Security: Vulnerabilites - 2 High, 3 Moderate #7450
Comments
|
aight cuh, you gotta switch the moderators with the crypto currency so that its 42 High and 3 moderate |
|
At this moment last pr that was accepted is: merged by @sodatea into dev from dependabot/npm_and_yarn/loader-utils-1.4.1 on Nov 9, 2022 In README you can read that Vue CLI is now in maintenance mode, so you should migrate and remove this package. |
|
is there a solution for this yet? |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Version
5.0.8
Reproduction link
Environment info
Steps to reproduce
Run npm audit on any application using @vue/cli-plugin-unit-mocha and @vue/cli-service - Version 5.0.8
Output:
High minimatch ReDoS vulnerability
Package minimatch
Dependency of @vue/cli-plugin-unit-mocha [dev]
Path @vue/cli-plugin-unit-mocha > mocha > glob > minimatch
More info GHSA-f8q6-p94x-37v3
High minimatch ReDoS vulnerability
Package minimatch
Patched in >=3.0.5
Dependency of @vue/cli-plugin-unit-mocha [dev]
Path @vue/cli-plugin-unit-mocha > mocha > minimatch
More info GHSA-f8q6-p94x-37v3
Moderate Exposure of Sensitive Information to an Unauthorized Actor in nanoid
Package nanoid
Patched in >=3.1.31
Dependency of @vue/cli-plugin-unit-mocha [dev]
Path @vue/cli-plugin-unit-mocha > mocha > nanoid
More info GHSA-qrpm-p2h7-hrv2
Moderate PostCSS line return parsing error
Package postcss
Patched in >=8.4.31
Dependency of @vue/cli-service [dev]
Path @vue/cli-service > @vue/component-compiler-utils > postcss
More info GHSA-7fh5-64p2-3v2j
Moderate PostCSS line return parsing error
Package postcss
Patched in >=8.4.31
Dependency of @vue/cli-service [dev]
Path @vue/cli-service > @vue/vue-loader-v15 >@vue/component-compiler-utils > postcss
More info GHSA-7fh5-64p2-3v2j
What is expected?
There should not be any vulnerabilities
What is actually happening?
There are existing vulnerabilities
The text was updated successfully, but these errors were encountered: