Asset upgrades for NPM/Vue issues

[fuzemobi]

I used the dependencies upgrade for my Github repo using dependabot and also seen with npm install audits.

I allowed the dependencies to upgrade but foudn that the node-sass 6.0.1 is incompatible. What does it take to upgrade your vue project?

LOGS BELOW:

the dependabot found these upgrades:

• Bump google-maps from 3.3.0 to 4.3.3 dependencies
• Bump bootstrap from 4.3.1 to 5.1.1 dependencies
• Bump sass-loader from 7.3.1 to 12.1.0 dependencies
• Bump node-sass from 4.14.1 to 6.0.1 dependencies
• Bump @vue/cli-plugin-babel from 3.12.1 to 4.5.13 dependencies

npm audit results in the following errors:
npm install

up to date, audited 1618 packages in 5s

90 packages are looking for funding
run npm fund for details

20 vulnerabilities (14 moderate, 6 high)

To address issues that do not require attention, run:
npm audit fix

To address all issues possible (including breaking changes), run:
npm audit fix --force

Some issues need review, and may require choosing
a different dependency.

Run npm audit for details.
chadrosenbohm@MacBook-Pro-16 psi_portal % npm audit

npm audit report

glob-parent <5.1.2
Severity: moderate
Regular expression denial of service - https://npmjs.com/advisories/1751
fix available via npm audit fix --force
Will install @vue/cli-service@4.5.13, which is a breaking change
node_modules/glob-parent
chokidar 1.0.0-rc1 - 2.1.8
Depends on vulnerable versions of glob-parent
node_modules/watchpack-chokidar2/node_modules/chokidar
node_modules/webpack-dev-server/node_modules/chokidar
watchpack-chokidar2 *
Depends on vulnerable versions of chokidar
node_modules/watchpack-chokidar2
watchpack 1.7.2 - 1.7.5
Depends on vulnerable versions of watchpack-chokidar2
node_modules/watchpack
webpack 4.44.0 - 4.46.0
Depends on vulnerable versions of watchpack
node_modules/webpack
webpack-dev-server 2.0.0-beta - 3.11.2
Depends on vulnerable versions of chokidar
node_modules/webpack-dev-server
@vue/cli-service <=5.0.0-beta.3
Depends on vulnerable versions of copy-webpack-plugin
Depends on vulnerable versions of globby
Depends on vulnerable versions of webpack-dev-server
node_modules/@vue/cli-service
fast-glob <=2.2.7
Depends on vulnerable versions of glob-parent
node_modules/fast-glob
globby 8.0.0 - 9.2.0
Depends on vulnerable versions of fast-glob
node_modules/globby
@vue/cli-plugin-eslint 3.1.2 - 5.0.0-alpha.1
Depends on vulnerable versions of globby
node_modules/@vue/cli-plugin-eslint

quill *
Severity: moderate
Cross-Site Scripting - https://npmjs.com/advisories/1695
No fix available
node_modules/quill

serialize-javascript <=3.0.0
Severity: high
Cross-Site Scripting - https://npmjs.com/advisories/1426
Remote Code Execution - https://npmjs.com/advisories/1548
fix available via npm audit fix --force
Will install @vue/cli-service@4.5.13, which is a breaking change
node_modules/serialize-javascript
copy-webpack-plugin 4.3.0 - 5.0.4
Depends on vulnerable versions of cacache
Depends on vulnerable versions of serialize-javascript
node_modules/copy-webpack-plugin
@vue/cli-service <=5.0.0-beta.3
Depends on vulnerable versions of copy-webpack-plugin
Depends on vulnerable versions of globby
Depends on vulnerable versions of webpack-dev-server
node_modules/@vue/cli-service

ssri 5.2.2 - 6.0.1 || 7.0.0 - 7.1.0 || 8.0.0
Severity: moderate
Regular Expression Denial of Service - https://npmjs.com/advisories/565
fix available via npm audit fix --force
Will install @vue/cli-service@4.5.13, which is a breaking change
node_modules/cacache/node_modules/ssri
cacache 10.0.4 - 11.0.0
Depends on vulnerable versions of ssri
node_modules/cacache
copy-webpack-plugin 4.3.0 - 5.0.4
Depends on vulnerable versions of cacache
Depends on vulnerable versions of serialize-javascript
node_modules/copy-webpack-plugin
@vue/cli-service <=5.0.0-beta.3
Depends on vulnerable versions of copy-webpack-plugin
Depends on vulnerable versions of globby
Depends on vulnerable versions of webpack-dev-server
node_modules/@vue/cli-service

tar <=4.4.17 || 5.0.0 - 5.0.9 || 6.0.0 - 6.1.8
Severity: high
Arbitrary File Creation/Overwrite due to insufficient absolute path sanitization - https://npmjs.com/advisories/1770
Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning - https://npmjs.com/advisories/1771
Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning using symbolic links - https://npmjs.com/advisories/1779
Arbitrary File Creation/Overwrite on Windows via insufficient relative path sanitization - https://npmjs.com/advisories/1781
fix available via npm audit fix --force
Will install node-sass@6.0.1, which is a breaking change
node_modules/tar
node-gyp <=3.8.0
Depends on vulnerable versions of tar
node_modules/node-gyp
node-sass 3.3.3 - 6.0.0
Depends on vulnerable versions of meow
Depends on vulnerable versions of node-gyp
node_modules/node-sass

trim-newlines <3.0.1 || =4.0.0
Severity: high
Regular Expression Denial of Service - https://npmjs.com/advisories/1753
fix available via npm audit fix --force
Will install node-sass@6.0.1, which is a breaking change
node_modules/trim-newlines
meow 3.4.0 - 5.0.0
Depends on vulnerable versions of trim-newlines
node_modules/meow
node-sass 3.3.3 - 6.0.0
Depends on vulnerable versions of meow
Depends on vulnerable versions of node-gyp
node_modules/node-sass

20 vulnerabilities (14 moderate, 6 high)

To address issues that do not require attention, run:
npm audit fix

To address all issues possible (including breaking changes), run:
npm audit fix --force

Some issues need review, and may require choosing
a different dependency

[sajadevo]

Hey there,

We've updated the product and updated the dependencies and dev-dependencies that needs update.

Cheers,
Sajad