Skip to content

Commit

Permalink
fix(v4): get rid of ssri vulnerability warnings (#6455)
Browse files Browse the repository at this point in the history 
Needs to downgrade terser-webpack-plugin to v1, which is the default
version in webpack 4.

Since the major breaking changes in v2 are mostly
related to option default values, the downgrading does not introduce
breaking changes in Vue CLI.

Closes #6424
  • Loading branch information
@haoqunjiang
haoqunjiang authored May 7, 2021
1 parent b0de229 commit 0e0ae95
Show file tree
Hide file tree
Showing 2 changed files with 26 additions and 80 deletions.
4 changes: 2 additions & 2 deletions packages/@vue/cli-service/package.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -67,8 +67,8 @@
"pnp-webpack-plugin": "^1.6.4",
"portfinder": "^1.0.26",
"postcss-loader": "^3.0.0",
"ssri": "^7.1.0",
"terser-webpack-plugin": "^2.3.6",
"ssri": "^8.0.1",
"terser-webpack-plugin": "^1.4.4",
"thread-loader": "^2.1.3",
"url-loader": "^2.2.0",
"vue-loader": "^15.9.2",
Expand Down
102 changes: 24 additions & 78 deletions yarn.lock
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5774,30 +5774,6 @@ cacache@^12.0.0, cacache@^12.0.2, cacache@^12.0.3:
unique-filename "^1.1.1"
y18n "^4.0.0"

cacache@^13.0.1:
version "13.0.1"
resolved "https://registry.yarnpkg.com/cacache/-/cacache-13.0.1.tgz#a8000c21697089082f85287a1aec6e382024a71c"
integrity sha512-5ZvAxd05HDDU+y9BVvcqYu2LLXmPnQ0hW62h32g4xBTgL/MppR4/04NHfj/ycM2y6lmTnbw6HVi+1eN0Psba6w==
dependencies:
chownr "^1.1.2"
figgy-pudding "^3.5.1"
fs-minipass "^2.0.0"
glob "^7.1.4"
graceful-fs "^4.2.2"
infer-owner "^1.0.4"
lru-cache "^5.1.1"
minipass "^3.0.0"
minipass-collect "^1.0.2"
minipass-flush "^1.0.5"
minipass-pipeline "^1.2.2"
mkdirp "^0.5.1"
move-concurrently "^1.0.1"
p-map "^3.0.0"
promise-inflight "^1.0.1"
rimraf "^2.7.1"
ssri "^7.0.0"
unique-filename "^1.1.1"

cache-base@^1.0.1:
version "1.0.1"
resolved "https://registry.yarnpkg.com/cache-base/-/cache-base-1.0.1.tgz#0a7f46416831c8b662ee36fe4e7c59d76f666ab2"
Expand Down Expand Up @@ -9596,7 +9572,7 @@ find-cache-dir@^2.0.0, find-cache-dir@^2.1.0:
make-dir "^2.0.0"
pkg-dir "^3.0.0"

find-cache-dir@^3.0.0, find-cache-dir@^3.3.1:
find-cache-dir@^3.0.0:
version "3.3.1"
resolved "https://registry.yarnpkg.com/find-cache-dir/-/find-cache-dir-3.3.1.tgz#89b33fad4a4670daa94f855f7fbe31d6d84fe880"
integrity sha512-t2GDMt3oGC/v+BMwzmllWDuJF/xcDtE5j/fCGbqDD7OLuJkj0cfh1YSA5VKPvwMeLFLNDBkwOKZ2X85jGLVftQ==
Expand Down Expand Up @@ -12466,14 +12442,6 @@ jest-worker@^24.6.0, jest-worker@^24.9.0:
merge-stream "^2.0.0"
supports-color "^6.1.0"

jest-worker@^25.4.0:
version "25.5.0"
resolved "https://registry.yarnpkg.com/jest-worker/-/jest-worker-25.5.0.tgz#2611d071b79cea0f43ee57a3d118593ac1547db1"
integrity sha512-/dsSmUkIy5EBGfv/IjjqmFxrNAUpBERfGs1oHROyD7yxjG/w+t0GOJDX8O1k32ySmd7+a5IhnJU2qQFcJ4n1vw==
dependencies:
merge-stream "^2.0.0"
supports-color "^7.0.0"

jest@^24.9.0:
version "24.9.0"
resolved "https://registry.yarnpkg.com/jest/-/jest-24.9.0.tgz#987d290c05a08b52c56188c1002e368edb007171"
Expand Down Expand Up @@ -14129,27 +14097,6 @@ minimist@^1.1.0, minimist@^1.1.1, minimist@^1.1.3, minimist@^1.2.0, minimist@^1.
resolved "https://registry.yarnpkg.com/minimist/-/minimist-1.2.5.tgz#67d66014b66a6a8aaa0c083c5fd58df4e4e97602"
integrity sha512-FM9nNUYrRBAELZQT3xeZQ7fmMOBg6nWNmJKTcgsJeaLstP/UODVpGsr5OhXhhXg6f+qtJ8uiZ+PUxkDWcgIXLw==

