search

vuejs / vuepress

📝 Minimalistic Vue-powered static site generator
https://vuepress.vuejs.org
MIT License
22.43k stars 4.79k forks source link

GitHub Dependabot alerts: ssri, is-svg, node-fetch #2826

Open flect-hiromasa-obayashi opened 3 years ago

flect-hiromasa-obayashi commented 3 years ago

Feature request

VuePress version

  1. 1.8.2

What problem does this feature solve?

  1. please support GitHub dependabot alerts
  2. The following is a warning from github
ssl

Remediation Upgrade ssri to version 8.0.1 or later. For example:

ssri@^8.0.1:
  version "8.0.1"

Detail CVE-2021-27290

is-svg

Remediation Upgrade is-svg to version 4.2.2 or later. For example:

is-svg@^4.2.2:
  version "4.2.2"

Detail CVE-2021-28092

node-fetch

Remediation Upgrade node-fetch to version 2.6.1 or later. For example:

node-fetch@^2.6.1:
  version "2.6.1"

Detail GHSA-w7rc-rwvf-8q5r

lowlydba commented 3 years ago

This list of dependabot alerts continues to grow...can we get some ack on this issue? Or should we be planning to just move to the next major release?