-
-
Notifications
You must be signed in to change notification settings - Fork 6.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
update serialize-javascript to 3.1.0+ to address security vulnerabili… #5789
update serialize-javascript to 3.1.0+ to address security vulnerabili… #5789
Conversation
…ties of serialize-javascript < 3.1.0, a sub-dependency of copy-webpack-plugin
any updates on this? |
I'm not quite sure what the next steps are... |
Fixes #5782. Can this get merged in to remove the high severity vulnerability warning when using vue-cli? |
Still waiting for this dependency update to fix the vulnerability... |
1 similar comment
Still waiting for this dependency update to fix the vulnerability... |
It's taking too much time. I just updated by hand changing @vue/cli-service/package.json |
Does a dependency update take this much time... I am considering to use the same approach of jsb989 now :/ |
It breaks almost all of the CI tests. We need another way to address this issue. Not blindly updating the dependency version. |
@sodatea Just an Idea: |
This PR updates
serialize-javascript
to3.1.0
+ to address security vulnerabilities ofserialize-javascript
<3.1.0
, a sub-dependency ofcopy-webpack-plugin
.What kind of change does this PR introduce? (check at least one)
Does this PR introduce a breaking change? (check one)
Other information:
I'm hoping your CI will figure out if this is a breaking change or not.