The New Way to Build! Introducing ReUI — the developer platform for agentic UI with shadcn/ui
Learn More

Outdated / Depreciated VUE Metronic Packages

Can you please update packages configuration for VUE Metronic Version.

On "npm audit fix --force" breaks the build "npm run dev"

npm audit report

ansi-regex >2.1.1 <5.0.1 Severity: moderate Inefficient Regular Expression Complexity in chalk/ansi-regex - https://github.com/advisories/GHSA-93q8-gq69-wqmw fix available via npm audit fix --force Will install eslint@8.10.0, which is a breaking change node_modules/@vue/cli-service/node_modules/yargs/node_modules/ansi-regex node_modules/eslint/node_modules/ansi-regex node_modules/ora/node_modules/ansi-regex node_modules/table/node_modules/ansi-regex strip-ansi 4.0.0 - 5.2.0 Depends on vulnerable versions of ansi-regex node_modules/@vue/cli-service/node_modules/yargs/node_modules/strip-ansi node_modules/eslint/node_modules/strip-ansi node_modules/ora/node_modules/strip-ansi node_modules/table/node_modules/strip-ansi cliui 4.0.0 - 5.0.0 Depends on vulnerable versions of strip-ansi Depends on vulnerable versions of wrap-ansi node_modules/@vue/cli-service/node_modules/yargs/node_modules/cliui yargs 10.1.0 - 15.0.0 Depends on vulnerable versions of cliui Depends on vulnerable versions of string-width node_modules/@vue/cli-service/node_modules/yargs webpack-dev-server 2.0.0-beta - 4.7.2 Depends on vulnerable versions of chokidar Depends on vulnerable versions of selfsigned Depends on vulnerable versions of yargs node_modules/@vue/cli-service/node_modules/webpack-dev-server eslint 4.5.0 - 7.15.0 Depends on vulnerable versions of strip-ansi Depends on vulnerable versions of table node_modules/eslint ora 2.0.0 - 4.0.2 Depends on vulnerable versions of strip-ansi node_modules/ora @vue/cli-shared-utils <=4.5.15 Depends on vulnerable versions of ora node_modules/@vue/cli-shared-utils @vue/cli-plugin-eslint <=5.0.0-rc.3 Depends on vulnerable versions of @vue/cli-shared-utils Depends on vulnerable versions of globby node_modules/@vue/cli-plugin-eslint @vue/cli-plugin-router <=4.5.15 Depends on vulnerable versions of @vue/cli-shared-utils node_modules/@vue/cli-plugin-router @vue/cli-service <=5.0.0-rc.3 Depends on vulnerable versions of @vue/cli-plugin-router Depends on vulnerable versions of @vue/cli-shared-utils Depends on vulnerable versions of copy-webpack-plugin Depends on vulnerable versions of cssnano Depends on vulnerable versions of globby node_modules/@vue/cli-service @vue/cli-plugin-typescript <=5.0.0-rc.3 Depends on vulnerable versions of @vue/cli-shared-utils Depends on vulnerable versions of globby node_modules/@vue/cli-plugin-typescript string-width 2.1.0 - 4.1.0 Depends on vulnerable versions of strip-ansi node_modules/@vue/cli-service/node_modules/yargs/node_modules/string-width node_modules/table/node_modules/string-width table 4.0.2 - 5.4.6 Depends on vulnerable versions of string-width node_modules/table wrap-ansi 3.0.0 - 6.1.0 Depends on vulnerable versions of string-width Depends on vulnerable versions of strip-ansi node_modules/@vue/cli-service/node_modules/yargs/node_modules/wrap-ansi

apexcharts <3.24.0 Severity: moderate XSS in apexcharts - https://github.com/advisories/GHSA-w46j-8hm6-h8mm fix available via npm audit fix --force Will install apexcharts@3.33.2, which is outside the stated dependency range node_modules/apexcharts

glob-parent <5.1.2 Severity: high Regular expression denial of service - https://github.com/advisories/GHSA-ww39-953v-wcq6 fix available via npm audit fix --force Will install @vue/cli-service@5.0.1, which is a breaking change node_modules/@vue/cli-plugin-eslint/node_modules/glob-parent node_modules/@vue/cli-plugin-typescript/node_modules/glob-parent node_modules/@vue/cli-service/node_modules/glob-parent node_modules/copy-webpack-plugin/node_modules/glob-parent node_modules/watchpack-chokidar2/node_modules/glob-parent chokidar 1.0.0-rc1 - 2.1.8 Depends on vulnerable versions of glob-parent node_modules/@vue/cli-service/node_modules/webpack-dev-server/node_modules/chokidar node_modules/watchpack-chokidar2/node_modules/chokidar watchpack-chokidar2 * Depends on vulnerable versions of chokidar node_modules/watchpack-chokidar2 watchpack 1.7.2 - 1.7.5 Depends on vulnerable versions of watchpack-chokidar2 node_modules/@vue/cli-plugin-eslint/node_modules/watchpack node_modules/@vue/cli-plugin-typescript/node_modules/watchpack node_modules/@vue/cli-service/node_modules/watchpack webpack 4.44.0 - 4.46.0 Depends on vulnerable versions of watchpack node_modules/@vue/cli-plugin-eslint/node_modules/webpack node_modules/@vue/cli-plugin-typescript/node_modules/webpack node_modules/@vue/cli-service/node_modules/webpack webpack-dev-server 2.0.0-beta - 4.7.2 Depends on vulnerable versions of chokidar Depends on vulnerable versions of selfsigned Depends on vulnerable versions of yargs node_modules/@vue/cli-service/node_modules/webpack-dev-server copy-webpack-plugin 5.0.1 - 5.1.2 Depends on vulnerable versions of glob-parent node_modules/copy-webpack-plugin @vue/cli-service <=5.0.0-rc.3 Depends on vulnerable versions of @vue/cli-plugin-router Depends on vulnerable versions of @vue/cli-shared-utils Depends on vulnerable versions of copy-webpack-plugin Depends on vulnerable versions of cssnano Depends on vulnerable versions of globby node_modules/@vue/cli-service fast-glob <=2.2.7 Depends on vulnerable versions of glob-parent node_modules/@vue/cli-plugin-eslint/node_modules/fast-glob node_modules/@vue/cli-plugin-typescript/node_modules/fast-glob node_modules/@vue/cli-service/node_modules/fast-glob globby 8.0.0 - 9.2.0 Depends on vulnerable versions of fast-glob node_modules/@vue/cli-plugin-eslint/node_modules/globby node_modules/@vue/cli-plugin-typescript/node_modules/globby node_modules/@vue/cli-service/node_modules/globby @vue/cli-plugin-eslint <=5.0.0-rc.3 Depends on vulnerable versions of @vue/cli-shared-utils Depends on vulnerable versions of globby node_modules/@vue/cli-plugin-eslint @vue/cli-plugin-typescript <=5.0.0-rc.3 Depends on vulnerable versions of @vue/cli-shared-utils Depends on vulnerable versions of globby node_modules/@vue/cli-plugin-typescript

node-forge <1.0.0 URL parsing in node-forge could lead to undesired behavior. - https://github.com/advisories/GHSA-gf8q-jrpm-jvxq fix available via npm audit fix node_modules/@vue/cli-service/node_modules/node-forge selfsigned 1.1.1 - 1.10.14 Depends on vulnerable versions of node-forge node_modules/@vue/cli-service/node_modules/selfsigned webpack-dev-server 2.0.0-beta - 4.7.2 Depends on vulnerable versions of chokidar Depends on vulnerable versions of selfsigned Depends on vulnerable versions of yargs node_modules/@vue/cli-service/node_modules/webpack-dev-server

nth-check <2.0.1 Severity: moderate Inefficient Regular Expression Complexity in nth-check - https://github.com/advisories/GHSA-rp65-9cf3-cjxr fix available via npm audit fix --force Will install @vue/cli-service@5.0.1, which is a breaking change node_modules/@vue/cli-service/node_modules/nth-check node_modules/webpack-rtl-plugin/node_modules/nth-check css-select <=3.1.0 Depends on vulnerable versions of nth-check node_modules/@vue/cli-service/node_modules/css-select node_modules/webpack-rtl-plugin/node_modules/css-select svgo 1.0.0 - 1.3.2 Depends on vulnerable versions of css-select node_modules/@vue/cli-service/node_modules/svgo node_modules/webpack-rtl-plugin/node_modules/svgo postcss-svgo 4.0.0-nightly.2020.1.9 - 5.0.0-rc.2 Depends on vulnerable versions of svgo node_modules/@vue/cli-service/node_modules/postcss-svgo node_modules/webpack-rtl-plugin/node_modules/postcss-svgo cssnano-preset-default <=4.0.8 Depends on vulnerable versions of postcss-svgo node_modules/@vue/cli-service/node_modules/cssnano-preset-default node_modules/webpack-rtl-plugin/node_modules/cssnano-preset-default @intervolga/optimize-cssnano-plugin >=1.0.2 Depends on vulnerable versions of cssnano-preset-default node_modules/@vue/cli-service/node_modules/@intervolga/optimize-cssnano-plugin cssnano 4.0.0-nightly.2020.1.9 - 4.1.11 Depends on vulnerable versions of cssnano-preset-default node_modules/@vue/cli-service/node_modules/cssnano node_modules/webpack-rtl-plugin/node_modules/cssnano @vue/cli-service <=5.0.0-rc.3 Depends on vulnerable versions of @vue/cli-plugin-router Depends on vulnerable versions of @vue/cli-shared-utils Depends on vulnerable versions of copy-webpack-plugin Depends on vulnerable versions of cssnano Depends on vulnerable versions of globby node_modules/@vue/cli-service webpack-rtl-plugin * Depends on vulnerable versions of @romainberger/css-diff Depends on vulnerable versions of cssnano Depends on vulnerable versions of rtlcss node_modules/webpack-rtl-plugin

postcss <7.0.36 Severity: moderate Regular Expression Denial of Service in postcss - https://github.com/advisories/GHSA-566m-qj78-rww5 fix available via npm audit fix --force Will install webpack-rtl-plugin@1.3.0, which is a breaking change node_modules/@romainberger/css-diff/node_modules/postcss node_modules/rtlcss/node_modules/postcss node_modules/webpack-rtl-plugin/node_modules/rtlcss/node_modules/postcss @romainberger/css-diff * Depends on vulnerable versions of postcss node_modules/@romainberger/css-diff webpack-rtl-plugin * Depends on vulnerable versions of @romainberger/css-diff Depends on vulnerable versions of cssnano Depends on vulnerable versions of rtlcss node_modules/webpack-rtl-plugin rtlcss <=2.6.2 Depends on vulnerable versions of postcss node_modules/rtlcss node_modules/webpack-rtl-plugin/node_modules/rtlcss rtlcss-webpack-plugin * Depends on vulnerable versions of rtlcss node_modules/rtlcss-webpack-plugin

quill <=1.3.7 Severity: moderate Cross-site Scripting in quill - https://github.com/advisories/GHSA-4943-9vgg-gr5r No fix available node_modules/quill

39 vulnerabilities (2 low, 25 moderate, 12 high)

To address issues that do not require attention, run: npm audit fix

To address all issues possible (including breaking changes), run: npm audit fix --force

Some issues need review, and may require choosing a different dependency.

Text formatting options
Submit
Click any option to insert into your comment. Select text first to wrap it.
  • **text** to make things bold
  • *text* to emphasize
  • ### Heading to make headings
  • [link text](url) for links
  • ![alt text](image-url) to paste in an image
  • - item to make a list
  • 1. item to make an ordered list
  • > quote to quote somebody
  • `code` for single line of code
  • ```js ... ``` for JS code block
  • ```html ... ``` for HTML code block
  • ```scss ... ``` for SCSS code block
  • ```php ... ``` for PHP code block
  • --- for a horizontal rule
  • happy  :)
  • shocked  :|
  • sad  :(

Replies (4)


Hi Amardeep!

Could you please specify which Metronic version are you using?



Metronic v8.0.36



Hi Amardeep,

Thank you for your feedback.

We will review this and update all dependencies in the upcoming Metronic release.


npm audit report

ansi-regex >2.1.1 <5.0.1 Severity: moderate Inefficient Regular Expression Complexity in chalk/ansi-regex - https://github.com/advisories/GHSA-93q8-gq69-wqmw fix available via npm audit fix --force Will install eslint@8.10.0, which is a breaking change node_modules/@vue/cli-service/node_modules/yargs/node_modules/ansi-regex node_modules/eslint/node_modules/ansi-regex node_modules/ora/node_modules/ansi-regex node_modules/table/node_modules/ansi-regex strip-ansi 4.0.0 - 5.2.0 Depends on vulnerable versions of ansi-regex node_modules/@vue/cli-service/node_modules/yargs/node_modules/strip-ansi node_modules/eslint/node_modules/strip-ansi node_modules/ora/node_modules/strip-ansi node_modules/table/node_modules/strip-ansi cliui 4.0.0 - 5.0.0 Depends on vulnerable versions of strip-ansi Depends on vulnerable versions of wrap-ansi node_modules/@vue/cli-service/node_modules/yargs/node_modules/cliui yargs 10.1.0 - 15.0.0 Depends on vulnerable versions of cliui Depends on vulnerable versions of string-width node_modules/@vue/cli-service/node_modules/yargs webpack-dev-server 2.0.0-beta - 4.7.2 Depends on vulnerable versions of chokidar Depends on vulnerable versions of selfsigned Depends on vulnerable versions of yargs node_modules/@vue/cli-service/node_modules/webpack-dev-server eslint 4.5.0 - 7.15.0 Depends on vulnerable versions of strip-ansi Depends on vulnerable versions of table node_modules/eslint ora 2.0.0 - 4.0.2 Depends on vulnerable versions of strip-ansi node_modules/ora @vue/cli-shared-utils <=4.5.15 Depends on vulnerable versions of ora node_modules/@vue/cli-shared-utils @vue/cli-plugin-eslint <=5.0.0-rc.3 Depends on vulnerable versions of @vue/cli-shared-utils Depends on vulnerable versions of globby node_modules/@vue/cli-plugin-eslint @vue/cli-plugin-router <=4.5.15 Depends on vulnerable versions of @vue/cli-shared-utils node_modules/@vue/cli-plugin-router @vue/cli-service <=5.0.0-rc.3 Depends on vulnerable versions of @vue/cli-plugin-router Depends on vulnerable versions of @vue/cli-shared-utils Depends on vulnerable versions of copy-webpack-plugin Depends on vulnerable versions of cssnano Depends on vulnerable versions of globby node_modules/@vue/cli-service @vue/cli-plugin-typescript <=5.0.0-rc.3 Depends on vulnerable versions of @vue/cli-shared-utils Depends on vulnerable versions of globby node_modules/@vue/cli-plugin-typescript string-width 2.1.0 - 4.1.0 Depends on vulnerable versions of strip-ansi node_modules/@vue/cli-service/node_modules/yargs/node_modules/string-width node_modules/table/node_modules/string-width table 4.0.2 - 5.4.6 Depends on vulnerable versions of string-width node_modules/table wrap-ansi 3.0.0 - 6.1.0 Depends on vulnerable versions of string-width Depends on vulnerable versions of strip-ansi node_modules/@vue/cli-service/node_modules/yargs/node_modules/wrap-ansi

apexcharts <3.24.0 Severity: moderate XSS in apexcharts - https://github.com/advisories/GHSA-w46j-8hm6-h8mm fix available via npm audit fix --force Will install apexcharts@3.33.2, which is outside the stated dependency range node_modules/apexcharts

glob-parent <5.1.2 Severity: high Regular expression denial of service - https://github.com/advisories/GHSA-ww39-953v-wcq6 fix available via npm audit fix --force Will install @vue/cli-service@5.0.1, which is a breaking change node_modules/@vue/cli-plugin-eslint/node_modules/glob-parent node_modules/@vue/cli-plugin-typescript/node_modules/glob-parent node_modules/@vue/cli-service/node_modules/glob-parent node_modules/copy-webpack-plugin/node_modules/glob-parent node_modules/watchpack-chokidar2/node_modules/glob-parent chokidar 1.0.0-rc1 - 2.1.8 Depends on vulnerable versions of glob-parent node_modules/@vue/cli-service/node_modules/webpack-dev-server/node_modules/chokidar node_modules/watchpack-chokidar2/node_modules/chokidar watchpack-chokidar2 * Depends on vulnerable versions of chokidar node_modules/watchpack-chokidar2 watchpack 1.7.2 - 1.7.5 Depends on vulnerable versions of watchpack-chokidar2 node_modules/@vue/cli-plugin-eslint/node_modules/watchpack node_modules/@vue/cli-plugin-typescript/node_modules/watchpack node_modules/@vue/cli-service/node_modules/watchpack webpack 4.44.0 - 4.46.0 Depends on vulnerable versions of watchpack node_modules/@vue/cli-plugin-eslint/node_modules/webpack node_modules/@vue/cli-plugin-typescript/node_modules/webpack node_modules/@vue/cli-service/node_modules/webpack webpack-dev-server 2.0.0-beta - 4.7.2 Depends on vulnerable versions of chokidar Depends on vulnerable versions of selfsigned Depends on vulnerable versions of yargs node_modules/@vue/cli-service/node_modules/webpack-dev-server copy-webpack-plugin 5.0.1 - 5.1.2 Depends on vulnerable versions of glob-parent node_modules/copy-webpack-plugin @vue/cli-service <=5.0.0-rc.3 Depends on vulnerable versions of @vue/cli-plugin-router Depends on vulnerable versions of @vue/cli-shared-utils Depends on vulnerable versions of copy-webpack-plugin Depends on vulnerable versions of cssnano Depends on vulnerable versions of globby node_modules/@vue/cli-service fast-glob <=2.2.7 Depends on vulnerable versions of glob-parent node_modules/@vue/cli-plugin-eslint/node_modules/fast-glob node_modules/@vue/cli-plugin-typescript/node_modules/fast-glob node_modules/@vue/cli-service/node_modules/fast-glob globby 8.0.0 - 9.2.0 Depends on vulnerable versions of fast-glob node_modules/@vue/cli-plugin-eslint/node_modules/globby node_modules/@vue/cli-plugin-typescript/node_modules/globby node_modules/@vue/cli-service/node_modules/globby @vue/cli-plugin-eslint <=5.0.0-rc.3 Depends on vulnerable versions of @vue/cli-shared-utils Depends on vulnerable versions of globby node_modules/@vue/cli-plugin-eslint @vue/cli-plugin-typescript <=5.0.0-rc.3 Depends on vulnerable versions of @vue/cli-shared-utils Depends on vulnerable versions of globby node_modules/@vue/cli-plugin-typescript

node-forge <1.0.0 URL parsing in node-forge could lead to undesired behavior. - https://github.com/advisories/GHSA-gf8q-jrpm-jvxq fix available via npm audit fix node_modules/@vue/cli-service/node_modules/node-forge selfsigned 1.1.1 - 1.10.14 Depends on vulnerable versions of node-forge node_modules/@vue/cli-service/node_modules/selfsigned webpack-dev-server 2.0.0-beta - 4.7.2 Depends on vulnerable versions of chokidar Depends on vulnerable versions of selfsigned Depends on vulnerable versions of yargs node_modules/@vue/cli-service/node_modules/webpack-dev-server

