Can you please update packages configuration for VUE Metronic Version.
On "npm audit fix --force" breaks the build "npm run dev"
# npm audit report
ansi-regex >2.1.1 <5.0.1
Severity: moderate
Inefficient Regular Expression Complexity in chalk/ansi-regex - https://github.com/advisories/GHSA-93q8-gq69-wqmw
fix available via `npm audit fix --force`
Will install eslint@8.10.0, which is a breaking change
node_modules/@vue/cli-service/node_modules/yargs/node_modules/ansi-regex
node_modules/eslint/node_modules/ansi-regex
node_modules/ora/node_modules/ansi-regex
node_modules/table/node_modules/ansi-regex
strip-ansi 4.0.0 - 5.2.0
Depends on vulnerable versions of ansi-regex
node_modules/@vue/cli-service/node_modules/yargs/node_modules/strip-ansi
node_modules/eslint/node_modules/strip-ansi
node_modules/ora/node_modules/strip-ansi
node_modules/table/node_modules/strip-ansi
cliui 4.0.0 - 5.0.0
Depends on vulnerable versions of strip-ansi
Depends on vulnerable versions of wrap-ansi
node_modules/@vue/cli-service/node_modules/yargs/node_modules/cliui
yargs 10.1.0 - 15.0.0
Depends on vulnerable versions of cliui
Depends on vulnerable versions of string-width
node_modules/@vue/cli-service/node_modules/yargs
webpack-dev-server 2.0.0-beta - 4.7.2
Depends on vulnerable versions of chokidar
Depends on vulnerable versions of selfsigned
Depends on vulnerable versions of yargs
node_modules/@vue/cli-service/node_modules/webpack-dev-server
eslint 4.5.0 - 7.15.0
Depends on vulnerable versions of strip-ansi
Depends on vulnerable versions of table
node_modules/eslint
ora 2.0.0 - 4.0.2
Depends on vulnerable versions of strip-ansi
node_modules/ora
@vue/cli-shared-utils <=4.5.15
Depends on vulnerable versions of ora
node_modules/@vue/cli-shared-utils
@vue/cli-plugin-eslint <=5.0.0-rc.3
Depends on vulnerable versions of @vue/cli-shared-utils
Depends on vulnerable versions of globby
node_modules/@vue/cli-plugin-eslint
@vue/cli-plugin-router <=4.5.15
Depends on vulnerable versions of @vue/cli-shared-utils
node_modules/@vue/cli-plugin-router
@vue/cli-service <=5.0.0-rc.3
Depends on vulnerable versions of @vue/cli-plugin-router
Depends on vulnerable versions of @vue/cli-shared-utils
Depends on vulnerable versions of copy-webpack-plugin
Depends on vulnerable versions of cssnano
Depends on vulnerable versions of globby
node_modules/@vue/cli-service
@vue/cli-plugin-typescript <=5.0.0-rc.3
Depends on vulnerable versions of @vue/cli-shared-utils
Depends on vulnerable versions of globby
node_modules/@vue/cli-plugin-typescript
string-width 2.1.0 - 4.1.0
Depends on vulnerable versions of strip-ansi
node_modules/@vue/cli-service/node_modules/yargs/node_modules/string-width
node_modules/table/node_modules/string-width
table 4.0.2 - 5.4.6
Depends on vulnerable versions of string-width
node_modules/table
wrap-ansi 3.0.0 - 6.1.0
Depends on vulnerable versions of string-width
Depends on vulnerable versions of strip-ansi
node_modules/@vue/cli-service/node_modules/yargs/node_modules/wrap-ansi
apexcharts <3.24.0
Severity: moderate
XSS in apexcharts - https://github.com/advisories/GHSA-w46j-8hm6-h8mm
fix available via `npm audit fix --force`
Will install apexcharts@3.33.2, which is outside the stated dependency range
node_modules/apexcharts
glob-parent <5.1.2
Severity: high
Regular expression denial of service - https://github.com/advisories/GHSA-ww39-953v-wcq6
