4 vulnerabilities - 11ty install. How i should fix this?

Question

Please I've tried all and nothing works.

`# npm audit report

liquidjs <10.0.0 Severity: moderate liquidjs may leak properties of a prototype - https://github.com/advisories/GHSA-45rm-2893-5f49 No fix available node_modules/liquidjs @11ty/eleventy <=2.0.0-canary.18 Depends on vulnerable versions of browser-sync Depends on vulnerable versions of liquidjs node_modules/@11ty/eleventy

ua-parser-js 0.8.1 - 1.0.32 Severity: high ReDoS Vulnerability in ua-parser-js version - https://github.com/advisories/GHSA-fhg7-m89q-25r3 No fix available node_modules/ua-parser-js browser-sync >=2.27.6 Depends on vulnerable versions of ua-parser-js node_modules/browser-sync

4 vulnerabilities (1 moderate, 3 high)

Some issues need review, and may require choosing a different dependency.`

I've tried to update all dependencies but nothing.

Answer 1

Generally speaking, when dealing with SSGs, the vulnerabilities are not the issue because they are revealing themselves only at the build time, and not the runtime. Generated static website doesn't inherit those vulnerabilities.

Answer 2

As mentioned before it is no problem for an SSG to have vulnerabilities at the server side because it's never exposed to the internet. However if you tire update those dependecies 11ty may fall to work! Keep in mind this also!