Comments (2)
Hey, unfortunately these packages are used by other dev packages (mostly Vue CLI), which are already at the latest version. You need to raise the issue / submit a PR to them instead.
Here's the full dependency path to help you:
normalize-url
is used by@vue/cli-service > cssnano > cssnano-preset-default > postcss-normalize-url > normalize-url
which of course doesn't effect the production applicationglob-parent
is also used by@vue/cli-service > copy-webpack-plugin > glob-parent
css-what
is used by@vue/cli-service > cssnano > cssnano-preset-default > postcss-svgo > svgo > css-select > css-what
You'll find the same results in most Vue projects at the moment, there are actually 6 critical vulnerabilities in Vue CLI. In Dashy specifically isn't actually effected by any of these vulnerabilities, as it's not using the effected packages in production, so is nothing to worry about.
I'm using Synk for vulnerability checking, you can find the current report here: https://snyk.io/test/github/Lissy93/dashy
from dashy.
Btw it looks like these issues are already raised, see below:
- Vue CLI 6118 - Re CVE-2020-7774
- Vue CLI 5489 - Re http-proxy
- Vue CLI 6523 - Re css-what
- Vue CLI 5285 - Re minimist
- http-server 1459 - Re CVE-400
- normalize-url 135 - Re CVE-2021-33502
- glob-parent 48 - Re regex dos
from dashy.
Related Issues (20)
- [BUG] <title>MVG Connections always shows the connection between Marienplatz and Giesing no matter how the config file is modified. HOT 2
- Hi, I'm new here and I could really use some help HOT 1
- [QUESTION] how to get widgets working when using nginxproxymanager HOT 12
- [FEATURE_REQUEST] Add a startpage view optimized to reduce load time HOT 2
- 导航图标标题 HOT 1
- [FEATURE_REQUEST] widget for uptime-kuma HOT 2
- [FEATURE_REQUEST] healthchecks continues checking HOT 1
- How to change --content-max-width HOT 6
- deployed on vercel HOT 10
- [QUESTION] Serve assets only to logged in users HOT 3
- [FEATURE_REQUEST] Unify weather and weather forecast widgets HOT 5
- [QUESTION] Custom HTML? HOT 16
- All tickets related to dashy not rebuilding automatically HOT 1
- [SHOWCASE] MNDashboard HOT 4
- [BUG] Dashy crashlooping after last upgrade to 2.1.2 HOT 13
- [QUESTION] Build from Source not working anymore 2.1.2? HOT 3
- [BUG] Authentication settings cannot be saved to a configuration file HOT 2
- [BUG] Build Failed Vercel HOT 6
- [BUG] Dashy v2.1.2 consuming all assigned resources after changing config (either via GUI or direct conf.yml change) HOT 13
- [QUESTION] Alpine 3.15 LXC unmet peer dependency warnings? HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from dashy.