Upgrade Babel to latest stable version 7.28.3 #24
Description
Motivation
The currently used Babel version (7.11.x) is outdated.
The project capacitor-voice-recorder has a transitive dependency on get-blob-duration, which still relies on this old Babel version.
A recent BlackDuck scan flagged the following vulnerability:
Babel contains a regular expression denial-of-service (ReDoS) vulnerability due to inefficient regular expression complexity.
A local attacker could exploit this flaw by passing crafted input strings, which when processed could result in degraded performance or a crash.
Vendor statement
Users are affected only if all of the following conditions are met:
Babel is used to compile regular expression named capturing groups.
The .replace method on a RegExp that contains named capturing groups is used.
Untrusted strings are passed as the second argument to .replace.
Even though these conditions might not apply directly in our usage of get-blob-duration, keeping Babel up to date reduces security risks and avoids future compatibility issues.
Changes Needed
Update @babel/runtime (dependency).
Update devDependencies: @babel/core, @babel/cli, @babel/preset-env, @babel/plugin-transform-runtime.
Impact
Reduces security warnings in BlackDuck scans.
Ensures compatibility with the latest Babel toolchain.
No breaking changes to the library’s public API.