chore(dependencies): Update all dependencies #127
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?s=60&v=4){kind=small}
Command resultsDetails:add path/home/runner/work/_actions/technote-space/create-pr-action/v2.0.3/node_modules/npm-check-updates/binncu -u --packageFile package.jsonUpgrading /home/runner/work/campus-website/campus-website/package.json
@tailwindcss/typography ^0.5.15 → ^0.5.16
eslint ^9.17.0 → ^9.18.0
Run npm install to install new versions.npm installstderr:npm error code ERESOLVE
npm error ERESOLVE unable to resolve dependency tree
npm error
npm error While resolving: [email protected]
npm error Found: [email protected]
npm error node_modules/eslint
npm error dev eslint@"^9.18.0" from the root project
npm error
npm error Could not resolve dependency:
npm error peer eslint@"^8.23.0" from @nuxtjs/[email protected]
npm error node_modules/@nuxtjs/eslint-config
npm error dev @nuxtjs/eslint-config@"^12.0.0" from the root project
npm error
npm error Fix the upstream dependency conflict, or retry
npm error this command with --force or --legacy-peer-deps
npm error to accept an incorrect (and potentially broken) dependency resolution.
npm error
npm error
npm error For a full report see:
npm error /home/runner/.npm/_logs/2025-01-13T01_47_03_147Z-eresolve-report.txt
npm error A complete log of this run can be found in: /home/runner/.npm/_logs/2025-01-13T01_47_03_147Z-debug-0.lognpm upgradestderr:npm error code ERESOLVE
npm error ERESOLVE unable to resolve dependency tree
npm error
npm error While resolving: [email protected]
npm error Found: [email protected]
npm error node_modules/eslint
npm error dev eslint@"^9.18.0" from the root project
npm error
npm error Could not resolve dependency:
npm error peer eslint@"^8.23.0" from @nuxtjs/[email protected]
npm error node_modules/@nuxtjs/eslint-config
npm error dev @nuxtjs/eslint-config@"^12.0.0" from the root project
npm error
npm error Fix the upstream dependency conflict, or retry
npm error this command with --force or --legacy-peer-deps
npm error to accept an incorrect (and potentially broken) dependency resolution.
npm error
npm error
npm error For a full report see:
npm error /home/runner/.npm/_logs/2025-01-13T01_47_05_435Z-eresolve-report.txt
npm error A complete log of this run can be found in: /home/runner/.npm/_logs/2025-01-13T01_47_05_435Z-debug-0.lognpm audit# npm audit report
@babel/traverse <7.23.2
Severity: critical
Babel vulnerable to arbitrary code execution when compiling specifically crafted malicious code - https://github.com/advisories/GHSA-67hx-6x53-jw92
fix available via `npm audit fix`
node_modules/@babel/traverse
ansi-html <0.0.8
Severity: high
Uncontrolled Resource Consumption in ansi-html - https://github.com/advisories/GHSA-whgm-jr23-g3j9
fix available via `npm audit fix`
node_modules/ansi-html
webpack-dev-server <=4.7.2
Depends on vulnerable versions of ansi-html
Depends on vulnerable versions of chokidar
Depends on vulnerable versions of http-proxy-middleware
Depends on vulnerable versions of selfsigned
Depends on vulnerable versions of webpack-dev-middleware
node_modules/webpack-dev-server
webpack-hot-middleware 2.9.0 - 2.25.0
Depends on vulnerable versions of ansi-html
node_modules/webpack-hot-middleware
ansi-regex 3.0.0 || 4.0.0 - 4.1.0 || 5.0.0
Severity: high
Inefficient Regular Expression Complexity in chalk/ansi-regex - https://github.com/advisories/GHSA-93q8-gq69-wqmw
Inefficient Regular Expression Complexity in chalk/ansi-regex - https://github.com/advisories/GHSA-93q8-gq69-wqmw
Inefficient Regular Expression Complexity in chalk/ansi-regex - https://github.com/advisories/GHSA-93q8-gq69-wqmw
fix available via `npm audit fix`
node_modules/@nuxt/cli/node_modules/ansi-regex
node_modules/@vuepress/core/node_modules/ansi-regex
node_modules/ansi-align/node_modules/ansi-regex
node_modules/ansi-regex
node_modules/boxen/node_modules/ansi-regex
node_modules/cli-truncate/node_modules/ansi-regex
node_modules/cliui/node_modules/ansi-regex
node_modules/eslint/node_modules/ansi-regex
node_modules/inquirer/node_modules/ansi-regex
node_modules/listr2/node_modules/ansi-regex
node_modules/markdown-eslint-parser/node_modules/ansi-regex
node_modules/table/node_modules/ansi-regex
node_modules/update-notifier/node_modules/ansi-regex
node_modules/widest-line/node_modules/ansi-regex
node_modules/wrap-ansi/node_modules/ansi-regex
node_modules/yargs/node_modules/ansi-regex
async 2.0.0 - 2.6.3
Severity: high
Prototype Pollution in async - https://github.com/advisories/GHSA-fwr7-v2mv-hh25
fix available via `npm audit fix`
node_modules/async
body-parser <=1.20.2
Severity: high
body-parser vulnerable to denial of service when url encoding is enabled - https://github.com/advisories/GHSA-qwcr-r2fm-qrc7
Depends on vulnerable versions of qs
fix available via `npm audit fix`
node_modules/body-parser
express <=4.21.1 || 5.0.0-alpha.1 - 5.0.0
Depends on vulnerable versions of body-parser
Depends on vulnerable versions of cookie
Depends on vulnerable versions of path-to-regexp
Depends on vulnerable versions of qs
Depends on vulnerable versions of send
Depends on vulnerable versions of serve-static
node_modules/express
braces <3.0.3
Severity: high
Uncontrolled resource consumption in braces - https://github.com/advisories/GHSA-grv7-fg5c-xmjg
fix available via `npm audit fix`
node_modules/@vuepress/core/node_modules/braces
node_modules/braces
node_modules/micromatch/node_modules/braces
node_modules/watchpack-chokidar2/node_modules/braces
node_modules/webpack-dev-server/node_modules/braces
chokidar 1.3.0 - 2.1.8
Depends on vulnerable versions of anymatch
Depends on vulnerable versions of braces
Depends on vulnerable versions of readdirp
node_modules/@vuepress/core/node_modules/chokidar
node_modules/watchpack-chokidar2/node_modules/chokidar
node_modules/webpack-dev-server/node_modules/chokidar
watchpack-chokidar2 *
Depends on vulnerable versions of chokidar
node_modules/watchpack-chokidar2
watchpack 1.7.2 - 1.7.5
Depends on vulnerable versions of watchpack-chokidar2
node_modules/watchpack
webpack 4.0.0-alpha.0 - 5.0.0-rc.6
Depends on vulnerable versions of micromatch
Depends on vulnerable versions of watchpack
node_modules/webpack
@nuxt/webpack *
Depends on vulnerable versions of css-loader
Depends on vulnerable versions of cssnano
Depends on vulnerable versions of optimize-css-assets-webpack-plugin
Depends on vulnerable versions of postcss
Depends on vulnerable versions of postcss-import
Depends on vulnerable versions of postcss-loader
Depends on vulnerable versions of postcss-preset-env
Depends on vulnerable versions of postcss-url
Depends on vulnerable versions of vue-loader
Depends on vulnerable versions of vue-template-compiler
Depends on vulnerable versions of webpack
Depends on vulnerable versions of webpack-dev-middleware
node_modules/@nuxt/webpack
@nuxt/builder >=2.4.0
Depends on vulnerable versions of @nuxt/vue-app
Depends on vulnerable versions of @nuxt/webpack
node_modules/@nuxt/builder
nuxt <=3.12.3
Depends on vulnerable versions of @nuxt/builder
Depends on vulnerable versions of @nuxt/components
Depends on vulnerable versions of @nuxt/core
Depends on vulnerable versions of @nuxt/generator
Depends on vulnerable versions of @nuxt/server
Depends on vulnerable versions of @nuxt/vue-app
Depends on vulnerable versions of @nuxt/vue-renderer
Depends on vulnerable versions of @nuxt/webpack
node_modules/nuxt
micromatch <=4.0.7
Depends on vulnerable versions of braces
node_modules/fast-glob/node_modules/micromatch
node_modules/lint-staged/node_modules/micromatch
node_modules/micromatch
anymatch 1.2.0 - 2.0.0
Depends on vulnerable versions of micromatch
node_modules/@vuepress/core/node_modules/anymatch
node_modules/watchpack-chokidar2/node_modules/anymatch
node_modules/webpack-dev-server/node_modules/anymatch
fast-glob <=2.2.7
Depends on vulnerable versions of micromatch
node_modules/@vuepress/shared-utils/node_modules/fast-glob
globby 8.0.0 - 9.2.0
Depends on vulnerable versions of fast-glob
node_modules/@vuepress/shared-utils/node_modules/globby
@vuepress/shared-utils *
Depends on vulnerable versions of globby
node_modules/@vuepress/shared-utils
@vuepress/plugin-register-components <=1.9.10
Depends on vulnerable versions of @vuepress/shared-utils
node_modules/@vuepress/plugin-register-components
vuepress-plugin-container >=2.1.5
Depends on vulnerable versions of @vuepress/shared-utils
node_modules/vuepress-plugin-container
http-proxy-middleware <=2.0.7-beta.1
Depends on vulnerable versions of micromatch
node_modules/http-proxy-middleware
readdirp 2.2.0 - 2.2.1
Depends on vulnerable versions of micromatch
node_modules/@vuepress/core/node_modules/readdirp
node_modules/watchpack-chokidar2/node_modules/readdirp
node_modules/webpack-dev-server/node_modules/readdirp
browserify-sign 2.6.0 - 4.2.1
Severity: high
browserify-sign upper bound check issue in `dsaVerify` leads to a signature forgery attack - https://github.com/advisories/GHSA-x9w5-v3q2-3rhw
fix available via `npm audit fix`
node_modules/browserify-sign
cookie <0.7.0
cookie accepts cookie name, path, and domain with out of bounds characters - https://github.com/advisories/GHSA-pxg6-pf52-xh8x
fix available via `npm audit fix`
node_modules/cookie
node_modules/express/node_modules/cookie
@nuxtjs/youch *
Depends on vulnerable versions of cookie
node_modules/@nuxtjs/youch
@nuxt/server *
Depends on vulnerable versions of @nuxt/vue-renderer
Depends on vulnerable versions of @nuxtjs/youch
node_modules/@nuxt/server
@nuxt/core *
Depends on vulnerable versions of @nuxt/server
node_modules/@nuxt/core
cross-spawn <6.0.6 || >=7.0.0 <7.0.5
Severity: high
Regular Expression Denial of Service (ReDoS) in cross-spawn - https://github.com/advisories/GHSA-3xgq-45jj-v275
Regular Expression Denial of Service (ReDoS) in cross-spawn - https://github.com/advisories/GHSA-3xgq-45jj-v275
fix available via `npm audit fix`
node_modules/@vuepress/core/node_modules/cross-spawn
node_modules/@vuepress/plugin-last-updated/node_modules/cross-spawn
node_modules/cross-spawn
node_modules/default-gateway/node_modules/cross-spawn
node_modules/markdown-eslint-parser/node_modules/cross-spawn
node_modules/node-sass/node_modules/cross-spawn
node-sass 1.2.0 - 7.0.3
Depends on vulnerable versions of cross-spawn
Depends on vulnerable versions of request
node_modules/node-sass
decode-uri-component <0.2.1
Severity: high
decode-uri-component vulnerable to Denial of Service (DoS) - https://github.com/advisories/GHSA-w573-4hg7-7wgq
fix available via `npm audit fix`
node_modules/decode-uri-component
elliptic <=6.5.7
Elliptic's EDDSA missing signature length check - https://github.com/advisories/GHSA-f7q4-pwc6-w24p
Elliptic's ECDSA missing check for whether leading bit of r and s is zero - https://github.com/advisories/GHSA-977x-g7h5-7qgw
Elliptic allows BER-encoded signatures - https://github.com/advisories/GHSA-49q7-c7j4-3p7m
Valid ECDSA signatures erroneously rejected in Elliptic - https://github.com/advisories/GHSA-fc9h-whq2-v747
Elliptic's verify function omits uniqueness validation - https://github.com/advisories/GHSA-434g-2637-qmqr
fix available via `npm audit fix`
node_modules/elliptic
eventsource <1.1.1
Severity: critical
Exposure of Sensitive Information in eventsource - https://github.com/advisories/GHSA-6h5x-7c5m-7cr7
fix available via `npm audit fix`
node_modules/eventsource
follow-redirects <=1.15.5
Severity: high
Exposure of Sensitive Information to an Unauthorized Actor in follow-redirects - https://github.com/advisories/GHSA-pw2r-vq6v-hr8c
Exposure of sensitive information in follow-redirects - https://github.com/advisories/GHSA-74fj-2j2h-c42q
Follow Redirects improperly handles URLs in the url.parse() function - https://github.com/advisories/GHSA-jchw-25xp-jwwc
follow-redirects' Proxy-Authorization header kept across hosts - https://github.com/advisories/GHSA-cxjh-pqwp-8mfp
fix available via `npm audit fix`
node_modules/follow-redirects
got <11.8.5
Severity: moderate
Got allows a redirect to a UNIX socket - https://github.com/advisories/GHSA-pfrx-2q88-qq97
fix available via `npm audit fix --force`
Will install [email protected], which is a breaking change
node_modules/got
package-json <=6.5.0
Depends on vulnerable versions of got
node_modules/package-json
latest-version 0.2.0 - 5.1.0
Depends on vulnerable versions of package-json
node_modules/latest-version
update-notifier 0.2.0 - 5.1.0
Depends on vulnerable versions of latest-version
node_modules/update-notifier
vuepress 1.0.0-alpha.0 - 1.9.10
Depends on vulnerable versions of @vuepress/core
Depends on vulnerable versions of update-notifier
node_modules/vuepress
html-minifier *
Severity: high
kangax html-minifier REDoS vulnerability - https://github.com/advisories/GHSA-pfq8-rq6v-vf5m
fix available via `npm audit fix`
node_modules/html-minifier
node_modules/vuepress-html-webpack-plugin/node_modules/html-minifier
@nuxt/generator <=2.17.3
Depends on vulnerable versions of html-minifier
node_modules/@nuxt/generator
http-cache-semantics <4.1.1
Severity: high
http-cache-semantics vulnerable to Regular Expression Denial of Service - https://github.com/advisories/GHSA-rc47-6667-2j5j
fix available via `npm audit fix`
node_modules/http-cache-semantics
ip *
Severity: high
NPM IP package incorrectly identifies some private IP addresses as public - https://github.com/advisories/GHSA-78xj-cgh5-2h22
ip SSRF improper categorization in isPublic - https://github.com/advisories/GHSA-2p57-rm9w-gvfp
fix available via `npm audit fix`
node_modules/ip
json-schema <0.4.0
Severity: critical
json-schema is vulnerable to Prototype Pollution - https://github.com/advisories/GHSA-896r-f27r-55mw
fix available via `npm audit fix`
node_modules/json-schema
jsprim 0.3.0 - 1.4.1 || 2.0.0 - 2.0.1
Depends on vulnerable versions of json-schema
node_modules/jsprim
json5 <1.0.2 || >=2.0.0 <2.2.2
Severity: high
Prototype Pollution in JSON5 via Parse Method - https://github.com/advisories/GHSA-9c47-m6qq-7p4h
Prototype Pollution in JSON5 via Parse Method - https://github.com/advisories/GHSA-9c47-m6qq-7p4h
fix available via `npm audit fix`
node_modules/@vuepress/core/node_modules/json5
node_modules/@vuepress/markdown-loader/node_modules/json5
node_modules/babel-loader/node_modules/json5
node_modules/cache-loader/node_modules/json5
node_modules/copy-webpack-plugin/node_modules/json5
node_modules/html-webpack-plugin/node_modules/json5
node_modules/json5
node_modules/mini-css-extract-plugin/node_modules/json5
node_modules/postcss-loader/node_modules/json5
node_modules/pug-plain-loader/node_modules/json5
node_modules/sass-loader/node_modules/json5
node_modules/stylus-loader/node_modules/json5
node_modules/vue-loader/node_modules/json5
node_modules/vue-style-loader/node_modules/json5
node_modules/vuepress-html-webpack-plugin/node_modules/json5
node_modules/webpack/node_modules/json5
loader-utils <=1.4.1 || 2.0.0 - 2.0.3
Depends on vulnerable versions of json5
node_modules/@vuepress/core/node_modules/loader-utils
node_modules/@vuepress/markdown-loader/node_modules/loader-utils
node_modules/babel-loader/node_modules/loader-utils
node_modules/cache-loader/node_modules/loader-utils
node_modules/copy-webpack-plugin/node_modules/loader-utils
node_modules/html-webpack-plugin/node_modules/loader-utils
node_modules/loader-utils
node_modules/mini-css-extract-plugin/node_modules/loader-utils
node_modules/postcss-loader/node_modules/loader-utils
node_modules/pug-plain-loader/node_modules/loader-utils
node_modules/sass-loader/node_modules/loader-utils
node_modules/stylus-loader/node_modules/loader-utils
node_modules/vue-loader/node_modules/loader-utils
node_modules/vue-style-loader/node_modules/loader-utils
node_modules/vuepress-html-webpack-plugin/node_modules/loader-utils
node_modules/webpack/node_modules/loader-utils
vuepress-html-webpack-plugin *
Depends on vulnerable versions of html-minifier
Depends on vulnerable versions of loader-utils
node_modules/vuepress-html-webpack-plugin
lodash.template *
Severity: high
Command Injection in lodash - https://github.com/advisories/GHSA-35jh-r3h4-6jhm
fix available via `npm audit fix --force`
Will install @nuxtjs/[email protected], which is a breaking change
node_modules/lodash.template
@nuxtjs/pwa >=3.2.0
Depends on vulnerable versions of lodash.template
node_modules/@nuxtjs/pwa
vue-server-renderer >=2.3.0-beta.1
Depends on vulnerable versions of lodash.template
node_modules/vue-server-renderer
markdown-it <12.3.2
Severity: moderate
Uncontrolled Resource Consumption in markdown-it - https://github.com/advisories/GHSA-6vfc-qv3f-vr6c
fix available via `npm audit fix`
node_modules/markdown-it
@vuepress/markdown <=1.9.10
Depends on vulnerable versions of @vuepress/shared-utils
Depends on vulnerable versions of markdown-it
node_modules/@vuepress/markdown
@vuepress/markdown-loader *
Depends on vulnerable versions of @vuepress/markdown
node_modules/@vuepress/markdown-loader
minimatch <3.0.5
Severity: high
minimatch ReDoS vulnerability - https://github.com/advisories/GHSA-f8q6-p94x-37v3
fix available via `npm audit fix`
node_modules/minimatch
minimist 1.0.0 - 1.2.5
Severity: critical
Prototype Pollution in minimist - https://github.com/advisories/GHSA-xvch-5gv4-984h
fix available via `npm audit fix`
node_modules/minimist
nanoid <=3.3.7
Severity: moderate
Exposure of Sensitive Information to an Unauthorized Actor in nanoid - https://github.com/advisories/GHSA-qrpm-p2h7-hrv2
Predictable results in nanoid generation when given non-integer values - https://github.com/advisories/GHSA-mwcw-c2x4-8c55
fix available via `npm audit fix`
node_modules/nanoid
node-fetch <2.6.7
Severity: high
node-fetch forwards secure headers to untrusted sites - https://github.com/advisories/GHSA-r683-j2x4-v87g
fix available via `npm audit fix`
node_modules/node-fetch
node-forge <=1.2.1
Severity: high
Prototype Pollution in node-forge debug API. - https://github.com/advisories/GHSA-5rrq-pxf6-6jx5
URL parsing in node-forge could lead to undesired behavior. - https://github.com/advisories/GHSA-gf8q-jrpm-jvxq
Improper Verification of Cryptographic Signature in `node-forge` - https://github.com/advisories/GHSA-2r2c-g63r-vccr
Open Redirect in node-forge - https://github.com/advisories/GHSA-8fr3-hfg3-gpgp
Improper Verification of Cryptographic Signature in node-forge - https://github.com/advisories/GHSA-cfm4-qjh2-4765
Improper Verification of Cryptographic Signature in node-forge - https://github.com/advisories/GHSA-x4jg-mjrx-434g
fix available via `npm audit fix`
node_modules/node-forge
selfsigned 1.1.1 - 1.10.14
Depends on vulnerable versions of node-forge
node_modules/selfsigned
nth-check <2.0.1
Severity: high
Inefficient Regular Expression Complexity in nth-check - https://github.com/advisories/GHSA-rp65-9cf3-cjxr
fix available via `npm audit fix`
node_modules/node-html-parser/node_modules/nth-check
node_modules/nth-check
node_modules/renderkid/node_modules/nth-check
css-select <=3.1.0
Depends on vulnerable versions of nth-check
node_modules/css-select
svgo 1.0.0 - 1.3.2
Depends on vulnerable versions of css-select
node_modules/svgo
postcss-svgo <=5.0.0-rc.2
Depends on vulnerable versions of postcss
Depends on vulnerable versions of svgo
node_modules/postcss-svgo
parse-path <5.0.0
Severity: high
Authorization Bypass in parse-path - https://github.com/advisories/GHSA-3j8f-xvm3-ffx4
fix available via `npm audit fix`
node_modules/parse-path
parse-url <=8.0.0
Depends on vulnerable versions of parse-path
node_modules/parse-url
git-up <=6.0.0
Depends on vulnerable versions of parse-url
node_modules/git-up
git-url-parse 4.0.0 - 12.0.0
Depends on vulnerable versions of git-up
node_modules/git-url-parse
@nuxt/telemetry <=1.3.6 || 2.0.0 - 2.1.4
Depends on vulnerable versions of git-url-parse
node_modules/@nuxt/telemetry
path-to-regexp <=0.1.11
Severity: high
path-to-regexp outputs backtracking regular expressions - https://github.com/advisories/GHSA-9wv6-86v2-598j
Unpatched `path-to-regexp` ReDoS in 0.1.x - https://github.com/advisories/GHSA-rhx6-c78j-4q9w
fix available via `npm audit fix`
node_modules/path-to-regexp
postcss <=8.4.30
Severity: moderate
Regular Expression Denial of Service in postcss - https://github.com/advisories/GHSA-hwj9-h5mp-3pm3
Regular Expression Denial of Service in postcss - https://github.com/advisories/GHSA-566m-qj78-rww5
PostCSS line return parsing error - https://github.com/advisories/GHSA-7fh5-64p2-3v2j
fix available via `npm audit fix`
node_modules/@fullhuman/postcss-purgecss/node_modules/postcss
node_modules/postcss
node_modules/postcss-functions/node_modules/postcss
node_modules/purgecss/node_modules/postcss
@fullhuman/postcss-purgecss 2.0.3 - 3.0.0
Depends on vulnerable versions of postcss
Depends on vulnerable versions of purgecss
node_modules/@fullhuman/postcss-purgecss
tailwindcss 0.1.0 - 2.2.0-canary.16 || 4.0.0-alpha.1
Depends on vulnerable versions of @fullhuman/postcss-purgecss
Depends on vulnerable versions of autoprefixer
Depends on vulnerable versions of postcss
Depends on vulnerable versions of postcss-functions
Depends on vulnerable versions of postcss-js
Depends on vulnerable versions of postcss-nested
node_modules/tailwindcss
@nuxtjs/tailwindcss <=3.4.3
Depends on vulnerable versions of tailwindcss
node_modules/@nuxtjs/tailwindcss
@types/autoprefixer <=9.7.2
Depends on vulnerable versions of postcss
node_modules/@types/autoprefixer
@nuxt/types 0.5.0 - 2.16.0
Depends on vulnerable versions of @types/autoprefixer
node_modules/@nuxt/types
@vue/component-compiler-utils *
Depends on vulnerable versions of postcss
node_modules/@vue/component-compiler-utils
vue-loader 15.0.0-beta.1 - 15.11.1
Depends on vulnerable versions of @vue/component-compiler-utils
node_modules/vue-loader
autoprefixer 1.0.20131222 - 9.8.8
Depends on vulnerable versions of postcss
node_modules/autoprefixer
postcss-preset-env <=7.0.0
Depends on vulnerable versions of autoprefixer
Depends on vulnerable versions of css-blank-pseudo
Depends on vulnerable versions of css-has-pseudo
Depends on vulnerable versions of css-prefers-color-scheme
Depends on vulnerable versions of postcss
Depends on vulnerable versions of postcss-attribute-case-insensitive
Depends on vulnerable versions of postcss-color-functional-notation
Depends on vulnerable versions of postcss-color-gray
Depends on vulnerable versions of postcss-color-hex-alpha
Depends on vulnerable versions of postcss-color-mod-function
Depends on vulnerable versions of postcss-color-rebeccapurple
Depends on vulnerable versions of postcss-custom-media
Depends on vulnerable versions of postcss-custom-properties
Depends on vulnerable versions of postcss-custom-selectors
Depends on vulnerable versions of postcss-dir-pseudo-class
Depends on vulnerable versions of postcss-double-position-gradients
Depends on vulnerable versions of postcss-env-function
Depends on vulnerable versions of postcss-focus-visible
Depends on vulnerable versions of postcss-focus-within
Depends on vulnerable versions of postcss-font-variant
Depends on vulnerable versions of postcss-gap-properties
