search

vuejs / vue-cli

🛠️ webpack-based tooling for Vue.js Development
https://cli.vuejs.org/
MIT License
29.75k stars 6.32k forks source link

ansi-regex/3.0.0 causes high security risk #7037

Closed njomzaav closed 2 years ago

njomzaav commented 2 years ago

Version

5.0.1

Environment info

Environment Info:

  System:
    OS: Windows 10 10.0.18363
    CPU: (12) x64 Intel(R) Core(TM) i7-8850H CPU @ 2.60GHz
  Binaries:
    Node: 16.14.0 - C:\Program Files\nodejs\node.EXE      
    Yarn: Not Found
    npm: 8.5.2 - C:\Program Files\nodejs\npm.CMD
  Browsers:
    Chrome: Not Found
    Edge: Spartan (44.18362.1593.0)
  npmPackages:
    @vue/cli-overlay:  5.0.1 
    @vue/cli-plugin-eslint: ~5.0.0 => 5.0.1 
    @vue/cli-plugin-router: ^5.0.0 => 5.0.1 
    @vue/cli-plugin-typescript: ^5.0.0 => 5.0.1 
    @vue/cli-plugin-unit-jest: ^5.0.0 => 5.0.1 
    @vue/cli-plugin-vuex: ^5.0.0 => 5.0.1 
    @vue/cli-service: ^5.0.0 => 5.0.1 
    @vue/cli-shared-utils:  5.0.1 
    @vue/compiler-core:  3.2.31 
    @vue/compiler-dom:  3.2.31
    @vue/compiler-sfc: ^3.0.0 => 3.2.31
    @vue/compiler-ssr:  3.2.31
    @vue/component-compiler-utils:  3.3.0
    @vue/devtools-api:  6.0.12
    @vue/eslint-config-prettier: ^6.0.0 => 6.0.0
    @vue/eslint-config-typescript: ^9.1.0 => 9.1.0
    @vue/reactivity:  3.2.31
    @vue/reactivity-transform:  3.2.31
    @vue/runtime-core:  3.2.31
    @vue/runtime-dom:  3.2.31
    @vue/server-renderer:  3.2.31
    @vue/shared:  3.2.31
    @vue/test-utils: ^2.0.0-rc.15 => 2.0.0-rc.17
    @vue/vue3-jest: ^27.0.0-alpha.1 => 27.0.0-alpha.4
    @vue/web-component-wrapper:  1.3.0
    eslint-plugin-vue: ^8.0.3 => 8.5.0
    jest-serializer-vue:  2.0.2
    primevue: ^3.11.1 => 3.12.1
    typescript: ~4.5.5 => 4.5.5
    vue: ^3.2.31 => 3.2.31
    vue-class-component: ^8.0.0-0 => 8.0.0-rc.1
    vue-eslint-parser:  8.3.0
    vue-hot-reload-api:  2.3.4
    vue-loader:  17.0.0 (15.9.8)
    vue-router: ^4.0.12 => 4.0.13
    vue-style-loader:  4.1.3
    vue-template-es2015-compiler:  1.9.1
    vuex: ^4.0.2 => 4.0.2
    vuex-persist: ^3.1.3 => 3.1.3
  npmGlobalPackages:
    @vue/cli: Not Found

Steps to reproduce

Run BlackDuck Scan on your project. The following dependency is causing a high security risk: @vue/cli-service/5.0.1/progress-webpack-plugin/1.0.12/log-update/2.3.0/wrap-ansi/3.0.1/strip-ansi/4.0.0/ansi-regex/3.0.0

What is expected?

update your dependencies

What is actually happening?

high security risk is detected

Following dependency is causing a high security risk: @vue/cli-service/5.0.1/progress-webpack-plugin/1.0.12/log-update/2.3.0/wrap-ansi/3.0.1/strip-ansi/4.0.0/ansi-regex/3.0.0

Please update your dependencies.

KevinSeroux commented 2 years ago

Related to https://github.com/vuejs/vue-cli/issues/7029#issue-1160322517.

haoqunjiang commented 2 years ago

Fixed.