Babel
@babel.dev
The JavaScript compiler
🌐 babel.dev (or @babeljs.io)
🌐 babel.dev (or @babeljs.io)
We apologize to all the maintainers of libraries that depend on @babel/runtime, do not actually trigger the vulnerable code path, and will get bug reports asking to "please upgrade Babel because it's insecure" 😅
March 11, 2025 at 6:48 PM
We apologize to all the maintainers of libraries that depend on @babel/runtime, do not actually trigger the vulnerable code path, and will get bug reports asking to "please upgrade Babel because it's insecure" 😅
It is unlikely that you are affected, as the security vulnerability only applies when passing a user-provided string to the second argument of RegExp.prototype.replace.
March 11, 2025 at 6:47 PM
It is unlikely that you are affected, as the security vulnerability only applies when passing a user-provided string to the second argument of RegExp.prototype.replace.