You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The package should not include known vulnerable dependencies.
What is actually happening?
Running npm audit results in:
❯ npm audit
# npm audit report
electron <=22.3.24
Severity: high
Depends on vulnerable versions of @electron/get
Electron vulnerable to out-of-package code execution when launched with arbitrary cwd - https://github.com/advisories/GHSA-7x97-j373-85x5
Electron context isolation bypass via nested unserializable return value - https://github.com/advisories/GHSA-p7v2-p9m8-qqg7
Electron affected by libvpx's heap buffer overflow in vp8 encoding - https://github.com/advisories/GHSA-qqvq-6xgj-jw8gNo fix availablenode_modules/electron @vue/devtools * Depends on vulnerable versions of electron node_modules/@vue/devtoolsgot <11.8.5Severity: moderateGot allows a redirect to a UNIX socket - https://github.com/advisories/GHSA-pfrx-2q88-qq97No fix availablenode_modules/got @electron/get <=1.14.1 Depends on vulnerable versions of got node_modules/@electron/get4 vulnerabilities (3 moderate, 1 high)Some issues need review, and may require choosinga different dependency.
Vue devtools version
6.5.1
Link to minimal reproduction
https://stackblitz.com/edit/vitejs-vite-hdegy7?file=package.json
Steps to reproduce & screenshots
Open stackblitz terminal and run
npm audit
Or on local machine:
npm install --save-dev @vue/devtools
npm audit
What is expected?
The package should not include known vulnerable dependencies.
What is actually happening?
Running
npm audit
results in:System Info
System: OS: Linux 3.10 CentOS Linux 7 (Core) CPU: (28) x64 Intel(R) Xeon(R) CPU E5-2683 v3 @ 2.00GHz Memory: 11.52 GB / 62.66 GB Container: Yes Shell: 4.2.46 - /bin/bash Binaries: Node: 16.20.0 - /usr/local/bin/node npm: 8.19.4 - /usr/local/bin/npm npmPackages: vue: ^3.3.4 => 3.3.4
Any additional comments?
No response
The text was updated successfully, but these errors were encountered: