New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
vue-renderer #6780
Comments
+1, looks like a version bump in the yarn.lock would be in order as there is an updated version of the package available to mitigate the issue ( Also, it looks like this would only affect users who install nuxt using yarn at the moment, as there is no Yarn users can work around the issue for now using a custom module resolution in your |
Hey Mate, |
Hey @webdawe , If simply running https://nodejs.org/en/blog/npm/managing-node-js-dependencies-with-shrinkwrap/ |
Thanks @FreekVR . |
Issue will be fixed in Vue with vuejs/vue#10904 or vuejs/vue#10914 |
This has been released as a patch for Vue. |
nuxt 2.11 require vue 2.6.11 so this is fixed |
Version
v2.10.2
Reproduction link
https://nodesecurity.io/advisories/1426
Steps to reproduce
npm audit
What is expected ?
0 vulnerability
What is actually happening?
found 1 moderate severity vulnerability in 13460 scanned packages
1 vulnerability requires manual review. See the full report for details.
Moderate Cross-Site Scripting
Package serialize-javascript
Patched in >=2.1.1
Dependency of nuxt
Path nuxt > @nuxt/core > @nuxt/vue-renderer > vue-server-renderer
> serialize-javascript
More info https://nodesecurity.io/advisories/1426
Additional comments?
please advise how we can fix it
The text was updated successfully, but these errors were encountered: