Update npm package #123
Comments
|
Not ideal, but it shouldn't impact functionality too much. |
|
rc3 and rc4 versions of this package have npm audit warnings. Would be nice if this package re-released with dependency updates, $ npm audit
# npm audit report
glob-parent <5.1.2
Severity: high
glob-parent before 5.1.2 vulnerable to Regular Expression Denial of Service in enclosure regex - https://github.com/advisories/GHSA-ww39-953v-wcq6
fix available via `npm audit fix --force`
Will install [email protected], which is a breaking change
node_modules/vue-cli-plugin-s3-deploy/node_modules/glob-parent
fast-glob <=2.2.7
Depends on vulnerable versions of glob-parent
node_modules/vue-cli-plugin-s3-deploy/node_modules/fast-glob
globby 8.0.0 - 9.2.0
Depends on vulnerable versions of fast-glob
node_modules/vue-cli-plugin-s3-deploy/node_modules/globby
vue-cli-plugin-s3-deploy >=3.0.0
Depends on vulnerable versions of globby
node_modules/vue-cli-plugin-s3-deploy
4 high severity vulnerabilities
To address all issues (including breaking changes), run:
npm audit fix --force |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hi,
I have been trying to use rc4, but the version publisher on npm is outdated:
You can see on download of: https://registry.npmjs.org/vue-cli-plugin-s3-deploy/-/vue-cli-plugin-s3-deploy-4.0.0-rc4.tgz
The text was updated successfully, but these errors were encountered: