You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I used the dependencies upgrade for my Github repo using dependabot and also seen with npm install audits.
I allowed the dependencies to upgrade but foudn that the node-sass 6.0.1 is incompatible. What does it take to upgrade your vue project?
LOGS BELOW:
the dependabot found these upgrades:
Bump google-maps from 3.3.0 to 4.3.3 dependencies
Bump bootstrap from 4.3.1 to 5.1.1 dependencies
Bump sass-loader from 7.3.1 to 12.1.0 dependencies
Bump node-sass from 4.14.1 to 6.0.1 dependencies
Bump @vue/cli-plugin-babel from 3.12.1 to 4.5.13 dependencies
npm audit results in the following errors:
npm install
up to date, audited 1618 packages in 5s
90 packages are looking for funding
run npm fund for details
20 vulnerabilities (14 moderate, 6 high)
To address issues that do not require attention, run:
npm audit fix
To address all issues possible (including breaking changes), run:
npm audit fix --force
Some issues need review, and may require choosing
a different dependency.
Run npm audit for details.
chadrosenbohm@MacBook-Pro-16 psi_portal % npm audit
npm audit report
glob-parent <5.1.2
Severity: moderate
Regular expression denial of service - https://npmjs.com/advisories/1751
fix available via npm audit fix --force
Will install @vue/cli-service@4.5.13, which is a breaking change
node_modules/glob-parent
chokidar 1.0.0-rc1 - 2.1.8
Depends on vulnerable versions of glob-parent
node_modules/watchpack-chokidar2/node_modules/chokidar
node_modules/webpack-dev-server/node_modules/chokidar
watchpack-chokidar2 *
Depends on vulnerable versions of chokidar
node_modules/watchpack-chokidar2
watchpack 1.7.2 - 1.7.5
Depends on vulnerable versions of watchpack-chokidar2
node_modules/watchpack
webpack 4.44.0 - 4.46.0
Depends on vulnerable versions of watchpack
node_modules/webpack
webpack-dev-server 2.0.0-beta - 3.11.2
Depends on vulnerable versions of chokidar
node_modules/webpack-dev-server
@vue/cli-service <=5.0.0-beta.3
Depends on vulnerable versions of copy-webpack-plugin
Depends on vulnerable versions of globby
Depends on vulnerable versions of webpack-dev-server
node_modules/@vue/cli-service
fast-glob <=2.2.7
Depends on vulnerable versions of glob-parent
node_modules/fast-glob
globby 8.0.0 - 9.2.0
Depends on vulnerable versions of fast-glob
node_modules/globby
@vue/cli-plugin-eslint 3.1.2 - 5.0.0-alpha.1
Depends on vulnerable versions of globby
node_modules/@vue/cli-plugin-eslint
serialize-javascript <=3.0.0
Severity: high
Cross-Site Scripting - https://npmjs.com/advisories/1426
Remote Code Execution - https://npmjs.com/advisories/1548
fix available via npm audit fix --force
Will install @vue/cli-service@4.5.13, which is a breaking change
node_modules/serialize-javascript
copy-webpack-plugin 4.3.0 - 5.0.4
Depends on vulnerable versions of cacache
Depends on vulnerable versions of serialize-javascript
node_modules/copy-webpack-plugin
@vue/cli-service <=5.0.0-beta.3
Depends on vulnerable versions of copy-webpack-plugin
Depends on vulnerable versions of globby
Depends on vulnerable versions of webpack-dev-server
node_modules/@vue/cli-service
ssri 5.2.2 - 6.0.1 || 7.0.0 - 7.1.0 || 8.0.0
Severity: moderate
Regular Expression Denial of Service - https://npmjs.com/advisories/565
fix available via npm audit fix --force
Will install @vue/cli-service@4.5.13, which is a breaking change
node_modules/cacache/node_modules/ssri
cacache 10.0.4 - 11.0.0
Depends on vulnerable versions of ssri
node_modules/cacache
copy-webpack-plugin 4.3.0 - 5.0.4
Depends on vulnerable versions of cacache
Depends on vulnerable versions of serialize-javascript
