search

multiplegeorges / vue-cli-plugin-s3-deploy

A vue-cli plugin that uploads your built Vue.js project to an S3 bucket
MIT License
331 stars 51 forks source link

Update npm package #123

Open Roriz opened 4 years ago

Roriz commented 4 years ago

Hi, I have been trying to use rc4, but the version publisher on npm is outdated:

image

You can see on download of: https://registry.npmjs.org/vue-cli-plugin-s3-deploy/-/vue-cli-plugin-s3-deploy-4.0.0-rc4.tgz

nicekiwi commented 4 years ago

Not ideal, but it shouldn't impact functionality too much.

iambumblehead commented 1 year ago

rc3 and rc4 versions of this package have npm audit warnings. Would be nice if this package re-released with dependency updates,

$ npm audit
# npm audit report

glob-parent  <5.1.2
Severity: high
glob-parent before 5.1.2 vulnerable to Regular Expression Denial of Service in enclosure regex - https://github.com/advisories/GHSA-ww39-953v-wcq6
fix available via `npm audit fix --force`
Will install vue-cli-plugin-s3-deploy@2.1.1, which is a breaking change
node_modules/vue-cli-plugin-s3-deploy/node_modules/glob-parent
  fast-glob  <=2.2.7
  Depends on vulnerable versions of glob-parent
  node_modules/vue-cli-plugin-s3-deploy/node_modules/fast-glob
    globby  8.0.0 - 9.2.0
    Depends on vulnerable versions of fast-glob
    node_modules/vue-cli-plugin-s3-deploy/node_modules/globby
      vue-cli-plugin-s3-deploy  >=3.0.0
      Depends on vulnerable versions of globby
      node_modules/vue-cli-plugin-s3-deploy

4 high severity vulnerabilities

To address all issues (including breaking changes), run:
  npm audit fix --force