Outdated / Depreciated VUE Metronic Packages
Can you please update packages configuration for VUE Metronic Version.
On "npm audit fix --force" breaks the build "npm run dev"
# npm audit report
ansi-regex >2.1.1 <5.0.1
Severity: moderate
Inefficient Regular Expression Complexity in chalk/ansi-regex - https://github.com/advisories/GHSA-93q8-gq69-wqmw
fix available via `npm audit fix --force`
Will install eslint@8.10.0, which is a breaking change
node_modules/@vue/cli-service/node_modules/yargs/node_modules/ansi-regex
node_modules/eslint/node_modules/ansi-regex
node_modules/ora/node_modules/ansi-regex
node_modules/table/node_modules/ansi-regex
strip-ansi 4.0.0 - 5.2.0
Depends on vulnerable versions of ansi-regex
node_modules/@vue/cli-service/node_modules/yargs/node_modules/strip-ansi
node_modules/eslint/node_modules/strip-ansi
node_modules/ora/node_modules/strip-ansi
node_modules/table/node_modules/strip-ansi
cliui 4.0.0 - 5.0.0
Depends on vulnerable versions of strip-ansi
Depends on vulnerable versions of wrap-ansi
node_modules/@vue/cli-service/node_modules/yargs/node_modules/cliui
yargs 10.1.0 - 15.0.0
Depends on vulnerable versions of cliui
Depends on vulnerable versions of string-width
node_modules/@vue/cli-service/node_modules/yargs
webpack-dev-server 2.0.0-beta - 4.7.2
Depends on vulnerable versions of chokidar
Depends on vulnerable versions of selfsigned
Depends on vulnerable versions of yargs
node_modules/@vue/cli-service/node_modules/webpack-dev-server
eslint 4.5.0 - 7.15.0
Depends on vulnerable versions of strip-ansi
Depends on vulnerable versions of table
node_modules/eslint
ora 2.0.0 - 4.0.2
Depends on vulnerable versions of strip-ansi
node_modules/ora
@vue/cli-shared-utils <=4.5.15
Depends on vulnerable versions of ora
node_modules/@vue/cli-shared-utils
@vue/cli-plugin-eslint <=5.0.0-rc.3
Depends on vulnerable versions of @vue/cli-shared-utils
Depends on vulnerable versions of globby
node_modules/@vue/cli-plugin-eslint
@vue/cli-plugin-router <=4.5.15
Depends on vulnerable versions of @vue/cli-shared-utils
node_modules/@vue/cli-plugin-router
@vue/cli-service <=5.0.0-rc.3
Depends on vulnerable versions of @vue/cli-plugin-router
Depends on vulnerable versions of @vue/cli-shared-utils
Depends on vulnerable versions of copy-webpack-plugin
Depends on vulnerable versions of cssnano
Depends on vulnerable versions of globby
node_modules/@vue/cli-service
@vue/cli-plugin-typescript <=5.0.0-rc.3
Depends on vulnerable versions of @vue/cli-shared-utils
Depends on vulnerable versions of globby
node_modules/@vue/cli-plugin-typescript
string-width 2.1.0 - 4.1.0
Depends on vulnerable versions of strip-ansi
node_modules/@vue/cli-service/node_modules/yargs/node_modules/string-width
node_modules/table/node_modules/string-width
table 4.0.2 - 5.4.6
Depends on vulnerable versions of string-width
node_modules/table
wrap-ansi 3.0.0 - 6.1.0
Depends on vulnerable versions of string-width
Depends on vulnerable versions of strip-ansi
node_modules/@vue/cli-service/node_modules/yargs/node_modules/wrap-ansi
apexcharts <3.24.0
Severity: moderate
XSS in apexcharts - https://github.com/advisories/GHSA-w46j-8hm6-h8mm
fix available via `npm audit fix --force`
Will install apexcharts@3.33.2, which is outside the stated dependency range
node_modules/apexcharts
glob-parent <5.1.2
Severity: high
Regular expression denial of service - https://github.com/advisories/GHSA-ww39-953v-wcq6
fix available via `npm audit fix --force`
Will install @vue/cli-service@5.0.1, which is a breaking change
node_modules/@vue/cli-plugin-eslint/node_modules/glob-parent
node_modules/@vue/cli-plugin-typescript/node_modules/glob-parent
node_modules/@vue/cli-service/node_modules/glob-parent
node_modules/copy-webpack-plugin/node_modules/glob-parent
node_modules/watchpack-chokidar2/node_modules/glob-parent
chokidar 1.0.0-rc1 - 2.1.8
Depends on vulnerable versions of glob-parent
node_modules/@vue/cli-service/node_modules/webpack-dev-server/node_modules/chokidar
node_modules/watchpack-chokidar2/node_modules/chokidar
watchpack-chokidar2 *
Depends on vulnerable versions of chokidar
node_modules/watchpack-chokidar2
watchpack 1.7.2 - 1.7.5
Depends on vulnerable versions of watchpack-chokidar2
node_modules/@vue/cli-plugin-eslint/node_modules/watchpack
node_modules/@vue/cli-plugin-typescript/node_modules/watchpack
node_modules/@vue/cli-service/node_modules/watchpack
webpack 4.44.0 - 4.46.0
Depends on vulnerable versions of watchpack
node_modules/@vue/cli-plugin-eslint/node_modules/webpack
node_modules/@vue/cli-plugin-typescript/node_modules/webpack
node_modules/@vue/cli-service/node_modules/webpack
webpack-dev-server 2.0.0-beta - 4.7.2
Depends on vulnerable versions of chokidar
Depends on vulnerable versions of selfsigned
Depends on vulnerable versions of yargs
node_modules/@vue/cli-service/node_modules/webpack-dev-server
copy-webpack-plugin 5.0.1 - 5.1.2
Depends on vulnerable versions of glob-parent
node_modules/copy-webpack-plugin
@vue/cli-service <=5.0.0-rc.3
Depends on vulnerable versions of @vue/cli-plugin-router
Depends on vulnerable versions of @vue/cli-shared-utils
Depends on vulnerable versions of copy-webpack-plugin
Depends on vulnerable versions of cssnano
Depends on vulnerable versions of globby
node_modules/@vue/cli-service
fast-glob <=2.2.7
Depends on vulnerable versions of glob-parent
node_modules/@vue/cli-plugin-eslint/node_modules/fast-glob
node_modules/@vue/cli-plugin-typescript/node_modules/fast-glob
node_modules/@vue/cli-service/node_modules/fast-glob
globby 8.0.0 - 9.2.0
Depends on vulnerable versions of fast-glob
node_modules/@vue/cli-plugin-eslint/node_modules/globby
node_modules/@vue/cli-plugin-typescript/node_modules/globby
node_modules/@vue/cli-service/node_modules/globby
@vue/cli-plugin-eslint <=5.0.0-rc.3
Depends on vulnerable versions of @vue/cli-shared-utils
Depends on vulnerable versions of globby
node_modules/@vue/cli-plugin-eslint
@vue/cli-plugin-typescript <=5.0.0-rc.3
Depends on vulnerable versions of @vue/cli-shared-utils
Depends on vulnerable versions of globby
node_modules/@vue/cli-plugin-typescript
node-forge <1.0.0
URL parsing in node-forge could lead to undesired behavior. - https://github.com/advisories/GHSA-gf8q-jrpm-jvxq
fix available via `npm audit fix`
node_modules/@vue/cli-service/node_modules/node-forge
selfsigned 1.1.1 - 1.10.14
Depends on vulnerable versions of node-forge
node_modules/@vue/cli-service/node_modules/selfsigned
webpack-dev-server 2.0.0-beta - 4.7.2
Depends on vulnerable versions of chokidar
Depends on vulnerable versions of selfsigned
Depends on vulnerable versions of yargs
node_modules/@vue/cli-service/node_modules/webpack-dev-server
nth-check <2.0.1
