Open Roriz opened 4 years ago
Not ideal, but it shouldn't impact functionality too much.
rc3 and rc4 versions of this package have npm audit warnings. Would be nice if this package re-released with dependency updates,
$ npm audit
# npm audit report
glob-parent <5.1.2
Severity: high
glob-parent before 5.1.2 vulnerable to Regular Expression Denial of Service in enclosure regex - https://github.com/advisories/GHSA-ww39-953v-wcq6
fix available via `npm audit fix --force`
Will install vue-cli-plugin-s3-deploy@2.1.1, which is a breaking change
node_modules/vue-cli-plugin-s3-deploy/node_modules/glob-parent
fast-glob <=2.2.7
Depends on vulnerable versions of glob-parent
node_modules/vue-cli-plugin-s3-deploy/node_modules/fast-glob
globby 8.0.0 - 9.2.0
Depends on vulnerable versions of fast-glob
node_modules/vue-cli-plugin-s3-deploy/node_modules/globby
vue-cli-plugin-s3-deploy >=3.0.0
Depends on vulnerable versions of globby
node_modules/vue-cli-plugin-s3-deploy
4 high severity vulnerabilities
To address all issues (including breaking changes), run:
npm audit fix --force
Hi, I have been trying to use rc4, but the version publisher on npm is outdated:
You can see on download of: https://registry.npmjs.org/vue-cli-plugin-s3-deploy/-/vue-cli-plugin-s3-deploy-4.0.0-rc4.tgz