esbuild-vue
esbuild-vue copied to clipboard
Published
20 hours ago •
apeschar
apeschar
The latest version depends on vulnerable packages - Please consider upgrading its dependencies.
# npm audit report
json5 <1.0.2
Severity: high
Prototype Pollution in JSON5 via Parse Method - https://github.com/advisories/GHSA-9c47-m6qq-7p4h
No fix available
node_modules/loader-utils/node_modules/json5
loader-utils <=1.4.0
Depends on vulnerable versions of json5
node_modules/loader-utils
generic-names <=1.0.3
Depends on vulnerable versions of loader-utils
node_modules/generic-names
postcss-modules-sync *
Depends on vulnerable versions of generic-names
Depends on vulnerable versions of postcss
Depends on vulnerable versions of postcss-modules-local-by-default
Depends on vulnerable versions of postcss-modules-scope
node_modules/postcss-modules-sync
@vue/component-compiler *
Depends on vulnerable versions of postcss-modules-sync
node_modules/@vue/component-compiler
esbuild-vue *
Depends on vulnerable versions of @vue/component-compiler
node_modules/esbuild-vue
postcss <7.0.36
Severity: moderate
Regular Expression Denial of Service in postcss - https://github.com/advisories/GHSA-566m-qj78-rww5
No fix available
node_modules/postcss-modules-local-by-default/node_modules/postcss
node_modules/postcss-modules-scope/node_modules/postcss
node_modules/postcss-modules-sync/node_modules/postcss
postcss-modules-local-by-default <=1.2.0
Depends on vulnerable versions of postcss
node_modules/postcss-modules-local-by-default
postcss-modules-scope <=1.1.0
Depends on vulnerable versions of postcss
node_modules/postcss-modules-scope
I'm not sure whether this is fixed in later Vue 2 versions. It might be worth checking. I'm not planning to do so at this time. PRs are welcome.
However any vulnerabilities won't impact users, unless they are compiling untrusted Vue components.
