated.

Related Issue(s)

Fixes #
@jaysoo jaysoo requested review from a team, AgentEnder and FrozenPandaz as code owners April 1, 2025 22:29
@jaysoo jaysoo requested a review from leosvelperez April 1, 2025 22:29
@vercel Vercel
Copy link

vercel bot commented Apr 1, 2025
edited
Loading

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name Status Preview Updated (UTC)
nx-dev ✅ Ready (Inspect) Visit Preview Apr 2, 2025 1:41pm
@nx-cloud Nx Cloud
Copy link
Contributor

nx-cloud bot commented Apr 1, 2025
edited
Loading

View your CI Pipeline Execution ↗ for commit a013c0a.

Command Status Duration Result
nx affected --targets=lint,test,build,e2e,e2e-c... ✅ Succeeded 7m 1s View ↗
nx run-many -t check-imports check-commit check... ✅ Succeeded 16s View ↗
nx-cloud record -- nx-cloud conformance:check ✅ Succeeded 2s View ↗
nx-cloud record -- nx format:check --base=962aa... ✅ Succeeded 2s View ↗
nx-cloud record -- nx sync:check ✅ Succeeded 1s View ↗
nx documentation ✅ Succeeded <1s View ↗

☁️ Nx Cloud last updated this comment at 2025-04-02 13:44:47 UTC
@jaysoo jaysoo merged commit 538fd8c into master Apr 2, 2025
12 checks passed
@jaysoo jaysoo deleted the fix/audit branch April 2, 2025 13:51
jaysoo added a commit that referenced this pull request Apr 2, 2025
@jaysoo
fix(js): update @swc/cli version to fix vulnerability (#30575)
f761f58 
The `@swc/cli` version we're currently using has a security
vulnerability due to dependency on `cross-spawn`. This PR updates it to
the version that fixes the vulnerability.

Advisory: GHSA-3xgq-45jj-v275


## Current Behavior
Existing and new JS workspaces have a high security warning.

## Expected Behavior
No high security warning for new workspaces, and existing ones are
updated.

## Related Issue(s)
<!-- Please link the issue being fixed so it gets closed when this is
merged. -->

Fixes #
@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Apr 8, 2025

This pull request has already been merged/closed. If you experience issues related to these changes, please open a new issue referencing this pull request.
@github-actions github-actions bot locked as resolved and limited conversation to collaborators Apr 8, 2025
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Labels

None yet

3 participants

@jaysoo @leosvelperez @Coly010