vue-cli-plugin-s3-deploy icon indicating copy to clipboard operation
vue-cli-plugin-s3-deploy copied to clipboard
verified publisher icon multiplegeorges

Update npm package

Open Roriz opened this issue 5 years ago • 2 comments

Hi, I have been trying to use rc4, but the version publisher on npm is outdated:

image

You can see on download of: https://registry.npmjs.org/vue-cli-plugin-s3-deploy/-/vue-cli-plugin-s3-deploy-4.0.0-rc4.tgz

Roriz avatar Sep 05 '20 17:09 Roriz

Not ideal, but it shouldn't impact functionality too much.

nicekiwi avatar Sep 07 '20 03:09 nicekiwi

rc3 and rc4 versions of this package have npm audit warnings. Would be nice if this package re-released with dependency updates,

$ npm audit
# npm audit report

glob-parent  <5.1.2
Severity: high
glob-parent before 5.1.2 vulnerable to Regular Expression Denial of Service in enclosure regex - https://github.com/advisories/GHSA-ww39-953v-wcq6
fix available via `npm audit fix --force`
Will install [email protected], which is a breaking change
node_modules/vue-cli-plugin-s3-deploy/node_modules/glob-parent
  fast-glob  <=2.2.7
  Depends on vulnerable versions of glob-parent
  node_modules/vue-cli-plugin-s3-deploy/node_modules/fast-glob
    globby  8.0.0 - 9.2.0
    Depends on vulnerable versions of fast-glob
    node_modules/vue-cli-plugin-s3-deploy/node_modules/globby
      vue-cli-plugin-s3-deploy  >=3.0.0
      Depends on vulnerable versions of globby
      node_modules/vue-cli-plugin-s3-deploy

4 high severity vulnerabilities

To address all issues (including breaking changes), run:
  npm audit fix --force

iambumblehead avatar Oct 14 '22 16:10 iambumblehead