fix available via `npm audit fix --force`
Will install @vue/cli-service@5.0.1, which is a breaking change
node_modules/@vue/cli-plugin-eslint/node_modules/glob-parent
node_modules/@vue/cli-plugin-typescript/node_modules/glob-parent
node_modules/@vue/cli-service/node_modules/glob-parent
node_modules/copy-webpack-plugin/node_modules/glob-parent
node_modules/watchpack-chokidar2/node_modules/glob-parent
chokidar 1.0.0-rc1 - 2.1.8
Depends on vulnerable versions of glob-parent
node_modules/@vue/cli-service/node_modules/webpack-dev-server/node_modules/chokidar
node_modules/watchpack-chokidar2/node_modules/chokidar
watchpack-chokidar2 *
Depends on vulnerable versions of chokidar
node_modules/watchpack-chokidar2
watchpack 1.7.2 - 1.7.5
Depends on vulnerable versions of watchpack-chokidar2
node_modules/@vue/cli-plugin-eslint/node_modules/watchpack
node_modules/@vue/cli-plugin-typescript/node_modules/watchpack
node_modules/@vue/cli-service/node_modules/watchpack
webpack 4.44.0 - 4.46.0
Depends on vulnerable versions of watchpack
node_modules/@vue/cli-plugin-eslint/node_modules/webpack
node_modules/@vue/cli-plugin-typescript/node_modules/webpack
node_modules/@vue/cli-service/node_modules/webpack
webpack-dev-server 2.0.0-beta - 4.7.2
Depends on vulnerable versions of chokidar
Depends on vulnerable versions of selfsigned
Depends on vulnerable versions of yargs
node_modules/@vue/cli-service/node_modules/webpack-dev-server
copy-webpack-plugin 5.0.1 - 5.1.2
Depends on vulnerable versions of glob-parent
node_modules/copy-webpack-plugin
@vue/cli-service <=5.0.0-rc.3
Depends on vulnerable versions of @vue/cli-plugin-router
Depends on vulnerable versions of @vue/cli-shared-utils
Depends on vulnerable versions of copy-webpack-plugin
Depends on vulnerable versions of cssnano
Depends on vulnerable versions of globby
node_modules/@vue/cli-service
fast-glob <=2.2.7
Depends on vulnerable versions of glob-parent
node_modules/@vue/cli-plugin-eslint/node_modules/fast-glob
node_modules/@vue/cli-plugin-typescript/node_modules/fast-glob
node_modules/@vue/cli-service/node_modules/fast-glob
globby 8.0.0 - 9.2.0
Depends on vulnerable versions of fast-glob
node_modules/@vue/cli-plugin-eslint/node_modules/globby
node_modules/@vue/cli-plugin-typescript/node_modules/globby
node_modules/@vue/cli-service/node_modules/globby
@vue/cli-plugin-eslint <=5.0.0-rc.3
Depends on vulnerable versions of @vue/cli-shared-utils
Depends on vulnerable versions of globby
node_modules/@vue/cli-plugin-eslint
@vue/cli-plugin-typescript <=5.0.0-rc.3
Depends on vulnerable versions of @vue/cli-shared-utils
Depends on vulnerable versions of globby
node_modules/@vue/cli-plugin-typescript
node-forge <1.0.0
URL parsing in node-forge could lead to undesired behavior. - https://github.com/advisories/GHSA-gf8q-jrpm-jvxq
fix available via `npm audit fix`
node_modules/@vue/cli-service/node_modules/node-forge
selfsigned 1.1.1 - 1.10.14
Depends on vulnerable versions of node-forge
node_modules/@vue/cli-service/node_modules/selfsigned
webpack-dev-server 2.0.0-beta - 4.7.2
Depends on vulnerable versions of chokidar
Depends on vulnerable versions of selfsigned
Depends on vulnerable versions of yargs
node_modules/@vue/cli-service/node_modules/webpack-dev-server
nth-check <2.0.1
Severity: moderate
Inefficient Regular Expression Complexity in nth-check - https://github.com/advisories/GHSA-rp65-9cf3-cjxr
fix available via `npm audit fix --force`
Will install @vue/cli-service@5.0.1, which is a breaking change
node_modules/@vue/cli-service/node_modules/nth-check
node_modules/webpack-rtl-plugin/node_modules/nth-check
css-select <=3.1.0
Depends on vulnerable versions of nth-check
node_modules/@vue/cli-service/node_modules/css-select
node_modules/webpack-rtl-plugin/node_modules/css-select
svgo 1.0.0 - 1.3.2
Depends on vulnerable versions of css-select
node_modules/@vue/cli-service/node_modules/svgo
node_modules/webpack-rtl-plugin/node_modules/svgo
postcss-svgo 4.0.0-nightly.2020.1.9 - 5.0.0-rc.2
Depends on vulnerable versions of svgo
node_modules/@vue/cli-service/node_modules/postcss-svgo
node_modules/webpack-rtl-plugin/node_modules/postcss-svgo
cssnano-preset-default <=4.0.8
Depends on vulnerable versions of postcss-svgo
node_modules/@vue/cli-service/node_modules/cssnano-preset-default
node_modules/webpack-rtl-plugin/node_modules/cssnano-preset-default
@intervolga/optimize-cssnano-plugin >=1.0.2
Depends on vulnerable versions of cssnano-preset-default
node_modules/@vue/cli-service/node_modules/@intervolga/optimize-cssnano-plugin
cssnano 4.0.0-nightly.2020.1.9 - 4.1.11
Depends on vulnerable versions of cssnano-preset-default
node_modules/@vue/cli-service/node_modules/cssnano
node_modules/webpack-rtl-plugin/node_modules/cssnano
@vue/cli-service <=5.0.0-rc.3
Depends on vulnerable versions of @vue/cli-plugin-router
Depends on vulnerable versions of @vue/cli-shared-utils
Depends on vulnerable versions of copy-webpack-plugin
Depends on vulnerable versions of cssnano
Depends on vulnerable versions of globby
node_modules/@vue/cli-service
webpack-rtl-plugin *
Depends on vulnerable versions of @romainberger/css-diff
Depends on vulnerable versions of cssnano
Depends on vulnerable versions of rtlcss
node_modules/webpack-rtl-plugin
postcss <7.0.36
Severity: moderate
Regular Expression Denial of Service in postcss - https://github.com/advisories/GHSA-566m-qj78-rww5
fix available via `npm audit fix --force`
Will install webpack-rtl-plugin@1.3.0, which is a breaking change
node_modules/@romainberger/css-diff/node_modules/postcss
node_modules/rtlcss/node_modules/postcss
node_modules/webpack-rtl-plugin/node_modules/rtlcss/node_modules/postcss
@romainberger/css-diff *
Depends on vulnerable versions of postcss
node_modules/@romainberger/css-diff
webpack-rtl-plugin *
Depends on vulnerable versions of @romainberger/css-diff
Depends on vulnerable versions of cssnano
Depends on vulnerable versions of rtlcss
node_modules/webpack-rtl-plugin
rtlcss <=2.6.2
Depends on vulnerable versions of postcss
node_modules/rtlcss
node_modules/webpack-rtl-plugin/node_modules/rtlcss
rtlcss-webpack-plugin *
Depends on vulnerable versions of rtlcss
node_modules/rtlcss-webpack-plugin
quill <=1.3.7
Severity: moderate
Cross-site Scripting in quill - https://github.com/advisories/GHSA-4943-9vgg-gr5r
No fix available
node_modules/quill
39 vulnerabilities (2 low, 25 moderate, 12 high)
To address issues that do not require attention, run:
npm audit fix
To address all issues possible (including breaking changes), run:
npm audit fix --force
Some issues need review, and may require choosing
a different dependency.
Hi Amardeep!
Could you please specify which Metronic version are you using?
Metronic v8.0.36
Hi Amardeep,
Thank you for your feedback.
We will review this and update all dependencies in the upcoming Metronic release.
# npm audit report
ansi-regex >2.1.1 <5.0.1
Severity: moderate
Inefficient Regular Expression Complexity in chalk/ansi-regex - https://github.com/advisories/GHSA-93q8-gq69-wqmw
fix available via `npm audit fix --force`
Will install eslint@8.10.0, which is a breaking change
node_modules/@vue/cli-service/node_modules/yargs/node_modules/ansi-regex
node_modules/eslint/node_modules/ansi-regex
node_modules/ora/node_modules/ansi-regex
node_modules/table/node_modules/ansi-regex
strip-ansi 4.0.0 - 5.2.0
Depends on vulnerable versions of ansi-regex
node_modules/@vue/cli-service/node_modules/yargs/node_modules/strip-ansi
node_modules/eslint/node_modules/strip-ansi
node_modules/ora/node_modules/strip-ansi
node_modules/table/node_modules/strip-ansi
cliui 4.0.0 - 5.0.0
Depends on vulnerable versions of strip-ansi
Depends on vulnerable versions of wrap-ansi
node_modules/@vue/cli-service/node_modules/yargs/node_modules/cliui
yargs 10.1.0 - 15.0.0
Depends on vulnerable versions of cliui
Depends on vulnerable versions of string-width
node_modules/@vue/cli-service/node_modules/yargs
webpack-dev-server 2.0.0-beta - 4.7.2
Depends on vulnerable versions of chokidar
Depends on vulnerable versions of selfsigned
Depends on vulnerable versions of yargs
node_modules/@vue/cli-service/node_modules/webpack-dev-server
eslint 4.5.0 - 7.15.0
Depends on vulnerable versions of strip-ansi
Depends on vulnerable versions of table
node_modules/eslint
ora 2.0.0 - 4.0.2
Depends on vulnerable versions of strip-ansi
node_modules/ora
@vue/cli-shared-utils <=4.5.15
Depends on vulnerable versions of ora
node_modules/@vue/cli-shared-utils
@vue/cli-plugin-eslint <=5.0.0-rc.3
Depends on vulnerable versions of @vue/cli-shared-utils
Depends on vulnerable versions of globby
node_modules/@vue/cli-plugin-eslint
@vue/cli-plugin-router <=4.5.15
Depends on vulnerable versions of @vue/cli-shared-utils
node_modules/@vue/cli-plugin-router
@vue/cli-service <=5.0.0-rc.3
Depends on vulnerable versions of @vue/cli-plugin-router
Depends on vulnerable versions of @vue/cli-shared-utils
Depends on vulnerable versions of copy-webpack-plugin
Depends on vulnerable versions of cssnano
Depends on vulnerable versions of globby
node_modules/@vue/cli-service
@vue/cli-plugin-typescript <=5.0.0-rc.3
Depends on vulnerable versions of @vue/cli-shared-utils
Depends on vulnerable versions of globby
node_modules/@vue/cli-plugin-typescript
string-width 2.1.0 - 4.1.0
Depends on vulnerable versions of strip-ansi
node_modules/@vue/cli-service/node_modules/yargs/node_modules/string-width
node_modules/table/node_modules/string-width
table 4.0.2 - 5.4.6
Depends on vulnerable versions of string-width
node_modules/table
wrap-ansi 3.0.0 - 6.1.0
Depends on vulnerable versions of string-width
Depends on vulnerable versions of strip-ansi
node_modules/@vue/cli-service/node_modules/yargs/node_modules/wrap-ansi
apexcharts <3.24.0
Severity: moderate
XSS in apexcharts - https://github.com/advisories/GHSA-w46j-8hm6-h8mm
fix available via `npm audit fix --force`
Will install apexcharts@3.33.2, which is outside the stated dependency range
node_modules/apexcharts
glob-parent <5.1.2
Severity: high
Regular expression denial of service - https://github.com/advisories/GHSA-ww39-953v-wcq6
fix available via `npm audit fix --force`
Will install @vue/cli-service@5.0.1, which is a breaking change
node_modules/@vue/cli-plugin-eslint/node_modules/glob-parent
node_modules/@vue/cli-plugin-typescript/node_modules/glob-parent
node_modules/@vue/cli-service/node_modules/glob-parent
node_modules/copy-webpack-plugin/node_modules/glob-parent
node_modules/watchpack-chokidar2/node_modules/glob-parent
chokidar 1.0.0-rc1 - 2.1.8
Depends on vulnerable versions of glob-parent
node_modules/@vue/cli-service/node_modules/webpack-dev-server/node_modules/chokidar
node_modules/watchpack-chokidar2/node_modules/chokidar
watchpack-chokidar2 *
Depends on vulnerable versions of chokidar
node_modules/watchpack-chokidar2
watchpack 1.7.2 - 1.7.5
Depends on vulnerable versions of watchpack-chokidar2
node_modules/@vue/cli-plugin-eslint/node_modules/watchpack
node_modules/@vue/cli-plugin-typescript/node_modules/watchpack
node_modules/@vue/cli-service/node_modules/watchpack
webpack 4.44.0 - 4.46.0
Depends on vulnerable versions of watchpack
node_modules/@vue/cli-plugin-eslint/node_modules/webpack
node_modules/@vue/cli-plugin-typescript/node_modules/webpack
node_modules/@vue/cli-service/node_modules/webpack
webpack-dev-server 2.0.0-beta - 4.7.2
Depends on vulnerable versions of chokidar
Depends on vulnerable versions of selfsigned
Depends on vulnerable versions of yargs
node_modules/@vue/cli-service/node_modules/webpack-dev-server
copy-webpack-plugin 5.0.1 - 5.1.2
Depends on vulnerable versions of glob-parent
node_modules/copy-webpack-plugin
@vue/cli-service <=5.0.0-rc.3
Depends on vulnerable versions of @vue/cli-plugin-router
Depends on vulnerable versions of @vue/cli-shared-utils
Depends on vulnerable versions of copy-webpack-plugin
Depends on vulnerable versions of cssnano
Depends on vulnerable versions of globby
node_modules/@vue/cli-service
fast-glob <=2.2.7
Depends on vulnerable versions of glob-parent
node_modules/@vue/cli-plugin-eslint/node_modules/fast-glob
node_modules/@vue/cli-plugin-typescript/node_modules/fast-glob
node_modules/@vue/cli-service/node_modules/fast-glob
globby 8.0.0 - 9.2.0
Depends on vulnerable versions of fast-glob
node_modules/@vue/cli-plugin-eslint/node_modules/globby
node_modules/@vue/cli-plugin-typescript/node_modules/globby
node_modules/@vue/cli-service/node_modules/globby
@vue/cli-plugin-eslint <=5.0.0-rc.3
Depends on vulnerable versions of @vue/cli-shared-utils
Depends on vulnerable versions of globby
node_modules/@vue/cli-plugin-eslint
@vue/cli-plugin-typescript <=5.0.0-rc.3
Depends on vulnerable versions of @vue/cli-shared-utils
Depends on vulnerable versions of globby
node_modules/@vue/cli-plugin-typescript
node-forge <1.0.0
URL parsing in node-forge could lead to undesired behavior. - https://github.com/advisories/GHSA-gf8q-jrpm-jvxq
fix available via `npm audit fix`
node_modules/@vue/cli-service/node_modules/node-forge
selfsigned 1.1.1 - 1.10.14
Depends on vulnerable versions of node-forge
node_modules/@vue/cli-service/node_modules/selfsigned
webpack-dev-server 2.0.0-beta - 4.7.2
Depends on vulnerable versions of chokidar
Depends on vulnerable versions of selfsigned
Depends on vulnerable versions of yargs
node_modules/@vue/cli-service/node_modules/webpack-dev-server
nth-check <2.0.1
