via
up to date, audited 1702 packages in 3s
123 packages are looking for funding
run `npm fund` for details
# npm audit report
ansi-regex >2.1.1 <5.0.1
Severity: moderate
Inefficient Regular Expression Complexity in chalk/ansi-regex - https://github.com/advisories/GHSA-93q8-gq69-wqmw
fix available via `npm audit fix --force`
Will install node-sass@4.14.0, which is a breaking change
node_modules/cliui/node_modules/ansi-regex
node_modules/wrap-ansi/node_modules/ansi-regex
node_modules/yargs/node_modules/ansi-regex
strip-ansi 4.0.0 - 5.2.0
Depends on vulnerable versions of ansi-regex
node_modules/cliui/node_modules/strip-ansi
node_modules/wrap-ansi/node_modules/strip-ansi
node_modules/yargs/node_modules/strip-ansi
cliui 4.0.0 - 5.0.0
Depends on vulnerable versions of strip-ansi
Depends on vulnerable versions of wrap-ansi
node_modules/cliui
yargs 10.1.0 - 15.0.0
Depends on vulnerable versions of cliui
Depends on vulnerable versions of string-width
node_modules/yargs
sass-graph 2.2.5 || >=3.0.5
Depends on vulnerable versions of yargs
node_modules/sass-graph
node-sass >=4.14.1
Depends on vulnerable versions of sass-graph
node_modules/node-sass
webpack-dev-server 2.0.0-beta - 3.11.3
Depends on vulnerable versions of chokidar
Depends on vulnerable versions of yargs
node_modules/webpack-dev-server
string-width 2.1.0 - 4.1.0
Depends on vulnerable versions of strip-ansi
node_modules/cliui/node_modules/string-width
node_modules/wrap-ansi/node_modules/string-width
node_modules/yargs/node_modules/string-width
wrap-ansi 3.0.0 - 6.1.0
Depends on vulnerable versions of string-width
Depends on vulnerable versions of strip-ansi
node_modules/wrap-ansi
webpackbar 3.0.0-0 - 3.2.0
Depends on vulnerable versions of wrap-ansi
node_modules/webpackbar
glob-parent <5.1.2
Severity: high
Regular expression denial of service - https://github.com/advisories/GHSA-ww39-953v-wcq6
No fix available
node_modules/chokidar/node_modules/glob-parent
node_modules/copy-webpack-plugin/node_modules/glob-parent
node_modules/fast-glob/node_modules/glob-parent
chokidar 1.0.0-rc1 - 2.1.8
Depends on vulnerable versions of glob-parent
node_modules/chokidar
@vuepress/core <=1.8.2
Depends on vulnerable versions of chokidar
node_modules/@vuepress/core
vuepress 1.0.0-alpha.0 - 1.8.2
Depends on vulnerable versions of @vuepress/core
node_modules/vuepress
@mr-hope/vuepress-types *
Depends on vulnerable versions of @types/markdown-it
Depends on vulnerable versions of vuepress
node_modules/@mr-hope/vuepress-types
@mr-hope/vuepress-plugin-sitemap >=1.20.3
Depends on vulnerable versions of @mr-hope/vuepress-types
node_modules/@mr-hope/vuepress-plugin-sitemap
watchpack-chokidar2 *
Depends on vulnerable versions of chokidar
node_modules/watchpack-chokidar2
watchpack 1.7.2 - 1.7.5
Depends on vulnerable versions of watchpack-chokidar2
node_modules/watchpack
webpack 4.44.0 - 4.46.0
Depends on vulnerable versions of watchpack
node_modules/webpack
webpack-dev-server 2.0.0-beta - 3.11.3
Depends on vulnerable versions of chokidar
Depends on vulnerable versions of yargs
node_modules/webpack-dev-server
copy-webpack-plugin 5.0.1 - 5.1.2
Depends on vulnerable versions of glob-parent
node_modules/copy-webpack-plugin
fast-glob <=2.2.7
Depends on vulnerable versions of glob-parent
node_modules/fast-glob
globby 8.0.0 - 9.2.0
Depends on vulnerable versions of fast-glob
node_modules/globby
@vuepress/shared-utils *
Depends on vulnerable versions of globby
node_modules/@vuepress/shared-utils
@vuepress/markdown <=1.8.2
Depends on vulnerable versions of @vuepress/shared-utils
node_modules/@vuepress/markdown
@vuepress/markdown-loader *
Depends on vulnerable versions of @vuepress/markdown
node_modules/@vuepress/markdown-loader
@vuepress/plugin-pwa <=1.8.2
Depends on vulnerable versions of @vuepress/shared-utils
node_modules/@vuepress/plugin-pwa
@vuepress/plugin-register-components <=1.8.2
Depends on vulnerable versions of @vuepress/shared-utils
node_modules/@vuepress/plugin-register-components
vuepress-plugin-container >=2.1.5
Depends on vulnerable versions of @vuepress/shared-utils
node_modules/vuepress-plugin-container
vuepress-plugin-dehydrate *
Depends on vulnerable versions of @vuepress/shared-utils
node_modules/vuepress-plugin-dehydrate
highlight.js 9.0.0 - 10.4.0
Severity: moderate
ReDOS vulnerabities: multiple grammars - https://github.com/advisories/GHSA-7wwv-vh3v-89cq
fix available via `npm audit fix --force`
Will install @mr-hope/vuepress-plugin-sitemap@1.20.0, which is a breaking change
node_modules/highlight.js
@types/markdown-it 10.0.3
Depends on vulnerable versions of highlight.js
node_modules/@types/markdown-it
@mr-hope/vuepress-types *
Depends on vulnerable versions of @types/markdown-it
Depends on vulnerable versions of vuepress
node_modules/@mr-hope/vuepress-types
@mr-hope/vuepress-plugin-sitemap >=1.20.3
Depends on vulnerable versions of @mr-hope/vuepress-types
node_modules/@mr-hope/vuepress-plugin-sitemap
nth-check <2.0.1
Severity: moderate
Inefficient Regular Expression Complexity in nth-check - https://github.com/advisories/GHSA-rp65-9cf3-cjxr
fix available via `npm audit fix`
node_modules/nth-check
css-select <=3.1.0
Depends on vulnerable versions of nth-check
node_modules/css-select
svgo 1.0.0 - 1.3.2
Depends on vulnerable versions of css-select
node_modules/svgo
postcss-svgo 4.0.0-nightly.2020.1.9 - 5.0.0-rc.2
Depends on vulnerable versions of svgo
node_modules/postcss-svgo
cssnano-preset-default <=4.0.8
Depends on vulnerable versions of postcss-svgo
node_modules/cssnano-preset-default
cssnano 4.0.0-nightly.2020.1.9 - 4.1.11
Depends on vulnerable versions of cssnano-preset-default
node_modules/cssnano
optimize-css-assets-webpack-plugin 3.2.1 || 5.0.0 - 5.0.8
Depends on vulnerable versions of cssnano
node_modules/optimize-css-assets-webpack-plugin
trim-newlines <3.0.1
Severity: high
Regular Expression Denial of Service in trim-newlines - https://github.com/advisories/GHSA-7p7h-4mm5-852v
No fix available
node_modules/generate-robotstxt/node_modules/trim-newlines
meow 3.4.0 - 5.0.0
Depends on vulnerable versions of trim-newlines
Depends on vulnerable versions of yargs-parser
node_modules/generate-robotstxt/node_modules/meow
generate-robotstxt 5.0.1 - 8.0.0
Depends on vulnerable versions of meow
node_modules/generate-robotstxt
vuepress-plugin-robots *
Depends on vulnerable versions of generate-robotstxt
node_modules/vuepress-plugin-robots
yargs-parser 6.0.0 - 13.1.1
Severity: moderate
Prototype Pollution in yargs-parser - https://github.com/advisories/GHSA-p9pc-299p-vxgp
No fix available
node_modules/generate-robotstxt/node_modules/yargs-parser
meow 3.4.0 - 5.0.0
Depends on vulnerable versions of trim-newlines
Depends on vulnerable versions of yargs-parser
node_modules/generate-robotstxt/node_modules/meow
generate-robotstxt 5.0.1 - 8.0.0
Depends on vulnerable versions of meow
node_modules/generate-robotstxt
vuepress-plugin-robots *
Depends on vulnerable versions of generate-robotstxt
node_modules/vuepress-plugin-robots
43 vulnerabilities (20 moderate, 23 high)
To address issues that do not require attention, run:
npm audit fix
To address all issues possible (including breaking changes), run:
npm audit fix --force
Some issues need review, and may require choosing
a different dependency.
* Update navigation-layout images
updates them to use the new app reader screenshots
not renaming because by that I can be lazy :p
* resize images to be of width 648px
