@babel/core should be updated from 7.1.0 to at least 7.9.0 to resolve dependencies on minimist and kind-of

[turlockmike]

🐛 Bug Report

npm module minimist has a publicly declared vulnerability and should be updated.

Similarly module kind-of also has one.

The current version of @babel/core (7.1.0) as a dependency for @jest-config and @jest-transform has a deep dependency on this which can be resolved by updating to the latest version of @babel/core to >= 7.9.0

See issue resolution on babel core babel/babel#11274

To Reproduce

yarn install
Inspect the yarn.lock file
See the old versions of minimist and kind-of are old.

Expected behavior

yarn install
Inspect the yarn.lock file
Version is updated.

Link to repl or repo (highly encouraged)

envinfo

[cawel]

npm audit yields thousands of issues (see one example below) because of a vulnerability in the kind-of package – a dependency used by a ton of Jest packages.

[SimenB]

@babel/core is in range of our dependency declaration, so you can fix that in your own lockfile.

kind-of is pulled in transitively via sane, which has been removed in #10919. You can install jest@next if you want, or wait for a stable release

[cawel]

@babel/core is in range of our dependency declaration, so you can fix that in your own lockfile.

Based on the npm audit output, the problem seems to be with @jest/core – not @babel/core though.

I did a npm upgrade jest, npm upgrade @jest/core (and also a npm upgrade @babel/core), and I still have those issues. Could you elaborate on what you meant by "you can fix that in your own lockfile"?

[SimenB]

I'm talking about the OP which is @babel/core, not your issue which is different and not strictly related.

Your issue as I said is fixed by #10919

[github-actions]

This issue has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.
Please note this issue tracker is not a help forum. We recommend using StackOverflow or our discord channel for questions.