Depends on vulnerable versions of postcss-image-set-function
Depends on vulnerable versions of postcss-initial
Depends on vulnerable versions of postcss-lab-function
Depends on vulnerable versions of postcss-logical
Depends on vulnerable versions of postcss-media-minmax
Depends on vulnerable versions of postcss-nesting
Depends on vulnerable versions of postcss-overflow-shorthand
Depends on vulnerable versions of postcss-page-break
Depends on vulnerable versions of postcss-place
Depends on vulnerable versions of postcss-pseudo-class-any-link
Depends on vulnerable versions of postcss-replace-overflow-wrap
Depends on vulnerable versions of postcss-selector-matches
Depends on vulnerable versions of postcss-selector-not
node_modules/postcss-preset-env
css-blank-pseudo <=1.0.0
Depends on vulnerable versions of postcss
node_modules/css-blank-pseudo
css-declaration-sorter <=5.1.2
Depends on vulnerable versions of postcss
node_modules/css-declaration-sorter
css-has-pseudo <=1.0.0
Depends on vulnerable versions of postcss
node_modules/css-has-pseudo
css-loader 0.15.0 - 4.3.0
Depends on vulnerable versions of icss-utils
Depends on vulnerable versions of postcss
Depends on vulnerable versions of postcss-modules-extract-imports
Depends on vulnerable versions of postcss-modules-local-by-default
Depends on vulnerable versions of postcss-modules-scope
Depends on vulnerable versions of postcss-modules-values
node_modules/@vuepress/core/node_modules/css-loader
node_modules/css-loader
css-prefers-color-scheme <=4.0.0
Depends on vulnerable versions of postcss
node_modules/css-prefers-color-scheme
vuepress-theme-default-prefers-color-scheme 1.0.1 - 1.1.2
Depends on vulnerable versions of css-prefers-color-scheme
node_modules/vuepress-theme-default-prefers-color-scheme
cssnano <=4.1.11
Depends on vulnerable versions of cssnano-preset-default
Depends on vulnerable versions of postcss
node_modules/cssnano
optimize-css-assets-webpack-plugin <=1.3.2 || 3.0.0 - 5.0.8
Depends on vulnerable versions of cssnano
node_modules/optimize-css-assets-webpack-plugin
cssnano-preset-default <=4.0.8
Depends on vulnerable versions of css-declaration-sorter
Depends on vulnerable versions of cssnano-util-raw-cache
Depends on vulnerable versions of postcss
Depends on vulnerable versions of postcss-calc
Depends on vulnerable versions of postcss-colormin
Depends on vulnerable versions of postcss-convert-values
Depends on vulnerable versions of postcss-discard-comments
Depends on vulnerable versions of postcss-discard-duplicates
Depends on vulnerable versions of postcss-discard-empty
Depends on vulnerable versions of postcss-discard-overridden
Depends on vulnerable versions of postcss-merge-longhand
Depends on vulnerable versions of postcss-merge-rules
Depends on vulnerable versions of postcss-minify-font-values
Depends on vulnerable versions of postcss-minify-gradients
Depends on vulnerable versions of postcss-minify-params
Depends on vulnerable versions of postcss-minify-selectors
Depends on vulnerable versions of postcss-normalize-charset
Depends on vulnerable versions of postcss-normalize-display-values
Depends on vulnerable versions of postcss-normalize-positions
Depends on vulnerable versions of postcss-normalize-repeat-style
Depends on vulnerable versions of postcss-normalize-string
Depends on vulnerable versions of postcss-normalize-timing-functions
Depends on vulnerable versions of postcss-normalize-unicode
Depends on vulnerable versions of postcss-normalize-url
Depends on vulnerable versions of postcss-normalize-whitespace
Depends on vulnerable versions of postcss-ordered-values
Depends on vulnerable versions of postcss-reduce-initial
Depends on vulnerable versions of postcss-reduce-transforms
Depends on vulnerable versions of postcss-svgo
Depends on vulnerable versions of postcss-unique-selectors
node_modules/cssnano-preset-default
cssnano-util-raw-cache *
Depends on vulnerable versions of postcss
node_modules/cssnano-util-raw-cache
icss-utils <=4.1.1
Depends on vulnerable versions of postcss
node_modules/icss-utils
postcss-modules-local-by-default <=4.0.0-rc.4
Depends on vulnerable versions of icss-utils
Depends on vulnerable versions of postcss
node_modules/@vuepress/core/node_modules/postcss-modules-local-by-default
node_modules/postcss-modules-local-by-default
postcss-modules-values <=4.0.0-rc.5
Depends on vulnerable versions of icss-utils
Depends on vulnerable versions of postcss
node_modules/@vuepress/core/node_modules/postcss-modules-values
node_modules/postcss-modules-values
postcss-attribute-case-insensitive <=4.0.2
Depends on vulnerable versions of postcss
node_modules/postcss-attribute-case-insensitive
postcss-calc 4.1.0 - 7.0.5
Depends on vulnerable versions of postcss
node_modules/postcss-calc
postcss-color-functional-notation <=3.0.2
Depends on vulnerable versions of postcss
node_modules/postcss-color-functional-notation
postcss-color-gray >=3.0.0
Depends on vulnerable versions of postcss
node_modules/postcss-color-gray
postcss-color-hex-alpha 1.3.0 - 6.0.0
Depends on vulnerable versions of postcss
node_modules/postcss-color-hex-alpha
postcss-color-mod-function <=3.0.3
Depends on vulnerable versions of postcss
node_modules/postcss-color-mod-function
postcss-color-rebeccapurple 1.2.0 - 6.0.0
Depends on vulnerable versions of postcss
node_modules/postcss-color-rebeccapurple
postcss-colormin <=4.0.3
Depends on vulnerable versions of postcss
node_modules/postcss-colormin
postcss-convert-values <=4.0.1
Depends on vulnerable versions of postcss
node_modules/postcss-convert-values
postcss-custom-media 4.0.0 - 7.0.8
Depends on vulnerable versions of postcss
node_modules/postcss-custom-media
postcss-custom-properties 3.3.0 - 10.0.0
Depends on vulnerable versions of postcss
node_modules/postcss-custom-properties
postcss-custom-selectors 2.3.0 - 5.1.2
Depends on vulnerable versions of postcss
node_modules/postcss-custom-selectors
postcss-dir-pseudo-class <=5.0.0
Depends on vulnerable versions of postcss
node_modules/postcss-dir-pseudo-class
postcss-discard-comments <=4.0.2
Depends on vulnerable versions of postcss
node_modules/postcss-discard-comments
postcss-discard-duplicates 1.1.0 - 4.0.2
Depends on vulnerable versions of postcss
node_modules/postcss-discard-duplicates
postcss-discard-empty 1.1.0 - 4.0.1
Depends on vulnerable versions of postcss
node_modules/postcss-discard-empty
postcss-discard-overridden <=4.0.1
Depends on vulnerable versions of postcss
node_modules/postcss-discard-overridden
postcss-double-position-gradients <=2.0.0
Depends on vulnerable versions of postcss
node_modules/postcss-double-position-gradients
postcss-env-function <=3.0.0
Depends on vulnerable versions of postcss
node_modules/postcss-env-function
postcss-focus-visible <=5.0.0
Depends on vulnerable versions of postcss
node_modules/postcss-focus-visible
postcss-focus-within <=4.0.0
Depends on vulnerable versions of postcss
node_modules/postcss-focus-within
postcss-font-variant 1.2.0 - 4.0.1
Depends on vulnerable versions of postcss
node_modules/postcss-font-variant
postcss-functions <=3.0.0
Depends on vulnerable versions of postcss
node_modules/postcss-functions
postcss-gap-properties <=2.0.0
Depends on vulnerable versions of postcss
node_modules/postcss-gap-properties
postcss-image-set-function <=3.0.1
Depends on vulnerable versions of postcss
node_modules/postcss-image-set-function
postcss-import <=12.0.1
Depends on vulnerable versions of postcss
node_modules/postcss-import
postcss-initial <=3.0.4
Depends on vulnerable versions of postcss
node_modules/postcss-initial
postcss-js <=2.0.3
Depends on vulnerable versions of postcss
node_modules/postcss-js
postcss-lab-function <=3.1.2
Depends on vulnerable versions of postcss
node_modules/postcss-lab-function
postcss-loader <=4.0.1
Depends on vulnerable versions of postcss
node_modules/postcss-loader
postcss-logical <=4.0.2
Depends on vulnerable versions of postcss
node_modules/postcss-logical
postcss-media-minmax 1.2.0 - 4.0.0
Depends on vulnerable versions of postcss
node_modules/postcss-media-minmax
postcss-merge-longhand <=4.0.11
Depends on vulnerable versions of postcss
Depends on vulnerable versions of stylehacks
node_modules/postcss-merge-longhand
postcss-merge-rules <=4.0.3
Depends on vulnerable versions of postcss
node_modules/postcss-merge-rules
postcss-minify-font-values <=4.0.2
Depends on vulnerable versions of postcss
node_modules/postcss-minify-font-values
postcss-minify-gradients <=4.0.2
Depends on vulnerable versions of postcss
node_modules/postcss-minify-gradients
postcss-minify-params <=4.0.2
Depends on vulnerable versions of postcss
node_modules/postcss-minify-params
postcss-minify-selectors <=4.0.2
Depends on vulnerable versions of postcss
node_modules/postcss-minify-selectors
postcss-modules-extract-imports <=2.0.0
Depends on vulnerable versions of postcss
node_modules/postcss-modules-extract-imports
postcss-modules-scope <=2.2.0
Depends on vulnerable versions of postcss
node_modules/postcss-modules-scope
postcss-nested <=4.2.3
Depends on vulnerable versions of postcss
node_modules/postcss-nested
postcss-nesting <=7.0.1
Depends on vulnerable versions of postcss
node_modules/postcss-nesting
postcss-normalize-charset <=4.0.1
Depends on vulnerable versions of postcss
node_modules/postcss-normalize-charset
postcss-normalize-display-values <=4.0.2
Depends on vulnerable versions of postcss
node_modules/postcss-normalize-display-values
postcss-normalize-positions <=4.0.2
Depends on vulnerable versions of postcss
node_modules/postcss-normalize-positions
postcss-normalize-repeat-style <=4.0.2
Depends on vulnerable versions of postcss
node_modules/postcss-normalize-repeat-style
postcss-normalize-string <=4.0.2
Depends on vulnerable versions of postcss
node_modules/postcss-normalize-string
postcss-normalize-timing-functions <=4.0.2
Depends on vulnerable versions of postcss
node_modules/postcss-normalize-timing-functions
postcss-normalize-unicode <=4.0.1
Depends on vulnerable versions of postcss
node_modules/postcss-normalize-unicode
postcss-normalize-url 1.1.0 - 4.0.1
Depends on vulnerable versions of postcss
node_modules/postcss-normalize-url
postcss-normalize-whitespace <=4.0.2
Depends on vulnerable versions of postcss
node_modules/postcss-normalize-whitespace
postcss-ordered-values <=4.1.2
Depends on vulnerable versions of postcss
node_modules/postcss-ordered-values
postcss-overflow-shorthand <=2.0.0
Depends on vulnerable versions of postcss
node_modules/postcss-overflow-shorthand
postcss-page-break <=2.0.0
Depends on vulnerable versions of postcss
node_modules/postcss-page-break
postcss-place <=5.0.0
Depends on vulnerable versions of postcss
node_modules/postcss-place
postcss-pseudo-class-any-link <=6.0.0
Depends on vulnerable versions of postcss
node_modules/postcss-pseudo-class-any-link
postcss-reduce-initial <=4.0.3
Depends on vulnerable versions of postcss
node_modules/postcss-reduce-initial
postcss-reduce-transforms <=4.0.2
Depends on vulnerable versions of postcss
node_modules/postcss-reduce-transforms
postcss-replace-overflow-wrap <=3.0.0
Depends on vulnerable versions of postcss
node_modules/postcss-replace-overflow-wrap
postcss-safe-parser <=4.0.2
Depends on vulnerable versions of postcss
node_modules/postcss-safe-parser
postcss-selector-matches *
Depends on vulnerable versions of postcss
node_modules/postcss-selector-matches
postcss-selector-not <=4.0.1
Depends on vulnerable versions of postcss
node_modules/postcss-selector-not
postcss-unique-selectors <=4.0.1
Depends on vulnerable versions of postcss
node_modules/postcss-unique-selectors
postcss-url 3.3.0 - 10.0.0
Depends on vulnerable versions of postcss
node_modules/postcss-url
purgecss <=1.0.1 || 2.0.1-beta.0 - 3.0.0
Depends on vulnerable versions of postcss
node_modules/purgecss
stylehacks <=4.0.3
Depends on vulnerable versions of postcss
node_modules/stylehacks
prismjs <=1.26.0
Severity: high
prismjs Regular Expression Denial of Service vulnerability - https://github.com/advisories/GHSA-hqhp-5p83-hx96
Cross-site Scripting in Prism - https://github.com/advisories/GHSA-3949-f494-cm99
fix available via `npm audit fix`
node_modules/prismjs
pug <=3.0.2
Severity: moderate
Pug allows JavaScript code execution if an application accepts untrusted input - https://github.com/advisories/GHSA-3965-hpx2-q597
fix available via `npm audit fix`
node_modules/pug
qs 6.5.0 - 6.5.2 || 6.7.0 - 6.7.2 || 6.10.0 - 6.10.2
Severity: high
qs vulnerable to Prototype Pollution - https://github.com/advisories/GHSA-hrpp-h998-j3pp
qs vulnerable to Prototype Pollution - https://github.com/advisories/GHSA-hrpp-h998-j3pp
qs vulnerable to Prototype Pollution - https://github.com/advisories/GHSA-hrpp-h998-j3pp
fix available via `npm audit fix`
node_modules/body-parser/node_modules/qs
node_modules/express/node_modules/qs
node_modules/qs
node_modules/request/node_modules/qs
request *
Severity: moderate
Server-Side Request Forgery in Request - https://github.com/advisories/GHSA-p8p7-x288-28g6
Depends on vulnerable versions of tough-cookie
fix available via `npm audit fix`
node_modules/request
docsearch.js 2.6.0 - 2.6.3
Depends on vulnerable versions of request
node_modules/docsearch.js
semver <=5.7.1 || 6.0.0 - 6.3.0 || 7.0.0 - 7.5.1
Severity: high
semver vulnerable to Regular Expression Denial of Service - https://github.com/advisories/GHSA-c2qf-rxjj-qqgw
semver vulnerable to Regular Expression Denial of Service - https://github.com/advisories/GHSA-c2qf-rxjj-qqgw
semver vulnerable to Regular Expression Denial of Service - https://github.com/advisories/GHSA-c2qf-rxjj-qqgw
fix available via `npm audit fix`
node_modules/@babel/core/node_modules/semver
node_modules/@babel/eslint-parser/node_modules/semver
node_modules/@babel/helper-compilation-targets/node_modules/semver
node_modules/@babel/helper-define-polyfill-provider/node_modules/semver
node_modules/@babel/plugin-transform-runtime/node_modules/semver
node_modules/@babel/preset-env/node_modules/semver
node_modules/@vue/babel-preset-app/node_modules/semver
node_modules/@vuepress/core/node_modules/semver
node_modules/@vuepress/plugin-last-updated/node_modules/semver
node_modules/@vuepress/shared-utils/node_modules/semver
node_modules/algoliasearch/node_modules/semver
node_modules/babel-plugin-polyfill-corejs2/node_modules/semver
node_modules/copy-webpack-plugin/node_modules/semver
node_modules/core-js-compat/node_modules/semver
node_modules/default-gateway/node_modules/semver
node_modules/eslint-plugin-node/node_modules/semver
node_modules/eslint-plugin-vue/node_modules/semver
node_modules/hard-source-webpack-plugin/node_modules/semver
node_modules/make-dir/node_modules/semver
node_modules/markdown-eslint-parser/node_modules/cross-spawn/node_modules/semver
node_modules/markdown-eslint-parser/node_modules/semver
node_modules/normalize-package-data/node_modules/semver
node_modules/package-json/node_modules/semver
node_modules/sass-loader/node_modules/semver
node_modules/semver
node_modules/semver-diff/node_modules/semver
node_modules/stylus/node_modules/semver
node_modules/vue-eslint-parser/node_modules/semver
node_modules/webpack-dev-server/node_modules/semver
node_modules/webpack/node_modules/semver
core-js-compat 3.6.0 - 3.25.0
Depends on vulnerable versions of semver
node_modules/core-js-compat
semver-regex <=3.1.3
Severity: high
semver-regex Regular Expression Denial of Service (ReDOS) - https://github.com/advisories/GHSA-44c6-4v22-4mhx
Regular expression denial of service in semver-regex - https://github.com/advisories/GHSA-4x5v-gmq8-25ch
fix available via `npm audit fix`
node_modules/semver-regex
send <0.19.0
send vulnerable to template injection that can lead to XSS - https://github.com/advisories/GHSA-m6fv-jmcg-4jfg
fix available via `npm audit fix`
node_modules/send
serve-static <=1.16.0
Depends on vulnerable versions of send
node_modules/serve-static
shell-quote <=1.7.2
Severity: critical
Improper Neutralization of Special Elements used in a Command in Shell-quote - https://github.com/advisories/GHSA-g4rg-993r-mgx7
fix available via `npm audit fix`
node_modules/shell-quote
tar <6.2.1
Severity: moderate
Denial of service while parsing a tar file due to lack of folders count validation - https://github.com/advisories/GHSA-f5x3-32g6-xq36
fix available via `npm audit fix`
node_modules/tar
terser >=5.0.0 <5.14.2 || <4.8.1
Severity: high
Terser insecure use of regular expressions leads to ReDoS - https://github.com/advisories/GHSA-4wf5-vphf-c2xc
Terser insecure use of regular expressions leads to ReDoS - https://github.com/advisories/GHSA-4wf5-vphf-c2xc
fix available via `npm audit fix`
node_modules/terser
node_modules/terser-webpack-plugin/node_modules/terser
tough-cookie <4.1.3
Severity: moderate
tough-cookie Prototype Pollution vulnerability - https://github.com/advisories/GHSA-72xf-g2v4-qvf3
fix available via `npm audit fix`
node_modules/tough-cookie
trim <0.0.3
Severity: high
Regular Expression Denial of Service in trim - https://github.com/advisories/GHSA-w5p7-h5w8-2hfq
No fix available
node_modules/trim
remark-parse <=8.0.3
Depends on vulnerable versions of trim
node_modules/remark/node_modules/remark-parse
remark 5.0.0 - 12.0.1
Depends on vulnerable versions of remark-parse
node_modules/remark
eslint-plugin-md *
Depends on vulnerable versions of remark
node_modules/eslint-plugin-md
unified-message-control <=1.0.4
Depends on vulnerable versions of trim
node_modules/unified-message-control
remark-message-control 4.1.0 - 4.2.0
Depends on vulnerable versions of unified-message-control
node_modules/remark-message-control
ua-parser-js <0.7.33
Severity: high
ReDoS Vulnerability in ua-parser-js version - https://github.com/advisories/GHSA-fhg7-m89q-25r3
fix available via `npm audit fix`
node_modules/ua-parser-js
url-parse <=1.5.8
Severity: critical
Authorization bypass in url-parse - https://github.com/advisories/GHSA-rqff-837h-mm52
url-parse incorrectly parses hostname / protocol due to unstripped leading control characters. - https://github.com/advisories/GHSA-jf5r-8hm2-f872
url-parse Incorrectly parses URLs that include an '@' - https://github.com/advisories/GHSA-8v38-pw62-9cw2
Authorization Bypass Through User-Controlled Key in url-parse - https://github.com/advisories/GHSA-hgjh-723h-mx2j
fix available via `npm audit fix`
node_modules/url-parse
vue 2.0.0-alpha.1 - 2.7.16
ReDoS vulnerability in vue package that is exploitable through inefficient regex evaluation in the parseHTML function - https://github.com/advisories/GHSA-5j4c-8p2g-v4jx
fix available via `npm audit fix --force`
Will install [email protected], which is a breaking change
node_modules/vue
@nuxt/vue-app >=2.4.0
Depends on vulnerable versions of vue
Depends on vulnerable versions of vue-template-compiler
node_modules/@nuxt/vue-app
@nuxt/vue-renderer *
Depends on vulnerable versions of vue
Depends on vulnerable versions of vue-server-renderer
node_modules/@nuxt/vue-renderer
@vuepress/core <=1.9.10
Depends on vulnerable versions of @vuepress/markdown
Depends on vulnerable versions of @vuepress/markdown-loader
Depends on vulnerable versions of @vuepress/plugin-register-components
Depends on vulnerable versions of @vuepress/shared-utils
Depends on vulnerable versions of autoprefixer
Depends on vulnerable versions of chokidar
Depends on vulnerable versions of css-loader
Depends on vulnerable versions of optimize-css-assets-webpack-plugin
Depends on vulnerable versions of postcss-loader
Depends on vulnerable versions of postcss-safe-parser
Depends on vulnerable versions of vue
Depends on vulnerable versions of vue-loader
Depends on vulnerable versions of vue-server-renderer
Depends on vulnerable versions of vue-template-compiler
Depends on vulnerable versions of vuepress-html-webpack-plugin
Depends on vulnerable versions of webpack
node_modules/@vuepress/core
vue-template-compiler >=2.0.0
Severity: moderate
vue-template-compiler vulnerable to client-side Cross-Site Scripting (XSS) - https://github.com/advisories/GHSA-g3ch-rx76-35fx
fix available via `npm audit fix`
node_modules/vue-template-compiler
@nuxt/components >=1.2.1
Depends on vulnerable versions of vue-template-compiler
node_modules/@nuxt/components
vuetify 2.0.0-beta.4 - 2.6.9
Severity: moderate
Vuetify Cross-site Scripting vulnerability - https://github.com/advisories/GHSA-q4q5-c5cv-2p68
fix available via `npm audit fix`
node_modules/vuetify
webpack-dev-middleware <=5.3.3
Severity: high
Path traversal in webpack-dev-middleware - https://github.com/advisories/GHSA-wr3j-pwj9-hqq6
fix available via `npm audit fix`
node_modules/webpack-dev-middleware
node_modules/webpack-dev-server/node_modules/webpack-dev-middleware
word-wrap <1.2.4
Severity: moderate
word-wrap vulnerable to Regular Expression Denial of Service - https://github.com/advisories/GHSA-j8xg-fqg3-53r7
fix available via `npm audit fix`
node_modules/word-wrap
ws 6.0.0 - 6.2.2 || 7.0.0 - 7.5.9
Severity: high
ws affected by a DoS when handling a request with many HTTP headers - https://github.com/advisories/GHSA-3h5v-q93c-6h6q
ws affected by a DoS when handling a request with many HTTP headers - https://github.com/advisories/GHSA-3h5v-q93c-6h6q
fix available via `npm audit fix`
node_modules/webpack-dev-server/node_modules/ws
node_modules/ws
xml2js <0.5.0
Severity: moderate
xml2js is vulnerable to prototype pollution - https://github.com/advisories/GHSA-776f-qx25-q3cc
fix available via `npm audit fix`
node_modules/xml2js
@nuxt/content 1.4.0 - 1.15.1
Depends on vulnerable versions of xml2js
node_modules/@nuxt/content
195 vulnerabilities (9 low, 118 moderate, 54 high, 14 critical)
To address issues that do not require attention, run:
npm audit fix
To address all issues possible (including breaking changes), run:
npm audit fix --force
Some issues need review, and may require choosing
a different dependency.Changed filesChanged file:
|
Repo
Command resultsDetails:add path/home/runner/work/_actions/technote-space/create-pr-action/v2.0.3/node_modules/npm-check-updates/binncu -u --packageFile package.jsonUpgrading /home/runner/work/campus-website/campus-website/package.json
@nuxt/content ^2.13.4 → ^3.0.0
@nuxtjs/robots ^5.1.0 → ^5.2.0
@nuxtjs/sitemap ^7.0.1 → ^7.2.0
nuxt ^3.15.1 → ^3.15.2
@nuxtjs/tailwindcss ^6.12.2 → ^6.13.1
eslint-config-prettier ^9.1.0 → ^10.0.1
eslint-plugin-prettier ^5.2.1 → ^5.2.3
lint-staged ^15.3.0 → ^15.4.1
Run npm install to install new versions.npm installstderr:npm error code ERESOLVE
npm error ERESOLVE unable to resolve dependency tree
npm error
npm error While resolving: [email protected]
npm error Found: [email protected]
npm error node_modules/eslint
npm error dev eslint@"^9.18.0" from the root project
npm error
npm error Could not resolve dependency:
npm error peer eslint@"^8.23.0" from @nuxtjs/[email protected]
npm error node_modules/@nuxtjs/eslint-config
npm error dev @nuxtjs/eslint-config@"^12.0.0" from the root project
npm error
npm error Fix the upstream dependency conflict, or retry
npm error this command with --force or --legacy-peer-deps
npm error to accept an incorrect (and potentially broken) dependency resolution.
