search

Baroshem / nuxt-security

🛡 Automatically configure your app to follow OWASP security patterns and principles by using HTTP Headers and Middleware
https://nuxt-security.vercel.app/
MIT License
810 stars 56 forks source link

Indirect Dependency on Deprecated sourcemap-codec@1.4.8 in nuxt-security #342

Closed nicokempe closed 8 months ago

nicokempe commented 8 months ago

Hello,

I've identified an issue in the nuxt-security package (version 1.0.0) related to its dependencies, specifically concerning an indirect dependency on a deprecated package.

Environment

Issue Description

nuxt-security indirectly depends on the deprecated package sourcemap-codec@1.4.8. This was uncovered using pnpm why sourcemap-codec, which traces the dependency through nuxt-security -> unplugin-remove -> magic-string -> sourcemap-codec.

The use of deprecated dependencies could potentially lead to compatibility or security issues in the future, which is a significant concern for the reliability and security of our project.

Expected Behavior

Dependencies within nuxt-security should be up-to-date to ensure compatibility and security.

Steps to Reproduce

  1. Use nuxt-security version 1.0.0 in a Nuxt 3 project.
  2. Run pnpm why sourcemap-codec to observe the dependency chain.

Could you please provide information on whether there is a plan to address this issue in a future update of nuxt-security?

Thank you for your assistance and the work you do maintaining this package. ❤️

Baroshem commented 8 months ago

Hey Buddy,

Thanks for doing a research about the packages.

I will take a look at it in the upcoming days :)

Baroshem commented 8 months ago

I have created an upstream issue in the unplugin-remove package as it should be fixed there.

I will provide the package author all the help needed to resolve it.

Will keep you posted :)

nicokempe commented 8 months ago

Thank you very much!