search

underfin / vite-plugin-vue2

Vue2 plugin for Vite
621 stars 84 forks source link

High vulnerability on dependency @vue/component-compiler-utils #165

Open dvago opened 2 years ago

dvago commented 2 years ago

Hi there,

First of all thank you for creating this package.

I'm currently trying to migrate a big vue-cli build into the vite ecosystem, when running the dependency installation I get an "high vulnerability" to resolve so when running npm audit fix this message appears:

No fix available
node_modules/@vue/component-compiler-utils/node_modules/postcss
  @vue/component-compiler-utils  *
  Depends on vulnerable versions of postcss
  node_modules/@vue/component-compiler-utils
    vite-plugin-vue2  *
    Depends on vulnerable versions of @vue/component-compiler-utils
    node_modules/vite-plugin-vue2

My current package.json contains the following packages, along with a bunch of others which shouldn't be related to the issue:

"vite-plugin-vue2": "^1.9.2",
"vite": "^2.7.12",
"vite-plugin-dynamic-import": "^0.1.1",
"vue-template-compiler": "^2.6.14",

Looking forward to hearing from you

underfin commented 2 years ago

Can you open a issue at @vue/component-compiler-utils?