npm error
npm error
npm error For a full report see:
npm error /home/runner/.npm/_logs/2025-01-20T01_40_31_289Z-eresolve-report.txt
npm error A complete log of this run can be found in: /home/runner/.npm/_logs/2025-01-20T01_40_31_289Z-debug-0.lognpm upgradestderr:npm error code ERESOLVE
npm error ERESOLVE unable to resolve dependency tree
npm error
npm error While resolving: [email protected]
npm error Found: [email protected]
npm error node_modules/eslint
npm error dev eslint@"^9.18.0" from the root project
npm error
npm error Could not resolve dependency:
npm error peer eslint@"^8.23.0" from @nuxtjs/[email protected]
npm error node_modules/@nuxtjs/eslint-config
npm error dev @nuxtjs/eslint-config@"^12.0.0" from the root project
npm error
npm error Fix the upstream dependency conflict, or retry
npm error this command with --force or --legacy-peer-deps
npm error to accept an incorrect (and potentially broken) dependency resolution.
npm error
npm error
npm error For a full report see:
npm error /home/runner/.npm/_logs/2025-01-20T01_40_32_743Z-eresolve-report.txt
npm error A complete log of this run can be found in: /home/runner/.npm/_logs/2025-01-20T01_40_32_743Z-debug-0.lognpm audit# npm audit report
@babel/traverse <7.23.2
Severity: critical
Babel vulnerable to arbitrary code execution when compiling specifically crafted malicious code - https://github.com/advisories/GHSA-67hx-6x53-jw92
fix available via `npm audit fix`
node_modules/@babel/traverse
ansi-html <0.0.8
Severity: high
Uncontrolled Resource Consumption in ansi-html - https://github.com/advisories/GHSA-whgm-jr23-g3j9
fix available via `npm audit fix`
node_modules/ansi-html
webpack-dev-server <=4.7.2
Depends on vulnerable versions of ansi-html
Depends on vulnerable versions of chokidar
Depends on vulnerable versions of http-proxy-middleware
Depends on vulnerable versions of selfsigned
Depends on vulnerable versions of webpack-dev-middleware
node_modules/webpack-dev-server
webpack-hot-middleware 2.9.0 - 2.25.0
Depends on vulnerable versions of ansi-html
node_modules/webpack-hot-middleware
ansi-regex 3.0.0 || 4.0.0 - 4.1.0 || 5.0.0
Severity: high
Inefficient Regular Expression Complexity in chalk/ansi-regex - https://github.com/advisories/GHSA-93q8-gq69-wqmw
Inefficient Regular Expression Complexity in chalk/ansi-regex - https://github.com/advisories/GHSA-93q8-gq69-wqmw
Inefficient Regular Expression Complexity in chalk/ansi-regex - https://github.com/advisories/GHSA-93q8-gq69-wqmw
fix available via `npm audit fix`
node_modules/@nuxt/cli/node_modules/ansi-regex
node_modules/@vuepress/core/node_modules/ansi-regex
node_modules/ansi-align/node_modules/ansi-regex
node_modules/ansi-regex
node_modules/boxen/node_modules/ansi-regex
node_modules/cli-truncate/node_modules/ansi-regex
node_modules/cliui/node_modules/ansi-regex
node_modules/eslint/node_modules/ansi-regex
node_modules/inquirer/node_modules/ansi-regex
node_modules/listr2/node_modules/ansi-regex
node_modules/markdown-eslint-parser/node_modules/ansi-regex
node_modules/table/node_modules/ansi-regex
node_modules/update-notifier/node_modules/ansi-regex
node_modules/widest-line/node_modules/ansi-regex
node_modules/wrap-ansi/node_modules/ansi-regex
node_modules/yargs/node_modules/ansi-regex
async 2.0.0 - 2.6.3
Severity: high
Prototype Pollution in async - https://github.com/advisories/GHSA-fwr7-v2mv-hh25
fix available via `npm audit fix`
node_modules/async
body-parser <=1.20.2
Severity: high
body-parser vulnerable to denial of service when url encoding is enabled - https://github.com/advisories/GHSA-qwcr-r2fm-qrc7
Depends on vulnerable versions of qs
fix available via `npm audit fix`
node_modules/body-parser
express <=4.21.1 || 5.0.0-alpha.1 - 5.0.0
Depends on vulnerable versions of body-parser
Depends on vulnerable versions of cookie
Depends on vulnerable versions of path-to-regexp
Depends on vulnerable versions of qs
Depends on vulnerable versions of send
Depends on vulnerable versions of serve-static
node_modules/express
braces <3.0.3
Severity: high
Uncontrolled resource consumption in braces - https://github.com/advisories/GHSA-grv7-fg5c-xmjg
fix available via `npm audit fix`
node_modules/@vuepress/core/node_modules/braces
node_modules/braces
node_modules/micromatch/node_modules/braces
node_modules/watchpack-chokidar2/node_modules/braces
node_modules/webpack-dev-server/node_modules/braces
chokidar 1.3.0 - 2.1.8
Depends on vulnerable versions of anymatch
Depends on vulnerable versions of braces
Depends on vulnerable versions of readdirp
node_modules/@vuepress/core/node_modules/chokidar
node_modules/watchpack-chokidar2/node_modules/chokidar
node_modules/webpack-dev-server/node_modules/chokidar
watchpack-chokidar2 *
Depends on vulnerable versions of chokidar
node_modules/watchpack-chokidar2
watchpack 1.7.2 - 1.7.5
Depends on vulnerable versions of watchpack-chokidar2
node_modules/watchpack
webpack 4.0.0-alpha.0 - 5.0.0-rc.6
Depends on vulnerable versions of micromatch
Depends on vulnerable versions of watchpack
node_modules/webpack
@nuxt/webpack *
Depends on vulnerable versions of css-loader
Depends on vulnerable versions of cssnano
Depends on vulnerable versions of optimize-css-assets-webpack-plugin
Depends on vulnerable versions of postcss
Depends on vulnerable versions of postcss-import
Depends on vulnerable versions of postcss-loader
Depends on vulnerable versions of postcss-preset-env
Depends on vulnerable versions of postcss-url
Depends on vulnerable versions of vue-loader
Depends on vulnerable versions of vue-template-compiler
Depends on vulnerable versions of webpack
Depends on vulnerable versions of webpack-dev-middleware
node_modules/@nuxt/webpack
@nuxt/builder >=2.4.0
Depends on vulnerable versions of @nuxt/vue-app
Depends on vulnerable versions of @nuxt/webpack
node_modules/@nuxt/builder
nuxt <=3.12.3
Depends on vulnerable versions of @nuxt/builder
Depends on vulnerable versions of @nuxt/components
Depends on vulnerable versions of @nuxt/core
Depends on vulnerable versions of @nuxt/generator
Depends on vulnerable versions of @nuxt/server
Depends on vulnerable versions of @nuxt/vue-app
Depends on vulnerable versions of @nuxt/vue-renderer
Depends on vulnerable versions of @nuxt/webpack
node_modules/nuxt
micromatch <=4.0.7
Depends on vulnerable versions of braces
node_modules/fast-glob/node_modules/micromatch
node_modules/lint-staged/node_modules/micromatch
node_modules/micromatch
anymatch 1.2.0 - 2.0.0
Depends on vulnerable versions of micromatch
node_modules/@vuepress/core/node_modules/anymatch
node_modules/watchpack-chokidar2/node_modules/anymatch
node_modules/webpack-dev-server/node_modules/anymatch
fast-glob <=2.2.7
Depends on vulnerable versions of micromatch
node_modules/@vuepress/shared-utils/node_modules/fast-glob
globby 8.0.0 - 9.2.0
Depends on vulnerable versions of fast-glob
node_modules/@vuepress/shared-utils/node_modules/globby
@vuepress/shared-utils *
Depends on vulnerable versions of globby
node_modules/@vuepress/shared-utils
@vuepress/plugin-register-components <=1.9.10
Depends on vulnerable versions of @vuepress/shared-utils
node_modules/@vuepress/plugin-register-components
vuepress-plugin-container >=2.1.5
Depends on vulnerable versions of @vuepress/shared-utils
node_modules/vuepress-plugin-container
http-proxy-middleware <=2.0.7-beta.1
Depends on vulnerable versions of micromatch
node_modules/http-proxy-middleware
readdirp 2.2.0 - 2.2.1
Depends on vulnerable versions of micromatch
node_modules/@vuepress/core/node_modules/readdirp
node_modules/watchpack-chokidar2/node_modules/readdirp
node_modules/webpack-dev-server/node_modules/readdirp
browserify-sign 2.6.0 - 4.2.1
Severity: high
browserify-sign upper bound check issue in `dsaVerify` leads to a signature forgery attack - https://github.com/advisories/GHSA-x9w5-v3q2-3rhw
fix available via `npm audit fix`
node_modules/browserify-sign
cookie <0.7.0
cookie accepts cookie name, path, and domain with out of bounds characters - https://github.com/advisories/GHSA-pxg6-pf52-xh8x
fix available via `npm audit fix`
node_modules/cookie
node_modules/express/node_modules/cookie
@nuxtjs/youch *
Depends on vulnerable versions of cookie
node_modules/@nuxtjs/youch
@nuxt/server *
Depends on vulnerable versions of @nuxt/vue-renderer
Depends on vulnerable versions of @nuxtjs/youch
node_modules/@nuxt/server
@nuxt/core *
Depends on vulnerable versions of @nuxt/server
node_modules/@nuxt/core
cross-spawn <6.0.6 || >=7.0.0 <7.0.5
Severity: high
Regular Expression Denial of Service (ReDoS) in cross-spawn - https://github.com/advisories/GHSA-3xgq-45jj-v275
Regular Expression Denial of Service (ReDoS) in cross-spawn - https://github.com/advisories/GHSA-3xgq-45jj-v275
fix available via `npm audit fix`
node_modules/@vuepress/core/node_modules/cross-spawn
node_modules/@vuepress/plugin-last-updated/node_modules/cross-spawn
node_modules/cross-spawn
node_modules/default-gateway/node_modules/cross-spawn
node_modules/markdown-eslint-parser/node_modules/cross-spawn
node_modules/node-sass/node_modules/cross-spawn
node-sass 1.2.0 - 7.0.3
Depends on vulnerable versions of cross-spawn
Depends on vulnerable versions of request
node_modules/node-sass
decode-uri-component <0.2.1
Severity: high
decode-uri-component vulnerable to Denial of Service (DoS) - https://github.com/advisories/GHSA-w573-4hg7-7wgq
fix available via `npm audit fix`
node_modules/decode-uri-component
elliptic <=6.5.7
Elliptic's EDDSA missing signature length check - https://github.com/advisories/GHSA-f7q4-pwc6-w24p
Elliptic's ECDSA missing check for whether leading bit of r and s is zero - https://github.com/advisories/GHSA-977x-g7h5-7qgw
Elliptic allows BER-encoded signatures - https://github.com/advisories/GHSA-49q7-c7j4-3p7m
Valid ECDSA signatures erroneously rejected in Elliptic - https://github.com/advisories/GHSA-fc9h-whq2-v747
Elliptic's verify function omits uniqueness validation - https://github.com/advisories/GHSA-434g-2637-qmqr
fix available via `npm audit fix`
node_modules/elliptic
eventsource <1.1.1
Severity: critical
Exposure of Sensitive Information in eventsource - https://github.com/advisories/GHSA-6h5x-7c5m-7cr7
fix available via `npm audit fix`
node_modules/eventsource
follow-redirects <=1.15.5
Severity: high
Exposure of Sensitive Information to an Unauthorized Actor in follow-redirects - https://github.com/advisories/GHSA-pw2r-vq6v-hr8c
Exposure of sensitive information in follow-redirects - https://github.com/advisories/GHSA-74fj-2j2h-c42q
Follow Redirects improperly handles URLs in the url.parse() function - https://github.com/advisories/GHSA-jchw-25xp-jwwc
follow-redirects' Proxy-Authorization header kept across hosts - https://github.com/advisories/GHSA-cxjh-pqwp-8mfp
fix available via `npm audit fix`
node_modules/follow-redirects
got <11.8.5
Severity: moderate
Got allows a redirect to a UNIX socket - https://github.com/advisories/GHSA-pfrx-2q88-qq97
fix available via `npm audit fix --force`
Will install [email protected], which is a breaking change
node_modules/got
package-json <=6.5.0
Depends on vulnerable versions of got
node_modules/package-json
latest-version 0.2.0 - 5.1.0
Depends on vulnerable versions of package-json
node_modules/latest-version
update-notifier 0.2.0 - 5.1.0
Depends on vulnerable versions of latest-version
node_modules/update-notifier
vuepress 1.0.0-alpha.0 - 1.9.10
Depends on vulnerable versions of @vuepress/core
Depends on vulnerable versions of update-notifier
node_modules/vuepress
html-minifier *
Severity: high
kangax html-minifier REDoS vulnerability - https://github.com/advisories/GHSA-pfq8-rq6v-vf5m
fix available via `npm audit fix`
node_modules/html-minifier
node_modules/vuepress-html-webpack-plugin/node_modules/html-minifier
@nuxt/generator <=2.17.3
Depends on vulnerable versions of html-minifier
node_modules/@nuxt/generator
http-cache-semantics <4.1.1
Severity: high
http-cache-semantics vulnerable to Regular Expression Denial of Service - https://github.com/advisories/GHSA-rc47-6667-2j5j
fix available via `npm audit fix`
node_modules/http-cache-semantics
ip *
Severity: high
NPM IP package incorrectly identifies some private IP addresses as public - https://github.com/advisories/GHSA-78xj-cgh5-2h22
ip SSRF improper categorization in isPublic - https://github.com/advisories/GHSA-2p57-rm9w-gvfp
fix available via `npm audit fix`
node_modules/ip
json-schema <0.4.0
Severity: critical
json-schema is vulnerable to Prototype Pollution - https://github.com/advisories/GHSA-896r-f27r-55mw
fix available via `npm audit fix`
node_modules/json-schema
jsprim 0.3.0 - 1.4.1 || 2.0.0 - 2.0.1
Depends on vulnerable versions of json-schema
node_modules/jsprim
json5 <1.0.2 || >=2.0.0 <2.2.2
Severity: high
Prototype Pollution in JSON5 via Parse Method - https://github.com/advisories/GHSA-9c47-m6qq-7p4h
Prototype Pollution in JSON5 via Parse Method - https://github.com/advisories/GHSA-9c47-m6qq-7p4h
fix available via `npm audit fix`
node_modules/@vuepress/core/node_modules/json5
node_modules/@vuepress/markdown-loader/node_modules/json5
node_modules/babel-loader/node_modules/json5
node_modules/cache-loader/node_modules/json5
node_modules/copy-webpack-plugin/node_modules/json5
node_modules/html-webpack-plugin/node_modules/json5
node_modules/json5
node_modules/mini-css-extract-plugin/node_modules/json5
node_modules/postcss-loader/node_modules/json5
node_modules/pug-plain-loader/node_modules/json5
node_modules/sass-loader/node_modules/json5
node_modules/stylus-loader/node_modules/json5
node_modules/vue-loader/node_modules/json5
node_modules/vue-style-loader/node_modules/json5
node_modules/vuepress-html-webpack-plugin/node_modules/json5
node_modules/webpack/node_modules/json5
loader-utils <=1.4.1 || 2.0.0 - 2.0.3
Depends on vulnerable versions of json5
node_modules/@vuepress/core/node_modules/loader-utils
node_modules/@vuepress/markdown-loader/node_modules/loader-utils
node_modules/babel-loader/node_modules/loader-utils
node_modules/cache-loader/node_modules/loader-utils
node_modules/copy-webpack-plugin/node_modules/loader-utils
node_modules/html-webpack-plugin/node_modules/loader-utils
node_modules/loader-utils
node_modules/mini-css-extract-plugin/node_modules/loader-utils
node_modules/postcss-loader/node_modules/loader-utils
node_modules/pug-plain-loader/node_modules/loader-utils
node_modules/sass-loader/node_modules/loader-utils
node_modules/stylus-loader/node_modules/loader-utils
node_modules/vue-loader/node_modules/loader-utils
node_modules/vue-style-loader/node_modules/loader-utils
node_modules/vuepress-html-webpack-plugin/node_modules/loader-utils
node_modules/webpack/node_modules/loader-utils
vuepress-html-webpack-plugin *
Depends on vulnerable versions of html-minifier
Depends on vulnerable versions of loader-utils
node_modules/vuepress-html-webpack-plugin
lodash.template *
Severity: high
Command Injection in lodash - https://github.com/advisories/GHSA-35jh-r3h4-6jhm
fix available via `npm audit fix --force`
Will install @nuxtjs/[email protected], which is a breaking change
node_modules/lodash.template
@nuxtjs/pwa >=3.2.0
Depends on vulnerable versions of lodash.template
node_modules/@nuxtjs/pwa
vue-server-renderer >=2.3.0-beta.1
Depends on vulnerable versions of lodash.template
node_modules/vue-server-renderer
markdown-it <12.3.2
Severity: moderate
Uncontrolled Resource Consumption in markdown-it - https://github.com/advisories/GHSA-6vfc-qv3f-vr6c
fix available via `npm audit fix`
node_modules/markdown-it
@vuepress/markdown <=1.9.10
Depends on vulnerable versions of @vuepress/shared-utils
Depends on vulnerable versions of markdown-it
node_modules/@vuepress/markdown
@vuepress/markdown-loader *
Depends on vulnerable versions of @vuepress/markdown
node_modules/@vuepress/markdown-loader
minimatch <3.0.5
Severity: high
minimatch ReDoS vulnerability - https://github.com/advisories/GHSA-f8q6-p94x-37v3
fix available via `npm audit fix`
node_modules/minimatch
minimist 1.0.0 - 1.2.5
Severity: critical
Prototype Pollution in minimist - https://github.com/advisories/GHSA-xvch-5gv4-984h
fix available via `npm audit fix`
node_modules/minimist
nanoid <=3.3.7
Severity: moderate
Exposure of Sensitive Information to an Unauthorized Actor in nanoid - https://github.com/advisories/GHSA-qrpm-p2h7-hrv2
Predictable results in nanoid generation when given non-integer values - https://github.com/advisories/GHSA-mwcw-c2x4-8c55
fix available via `npm audit fix`
node_modules/nanoid
node-fetch <2.6.7
Severity: high
node-fetch forwards secure headers to untrusted sites - https://github.com/advisories/GHSA-r683-j2x4-v87g
fix available via `npm audit fix`
node_modules/node-fetch
node-forge <=1.2.1
Severity: high
Prototype Pollution in node-forge debug API. - https://github.com/advisories/GHSA-5rrq-pxf6-6jx5
URL parsing in node-forge could lead to undesired behavior. - https://github.com/advisories/GHSA-gf8q-jrpm-jvxq
Improper Verification of Cryptographic Signature in `node-forge` - https://github.com/advisories/GHSA-2r2c-g63r-vccr
Open Redirect in node-forge - https://github.com/advisories/GHSA-8fr3-hfg3-gpgp
Improper Verification of Cryptographic Signature in node-forge - https://github.com/advisories/GHSA-cfm4-qjh2-4765
Improper Verification of Cryptographic Signature in node-forge - https://github.com/advisories/GHSA-x4jg-mjrx-434g
fix available via `npm audit fix`
node_modules/node-forge
selfsigned 1.1.1 - 1.10.14
Depends on vulnerable versions of node-forge
node_modules/selfsigned
nth-check <2.0.1
Severity: high
Inefficient Regular Expression Complexity in nth-check - https://github.com/advisories/GHSA-rp65-9cf3-cjxr
fix available via `npm audit fix`
node_modules/node-html-parser/node_modules/nth-check
node_modules/nth-check
node_modules/renderkid/node_modules/nth-check
css-select <=3.1.0
Depends on vulnerable versions of nth-check
node_modules/css-select
svgo 1.0.0 - 1.3.2
Depends on vulnerable versions of css-select
node_modules/svgo
postcss-svgo <=5.0.0-rc.2
Depends on vulnerable versions of postcss
Depends on vulnerable versions of svgo
node_modules/postcss-svgo
parse-path <5.0.0
Severity: high
Authorization Bypass in parse-path - https://github.com/advisories/GHSA-3j8f-xvm3-ffx4
fix available via `npm audit fix`
node_modules/parse-path
parse-url <=8.0.0
Depends on vulnerable versions of parse-path
node_modules/parse-url
git-up <=6.0.0
Depends on vulnerable versions of parse-url
node_modules/git-up
git-url-parse 4.0.0 - 12.0.0
Depends on vulnerable versions of git-up
node_modules/git-url-parse
@nuxt/telemetry <=1.3.6 || 2.0.0 - 2.1.4
Depends on vulnerable versions of git-url-parse
node_modules/@nuxt/telemetry
path-to-regexp <=0.1.11
Severity: high
path-to-regexp outputs backtracking regular expressions - https://github.com/advisories/GHSA-9wv6-86v2-598j
Unpatched `path-to-regexp` ReDoS in 0.1.x - https://github.com/advisories/GHSA-rhx6-c78j-4q9w
fix available via `npm audit fix`
node_modules/path-to-regexp
postcss <=8.4.30
Severity: moderate
Regular Expression Denial of Service in postcss - https://github.com/advisories/GHSA-hwj9-h5mp-3pm3
Regular Expression Denial of Service in postcss - https://github.com/advisories/GHSA-566m-qj78-rww5
PostCSS line return parsing error - https://github.com/advisories/GHSA-7fh5-64p2-3v2j
fix available via `npm audit fix`
node_modules/@fullhuman/postcss-purgecss/node_modules/postcss
node_modules/postcss
node_modules/postcss-functions/node_modules/postcss
node_modules/purgecss/node_modules/postcss
@fullhuman/postcss-purgecss 2.0.3 - 3.0.0
Depends on vulnerable versions of postcss
Depends on vulnerable versions of purgecss
node_modules/@fullhuman/postcss-purgecss
tailwindcss 0.1.0 - 2.2.0-canary.16 || 4.0.0-alpha.1
Depends on vulnerable versions of @fullhuman/postcss-purgecss
Depends on vulnerable versions of autoprefixer
Depends on vulnerable versions of postcss
Depends on vulnerable versions of postcss-functions
Depends on vulnerable versions of postcss-js
Depends on vulnerable versions of postcss-nested
node_modules/tailwindcss
@nuxtjs/tailwindcss <=3.4.3
Depends on vulnerable versions of tailwindcss
node_modules/@nuxtjs/tailwindcss
@types/autoprefixer <=9.7.2
Depends on vulnerable versions of postcss
node_modules/@types/autoprefixer
@nuxt/types 0.5.0 - 2.16.0
Depends on vulnerable versions of @types/autoprefixer
node_modules/@nuxt/types
@vue/component-compiler-utils *
Depends on vulnerable versions of postcss
node_modules/@vue/component-compiler-utils
vue-loader 15.0.0-beta.1 - 15.11.1
Depends on vulnerable versions of @vue/component-compiler-utils
node_modules/vue-loader
autoprefixer 1.0.20131222 - 9.8.8
Depends on vulnerable versions of postcss
node_modules/autoprefixer
postcss-preset-env <=7.0.0
Depends on vulnerable versions of autoprefixer
Depends on vulnerable versions of css-blank-pseudo
Depends on vulnerable versions of css-has-pseudo
Depends on vulnerable versions of css-prefers-color-scheme
Depends on vulnerable versions of postcss
Depends on vulnerable versions of postcss-attribute-case-insensitive
Depends on vulnerable versions of postcss-color-functional-notation
Depends on vulnerable versions of postcss-color-gray
Depends on vulnerable versions of postcss-color-hex-alpha
Depends on vulnerable versions of postcss-color-mod-function
Depends on vulnerable versions of postcss-color-rebeccapurple
Depends on vulnerable versions of postcss-custom-media
Depends on vulnerable versions of postcss-custom-properties
Depends on vulnerable versions of postcss-custom-selectors
Depends on vulnerable versions of postcss-dir-pseudo-class
Depends on vulnerable versions of postcss-double-position-gradients
Depends on vulnerable versions of postcss-env-function
Depends on vulnerable versions of postcss-focus-visible
Depends on vulnerable versions of postcss-focus-within
Depends on vulnerable versions of postcss-font-variant
Depends on vulnerable versions of postcss-gap-properties
Depends on vulnerable versions of postcss-image-set-function
Depends on vulnerable versions of postcss-initial
Depends on vulnerable versions of postcss-lab-function
Depends on vulnerable versions of postcss-logical
Depends on vulnerable versions of postcss-media-minmax
Depends on vulnerable versions of postcss-nesting
Depends on vulnerable versions of postcss-overflow-shorthand
Depends on vulnerable versions of postcss-page-break
Depends on vulnerable versions of postcss-place
Depends on vulnerable versions of postcss-pseudo-class-any-link
Depends on vulnerable versions of postcss-replace-overflow-wrap
Depends on vulnerable versions of postcss-selector-matches
Depends on vulnerable versions of postcss-selector-not
node_modules/postcss-preset-env
css-blank-pseudo <=1.0.0
Depends on vulnerable versions of postcss
node_modules/css-blank-pseudo
css-declaration-sorter <=5.1.2
Depends on vulnerable versions of postcss
node_modules/css-declaration-sorter
css-has-pseudo <=1.0.0
Depends on vulnerable versions of postcss
node_modules/css-has-pseudo
css-loader 0.15.0 - 4.3.0
Depends on vulnerable versions of icss-utils
Depends on vulnerable versions of postcss
Depends on vulnerable versions of postcss-modules-extract-imports
Depends on vulnerable versions of postcss-modules-local-by-default
Depends on vulnerable versions of postcss-modules-scope
Depends on vulnerable versions of postcss-modules-values
node_modules/@vuepress/core/node_modules/css-loader
node_modules/css-loader
css-prefers-color-scheme <=4.0.0
Depends on vulnerable versions of postcss
node_modules/css-prefers-color-scheme
vuepress-theme-default-prefers-color-scheme 1.0.1 - 1.1.2
Depends on vulnerable versions of css-prefers-color-scheme
node_modules/vuepress-theme-default-prefers-color-scheme
cssnano <=4.1.11
Depends on vulnerable versions of cssnano-preset-default
Depends on vulnerable versions of postcss
node_modules/cssnano
optimize-css-assets-webpack-plugin <=1.3.2 || 3.0.0 - 5.0.8
Depends on vulnerable versions of cssnano
node_modules/optimize-css-assets-webpack-plugin
cssnano-preset-default <=4.0.8
Depends on vulnerable versions of css-declaration-sorter
Depends on vulnerable versions of cssnano-util-raw-cache
Depends on vulnerable versions of postcss
Depends on vulnerable versions of postcss-calc
Depends on vulnerable versions of postcss-colormin
Depends on vulnerable versions of postcss-convert-values
Depends on vulnerable versions of postcss-discard-comments
Depends on vulnerable versions of postcss-discard-duplicates
Depends on vulnerable versions of postcss-discard-empty
Depends on vulnerable versions of postcss-discard-overridden
Depends on vulnerable versions of postcss-merge-longhand
Depends on vulnerable versions of postcss-merge-rules
Depends on vulnerable versions of postcss-minify-font-values
Depends on vulnerable versions of postcss-minify-gradients
Depends on vulnerable versions of postcss-minify-params
Depends on vulnerable versions of postcss-minify-selectors
Depends on vulnerable versions of postcss-normalize-charset
Depends on vulnerable versions of postcss-normalize-display-values
Depends on vulnerable versions of postcss-normalize-positions
Depends on vulnerable versions of postcss-normalize-repeat-style
Depends on vulnerable versions of postcss-normalize-string
Depends on vulnerable versions of postcss-normalize-timing-functions
Depends on vulnerable versions of postcss-normalize-unicode
Depends on vulnerable versions of postcss-normalize-url
Depends on vulnerable versions of postcss-normalize-whitespace
Depends on vulnerable versions of postcss-ordered-values
Depends on vulnerable versions of postcss-reduce-initial
Depends on vulnerable versions of postcss-reduce-transforms
Depends on vulnerable versions of postcss-svgo
Depends on vulnerable versions of postcss-unique-selectors
node_modules/cssnano-preset-default
cssnano-util-raw-cache *
Depends on vulnerable versions of postcss
node_modules/cssnano-util-raw-cache
icss-utils <=4.1.1
Depends on vulnerable versions of postcss
node_modules/icss-utils
postcss-modules-local-by-default <=4.0.0-rc.4
Depends on vulnerable versions of icss-utils
Depends on vulnerable versions of postcss
node_modules/@vuepress/core/node_modules/postcss-modules-local-by-default
node_modules/postcss-modules-local-by-default
postcss-modules-values <=4.0.0-rc.5
Depends on vulnerable versions of icss-utils
Depends on vulnerable versions of postcss
node_modules/@vuepress/core/node_modules/postcss-modules-values
node_modules/postcss-modules-values
postcss-attribute-case-insensitive <=4.0.2
Depends on vulnerable versions of postcss
node_modules/postcss-attribute-case-insensitive
postcss-calc 4.1.0 - 7.0.5
Depends on vulnerable versions of postcss
node_modules/postcss-calc
postcss-color-functional-notation <=3.0.2
Depends on vulnerable versions of postcss
node_modules/postcss-color-functional-notation
postcss-color-gray >=3.0.0
Depends on vulnerable versions of postcss
node_modules/postcss-color-gray
postcss-color-hex-alpha 1.3.0 - 6.0.0
Depends on vulnerable versions of postcss
node_modules/postcss-color-hex-alpha
postcss-color-mod-function <=3.0.3
Depends on vulnerable versions of postcss
node_modules/postcss-color-mod-function
postcss-color-rebeccapurple 1.2.0 - 6.0.0
Depends on vulnerable versions of postcss
node_modules/postcss-color-rebeccapurple
postcss-colormin <=4.0.3
Depends on vulnerable versions of postcss
node_modules/postcss-colormin
postcss-convert-values <=4.0.1
Depends on vulnerable versions of postcss
node_modules/postcss-convert-values
postcss-custom-media 4.0.0 - 7.0.8
Depends on vulnerable versions of postcss
node_modules/postcss-custom-media
postcss-custom-properties 3.3.0 - 10.0.0
Depends on vulnerable versions of postcss
node_modules/postcss-custom-properties
postcss-custom-selectors 2.3.0 - 5.1.2
Depends on vulnerable versions of postcss
node_modules/postcss-custom-selectors
postcss-dir-pseudo-class <=5.0.0
Depends on vulnerable versions of postcss
node_modules/postcss-dir-pseudo-class
postcss-discard-comments <=4.0.2
Depends on vulnerable versions of postcss
node_modules/postcss-discard-comments
postcss-discard-duplicates 1.1.0 - 4.0.2
Depends on vulnerable versions of postcss
node_modules/postcss-discard-duplicates
postcss-discard-empty 1.1.0 - 4.0.1
Depends on vulnerable versions of postcss
node_modules/postcss-discard-empty
postcss-discard-overridden <=4.0.1
Depends on vulnerable versions of postcss
node_modules/postcss-discard-overridden
postcss-double-position-gradients <=2.0.0
Depends on vulnerable versions of postcss
node_modules/postcss-double-position-gradients
postcss-env-function <=3.0.0
Depends on vulnerable versions of postcss
node_modules/postcss-env-function
postcss-focus-visible <=5.0.0
Depends on vulnerable versions of postcss
node_modules/postcss-focus-visible
postcss-focus-within <=4.0.0
Depends on vulnerable versions of postcss
node_modules/postcss-focus-within
postcss-font-variant 1.2.0 - 4.0.1
Depends on vulnerable versions of postcss
node_modules/postcss-font-variant
postcss-functions <=3.0.0
Depends on vulnerable versions of postcss
node_modules/postcss-functions
postcss-gap-properties <=2.0.0
Depends on vulnerable versions of postcss
node_modules/postcss-gap-properties
postcss-image-set-function <=3.0.1
Depends on vulnerable versions of postcss
node_modules/postcss-image-set-function
postcss-import <=12.0.1
Depends on vulnerable versions of postcss
node_modules/postcss-import
postcss-initial <=3.0.4
Depends on vulnerable versions of postcss
node_modules/postcss-initial
postcss-js <=2.0.3
Depends on vulnerable versions of postcss
node_modules/postcss-js
postcss-lab-function <=3.1.2
Depends on vulnerable versions of postcss
node_modules/postcss-lab-function
postcss-loader <=4.0.1
Depends on vulnerable versions of postcss
node_modules/postcss-loader
postcss-logical <=4.0.2
Depends on vulnerable versions of postcss
node_modules/postcss-logical
postcss-media-minmax 1.2.0 - 4.0.0
Depends on vulnerable versions of postcss
node_modules/postcss-media-minmax
postcss-merge-longhand <=4.0.11
Depends on vulnerable versions of postcss
Depends on vulnerable versions of stylehacks
node_modules/postcss-merge-longhand
postcss-merge-rules <=4.0.3
Depends on vulnerable versions of postcss
node_modules/postcss-merge-rules
postcss-minify-font-values <=4.0.2
Depends on vulnerable versions of postcss
node_modules/postcss-minify-font-values
postcss-minify-gradients <=4.0.2
Depends on vulnerable versions of postcss
node_modules/postcss-minify-gradients
postcss-minify-params <=4.0.2
Depends on vulnerable versions of postcss
node_modules/postcss-minify-params
postcss-minify-selectors <=4.0.2
Depends on vulnerable versions of postcss
node_modules/postcss-minify-selectors
postcss-modules-extract-imports <=2.0.0
Depends on vulnerable versions of postcss
node_modules/postcss-modules-extract-imports
postcss-modules-scope <=2.2.0
Depends on vulnerable versions of postcss
node_modules/postcss-modules-scope
postcss-nested <=4.2.3
Depends on vulnerable versions of postcss
node_modules/postcss-nested
postcss-nesting <=7.0.1
Depends on vulnerable versions of postcss
node_modules/postcss-nesting
postcss-normalize-charset <=4.0.1
Depends on vulnerable versions of postcss
node_modules/postcss-normalize-charset
postcss-normalize-display-values <=4.0.2
Depends on vulnerable versions of postcss
node_modules/postcss-normalize-display-values
postcss-normalize-positions <=4.0.2
Depends on vulnerable versions of postcss
node_modules/postcss-normalize-positions
postcss-normalize-repeat-style <=4.0.2
Depends on vulnerable versions of postcss
node_modules/postcss-normalize-repeat-style
postcss-normalize-string <=4.0.2
Depends on vulnerable versions of postcss
node_modules/postcss-normalize-string
postcss-normalize-timing-functions <=4.0.2
Depends on vulnerable versions of postcss
node_modules/postcss-normalize-timing-functions
postcss-normalize-unicode <=4.0.1
Depends on vulnerable versions of postcss
node_modules/postcss-normalize-unicode
postcss-normalize-url 1.1.0 - 4.0.1
Depends on vulnerable versions of postcss
node_modules/postcss-normalize-url
postcss-normalize-whitespace <=4.0.2
Depends on vulnerable versions of postcss
node_modules/postcss-normalize-whitespace
postcss-ordered-values <=4.1.2
Depends on vulnerable versions of postcss
node_modules/postcss-ordered-values
postcss-overflow-shorthand <=2.0.0
Depends on vulnerable versions of postcss
node_modules/postcss-overflow-shorthand
postcss-page-break <=2.0.0
Depends on vulnerable versions of postcss
node_modules/postcss-page-break
postcss-place <=5.0.0
Depends on vulnerable versions of postcss
node_modules/postcss-place
postcss-pseudo-class-any-link <=6.0.0
Depends on vulnerable versions of postcss
node_modules/postcss-pseudo-class-any-link
postcss-reduce-initial <=4.0.3
Depends on vulnerable versions of postcss
node_modules/postcss-reduce-initial
postcss-reduce-transforms <=4.0.2
Depends on vulnerable versions of postcss
node_modules/postcss-reduce-transforms
postcss-replace-overflow-wrap <=3.0.0
Depends on vulnerable versions of postcss
node_modules/postcss-replace-overflow-wrap
postcss-safe-parser <=4.0.2
Depends on vulnerable versions of postcss
node_modules/postcss-safe-parser
postcss-selector-matches *
Depends on vulnerable versions of postcss
node_modules/postcss-selector-matches
postcss-selector-not <=4.0.1
Depends on vulnerable versions of postcss
node_modules/postcss-selector-not
postcss-unique-selectors <=4.0.1
Depends on vulnerable versions of postcss
node_modules/postcss-unique-selectors
postcss-url 3.3.0 - 10.0.0
Depends on vulnerable versions of postcss
node_modules/postcss-url
purgecss <=1.0.1 || 2.0.1-beta.0 - 3.0.0
Depends on vulnerable versions of postcss
node_modules/purgecss
stylehacks <=4.0.3
Depends on vulnerable versions of postcss
node_modules/stylehacks
prismjs <=1.26.0
Severity: high
prismjs Regular Expression Denial of Service vulnerability - https://github.com/advisories/GHSA-hqhp-5p83-hx96
Cross-site Scripting in Prism - https://github.com/advisories/GHSA-3949-f494-cm99
fix available via `npm audit fix`
node_modules/prismjs
pug <=3.0.2
Severity: moderate
Pug allows JavaScript code execution if an application accepts untrusted input - https://github.com/advisories/GHSA-3965-hpx2-q597
fix available via `npm audit fix`
node_modules/pug
qs 6.5.0 - 6.5.2 || 6.7.0 - 6.7.2 || 6.10.0 - 6.10.2
Severity: high
qs vulnerable to Prototype Pollution - https://github.com/advisories/GHSA-hrpp-h998-j3pp
qs vulnerable to Prototype Pollution - https://github.com/advisories/GHSA-hrpp-h998-j3pp
qs vulnerable to Prototype Pollution - https://github.com/advisories/GHSA-hrpp-h998-j3pp
fix available via `npm audit fix`
node_modules/body-parser/node_modules/qs
node_modules/express/node_modules/qs
node_modules/qs
node_modules/request/node_modules/qs
request *
Severity: moderate
Server-Side Request Forgery in Request - https://github.com/advisories/GHSA-p8p7-x288-28g6
Depends on vulnerable versions of tough-cookie
fix available via `npm audit fix`
node_modules/request
docsearch.js 2.6.0 - 2.6.3
Depends on vulnerable versions of request
node_modules/docsearch.js
semver <=5.7.1 || 6.0.0 - 6.3.0 || 7.0.0 - 7.5.1
Severity: high
semver vulnerable to Regular Expression Denial of Service - https://github.com/advisories/GHSA-c2qf-rxjj-qqgw
semver vulnerable to Regular Expression Denial of Service - https://github.com/advisories/GHSA-c2qf-rxjj-qqgw
semver vulnerable to Regular Expression Denial of Service - https://github.com/advisories/GHSA-c2qf-rxjj-qqgw
fix available via `npm audit fix`
node_modules/@babel/core/node_modules/semver
node_modules/@babel/eslint-parser/node_modules/semver
node_modules/@babel/helper-compilation-targets/node_modules/semver
node_modules/@babel/helper-define-polyfill-provider/node_modules/semver
node_modules/@babel/plugin-transform-runtime/node_modules/semver
node_modules/@babel/preset-env/node_modules/semver
node_modules/@vue/babel-preset-app/node_modules/semver
node_modules/@vuepress/core/node_modules/semver
node_modules/@vuepress/plugin-last-updated/node_modules/semver
node_modules/@vuepress/shared-utils/node_modules/semver
node_modules/algoliasearch/node_modules/semver
node_modules/babel-plugin-polyfill-corejs2/node_modules/semver
node_modules/copy-webpack-plugin/node_modules/semver
node_modules/core-js-compat/node_modules/semver
node_modules/default-gateway/node_modules/semver
node_modules/eslint-plugin-node/node_modules/semver
node_modules/eslint-plugin-vue/node_modules/semver
node_modules/hard-source-webpack-plugin/node_modules/semver
node_modules/make-dir/node_modules/semver
node_modules/markdown-eslint-parser/node_modules/cross-spawn/node_modules/semver
node_modules/markdown-eslint-parser/node_modules/semver
node_modules/normalize-package-data/node_modules/semver
node_modules/package-json/node_modules/semver
node_modules/sass-loader/node_modules/semver
node_modules/semver
node_modules/semver-diff/node_modules/semver
node_modules/stylus/node_modules/semver
node_modules/vue-eslint-parser/node_modules/semver
node_modules/webpack-dev-server/node_modules/semver
node_modules/webpack/node_modules/semver
core-js-compat 3.6.0 - 3.25.0
Depends on vulnerable versions of semver
node_modules/core-js-compat
semver-regex <=3.1.3
Severity: high
semver-regex Regular Expression Denial of Service (ReDOS) - https://github.com/advisories/GHSA-44c6-4v22-4mhx
Regular expression denial of service in semver-regex - https://github.com/advisories/GHSA-4x5v-gmq8-25ch
fix available via `npm audit fix`
node_modules/semver-regex
send <0.19.0
send vulnerable to template injection that can lead to XSS - https://github.com/advisories/GHSA-m6fv-jmcg-4jfg
fix available via `npm audit fix`
node_modules/send
serve-static <=1.16.0
Depends on vulnerable versions of send
node_modules/serve-static
shell-quote <=1.7.2
Severity: critical
Improper Neutralization of Special Elements used in a Command in Shell-quote - https://github.com/advisories/GHSA-g4rg-993r-mgx7
fix available via `npm audit fix`
node_modules/shell-quote
tar <6.2.1
Severity: moderate
Denial of service while parsing a tar file due to lack of folders count validation - https://github.com/advisories/GHSA-f5x3-32g6-xq36
fix available via `npm audit fix`
node_modules/tar
terser >=5.0.0 <5.14.2 || <4.8.1
Severity: high
Terser insecure use of regular expressions leads to ReDoS - https://github.com/advisories/GHSA-4wf5-vphf-c2xc
Terser insecure use of regular expressions leads to ReDoS - https://github.com/advisories/GHSA-4wf5-vphf-c2xc
fix available via `npm audit fix`
node_modules/terser
node_modules/terser-webpack-plugin/node_modules/terser
tough-cookie <4.1.3
Severity: moderate
tough-cookie Prototype Pollution vulnerability - https://github.com/advisories/GHSA-72xf-g2v4-qvf3
fix available via `npm audit fix`
node_modules/tough-cookie
trim <0.0.3
Severity: high
Regular Expression Denial of Service in trim - https://github.com/advisories/GHSA-w5p7-h5w8-2hfq
No fix available
node_modules/trim
remark-parse <=8.0.3
Depends on vulnerable versions of trim
node_modules/remark/node_modules/remark-parse
remark 5.0.0 - 12.0.1
Depends on vulnerable versions of remark-parse
node_modules/remark
eslint-plugin-md *
Depends on vulnerable versions of remark
node_modules/eslint-plugin-md
unified-message-control <=1.0.4
Depends on vulnerable versions of trim
node_modules/unified-message-control
remark-message-control 4.1.0 - 4.2.0
Depends on vulnerable versions of unified-message-control
node_modules/remark-message-control
ua-parser-js <0.7.33
Severity: high
ReDoS Vulnerability in ua-parser-js version - https://github.com/advisories/GHSA-fhg7-m89q-25r3
fix available via `npm audit fix`
node_modules/ua-parser-js
url-parse <=1.5.8
Severity: critical
Authorization bypass in url-parse - https://github.com/advisories/GHSA-rqff-837h-mm52
url-parse incorrectly parses hostname / protocol due to unstripped leading control characters. - https://github.com/advisories/GHSA-jf5r-8hm2-f872
url-parse Incorrectly parses URLs that include an '@' - https://github.com/advisories/GHSA-8v38-pw62-9cw2
Authorization Bypass Through User-Controlled Key in url-parse - https://github.com/advisories/GHSA-hgjh-723h-mx2j
fix available via `npm audit fix`
node_modules/url-parse
vue 2.0.0-alpha.1 - 2.7.16
ReDoS vulnerability in vue package that is exploitable through inefficient regex evaluation in the parseHTML function - https://github.com/advisories/GHSA-5j4c-8p2g-v4jx
fix available via `npm audit fix --force`
Will install [email protected], which is a breaking change
node_modules/vue
@nuxt/vue-app >=2.4.0
Depends on vulnerable versions of vue
Depends on vulnerable versions of vue-template-compiler
node_modules/@nuxt/vue-app
@nuxt/vue-renderer *
Depends on vulnerable versions of vue
Depends on vulnerable versions of vue-server-renderer
node_modules/@nuxt/vue-renderer
@vuepress/core <=1.9.10
Depends on vulnerable versions of @vuepress/markdown
Depends on vulnerable versions of @vuepress/markdown-loader
Depends on vulnerable versions of @vuepress/plugin-register-components
Depends on vulnerable versions of @vuepress/shared-utils
Depends on vulnerable versions of autoprefixer
Depends on vulnerable versions of chokidar
Depends on vulnerable versions of css-loader
Depends on vulnerable versions of optimize-css-assets-webpack-plugin
Depends on vulnerable versions of postcss-loader
Depends on vulnerable versions of postcss-safe-parser
Depends on vulnerable versions of vue
Depends on vulnerable versions of vue-loader
Depends on vulnerable versions of vue-server-renderer
Depends on vulnerable versions of vue-template-compiler
Depends on vulnerable versions of vuepress-html-webpack-plugin
Depends on vulnerable versions of webpack
node_modules/@vuepress/core
vue-template-compiler >=2.0.0
Severity: moderate
vue-template-compiler vulnerable to client-side Cross-Site Scripting (XSS) - https://github.com/advisories/GHSA-g3ch-rx76-35fx
fix available via `npm audit fix`
node_modules/vue-template-compiler
@nuxt/components >=1.2.1
Depends on vulnerable versions of vue-template-compiler
node_modules/@nuxt/components
vuetify 2.0.0-beta.4 - 2.6.9
Severity: moderate
Vuetify Cross-site Scripting vulnerability - https://github.com/advisories/GHSA-q4q5-c5cv-2p68
fix available via `npm audit fix`
node_modules/vuetify
webpack-dev-middleware <=5.3.3
Severity: high
Path traversal in webpack-dev-middleware - https://github.com/advisories/GHSA-wr3j-pwj9-hqq6
fix available via `npm audit fix`
node_modules/webpack-dev-middleware
node_modules/webpack-dev-server/node_modules/webpack-dev-middleware
word-wrap <1.2.4
Severity: moderate
word-wrap vulnerable to Regular Expression Denial of Service - https://github.com/advisories/GHSA-j8xg-fqg3-53r7
fix available via `npm audit fix`
node_modules/word-wrap
ws 6.0.0 - 6.2.2 || 7.0.0 - 7.5.9
Severity: high
ws affected by a DoS when handling a request with many HTTP headers - https://github.com/advisories/GHSA-3h5v-q93c-6h6q
ws affected by a DoS when handling a request with many HTTP headers - https://github.com/advisories/GHSA-3h5v-q93c-6h6q
fix available via `npm audit fix`
node_modules/webpack-dev-server/node_modules/ws
node_modules/ws
xml2js <0.5.0
Severity: moderate
xml2js is vulnerable to prototype pollution - https://github.com/advisories/GHSA-776f-qx25-q3cc
fix available via `npm audit fix`
node_modules/xml2js
@nuxt/content 1.4.0 - 1.15.1
Depends on vulnerable versions of xml2js
node_modules/@nuxt/content
195 vulnerabilities (9 low, 118 moderate, 54 high, 14 critical)
To address issues that do not require attention, run:
npm audit fix
To address all issues possible (including breaking changes), run:
npm audit fix --force
Some issues need review, and may require choosing
a different dependency.Changed filesChanged file:
|
…on/chore-npm-update-2263489212
Command resultsDetails:add path/home/runner/work/_actions/technote-space/create-pr-action/v2.0.3/node_modules/npm-check-updates/binncu -u --packageFile package.jsonUpgrading /home/runner/work/campus-website/campus-website/package.json
@nuxtjs/robots ^5.2.0 → ^5.2.2
@nuxtjs/sitemap ^7.2.0 → ^7.2.3
lint-staged ^15.4.1 → ^15.4.2
Run npm install to install new versions.npm installstderr:npm error code ERESOLVE
npm error ERESOLVE unable to resolve dependency tree
npm error
npm error While resolving: [email protected]
npm error Found: [email protected]
npm error node_modules/eslint
npm error dev eslint@"^9.18.0" from the root project
npm error
npm error Could not resolve dependency:
npm error peer eslint@"^8.23.0" from @nuxtjs/[email protected]
npm error node_modules/@nuxtjs/eslint-config
npm error dev @nuxtjs/eslint-config@"^12.0.0" from the root project
npm error
npm error Fix the upstream dependency conflict, or retry
npm error this command with --force or --legacy-peer-deps
npm error to accept an incorrect (and potentially broken) dependency resolution.
npm error
npm error
npm error For a full report see:
npm error /home/runner/.npm/_logs/2025-01-24T13_33_01_231Z-eresolve-report.txt
npm error A complete log of this run can be found in: /home/runner/.npm/_logs/2025-01-24T13_33_01_231Z-debug-0.lognpm upgradestderr:npm error code ERESOLVE
npm error ERESOLVE unable to resolve dependency tree
npm error
npm error While resolving: [email protected]
npm error Found: [email protected]
npm error node_modules/eslint
npm error dev eslint@"^9.18.0" from the root project
npm error
npm error Could not resolve dependency:
npm error peer eslint@"^8.23.0" from @nuxtjs/[email protected]
npm error node_modules/@nuxtjs/eslint-config
npm error dev @nuxtjs/eslint-config@"^12.0.0" from the root project
npm error
npm error Fix the upstream dependency conflict, or retry
npm error this command with --force or --legacy-peer-deps
npm error to accept an incorrect (and potentially broken) dependency resolution.
npm error
npm error
npm error For a full report see:
npm error /home/runner/.npm/_logs/2025-01-24T13_33_04_885Z-eresolve-report.txt
npm error A complete log of this run can be found in: /home/runner/.npm/_logs/2025-01-24T13_33_04_885Z-debug-0.lognpm audit# npm audit report
@babel/traverse <7.23.2
Severity: critical
Babel vulnerable to arbitrary code execution when compiling specifically crafted malicious code - https://github.com/advisories/GHSA-67hx-6x53-jw92
fix available via `npm audit fix`
node_modules/@babel/traverse
ansi-html <0.0.8
Severity: high
Uncontrolled Resource Consumption in ansi-html - https://github.com/advisories/GHSA-whgm-jr23-g3j9
fix available via `npm audit fix`
node_modules/ansi-html
webpack-dev-server <=4.7.2
Depends on vulnerable versions of ansi-html
Depends on vulnerable versions of chokidar
Depends on vulnerable versions of http-proxy-middleware
Depends on vulnerable versions of selfsigned
Depends on vulnerable versions of webpack-dev-middleware
node_modules/webpack-dev-server
webpack-hot-middleware 2.9.0 - 2.25.0
Depends on vulnerable versions of ansi-html
node_modules/webpack-hot-middleware
ansi-regex 3.0.0 || 4.0.0 - 4.1.0 || 5.0.0
Severity: high
Inefficient Regular Expression Complexity in chalk/ansi-regex - https://github.com/advisories/GHSA-93q8-gq69-wqmw
Inefficient Regular Expression Complexity in chalk/ansi-regex - https://github.com/advisories/GHSA-93q8-gq69-wqmw
Inefficient Regular Expression Complexity in chalk/ansi-regex - https://github.com/advisories/GHSA-93q8-gq69-wqmw
fix available via `npm audit fix`
node_modules/@nuxt/cli/node_modules/ansi-regex
node_modules/@vuepress/core/node_modules/ansi-regex
node_modules/ansi-align/node_modules/ansi-regex
node_modules/ansi-regex
node_modules/boxen/node_modules/ansi-regex
node_modules/cli-truncate/node_modules/ansi-regex
node_modules/cliui/node_modules/ansi-regex
node_modules/eslint/node_modules/ansi-regex
node_modules/inquirer/node_modules/ansi-regex
node_modules/listr2/node_modules/ansi-regex
node_modules/markdown-eslint-parser/node_modules/ansi-regex
node_modules/table/node_modules/ansi-regex
node_modules/update-notifier/node_modules/ansi-regex
node_modules/widest-line/node_modules/ansi-regex
node_modules/wrap-ansi/node_modules/ansi-regex
node_modules/yargs/node_modules/ansi-regex
async 2.0.0 - 2.6.3
Severity: high
Prototype Pollution in async - https://github.com/advisories/GHSA-fwr7-v2mv-hh25
fix available via `npm audit fix`
node_modules/async
body-parser <=1.20.2
Severity: high
body-parser vulnerable to denial of service when url encoding is enabled - https://github.com/advisories/GHSA-qwcr-r2fm-qrc7
Depends on vulnerable versions of qs
fix available via `npm audit fix`
node_modules/body-parser
express <=4.21.1 || 5.0.0-alpha.1 - 5.0.0
Depends on vulnerable versions of body-parser
Depends on vulnerable versions of cookie
Depends on vulnerable versions of path-to-regexp
Depends on vulnerable versions of qs
Depends on vulnerable versions of send
Depends on vulnerable versions of serve-static
node_modules/express
braces <3.0.3
Severity: high
Uncontrolled resource consumption in braces - https://github.com/advisories/GHSA-grv7-fg5c-xmjg
fix available via `npm audit fix`
node_modules/@vuepress/core/node_modules/braces
node_modules/braces
node_modules/micromatch/node_modules/braces
node_modules/watchpack-chokidar2/node_modules/braces
node_modules/webpack-dev-server/node_modules/braces
chokidar 1.3.0 - 2.1.8
Depends on vulnerable versions of anymatch
Depends on vulnerable versions of braces
Depends on vulnerable versions of readdirp
node_modules/@vuepress/core/node_modules/chokidar
node_modules/watchpack-chokidar2/node_modules/chokidar
node_modules/webpack-dev-server/node_modules/chokidar
watchpack-chokidar2 *
Depends on vulnerable versions of chokidar
node_modules/watchpack-chokidar2
watchpack 1.7.2 - 1.7.5
Depends on vulnerable versions of watchpack-chokidar2
node_modules/watchpack
webpack 4.0.0-alpha.0 - 5.0.0-rc.6
Depends on vulnerable versions of micromatch
Depends on vulnerable versions of watchpack
node_modules/webpack
@nuxt/webpack *
Depends on vulnerable versions of css-loader
Depends on vulnerable versions of cssnano
Depends on vulnerable versions of optimize-css-assets-webpack-plugin
Depends on vulnerable versions of postcss
Depends on vulnerable versions of postcss-import
Depends on vulnerable versions of postcss-loader
Depends on vulnerable versions of postcss-preset-env
Depends on vulnerable versions of postcss-url
Depends on vulnerable versions of vue-loader
Depends on vulnerable versions of vue-template-compiler
Depends on vulnerable versions of webpack
Depends on vulnerable versions of webpack-dev-middleware
node_modules/@nuxt/webpack
@nuxt/builder >=2.4.0
Depends on vulnerable versions of @nuxt/vue-app
Depends on vulnerable versions of @nuxt/webpack
node_modules/@nuxt/builder
nuxt <=3.12.3
Depends on vulnerable versions of @nuxt/builder
Depends on vulnerable versions of @nuxt/components
Depends on vulnerable versions of @nuxt/core
Depends on vulnerable versions of @nuxt/generator
Depends on vulnerable versions of @nuxt/server
Depends on vulnerable versions of @nuxt/vue-app
Depends on vulnerable versions of @nuxt/vue-renderer
Depends on vulnerable versions of @nuxt/webpack
node_modules/nuxt
micromatch <=4.0.7
Depends on vulnerable versions of braces
node_modules/fast-glob/node_modules/micromatch
node_modules/lint-staged/node_modules/micromatch
node_modules/micromatch
anymatch 1.2.0 - 2.0.0
Depends on vulnerable versions of micromatch
node_modules/@vuepress/core/node_modules/anymatch
node_modules/watchpack-chokidar2/node_modules/anymatch
node_modules/webpack-dev-server/node_modules/anymatch
fast-glob <=2.2.7
Depends on vulnerable versions of micromatch
node_modules/@vuepress/shared-utils/node_modules/fast-glob
globby 8.0.0 - 9.2.0
Depends on vulnerable versions of fast-glob
node_modules/@vuepress/shared-utils/node_modules/globby
@vuepress/shared-utils *
Depends on vulnerable versions of globby
node_modules/@vuepress/shared-utils
@vuepress/plugin-register-components <=1.9.10
Depends on vulnerable versions of @vuepress/shared-utils
node_modules/@vuepress/plugin-register-components
vuepress-plugin-container >=2.1.5
Depends on vulnerable versions of @vuepress/shared-utils
node_modules/vuepress-plugin-container
http-proxy-middleware <=2.0.7-beta.1
Depends on vulnerable versions of micromatch
node_modules/http-proxy-middleware
readdirp 2.2.0 - 2.2.1
Depends on vulnerable versions of micromatch
node_modules/@vuepress/core/node_modules/readdirp
node_modules/watchpack-chokidar2/node_modules/readdirp
node_modules/webpack-dev-server/node_modules/readdirp
browserify-sign 2.6.0 - 4.2.1
Severity: high
browserify-sign upper bound check issue in `dsaVerify` leads to a signature forgery attack - https://github.com/advisories/GHSA-x9w5-v3q2-3rhw
fix available via `npm audit fix`
node_modules/browserify-sign
cookie <0.7.0
cookie accepts cookie name, path, and domain with out of bounds characters - https://github.com/advisories/GHSA-pxg6-pf52-xh8x
fix available via `npm audit fix`
node_modules/cookie
node_modules/express/node_modules/cookie
@nuxtjs/youch *
Depends on vulnerable versions of cookie
node_modules/@nuxtjs/youch
@nuxt/server *
Depends on vulnerable versions of @nuxt/vue-renderer
Depends on vulnerable versions of @nuxtjs/youch
node_modules/@nuxt/server
@nuxt/core *
Depends on vulnerable versions of @nuxt/server
node_modules/@nuxt/core
cross-spawn <6.0.6 || >=7.0.0 <7.0.5
Severity: high
Regular Expression Denial of Service (ReDoS) in cross-spawn - https://github.com/advisories/GHSA-3xgq-45jj-v275
Regular Expression Denial of Service (ReDoS) in cross-spawn - https://github.com/advisories/GHSA-3xgq-45jj-v275
fix available via `npm audit fix`
node_modules/@vuepress/core/node_modules/cross-spawn
node_modules/@vuepress/plugin-last-updated/node_modules/cross-spawn
node_modules/cross-spawn
node_modules/default-gateway/node_modules/cross-spawn
node_modules/markdown-eslint-parser/node_modules/cross-spawn
node_modules/node-sass/node_modules/cross-spawn
node-sass 1.2.0 - 7.0.3
Depends on vulnerable versions of cross-spawn
Depends on vulnerable versions of request
node_modules/node-sass
decode-uri-component <0.2.1
Severity: high
decode-uri-component vulnerable to Denial of Service (DoS) - https://github.com/advisories/GHSA-w573-4hg7-7wgq
fix available via `npm audit fix`
node_modules/decode-uri-component
elliptic <=6.5.7
Elliptic's EDDSA missing signature length check - https://github.com/advisories/GHSA-f7q4-pwc6-w24p
Elliptic's ECDSA missing check for whether leading bit of r and s is zero - https://github.com/advisories/GHSA-977x-g7h5-7qgw
Elliptic allows BER-encoded signatures - https://github.com/advisories/GHSA-49q7-c7j4-3p7m
Valid ECDSA signatures erroneously rejected in Elliptic - https://github.com/advisories/GHSA-fc9h-whq2-v747
Elliptic's verify function omits uniqueness validation - https://github.com/advisories/GHSA-434g-2637-qmqr
fix available via `npm audit fix`
node_modules/elliptic
eventsource <1.1.1
Severity: critical
Exposure of Sensitive Information in eventsource - https://github.com/advisories/GHSA-6h5x-7c5m-7cr7
fix available via `npm audit fix`
node_modules/eventsource
follow-redirects <=1.15.5
Severity: high
Exposure of Sensitive Information to an Unauthorized Actor in follow-redirects - https://github.com/advisories/GHSA-pw2r-vq6v-hr8c
Exposure of sensitive information in follow-redirects - https://github.com/advisories/GHSA-74fj-2j2h-c42q
Follow Redirects improperly handles URLs in the url.parse() function - https://github.com/advisories/GHSA-jchw-25xp-jwwc
follow-redirects' Proxy-Authorization header kept across hosts - https://github.com/advisories/GHSA-cxjh-pqwp-8mfp
fix available via `npm audit fix`
node_modules/follow-redirects
got <11.8.5
Severity: moderate
Got allows a redirect to a UNIX socket - https://github.com/advisories/GHSA-pfrx-2q88-qq97
fix available via `npm audit fix --force`
Will install [email protected], which is a breaking change
node_modules/got
package-json <=6.5.0
Depends on vulnerable versions of got
node_modules/package-json
latest-version 0.2.0 - 5.1.0
Depends on vulnerable versions of package-json
node_modules/latest-version
update-notifier 0.2.0 - 5.1.0
Depends on vulnerable versions of latest-version
node_modules/update-notifier
vuepress 1.0.0-alpha.0 - 1.9.10
Depends on vulnerable versions of @vuepress/core
Depends on vulnerable versions of update-notifier
node_modules/vuepress
html-minifier *
Severity: high
kangax html-minifier REDoS vulnerability - https://github.com/advisories/GHSA-pfq8-rq6v-vf5m
fix available via `npm audit fix`
node_modules/html-minifier
node_modules/vuepress-html-webpack-plugin/node_modules/html-minifier
@nuxt/generator <=2.17.3
Depends on vulnerable versions of html-minifier
node_modules/@nuxt/generator
http-cache-semantics <4.1.1
Severity: high
http-cache-semantics vulnerable to Regular Expression Denial of Service - https://github.com/advisories/GHSA-rc47-6667-2j5j
fix available via `npm audit fix`
node_modules/http-cache-semantics
ip *
Severity: high
NPM IP package incorrectly identifies some private IP addresses as public - https://github.com/advisories/GHSA-78xj-cgh5-2h22
ip SSRF improper categorization in isPublic - https://github.com/advisories/GHSA-2p57-rm9w-gvfp
fix available via `npm audit fix`
node_modules/ip
json-schema <0.4.0
Severity: critical
json-schema is vulnerable to Prototype Pollution - https://github.com/advisories/GHSA-896r-f27r-55mw
fix available via `npm audit fix`
node_modules/json-schema
jsprim 0.3.0 - 1.4.1 || 2.0.0 - 2.0.1
Depends on vulnerable versions of json-schema
node_modules/jsprim
json5 <1.0.2 || >=2.0.0 <2.2.2
Severity: high
Prototype Pollution in JSON5 via Parse Method - https://github.com/advisories/GHSA-9c47-m6qq-7p4h
Prototype Pollution in JSON5 via Parse Method - https://github.com/advisories/GHSA-9c47-m6qq-7p4h
fix available via `npm audit fix`
node_modules/@vuepress/core/node_modules/json5
node_modules/@vuepress/markdown-loader/node_modules/json5
node_modules/babel-loader/node_modules/json5
node_modules/cache-loader/node_modules/json5
node_modules/copy-webpack-plugin/node_modules/json5
node_modules/html-webpack-plugin/node_modules/json5
node_modules/json5
node_modules/mini-css-extract-plugin/node_modules/json5
node_modules/postcss-loader/node_modules/json5
node_modules/pug-plain-loader/node_modules/json5
node_modules/sass-loader/node_modules/json5
node_modules/stylus-loader/node_modules/json5
node_modules/vue-loader/node_modules/json5
node_modules/vue-style-loader/node_modules/json5
node_modules/vuepress-html-webpack-plugin/node_modules/json5
node_modules/webpack/node_modules/json5
loader-utils <=1.4.1 || 2.0.0 - 2.0.3
Depends on vulnerable versions of json5
node_modules/@vuepress/core/node_modules/loader-utils
node_modules/@vuepress/markdown-loader/node_modules/loader-utils
node_modules/babel-loader/node_modules/loader-utils
node_modules/cache-loader/node_modules/loader-utils
node_modules/copy-webpack-plugin/node_modules/loader-utils
node_modules/html-webpack-plugin/node_modules/loader-utils
node_modules/loader-utils
node_modules/mini-css-extract-plugin/node_modules/loader-utils
node_modules/postcss-loader/node_modules/loader-utils
node_modules/pug-plain-loader/node_modules/loader-utils
node_modules/sass-loader/node_modules/loader-utils
node_modules/stylus-loader/node_modules/loader-utils
node_modules/vue-loader/node_modules/loader-utils
node_modules/vue-style-loader/node_modules/loader-utils
node_modules/vuepress-html-webpack-plugin/node_modules/loader-utils
node_modules/webpack/node_modules/loader-utils
vuepress-html-webpack-plugin *
Depends on vulnerable versions of html-minifier
Depends on vulnerable versions of loader-utils
node_modules/vuepress-html-webpack-plugin
lodash.template *
Severity: high
Command Injection in lodash - https://github.com/advisories/GHSA-35jh-r3h4-6jhm
fix available via `npm audit fix --force`
Will install @nuxtjs/[email protected], which is a breaking change
node_modules/lodash.template
@nuxtjs/pwa >=3.2.0
Depends on vulnerable versions of lodash.template
node_modules/@nuxtjs/pwa
vue-server-renderer >=2.3.0-beta.1
Depends on vulnerable versions of lodash.template
node_modules/vue-server-renderer
markdown-it <12.3.2
Severity: moderate
Uncontrolled Resource Consumption in markdown-it - https://github.com/advisories/GHSA-6vfc-qv3f-vr6c
fix available via `npm audit fix`
node_modules/markdown-it
@vuepress/markdown <=1.9.10
Depends on vulnerable versions of @vuepress/shared-utils
Depends on vulnerable versions of markdown-it
node_modules/@vuepress/markdown
@vuepress/markdown-loader *
Depends on vulnerable versions of @vuepress/markdown
node_modules/@vuepress/markdown-loader
minimatch <3.0.5
Severity: high
minimatch ReDoS vulnerability - https://github.com/advisories/GHSA-f8q6-p94x-37v3
fix available via `npm audit fix`
node_modules/minimatch
minimist 1.0.0 - 1.2.5
Severity: critical
Prototype Pollution in minimist - https://github.com/advisories/GHSA-xvch-5gv4-984h
fix available via `npm audit fix`
node_modules/minimist
nanoid <=3.3.7
Severity: moderate
Exposure of Sensitive Information to an Unauthorized Actor in nanoid - https://github.com/advisories/GHSA-qrpm-p2h7-hrv2
Predictable results in nanoid generation when given non-integer values - https://github.com/advisories/GHSA-mwcw-c2x4-8c55
fix available via `npm audit fix`
node_modules/nanoid
node-fetch <2.6.7
Severity: high
node-fetch forwards secure headers to untrusted sites - https://github.com/advisories/GHSA-r683-j2x4-v87g
fix available via `npm audit fix`
node_modules/node-fetch
node-forge <=1.2.1
Severity: high
Prototype Pollution in node-forge debug API. - https://github.com/advisories/GHSA-5rrq-pxf6-6jx5
URL parsing in node-forge could lead to undesired behavior. - https://github.com/advisories/GHSA-gf8q-jrpm-jvxq
Improper Verification of Cryptographic Signature in `node-forge` - https://github.com/advisories/GHSA-2r2c-g63r-vccr
Open Redirect in node-forge - https://github.com/advisories/GHSA-8fr3-hfg3-gpgp
Improper Verification of Cryptographic Signature in node-forge - https://github.com/advisories/GHSA-cfm4-qjh2-4765
Improper Verification of Cryptographic Signature in node-forge - https://github.com/advisories/GHSA-x4jg-mjrx-434g
fix available via `npm audit fix`
node_modules/node-forge
selfsigned 1.1.1 - 1.10.14
Depends on vulnerable versions of node-forge
node_modules/selfsigned
nth-check <2.0.1
Severity: high
Inefficient Regular Expression Complexity in nth-check - https://github.com/advisories/GHSA-rp65-9cf3-cjxr
fix available via `npm audit fix`
node_modules/node-html-parser/node_modules/nth-check
node_modules/nth-check
node_modules/renderkid/node_modules/nth-check
css-select <=3.1.0
Depends on vulnerable versions of nth-check
node_modules/css-select
svgo 1.0.0 - 1.3.2
Depends on vulnerable versions of css-select
node_modules/svgo
postcss-svgo <=5.0.0-rc.2
Depends on vulnerable versions of postcss
Depends on vulnerable versions of svgo
node_modules/postcss-svgo
parse-path <5.0.0
Severity: high
Authorization Bypass in parse-path - https://github.com/advisories/GHSA-3j8f-xvm3-ffx4
fix available via `npm audit fix`
node_modules/parse-path
parse-url <=8.0.0
Depends on vulnerable versions of parse-path
node_modules/parse-url
git-up <=6.0.0
Depends on vulnerable versions of parse-url
node_modules/git-up
git-url-parse 4.0.0 - 12.0.0
Depends on vulnerable versions of git-up
node_modules/git-url-parse
@nuxt/telemetry <=1.3.6 || 2.0.0 - 2.1.4
Depends on vulnerable versions of git-url-parse
node_modules/@nuxt/telemetry
path-to-regexp <=0.1.11
Severity: high
path-to-regexp outputs backtracking regular expressions - https://github.com/advisories/GHSA-9wv6-86v2-598j
Unpatched `path-to-regexp` ReDoS in 0.1.x - https://github.com/advisories/GHSA-rhx6-c78j-4q9w
fix available via `npm audit fix`
node_modules/path-to-regexp
postcss <=8.4.30
Severity: moderate
Regular Expression Denial of Service in postcss - https://github.com/advisories/GHSA-hwj9-h5mp-3pm3
Regular Expression Denial of Service in postcss - https://github.com/advisories/GHSA-566m-qj78-rww5
PostCSS line return parsing error - https://github.com/advisories/GHSA-7fh5-64p2-3v2j
fix available via `npm audit fix`
node_modules/@fullhuman/postcss-purgecss/node_modules/postcss
node_modules/postcss
node_modules/postcss-functions/node_modules/postcss
node_modules/purgecss/node_modules/postcss
@fullhuman/postcss-purgecss 2.0.3 - 3.0.0
Depends on vulnerable versions of postcss
Depends on vulnerable versions of purgecss
node_modules/@fullhuman/postcss-purgecss
tailwindcss 0.1.0 - 2.2.0-canary.16 || 4.0.0-alpha.1 - 4.0.0-beta.10
Depends on vulnerable versions of @fullhuman/postcss-purgecss
Depends on vulnerable versions of autoprefixer
Depends on vulnerable versions of postcss
Depends on vulnerable versions of postcss-functions
Depends on vulnerable versions of postcss-js
Depends on vulnerable versions of postcss-nested
node_modules/tailwindcss
@nuxtjs/tailwindcss <=3.4.3
Depends on vulnerable versions of tailwindcss
node_modules/@nuxtjs/tailwindcss
@types/autoprefixer <=9.7.2
Depends on vulnerable versions of postcss
node_modules/@types/autoprefixer
@nuxt/types 0.5.0 - 2.16.0
Depends on vulnerable versions of @types/autoprefixer
node_modules/@nuxt/types
@vue/component-compiler-utils *
Depends on vulnerable versions of postcss
node_modules/@vue/component-compiler-utils
vue-loader 15.0.0-beta.1 - 15.11.1
Depends on vulnerable versions of @vue/component-compiler-utils
node_modules/vue-loader
autoprefixer 1.0.20131222 - 9.8.8
Depends on vulnerable versions of postcss
node_modules/autoprefixer
css-blank-pseudo <=1.0.0
Depends on vulnerable versions of postcss
node_modules/css-blank-pseudo
postcss-preset-env <=7.0.0
Depends on vulnerable versions of autoprefixer
Depends on vulnerable versions of css-blank-pseudo
Depends on vulnerable versions of css-has-pseudo
Depends on vulnerable versions of css-prefers-color-scheme
Depends on vulnerable versions of postcss
Depends on vulnerable versions of postcss-attribute-case-insensitive
Depends on vulnerable versions of postcss-color-functional-notation
Depends on vulnerable versions of postcss-color-gray
Depends on vulnerable versions of postcss-color-hex-alpha
Depends on vulnerable versions of postcss-color-mod-function
Depends on vulnerable versions of postcss-color-rebeccapurple
Depends on vulnerable versions of postcss-custom-media
Depends on vulnerable versions of postcss-custom-properties
Depends on vulnerable versions of postcss-custom-selectors
Depends on vulnerable versions of postcss-dir-pseudo-class
Depends on vulnerable versions of postcss-double-position-gradients
Depends on vulnerable versions of postcss-env-function
Depends on vulnerable versions of postcss-focus-visible
Depends on vulnerable versions of postcss-focus-within
Depends on vulnerable versions of postcss-font-variant
Depends on vulnerable versions of postcss-gap-properties
Depends on vulnerable versions of postcss-image-set-function
Depends on vulnerable versions of postcss-initial
Depends on vulnerable versions of postcss-lab-function
Depends on vulnerable versions of postcss-logical
Depends on vulnerable versions of postcss-media-minmax
Depends on vulnerable versions of postcss-nesting
Depends on vulnerable versions of postcss-overflow-shorthand
Depends on vulnerable versions of postcss-page-break
Depends on vulnerable versions of postcss-place
Depends on vulnerable versions of postcss-pseudo-class-any-link
Depends on vulnerable versions of postcss-replace-overflow-wrap
Depends on vulnerable versions of postcss-selector-matches
Depends on vulnerable versions of postcss-selector-not
node_modules/postcss-preset-env
css-declaration-sorter <=5.1.2
Depends on vulnerable versions of postcss
node_modules/css-declaration-sorter
css-has-pseudo <=1.0.0
Depends on vulnerable versions of postcss
node_modules/css-has-pseudo
css-loader 0.15.0 - 4.3.0
Depends on vulnerable versions of icss-utils
Depends on vulnerable versions of postcss
Depends on vulnerable versions of postcss-modules-extract-imports
Depends on vulnerable versions of postcss-modules-local-by-default
Depends on vulnerable versions of postcss-modules-scope
Depends on vulnerable versions of postcss-modules-values
node_modules/@vuepress/core/node_modules/css-loader
node_modules/css-loader
css-prefers-color-scheme <=4.0.0
Depends on vulnerable versions of postcss
node_modules/css-prefers-color-scheme
vuepress-theme-default-prefers-color-scheme 1.0.1 - 1.1.2
Depends on vulnerable versions of css-prefers-color-scheme
node_modules/vuepress-theme-default-prefers-color-scheme
cssnano <=4.1.11
Depends on vulnerable versions of cssnano-preset-default
Depends on vulnerable versions of postcss
node_modules/cssnano
optimize-css-assets-webpack-plugin <=1.3.2 || 3.0.0 - 5.0.8
Depends on vulnerable versions of cssnano
node_modules/optimize-css-assets-webpack-plugin
cssnano-preset-default <=4.0.8
Depends on vulnerable versions of css-declaration-sorter
Depends on vulnerable versions of cssnano-util-raw-cache
Depends on vulnerable versions of postcss
Depends on vulnerable versions of postcss-calc
Depends on vulnerable versions of postcss-colormin
Depends on vulnerable versions of postcss-convert-values
Depends on vulnerable versions of postcss-discard-comments
Depends on vulnerable versions of postcss-discard-duplicates
Depends on vulnerable versions of postcss-discard-empty
Depends on vulnerable versions of postcss-discard-overridden
Depends on vulnerable versions of postcss-merge-longhand
Depends on vulnerable versions of postcss-merge-rules
Depends on vulnerable versions of postcss-minify-font-values
Depends on vulnerable versions of postcss-minify-gradients
Depends on vulnerable versions of postcss-minify-params
Depends on vulnerable versions of postcss-minify-selectors
Depends on vulnerable versions of postcss-normalize-charset
Depends on vulnerable versions of postcss-normalize-display-values
Depends on vulnerable versions of postcss-normalize-positions
Depends on vulnerable versions of postcss-normalize-repeat-style
Depends on vulnerable versions of postcss-normalize-string
Depends on vulnerable versions of postcss-normalize-timing-functions
Depends on vulnerable versions of postcss-normalize-unicode
Depends on vulnerable versions of postcss-normalize-url
Depends on vulnerable versions of postcss-normalize-whitespace
Depends on vulnerable versions of postcss-ordered-values
Depends on vulnerable versions of postcss-reduce-initial
Depends on vulnerable versions of postcss-reduce-transforms
Depends on vulnerable versions of postcss-svgo
Depends on vulnerable versions of postcss-unique-selectors
node_modules/cssnano-preset-default
cssnano-util-raw-cache *
Depends on vulnerable versions of postcss
node_modules/cssnano-util-raw-cache
icss-utils <=4.1.1
Depends on vulnerable versions of postcss
node_modules/icss-utils
postcss-modules-local-by-default <=4.0.0-rc.4
Depends on vulnerable versions of icss-utils
Depends on vulnerable versions of postcss
node_modules/@vuepress/core/node_modules/postcss-modules-local-by-default
node_modules/postcss-modules-local-by-default
postcss-modules-values <=4.0.0-rc.5
Depends on vulnerable versions of icss-utils
Depends on vulnerable versions of postcss
node_modules/@vuepress/core/node_modules/postcss-modules-values
node_modules/postcss-modules-values
postcss-attribute-case-insensitive <=4.0.2
Depends on vulnerable versions of postcss
node_modules/postcss-attribute-case-insensitive
postcss-calc 4.1.0 - 7.0.5
Depends on vulnerable versions of postcss
node_modules/postcss-calc
postcss-color-functional-notation <=3.0.2
Depends on vulnerable versions of postcss
node_modules/postcss-color-functional-notation
postcss-color-gray >=3.0.0
Depends on vulnerable versions of postcss
node_modules/postcss-color-gray
postcss-color-hex-alpha 1.3.0 - 6.0.0
Depends on vulnerable versions of postcss
node_modules/postcss-color-hex-alpha
postcss-color-mod-function <=3.0.3
Depends on vulnerable versions of postcss
node_modules/postcss-color-mod-function
postcss-color-rebeccapurple 1.2.0 - 6.0.0
Depends on vulnerable versions of postcss
node_modules/postcss-color-rebeccapurple
postcss-colormin <=4.0.3
Depends on vulnerable versions of postcss
node_modules/postcss-colormin
postcss-convert-values <=4.0.1
Depends on vulnerable versions of postcss
node_modules/postcss-convert-values
postcss-custom-media 4.0.0 - 7.0.8
Depends on vulnerable versions of postcss
node_modules/postcss-custom-media
postcss-custom-properties 3.3.0 - 10.0.0
Depends on vulnerable versions of postcss
node_modules/postcss-custom-properties
postcss-custom-selectors 2.3.0 - 5.1.2
Depends on vulnerable versions of postcss
node_modules/postcss-custom-selectors
postcss-dir-pseudo-class <=5.0.0
Depends on vulnerable versions of postcss
node_modules/postcss-dir-pseudo-class
postcss-discard-comments <=4.0.2
Depends on vulnerable versions of postcss
node_modules/postcss-discard-comments
postcss-discard-duplicates 1.1.0 - 4.0.2
Depends on vulnerable versions of postcss
node_modules/postcss-discard-duplicates
postcss-discard-empty 1.1.0 - 4.0.1
Depends on vulnerable versions of postcss
node_modules/postcss-discard-empty
postcss-discard-overridden <=4.0.1
Depends on vulnerable versions of postcss
node_modules/postcss-discard-overridden
postcss-double-position-gradients <=2.0.0
Depends on vulnerable versions of postcss
node_modules/postcss-double-position-gradients
postcss-env-function <=3.0.0
Depends on vulnerable versions of postcss
node_modules/postcss-env-function
postcss-focus-visible <=5.0.0
Depends on vulnerable versions of postcss
node_modules/postcss-focus-visible
postcss-focus-within <=4.0.0
Depends on vulnerable versions of postcss
node_modules/postcss-focus-within
postcss-font-variant 1.2.0 - 4.0.1
Depends on vulnerable versions of postcss
node_modules/postcss-font-variant
postcss-functions <=3.0.0
Depends on vulnerable versions of postcss
node_modules/postcss-functions
postcss-gap-properties <=2.0.0
Depends on vulnerable versions of postcss
node_modules/postcss-gap-properties
postcss-image-set-function <=3.0.1
Depends on vulnerable versions of postcss
node_modules/postcss-image-set-function
postcss-import <=12.0.1
Depends on vulnerable versions of postcss
node_modules/postcss-import
postcss-initial <=3.0.4
Depends on vulnerable versions of postcss
node_modules/postcss-initial
postcss-js <=2.0.3
Depends on vulnerable versions of postcss
node_modules/postcss-js
postcss-lab-function <=3.1.2
Depends on vulnerable versions of postcss
node_modules/postcss-lab-function
postcss-loader <=4.0.1
Depends on vulnerable versions of postcss
node_modules/postcss-loader
postcss-logical <=4.0.2
Depends on vulnerable versions of postcss
node_modules/postcss-logical
postcss-media-minmax 1.2.0 - 4.0.0
Depends on vulnerable versions of postcss
node_modules/postcss-media-minmax
postcss-merge-longhand <=4.0.11
Depends on vulnerable versions of postcss
Depends on vulnerable versions of stylehacks
node_modules/postcss-merge-longhand
postcss-merge-rules <=4.0.3
Depends on vulnerable versions of postcss
node_modules/postcss-merge-rules
postcss-minify-font-values <=4.0.2
Depends on vulnerable versions of postcss
node_modules/postcss-minify-font-values
postcss-minify-gradients <=4.0.2
Depends on vulnerable versions of postcss
node_modules/postcss-minify-gradients
postcss-minify-params <=4.0.2
Depends on vulnerable versions of postcss
node_modules/postcss-minify-params
postcss-minify-selectors <=4.0.2
Depends on vulnerable versions of postcss
node_modules/postcss-minify-selectors
postcss-modules-extract-imports <=2.0.0
Depends on vulnerable versions of postcss
node_modules/postcss-modules-extract-imports
postcss-modules-scope <=2.2.0
Depends on vulnerable versions of postcss
node_modules/postcss-modules-scope
postcss-nested <=4.2.3
Depends on vulnerable versions of postcss
node_modules/postcss-nested
postcss-nesting <=7.0.1
Depends on vulnerable versions of postcss
node_modules/postcss-nesting
postcss-normalize-charset <=4.0.1
Depends on vulnerable versions of postcss
node_modules/postcss-normalize-charset
postcss-normalize-display-values <=4.0.2
Depends on vulnerable versions of postcss
node_modules/postcss-normalize-display-values
postcss-normalize-positions <=4.0.2
Depends on vulnerable versions of postcss
node_modules/postcss-normalize-positions
postcss-normalize-repeat-style <=4.0.2
Depends on vulnerable versions of postcss
node_modules/postcss-normalize-repeat-style
postcss-normalize-string <=4.0.2
Depends on vulnerable versions of postcss
node_modules/postcss-normalize-string
postcss-normalize-timing-functions <=4.0.2
Depends on vulnerable versions of postcss
node_modules/postcss-normalize-timing-functions
postcss-normalize-unicode <=4.0.1
Depends on vulnerable versions of postcss
node_modules/postcss-normalize-unicode
postcss-normalize-url 1.1.0 - 4.0.1
Depends on vulnerable versions of postcss
node_modules/postcss-normalize-url
postcss-normalize-whitespace <=4.0.2
Depends on vulnerable versions of postcss
node_modules/postcss-normalize-whitespace
postcss-ordered-values <=4.1.2
Depends on vulnerable versions of postcss
node_modules/postcss-ordered-values
postcss-overflow-shorthand <=2.0.0
Depends on vulnerable versions of postcss
node_modules/postcss-overflow-shorthand
postcss-page-break <=2.0.0
Depends on vulnerable versions of postcss
node_modules/postcss-page-break
postcss-place <=5.0.0
Depends on vulnerable versions of postcss
node_modules/postcss-place
postcss-pseudo-class-any-link <=6.0.0
Depends on vulnerable versions of postcss
node_modules/postcss-pseudo-class-any-link
postcss-reduce-initial <=4.0.3
Depends on vulnerable versions of postcss
node_modules/postcss-reduce-initial
postcss-reduce-transforms <=4.0.2
Depends on vulnerable versions of postcss
node_modules/postcss-reduce-transforms
postcss-replace-overflow-wrap <=3.0.0
Depends on vulnerable versions of postcss
node_modules/postcss-replace-overflow-wrap
postcss-safe-parser <=4.0.2
Depends on vulnerable versions of postcss
node_modules/postcss-safe-parser
postcss-selector-matches *
Depends on vulnerable versions of postcss
node_modules/postcss-selector-matches
postcss-selector-not <=4.0.1
Depends on vulnerable versions of postcss
node_modules/postcss-selector-not
postcss-unique-selectors <=4.0.1
Depends on vulnerable versions of postcss
node_modules/postcss-unique-selectors
postcss-url 3.3.0 - 10.0.0
Depends on vulnerable versions of postcss
node_modules/postcss-url
purgecss <=1.0.1 || 2.0.1-beta.0 - 3.0.0
Depends on vulnerable versions of postcss
node_modules/purgecss
stylehacks <=4.0.3
Depends on vulnerable versions of postcss
node_modules/stylehacks
prismjs <=1.26.0
Severity: high
prismjs Regular Expression Denial of Service vulnerability - https://github.com/advisories/GHSA-hqhp-5p83-hx96
Cross-site Scripting in Prism - https://github.com/advisories/GHSA-3949-f494-cm99
fix available via `npm audit fix`
node_modules/prismjs
pug <=3.0.2
Severity: moderate
Pug allows JavaScript code execution if an application accepts untrusted input - https://github.com/advisories/GHSA-3965-hpx2-q597
fix available via `npm audit fix`
node_modules/pug
qs 6.5.0 - 6.5.2 || 6.7.0 - 6.7.2 || 6.10.0 - 6.10.2
Severity: high
qs vulnerable to Prototype Pollution - https://github.com/advisories/GHSA-hrpp-h998-j3pp
qs vulnerable to Prototype Pollution - https://github.com/advisories/GHSA-hrpp-h998-j3pp
qs vulnerable to Prototype Pollution - https://github.com/advisories/GHSA-hrpp-h998-j3pp
fix available via `npm audit fix`
node_modules/body-parser/node_modules/qs
node_modules/express/node_modules/qs
node_modules/qs
node_modules/request/node_modules/qs
request *
Severity: moderate
Server-Side Request Forgery in Request - https://github.com/advisories/GHSA-p8p7-x288-28g6
Depends on vulnerable versions of tough-cookie
fix available via `npm audit fix`
node_modules/request
docsearch.js 2.6.0 - 2.6.3
Depends on vulnerable versions of request
node_modules/docsearch.js
semver <=5.7.1 || 6.0.0 - 6.3.0 || 7.0.0 - 7.5.1
Severity: high
semver vulnerable to Regular Expression Denial of Service - https://github.com/advisories/GHSA-c2qf-rxjj-qqgw
semver vulnerable to Regular Expression Denial of Service - https://github.com/advisories/GHSA-c2qf-rxjj-qqgw
semver vulnerable to Regular Expression Denial of Service - https://github.com/advisories/GHSA-c2qf-rxjj-qqgw
fix available via `npm audit fix`
node_modules/@babel/core/node_modules/semver
node_modules/@babel/eslint-parser/node_modules/semver
node_modules/@babel/helper-compilation-targets/node_modules/semver
node_modules/@babel/helper-define-polyfill-provider/node_modules/semver
node_modules/@babel/plugin-transform-runtime/node_modules/semver
node_modules/@babel/preset-env/node_modules/semver
node_modules/@vue/babel-preset-app/node_modules/semver
node_modules/@vuepress/core/node_modules/semver
node_modules/@vuepress/plugin-last-updated/node_modules/semver
node_modules/@vuepress/shared-utils/node_modules/semver
node_modules/algoliasearch/node_modules/semver
node_modules/babel-plugin-polyfill-corejs2/node_modules/semver
node_modules/copy-webpack-plugin/node_modules/semver
node_modules/core-js-compat/node_modules/semver
node_modules/default-gateway/node_modules/semver
node_modules/eslint-plugin-node/node_modules/semver
node_modules/eslint-plugin-vue/node_modules/semver
node_modules/hard-source-webpack-plugin/node_modules/semver
node_modules/make-dir/node_modules/semver
node_modules/markdown-eslint-parser/node_modules/cross-spawn/node_modules/semver
node_modules/markdown-eslint-parser/node_modules/semver
node_modules/normalize-package-data/node_modules/semver
node_modules/package-json/node_modules/semver
node_modules/sass-loader/node_modules/semver
node_modules/semver
node_modules/semver-diff/node_modules/semver
node_modules/stylus/node_modules/semver
node_modules/vue-eslint-parser/node_modules/semver
node_modules/webpack-dev-server/node_modules/semver
node_modules/webpack/node_modules/semver
core-js-compat 3.6.0 - 3.25.0
Depends on vulnerable versions of semver
node_modules/core-js-compat
semver-regex <=3.1.3
Severity: high
semver-regex Regular Expression Denial of Service (ReDOS) - https://github.com/advisories/GHSA-44c6-4v22-4mhx
Regular expression denial of service in semver-regex - https://github.com/advisories/GHSA-4x5v-gmq8-25ch
fix available via `npm audit fix`
node_modules/semver-regex
send <0.19.0
send vulnerable to template injection that can lead to XSS - https://github.com/advisories/GHSA-m6fv-jmcg-4jfg
fix available via `npm audit fix`
node_modules/send
serve-static <=1.16.0
Depends on vulnerable versions of send
node_modules/serve-static
shell-quote <=1.7.2
Severity: critical
Improper Neutralization of Special Elements used in a Command in Shell-quote - https://github.com/advisories/GHSA-g4rg-993r-mgx7
fix available via `npm audit fix`
node_modules/shell-quote
tar <6.2.1
Severity: moderate
Denial of service while parsing a tar file due to lack of folders count validation - https://github.com/advisories/GHSA-f5x3-32g6-xq36
fix available via `npm audit fix`
node_modules/tar
terser >=5.0.0 <5.14.2 || <4.8.1
Severity: high
Terser insecure use of regular expressions leads to ReDoS - https://github.com/advisories/GHSA-4wf5-vphf-c2xc
Terser insecure use of regular expressions leads to ReDoS - https://github.com/advisories/GHSA-4wf5-vphf-c2xc
fix available via `npm audit fix`
node_modules/terser
node_modules/terser-webpack-plugin/node_modules/terser
tough-cookie <4.1.3
Severity: moderate
tough-cookie Prototype Pollution vulnerability - https://github.com/advisories/GHSA-72xf-g2v4-qvf3
fix available via `npm audit fix`
node_modules/tough-cookie
trim <0.0.3
Severity: high
Regular Expression Denial of Service in trim - https://github.com/advisories/GHSA-w5p7-h5w8-2hfq
No fix available
node_modules/trim
remark-parse <=8.0.3
Depends on vulnerable versions of trim
node_modules/remark/node_modules/remark-parse
remark 5.0.0 - 12.0.1
Depends on vulnerable versions of remark-parse
node_modules/remark
eslint-plugin-md *
Depends on vulnerable versions of remark
node_modules/eslint-plugin-md
unified-message-control <=1.0.4
Depends on vulnerable versions of trim
node_modules/unified-message-control
remark-message-control 4.1.0 - 4.2.0
Depends on vulnerable versions of unified-message-control
node_modules/remark-message-control
ua-parser-js <0.7.33
Severity: high
ReDoS Vulnerability in ua-parser-js version - https://github.com/advisories/GHSA-fhg7-m89q-25r3
fix available via `npm audit fix`
node_modules/ua-parser-js
url-parse <=1.5.8
Severity: critical
Authorization bypass in url-parse - https://github.com/advisories/GHSA-rqff-837h-mm52
url-parse incorrectly parses hostname / protocol due to unstripped leading control characters. - https://github.com/advisories/GHSA-jf5r-8hm2-f872
url-parse Incorrectly parses URLs that include an '@' - https://github.com/advisories/GHSA-8v38-pw62-9cw2
Authorization Bypass Through User-Controlled Key in url-parse - https://github.com/advisories/GHSA-hgjh-723h-mx2j
fix available via `npm audit fix`
node_modules/url-parse
vue 2.0.0-alpha.1 - 2.7.16
ReDoS vulnerability in vue package that is exploitable through inefficient regex evaluation in the parseHTML function - https://github.com/advisories/GHSA-5j4c-8p2g-v4jx
fix available via `npm audit fix --force`
Will install [email protected], which is a breaking change
node_modules/vue
@nuxt/vue-app >=2.4.0
Depends on vulnerable versions of vue
Depends on vulnerable versions of vue-template-compiler
node_modules/@nuxt/vue-app
@nuxt/vue-renderer *
Depends on vulnerable versions of vue
Depends on vulnerable versions of vue-server-renderer
node_modules/@nuxt/vue-renderer
@vuepress/core <=1.9.10
Depends on vulnerable versions of @vuepress/markdown
Depends on vulnerable versions of @vuepress/markdown-loader
Depends on vulnerable versions of @vuepress/plugin-register-components
Depends on vulnerable versions of @vuepress/shared-utils
Depends on vulnerable versions of autoprefixer
Depends on vulnerable versions of chokidar
Depends on vulnerable versions of css-loader
Depends on vulnerable versions of optimize-css-assets-webpack-plugin
Depends on vulnerable versions of postcss-loader
Depends on vulnerable versions of postcss-safe-parser
Depends on vulnerable versions of vue
Depends on vulnerable versions of vue-loader
Depends on vulnerable versions of vue-server-renderer
Depends on vulnerable versions of vue-template-compiler
Depends on vulnerable versions of vuepress-html-webpack-plugin
Depends on vulnerable versions of webpack
node_modules/@vuepress/core
vue-template-compiler >=2.0.0
Severity: moderate
vue-template-compiler vulnerable to client-side Cross-Site Scripting (XSS) - https://github.com/advisories/GHSA-g3ch-rx76-35fx
fix available via `npm audit fix`
node_modules/vue-template-compiler
@nuxt/components >=1.2.1
Depends on vulnerable versions of vue-template-compiler
node_modules/@nuxt/components
vuetify 2.0.0-beta.4 - 2.6.9
Severity: moderate
Vuetify Cross-site Scripting vulnerability - https://github.com/advisories/GHSA-q4q5-c5cv-2p68
fix available via `npm audit fix`
node_modules/vuetify
webpack-dev-middleware <=5.3.3
Severity: high
Path traversal in webpack-dev-middleware - https://github.com/advisories/GHSA-wr3j-pwj9-hqq6
fix available via `npm audit fix`
node_modules/webpack-dev-middleware
node_modules/webpack-dev-server/node_modules/webpack-dev-middleware
word-wrap <1.2.4
Severity: moderate
word-wrap vulnerable to Regular Expression Denial of Service - https://github.com/advisories/GHSA-j8xg-fqg3-53r7
fix available via `npm audit fix`
node_modules/word-wrap
ws 6.0.0 - 6.2.2 || 7.0.0 - 7.5.9
Severity: high
ws affected by a DoS when handling a request with many HTTP headers - https://github.com/advisories/GHSA-3h5v-q93c-6h6q
ws affected by a DoS when handling a request with many HTTP headers - https://github.com/advisories/GHSA-3h5v-q93c-6h6q
fix available via `npm audit fix`
node_modules/webpack-dev-server/node_modules/ws
node_modules/ws
xml2js <0.5.0
Severity: moderate
xml2js is vulnerable to prototype pollution - https://github.com/advisories/GHSA-776f-qx25-q3cc
fix available via `npm audit fix`
node_modules/xml2js
@nuxt/content 1.4.0 - 1.15.1
Depends on vulnerable versions of xml2js
node_modules/@nuxt/content
195 vulnerabilities (9 low, 118 moderate, 54 high, 14 critical)
To address issues that do not require attention, run:
npm audit fix
To address all issues possible (including breaking changes), run:
npm audit fix --force
Some issues need review, and may require choosing
a different dependency.Changed filesChanged file:
|
…on/chore-npm-update-2263489212
…on/chore-npm-update-2263489212
…on/chore-npm-update-2263489212
…on/chore-npm-update-2263489212
…on/chore-npm-update-2263489212
…on/chore-npm-update-2263489212
…on/chore-npm-update-2263489212
…on/chore-npm-update-2263489212
…on/chore-npm-update-2263489212
…on/chore-npm-update-2263489212
…on/chore-npm-update-2263489212
…on/chore-npm-update-2263489212
…on/chore-npm-update-2263489212
…on/chore-npm-update-2263489212
…on/chore-npm-update-2263489212
…on/chore-npm-update-2263489212
…on/chore-npm-update-2263489212
…on/chore-npm-update-2263489212
…on/chore-npm-update-2263489212
…on/chore-npm-update-2263489212
…on/chore-npm-update-2263489212
…on/chore-npm-update-2263489212
…on/chore-npm-update-2263489212
…on/chore-npm-update-2263489212
…on/chore-npm-update-2263489212
…on/chore-npm-update-2263489212
…on/chore-npm-update-2263489212
…on/chore-npm-update-2263489212
…on/chore-npm-update-2263489212
…on/chore-npm-update-2263489212
Command resultsDetails:add path/home/runner/work/_actions/technote-space/create-pr-action/v2.0.3/node_modules/npm-check-updates/binncu -u --packageFile package.jsonUpgrading /home/runner/work/campus-website/campus-website/package.json
nuxt ^3.15.2 → ^3.15.3
eslint ^9.18.0 → ^9.19.0
lint-staged ^15.4.2 → ^15.4.3
Run npm install to install new versions.npm installstderr:npm error code ERESOLVE
npm error ERESOLVE unable to resolve dependency tree
npm error
npm error While resolving: [email protected]
npm error Found: [email protected]
npm error node_modules/eslint
npm error dev eslint@"^9.19.0" from the root project
npm error
npm error Could not resolve dependency:
npm error peer eslint@"^8.23.0" from @nuxtjs/[email protected]
npm error node_modules/@nuxtjs/eslint-config
npm error dev @nuxtjs/eslint-config@"^12.0.0" from the root project
npm error
npm error Fix the upstream dependency conflict, or retry
npm error this command with --force or --legacy-peer-deps
npm error to accept an incorrect (and potentially broken) dependency resolution.
npm error
npm error
npm error For a full report see:
npm error /home/runner/.npm/_logs/2025-01-27T01_41_53_179Z-eresolve-report.txt
npm error A complete log of this run can be found in: /home/runner/.npm/_logs/2025-01-27T01_41_53_179Z-debug-0.lognpm upgradestderr:npm error code ERESOLVE
npm error ERESOLVE unable to resolve dependency tree
npm error
npm error While resolving: [email protected]
npm error Found: [email protected]
npm error node_modules/eslint
npm error dev eslint@"^9.19.0" from the root project
npm error
npm error Could not resolve dependency:
npm error peer eslint@"^8.23.0" from @nuxtjs/[email protected]
npm error node_modules/@nuxtjs/eslint-config
npm error dev @nuxtjs/eslint-config@"^12.0.0" from the root project
npm error
npm error Fix the upstream dependency conflict, or retry
npm error this command with --force or --legacy-peer-deps
npm error to accept an incorrect (and potentially broken) dependency resolution.
npm error
npm error
npm error For a full report see:
npm error /home/runner/.npm/_logs/2025-01-27T01_41_55_688Z-eresolve-report.txt
npm error A complete log of this run can be found in: /home/runner/.npm/_logs/2025-01-27T01_41_55_688Z-debug-0.lognpm audit# npm audit report
@babel/traverse <7.23.2
Severity: critical
Babel vulnerable to arbitrary code execution when compiling specifically crafted malicious code - https://github.com/advisories/GHSA-67hx-6x53-jw92
fix available via `npm audit fix`
node_modules/@babel/traverse
ansi-html <0.0.8
Severity: high
Uncontrolled Resource Consumption in ansi-html - https://github.com/advisories/GHSA-whgm-jr23-g3j9
fix available via `npm audit fix`
node_modules/ansi-html
webpack-dev-server <=4.7.2
Depends on vulnerable versions of ansi-html
Depends on vulnerable versions of chokidar
Depends on vulnerable versions of http-proxy-middleware
Depends on vulnerable versions of selfsigned
Depends on vulnerable versions of webpack-dev-middleware
node_modules/webpack-dev-server
webpack-hot-middleware 2.9.0 - 2.25.0
Depends on vulnerable versions of ansi-html
node_modules/webpack-hot-middleware
ansi-regex 3.0.0 || 4.0.0 - 4.1.0 || 5.0.0
Severity: high
Inefficient Regular Expression Complexity in chalk/ansi-regex - https://github.com/advisories/GHSA-93q8-gq69-wqmw
Inefficient Regular Expression Complexity in chalk/ansi-regex - https://github.com/advisories/GHSA-93q8-gq69-wqmw
Inefficient Regular Expression Complexity in chalk/ansi-regex - https://github.com/advisories/GHSA-93q8-gq69-wqmw
fix available via `npm audit fix`
node_modules/@nuxt/cli/node_modules/ansi-regex
node_modules/@vuepress/core/node_modules/ansi-regex
node_modules/ansi-align/node_modules/ansi-regex
node_modules/ansi-regex
node_modules/boxen/node_modules/ansi-regex
node_modules/cli-truncate/node_modules/ansi-regex
node_modules/cliui/node_modules/ansi-regex
node_modules/eslint/node_modules/ansi-regex
node_modules/inquirer/node_modules/ansi-regex
node_modules/listr2/node_modules/ansi-regex
node_modules/markdown-eslint-parser/node_modules/ansi-regex
node_modules/table/node_modules/ansi-regex
node_modules/update-notifier/node_modules/ansi-regex
node_modules/widest-line/node_modules/ansi-regex
node_modules/wrap-ansi/node_modules/ansi-regex
node_modules/yargs/node_modules/ansi-regex
async 2.0.0 - 2.6.3
Severity: high
Prototype Pollution in async - https://github.com/advisories/GHSA-fwr7-v2mv-hh25
fix available via `npm audit fix`
node_modules/async
body-parser <=1.20.2
Severity: high
body-parser vulnerable to denial of service when url encoding is enabled - https://github.com/advisories/GHSA-qwcr-r2fm-qrc7
Depends on vulnerable versions of qs
fix available via `npm audit fix`
node_modules/body-parser
express <=4.21.1 || 5.0.0-alpha.1 - 5.0.0
Depends on vulnerable versions of body-parser
Depends on vulnerable versions of cookie
Depends on vulnerable versions of path-to-regexp
Depends on vulnerable versions of qs
Depends on vulnerable versions of send
Depends on vulnerable versions of serve-static
node_modules/express
braces <3.0.3
Severity: high
Uncontrolled resource consumption in braces - https://github.com/advisories/GHSA-grv7-fg5c-xmjg
fix available via `npm audit fix`
node_modules/@vuepress/core/node_modules/braces
node_modules/braces
node_modules/micromatch/node_modules/braces
node_modules/watchpack-chokidar2/node_modules/braces
node_modules/webpack-dev-server/node_modules/braces
chokidar 1.3.0 - 2.1.8
Depends on vulnerable versions of anymatch
Depends on vulnerable versions of braces
Depends on vulnerable versions of readdirp
node_modules/@vuepress/core/node_modules/chokidar
node_modules/watchpack-chokidar2/node_modules/chokidar
node_modules/webpack-dev-server/node_modules/chokidar
watchpack-chokidar2 *
Depends on vulnerable versions of chokidar
node_modules/watchpack-chokidar2
watchpack 1.7.2 - 1.7.5
Depends on vulnerable versions of watchpack-chokidar2
node_modules/watchpack
webpack 4.0.0-alpha.0 - 5.0.0-rc.6
Depends on vulnerable versions of micromatch
Depends on vulnerable versions of watchpack
node_modules/webpack
@nuxt/webpack *
Depends on vulnerable versions of css-loader
Depends on vulnerable versions of cssnano
Depends on vulnerable versions of optimize-css-assets-webpack-plugin
Depends on vulnerable versions of postcss
Depends on vulnerable versions of postcss-import
Depends on vulnerable versions of postcss-loader
Depends on vulnerable versions of postcss-preset-env
Depends on vulnerable versions of postcss-url
Depends on vulnerable versions of vue-loader
Depends on vulnerable versions of vue-template-compiler
Depends on vulnerable versions of webpack
Depends on vulnerable versions of webpack-dev-middleware
node_modules/@nuxt/webpack
@nuxt/builder >=2.4.0
Depends on vulnerable versions of @nuxt/vue-app
Depends on vulnerable versions of @nuxt/webpack
node_modules/@nuxt/builder
nuxt <=3.12.3
Depends on vulnerable versions of @nuxt/builder
Depends on vulnerable versions of @nuxt/components
Depends on vulnerable versions of @nuxt/core
Depends on vulnerable versions of @nuxt/generator
Depends on vulnerable versions of @nuxt/server
Depends on vulnerable versions of @nuxt/vue-app
Depends on vulnerable versions of @nuxt/vue-renderer
Depends on vulnerable versions of @nuxt/webpack
node_modules/nuxt
micromatch <=4.0.7
Depends on vulnerable versions of braces
node_modules/fast-glob/node_modules/micromatch
node_modules/lint-staged/node_modules/micromatch
node_modules/micromatch
anymatch 1.2.0 - 2.0.0
Depends on vulnerable versions of micromatch
node_modules/@vuepress/core/node_modules/anymatch
node_modules/watchpack-chokidar2/node_modules/anymatch
node_modules/webpack-dev-server/node_modules/anymatch
fast-glob <=2.2.7
Depends on vulnerable versions of micromatch
node_modules/@vuepress/shared-utils/node_modules/fast-glob
globby 8.0.0 - 9.2.0
Depends on vulnerable versions of fast-glob
node_modules/@vuepress/shared-utils/node_modules/globby
@vuepress/shared-utils *
Depends on vulnerable versions of globby
node_modules/@vuepress/shared-utils
@vuepress/plugin-register-components <=1.9.10
Depends on vulnerable versions of @vuepress/shared-utils
node_modules/@vuepress/plugin-register-components
vuepress-plugin-container >=2.1.5
Depends on vulnerable versions of @vuepress/shared-utils
node_modules/vuepress-plugin-container
http-proxy-middleware <=2.0.7-beta.1
Depends on vulnerable versions of micromatch
node_modules/http-proxy-middleware
readdirp 2.2.0 - 2.2.1
Depends on vulnerable versions of micromatch
node_modules/@vuepress/core/node_modules/readdirp
node_modules/watchpack-chokidar2/node_modules/readdirp
node_modules/webpack-dev-server/node_modules/readdirp
browserify-sign 2.6.0 - 4.2.1
Severity: high
browserify-sign upper bound check issue in `dsaVerify` leads to a signature forgery attack - https://github.com/advisories/GHSA-x9w5-v3q2-3rhw
fix available via `npm audit fix`
node_modules/browserify-sign
cookie <0.7.0
cookie accepts cookie name, path, and domain with out of bounds characters - https://github.com/advisories/GHSA-pxg6-pf52-xh8x
fix available via `npm audit fix`
node_modules/cookie
node_modules/express/node_modules/cookie
@nuxtjs/youch *
Depends on vulnerable versions of cookie
node_modules/@nuxtjs/youch
@nuxt/server *
Depends on vulnerable versions of @nuxt/vue-renderer
Depends on vulnerable versions of @nuxtjs/youch
node_modules/@nuxt/server
@nuxt/core *
Depends on vulnerable versions of @nuxt/server
node_modules/@nuxt/core
cross-spawn <6.0.6 || >=7.0.0 <7.0.5
Severity: high
Regular Expression Denial of Service (ReDoS) in cross-spawn - https://github.com/advisories/GHSA-3xgq-45jj-v275
Regular Expression Denial of Service (ReDoS) in cross-spawn - https://github.com/advisories/GHSA-3xgq-45jj-v275
fix available via `npm audit fix`
node_modules/@vuepress/core/node_modules/cross-spawn
node_modules/@vuepress/plugin-last-updated/node_modules/cross-spawn
node_modules/cross-spawn
node_modules/default-gateway/node_modules/cross-spawn
node_modules/markdown-eslint-parser/node_modules/cross-spawn
node_modules/node-sass/node_modules/cross-spawn
node-sass 1.2.0 - 7.0.3
Depends on vulnerable versions of cross-spawn
Depends on vulnerable versions of request
node_modules/node-sass
decode-uri-component <0.2.1
Severity: high
decode-uri-component vulnerable to Denial of Service (DoS) - https://github.com/advisories/GHSA-w573-4hg7-7wgq
fix available via `npm audit fix`
node_modules/decode-uri-component
elliptic <=6.5.7
Elliptic's EDDSA missing signature length check - https://github.com/advisories/GHSA-f7q4-pwc6-w24p
Elliptic's ECDSA missing check for whether leading bit of r and s is zero - https://github.com/advisories/GHSA-977x-g7h5-7qgw
Elliptic allows BER-encoded signatures - https://github.com/advisories/GHSA-49q7-c7j4-3p7m
Valid ECDSA signatures erroneously rejected in Elliptic - https://github.com/advisories/GHSA-fc9h-whq2-v747
Elliptic's verify function omits uniqueness validation - https://github.com/advisories/GHSA-434g-2637-qmqr
fix available via `npm audit fix`
node_modules/elliptic
eventsource <1.1.1
Severity: critical
Exposure of Sensitive Information in eventsource - https://github.com/advisories/GHSA-6h5x-7c5m-7cr7
fix available via `npm audit fix`
node_modules/eventsource
follow-redirects <=1.15.5
Severity: high
Exposure of Sensitive Information to an Unauthorized Actor in follow-redirects - https://github.com/advisories/GHSA-pw2r-vq6v-hr8c
Exposure of sensitive information in follow-redirects - https://github.com/advisories/GHSA-74fj-2j2h-c42q
Follow Redirects improperly handles URLs in the url.parse() function - https://github.com/advisories/GHSA-jchw-25xp-jwwc
follow-redirects' Proxy-Authorization header kept across hosts - https://github.com/advisories/GHSA-cxjh-pqwp-8mfp
fix available via `npm audit fix`
node_modules/follow-redirects
got <11.8.5
Severity: moderate
Got allows a redirect to a UNIX socket - https://github.com/advisories/GHSA-pfrx-2q88-qq97
fix available via `npm audit fix --force`
Will install [email protected], which is a breaking change
node_modules/got
package-json <=6.5.0
Depends on vulnerable versions of got
node_modules/package-json
latest-version 0.2.0 - 5.1.0
Depends on vulnerable versions of package-json
node_modules/latest-version
update-notifier 0.2.0 - 5.1.0
Depends on vulnerable versions of latest-version
node_modules/update-notifier
vuepress 1.0.0-alpha.0 - 1.9.10
Depends on vulnerable versions of @vuepress/core
Depends on vulnerable versions of update-notifier
node_modules/vuepress
html-minifier *
Severity: high
kangax html-minifier REDoS vulnerability - https://github.com/advisories/GHSA-pfq8-rq6v-vf5m
fix available via `npm audit fix`
node_modules/html-minifier
node_modules/vuepress-html-webpack-plugin/node_modules/html-minifier
@nuxt/generator <=2.17.3
Depends on vulnerable versions of html-minifier
node_modules/@nuxt/generator
http-cache-semantics <4.1.1
Severity: high
http-cache-semantics vulnerable to Regular Expression Denial of Service - https://github.com/advisories/GHSA-rc47-6667-2j5j
fix available via `npm audit fix`
node_modules/http-cache-semantics
ip *
Severity: high
NPM IP package incorrectly identifies some private IP addresses as public - https://github.com/advisories/GHSA-78xj-cgh5-2h22
ip SSRF improper categorization in isPublic - https://github.com/advisories/GHSA-2p57-rm9w-gvfp
fix available via `npm audit fix`
node_modules/ip
json-schema <0.4.0
Severity: critical
json-schema is vulnerable to Prototype Pollution - https://github.com/advisories/GHSA-896r-f27r-55mw
fix available via `npm audit fix`
node_modules/json-schema
jsprim 0.3.0 - 1.4.1 || 2.0.0 - 2.0.1
Depends on vulnerable versions of json-schema
node_modules/jsprim
json5 <1.0.2 || >=2.0.0 <2.2.2
Severity: high
Prototype Pollution in JSON5 via Parse Method - https://github.com/advisories/GHSA-9c47-m6qq-7p4h
Prototype Pollution in JSON5 via Parse Method - https://github.com/advisories/GHSA-9c47-m6qq-7p4h
fix available via `npm audit fix`
node_modules/@vuepress/core/node_modules/json5
node_modules/@vuepress/markdown-loader/node_modules/json5
node_modules/babel-loader/node_modules/json5
node_modules/cache-loader/node_modules/json5
node_modules/copy-webpack-plugin/node_modules/json5
node_modules/html-webpack-plugin/node_modules/json5
node_modules/json5
node_modules/mini-css-extract-plugin/node_modules/json5
node_modules/postcss-loader/node_modules/json5
node_modules/pug-plain-loader/node_modules/json5
node_modules/sass-loader/node_modules/json5
node_modules/stylus-loader/node_modules/json5
node_modules/vue-loader/node_modules/json5
node_modules/vue-style-loader/node_modules/json5
node_modules/vuepress-html-webpack-plugin/node_modules/json5
node_modules/webpack/node_modules/json5
loader-utils <=1.4.1 || 2.0.0 - 2.0.3
Depends on vulnerable versions of json5
node_modules/@vuepress/core/node_modules/loader-utils
node_modules/@vuepress/markdown-loader/node_modules/loader-utils
node_modules/babel-loader/node_modules/loader-utils
node_modules/cache-loader/node_modules/loader-utils
node_modules/copy-webpack-plugin/node_modules/loader-utils
node_modules/html-webpack-plugin/node_modules/loader-utils
node_modules/loader-utils
node_modules/mini-css-extract-plugin/node_modules/loader-utils
node_modules/postcss-loader/node_modules/loader-utils
node_modules/pug-plain-loader/node_modules/loader-utils
node_modules/sass-loader/node_modules/loader-utils
node_modules/stylus-loader/node_modules/loader-utils
node_modules/vue-loader/node_modules/loader-utils
node_modules/vue-style-loader/node_modules/loader-utils
node_modules/vuepress-html-webpack-plugin/node_modules/loader-utils
node_modules/webpack/node_modules/loader-utils
vuepress-html-webpack-plugin *
Depends on vulnerable versions of html-minifier
Depends on vulnerable versions of loader-utils
node_modules/vuepress-html-webpack-plugin
lodash.template *
Severity: high
Command Injection in lodash - https://github.com/advisories/GHSA-35jh-r3h4-6jhm
fix available via `npm audit fix --force`
Will install @nuxtjs/[email protected], which is a breaking change
node_modules/lodash.template
@nuxtjs/pwa >=3.2.0
Depends on vulnerable versions of lodash.template
node_modules/@nuxtjs/pwa
vue-server-renderer >=2.3.0-beta.1
Depends on vulnerable versions of lodash.template
node_modules/vue-server-renderer
markdown-it <12.3.2
Severity: moderate
Uncontrolled Resource Consumption in markdown-it - https://github.com/advisories/GHSA-6vfc-qv3f-vr6c
fix available via `npm audit fix`
node_modules/markdown-it
@vuepress/markdown <=1.9.10
Depends on vulnerable versions of @vuepress/shared-utils
Depends on vulnerable versions of markdown-it
node_modules/@vuepress/markdown
@vuepress/markdown-loader *
Depends on vulnerable versions of @vuepress/markdown
node_modules/@vuepress/markdown-loader
minimatch <3.0.5
Severity: high
minimatch ReDoS vulnerability - https://github.com/advisories/GHSA-f8q6-p94x-37v3
fix available via `npm audit fix`
node_modules/minimatch
minimist 1.0.0 - 1.2.5
Severity: critical
Prototype Pollution in minimist - https://github.com/advisories/GHSA-xvch-5gv4-984h
fix available via `npm audit fix`
node_modules/minimist
nanoid <=3.3.7
Severity: moderate
Exposure of Sensitive Information to an Unauthorized Actor in nanoid - https://github.com/advisories/GHSA-qrpm-p2h7-hrv2
Predictable results in nanoid generation when given non-integer values - https://github.com/advisories/GHSA-mwcw-c2x4-8c55
fix available via `npm audit fix`
node_modules/nanoid
node-fetch <2.6.7
Severity: high
node-fetch forwards secure headers to untrusted sites - https://github.com/advisories/GHSA-r683-j2x4-v87g
fix available via `npm audit fix`
node_modules/node-fetch
node-forge <=1.2.1
Severity: high
Prototype Pollution in node-forge debug API. - https://github.com/advisories/GHSA-5rrq-pxf6-6jx5
URL parsing in node-forge could lead to undesired behavior. - https://github.com/advisories/GHSA-gf8q-jrpm-jvxq
Improper Verification of Cryptographic Signature in `node-forge` - https://github.com/advisories/GHSA-2r2c-g63r-vccr
Open Redirect in node-forge - https://github.com/advisories/GHSA-8fr3-hfg3-gpgp
Improper Verification of Cryptographic Signature in node-forge - https://github.com/advisories/GHSA-cfm4-qjh2-4765
Improper Verification of Cryptographic Signature in node-forge - https://github.com/advisories/GHSA-x4jg-mjrx-434g
fix available via `npm audit fix`
node_modules/node-forge
selfsigned 1.1.1 - 1.10.14
Depends on vulnerable versions of node-forge
node_modules/selfsigned
nth-check <2.0.1
Severity: high
Inefficient Regular Expression Complexity in nth-check - https://github.com/advisories/GHSA-rp65-9cf3-cjxr
fix available via `npm audit fix`
node_modules/node-html-parser/node_modules/nth-check
node_modules/nth-check
node_modules/renderkid/node_modules/nth-check
css-select <=3.1.0
Depends on vulnerable versions of nth-check
node_modules/css-select
svgo 1.0.0 - 1.3.2
Depends on vulnerable versions of css-select
node_modules/svgo
postcss-svgo <=5.0.0-rc.2
Depends on vulnerable versions of postcss
Depends on vulnerable versions of svgo
node_modules/postcss-svgo
parse-path <5.0.0
Severity: high
Authorization Bypass in parse-path - https://github.com/advisories/GHSA-3j8f-xvm3-ffx4
fix available via `npm audit fix`
node_modules/parse-path
parse-url <=8.0.0
Depends on vulnerable versions of parse-path
node_modules/parse-url
git-up <=6.0.0
Depends on vulnerable versions of parse-url
node_modules/git-up
git-url-parse 4.0.0 - 12.0.0
Depends on vulnerable versions of git-up
node_modules/git-url-parse
@nuxt/telemetry <=1.3.6 || 2.0.0 - 2.1.4
Depends on vulnerable versions of git-url-parse
node_modules/@nuxt/telemetry
path-to-regexp <=0.1.11
Severity: high
path-to-regexp outputs backtracking regular expressions - https://github.com/advisories/GHSA-9wv6-86v2-598j
Unpatched `path-to-regexp` ReDoS in 0.1.x - https://github.com/advisories/GHSA-rhx6-c78j-4q9w
fix available via `npm audit fix`
node_modules/path-to-regexp
postcss <=8.4.30
Severity: moderate
Regular Expression Denial of Service in postcss - https://github.com/advisories/GHSA-hwj9-h5mp-3pm3
Regular Expression Denial of Service in postcss - https://github.com/advisories/GHSA-566m-qj78-rww5
PostCSS line return parsing error - https://github.com/advisories/GHSA-7fh5-64p2-3v2j
fix available via `npm audit fix`
node_modules/@fullhuman/postcss-purgecss/node_modules/postcss
node_modules/postcss
node_modules/postcss-functions/node_modules/postcss
node_modules/purgecss/node_modules/postcss
@fullhuman/postcss-purgecss 2.0.3 - 3.0.0
Depends on vulnerable versions of postcss
Depends on vulnerable versions of purgecss
node_modules/@fullhuman/postcss-purgecss
tailwindcss 0.1.0 - 2.2.0-canary.16 || 4.0.0-alpha.1 - 4.0.0-beta.10
Depends on vulnerable versions of @fullhuman/postcss-purgecss
Depends on vulnerable versions of autoprefixer
Depends on vulnerable versions of postcss
Depends on vulnerable versions of postcss-functions
Depends on vulnerable versions of postcss-js
Depends on vulnerable versions of postcss-nested
node_modules/tailwindcss
@nuxtjs/tailwindcss <=3.4.3
Depends on vulnerable versions of tailwindcss
node_modules/@nuxtjs/tailwindcss
@types/autoprefixer <=9.7.2
Depends on vulnerable versions of postcss
node_modules/@types/autoprefixer
@nuxt/types 0.5.0 - 2.16.0
Depends on vulnerable versions of @types/autoprefixer
node_modules/@nuxt/types
@vue/component-compiler-utils *
Depends on vulnerable versions of postcss
node_modules/@vue/component-compiler-utils
vue-loader 15.0.0-beta.1 - 15.11.1
Depends on vulnerable versions of @vue/component-compiler-utils
node_modules/vue-loader
autoprefixer 1.0.20131222 - 9.8.8
Depends on vulnerable versions of postcss
node_modules/autoprefixer
postcss-preset-env <=7.0.0
Depends on vulnerable versions of autoprefixer
Depends on vulnerable versions of css-blank-pseudo
Depends on vulnerable versions of css-has-pseudo
Depends on vulnerable versions of css-prefers-color-scheme
Depends on vulnerable versions of postcss
Depends on vulnerable versions of postcss-attribute-case-insensitive
Depends on vulnerable versions of postcss-color-functional-notation
Depends on vulnerable versions of postcss-color-gray
Depends on vulnerable versions of postcss-color-hex-alpha
Depends on vulnerable versions of postcss-color-mod-function
Depends on vulnerable versions of postcss-color-rebeccapurple
Depends on vulnerable versions of postcss-custom-media
Depends on vulnerable versions of postcss-custom-properties
Depends on vulnerable versions of postcss-custom-selectors
Depends on vulnerable versions of postcss-dir-pseudo-class
Depends on vulnerable versions of postcss-double-position-gradients
Depends on vulnerable versions of postcss-env-function
Depends on vulnerable versions of postcss-focus-visible
Depends on vulnerable versions of postcss-focus-within
Depends on vulnerable versions of postcss-font-variant
Depends on vulnerable versions of postcss-gap-properties
Depends on vulnerable versions of postcss-image-set-function
Depends on vulnerable versions of postcss-initial