nth-check <2.0.1 Severity: moderate Inefficient Regular Expression Complexity in nth-check - https://github.com/advisories/GHSA-rp65-9cf3-cjxr fix available via npm audit fix --force Will install @vue/cli-service@5.0.1, which is a breaking change node_modules/@vue/cli-service/node_modules/nth-check node_modules/webpack-rtl-plugin/node_modules/nth-check css-select <=3.1.0 Depends on vulnerable versions of nth-check node_modules/@vue/cli-service/node_modules/css-select node_modules/webpack-rtl-plugin/node_modules/css-select svgo 1.0.0 - 1.3.2 Depends on vulnerable versions of css-select node_modules/@vue/cli-service/node_modules/svgo node_modules/webpack-rtl-plugin/node_modules/svgo postcss-svgo 4.0.0-nightly.2020.1.9 - 5.0.0-rc.2 Depends on vulnerable versions of svgo node_modules/@vue/cli-service/node_modules/postcss-svgo node_modules/webpack-rtl-plugin/node_modules/postcss-svgo cssnano-preset-default <=4.0.8 Depends on vulnerable versions of postcss-svgo node_modules/@vue/cli-service/node_modules/cssnano-preset-default node_modules/webpack-rtl-plugin/node_modules/cssnano-preset-default @intervolga/optimize-cssnano-plugin >=1.0.2 Depends on vulnerable versions of cssnano-preset-default node_modules/@vue/cli-service/node_modules/@intervolga/optimize-cssnano-plugin cssnano 4.0.0-nightly.2020.1.9 - 4.1.11 Depends on vulnerable versions of cssnano-preset-default node_modules/@vue/cli-service/node_modules/cssnano node_modules/webpack-rtl-plugin/node_modules/cssnano @vue/cli-service <=5.0.0-rc.3 Depends on vulnerable versions of @vue/cli-plugin-router Depends on vulnerable versions of @vue/cli-shared-utils Depends on vulnerable versions of copy-webpack-plugin Depends on vulnerable versions of cssnano Depends on vulnerable versions of globby node_modules/@vue/cli-service webpack-rtl-plugin * Depends on vulnerable versions of @romainberger/css-diff Depends on vulnerable versions of cssnano Depends on vulnerable versions of rtlcss node_modules/webpack-rtl-plugin

postcss <7.0.36 Severity: moderate Regular Expression Denial of Service in postcss - https://github.com/advisories/GHSA-566m-qj78-rww5 fix available via npm audit fix --force Will install webpack-rtl-plugin@1.3.0, which is a breaking change node_modules/@romainberger/css-diff/node_modules/postcss node_modules/rtlcss/node_modules/postcss node_modules/webpack-rtl-plugin/node_modules/rtlcss/node_modules/postcss @romainberger/css-diff * Depends on vulnerable versions of postcss node_modules/@romainberger/css-diff webpack-rtl-plugin * Depends on vulnerable versions of @romainberger/css-diff Depends on vulnerable versions of cssnano Depends on vulnerable versions of rtlcss node_modules/webpack-rtl-plugin rtlcss <=2.6.2 Depends on vulnerable versions of postcss node_modules/rtlcss node_modules/webpack-rtl-plugin/node_modules/rtlcss rtlcss-webpack-plugin * Depends on vulnerable versions of rtlcss node_modules/rtlcss-webpack-plugin

quill <=1.3.7 Severity: moderate Cross-site Scripting in quill - https://github.com/advisories/GHSA-4943-9vgg-gr5r No fix available node_modules/quill

39 vulnerabilities (2 low, 25 moderate, 12 high)

To address issues that do not require attention, run: npm audit fix

To address all issues possible (including breaking changes), run: npm audit fix --force

Some issues need review, and may require choosing a different dependency.

Text formatting options
Submit
Click any option to insert into your comment. Select text first to wrap it.
  • **text** to make things bold
  • *text* to emphasize
  • ### Heading to make headings
  • [link text](url) for links
  • ![alt text](image-url) to paste in an image
  • - item to make a list
  • 1. item to make an ordered list
  • > quote to quote somebody
  • `code` for single line of code
  • ```js ... ``` for JS code block
  • ```html ... ``` for HTML code block
  • ```scss ... ``` for SCSS code block
  • ```php ... ``` for PHP code block
  • --- for a horizontal rule
  • happy  :)
  • shocked  :|
  • sad  :(
Text formatting options
Submit
Click any option to insert into your comment. Select text first to wrap it.
  • **text** to make things bold
  • *text* to emphasize
  • ### Heading to make headings
  • [link text](url) for links
  • ![alt text](image-url) to paste in an image
  • - item to make a list
  • 1. item to make an ordered list
  • > quote to quote somebody
  • `code` for single line of code
  • ```js ... ``` for JS code block
  • ```html ... ``` for HTML code block
  • ```scss ... ``` for SCSS code block
  • ```php ... ``` for PHP code block
  • --- for a horizontal rule
  • happy  :)
  • shocked  :|
  • sad  :(