Severity: moderate
Inefficient Regular Expression Complexity in nth-check - https://github.com/advisories/GHSA-rp65-9cf3-cjxr
fix available via `npm audit fix --force`
Will install @vue/cli-service@5.0.1, which is a breaking change
node_modules/@vue/cli-service/node_modules/nth-check
node_modules/webpack-rtl-plugin/node_modules/nth-check
css-select <=3.1.0
Depends on vulnerable versions of nth-check
node_modules/@vue/cli-service/node_modules/css-select
node_modules/webpack-rtl-plugin/node_modules/css-select
svgo 1.0.0 - 1.3.2
Depends on vulnerable versions of css-select
node_modules/@vue/cli-service/node_modules/svgo
node_modules/webpack-rtl-plugin/node_modules/svgo
postcss-svgo 4.0.0-nightly.2020.1.9 - 5.0.0-rc.2
Depends on vulnerable versions of svgo
node_modules/@vue/cli-service/node_modules/postcss-svgo
node_modules/webpack-rtl-plugin/node_modules/postcss-svgo
cssnano-preset-default <=4.0.8
Depends on vulnerable versions of postcss-svgo
node_modules/@vue/cli-service/node_modules/cssnano-preset-default
node_modules/webpack-rtl-plugin/node_modules/cssnano-preset-default
@intervolga/optimize-cssnano-plugin >=1.0.2
Depends on vulnerable versions of cssnano-preset-default
node_modules/@vue/cli-service/node_modules/@intervolga/optimize-cssnano-plugin
cssnano 4.0.0-nightly.2020.1.9 - 4.1.11
Depends on vulnerable versions of cssnano-preset-default
node_modules/@vue/cli-service/node_modules/cssnano
node_modules/webpack-rtl-plugin/node_modules/cssnano
@vue/cli-service <=5.0.0-rc.3
Depends on vulnerable versions of @vue/cli-plugin-router
Depends on vulnerable versions of @vue/cli-shared-utils
Depends on vulnerable versions of copy-webpack-plugin
Depends on vulnerable versions of cssnano
Depends on vulnerable versions of globby
node_modules/@vue/cli-service
webpack-rtl-plugin *
Depends on vulnerable versions of @romainberger/css-diff
Depends on vulnerable versions of cssnano
Depends on vulnerable versions of rtlcss
node_modules/webpack-rtl-plugin
postcss <7.0.36
Severity: moderate
Regular Expression Denial of Service in postcss - https://github.com/advisories/GHSA-566m-qj78-rww5
fix available via `npm audit fix --force`
Will install webpack-rtl-plugin@1.3.0, which is a breaking change
node_modules/@romainberger/css-diff/node_modules/postcss
node_modules/rtlcss/node_modules/postcss
node_modules/webpack-rtl-plugin/node_modules/rtlcss/node_modules/postcss
@romainberger/css-diff *
Depends on vulnerable versions of postcss
node_modules/@romainberger/css-diff
webpack-rtl-plugin *
Depends on vulnerable versions of @romainberger/css-diff
Depends on vulnerable versions of cssnano
Depends on vulnerable versions of rtlcss
node_modules/webpack-rtl-plugin
rtlcss <=2.6.2
Depends on vulnerable versions of postcss
node_modules/rtlcss
node_modules/webpack-rtl-plugin/node_modules/rtlcss
rtlcss-webpack-plugin *
Depends on vulnerable versions of rtlcss
node_modules/rtlcss-webpack-plugin
quill <=1.3.7
Severity: moderate
Cross-site Scripting in quill - https://github.com/advisories/GHSA-4943-9vgg-gr5r
No fix available
node_modules/quill
39 vulnerabilities (2 low, 25 moderate, 12 high)
To address issues that do not require attention, run:
npm audit fix
To address all issues possible (including breaking changes), run:
npm audit fix --force
Some issues need review, and may require choosing
a different dependency.
