Skip to content

[Snyk] Security upgrade babel-loader from 8.4.1 to 10.0.0#363

Open
Lohoyo wants to merge 1 commit intomasterfrom
snyk-fix-c7648d1d4afbb7e9065adaba9d953218
Open

[Snyk] Security upgrade babel-loader from 8.4.1 to 10.0.0#363
Lohoyo wants to merge 1 commit intomasterfrom
snyk-fix-c7648d1d4afbb7e9065adaba9d953218

Conversation

@Lohoyo
Copy link
Collaborator

@Lohoyo Lohoyo commented Feb 13, 2026

snyk-top-banner

Snyk has created this PR to fix 1 vulnerabilities in the npm dependencies of this project.

Snyk changed the following file(s):

  • packages/san-cli-plugin-babel/package.json

Vulnerabilities that will be fixed with an upgrade:

Issue Score
high severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-AJV-15274295		   803  

Important

  • Check the changes in this PR to ensure they won't cause issues with your project.
  • Max score is 1000. Note that the real score may have changed since the PR was raised.
  • This PR was automatically created by Snyk using the credentials of a real user.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)

chatgpt-codex-connector[bot]
chatgpt-codex-connector bot reviewed Feb 13, 2026
View reviewed changes
Copy link

@chatgpt-codex-connector chatgpt-codex-connector bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: a988a83de2

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

packages/san-cli-plugin-babel/package.json
"@babel/runtime": "^7.6.3",
"@babel/runtime-corejs3": "^7.6.3",
"babel-loader": "^8.0.6",
"babel-loader": "^10.0.0",
Copy link

@chatgpt-codex-connector chatgpt-codex-connector bot Feb 13, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P1 Badge Keep babel-loader aligned with supported Node versions

Bumping to babel-loader@^10.0.0 is a breaking dependency change that is not aligned with this repo’s currently declared support floor (node >=12.13.0 in packages/san-cli-plugin-babel/package.json and README.md), so installs/builds can break for users still on the documented Node range; this should either stay on a compatible babel-loader major or be coupled with an explicit Node engine/docs bump in the same change.

Useful? React with 👍 / 👎.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@chatgpt-codex-connector chatgpt-codex-connector[bot] chatgpt-codex-connector[bot] left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@Lohoyo @snyk-bot