critical/high Vulnerabilities

[paul-asvb]

I am interested in helping provide a fix!

Yes

Which generators are impacted?

• All
• Angular
• HTML
• Preact
• Qwik
• React
• React-Native
• Solid
• Stencil
• Svelte
• Vue
• Web components

Reproduction case

No UI Problem

Expected Behaviour

Have no CRITICAL / HIGH vulnerabilites

Actual Behaviour

pnpm audit + trivy audit both get the same vulnerabilities:

Severity	Vulnerability Description	Package	Vulnerable Versions	Patched Versions	Paths	More Info
critical	vm2 Sandbox Escape vulnerability	vm2	<=3.9.19	<0.0.0	. > [email protected]	Link
					mypackage > @builder.io/[email protected] > @builder.io/[email protected] > [email protected]
					mypackage > @builder.io/[email protected] > @builder.io/[email protected] > @builder.io/[email protected] > [email protected]
critical	Prototype Pollution in lodash	lodash.template	<4.5.0	>=4.5.0	. > [email protected]	Link
					mypackage > @builder.io/[email protected] > [email protected] > [email protected]
high	glob-parent before 5.1.2 vulnerable to Regular Expression Denial of Service in enclosure regex	glob-parent	<5.1.2	>=5.1.2	mypackage > @builder.io/[email protected] > [email protected] > [email protected] > [email protected] > [email protected]	Link
					mypackage > @builder.io/[email protected] > [email protected] > [email protected] > [email protected] > [email protected] > [email protected] > [email protected] > [email protected]
high	node-fetch forwards secure headers to untrusted sites	node-fetch	<2.6.7	>=2.6.7	mypackage > @builder.io/[email protected] > @builder.io/[email protected] > [email protected] > [email protected] > [email protected] > [email protected]	Link
					mypackage > @builder.io/[email protected] > @builder.io/[email protected] > @builder.io/[email protected] > [email protected] > [email protected] > [email protected] > [email protected]

Additional Information

I love this project, happy to provide a fix.