Skip to content

Commit 0e0ae95

Browse files
haoqunjianghaoqunjiang
authored
fix(v4): get rid of ssri vulnerability warnings (#6455)
Needs to downgrade terser-webpack-plugin to v1, which is the default version in webpack 4. Since the major breaking changes in v2 are mostly related to option default values, the downgrading does not introduce breaking changes in Vue CLI. Closes #6424
1 parent b0de229 commit 0e0ae95

File tree

2 files changed

+26
-80
lines changed

2 files changed

+26
-80
lines changed

Diff for: packages/@vue/cli-service/package.json

+2-2
Original file line numberDiff line numberDiff line change
@@ -67,8 +67,8 @@
6767
"pnp-webpack-plugin": "^1.6.4",
6868
"portfinder": "^1.0.26",
6969
"postcss-loader": "^3.0.0",
70-
"ssri": "^7.1.0",
71-
"terser-webpack-plugin": "^2.3.6",
70+
"ssri": "^8.0.1",
71+
"terser-webpack-plugin": "^1.4.4",
7272
"thread-loader": "^2.1.3",
7373
"url-loader": "^2.2.0",
7474
"vue-loader": "^15.9.2",

Diff for: yarn.lock

+24-78
Original file line numberDiff line numberDiff line change
@@ -5774,30 +5774,6 @@ cacache@^12.0.0, cacache@^12.0.2, cacache@^12.0.3:
57745774
unique-filename "^1.1.1"
57755775
y18n "^4.0.0"
57765776

5777-
cacache@^13.0.1:
5778-
version "13.0.1"
5779-
resolved "https://registry.yarnpkg.com/cacache/-/cacache-13.0.1.tgz#a8000c21697089082f85287a1aec6e382024a71c"
5780-
integrity sha512-5ZvAxd05HDDU+y9BVvcqYu2LLXmPnQ0hW62h32g4xBTgL/MppR4/04NHfj/ycM2y6lmTnbw6HVi+1eN0Psba6w==
5781-
dependencies:
5782-
chownr "^1.1.2"
5783-
figgy-pudding "^3.5.1"
5784-
fs-minipass "^2.0.0"
5785-
glob "^7.1.4"
5786-
graceful-fs "^4.2.2"
5787-
infer-owner "^1.0.4"
5788-
lru-cache "^5.1.1"
5789-
minipass "^3.0.0"
5790-
minipass-collect "^1.0.2"
5791-
minipass-flush "^1.0.5"
5792-
minipass-pipeline "^1.2.2"
5793-
mkdirp "^0.5.1"
5794-
move-concurrently "^1.0.1"
5795-
p-map "^3.0.0"
5796-
promise-inflight "^1.0.1"
5797-
rimraf "^2.7.1"
5798-
ssri "^7.0.0"
5799-
unique-filename "^1.1.1"
5800-
58015777
cache-base@^1.0.1:
58025778
version "1.0.1"
58035779
resolved "https://registry.yarnpkg.com/cache-base/-/cache-base-1.0.1.tgz#0a7f46416831c8b662ee36fe4e7c59d76f666ab2"
@@ -9596,7 +9572,7 @@ find-cache-dir@^2.0.0, find-cache-dir@^2.1.0:
95969572
make-dir "^2.0.0"
95979573
pkg-dir "^3.0.0"
95989574

9599-
find-cache-dir@^3.0.0, find-cache-dir@^3.3.1:
9575+
find-cache-dir@^3.0.0:
96009576
version "3.3.1"
96019577
resolved "https://registry.yarnpkg.com/find-cache-dir/-/find-cache-dir-3.3.1.tgz#89b33fad4a4670daa94f855f7fbe31d6d84fe880"
96029578
integrity sha512-t2GDMt3oGC/v+BMwzmllWDuJF/xcDtE5j/fCGbqDD7OLuJkj0cfh1YSA5VKPvwMeLFLNDBkwOKZ2X85jGLVftQ==
@@ -12466,14 +12442,6 @@ jest-worker@^24.6.0, jest-worker@^24.9.0:
1246612442
merge-stream "^2.0.0"
1246712443
supports-color "^6.1.0"
1246812444

