search

DesignRevision / shards-vue

🌟Shards Vue is a free, beautiful and modern Vue.js UI kit based on Shards.
https://designrevision.com/docs/shards-vue/
MIT License
393 stars 40 forks source link

Update bootstrap and shards-ui packages to fix insecure version of bootstrap #33

Open sonisaurabh19 opened 3 years ago

sonisaurabh19 commented 3 years ago

Expected Behavior

npm audit should pass

Current Behavior

npm audit shows a vulnerability in 4.1.3:

npm audit report

bootstrap <3.4.1 || >=4.0.0 <4.3.1 Severity: moderate Cross-Site Scripting - https://npmjs.com/advisories/891 No fix available node_modules/shards-vue/node_modules/bootstrap shards-ui 2.0.0 - 2.1.2 Depends on vulnerable versions of bootstrap node_modules/shards-vue/node_modules/shards-ui shards-vue * Depends on vulnerable versions of shards-ui node_modules/shards-vue

Steps to Reproduce

  1. Install shards-vue
  2. Run npm audit

Context (Environment)

Possible Solution

Upgrade bootstrap to >= 4.3.1 Upgrade shards-ui >= 3.0.0

Possible Implementation