Thanks to visit codestin.com
Credit goes to github.com

Skip to content

chore(mwpw-144652): bump Jest to 24.9 to remove vulnerable babel-traverse path #315

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
sanrai merged 2 commits into from
Aug 22, 2025
Merged

chore(mwpw-144652): bump Jest to 24.9 to remove vulnerable babel-traverse path #315

sanrai merged 2 commits into from
Aug 22, 2025

Conversation

@sanrai
Copy link
Collaborator

@sanrai sanrai commented Aug 21, 2025
edited by raissanjay
Loading

Summary: Updates Jest to 24.9 to eliminate a Critical vulnerability in the tra nsitive dependency chain that pulled in [email protected]. There is no fix ed version of babel-traverse, so the mitigation is to move off the dependency
path entirely.

Why: Kodiak flagged “Incomplete List of Disallowed Inputs vulnerability in babel-traverse” via the chain [email protected][email protected][email protected][email protected][email protected][email protected]
. Jest 24 updates the Istanbul/Babel toolchain, removing this path.

Changes:

  • Bump jest to 24.9.x.
  • Refresh lockfile to ensure babel-traverse@6 is no longer resolved.
  • Commits included: 119a181f4c2761aa0c65f30f86b11e7ac43135d0, 59f7346cfec4d de7378cd0365f26f02280840877.

Impact: Test/dev-only dependency; no production runtime impact expected.

Validation:

  • Tests pass locally/CI on Jest 24.9.
  • npm ls babel-traverse shows no instances.
  • npm audit (or Kodiak re-scan) no longer flags the issue.

Notes for reviewers:

  • If the repo used setupTestFrameworkScriptFile, ensure it’s migrated to se tupFilesAfterEnv for Jest 24.

Rollback plan: Revert this PR and re-install dependencies.

@sanrai sanrai changed the title fix(mwpw-1234): upgrade fix(mwpw-144652): upgrade Aug 21, 2025
@github-actions
Copy link

github-actions bot commented Aug 21, 2025

Core Web Vitals Metrics

Metric Value
LCP N/A s
FID N/A ms
CLS N/A

Recorded at: 2025-08-21T22:30:45.404Z
PR: #315

@github-actions
Copy link

github-actions bot commented Aug 21, 2025

Core Web Vitals Metrics

Metric Value
LCP N/A s
FID N/A ms
CLS N/A

Recorded at: 2025-08-21T22:32:49.489Z
PR: #315

@raissanjay raissanjay changed the title fix(mwpw-144652): upgrade chore(mwpw-144652): bump Jest to 24.9 to remove vulnerable babel-traverse path Aug 21, 2025
@github-actions
Copy link

github-actions bot commented Aug 21, 2025

Core Web Vitals Metrics

Metric Value
LCP N/A s
FID N/A ms
CLS N/A

Recorded at: 2025-08-21T22:40:06.259Z
PR: #315

@github-actions
Copy link

github-actions bot commented Aug 21, 2025

Core Web Vitals Metrics

Metric Value
LCP N/A s
FID N/A ms
CLS N/A

Recorded at: 2025-08-21T22:41:19.234Z
PR: #315

thedoc31
thedoc31 approved these changes Aug 22, 2025
View reviewed changes
Copy link
Contributor

@thedoc31 thedoc31 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Any idea why GHA is flagging all these unexpected console statement and Dangerous property 'dangerouslySetInnerHTML' found?

@sanrai
Copy link
Collaborator Author

sanrai commented Aug 22, 2025

Those comments come from linting rules as warnings but we use these APIs such as dangerouslySetInnerHTML to handle various business requirements (since there is no other way).

@sanrai sanrai merged commit 035925f into main Aug 22, 2025
56 of 57 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@thedoc31 thedoc31 thedoc31 approved these changes

@jedjedjedM jedjedjedM jedjedjedM approved these changes

@cmiqueo cmiqueo Awaiting requested review from cmiqueo

@sheridansunier sheridansunier Awaiting requested review from sheridansunier

@shkhan91 shkhan91 Awaiting requested review from shkhan91

@gmirijan gmirijan Awaiting requested review from gmirijan

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@sanrai @thedoc31 @jedjedjedM @raissanjay @sr8384856