When installing a fresh @nx-plus/vue dependencie npm audit reveals 7 high severity vulnerabilities (error output in Steps to Reproduce)
Further report from npm audit:
$ npm audit
```npm
npm WARN config global `--global`, `--local` are deprecated. Use `--location=global` instead.
# npm audit report
glob-parent <5.1.2
Severity: high
Regular expression denial of service in glob-parent - https://github.com/advisories/GHSA-ww39-953v-wcq6
fix available via `npm audit fix --force`
Will install @nx-plus/vue@0.4.1, which is a breaking change
node_modules/@nx-plus/vue/node_modules/glob-parent
node_modules/watchpack-chokidar2/node_modules/glob-parent
chokidar 1.0.0-rc1 - 2.1.8
Depends on vulnerable versions of glob-parent
node_modules/watchpack-chokidar2/node_modules/chokidar
watchpack-chokidar2 *
Depends on vulnerable versions of chokidar
node_modules/watchpack-chokidar2
watchpack 1.7.2 - 1.7.5
Depends on vulnerable versions of watchpack-chokidar2
node_modules/@nx-plus/vue/node_modules/watchpack
webpack 4.44.0 - 4.46.0
Depends on vulnerable versions of watchpack
node_modules/@nx-plus/vue/node_modules/webpack
copy-webpack-plugin 5.0.1 - 5.1.2
Depends on vulnerable versions of glob-parent
node_modules/@nx-plus/vue/node_modules/copy-webpack-plugin
@nx-plus/vue >=0.5.0
Depends on vulnerable versions of copy-webpack-plugin
node_modules/@nx-plus/vue
7 high severity vulnerabilities
To address issues that do not require attention, run:
npm audit fix
To address all issues (including breaking changes), run:
npm audit fix --force
```
Steps to Reproduce
Run the following command and you should get this output
$ npm install @nx-plus/vue --save-dev
```npm
npm WARN config global `--global`, `--local` are deprecated. Use `--location=global` instead.
npm WARN deprecated source-map-url@0.4.1: See https://github.com/lydell/source-map-url#deprecated
npm WARN deprecated @hapi/topo@3.1.6: This version has been deprecated and is no longer supported or maintained
npm WARN deprecated @hapi/bourne@1.3.2: This version has been deprecated and is no longer supported
or maintained
npm WARN deprecated urix@0.1.0: Please see https://github.com/lydell/urix#deprecated
npm WARN deprecated har-validator@5.1.5: this library is no longer supported
npm WARN deprecated source-map-resolve@0.5.3: See https://github.com/lydell/source-map-resolve#deprecated
npm WARN deprecated chokidar@2.1.8: Chokidar 2 does not receive security updates since 2019. Upgrade to chokidar 3 with 15x fewer dependencies
npm WARN deprecated resolve-url@0.2.1: https://github.com/lydell/resolve-url#deprecated
npm WARN deprecated @hapi/address@2.1.4: Moved to 'npm install @sideway/address'
npm WARN deprecated querystring@0.2.0: The querystring API is considered Legacy. new code should use the URLSearchParams API instead.
npm WARN deprecated uuid@3.4.0: Please upgrade to version 7 or higher. Older versions may use Math.random() in certain circumstances, which is known to be problematic. See https://v8.dev/blog/math-random for details.
npm WARN deprecated uuid@3.4.0: Please upgrade to version 7 or higher. Older versions may use Math.random() in certain circumstances, which is known to be problematic. See https://v8.dev/blog/math-random for details.
npm WARN deprecated request@2.88.2: request has been deprecated, see https://github.com/request/request/issues/3142
npm WARN deprecated @hapi/hoek@8.5.1: This version has been deprecated and is no longer supported or maintained
npm WARN deprecated @hapi/joi@15.1.1: Switch to 'npm install joi'
added 1349 packages, and audited 1350 packages in 3m
88 packages are looking for funding
run `npm fund` for details
7 high severity vulnerabilities
To address all issues, run:
npm audit fix
Run `npm audit` for details.
```
This issue may not be prioritized if details are not provided to help us reproduce the issue.
Failure Logs
Environment
Plugin name and version: "@nx-plus/vue": "^14.1.0"
$ nx report
```npm
npm WARN config global `--global`, `--local` are deprecated. Use `--location=global` instead.
