Skip to content

High severity vulnerability: Latest @vue/cli-plugin-unit-mocha@5.0.8 requires vulnerable minimatch@3.0.4 via mocha@8.4.0 #7366

New issue
New issue
Open
Open
High severity vulnerability: Latest @vue/cli-plugin-unit-mocha@5.0.8 requires vulnerable minimatch@3.0.4 via mocha@8.4.0#7366
@HemangTungal

Description

@HemangTungal
HemangTungal
opened on Mar 22, 2023

Version

5.0.8

Environment info

Dev Dependency: Latest @vue/cli-plugin-unit-mocha@5.0.8 depends on vulnerable minimatch@3.0.4 via mocha@8.4.0

Steps to reproduce

Run npm audit

What is expected?

The solution to resolve the vulnerability.

What is actually happening?

The latest @vue/cli-plugin-unit-mocha@5.0.8 requires vulnerable minimatch@3.0.4 via mocha@8.4.0.

I need help finding a relevant solution or discussion on the internet for the issue. Though it's a dev dependency, it is a critical one.

Activity

HemangTungal

HemangTungal commented on Mar 23, 2023

@HemangTungal
HemangTungal
on Mar 23, 2023
Author

@yyx990803 Can you please have a look?

robocoder

robocoder commented on Jan 20, 2025

@robocoder
robocoder
on Jan 20, 2025

also reported in #7450

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

      Development

      No branches or pull requests

        Participants

        @robocoder@HemangTungal

        Issue actions
          High severity vulnerability: Latest @vue/cli-plugin-unit-mocha@5.0.8 requires vulnerable minimatch@3.0.4 via mocha@8.4.0 · Issue #7366 · vuejs/vue-cli