Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

update vue loader package #404

Closed
Niveshkrishna opened this issue Nov 7, 2022 · 2 comments
Closed

update vue loader package #404

Niveshkrishna opened this issue Nov 7, 2022 · 2 comments

Comments

@Niveshkrishna
Copy link

vue loader version needs to be bumped to at least v16.0.0 as per this report GHSA-76p3-8jx3-jpfq

# npm audit report

loader-utils  <2.0.3
Severity: critical
Prototype pollution in webpack loader-utils - https://github.com/advisories/GHSA-76p3-8jx3-jpfq
No fix available
node_modules/vue-loader/node_modules/loader-utils
node_modules/vue-style-loader/node_modules/loader-utils
  vue-loader  2.0.0 - 16.0.0-rc.2
  Depends on vulnerable versions of loader-utils
  Depends on vulnerable versions of vue-style-loader
  node_modules/vue-loader
    @nextcloud/webpack-vue-config  *
    Depends on vulnerable versions of vue-loader
    node_modules/@nextcloud/webpack-vue-config
  vue-style-loader  *
  Depends on vulnerable versions of loader-utils
  node_modules/vue-style-loader

4 critical severity vulnerabilities

Some issues need review, and may require choosing
a different dependency.
@skjnldsv
Copy link
Contributor

webpack/loader-utils#220

@skjnldsv
Copy link
Contributor

10:31 [admin@workstation] ~/git/webpack-vue-config% npm audit                                                                                      git:(master)
found 0 vulnerabilities

10:31 [admin@workstation] ~/git/webpack-vue-config% npm ls vue-loader                                                                              git:(master)
@nextcloud/webpack-vue-config@5.4.0 /home/admin/git/webpack-vue-config
└── vue-loader@15.10.0

10:31 [admin@workstation] ~/git/webpack-vue-config% npm ls loader-utils                                                                            git:(master)
@nextcloud/webpack-vue-config@5.4.0 /home/admin/git/webpack-vue-config
└─┬ vue-loader@15.10.0
  ├── loader-utils@1.4.2
  └─┬ vue-style-loader@4.1.3
    └── loader-utils@1.4.2 deduped

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging a pull request may close this issue.

2 participants