Open
Description
Version
5.0.8
Environment info
Dev Dependency: Latest @vue/cli-plugin-unit-mocha@5.0.8 depends on vulnerable minimatch@3.0.4 via mocha@8.4.0
Steps to reproduce
Run npm audit
What is expected?
The solution to resolve the vulnerability.
What is actually happening?
The latest @vue/cli-plugin-unit-mocha@5.0.8 requires vulnerable minimatch@3.0.4 via mocha@8.4.0.
I need help finding a relevant solution or discussion on the internet for the issue. Though it's a dev dependency, it is a critical one.
Activity
HemangTungal commentedon Mar 23, 2023
@yyx990803 Can you please have a look?
robocoder commentedon Jan 20, 2025
also reported in #7450