You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I propose the yarn.lock file be cleaned up. There is no dependency on vue-codemod in the package.json file. I don't see a reason the vue-codemod component should still be in the yarn.lock file.
If the vue-codemod dependency is actually needed, it should be listed in the package.json file to make updates easier. Additionally, I've submitted a pull request on vue-codemod to fix the security vulnerability - vuejs/vue-codemod#34 - but there has been no activity on that repository in a while, so I'm not sure it is actively maintained any longer.
The text was updated successfully, but these errors were encountered:
What problem does this feature solve?
Security vulnerability in the colors.js component which is part of the vue-codemod dependency, which only exists in the yarn.lock file - https://github.com/vuejs/vue-cli/blob/v4.5.15/yarn.lock#L19894
What does the proposed API look like?
I propose the yarn.lock file be cleaned up. There is no dependency on vue-codemod in the package.json file. I don't see a reason the vue-codemod component should still be in the yarn.lock file.
If the vue-codemod dependency is actually needed, it should be listed in the package.json file to make updates easier. Additionally, I've submitted a pull request on vue-codemod to fix the security vulnerability - vuejs/vue-codemod#34 - but there has been no activity on that repository in a while, so I'm not sure it is actively maintained any longer.
The text was updated successfully, but these errors were encountered: