Skip to main content

Public

Project privacy set to public. By default, its content is available to everyone (authenticated or not). Please note that more restrictive permissions might exist on some items.

    •  
      request #32282 Ignore vulnerability in a transitive dep of unplugin-vue2-script-setup
    Actions
    Infos
    #32282
    Nicolas Terray (nterray)
    2023-06-05 12:32
    2023-06-05 10:31
    33919
    Details
    Ignore vulnerability in a transitive dep of unplugin-vue2-script-setup

    CVE-2023-2972 is reported due to the usage of @antfu/utils in the dependency trees of the unplugin-vue2-script-setup lib.

    Tuleap does not appear to be affected by the issue:

    • Vulnerability concerns deepMerge of @antfu/utils
    • unplugin-vue2-script-setup does not use deepMerge of @antfu/utils
    • Tuleap only uses unplugin-vue2-script-setup in tests context
    Dependencies
    Empty
    Empty
    • [ ] enhancement
    • [ ] internal improvement
    Empty
    Stage
    Nicolas Terray (nterray)
    Closed
    2023-06-05
    Attachments
    Empty
    References
    Referencing request #32282

    Git commit

    tuleap/tuleap/stable

    chore: Ignore vulnerability in a transitive dep of unplugin-vue2-script-setup d2f6139629
    User avatar Nicolas Terray (nterray) , 2023-06-05 10:31
    Display settings

    Follow-ups