You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
$ npm audit
# npm audit report
async <3.2.2
Severity: high
Prototype Pollution in async - https://github.com/advisories/GHSA-fwr7-v2mv-hh25
fix available via `npm audit fix --force`
Will install @vue/cli-plugin-eslint@3.12.1, which is a breaking change
node_modules/async
portfinder 0.1.0 || >=0.4.0
Depends on vulnerable versions of async
node_modules/portfinder
@vue/cli-service *
Depends on vulnerable versions of @vue/cli-plugin-router
Depends on vulnerable versions of portfinder
node_modules/@vue/cli-service
@vue/cli-plugin-babel >=4.0.0-alpha.0
Depends on vulnerable versions of @vue/cli-service
node_modules/@vue/cli-plugin-babel
@vue/cli-plugin-eslint >=4.0.0-alpha.0
Depends on vulnerable versions of @vue/cli-service
node_modules/@vue/cli-plugin-eslint
@vue/cli-plugin-router *
Depends on vulnerable versions of @vue/cli-service
node_modules/@vue/cli-plugin-router
@vue/cli-plugin-typescript >=4.0.0-alpha.0
Depends on vulnerable versions of @vue/cli-service
node_modules/@vue/cli-plugin-typescript
@vue/cli-plugin-vuex *
Depends on vulnerable versions of @vue/cli-service
node_modules/@vue/cli-plugin-vuex
webpack-dev-server >=2.0.0-beta
Depends on vulnerable versions of portfinder
node_modules/webpack-dev-server
9 high severity vulnerabilities
As developped here, it is mainly dependency to vuejs/webpack through portfinder 1.0.28 that depends on async v2 (a v3 is available, but incompatible I guess with portfinder). As of caolan/async#1828 it seems that a PR is on the way to backport the fix to async v2.
The text was updated successfully, but these errors were encountered:
As developped here, it is mainly dependency to vuejs/webpack through
portfinder
1.0.28 that depends onasync
v2 (a v3 is available, but incompatible I guess withportfinder
). As of caolan/async#1828 it seems that a PR is on the way to backport the fix toasync
v2.The text was updated successfully, but these errors were encountered: