-
-
Notifications
You must be signed in to change notification settings - Fork 6.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Security: Vulnerabilites - 2 High, 3 Moderate #7450
Comments
aight cuh, you gotta switch the moderators with the crypto currency so that its 42 High and 3 moderate |
At this moment last pr that was accepted is: merged by @sodatea into dev from dependabot/npm_and_yarn/loader-utils-1.4.1 on Nov 9, 2022 In README you can read that Vue CLI is now in maintenance mode, so you should migrate and remove this package. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Version
5.0.8
Reproduction link
Environment info
Steps to reproduce
Run npm audit on any application using @vue/cli-plugin-unit-mocha and @vue/cli-service - Version 5.0.8
Output:
High minimatch ReDoS vulnerability
Package minimatch
Dependency of @vue/cli-plugin-unit-mocha [dev]
Path @vue/cli-plugin-unit-mocha > mocha > glob > minimatch
More info GHSA-f8q6-p94x-37v3
High minimatch ReDoS vulnerability
Package minimatch
Patched in >=3.0.5
Dependency of @vue/cli-plugin-unit-mocha [dev]
Path @vue/cli-plugin-unit-mocha > mocha > minimatch
More info GHSA-f8q6-p94x-37v3
Moderate Exposure of Sensitive Information to an Unauthorized Actor in nanoid
Package nanoid
Patched in >=3.1.31
Dependency of @vue/cli-plugin-unit-mocha [dev]
Path @vue/cli-plugin-unit-mocha > mocha > nanoid
More info GHSA-qrpm-p2h7-hrv2
Moderate PostCSS line return parsing error
Package postcss
Patched in >=8.4.31
Dependency of @vue/cli-service [dev]
Path @vue/cli-service > @vue/component-compiler-utils > postcss
More info GHSA-7fh5-64p2-3v2j
Moderate PostCSS line return parsing error
Package postcss
Patched in >=8.4.31
Dependency of @vue/cli-service [dev]
Path @vue/cli-service > @vue/vue-loader-v15 >@vue/component-compiler-utils > postcss
More info GHSA-7fh5-64p2-3v2j
What is expected?
There should not be any vulnerabilities
What is actually happening?
There are existing vulnerabilities
The text was updated successfully, but these errors were encountered: