critical/high Vulnerabilities

[paul-asvb]

I am interested in helping provide a fix!

Yes

Which generators are impacted?

• [x] All
• [ ] Angular
• [ ] HTML
• [ ] Preact
• [ ] Qwik
• [ ] React
• [ ] React-Native
• [ ] Solid
• [ ] Stencil
• [ ] Svelte
• [ ] Vue
• [ ] Web components

Reproduction case

No UI Problem

Expected Behaviour

Have no CRITICAL / HIGH vulnerabilites

Actual Behaviour

pnpm audit + trivy audit both get the same vulnerabilities:

Severity	Vulnerability Description	Package	Vulnerable Versions	Patched Versions	Paths	More Info
critical	vm2 Sandbox Escape vulnerability	vm2	<=3.9.19	<0.0.0	. > [email protected]	Link
					mypackage > @builder.io/[email protected] > @builder.io/[email protected] > [email protected]
					mypackage > @builder.io/[email protected] > @builder.io/[email protected] > @builder.io/[email protected] > [email protected]
critical	Prototype Pollution in lodash	lodash.template	<4.5.0	>=4.5.0	. > [email protected]	Link
					mypackage > @builder.io/[email protected] > [email protected] > [email protected]
high	glob-parent before 5.1.2 vulnerable to Regular Expression Denial of Service in enclosure regex	glob-parent	<5.1.2	>=5.1.2	mypackage > @builder.io/[email protected] > [email protected] > [email protected] > [email protected] > [email protected]	Link
					mypackage > @builder.io/[email protected] > [email protected] > [email protected] > [email protected] > [email protected] > [email protected] > [email protected] > [email protected]
high	node-fetch forwards secure headers to untrusted sites	node-fetch	<2.6.7	>=2.6.7	mypackage > @builder.io/[email protected] > @builder.io/[email protected] > [email protected] > [email protected] > [email protected] > [email protected]	Link
					mypackage > @builder.io/[email protected] > @builder.io/[email protected] > @builder.io/[email protected] > [email protected] > [email protected] > [email protected] > [email protected]

Additional Information

I love this project, happy to provide a fix.