minipass-collect@^1.0.2:
version "1.0.2"
resolved "https://registry.yarnpkg.com/minipass-collect/-/minipass-collect-1.0.2.tgz#22b813bf745dc6edba2576b940022ad6edc8c617"
integrity sha512-6T6lH0H8OG9kITm/Jm6tdooIbogG9e0tLgpY6mphXSm/A9u8Nq1ryBG+Qspiub9LjWlBPsPS3tWQ/Botq4FdxA==
dependencies:
minipass "^3.0.0"

minipass-flush@^1.0.5:
version "1.0.5"
resolved "https://registry.yarnpkg.com/minipass-flush/-/minipass-flush-1.0.5.tgz#82e7135d7e89a50ffe64610a787953c4c4cbb373"
integrity sha512-JmQSYYpPUqX5Jyn1mXaRwOda1uQ8HP5KAT/oDSLCzt1BYRhQU0/hDtsB1ufZfEEzMZ9aAVmsBw8+FWsIXlClWw==
dependencies:
minipass "^3.0.0"

minipass-pipeline@^1.2.2:
version "1.2.4"
resolved "https://registry.yarnpkg.com/minipass-pipeline/-/minipass-pipeline-1.2.4.tgz#68472f79711c084657c067c5c6ad93cddea8214c"
integrity sha512-xuIq7cIOt09RPRJ19gdi4b+RiNvDFYe5JH+ggNvBqGqpQXcru3PcRmOZuHBKWK1Txf9+cQ+HMVN4d6z46LZP7A==
dependencies:
minipass "^3.0.0"

minipass@^2.3.5, minipass@^2.6.0, minipass@^2.8.6, minipass@^2.9.0:
version "2.9.0"
resolved "https://registry.yarnpkg.com/minipass/-/minipass-2.9.0.tgz#e713762e7d3e32fed803115cf93e04bca9fcc9a6"
Expand Down Expand Up @@ -15301,7 +15248,7 @@ p-limit@^1.1.0:
dependencies:
p-try "^1.0.0"

p-limit@^2.0.0, p-limit@^2.2.0, p-limit@^2.2.1, p-limit@^2.3.0:
p-limit@^2.0.0, p-limit@^2.2.0, p-limit@^2.2.1:
version "2.3.0"
resolved "https://registry.yarnpkg.com/p-limit/-/p-limit-2.3.0.tgz#3dd33c647a214fdfffd835933eb086da0dc21db1"
integrity sha512-//88mFWSJx8lxCzwdAABTJL2MyWB12+eIY7MDL2SqLmAkeKU9qxRvWuSyTjm3FUmpBEMuFfckAIqEaVGUDxb6w==
Expand Down Expand Up @@ -17377,7 +17324,7 @@ rimraf@2.6.3, rimraf@~2.6.2:
dependencies:
glob "^7.1.3"

rimraf@^2.2.8, rimraf@^2.5.0, rimraf@^2.5.4, rimraf@^2.6.1, rimraf@^2.6.2, rimraf@^2.6.3, rimraf@^2.7.1:
rimraf@^2.2.8, rimraf@^2.5.0, rimraf@^2.5.4, rimraf@^2.6.1, rimraf@^2.6.2, rimraf@^2.6.3:
version "2.7.1"
resolved "https://registry.yarnpkg.com/rimraf/-/rimraf-2.7.1.tgz#35797f13a7fdadc566142c29d4f07ccad483e3ec"
integrity sha512-uWjbaKIK3T1OSVptzX7Nl6PvQ3qAGtKEtVRjRuazjfL3Bx5eI409VZSqgND+4UNnmzLVdPj9FqFJNPqBZFve4w==
Expand Down Expand Up @@ -17523,7 +17470,7 @@ saxes@^3.1.9:
dependencies:
xmlchars "^2.1.1"

schema-utils@2.7.0, schema-utils@^2.0.0, schema-utils@^2.5.0, schema-utils@^2.6.1, schema-utils@^2.6.5, schema-utils@^2.6.6, schema-utils@^2.7.0:
schema-utils@2.7.0, schema-utils@^2.0.0, schema-utils@^2.5.0, schema-utils@^2.6.1, schema-utils@^2.6.5, schema-utils@^2.7.0:
version "2.7.0"
resolved "https://registry.yarnpkg.com/schema-utils/-/schema-utils-2.7.0.tgz#17151f76d8eae67fbbf77960c33c676ad9f4efc7"
integrity sha512-0ilKFI6QQF5nxDZLFn2dMjvc4hjg/Wkg7rHd3jK6/A4a1Hl9VFdQWvgB1UMGoU94pad1P/8N7fMcEnLnSiju8A==
Expand Down Expand Up @@ -18160,12 +18107,11 @@ ssri@^6.0.0, ssri@^6.0.1:
dependencies:
figgy-pudding "^3.5.1"

