How to address critical vulnerabilities found in a Vue.js project that relies on the 'vue-svg-loader' dependency, specifically impacting 'nth-check', 'css-select', and 'svgo'?

Attempting to launch a Vue version 2 project, encountered the following error:

# npm audit report

nth-check  <2.0.1
Severity: high
Inefficient Regular Expression Complexity in nth-check - https://github.com/advisories/GHSA-rp65-9cf3-cjxr
fix available via `npm audit fix --force`
Will install <a href="/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="1a6c6f7f37696c7d3776757b7e7f685a2a342b2c342a">[email protected]</a>, which is a breaking change
node_modules/vue-svg-loader/node_modules/nth-check
  css-select  <=3.1.0
  Depends on vulnerable versions of nth-check
  node_modules/vue-svg-loader/node_modules/css-select
    svgo  1.0.0 - 1.3.2
    Depends on vulnerable versions of css-select
    node_modules/vue-svg-loader/node_modules/svgo
      vue-svg-loader  0.5.0 - 0.10.0 || >=0.17.0-beta.0
      Depends on vulnerable versions of svgo
      node_modules/vue-svg-loader

4 high severity vulnerabilities

Tried running "npm audit fix --force" without success.

Attempted "npm audit fix --force" again with no luck.

javascriptvue.jsnpm

Answer №1

If you're looking to eliminate the use of svgo and ditch the associated security risks, here's a solution I implemented:

I first uninstalled the loader using npm and then proceeded to copy this file into my project under the name vue-svg-inline-loader.js: https://github.com/oliverfindl/vue-svg-inline-loader/blob/master/src/index.js. After that, I removed the svgo components from the file (and also ensured they were removed from the webpack configuration if there was an svgo option present).

Next, I directed the webpack configuration to use the new local loader like so:

cfg.resolveLoader.alias = {
    'vue-svg-inline-loader': path.resolve(__dirname, 'loaders', 'vue-svg-inline-loader.js')
};

Similar questions

If you have not found the answer to your question or you are interested in this topic, then look at other similar questions below or use the search

Tips for generating and invoking a promise within NodeJS

I have been attempting to access Firestore using a function I created that includes a collection variable. var fetchDataFromFirestore = function(collection, doc){ return promise = new Promise(function(resolve,reject){ //If doc param is null Quer ...

javascriptnode.jsfirebasepromisegoogle-cloud-firestore

Change UL to a JSON format

I am attempting to transform an entire unordered list (UL) and its child elements into a JSON object. Here is the approach we took: function extractData(element) { element.find('li').each(function () { data.push({ "name": $(this).fi ...

javascriptjqueryjson

Issue: The module 'react-dev-utils/getPublicUrlOrPath' cannot be located

I recently deployed my React.js application on Heroku but encountered a message stating: The Browserslist indicates that caniuse-lite is outdated and advises to run the following command: npm update. In response, I executed npm update followed by ...

reactjsherokunpmcreate-react-app

Utilizing AngularJS for Converting Date Formats from JSON and HTML Elements

So I have this controller set up. function TestCtrl($scope) { var contentFromJson = 'Hi! this is <b>Bold</b> and <i>Italic</i>'; var dateFromJson = '/Date(1394526738123)/'; $scope.Date = dateFromJso ...

javascriptjqueryhtmljsonangularjs

Encountering an Error when Integrating Pusher (real-time data library) with Next.js: PusherRequestError - Unexpected status code 400

I encountered an issue while trying to integrate Pusher into my Next.js application due to Vercel's restriction on websockets in their serverless functions. The error message I keep receiving after running the program with Pusher is: error - unhandled ...

javascriptwebsocketnext.jspushervercel

"Trouble connecting Sequelize associations with API routes, resulting in unsuccessful retrieval of data from the database

I am currently navigating the complexities of sequelize and express, facing challenges with database associations and data retrieval. My project involves a boarders-boards (focused on surfboards and riders) database with three main models: Boards, Riders, ...

javascriptexpressserversequelize.js

Encountering package.json with missing dependencies while running the command 'create-react-app my-app'

After attempting to utilize both npm and npx, I repeatedly encountered an error related to missing package dependencies. ...

reactjsnpmnpx

Using Vue.js along with vuex and axios allows for data retrieval only upon the second load

After creating a Vue.js app with vuex as a central store and using axios for basic API calls, I implemented the following store action: loadConstituencyByAreaCodeAndParliament({commit}, {parliament_id, area_code}) { axios.get('/cc-api/area-code/ ...

javascriptvue.jspromiseaxiosvuex

GWT's Stylish Image Carousel

Can anyone recommend a simple image slider for GWT that meets the following requirements: Slides several images from right to left when user clicks on the image (selected image should be at the center) Has endless looping capability (the last image shoul ...

javascriptjquerygwtslideshowuislider

What is the best method for uploading and saving a file using AngularJS and ExpressJS together?

I am using a library for AngularJS called angular-file-upload. Despite successfully setting it up and getting image uploads to work, I am facing an issue with passing the file to the server side (express js). Jade: input.form-input(ng-model="userAvatarFi ...

javascriptangularjsexpress

Storing the model on the server with the help of Backbone and NodeJS

As a beginner in Backbone and AJAX, as well as being new to Node.js which my server is built on, I am working on saving a model using the Save method in Backbone for a webchat project for university. Right now, my goal is to send the username and password ...

javascriptajaxnode.jsbackbone.js

The inserted button's click event does not trigger the contentEditable DIV

I have a contentEditable DIV that I manage using the directive below: <div class="msg-input-area" [class.focused]="isMsgAreaFocused" contenteditable [contenteditableModel]="msgText" (contenteditableModelChang ...

javascripthtmlangulardomdom-events

When setting the request header in XMLHttpRequest, the $_POST variable will be null

I encountered an issue while trying to send a request using XMLHttpRequest in JavaScript code with PHP. Whenever I set the request header using `setRequestHeader`, the `$_POST` value returns null. However, if I remove `setRequestHeader`, the `$_POST` data ...

javascriptphpajax

The success callback in JQuery Ajax does not function properly when constructing an array of Ajax calls

I am facing a challenge in building an array of custom objects by resolving promises from an array created based on another array. Consider having an array of letters = ['a', 'b', 'c']. I then map this array to make Ajax call ...

javascriptjqueryangularjsajaxpromise

The result of JWT.decode may be null

I am facing an issue with decoding a JSON web token as it is returning null. I have even tried setting complete set to true, but unfortunately it still fails. The function used for generating the token is: import jwt from 'jsonwebtoken'; jwt.s ...

javascriptnode.jsjwtdecode

Attempting to streamline this function in order to avoid running it nine separate times

I have created a day scheduler and successfully saved data in local storage for one hour field. However, I am looking for a way to streamline this function so that I can use it across all 8-hour fields without duplicating the code. Can someone provide me w ...

javascriptjquery

Transform the event information based on specific configuration settings

I possess an array containing JSON data named config. var config = [ [{'state': 'step1'}], [{'state': 'step2'}] , [{'state': 'step3'}] ]; The data ...

javascriptjsonalgorithm

Can someone explain the significance of receiving a TypeError when trying to access properties of null (specifically 'useRef') in a React application?

I encountered an issue while working on a React project...the browser console displays the following error. What does this mean? And how can I resolve it? react.development.js:1545 Uncaught TypeError: Cannot read properties of null (reading 'useRef ...

javascriptreactjs

Angular displaying undefined for service

I have created a service for uploading images to a server, and I am encountering an issue when calling this service from my controller. The error message indicates that the function 'uploadFileToUrl' is undefined. Below is the code for my servic ...

javascriptangularjsangular-services

Utilizing nested grouping in mongoose schemas

I am facing a challenge while attempting to execute a nested group query in MongoDB. Is there a way to group data by both date and campaign ID, ensuring that each campaign ID contains a nested array of creatives with their respective data (views and clicks ...

javascriptnode.jsmongodbmongoose