Description
Version
3.2.3
Reproduction link
https://github.com/peterennis/aeicons-vue
Environment info
C:\ae\adaept.com\aeicons-vue>vue info
Environment Info:
System:
OS: Windows 10
CPU: (4) x64 Intel(R) Core(TM) i7-3540M CPU @ 3.00GHz
Binaries:
Node: 10.14.2 - C:\Program Files\nodejs\node.EXE
Yarn: Not Found
npm: 6.4.1 - C:\Program Files\nodejs\npm.CMD
Browsers:
Edge: 44.17763.1.0
npmPackages:
@vue/cli-overlay: 3.2.0
@vue/cli-plugin-e2e-nightwatch: ^3.2.0 => 3.2.2
@vue/cli-plugin-eslint: ^3.2.0 => 3.2.2
@vue/cli-plugin-pwa: ^3.2.0 => 3.2.2
@vue/cli-plugin-typescript: ^3.2.0 => 3.2.2
@vue/cli-plugin-unit-jest: ^3.2.0 => 3.2.3
@vue/cli-service: ^3.2.0 => 3.2.3
@vue/cli-shared-utils: 3.2.2
@vue/component-compiler-utils: 2.4.0
@vue/eslint-config-prettier: ^4.0.1 => 4.0.1
@vue/eslint-config-typescript: ^3.2.0 => 3.2.0
@vue/preload-webpack-plugin: 1.1.0
@vue/test-utils: ^1.0.0-beta.20 => 1.0.0-beta.28
@vue/web-component-wrapper: 1.2.0
eslint-plugin-vue: ^5.0.0 => 5.1.0
jest-serializer-vue: 2.0.2
vue: ^2.5.21 => 2.5.21
vue-class-component: ^6.0.0 => 6.3.2
vue-eslint-parser: 2.0.3
vue-hot-reload-api: 2.3.1
vue-jest: 3.0.2
vue-loader: 15.5.0
vue-property-decorator: ^7.0.0 => 7.2.0
vue-style-loader: 4.1.2
vue-template-compiler: ^2.5.21 => 2.5.21
vue-template-es2015-compiler: 1.6.0
npmGlobalPackages:
@vue/cli: Not Found
C:\ae\adaept.com\aeicons-vue>
Steps to reproduce
Create project with the relevant selections
What is expected?
No security errors
What is actually happening?
npm audit shows security errors
npm audit fix cannot fix
C:\ae\adaept.com\aeicons-vue>npm audit
=== npm audit security report ===
Manual Review
Some vulnerabilities require your attention to resolve
Visit https://go.npm.me/audit-guide for additional guidance
Critical Command Injection
Package growl
Patched in >=1.10.2
Dependency of @vue/cli-plugin-e2e-nightwatch [dev]
Path @vue/cli-plugin-e2e-nightwatch > nightwatch >
mocha-nightwatch > growl
More info https://nodesecurity.io/advisories/146
High Denial of Service
Package http-proxy-agent
Patched in >=2.1.0
Dependency of @vue/cli-plugin-e2e-nightwatch [dev]
Path @vue/cli-plugin-e2e-nightwatch > nightwatch > proxy-agent >
http-proxy-agent
More info https://nodesecurity.io/advisories/607
High Denial of Service
Package http-proxy-agent
Patched in >=2.1.0
Dependency of @vue/cli-plugin-e2e-nightwatch [dev]
Path @vue/cli-plugin-e2e-nightwatch > nightwatch > proxy-agent >
pac-proxy-agent > http-proxy-agent
More info https://nodesecurity.io/advisories/607
High Denial of Service
Package https-proxy-agent
Patched in >=2.2.0
Dependency of @vue/cli-plugin-e2e-nightwatch [dev]
Path @vue/cli-plugin-e2e-nightwatch > nightwatch > proxy-agent >
https-proxy-agent
More info https://nodesecurity.io/advisories/593
High Denial of Service
Package https-proxy-agent
Patched in >=2.2.0
Dependency of @vue/cli-plugin-e2e-nightwatch [dev]
Path @vue/cli-plugin-e2e-nightwatch > nightwatch > proxy-agent >
pac-proxy-agent > https-proxy-agent
More info https://nodesecurity.io/advisories/593
Low Regular Expression Denial of Service
Package debug
Patched in >= 2.6.9 < 3.0.0 || >= 3.1.0
Dependency of @vue/cli-plugin-e2e-nightwatch [dev]
Path @vue/cli-plugin-e2e-nightwatch > nightwatch >
mocha-nightwatch > debug
More info https://nodesecurity.io/advisories/534
found 6 vulnerabilities (1 low, 4 high, 1 critical) in 37738 scanned packages
6 vulnerabilities require manual review. See the full report for details.
C:\ae\adaept.com\aeicons-vue>