Merge branch 'extend-ignore-cves-babel'

raksooo · raksooo · commit c83faa43edac · 2025-03-13T09:12:17.000+01:00
diff --git a/desktop/osv-scanner.toml b/desktop/osv-scanner.toml
@@ -3,19 +3,19 @@
 # PostCSS line return parsing error
 [[IgnoredVulns]]
 id = "CVE-2023-44270" # GHSA-7fh5-64p2-3v2j
-ignoreUntil = 2025-03-05
+ignoreUntil = 2025-06-05
 reason = "This project does not use PostCSS to parse untrusted CSS"
 
 # braces: Uncontrolled resource consumption
 [[IgnoredVulns]]
 id = "CVE-2024-4068" # GHSA-grv7-fg5c-xmjg
-ignoreUntil = 2025-03-05
+ignoreUntil = 2025-06-05
 reason = "This package is only used to match paths from either us or trusted libraries"
 
 # micromatch (dev): Regular Expression Denial of Service (ReDoS) in micromatch
 [[IgnoredVulns]]
 id = "CVE-2024-4067" # GHSA-952p-6rrq-rcjv
-ignoreUntil = 2025-02-23
+ignoreUntil = 2025-05-23
 reason = "This is just a dev dependency, and we don't have untrusted input to micromatch there"
 
 # node-gettext: Prototype Pullution via the addTranslations function
diff --git a/desktop/package-lock.json b/desktop/package-lock.json
diff --git a/desktop/package.json b/desktop/package.json
@@ -17,6 +17,9 @@
     "test": "npm run test --workspaces --if-present"
   },
   "devDependencies": {
+    "@babel/core": "7.26.10",
+    "@babel/helpers": "7.26.10",
+    "@babel/runtime": "7.26.10",
     "@eslint/js": "^9.10.0",
     "@types/eslint__js": "^8.42.3",
     "@types/node": "^20.17.9",
