search

xiCO2k / laravel-vue-i18n

Allows to connect your `Laravel` Framework translation files with `Vue`.
MIT License
598 stars 49 forks source link

[2.x] Vulnerabilities founded #51

Closed andrey-helldar closed 2 years ago

andrey-helldar commented 2 years ago 
# npm audit report

file-type  <16.5.4
Severity: moderate
file-type vulnerable to Infinite Loop via malformed MKV file - https://github.com/advisories/GHSA-mhxj-85r3-2x55
fix available via `npm audit fix --force`
Will install laravel-vue-i18n@1.4.3, which is a breaking change
node_modules/file-type
  imagemin  5.2.0 - 8.0.0
  Depends on vulnerable versions of file-type
  node_modules/imagemin
    laravel-mix  >=4.0.11
    Depends on vulnerable versions of imagemin
    node_modules/laravel-mix
      laravel-vue-i18n  >=1.4.4
      Depends on vulnerable versions of laravel-mix
npm WARN using --force Recommended protections disabled.
npm WARN audit Updating laravel-vue-i18n to 1.4.3,which is a SemVer major change.

After executing the npm audit fix --force command in the package.json file, the version of the laravel-vue-i18n dependency has changed to ^1.4.3