fix: eliminate the serialize-javascript vulnerability warning

By switching to a fork of copy-webpack-plugin v5, so that we can circumvent the issue in a non-semver-breaking way. Fixes vuejs#5782
sodatea · Aug 27, 2020 · 31f58aa · 31f58aa
1 parent 9706cd1
commit 31f58aa
Show file tree

Hide file tree

Showing 3 changed files with 26 additions and 3 deletions.
diff --git a/packages/@vue/cli-service/lib/config/app.js b/packages/@vue/cli-service/lib/config/app.js
@@ -296,7 +296,7 @@ module.exports = (api, options) => {
     if (!isLegacyBundle && fs.existsSync(publicDir)) {
       webpackConfig
         .plugin('copy')
-          .use(require('copy-webpack-plugin'), [[{
+          .use(require('copy-webpack-plugin-v5'), [[{
             from: publicDir,
             to: outputDir,
             toType: 'dir',

diff --git a/packages/@vue/cli-service/package.json b/packages/@vue/cli-service/package.json
@@ -46,7 +46,7 @@
     "cli-highlight": "^2.1.4",
     "clipboardy": "^2.3.0",
     "cliui": "^6.0.0",
-    "copy-webpack-plugin": "^5.1.1",
+    "copy-webpack-plugin-v5": "^5.1.2",
     "css-loader": "^3.5.3",
     "cssnano": "^4.1.10",
     "debug": "^4.1.1",

diff --git a/yarn.lock b/yarn.lock
@@ -2986,6 +2986,11 @@
   resolved "https://registry.yarnpkg.com/@types/mocha/-/mocha-5.2.7.tgz#315d570ccb56c53452ff8638738df60726d5b6ea"
   integrity sha512-NYrtPht0wGzhwe9+/idPaBB+TqkY9AhTvOLMkThm0IoEfLaiVQZwBwyJ5puCkO3AUCWrmcoePjp2mbFocKy4SQ==
 
+"@types/mocha@^8.0.1":
+  version "8.0.3"
+  resolved "https://registry.yarnpkg.com/@types/mocha/-/mocha-8.0.3.tgz#51b21b6acb6d1b923bbdc7725c38f9f455166402"
+  integrity sha512-vyxR57nv8NfcU0GZu8EUXZLTbCMupIUwy95LJ6lllN+JRPG25CwMHoB1q5xKh8YKhQnHYRAn4yW2yuHbf/5xgg==
+
 "@types/node-fetch@2.5.7":
   version "2.5.7"
   resolved "https://registry.yarnpkg.com/@types/node-fetch/-/node-fetch-2.5.7.tgz#20a2afffa882ab04d44ca786449a276f9f6bbf3c"
@@ -6975,7 +6980,25 @@ copy-descriptor@^0.1.0:
   resolved "https://registry.yarnpkg.com/copy-descriptor/-/copy-descriptor-0.1.1.tgz#676f6eb3c39997c2ee1ac3a924fd6124748f578d"
   integrity sha1-Z29us8OZl8LuGsOpJP1hJHSPV40=
 
-copy-webpack-plugin@^5.0.2, copy-webpack-plugin@^5.1.1:
+copy-webpack-plugin-v5@^5.1.2:
+  version "5.1.2"
+  resolved "https://registry.yarnpkg.com/copy-webpack-plugin-v5/-/copy-webpack-plugin-v5-5.1.2.tgz#e7fd3e55158f636abaf91130505a81a41c7eed01"
+  integrity sha512-kTX5+l1ApkXR98hbJDGnU1yILZ7zpRdBN1rxE7xq40u9JFNOtgf+aEBqUebtFlGiSE0qecf6xbB8bI9Ys0YByQ==
+  dependencies:
+    cacache "^12.0.3"
+    find-cache-dir "^2.1.0"
+    glob-parent "^3.1.0"
+    globby "^7.1.1"
+    is-glob "^4.0.1"
+    loader-utils "^1.2.3"
+    minimatch "^3.0.4"
+    normalize-path "^3.0.0"
+    p-limit "^2.2.1"
+    schema-utils "^1.0.0"
+    serialize-javascript "^4.0.0"
+    webpack-log "^2.0.0"
+
+copy-webpack-plugin@^5.0.2:
   version "5.1.1"
   resolved "https://registry.yarnpkg.com/copy-webpack-plugin/-/copy-webpack-plugin-5.1.1.tgz#5481a03dea1123d88a988c6ff8b78247214f0b88"
   integrity sha512-P15M5ZC8dyCjQHWwd4Ia/dm0SgVvZJMYeykVIVYXbGyqO4dWB5oyPHp9i7wjwo5LhtlhKbiBCdS2NvM07Wlybg==