search

aklinker1 / vite-plugin-web-extension

Vite plugin for developing Chrome/Web Extensions
https://vite-plugin-web-extension.aklinker1.io/
MIT License
653 stars 57 forks source link

Fix NPM audit #152

Closed aklinker1 closed 1 year ago

aklinker1 commented 1 year ago

Could you update the dependencies so that npm audit successfully passes? Current output of npm audit:

# npm audit report

postcss  <8.4.31
Severity: moderate
PostCSS line return parsing error - https://github.com/advisories/GHSA-7fh5-64p2-3v2j
No fix available
node_modules/addons-linter/node_modules/postcss
  addons-linter  <=6.14.0
  Depends on vulnerable versions of postcss
  node_modules/addons-linter
    web-ext  >=1.0.0
    Depends on vulnerable versions of addons-linter
    Depends on vulnerable versions of sign-addon
    node_modules/web-ext
      vite-plugin-web-extension  *
      Depends on vulnerable versions of web-ext
      node_modules/vite-plugin-web-extension

request  *
Severity: moderate
Server-Side Request Forgery in Request - https://github.com/advisories/GHSA-p8p7-x288-28g6
Depends on vulnerable versions of tough-cookie
No fix available
node_modules/request
  sign-addon  *
  Depends on vulnerable versions of request
  node_modules/sign-addon

tough-cookie  <4.1.3
Severity: moderate
tough-cookie Prototype Pollution vulnerability - https://github.com/advisories/GHSA-72xf-g2v4-qvf3
No fix available
node_modules/tough-cookie

7 moderate severity vulnerabilities

Some issues need review, and may require choosing
a different dependency.

Originally posted by @danielptv in https://github.com/aklinker1/vite-plugin-web-extension/issues/149#issuecomment-1824841779

aklinker1 commented 1 year ago

I've enabled dependabot and will be fixing all the issues mentioned there. That should cover the NPM audit as well.

aklinker1 commented 1 year ago

Version upgrades released in v4.0.0