Skip to main content

Public

Project privacy set to public. By default, its content is available to everyone (authenticated or not). Please note that more restrictive permissions might exist on some items.

    •  
      request #32282 Ignore vulnerability in a transitive dep of unplugin-vue2-script-setup
    Actions
    Infos
    #32282
    Nicolas Terray (nterray)
    2023-06-05 12:32
    2023-06-05 10:31
    33872
    Details
    Ignore vulnerability in a transitive dep of unplugin-vue2-script-setup

    CVE-2023-2972 is reported due to the usage of @antfu/utils in the dependency trees of the unplugin-vue2-script-setup lib.

    Tuleap does not appear to be affected by the issue:

    • Vulnerability concerns deepMerge of @antfu/utils
    • unplugin-vue2-script-setup does not use deepMerge of @antfu/utils
    • Tuleap only uses unplugin-vue2-script-setup in tests context
    Dependencies
    Empty
    Empty
    • [ ] enhancement
    • [ ] internal improvement
    Empty
    Stage
    Nicolas Terray (nterray)
    Closed
    2023-06-05
    Attachments
    Artifact links

    Releases

    Fixed in

    Artifact ID Project Tracker Summary Status Last Update Date Submitted By Assigned to
    rel #31539 Tuleap Releases 14.10 Delivered 2023-21-06 12:17 Manuel Vacelet (vaceletm)
    Empty
    References
    Referencing request #32282

    Git commit

    tuleap/tuleap/stable

    chore: Ignore vulnerability in a transitive dep of unplugin-vue2-script-setup d2f6139629
    User avatar Nicolas Terray (nterray) , 2023-06-05 10:31
    Display settings

    Follow-ups