Update bootstrap and shards-ui packages to fix insecure version of bootstrap

Question

Update bootstrap and shards-ui packages to fix insecure version of bootstrap

sonisaurabh19 opened this issue 4 years ago · 0 comments

sonisaurabh19 commented 4 years ago

Expected Behavior

npm audit should pass

Current Behavior

npm audit shows a vulnerability in 4.1.3:

npm audit report

bootstrap <3.4.1 || >=4.0.0 <4.3.1
Severity: moderate
Cross-Site Scripting - https://npmjs.com/advisories/891
No fix available
node_modules/shards-vue/node_modules/bootstrap
shards-ui 2.0.0 - 2.1.2
Depends on vulnerable versions of bootstrap
node_modules/shards-vue/node_modules/shards-ui
shards-vue *
Depends on vulnerable versions of shards-ui
node_modules/shards-vue

Steps to Reproduce

Install shards-vue
Run npm audit

Context (Environment)

Possible Solution

Upgrade bootstrap to >= 4.3.1
Upgrade shards-ui >= 3.0.0