Skip to content

fix(js): update @swc/cli version to fix vulnerability#30575

Merged
jaysoo merged 1 commit intomasterfrom
fix/audit
Apr 2, 2025
Merged

fix(js): update @swc/cli version to fix vulnerability#30575
jaysoo merged 1 commit intomasterfrom
fix/audit

Conversation

@jaysoo
Copy link
Copy Markdown
Member

@jaysoo jaysoo commented Apr 1, 2025
edited
Loading

The @swc/cli version we're currently using has a security vulnerability due to dependency on cross-spawn. This PR updates it to the version that fixes the vulnerability.

Advisory: GHSA-3xgq-45jj-v275

Current Behavior

Existing and new JS workspaces have a high security warning.

Expected Behavior

No high security warning for new workspaces, and existing ones are updated.

Related Issue(s)

Fixes #

@jaysoo jaysoo requested review from a team, AgentEnder and FrozenPandaz as code owners April 1, 2025 22:29
@jaysoo jaysoo requested a review from leosvelperez April 1, 2025 22:29
@vercel
Copy link
Copy Markdown

vercel bot commented Apr 1, 2025
edited
Loading

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name Status Preview Updated (UTC)
nx-dev ✅ Ready (Inspect) Visit Preview Apr 2, 2025 1:41pm

@nx-cloud
Copy link
Copy Markdown
Contributor

nx-cloud bot commented Apr 1, 2025
edited
Loading

View your CI Pipeline Execution ↗ for commit a013c0a.

Command Status Duration Result
nx affected --targets=lint,test,build,e2e,e2e-c... ✅ Succeeded 7m 1s View ↗
nx run-many -t check-imports check-commit check... ✅ Succeeded 16s View ↗
nx-cloud record -- nx-cloud conformance:check ✅ Succeeded 2s View ↗
nx-cloud record -- nx format:check --base=962aa... ✅ Succeeded 2s View ↗
nx-cloud record -- nx sync:check ✅ Succeeded 1s View ↗
nx documentation ✅ Succeeded <1s View ↗

☁️ Nx Cloud last updated this comment at 2025-04-02 13:44:47 UTC

@jaysoo jaysoo merged commit 538fd8c into master Apr 2, 2025
12 checks passed
@jaysoo jaysoo deleted the fix/audit branch April 2, 2025 13:51
jaysoo added a commit that referenced this pull request Apr 2, 2025
@jaysoo
fix(js): update @swc/cli version to fix vulnerability (#30575)
f761f58 
The `@swc/cli` version we're currently using has a security
vulnerability due to dependency on `cross-spawn`. This PR updates it to
the version that fixes the vulnerability.

Advisory: GHSA-3xgq-45jj-v275


## Current Behavior
Existing and new JS workspaces have a high security warning.

## Expected Behavior
No high security warning for new workspaces, and existing ones are
updated.

## Related Issue(s)
<!-- Please link the issue being fixed so it gets closed when this is
merged. -->

Fixes #
@github-actions
Copy link
Copy Markdown
Contributor

github-actions bot commented Apr 8, 2025

This pull request has already been merged/closed. If you experience issues related to these changes, please open a new issue referencing this pull request.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Apr 8, 2025
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

@leosvelperez leosvelperez leosvelperez approved these changes

@FrozenPandaz FrozenPandaz Awaiting requested review from FrozenPandaz

@AgentEnder AgentEnder Awaiting requested review from AgentEnder

+1 more reviewer

@Coly010 Coly010 Coly010 approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@jaysoo @leosvelperez @Coly010