CVE-2023-45133

Advisory

Beancount-import version 1.4.0 has upgraded `@babel/traverse` from 7.13.0 to 7.23.3 in the frontend to address the security issue detailed in CVE-2023-45133.

Affected package

Affected versions

Fixed versions

Vulnerability changelog

New Features:

* Added support for parsing Amazon Germany orders
* Added locale option to PayPal importer with support for Germany
* Mint importer now allows specifying a custom currency
* Added support for importing options transactions
* Added support for treasury T-Bill transactions in OFX importer
* Added keyboard shortcut for editing the Payee field

Improvements:
* Significantly improved performance of transaction matching
* Added support for new Venmo transaction type
* Updated Ultipro importer to handle more variations in statement format
* Incorporated timestamp parsing from deprecated Beancount OFX importer
* Improved test stability with Beancount 2.3.6+
* Fixed various static type checking errors

Bug Fixes:
*Fixed several bugs in the transaction matching logic
* Fixed compatibility issues with scikit-learn 1.2.0+
* Fixed parsing of amounts with currency symbols after the value
* Improved error handling in OFX importer for transfers with missing data

Dependency Updates:
* Updated several frontend dependencies to resolve security vulnerabilities

Resources

• https://github.com/jbms/beancount-import/pull/215/commits/55a77ff586baf81b2904743a1658d01772a1051e
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45133