You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
when i run `vue info` in my project folder it does not return anything. (it is a vue component library)
Steps to reproduce
run npm audit
What is expected?
Should not produce any high vulnerability errors
What is actually happening?
npm audit reports high security vulnerability in the package serialize-javascript
A single package serialize-javascript is a dependency in @vue/cli-service, @vuepress/core. The version of serialize-javascript that has been used has a high level security vulnerability (as below) - please can you update the dependency to v4.0.0 across the packages?
High Remote Code Execution
Package serialize-javascript
Patched in >=3.1.0
Dependency of @vue/cli-service [dev]
Path @vue/cli-service > copy-webpack-plugin >
serialize-javascript
More info https://npmjs.com/advisories/1548
High Remote Code Execution
Package serialize-javascript
Patched in >=3.1.0
Dependency of vuepress [dev]
Path vuepress > @vuepress/core > copy-webpack-plugin >
serialize-javascript
More info https://npmjs.com/advisories/1548
High Remote Code Execution
Package serialize-javascript
Patched in >=3.1.0
Dependency of vuepress [dev]
Path vuepress > @vuepress/core > vue-server-renderer >
serialize-javascript
More info https://npmjs.com/advisories/1548
Many thanks
The text was updated successfully, but these errors were encountered:
Version
4.5.3
Environment info
Steps to reproduce
run
npm audit
What is expected?
Should not produce any high vulnerability errors
What is actually happening?
npm audit reports high security vulnerability in the package serialize-javascript
A single package serialize-javascript is a dependency in @vue/cli-service, @vuepress/core. The version of serialize-javascript that has been used has a high level security vulnerability (as below) - please can you update the dependency to v4.0.0 across the packages?
Many thanks
The text was updated successfully, but these errors were encountered: