guardrails[bot]
commented
1 year ago :warning: We detected 14 security issues in this pull request:
Vulnerable Libraries (14)
Severity | Details ----- | -------- Medium | [browserslist@4.16.3](https://github.com/koromerzhin/template-vuejs/blob/1f18a02587cb9d7e1ba0a6fb1ed1712cc63420fe/package-lock.json) (t) upgrade to: *>4.16.4* High | [dns-packet@1.3.1](https://github.com/koromerzhin/template-vuejs/blob/1f18a02587cb9d7e1ba0a6fb1ed1712cc63420fe/package-lock.json) (t) upgrade to: *>=1.3.2* Critical | [eventsource@1.0.7](https://github.com/koromerzhin/template-vuejs/blob/1f18a02587cb9d7e1ba0a6fb1ed1712cc63420fe/package-lock.json) (t) upgrade to: *>=1.1.1* High | [follow-redirects@1.13.3](https://github.com/koromerzhin/template-vuejs/blob/1f18a02587cb9d7e1ba0a6fb1ed1712cc63420fe/package-lock.json) (t) upgrade to: *>1.14.7* Critical | [html-webpack-plugin@3.2.0](https://github.com/koromerzhin/template-vuejs/blob/1f18a02587cb9d7e1ba0a6fb1ed1712cc63420fe/package-lock.json) (t) upgrade to: *>3.2.0* Medium | [postcss@7.0.35](https://github.com/koromerzhin/template-vuejs/blob/1f18a02587cb9d7e1ba0a6fb1ed1712cc63420fe/package-lock.json) (t) upgrade to: *>7.0.35* High | [postcss-svgo@4.0.2](https://github.com/koromerzhin/template-vuejs/blob/1f18a02587cb9d7e1ba0a6fb1ed1712cc63420fe/package-lock.json) (t) upgrade to: *>5.0.0-rc.2* High | [renderkid@2.0.5](https://github.com/koromerzhin/template-vuejs/blob/1f18a02587cb9d7e1ba0a6fb1ed1712cc63420fe/package-lock.json) (t) upgrade to: *>2.0.5* Critical | [shell-quote@1.7.2](https://github.com/koromerzhin/template-vuejs/blob/1f18a02587cb9d7e1ba0a6fb1ed1712cc63420fe/package-lock.json) (t) upgrade to: *>1.7.2* High | [terser@4.8.0](https://github.com/koromerzhin/template-vuejs/blob/1f18a02587cb9d7e1ba0a6fb1ed1712cc63420fe/package-lock.json) (t) upgrade to: *>=4.8.1* Critical | [url-parse@1.5.1](https://github.com/koromerzhin/template-vuejs/blob/1f18a02587cb9d7e1ba0a6fb1ed1712cc63420fe/package-lock.json) (t) upgrade to: *>1.5.8* High | [webpack@4.46.0](https://github.com/koromerzhin/template-vuejs/blob/1f18a02587cb9d7e1ba0a6fb1ed1712cc63420fe/package-lock.json) (t) upgrade to: *>4.46.0* High | [webpack-dev-server@3.11.2](https://github.com/koromerzhin/template-vuejs/blob/1f18a02587cb9d7e1ba0a6fb1ed1712cc63420fe/package-lock.json) (t) upgrade to: *>4.7.2* Medium | [ws@6.2.1](https://github.com/koromerzhin/template-vuejs/blob/1f18a02587cb9d7e1ba0a6fb1ed1712cc63420fe/package-lock.json) (t) upgrade to: *>6.2.1* More info on how to fix Vulnerable Libraries in [JavaScript](https://docs.guardrails.io/docs/en/vulnerabilities/javascript/using_vulnerable_libraries.html?utm_source=ghpr#).
π Go to the dashboard for detailed results.
π₯ Happy? Share your feedback with us.
This PR contains the following updates:
3.0.4->3.0.5GitHub Vulnerability Alerts
CVE-2022-3517
A vulnerability was found in the minimatch package. This flaw allows a Regular Expression Denial of Service (ReDoS) when calling the braceExpand function with specific arguments, resulting in a Denial of Service.
Configuration
π Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
π¦ Automerge: Disabled by config. Please merge this manually once you are satisfied.
β» Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
π Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Mend Renovate. View repository job log here.