Commit 10f4652
committed
Move @babel/cli from dependencies to devDependencies
@babel/cli is a build tool not used at runtime by consumers of this
package. Having it in dependencies pulls in glob and minimatch as
transitive deps, which carry high-severity ReDoS vulnerabilities
(GHSA-3ppc-4f35-3m26). Moving it to devDependencies eliminates these
vulnerabilities for all downstream consumers.1 parent fd26d23 commit 10f4652
2 files changed
Lines changed: 4630 additions & 1 deletion
0 commit comments