12469-
jest-worker@^25.4.0:
12470-
version "25.5.0"
12471-
resolved "https://registry.yarnpkg.com/jest-worker/-/jest-worker-25.5.0.tgz#2611d071b79cea0f43ee57a3d118593ac1547db1"
12472-
integrity sha512-/dsSmUkIy5EBGfv/IjjqmFxrNAUpBERfGs1oHROyD7yxjG/w+t0GOJDX8O1k32ySmd7+a5IhnJU2qQFcJ4n1vw==
12473-
dependencies:
12474-
merge-stream "^2.0.0"
12475-
supports-color "^7.0.0"
12476-
1247712445
jest@^24.9.0:
1247812446
version "24.9.0"
1247912447
resolved "https://registry.yarnpkg.com/jest/-/jest-24.9.0.tgz#987d290c05a08b52c56188c1002e368edb007171"
@@ -14129,27 +14097,6 @@ minimist@^1.1.0, minimist@^1.1.1, minimist@^1.1.3, minimist@^1.2.0, minimist@^1.
1412914097
resolved "https://registry.yarnpkg.com/minimist/-/minimist-1.2.5.tgz#67d66014b66a6a8aaa0c083c5fd58df4e4e97602"
1413014098
integrity sha512-FM9nNUYrRBAELZQT3xeZQ7fmMOBg6nWNmJKTcgsJeaLstP/UODVpGsr5OhXhhXg6f+qtJ8uiZ+PUxkDWcgIXLw==
1413114099

14132-
minipass-collect@^1.0.2:
14133-
version "1.0.2"
14134-
resolved "https://registry.yarnpkg.com/minipass-collect/-/minipass-collect-1.0.2.tgz#22b813bf745dc6edba2576b940022ad6edc8c617"
14135-
integrity sha512-6T6lH0H8OG9kITm/Jm6tdooIbogG9e0tLgpY6mphXSm/A9u8Nq1ryBG+Qspiub9LjWlBPsPS3tWQ/Botq4FdxA==
14136-
dependencies:
14137-
minipass "^3.0.0"
14138-
14139-
minipass-flush@^1.0.5:
14140-
version "1.0.5"
14141-
resolved "https://registry.yarnpkg.com/minipass-flush/-/minipass-flush-1.0.5.tgz#82e7135d7e89a50ffe64610a787953c4c4cbb373"
14142-
integrity sha512-JmQSYYpPUqX5Jyn1mXaRwOda1uQ8HP5KAT/oDSLCzt1BYRhQU0/hDtsB1ufZfEEzMZ9aAVmsBw8+FWsIXlClWw==
14143-
dependencies:
14144-
minipass "^3.0.0"
14145-
14146-
minipass-pipeline@^1.2.2:
14147-
version "1.2.4"
14148-
resolved "https://registry.yarnpkg.com/minipass-pipeline/-/minipass-pipeline-1.2.4.tgz#68472f79711c084657c067c5c6ad93cddea8214c"
14149-
integrity sha512-xuIq7cIOt09RPRJ19gdi4b+RiNvDFYe5JH+ggNvBqGqpQXcru3PcRmOZuHBKWK1Txf9+cQ+HMVN4d6z46LZP7A==
14150-
dependencies:
14151-
minipass "^3.0.0"
14152-
1415314100
minipass@^2.3.5, minipass@^2.6.0, minipass@^2.8.6, minipass@^2.9.0:
1415414101
version "2.9.0"
1415514102
resolved "https://registry.yarnpkg.com/minipass/-/minipass-2.9.0.tgz#e713762e7d3e32fed803115cf93e04bca9fcc9a6"
@@ -15301,7 +15248,7 @@ p-limit@^1.1.0:
1530115248
dependencies:
1530215249
p-try "^1.0.0"
1530315250

15304-
p-limit@^2.0.0, p-limit@^2.2.0, p-limit@^2.2.1, p-limit@^2.3.0:
15251+
p-limit@^2.0.0, p-limit@^2.2.0, p-limit@^2.2.1:
1530515252
version "2.3.0"
1530615253
resolved "https://registry.yarnpkg.com/p-limit/-/p-limit-2.3.0.tgz#3dd33c647a214fdfffd835933eb086da0dc21db1"
1530715254
integrity sha512-//88mFWSJx8lxCzwdAABTJL2MyWB12+eIY7MDL2SqLmAkeKU9qxRvWuSyTjm3FUmpBEMuFfckAIqEaVGUDxb6w==
@@ -17377,7 +17324,7 @@ [email protected], rimraf@~2.6.2:
1737717324
dependencies:
1737817325
glob "^7.1.3"
1737917326

17380-
rimraf@^2.2.8, rimraf@^2.5.0, rimraf@^2.5.4, rimraf@^2.6.1, rimraf@^2.6.2, rimraf@^2.6.3, rimraf@^2.7.1:
17327+
rimraf@^2.2.8, rimraf@^2.5.0, rimraf@^2.5.4, rimraf@^2.6.1, rimraf@^2.6.2, rimraf@^2.6.3:
1738117328
version "2.7.1"
1738217329
resolved "https://registry.yarnpkg.com/rimraf/-/rimraf-2.7.1.tgz#35797f13a7fdadc566142c29d4f07ccad483e3ec"
1738317330
integrity sha512-uWjbaKIK3T1OSVptzX7Nl6PvQ3qAGtKEtVRjRuazjfL3Bx5eI409VZSqgND+4UNnmzLVdPj9FqFJNPqBZFve4w==
@@ -17523,7 +17470,7 @@ saxes@^3.1.9:
1752317470
dependencies:
1752417471
xmlchars "^2.1.1"
1752517472

17526-
[email protected], schema-utils@^2.0.0, schema-utils@^2.5.0, schema-utils@^2.6.1, schema-utils@^2.6.5, schema-utils@^2.6.6, schema-utils@^2.7.0:
17473+
[email protected], schema-utils@^2.0.0, schema-utils@^2.5.0, schema-utils@^2.6.1, schema-utils@^2.6.5, schema-utils@^2.7.0:
1752717474
version "2.7.0"
1752817475
resolved "https://registry.yarnpkg.com/schema-utils/-/schema-utils-2.7.0.tgz#17151f76d8eae67fbbf77960c33c676ad9f4efc7"
1752917476
integrity sha512-0ilKFI6QQF5nxDZLFn2dMjvc4hjg/Wkg7rHd3jK6/A4a1Hl9VFdQWvgB1UMGoU94pad1P/8N7fMcEnLnSiju8A==
@@ -18160,12 +18107,11 @@ ssri@^6.0.0, ssri@^6.0.1:
1816018107
dependencies:
1816118108
figgy-pudding "^3.5.1"
1816218109

18163-
ssri@^7.0.0, ssri@^7.1.0:
18164-
version "7.1.0"
18165-
resolved "https://registry.yarnpkg.com/ssri/-/ssri-7.1.0.tgz#92c241bf6de82365b5c7fb4bd76e975522e1294d"
18166-
integrity sha512-77/WrDZUWocK0mvA5NTRQyveUf+wsrIc6vyrxpS8tVvYBcX215QbafrJR3KtkpskIzoFLqqNuuYQvxaMjXJ/0g==
18110+
ssri@^8.0.1:
18111+
version "8.0.1"
18112+
resolved "https://registry.yarnpkg.com/ssri/-/ssri-8.0.1.tgz#638e4e439e2ffbd2cd289776d5ca457c4f51a2af"
18113+
integrity sha512-97qShzy1AiyxvPNIkLWoGua7xoQzzPjQ0HAH4B0rWKo7SZ6USuPcrUiAFrws0UH8RrbWmgq3LMTObhPIHbbBeQ==
1816718114
dependencies:
18168-
figgy-pudding "^3.5.1"
1816918115
minipass "^3.1.1"
1817018116

1817118117
stable@^0.1.8:
@@ -18581,7 +18527,7 @@ [email protected]:
1858118527
dependencies:
1858218528
has-flag "^3.0.0"
1858318529