> NX Report complete - copy this into the issue template
Node : 16.15.1
OS : win32 x64
npm : 8.12.1
nx : 14.4.0
@nrwl/angular : Not Found
@nrwl/cypress : 14.4.0
@nrwl/detox : Not Found
@nrwl/devkit : 14.4.0
@nrwl/eslint-plugin-nx : 14.4.0
@nrwl/express : 14.4.0
@nrwl/jest : 14.4.0
@nrwl/js : 14.4.0
@nrwl/linter : 14.4.0
@nrwl/nest : 14.4.0
@nrwl/next : Not Found
@nrwl/node : 14.4.0
@nrwl/nx-cloud : Not Found
@nrwl/nx-plugin : Not Found
@nrwl/react : Not Found
@nrwl/react-native : Not Found
@nrwl/schematics : Not Found
@nrwl/storybook : Not Found
@nrwl/web : Not Found
@nrwl/workspace : 14.4.0
typescript : 4.7.4
---------------------------------------
Community plugins:
@nx-plus/vue: 14.1.0
```
Current Behavior
When installing a fresh @nx-plus/vue dependencie npm audit reveals 7 high severity vulnerabilities (error output in
Steps to Reproduce)Further report from npm audit:
$ npm audit
```npm npm WARN config global `--global`, `--local` are deprecated. Use `--location=global` instead. # npm audit report glob-parent <5.1.2 Severity: high Regular expression denial of service in glob-parent - https://github.com/advisories/GHSA-ww39-953v-wcq6 fix available via `npm audit fix --force` Will install @nx-plus/vue@0.4.1, which is a breaking change node_modules/@nx-plus/vue/node_modules/glob-parent node_modules/watchpack-chokidar2/node_modules/glob-parent chokidar 1.0.0-rc1 - 2.1.8 Depends on vulnerable versions of glob-parent node_modules/watchpack-chokidar2/node_modules/chokidar watchpack-chokidar2 * Depends on vulnerable versions of chokidar node_modules/watchpack-chokidar2 watchpack 1.7.2 - 1.7.5 Depends on vulnerable versions of watchpack-chokidar2 node_modules/@nx-plus/vue/node_modules/watchpack webpack 4.44.0 - 4.46.0 Depends on vulnerable versions of watchpack node_modules/@nx-plus/vue/node_modules/webpack copy-webpack-plugin 5.0.1 - 5.1.2 Depends on vulnerable versions of glob-parent node_modules/@nx-plus/vue/node_modules/copy-webpack-plugin @nx-plus/vue >=0.5.0 Depends on vulnerable versions of copy-webpack-plugin node_modules/@nx-plus/vue 7 high severity vulnerabilities To address issues that do not require attention, run: npm audit fix To address all issues (including breaking changes), run: npm audit fix --force ```Steps to Reproduce
Run the following command and you should get this output
$ npm install @nx-plus/vue --save-dev
```npm npm WARN config global `--global`, `--local` are deprecated. Use `--location=global` instead. npm WARN deprecated source-map-url@0.4.1: See https://github.com/lydell/source-map-url#deprecated npm WARN deprecated @hapi/topo@3.1.6: This version has been deprecated and is no longer supported or maintained npm WARN deprecated @hapi/bourne@1.3.2: This version has been deprecated and is no longer supported or maintained npm WARN deprecated urix@0.1.0: Please see https://github.com/lydell/urix#deprecated npm WARN deprecated har-validator@5.1.5: this library is no longer supported npm WARN deprecated source-map-resolve@0.5.3: See https://github.com/lydell/source-map-resolve#deprecated npm WARN deprecated chokidar@2.1.8: Chokidar 2 does not receive security updates since 2019. Upgrade to chokidar 3 with 15x fewer dependencies npm WARN deprecated resolve-url@0.2.1: https://github.com/lydell/resolve-url#deprecated npm WARN deprecated @hapi/address@2.1.4: Moved to 'npm install @sideway/address' npm WARN deprecated querystring@0.2.0: The querystring API is considered Legacy. new code should use the URLSearchParams API instead. npm WARN deprecated uuid@3.4.0: Please upgrade to version 7 or higher. Older versions may use Math.random() in certain circumstances, which is known to be problematic. See https://v8.dev/blog/math-random for details. npm WARN deprecated uuid@3.4.0: Please upgrade to version 7 or higher. Older versions may use Math.random() in certain circumstances, which is known to be problematic. See https://v8.dev/blog/math-random for details. npm WARN deprecated request@2.88.2: request has been deprecated, see https://github.com/request/request/issues/3142 npm WARN deprecated @hapi/hoek@8.5.1: This version has been deprecated and is no longer supported or maintained npm WARN deprecated @hapi/joi@15.1.1: Switch to 'npm install joi' added 1349 packages, and audited 1350 packages in 3m 88 packages are looking for funding run `npm fund` for details 7 high severity vulnerabilities To address all issues, run: npm audit fix Run `npm audit` for details. ```This issue may not be prioritized if details are not provided to help us reproduce the issue.
Failure Logs
Environment
Plugin name and version: "@nx-plus/vue": "^14.1.0"
$ nx report
```npm npm WARN config global `--global`, `--local` are deprecated. Use `--location=global` instead. > NX Report complete - copy this into the issue template Node : 16.15.1 OS : win32 x64 npm : 8.12.1 nx : 14.4.0 @nrwl/angular : Not Found @nrwl/cypress : 14.4.0 @nrwl/detox : Not Found @nrwl/devkit : 14.4.0 @nrwl/eslint-plugin-nx : 14.4.0 @nrwl/express : 14.4.0 @nrwl/jest : 14.4.0 @nrwl/js : 14.4.0 @nrwl/linter : 14.4.0 @nrwl/nest : 14.4.0 @nrwl/next : Not Found @nrwl/node : 14.4.0 @nrwl/nx-cloud : Not Found @nrwl/nx-plugin : Not Found @nrwl/react : Not Found @nrwl/react-native : Not Found @nrwl/schematics : Not Found @nrwl/storybook : Not Found @nrwl/web : Not Found @nrwl/workspace : 14.4.0 typescript : 4.7.4 --------------------------------------- Community plugins: @nx-plus/vue: 14.1.0 ```