vite-plugin-vue2 icon indicating copy to clipboard operation
vite-plugin-vue2 copied to clipboard

Published 20 hours ago verified publisher icon underfin

High vulnerability on dependency @vue/component-compiler-utils

Open dvago opened this issue 3 years ago • 1 comments

Hi there,

First of all thank you for creating this package.

I'm currently trying to migrate a big vue-cli build into the vite ecosystem, when running the dependency installation I get an "high vulnerability" to resolve so when running npm audit fix this message appears:

No fix available
node_modules/@vue/component-compiler-utils/node_modules/postcss
  @vue/component-compiler-utils  *
  Depends on vulnerable versions of postcss
  node_modules/@vue/component-compiler-utils
    vite-plugin-vue2  *
    Depends on vulnerable versions of @vue/component-compiler-utils
    node_modules/vite-plugin-vue2

My current package.json contains the following packages, along with a bunch of others which shouldn't be related to the issue:

"vite-plugin-vue2": "^1.9.2",
"vite": "^2.7.12",
"vite-plugin-dynamic-import": "^0.1.1",
"vue-template-compiler": "^2.6.14",

Looking forward to hearing from you

dvago avatar Jan 19 '22 10:01 dvago

Can you open a issue at @vue/component-compiler-utils?

underfin avatar Feb 04 '22 06:02 underfin