Security patch for version 5 fixing serialize-javascript npm audit

[yashha]

• Operating System:
• Node Version:
• NPM Version:
• webpack Version:
• copy-webpack-plugin Version: 5.1.1

Feature Proposal

Provide a security dependency patch for version 5 to fix the serialize-javascript issue.
e.g. 5.1.2

Just an idea, if you want that vue-cli do upgrade to version 6 then the fix in in vue-cli will take probably longer.

Feature Use Case

vuejs/vue-cli#5789
vuejs/vue-cli#5782

[alexander-akait]

Why do not update copy-webpack-plugin?

[yashha]

I don't know, it was just an idea, because there are some breaking changes, it is maybe not an easy upgrade.
The CI failed when submitting the pr. vuejs/vue-cli#5782
We can close it and wait for an update in vue-cli when you want. I did go now for a npm-force-resolutions solution for now.

[BryceV]

I am in a similar spot. Trying to find out if we can jump from 5.1.1 to the latest semver to remove this security warning. Is the update across versions seamless?

[alexander-akait]

@BryceV you need to read changelog, there are many breaking changes

[yashha]

Also a good idea:
@sodatea created a fork "copy-webpack-plugin-v5": "5.1.2"
vuejs/vue-cli#5829

We can close this issue then I guess. It is not as clean than having a small security release for version 5 of "copy-webpack-plugin" though.

[yashha]

Update with release v5.1.2, thanks @evilebottnawi!