•  
      request #32282 Ignore vulnerability in a transitive dep of unplugin-vue2-script-setup
    Infos
    #32282
    Nicolas Terray (nterray)
    2023-06-05 12:32
    2023-06-05 10:31
    33888
    Details
    Ignore vulnerability in a transitive dep of unplugin-vue2-script-setup

    CVE-2023-2972 is reported due to the usage of @antfu/utils in the dependency trees of the unplugin-vue2-script-setup lib.

    Tuleap does not appear to be affected by the issue:

    • Vulnerability concerns deepMerge of @antfu/utils
    • unplugin-vue2-script-setup does not use deepMerge of @antfu/utils
    • Tuleap only uses unplugin-vue2-script-setup in tests context
    Dependencies
    Empty
    Empty
    • [ ] enhancement
    • [ ] internal improvement
    Empty
    Stage
    Nicolas Terray (nterray)
    Closed
    2023-06-05
    Attachments
    Empty
    References

    Follow-ups