node_modules/copy-webpack-plugin
@vue/cli-service <=5.0.0-beta.3
Depends on vulnerable versions of copy-webpack-plugin
Depends on vulnerable versions of globby
Depends on vulnerable versions of webpack-dev-server
node_modules/@vue/cli-service
tar <=4.4.17 || 5.0.0 - 5.0.9 || 6.0.0 - 6.1.8
Severity: high
Arbitrary File Creation/Overwrite due to insufficient absolute path sanitization - https://npmjs.com/advisories/1770
Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning - https://npmjs.com/advisories/1771
Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning using symbolic links - https://npmjs.com/advisories/1779
Arbitrary File Creation/Overwrite on Windows via insufficient relative path sanitization - https://npmjs.com/advisories/1781
fix available via npm audit fix --force
Will install node-sass@6.0.1, which is a breaking change
node_modules/tar
node-gyp <=3.8.0
Depends on vulnerable versions of tar
node_modules/node-gyp
node-sass 3.3.3 - 6.0.0
Depends on vulnerable versions of meow
Depends on vulnerable versions of node-gyp
node_modules/node-sass
trim-newlines <3.0.1 || =4.0.0
Severity: high
Regular Expression Denial of Service - https://npmjs.com/advisories/1753
fix available via npm audit fix --force
Will install node-sass@6.0.1, which is a breaking change
node_modules/trim-newlines
meow 3.4.0 - 5.0.0
Depends on vulnerable versions of trim-newlines
node_modules/meow
node-sass 3.3.3 - 6.0.0
Depends on vulnerable versions of meow
Depends on vulnerable versions of node-gyp
node_modules/node-sass
20 vulnerabilities (14 moderate, 6 high)
To address issues that do not require attention, run:
npm audit fix
To address all issues possible (including breaking changes), run:
npm audit fix --force
Some issues need review, and may require choosing
a different dependency
The text was updated successfully, but these errors were encountered:
I used the dependencies upgrade for my Github repo using dependabot and also seen with npm install audits.
I allowed the dependencies to upgrade but foudn that the node-sass 6.0.1 is incompatible. What does it take to upgrade your vue project?
LOGS BELOW:
the dependabot found these upgrades:
npm audit results in the following errors:
npm install
up to date, audited 1618 packages in 5s
90 packages are looking for funding
run
npm fund
for details20 vulnerabilities (14 moderate, 6 high)
To address issues that do not require attention, run:
npm audit fix
To address all issues possible (including breaking changes), run:
npm audit fix --force
Some issues need review, and may require choosing
a different dependency.
Run
npm audit
for details.chadrosenbohm@MacBook-Pro-16 psi_portal % npm audit
npm audit report
glob-parent <5.1.2
Severity: moderate
Regular expression denial of service - https://npmjs.com/advisories/1751
fix available via
npm audit fix --force
Will install @vue/cli-service@4.5.13, which is a breaking change
node_modules/glob-parent
chokidar 1.0.0-rc1 - 2.1.8
Depends on vulnerable versions of glob-parent
node_modules/watchpack-chokidar2/node_modules/chokidar
node_modules/webpack-dev-server/node_modules/chokidar
watchpack-chokidar2 *
Depends on vulnerable versions of chokidar
node_modules/watchpack-chokidar2
watchpack 1.7.2 - 1.7.5
Depends on vulnerable versions of watchpack-chokidar2
node_modules/watchpack
webpack 4.44.0 - 4.46.0
Depends on vulnerable versions of watchpack
node_modules/webpack
webpack-dev-server 2.0.0-beta - 3.11.2
Depends on vulnerable versions of chokidar
node_modules/webpack-dev-server
@vue/cli-service <=5.0.0-beta.3
Depends on vulnerable versions of copy-webpack-plugin