18584-
[email protected], supports-color@^7.0.0, supports-color@^7.1.0:
18530+
[email protected], supports-color@^7.1.0:
1858518531
version "7.1.0"
1858618532
resolved "https://registry.yarnpkg.com/supports-color/-/supports-color-7.1.0.tgz#68e32591df73e25ad1c4b49108a2ec507962bfd1"
1858718533
integrity sha512-oRSIpR8pxT1Wr2FquTNnGet79b3BWljqOuoW/h4oBhxJ/HUbX5nX6JSruTkvXDCFMwDPvsaTTbvMLKZWSy0R5g==
@@ -18802,22 +18748,22 @@ terser-webpack-plugin@^1.4.3:
1880218748
webpack-sources "^1.4.0"
1880318749
worker-farm "^1.7.0"
1880418750

18805-
terser-webpack-plugin@^2.3.6:
18806-
version "2.3.7"
18807-
resolved "https://registry.yarnpkg.com/terser-webpack-plugin/-/terser-webpack-plugin-2.3.7.tgz#4910ff5d1a872168cc7fa6cd3749e2b0d60a8a0b"
18808-
integrity sha512-xzYyaHUNhzgaAdBsXxk2Yvo/x1NJdslUaussK3fdpBbvttm1iIwU+c26dj9UxJcwk2c5UWt5F55MUTIA8BE7Dg==
18809-
dependencies:
18810-
cacache "^13.0.1"
18811-
find-cache-dir "^3.3.1"
18812-
jest-worker "^25.4.0"
18813-
p-limit "^2.3.0"
18814-
schema-utils "^2.6.6"
18815-
serialize-javascript "^3.1.0"
18751+
terser-webpack-plugin@^1.4.4:
18752+
version "1.4.5"
18753+
resolved "https://registry.yarnpkg.com/terser-webpack-plugin/-/terser-webpack-plugin-1.4.5.tgz#a217aefaea330e734ffacb6120ec1fa312d6040b"
18754+
integrity sha512-04Rfe496lN8EYruwi6oPQkG0vo8C+HT49X687FZnpPF0qMAIHONI6HEXYPKDOE8e5HjXTyKfqRd/agHtH0kOtw==
18755+
dependencies:
18756+
cacache "^12.0.2"
18757+
find-cache-dir "^2.1.0"
18758+
is-wsl "^1.1.0"
18759+
schema-utils "^1.0.0"
18760+
serialize-javascript "^4.0.0"
1881618761
source-map "^0.6.1"
18817-
terser "^4.6.12"
18818-
webpack-sources "^1.4.3"
18762+
terser "^4.1.2"
18763+
webpack-sources "^1.4.0"
18764+
worker-farm "^1.7.0"
1881918765

18820-
terser@^4.1.2, terser@^4.6.12:
18766+
terser@^4.1.2:
1882118767
version "4.8.0"
1882218768
resolved "https://registry.yarnpkg.com/terser/-/terser-4.8.0.tgz#63056343d7c70bb29f3af665865a46fe03a0df17"
1882318769
integrity sha512-EAPipTNeWsb/3wLPeup1tVPaXfIaU68xMnVdPafIL1TV05OhASArYyIfFvnvJCNrR2NIOvDVNNTFRa+Re2MWyw==
@@ -20429,7 +20375,7 @@ webpack-merge@^4.1.2, webpack-merge@^4.2.2:
2042920375
dependencies:
2043020376
lodash "^4.17.15"
2043120377

20432-
webpack-sources@^1.1.0, webpack-sources@^1.4.0, webpack-sources@^1.4.1, webpack-sources@^1.4.3:
20378+
webpack-sources@^1.1.0, webpack-sources@^1.4.0, webpack-sources@^1.4.1:
2043320379
version "1.4.3"
2043420380
resolved "https://registry.yarnpkg.com/webpack-sources/-/webpack-sources-1.4.3.tgz#eedd8ec0b928fbf1cbfe994e22d2d890f330a933"
2043520381
integrity sha512-lgTS3Xhv1lCOKo7SA5TjKXMjpSM4sBjNV5+q2bqesbSPs5FjGmU6jjtBSkX9b4qW87vDIsCIlUPOEhbZrMdjeQ==

0 commit comments

Comments
 (0)