node-notifier vulnerability in versions prior to 8.0.1 - Githubissues

vuejs / vue-cli

🛠️ webpack-based tooling for Vue.js Development

https://cli.vuejs.org/

MIT License

29.76k stars 6.33k forks source link

node-notifier vulnerability in versions prior to 8.0.1 #6200

Open corydorning opened 3 years ago

corydorning commented 3 years ago

Version

5.0.0-alpha.2

Reproduction link

https://snyk.io/vuln/SNYK-JS-NODENOTIFIER-1035794

Environment info

@vue/cli: ^4.5.10

Steps to reproduce

install vue-cli via npm. @vue-cli-ui uses node-notifier version ^6.0.0 which npm reports as a moderate vulnerability. More info here: https://snyk.io/vuln/SNYK-JS-NODENOTIFIER-1035794

Dependency path: @vue/cli > @vue/cli-ui > node-notifier

What is expected?

no vulnerability reported

What is actually happening?

vulnerability reported

solancer commented 3 years ago

@sodatea will this be resolved at some point?