Depends on vulnerable versions of globby
Depends on vulnerable versions of webpack-dev-server
node_modules/@vue/cli-service
fast-glob <=2.2.7
Depends on vulnerable versions of glob-parent
node_modules/fast-glob
globby 8.0.0 - 9.2.0
Depends on vulnerable versions of fast-glob
node_modules/globby
@vue/cli-plugin-eslint 3.1.2 - 5.0.0-alpha.1
Depends on vulnerable versions of globby
node_modules/@vue/cli-plugin-eslint
quill *
Severity: moderate
Cross-Site Scripting - https://npmjs.com/advisories/1695
No fix available
node_modules/quill
serialize-javascript <=3.0.0
Severity: high
Cross-Site Scripting - https://npmjs.com/advisories/1426
Remote Code Execution - https://npmjs.com/advisories/1548
fix available via
npm audit fix --force
Will install @vue/cli-service@4.5.13, which is a breaking change
node_modules/serialize-javascript
copy-webpack-plugin 4.3.0 - 5.0.4
Depends on vulnerable versions of cacache
Depends on vulnerable versions of serialize-javascript
node_modules/copy-webpack-plugin
@vue/cli-service <=5.0.0-beta.3
Depends on vulnerable versions of copy-webpack-plugin
Depends on vulnerable versions of globby
Depends on vulnerable versions of webpack-dev-server
node_modules/@vue/cli-service
ssri 5.2.2 - 6.0.1 || 7.0.0 - 7.1.0 || 8.0.0
Severity: moderate
Regular Expression Denial of Service - https://npmjs.com/advisories/565
fix available via
npm audit fix --force
Will install @vue/cli-service@4.5.13, which is a breaking change
node_modules/cacache/node_modules/ssri
cacache 10.0.4 - 11.0.0
Depends on vulnerable versions of ssri
node_modules/cacache
copy-webpack-plugin 4.3.0 - 5.0.4
Depends on vulnerable versions of cacache
Depends on vulnerable versions of serialize-javascript
node_modules/copy-webpack-plugin
@vue/cli-service <=5.0.0-beta.3
Depends on vulnerable versions of copy-webpack-plugin
Depends on vulnerable versions of globby
Depends on vulnerable versions of webpack-dev-server
node_modules/@vue/cli-service
tar <=4.4.17 || 5.0.0 - 5.0.9 || 6.0.0 - 6.1.8
Severity: high
Arbitrary File Creation/Overwrite due to insufficient absolute path sanitization - https://npmjs.com/advisories/1770
Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning - https://npmjs.com/advisories/1771
Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning using symbolic links - https://npmjs.com/advisories/1779
Arbitrary File Creation/Overwrite on Windows via insufficient relative path sanitization - https://npmjs.com/advisories/1781
fix available via
npm audit fix --force
Will install node-sass@6.0.1, which is a breaking change
node_modules/tar
node-gyp <=3.8.0
Depends on vulnerable versions of tar
node_modules/node-gyp
node-sass 3.3.3 - 6.0.0
Depends on vulnerable versions of meow
Depends on vulnerable versions of node-gyp
node_modules/node-sass
trim-newlines <3.0.1 || =4.0.0
Severity: high
Regular Expression Denial of Service - https://npmjs.com/advisories/1753
fix available via
npm audit fix --force
Will install node-sass@6.0.1, which is a breaking change
node_modules/trim-newlines
meow 3.4.0 - 5.0.0
Depends on vulnerable versions of trim-newlines
node_modules/meow
node-sass 3.3.3 - 6.0.0
Depends on vulnerable versions of meow
Depends on vulnerable versions of node-gyp
node_modules/node-sass
20 vulnerabilities (14 moderate, 6 high)
To address issues that do not require attention, run:
npm audit fix
To address all issues possible (including breaking changes), run:
npm audit fix --force
Some issues need review, and may require choosing
a different dependency
The text was updated successfully, but these errors were encountered: