Skip to content

High severity vulnerability: Latest @vue/cli-plugin-unit-mocha@5.0.8 requires vulnerable minimatch@3.0.4 via mocha@8.4.0 #7366

Open
@HemangTungal

Description

@HemangTungal

Version

5.0.8

Environment info

Dev Dependency: Latest @vue/cli-plugin-unit-mocha@5.0.8 depends on vulnerable minimatch@3.0.4 via mocha@8.4.0

Steps to reproduce

Run npm audit

What is expected?

The solution to resolve the vulnerability.

What is actually happening?

The latest @vue/cli-plugin-unit-mocha@5.0.8 requires vulnerable minimatch@3.0.4 via mocha@8.4.0.


I need help finding a relevant solution or discussion on the internet for the issue. Though it's a dev dependency, it is a critical one.

Activity

HemangTungal

HemangTungal commented on Mar 23, 2023

@HemangTungal
Author

@yyx990803 Can you please have a look?

robocoder

robocoder commented on Jan 20, 2025

@robocoder

also reported in #7450

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

      Development

      No branches or pull requests

        Participants

        @robocoder@HemangTungal

        Issue actions

          High severity vulnerability: Latest @vue/cli-plugin-unit-mocha@5.0.8 requires vulnerable minimatch@3.0.4 via mocha@8.4.0 · Issue #7366 · vuejs/vue-cli