Severity: moderate
Inefficient Regular Expression Complexity in nth-check - https://github.com/advisories/GHSA-rp65-9cf3-cjxr
fix available via `npm audit fix --force`
Will install @vue/cli-service@5.0.1, which is a breaking change
node_modules/@vue/cli-service/node_modules/nth-check
node_modules/webpack-rtl-plugin/node_modules/nth-check
css-select <=3.1.0
Depends on vulnerable versions of nth-check
node_modules/@vue/cli-service/node_modules/css-select
node_modules/webpack-rtl-plugin/node_modules/css-select
svgo 1.0.0 - 1.3.2
Depends on vulnerable versions of css-select
node_modules/@vue/cli-service/node_modules/svgo
node_modules/webpack-rtl-plugin/node_modules/svgo
postcss-svgo 4.0.0-nightly.2020.1.9 - 5.0.0-rc.2
Depends on vulnerable versions of svgo
node_modules/@vue/cli-service/node_modules/postcss-svgo
node_modules/webpack-rtl-plugin/node_modules/postcss-svgo
cssnano-preset-default <=4.0.8
Depends on vulnerable versions of postcss-svgo
node_modules/@vue/cli-service/node_modules/cssnano-preset-default
node_modules/webpack-rtl-plugin/node_modules/cssnano-preset-default
@intervolga/optimize-cssnano-plugin >=1.0.2
Depends on vulnerable versions of cssnano-preset-default
node_modules/@vue/cli-service/node_modules/@intervolga/optimize-cssnano-plugin
cssnano 4.0.0-nightly.2020.1.9 - 4.1.11
Depends on vulnerable versions of cssnano-preset-default
node_modules/@vue/cli-service/node_modules/cssnano
node_modules/webpack-rtl-plugin/node_modules/cssnano
@vue/cli-service <=5.0.0-rc.3
Depends on vulnerable versions of @vue/cli-plugin-router
Depends on vulnerable versions of @vue/cli-shared-utils
Depends on vulnerable versions of copy-webpack-plugin
Depends on vulnerable versions of cssnano
Depends on vulnerable versions of globby
node_modules/@vue/cli-service
webpack-rtl-plugin *
Depends on vulnerable versions of @romainberger/css-diff
Depends on vulnerable versions of cssnano
Depends on vulnerable versions of rtlcss
node_modules/webpack-rtl-plugin
postcss <7.0.36
Severity: moderate
Regular Expression Denial of Service in postcss - https://github.com/advisories/GHSA-566m-qj78-rww5
fix available via `npm audit fix --force`
Will install webpack-rtl-plugin@1.3.0, which is a breaking change
node_modules/@romainberger/css-diff/node_modules/postcss
node_modules/rtlcss/node_modules/postcss
node_modules/webpack-rtl-plugin/node_modules/rtlcss/node_modules/postcss
@romainberger/css-diff *
Depends on vulnerable versions of postcss
node_modules/@romainberger/css-diff
webpack-rtl-plugin *
Depends on vulnerable versions of @romainberger/css-diff
Depends on vulnerable versions of cssnano
Depends on vulnerable versions of rtlcss
node_modules/webpack-rtl-plugin
rtlcss <=2.6.2
Depends on vulnerable versions of postcss
node_modules/rtlcss
node_modules/webpack-rtl-plugin/node_modules/rtlcss
rtlcss-webpack-plugin *
Depends on vulnerable versions of rtlcss
node_modules/rtlcss-webpack-plugin
quill <=1.3.7
Severity: moderate
Cross-site Scripting in quill - https://github.com/advisories/GHSA-4943-9vgg-gr5r
No fix available
node_modules/quill
39 vulnerabilities (2 low, 25 moderate, 12 high)
To address issues that do not require attention, run:
npm audit fix
To address all issues possible (including breaking changes), run:
npm audit fix --force
Some issues need review, and may require choosing
a different dependency.