critical/high Vulnerabilities

[paul-asvb]

I am interested in helping provide a fix!

Yes

Which generators are impacted?

• All
• Angular
• HTML
• Preact
• Qwik
• React
• React-Native
• Solid
• Stencil
• Svelte
• Vue
• Web components

Reproduction case

No UI Problem

Expected Behaviour

Have no CRITICAL / HIGH vulnerabilites

Actual Behaviour

pnpm audit + trivy audit both get the same vulnerabilities:

Severity	Vulnerability Description	Package	Vulnerable Versions	Patched Versions	Paths	More Info
critical	vm2 Sandbox Escape vulnerability	vm2	<=3.9.19	<0.0.0	. > vm2@3.9.19	Link
					mypackage > @builder.io/mitosis@0.0.112 > @builder.io/react@1.1.52 > vm2@3.9.19
					mypackage > @builder.io/mitosis-cli@0.0.80 > @builder.io/mitosis@0.0.122 > @builder.io/react@1.1.52 > vm2@3.9.19
critical	Prototype Pollution in lodash	lodash.template	<4.5.0	>=4.5.0	. > lodash.template@4.2.4	Link
					mypackage > @builder.io/mitosis@0.0.112 > module@1.2.5 > lodash.template@4.2.4
high	glob-parent before 5.1.2 vulnerable to Regular Expression Denial of Service in enclosure regex	glob-parent	<5.1.2	>=5.1.2	mypackage > @builder.io/mitosis@0.0.112 > module@1.2.5 > vinyl-fs@2.4.3 > glob-stream@5.3.5 > glob-parent@3.1.0	Link
					mypackage > @builder.io/mitosis@0.0.112 > module@1.2.5 > vinyl-fs@2.4.3 > glob-stream@5.3.5 > micromatch@2.3.11 > parse-glob@3.0.4 > glob-base@0.3.0 > glob-parent@2.0.0
high	node-fetch forwards secure headers to untrusted sites	node-fetch	<2.6.7	>=2.6.7	mypackage > @builder.io/mitosis@0.0.112 > @builder.io/react@1.1.52 > create-react-context@0.2.3 > fbjs@0.8.18 > isomorphic-fetch@2.2.1 > node-fetch@1.7.3	Link
					mypackage > @builder.io/mitosis-cli@0.0.80 > @builder.io/mitosis@0.0.122 > @builder.io/react@1.1.52 > create-react-context@0.2.3 > fbjs@0.8.18 > isomorphic-fetch@2.2.1 > node-fetch@1.7.3

Additional Information

I love this project, happy to provide a fix.