vuejs3-datepicker
vuejs3-datepicker copied to clipboard
shubhadip
Dependency with security vulnerability
npm audit now gives a warning that vuejs3-datepickers depends on vulnerable versions of vite-plugin-dts. There is a fix available, but npm audit fix or with --force doesn't give the correct output. Could you update this depencen manually?
https://github.com/advisories/GHSA-g3ch-rx76-35fx
This is the full output of a npm audit: (It is in a project, so there are other dependencies, but it is also with brand new project)
npm audit report
vue-template-compiler >=2.0.0
Severity: moderate
vue-template-compiler vulnerable to client-side Cross-Site Scripting (XSS) - https://github.com/advisories/GHSA-g3ch-rx76-35fx
fix available via npm audit fix
node_modules/vue-template-compiler
@vue/language-core <=2.0.28
Depends on vulnerable versions of vue-template-compiler
node_modules/@vue/language-core
vite-plugin-dts 3.0.0-beta.1 - 4.0.0-beta.2
Depends on vulnerable versions of @vue/language-core
Depends on vulnerable versions of vue-tsc
node_modules/vite-plugin-dts
vuejs3-datepicker >=1.1.0
Depends on vulnerable versions of vite-plugin-dts
node_modules/vuejs3-datepicker
vue-tsc 1.7.0-alpha.0 - 2.0.28
Depends on vulnerable versions of @vue/language-core
node_modules/vue-tsc
