Skip to content

Commit 10f4652

Browse files
committed
Move @babel/cli from dependencies to devDependencies
@babel/cli is a build tool not used at runtime by consumers of this package. Having it in dependencies pulls in glob and minimatch as transitive deps, which carry high-severity ReDoS vulnerabilities (GHSA-3ppc-4f35-3m26). Moving it to devDependencies eliminates these vulnerabilities for all downstream consumers.
1 parent fd26d23 commit 10f4652

2 files changed

Lines changed: 4630 additions & 1 deletion

File tree

0 commit comments

Comments
 (0)