guardrails[bot]
commented
2 years ago :warning: We detected 14 security issues in this pull request:
Vulnerable Libraries (14)
Severity | Details ----- | -------- Medium | [browserslist@4.16.3](https://github.com/koromerzhin/template-vuejs/blob/892774184e68a0fc0f50b40b411fc0a8d5221c12/package-lock.json) (t) upgrade to: *>4.16.4* High | [dns-packet@1.3.1](https://github.com/koromerzhin/template-vuejs/blob/892774184e68a0fc0f50b40b411fc0a8d5221c12/package-lock.json) (t) upgrade to: *>=1.3.2* High | [follow-redirects@1.13.3](https://github.com/koromerzhin/template-vuejs/blob/892774184e68a0fc0f50b40b411fc0a8d5221c12/package-lock.json) (t) upgrade to: *>1.14.7* Medium | [postcss@7.0.35](https://github.com/koromerzhin/template-vuejs/blob/892774184e68a0fc0f50b40b411fc0a8d5221c12/package-lock.json) (t) upgrade to: *>7.0.35* High | [postcss-svgo@4.0.2](https://github.com/koromerzhin/template-vuejs/blob/892774184e68a0fc0f50b40b411fc0a8d5221c12/package-lock.json) (t) upgrade to: *>5.0.0-rc.2* Critical | [url-parse@1.5.1](https://github.com/koromerzhin/template-vuejs/blob/892774184e68a0fc0f50b40b411fc0a8d5221c12/package-lock.json) (t) upgrade to: *>1.5.8* High | [webpack@4.46.0](https://github.com/koromerzhin/template-vuejs/blob/892774184e68a0fc0f50b40b411fc0a8d5221c12/package-lock.json) (t) upgrade to: *>4.46.0* High | [webpack-dev-server@3.11.2](https://github.com/koromerzhin/template-vuejs/blob/892774184e68a0fc0f50b40b411fc0a8d5221c12/package-lock.json) (t) upgrade to: *>4.7.2* Medium | [ws@6.2.1](https://github.com/koromerzhin/template-vuejs/blob/892774184e68a0fc0f50b40b411fc0a8d5221c12/package-lock.json) (t) upgrade to: *>6.2.1* Critical | [eventsource@1.0.7](https://github.com/koromerzhin/template-vuejs/blob/892774184e68a0fc0f50b40b411fc0a8d5221c12/package-lock.json) (t) upgrade to: *>=1.1.1* Critical | [html-webpack-plugin@3.2.0](https://github.com/koromerzhin/template-vuejs/blob/892774184e68a0fc0f50b40b411fc0a8d5221c12/package-lock.json) (t) upgrade to: *>3.2.0* High | [renderkid@2.0.5](https://github.com/koromerzhin/template-vuejs/blob/892774184e68a0fc0f50b40b411fc0a8d5221c12/package-lock.json) (t) upgrade to: *>2.0.5* Critical | [shell-quote@1.7.2](https://github.com/koromerzhin/template-vuejs/blob/892774184e68a0fc0f50b40b411fc0a8d5221c12/package-lock.json) (t) upgrade to: *>1.7.2* High | [terser@4.8.0](https://github.com/koromerzhin/template-vuejs/blob/892774184e68a0fc0f50b40b411fc0a8d5221c12/package-lock.json) (t) upgrade to: *>=4.8.1* More info on how to fix Vulnerable Libraries in [JavaScript](https://docs.guardrails.io/docs/en/vulnerabilities/javascript/using_vulnerable_libraries.html?utm_source=ghpr#).
π Go to the dashboard for detailed results.
π₯ Happy? Share your feedback with us.
This PR contains the following updates:
1.0.6->1.0.7GitHub Vulnerability Alerts
CVE-2021-23343
Affected versions of npm package
path-parseare vulnerable to Regular Expression Denial of Service (ReDoS) via splitDeviceRe, splitTailRe, and splitPathRe regular expressions. ReDoS exhibits polynomial worst-case time complexity.Configuration
π Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
π¦ Automerge: Disabled by config. Please merge this manually once you are satisfied.
β» Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
π Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Mend Renovate. View repository job log here.