BUG: It depends on vulnerable versions of exifreader, forcing the fix to version 2.0.1 breaks the lib.

[kabapy]

npm audit report

xmldom * Severity: moderate Misinterpretation of malicious XML input - https://github.com/advisories/GHSA-5fg8-2547-mr8q Misinterpretation of malicious XML input - https://github.com/advisories/GHSA-h6q6-9hqw-rwfv fix available via npm audit fix --force Will install browser-image-resizer@2.0.1, which is a breaking change node_modules/xmldom exifreader 2.7.0 - 3.16.0 Depends on vulnerable versions of xmldom node_modules/exifreader browser-image-resizer >=2.1.0 Depends on npm audit report

xmldom * Severity: moderate Misinterpretation of malicious XML input - https://github.com/advisories/GHSA-5fg8-2547-mr8q Misinterpretation of malicious XML input - https://github.com/advisories/GHSA-h6q6-9hqw-rwfv fix available via npm audit fix --force Will install browser-image-resizer@2.0.1, which is a breaking change node_modules/xmldom exifreader 2.7.0 - 3.16.0 Depends on vulnerable versions of xmldom node_modules/exifreader browser-image-resizer >=2.1.0 Depends on vulnerable versions of exifreader node_modules/browser-image-resizer

3 vulnerabilities (2 low, 1 moderate) node_modules/browser-image-resizer

3 vulnerabilities (2 low, 1 moderate)

here is a listing of all installed packages:

+-- @quasar/app-vite@1.0.6 +-- @quasar/extras@1.15.1 +-- @vueuse/core@9.1.0 +-- autoprefixer@10.4.8 +-- axios@0.21.4 +-- browser-image-resizer@2.2.1 +-- eslint-config-prettier@8.5.0 +-- eslint-plugin-vue@9.3.0 +-- eslint@8.21.0 +-- firebase@9.9.3 +-- pinia@2.0.0-rc.10 +-- prettier@2.7.1 +-- quasar@2.7.7 +-- vue-router@4.1.3 `-- vue@3.2.37

[ericnograles]

@kabapy published v2.3.0 to NPM, please give it a shot and lmk if you see any issues. Thanks!