I am using "vite-plugin-svgicon" on a project, and after running "npm audit" it has come to my attention that "vite-plugin-svgicon" depends on "svgicon-gen" which in turn depends on a Vulnerable version of "svgo".
I think that a fix would be to update "svgicon-gen" to use v2.3.1 or later of "svgo".
The entire Vulnerability-tree is a follows:
nth-check <2.0.1
Severity: moderate
Inefficient Regular Expression Complexity in nth-check - https://github.com/advisories/GHSA-rp65-9cf3-cjxr
No fix available
node_modules/nth-check
css-select <=3.1.0
Depends on vulnerable versions of nth-check
node_modules/css-select
svgo 1.0.0 - 1.3.2
Depends on vulnerable versions of css-select
node_modules/svgo
@yzfe/svgicon-gen *
Depends on vulnerable versions of svgo
node_modules/@yzfe/svgicon-gen
vite-plugin-svgicon *
Depends on vulnerable versions of @yzfe/svgicon-gen
node_modules/vite-plugin-svgicon
I am using "vite-plugin-svgicon" on a project, and after running "npm audit" it has come to my attention that "vite-plugin-svgicon" depends on "svgicon-gen" which in turn depends on a Vulnerable version of "svgo".
I think that a fix would be to update "svgicon-gen" to use v2.3.1 or later of "svgo".
The entire Vulnerability-tree is a follows: nth-check <2.0.1 Severity: moderate Inefficient Regular Expression Complexity in nth-check - https://github.com/advisories/GHSA-rp65-9cf3-cjxr No fix available