fix: upgrade @babel/plugin-transform-modules-systemjs to 7.29.4, 8.0.0-alpha.13 (CVE-2026-44728) by orbisai0security · Pull Request #9965 · Kong/insomnia

orbisai0security · 2026-05-27T00:58:21Z

Summary

Upgrade @babel/plugin-transform-modules-systemjs from 7.28.5 to 7.29.4, 8.0.0-alpha.13 to fix CVE-2026-44728.

Vulnerability

Field	Value
ID	CVE-2026-44728
Severity	HIGH
Scanner	trivy
Rule	`CVE-2026-44728`
File	`packages/insomnia-component-docs/package-lock.json`
Assessment	Likely exploitable

Description: @babel/plugin-transform-modules-systemjs generates arbitrary code when compiling malicious input

Changes

packages/insomnia-component-docs/package.json
packages/insomnia-component-docs/package-lock.json

Verification

Build passes
Scanner re-scan confirms fix
LLM code review passed

This change addresses a pattern flagged by static analysis. The code path handles user-influenced input and the fix reduces the attack surface.

Automated security fix by OrbisAI Security

Automated dependency upgrade by OrbisAI Security

CLAassistant · 2026-05-27T00:58:29Z

All committers have signed the CLA.

CLAassistant · 2026-05-27T00:58:29Z

Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.
_{You have signed the CLA already but the status is still pending? Let us recheck it.}

orbisai0security · 2026-05-27T01:12:13Z