Depends on vulnerable versions of postcss-lab-function
Depends on vulnerable versions of postcss-logical
Depends on vulnerable versions of postcss-media-minmax
Depends on vulnerable versions of postcss-nesting
Depends on vulnerable versions of postcss-overflow-shorthand
Depends on vulnerable versions of postcss-page-break
Depends on vulnerable versions of postcss-place
Depends on vulnerable versions of postcss-pseudo-class-any-link
Depends on vulnerable versions of postcss-replace-overflow-wrap
Depends on vulnerable versions of postcss-selector-matches
Depends on vulnerable versions of postcss-selector-not
node_modules/postcss-preset-env
css-blank-pseudo <=1.0.0
Depends on vulnerable versions of postcss
node_modules/css-blank-pseudo
css-declaration-sorter <=5.1.2
Depends on vulnerable versions of postcss
node_modules/css-declaration-sorter
css-has-pseudo <=1.0.0
Depends on vulnerable versions of postcss
node_modules/css-has-pseudo
css-loader 0.15.0 - 4.3.0
Depends on vulnerable versions of icss-utils
Depends on vulnerable versions of postcss
Depends on vulnerable versions of postcss-modules-extract-imports
Depends on vulnerable versions of postcss-modules-local-by-default
Depends on vulnerable versions of postcss-modules-scope
Depends on vulnerable versions of postcss-modules-values
node_modules/@vuepress/core/node_modules/css-loader
node_modules/css-loader
css-prefers-color-scheme <=4.0.0
Depends on vulnerable versions of postcss
node_modules/css-prefers-color-scheme
vuepress-theme-default-prefers-color-scheme 1.0.1 - 1.1.2
Depends on vulnerable versions of css-prefers-color-scheme
node_modules/vuepress-theme-default-prefers-color-scheme
cssnano <=4.1.11
Depends on vulnerable versions of cssnano-preset-default
Depends on vulnerable versions of postcss
node_modules/cssnano
optimize-css-assets-webpack-plugin <=1.3.2 || 3.0.0 - 5.0.8
Depends on vulnerable versions of cssnano
node_modules/optimize-css-assets-webpack-plugin
cssnano-preset-default <=4.0.8
Depends on vulnerable versions of css-declaration-sorter
Depends on vulnerable versions of cssnano-util-raw-cache
Depends on vulnerable versions of postcss
Depends on vulnerable versions of postcss-calc
Depends on vulnerable versions of postcss-colormin
Depends on vulnerable versions of postcss-convert-values
Depends on vulnerable versions of postcss-discard-comments
Depends on vulnerable versions of postcss-discard-duplicates
Depends on vulnerable versions of postcss-discard-empty
Depends on vulnerable versions of postcss-discard-overridden
Depends on vulnerable versions of postcss-merge-longhand
Depends on vulnerable versions of postcss-merge-rules
Depends on vulnerable versions of postcss-minify-font-values
Depends on vulnerable versions of postcss-minify-gradients
Depends on vulnerable versions of postcss-minify-params
Depends on vulnerable versions of postcss-minify-selectors
Depends on vulnerable versions of postcss-normalize-charset
Depends on vulnerable versions of postcss-normalize-display-values
Depends on vulnerable versions of postcss-normalize-positions
Depends on vulnerable versions of postcss-normalize-repeat-style
Depends on vulnerable versions of postcss-normalize-string
Depends on vulnerable versions of postcss-normalize-timing-functions
Depends on vulnerable versions of postcss-normalize-unicode
Depends on vulnerable versions of postcss-normalize-url
Depends on vulnerable versions of postcss-normalize-whitespace
Depends on vulnerable versions of postcss-ordered-values
Depends on vulnerable versions of postcss-reduce-initial
Depends on vulnerable versions of postcss-reduce-transforms
Depends on vulnerable versions of postcss-svgo
Depends on vulnerable versions of postcss-unique-selectors
node_modules/cssnano-preset-default
cssnano-util-raw-cache *
Depends on vulnerable versions of postcss
node_modules/cssnano-util-raw-cache
icss-utils <=4.1.1
Depends on vulnerable versions of postcss
node_modules/icss-utils
postcss-modules-local-by-default <=4.0.0-rc.4
Depends on vulnerable versions of icss-utils
Depends on vulnerable versions of postcss
node_modules/@vuepress/core/node_modules/postcss-modules-local-by-default
node_modules/postcss-modules-local-by-default
postcss-modules-values <=4.0.0-rc.5
Depends on vulnerable versions of icss-utils
Depends on vulnerable versions of postcss
node_modules/@vuepress/core/node_modules/postcss-modules-values
node_modules/postcss-modules-values
postcss-attribute-case-insensitive <=4.0.2
Depends on vulnerable versions of postcss
node_modules/postcss-attribute-case-insensitive
postcss-calc 4.1.0 - 7.0.5
Depends on vulnerable versions of postcss
node_modules/postcss-calc
postcss-color-functional-notation <=3.0.2
Depends on vulnerable versions of postcss
node_modules/postcss-color-functional-notation
postcss-color-gray >=3.0.0
Depends on vulnerable versions of postcss
node_modules/postcss-color-gray
postcss-color-hex-alpha 1.3.0 - 6.0.0
Depends on vulnerable versions of postcss
node_modules/postcss-color-hex-alpha
postcss-color-mod-function <=3.0.3
Depends on vulnerable versions of postcss
node_modules/postcss-color-mod-function
postcss-color-rebeccapurple 1.2.0 - 6.0.0
Depends on vulnerable versions of postcss
node_modules/postcss-color-rebeccapurple
postcss-colormin <=4.0.3
Depends on vulnerable versions of postcss
node_modules/postcss-colormin
postcss-convert-values <=4.0.1
Depends on vulnerable versions of postcss
node_modules/postcss-convert-values
postcss-custom-media 4.0.0 - 7.0.8
Depends on vulnerable versions of postcss
node_modules/postcss-custom-media
postcss-custom-properties 3.3.0 - 10.0.0
Depends on vulnerable versions of postcss
node_modules/postcss-custom-properties
postcss-custom-selectors 2.3.0 - 5.1.2
Depends on vulnerable versions of postcss
node_modules/postcss-custom-selectors
postcss-dir-pseudo-class <=5.0.0
Depends on vulnerable versions of postcss
node_modules/postcss-dir-pseudo-class
postcss-discard-comments <=4.0.2
Depends on vulnerable versions of postcss
node_modules/postcss-discard-comments
postcss-discard-duplicates 1.1.0 - 4.0.2
Depends on vulnerable versions of postcss
node_modules/postcss-discard-duplicates
postcss-discard-empty 1.1.0 - 4.0.1
Depends on vulnerable versions of postcss
node_modules/postcss-discard-empty
postcss-discard-overridden <=4.0.1
Depends on vulnerable versions of postcss
node_modules/postcss-discard-overridden
postcss-double-position-gradients <=2.0.0
Depends on vulnerable versions of postcss
node_modules/postcss-double-position-gradients
postcss-env-function <=3.0.0
Depends on vulnerable versions of postcss
node_modules/postcss-env-function
postcss-focus-visible <=5.0.0
Depends on vulnerable versions of postcss
node_modules/postcss-focus-visible
postcss-focus-within <=4.0.0
Depends on vulnerable versions of postcss
node_modules/postcss-focus-within
postcss-font-variant 1.2.0 - 4.0.1
Depends on vulnerable versions of postcss
node_modules/postcss-font-variant
postcss-functions <=3.0.0
Depends on vulnerable versions of postcss
node_modules/postcss-functions
postcss-gap-properties <=2.0.0
Depends on vulnerable versions of postcss
node_modules/postcss-gap-properties
postcss-image-set-function <=3.0.1
Depends on vulnerable versions of postcss
node_modules/postcss-image-set-function
postcss-import <=12.0.1
Depends on vulnerable versions of postcss
node_modules/postcss-import
postcss-initial <=3.0.4
Depends on vulnerable versions of postcss
node_modules/postcss-initial
postcss-js <=2.0.3
Depends on vulnerable versions of postcss
node_modules/postcss-js
postcss-lab-function <=3.1.2
Depends on vulnerable versions of postcss
node_modules/postcss-lab-function
postcss-loader <=4.0.1
Depends on vulnerable versions of postcss
node_modules/postcss-loader
postcss-logical <=4.0.2
Depends on vulnerable versions of postcss
node_modules/postcss-logical
postcss-media-minmax 1.2.0 - 4.0.0
Depends on vulnerable versions of postcss
node_modules/postcss-media-minmax
postcss-merge-longhand <=4.0.11
Depends on vulnerable versions of postcss
Depends on vulnerable versions of stylehacks
node_modules/postcss-merge-longhand
postcss-merge-rules <=4.0.3
Depends on vulnerable versions of postcss
node_modules/postcss-merge-rules
postcss-minify-font-values <=4.0.2
Depends on vulnerable versions of postcss
node_modules/postcss-minify-font-values
postcss-minify-gradients <=4.0.2
Depends on vulnerable versions of postcss
node_modules/postcss-minify-gradients
postcss-minify-params <=4.0.2
Depends on vulnerable versions of postcss
node_modules/postcss-minify-params
postcss-minify-selectors <=4.0.2
Depends on vulnerable versions of postcss
node_modules/postcss-minify-selectors
postcss-modules-extract-imports <=2.0.0
Depends on vulnerable versions of postcss
node_modules/postcss-modules-extract-imports
postcss-modules-scope <=2.2.0
Depends on vulnerable versions of postcss
node_modules/postcss-modules-scope
postcss-nested <=4.2.3
Depends on vulnerable versions of postcss
node_modules/postcss-nested
postcss-nesting <=7.0.1
Depends on vulnerable versions of postcss
node_modules/postcss-nesting
postcss-normalize-charset <=4.0.1
Depends on vulnerable versions of postcss
node_modules/postcss-normalize-charset
postcss-normalize-display-values <=4.0.2
Depends on vulnerable versions of postcss
node_modules/postcss-normalize-display-values
postcss-normalize-positions <=4.0.2
Depends on vulnerable versions of postcss
node_modules/postcss-normalize-positions
postcss-normalize-repeat-style <=4.0.2
Depends on vulnerable versions of postcss
node_modules/postcss-normalize-repeat-style
postcss-normalize-string <=4.0.2
Depends on vulnerable versions of postcss
node_modules/postcss-normalize-string
postcss-normalize-timing-functions <=4.0.2
Depends on vulnerable versions of postcss
node_modules/postcss-normalize-timing-functions
postcss-normalize-unicode <=4.0.1
Depends on vulnerable versions of postcss
node_modules/postcss-normalize-unicode
postcss-normalize-url 1.1.0 - 4.0.1
Depends on vulnerable versions of postcss
node_modules/postcss-normalize-url
postcss-normalize-whitespace <=4.0.2
Depends on vulnerable versions of postcss
node_modules/postcss-normalize-whitespace
postcss-ordered-values <=4.1.2
Depends on vulnerable versions of postcss
node_modules/postcss-ordered-values
postcss-overflow-shorthand <=2.0.0
Depends on vulnerable versions of postcss
node_modules/postcss-overflow-shorthand
postcss-page-break <=2.0.0
Depends on vulnerable versions of postcss
node_modules/postcss-page-break
postcss-place <=5.0.0
Depends on vulnerable versions of postcss
node_modules/postcss-place
postcss-pseudo-class-any-link <=6.0.0
Depends on vulnerable versions of postcss
node_modules/postcss-pseudo-class-any-link
postcss-reduce-initial <=4.0.3
Depends on vulnerable versions of postcss
node_modules/postcss-reduce-initial
postcss-reduce-transforms <=4.0.2
Depends on vulnerable versions of postcss
node_modules/postcss-reduce-transforms
postcss-replace-overflow-wrap <=3.0.0
Depends on vulnerable versions of postcss
node_modules/postcss-replace-overflow-wrap
postcss-safe-parser <=4.0.2
Depends on vulnerable versions of postcss
node_modules/postcss-safe-parser
postcss-selector-matches *
Depends on vulnerable versions of postcss
node_modules/postcss-selector-matches
postcss-selector-not <=4.0.1
Depends on vulnerable versions of postcss
node_modules/postcss-selector-not
postcss-unique-selectors <=4.0.1
Depends on vulnerable versions of postcss
node_modules/postcss-unique-selectors
postcss-url 3.3.0 - 10.0.0
Depends on vulnerable versions of postcss
node_modules/postcss-url
purgecss <=1.0.1 || 2.0.1-beta.0 - 3.0.0
Depends on vulnerable versions of postcss
node_modules/purgecss
stylehacks <=4.0.3
Depends on vulnerable versions of postcss
node_modules/stylehacks
prismjs <=1.26.0
Severity: high
prismjs Regular Expression Denial of Service vulnerability - https://github.com/advisories/GHSA-hqhp-5p83-hx96
Cross-site Scripting in Prism - https://github.com/advisories/GHSA-3949-f494-cm99
fix available via `npm audit fix`
node_modules/prismjs
pug <=3.0.2
Severity: moderate
Pug allows JavaScript code execution if an application accepts untrusted input - https://github.com/advisories/GHSA-3965-hpx2-q597
fix available via `npm audit fix`
node_modules/pug
qs 6.5.0 - 6.5.2 || 6.7.0 - 6.7.2 || 6.10.0 - 6.10.2
Severity: high
qs vulnerable to Prototype Pollution - https://github.com/advisories/GHSA-hrpp-h998-j3pp
qs vulnerable to Prototype Pollution - https://github.com/advisories/GHSA-hrpp-h998-j3pp
qs vulnerable to Prototype Pollution - https://github.com/advisories/GHSA-hrpp-h998-j3pp
fix available via `npm audit fix`
node_modules/body-parser/node_modules/qs
node_modules/express/node_modules/qs
node_modules/qs
node_modules/request/node_modules/qs
request *
Severity: moderate
Server-Side Request Forgery in Request - https://github.com/advisories/GHSA-p8p7-x288-28g6
Depends on vulnerable versions of tough-cookie
fix available via `npm audit fix`
node_modules/request
docsearch.js 2.6.0 - 2.6.3
Depends on vulnerable versions of request
node_modules/docsearch.js
semver <=5.7.1 || 6.0.0 - 6.3.0 || 7.0.0 - 7.5.1
Severity: high
semver vulnerable to Regular Expression Denial of Service - https://github.com/advisories/GHSA-c2qf-rxjj-qqgw
semver vulnerable to Regular Expression Denial of Service - https://github.com/advisories/GHSA-c2qf-rxjj-qqgw
semver vulnerable to Regular Expression Denial of Service - https://github.com/advisories/GHSA-c2qf-rxjj-qqgw
fix available via `npm audit fix`
node_modules/@babel/core/node_modules/semver
node_modules/@babel/eslint-parser/node_modules/semver
node_modules/@babel/helper-compilation-targets/node_modules/semver
node_modules/@babel/helper-define-polyfill-provider/node_modules/semver
node_modules/@babel/plugin-transform-runtime/node_modules/semver
node_modules/@babel/preset-env/node_modules/semver
node_modules/@vue/babel-preset-app/node_modules/semver
node_modules/@vuepress/core/node_modules/semver
node_modules/@vuepress/plugin-last-updated/node_modules/semver
node_modules/@vuepress/shared-utils/node_modules/semver
node_modules/algoliasearch/node_modules/semver
node_modules/babel-plugin-polyfill-corejs2/node_modules/semver
node_modules/copy-webpack-plugin/node_modules/semver
node_modules/core-js-compat/node_modules/semver
node_modules/default-gateway/node_modules/semver
node_modules/eslint-plugin-node/node_modules/semver
node_modules/eslint-plugin-vue/node_modules/semver
node_modules/hard-source-webpack-plugin/node_modules/semver
node_modules/make-dir/node_modules/semver
node_modules/markdown-eslint-parser/node_modules/cross-spawn/node_modules/semver
node_modules/markdown-eslint-parser/node_modules/semver
node_modules/normalize-package-data/node_modules/semver
node_modules/package-json/node_modules/semver
node_modules/sass-loader/node_modules/semver
node_modules/semver
node_modules/semver-diff/node_modules/semver
node_modules/stylus/node_modules/semver
node_modules/vue-eslint-parser/node_modules/semver
node_modules/webpack-dev-server/node_modules/semver
node_modules/webpack/node_modules/semver
core-js-compat 3.6.0 - 3.25.0
Depends on vulnerable versions of semver
node_modules/core-js-compat
semver-regex <=3.1.3
Severity: high
semver-regex Regular Expression Denial of Service (ReDOS) - https://github.com/advisories/GHSA-44c6-4v22-4mhx
Regular expression denial of service in semver-regex - https://github.com/advisories/GHSA-4x5v-gmq8-25ch
fix available via `npm audit fix`
node_modules/semver-regex
send <0.19.0
send vulnerable to template injection that can lead to XSS - https://github.com/advisories/GHSA-m6fv-jmcg-4jfg
fix available via `npm audit fix`
node_modules/send
serve-static <=1.16.0
Depends on vulnerable versions of send
node_modules/serve-static
shell-quote <=1.7.2
Severity: critical
Improper Neutralization of Special Elements used in a Command in Shell-quote - https://github.com/advisories/GHSA-g4rg-993r-mgx7
fix available via `npm audit fix`
node_modules/shell-quote
tar <6.2.1
Severity: moderate
Denial of service while parsing a tar file due to lack of folders count validation - https://github.com/advisories/GHSA-f5x3-32g6-xq36
fix available via `npm audit fix`
node_modules/tar
terser >=5.0.0 <5.14.2 || <4.8.1
Severity: high
Terser insecure use of regular expressions leads to ReDoS - https://github.com/advisories/GHSA-4wf5-vphf-c2xc
Terser insecure use of regular expressions leads to ReDoS - https://github.com/advisories/GHSA-4wf5-vphf-c2xc
fix available via `npm audit fix`
node_modules/terser
node_modules/terser-webpack-plugin/node_modules/terser
tough-cookie <4.1.3
Severity: moderate
tough-cookie Prototype Pollution vulnerability - https://github.com/advisories/GHSA-72xf-g2v4-qvf3
fix available via `npm audit fix`
node_modules/tough-cookie
trim <0.0.3
Severity: high
Regular Expression Denial of Service in trim - https://github.com/advisories/GHSA-w5p7-h5w8-2hfq
No fix available
node_modules/trim
remark-parse <=8.0.3
Depends on vulnerable versions of trim
node_modules/remark/node_modules/remark-parse
remark 5.0.0 - 12.0.1
Depends on vulnerable versions of remark-parse
node_modules/remark
eslint-plugin-md *
Depends on vulnerable versions of remark
node_modules/eslint-plugin-md
unified-message-control <=1.0.4
Depends on vulnerable versions of trim
node_modules/unified-message-control
remark-message-control 4.1.0 - 4.2.0
Depends on vulnerable versions of unified-message-control
node_modules/remark-message-control
ua-parser-js <0.7.33
Severity: high
ReDoS Vulnerability in ua-parser-js version - https://github.com/advisories/GHSA-fhg7-m89q-25r3
fix available via `npm audit fix`
node_modules/ua-parser-js
url-parse <=1.5.8
Severity: critical
Authorization bypass in url-parse - https://github.com/advisories/GHSA-rqff-837h-mm52
url-parse incorrectly parses hostname / protocol due to unstripped leading control characters. - https://github.com/advisories/GHSA-jf5r-8hm2-f872
url-parse Incorrectly parses URLs that include an '@' - https://github.com/advisories/GHSA-8v38-pw62-9cw2
Authorization Bypass Through User-Controlled Key in url-parse - https://github.com/advisories/GHSA-hgjh-723h-mx2j
fix available via `npm audit fix`
node_modules/url-parse
vue 2.0.0-alpha.1 - 2.7.16
ReDoS vulnerability in vue package that is exploitable through inefficient regex evaluation in the parseHTML function - https://github.com/advisories/GHSA-5j4c-8p2g-v4jx
fix available via `npm audit fix --force`
Will install [email protected], which is a breaking change
node_modules/vue
@nuxt/vue-app >=2.4.0
Depends on vulnerable versions of vue
Depends on vulnerable versions of vue-template-compiler
node_modules/@nuxt/vue-app
@nuxt/vue-renderer *
Depends on vulnerable versions of vue
Depends on vulnerable versions of vue-server-renderer
node_modules/@nuxt/vue-renderer
@vuepress/core <=1.9.10
Depends on vulnerable versions of @vuepress/markdown
Depends on vulnerable versions of @vuepress/markdown-loader
Depends on vulnerable versions of @vuepress/plugin-register-components
Depends on vulnerable versions of @vuepress/shared-utils
Depends on vulnerable versions of autoprefixer
Depends on vulnerable versions of chokidar
Depends on vulnerable versions of css-loader
Depends on vulnerable versions of optimize-css-assets-webpack-plugin
Depends on vulnerable versions of postcss-loader
Depends on vulnerable versions of postcss-safe-parser
Depends on vulnerable versions of vue
Depends on vulnerable versions of vue-loader
Depends on vulnerable versions of vue-server-renderer
Depends on vulnerable versions of vue-template-compiler
Depends on vulnerable versions of vuepress-html-webpack-plugin
Depends on vulnerable versions of webpack
node_modules/@vuepress/core
vue-template-compiler >=2.0.0
Severity: moderate
vue-template-compiler vulnerable to client-side Cross-Site Scripting (XSS) - https://github.com/advisories/GHSA-g3ch-rx76-35fx
fix available via `npm audit fix`
node_modules/vue-template-compiler
@nuxt/components >=1.2.1
Depends on vulnerable versions of vue-template-compiler
node_modules/@nuxt/components
vuetify 2.0.0-beta.4 - 2.6.9
Severity: moderate
Vuetify Cross-site Scripting vulnerability - https://github.com/advisories/GHSA-q4q5-c5cv-2p68
fix available via `npm audit fix`
node_modules/vuetify
webpack-dev-middleware <=5.3.3
Severity: high
Path traversal in webpack-dev-middleware - https://github.com/advisories/GHSA-wr3j-pwj9-hqq6
fix available via `npm audit fix`
node_modules/webpack-dev-middleware
node_modules/webpack-dev-server/node_modules/webpack-dev-middleware
word-wrap <1.2.4
Severity: moderate
word-wrap vulnerable to Regular Expression Denial of Service - https://github.com/advisories/GHSA-j8xg-fqg3-53r7
fix available via `npm audit fix`
node_modules/word-wrap
ws 6.0.0 - 6.2.2 || 7.0.0 - 7.5.9
Severity: high
ws affected by a DoS when handling a request with many HTTP headers - https://github.com/advisories/GHSA-3h5v-q93c-6h6q
ws affected by a DoS when handling a request with many HTTP headers - https://github.com/advisories/GHSA-3h5v-q93c-6h6q
fix available via `npm audit fix`
node_modules/webpack-dev-server/node_modules/ws
node_modules/ws
xml2js <0.5.0
Severity: moderate
xml2js is vulnerable to prototype pollution - https://github.com/advisories/GHSA-776f-qx25-q3cc
fix available via `npm audit fix`
node_modules/xml2js
@nuxt/content 1.4.0 - 1.15.1
Depends on vulnerable versions of xml2js
node_modules/@nuxt/content
195 vulnerabilities (9 low, 118 moderate, 54 high, 14 critical)
To address issues that do not require attention, run:
npm audit fix
To address all issues possible (including breaking changes), run:
npm audit fix --force
Some issues need review, and may require choosing
a different dependency.Changed filesChanged file:
|
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Base PullRequest
Updatebde24 (#126)
Command results
Details:
add path
ncu -u --packageFile package.json
npm install
stderr:
npm upgrade
stderr:
npm audit
Changed files
Changed file: