High vulnerability in dependencies -> copy webpack plugin -> serialize js #5782
Description
Version
4.5.3
Environment info
System:
OS: Windows 10 10.0.18362
CPU: (8) x64 Intel(R) Core(TM) i7-8550U CPU @ 1.80GHz
Binaries:
Node: 14.5.0 - C:\Program Files\nodejs\node.EXE
Yarn: Not Found
npm: 6.14.5 - C:\Program Files\nodejs\npm.CMD
Browsers:
Chrome: 84.0.4147.125
Edge: Spartan (44.18362.449.0)
npmPackages:
@ant-design-vue/babel-helper-vue-transform-on: 1.0.1
@types/vue-router: ^2.0.0 => 2.0.0
@types/vuelidate: ^0.7.13 => 0.7.13
@vue/babel-helper-vue-jsx-merge-props: 1.0.0
@vue/babel-plugin-transform-vue-jsx: 1.1.2
@vue/babel-preset-app: 4.5.3
@vue/babel-preset-jsx: 1.1.2
@vue/babel-sugar-functional-vue: 1.1.2
@vue/babel-sugar-inject-h: 1.1.2
@vue/babel-sugar-v-model: 1.1.2
@vue/babel-sugar-v-on: 1.1.2
@vue/cli-overlay: 4.5.3
@vue/cli-plugin-babel: ^4.5.3 => 4.5.3
@vue/cli-plugin-e2e-cypress: ^4.5.3 => 4.5.3
@vue/cli-plugin-eslint: ^4.5.3 => 4.5.3
@vue/cli-plugin-router: ^4.5.3 => 4.5.3
@vue/cli-plugin-typescript: ^4.5.3 => 4.5.3
@vue/cli-plugin-unit-jest: ^4.5.3 => 4.5.3
@vue/cli-plugin-vuex: 4.5.3
@vue/cli-service: ^4.5.3 => 4.5.3
@vue/cli-shared-utils: 4.5.3
@vue/component-compiler-utils: 3.2.0
@vue/eslint-config-prettier: ^6.0.0 => 6.0.0
@vue/eslint-config-typescript: ^5.0.2 => 5.0.2
@vue/preload-webpack-plugin: 1.1.2
@vue/test-utils: 1.0.3 => 1.0.3
@vue/web-component-wrapper: 1.2.0
bootstrap-vue: ^2.16.0 => 2.16.0
eslint-plugin-vue: ^6.2.2 => 6.2.2
jest-serializer-vue: 2.0.2
portal-vue: ^2.1.7 => 2.1.7
typescript: ^3.9.7 => 3.9.7
vue: ^2.6.11 => 2.6.11
vue-class-component: ^7.2.5 => 7.2.5
vue-eslint-parser: 7.1.0
vue-functional-data-merge: 3.1.0
vue-hot-reload-api: 2.3.4
vue-i18n: ^8.20.0 => 8.20.0
vue-jest: 3.0.6
vue-loader: 15.9.3 (16.0.0-beta.5)
vue-multiselect: ^2.1.6 => 2.1.6
vue-property-decorator: ^9.0.0 => 9.0.0
vue-router: ^3.4.3 => 3.4.3
vue-style-loader: 4.1.2
vue-template-compiler: ^2.6.11 => 2.6.11
vue-template-es2015-compiler: 1.9.1
vuelidate: ^0.7.5 => 0.7.5
vuelidate-error-extractor: ^2.4.1 => 2.4.1
npmGlobalPackages:
@vue/cli: Not Found
Steps to reproduce
run 'npm audit' after install of latest vue cli-service
What is expected?
no high severity vulnerabilities should be found
What is actually happening?
serialize-javascript, a dependency of copy-webpackplugin has a high risk vulnerability.
@vue/cli-service should use copy-webpack-plugin of version ^6.0.2, since that is the first version that solves the high risk vulnerability.