How to fix npm audit issue with Depends on vulnerable versions of postcss

0
votes

I am developing a Vuejs/Nuxtjs application that has few dependencies and getting 93 vulnerabilities (87 moderate, 6 high) vulnerabilities issues when I run npm audit.

I tried to fix some of the issues using the npm audit fix but even after that, the results of npm audit are the same. Most of the issues are due to the following:

  Depends on vulnerable versions of postcss
  node_modules/postcss-overflow-shorthand
  postcss-page-break  <=2.0.0
  Depends on vulnerable versions of postcss
  node_modules/postcss-page-break
  postcss-place  <=5.0.0
  Depends on vulnerable versions of postcss
  node_modules/postcss-place
  postcss-pseudo-class-any-link  <=6.0.0
  Depends on vulnerable versions of postcss
  node_modules/postcss-pseudo-class-any-link
  postcss-reduce-initial  <=4.0.3
  Depends on vulnerable versions of postcss
  node_modules/postcss-reduce-initial
  postcss-reduce-transforms  <=4.0.2
  Depends on vulnerable versions of postcss
  node_modules/postcss-reduce-transforms
  postcss-replace-overflow-wrap  <=3.0.0
  Depends on vulnerable versions of postcss
  node_modules/postcss-replace-overflow-wrap
  postcss-selector-matches  *
  Depends on vulnerable versions of postcss
  node_modules/postcss-selector-matches
  postcss-selector-not  <=4.0.1
  Depends on vulnerable versions of postcss
  node_modules/postcss-selector-not
  postcss-svgo  <=5.0.0-rc.2
  Depends on vulnerable versions of postcss
  Depends on vulnerable versions of svgo
  node_modules/postcss-svgo
  postcss-unique-selectors  <=4.0.1
  Depends on vulnerable versions of postcss
  node_modules/postcss-unique-selectors
  postcss-url  3.3.0 - 10.0.0
  Depends on vulnerable versions of postcss
  node_modules/postcss-url
  stylehacks  <=4.0.3
  Depends on vulnerable versions of postcss
  node_modules/stylehacks

Following is the content I have package.json:

{
  "name": "openepcis-test-data-generator-ui",
  "version": "1.0.0",
  "private": true,
  "scripts": {
    "dev": "nuxt",
    "build": "nuxt build",
    "start": "nuxt start",
    "generate": "nuxt generate",
    "lint:js": "eslint --ext \".js,.vue\" --ignore-path .gitignore .",
    "lint": "npm run lint:js"
  },
  "dependencies": {
    "@element-plus/icons": "^0.0.11",
    "@nuxtjs/axios": "^5.13.6",
    "@nuxtjs/dotenv": "^1.4.1",
    "bootstrap": "^4.6.0",
    "bootstrap-vue": "^2.21.2",
    "core-js": "^3.15.1",
    "drawflow": "^0.0.52",
    "element-ui": "^2.15.6",
    "nuxt": "^2.15.8",
    "url-loader": "^4.1.1",
    "vue-multiselect": "^2.1.6"
  },
  "devDependencies": {
    "@babel/eslint-parser": "^7.14.7",
    "@nuxtjs/eslint-config": "^6.0.1",
    "@nuxtjs/eslint-module": "^3.0.2",
    "@types/drawflow": "^0.0.3",
    "eslint": "^7.29.0",
    "eslint-plugin-nuxt": "^2.0.0",
    "eslint-plugin-vue": "^7.12.1"
  }
}

Can someone please let me know how to fix these issues as I am very new to these audits.

node.jsvue.jsnpmvuejs2nuxt.js