ssri@^7.0.0, ssri@^7.1.0:
version "7.1.0"
resolved "https://registry.yarnpkg.com/ssri/-/ssri-7.1.0.tgz#92c241bf6de82365b5c7fb4bd76e975522e1294d"
integrity sha512-77/WrDZUWocK0mvA5NTRQyveUf+wsrIc6vyrxpS8tVvYBcX215QbafrJR3KtkpskIzoFLqqNuuYQvxaMjXJ/0g==
ssri@^8.0.1:
version "8.0.1"
resolved "https://registry.yarnpkg.com/ssri/-/ssri-8.0.1.tgz#638e4e439e2ffbd2cd289776d5ca457c4f51a2af"
integrity sha512-97qShzy1AiyxvPNIkLWoGua7xoQzzPjQ0HAH4B0rWKo7SZ6USuPcrUiAFrws0UH8RrbWmgq3LMTObhPIHbbBeQ==
dependencies:
figgy-pudding "^3.5.1"
minipass "^3.1.1"

stable@^0.1.8:
Expand Down Expand Up @@ -18581,7 +18527,7 @@ supports-color@6.0.0:
dependencies:
has-flag "^3.0.0"

supports-color@7.1.0, supports-color@^7.0.0, supports-color@^7.1.0:
supports-color@7.1.0, supports-color@^7.1.0:
version "7.1.0"
resolved "https://registry.yarnpkg.com/supports-color/-/supports-color-7.1.0.tgz#68e32591df73e25ad1c4b49108a2ec507962bfd1"
integrity sha512-oRSIpR8pxT1Wr2FquTNnGet79b3BWljqOuoW/h4oBhxJ/HUbX5nX6JSruTkvXDCFMwDPvsaTTbvMLKZWSy0R5g==
Expand Down Expand Up @@ -18802,22 +18748,22 @@ terser-webpack-plugin@^1.4.3:
webpack-sources "^1.4.0"
worker-farm "^1.7.0"

terser-webpack-plugin@^2.3.6:
version "2.3.7"
resolved "https://registry.yarnpkg.com/terser-webpack-plugin/-/terser-webpack-plugin-2.3.7.tgz#4910ff5d1a872168cc7fa6cd3749e2b0d60a8a0b"
integrity sha512-xzYyaHUNhzgaAdBsXxk2Yvo/x1NJdslUaussK3fdpBbvttm1iIwU+c26dj9UxJcwk2c5UWt5F55MUTIA8BE7Dg==
dependencies:
cacache "^13.0.1"
find-cache-dir "^3.3.1"
jest-worker "^25.4.0"
p-limit "^2.3.0"
schema-utils "^2.6.6"
serialize-javascript "^3.1.0"
terser-webpack-plugin@^1.4.4:
version "1.4.5"
resolved "https://registry.yarnpkg.com/terser-webpack-plugin/-/terser-webpack-plugin-1.4.5.tgz#a217aefaea330e734ffacb6120ec1fa312d6040b"
integrity sha512-04Rfe496lN8EYruwi6oPQkG0vo8C+HT49X687FZnpPF0qMAIHONI6HEXYPKDOE8e5HjXTyKfqRd/agHtH0kOtw==
dependencies:
cacache "^12.0.2"
find-cache-dir "^2.1.0"
is-wsl "^1.1.0"
schema-utils "^1.0.0"
serialize-javascript "^4.0.0"
source-map "^0.6.1"
terser "^4.6.12"
webpack-sources "^1.4.3"
terser "^4.1.2"
webpack-sources "^1.4.0"
worker-farm "^1.7.0"

terser@^4.1.2, terser@^4.6.12:
terser@^4.1.2:
version "4.8.0"
resolved "https://registry.yarnpkg.com/terser/-/terser-4.8.0.tgz#63056343d7c70bb29f3af665865a46fe03a0df17"
integrity sha512-EAPipTNeWsb/3wLPeup1tVPaXfIaU68xMnVdPafIL1TV05OhASArYyIfFvnvJCNrR2NIOvDVNNTFRa+Re2MWyw==
Expand Down Expand Up @@ -20429,7 +20375,7 @@ webpack-merge@^4.1.2, webpack-merge@^4.2.2:
dependencies:
lodash "^4.17.15"

webpack-sources@^1.1.0, webpack-sources@^1.4.0, webpack-sources@^1.4.1, webpack-sources@^1.4.3:
webpack-sources@^1.1.0, webpack-sources@^1.4.0, webpack-sources@^1.4.1:
version "1.4.3"
resolved "https://registry.yarnpkg.com/webpack-sources/-/webpack-sources-1.4.3.tgz#eedd8ec0b928fbf1cbfe994e22d2d890f330a933"
integrity sha512-lgTS3Xhv1lCOKo7SA5TjKXMjpSM4sBjNV5+q2bqesbSPs5FjGmU6jjtBSkX9b4qW87vDIsCIlUPOEhbZrMdjeQ==
Expand Down

0 comments on commit 0e0ae95

Please sign in to comment.