[Snyk] Fix for 1 vulnerabilities

[carlosrojaso]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • packages/@vue/cli-service/package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	661/1000 Why? Recently disclosed, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-SSRI-1085630	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: copy-webpack-plugin

The new version differs by 31 commits.

• 64e60c2 chore(release): 6.0.0
• dd9ce50 test: coverage
• 29254e3 feat: implement the `directory` option for the `cacheTransform` option
• bebafcf refactor: code
• e3803ce feat: implement the `noErrorOnMissing` option (背景图引入svg文件 报错 vuejs/vue-cli#475)
• 8e5bc1b chore(deps): update (Vue Build Stylus and Pug Missing Module vuejs/vue-cli#474)
• 6b85c86 docs: improve (Vue 1.x message shows on pwa template vuejs/vue-cli#473)
• 3ef3f25 refactor: drop test option in favor transformPath (How to use the "setup" vuejs/vue-cli#472)
• 045f629 refactor: code (Module build failed: TypeError: this._init is not a function vuejs/vue-cli#471)
• 20c9ae5 docs: import documentation for the `from` option ('npm install -g vue-cli' error vuejs/vue-cli#468)
• bfb4f0e docs: improve the description for the `toType` option (vue-cli · Failed to download repo vuejs/vue-cli#467)
• c0c9fa7 test: transform && transformPath (How do you implement this process processing function? vuejs/vue-cli#470)
• 197b0d8 fix: asset size
• c176d7d feat: concurrency option ( i cant npm run dev successful after vue-cli init vuejs/vue-cli#466)
• e5e410a refactor: code (Using a .vue file to generate an Html and CSS file with an input model vuejs/vue-cli#465)
• 0be6470 refactor: remove the `ignore` option in favor globOptions.ignore (css image 'absolute' urls cannot be loaded vuejs/vue-cli#463)
• 6b07a63 refactor: code
• 42194f3 refactor: code (Unexpected token: operator (>) from UglifyJs vuejs/vue-cli#459)
• 1e2f3a1 test: refactor (Webpack and HTTP2 vuejs/vue-cli#458)
• a728675 chore: update globby
• 64b2e1a refactor: remove the global `context` option (Fix node 4 compatibility. vuejs/vue-cli#453)
• f6da280 refactor: rename the `cache` option to `cacheTransform` (automate prompts vuejs/vue-cli#452)
• aedd2bd refactor: plugin options (Windows 10.1 "vue init webpack vuejs" command error vuejs/vue-cli#451)
• 383ff9d refactor: 'from' option (clean cached template in downloadandgenerate vuejs/vue-cli#450)

See the full diff

Package name: ssri

The new version differs by 25 commits.

• 3eec7a3 chore(release): 8.0.1
• 2083289 chore: update package-lock and dev dependencies
• 76e2233 fix: simplify regex for strict mode, add tests
• 41b764f chore(release): 8.0.0
• 4062735 fix: harden SRI parsing against ../ funny business
• a6811cb fix: throw null when sri is empty or bad
• 1727a7c chore: consistent project setup
• 4a963e5 fix: IntegrityStream responds to mutating opts object mid-stream
• 0e78fd7 feat: remove figgy-pudding
• 79ba4ec chore(release): 7.1.0
• 0572c1d feat: Add Integrity#merge method
• 3084efd deps: tap@14.8.2
• 6545b4b deps: minipass@3.1.1
• 806e8c8 fix: Do not blow up if the opts object is mutated
• cea474f chore(release): 7.0.1
• 3ff8ba8 chore: require node >=8, update minipass
• 9c76e0c chore(release): 7.0.0
• 55b055d fix: return super.write() return value
• d834c8d chore: add code owners to github metadata
• 6d13165 Use native promises only
• f7224bc docs: update github repository links
• 0659cca test: bring up to 100% coverage
• 2e54956 test: update tap, standard, standard-version, travis
• 34a7c74 chore(streams): refactor integrityStream fn

See the full diff

Package name: terser-webpack-plugin

The new version differs by 87 commits.

• 1f4812c chore(release): 3.0.0
• 91642a1 refactor: code
• 557781e refactor: remove the `chunkFilter` option
• c40a6ae refactor: code
• 974bc19 refactor: `extractComments.filename` option
• d509135 refactor: `warningsFilter` option (onloadwff.js vuejs/vue-cli#236)
• 825ac94 refactor: `extractComments.filename` option
• 038a56b chore(deps): update (ERROR in Entry module not found: Error: Can't resolve 'babel' vuejs/vue-cli#234)
• 9aec83f refactor: code
• 171819e chore(release): 2.3.6
• d3f0c81 fix: preserve `@ license` comments starting with `//`
• 7105dc3 ci: migrate on github actions
• 6ad3f5d chore(release): 2.3.5
• fac58cb fix: do not break code with shebang
• ba1cb8a chore(deps): update (Unexpected token import vuejs/vue-cli#219)
• 8ed6b7e docs(readme): update `parallel` option and explain fix for circleci (vue devtool: 'eval-source-map', cannot debug breakpoint vuejs/vue-cli#216)
• 2da2c1a chore(release): 2.3.4
• 5708574 fix: respect stdout and stderr of workers and do not create warnings (import / export issue vuejs/vue-cli#215)
• 8d9837d refactor: code and test (Eslint error listing on vue files vuejs/vue-cli#214)
• 330c1f6 fix: use webpack hashFunction rather than hard-code MD4 (Error in response to storage.get vuejs/vue-cli#213)
• 6b45dbe chore(release): 2.3.3
• fe67963 chore(deps): update (How to update vue-cli? vuejs/vue-cli#212)
• abfd950 fix: reduce memory usage
• de02f7b fix: license files now have .txt suffix by default (引用H5对象报错 vuejs/vue-cli#210)

See the full diff

Package name: webpack

The new version differs by 250 commits.

• 610f368 5.0.0
• 5ce65c1 update examples
• bbe1230 Merge pull request #11628 from webpack/bugfix/real-content-hash
• 75ecff2 5.0.0-rc.6
• bfc35d6 Merge pull request #11603 from MayaWolf/master
• 76e8cbd Merge pull request #11622 from webpack/dependabot/npm_and_yarn/types/node-13.13.25
• 9fd1be2 chore(deps-dev): bump @ types/node from 13.13.23 to 13.13.25
• 36bcfaa Merge pull request #11621 from webpack/bugfix/11619
• 9130d10 fix called variables with ProvidePlugin
• 3e42105 Merge pull request #11620 from webpack/bugfix/11617
• 4709719 skip connections copied to concatenated module
• 57b493f 5.0.0-rc.5
• 1658e2f Merge pull request #11618 from webpack/bugfix/11615
• a8fb45d fixes crash in SideEffectsFlagPlugin
• 84b196d emit error instead of crashing when unexpected problem occurs
• 5573fed Merge pull request #11601 from Hornwitser/improve-suggested-polyfill-config
• 9b5cce9 Merge pull request #11609 from snitin315/export-types
• 37c495c export type RuleSetUseItem
• 39faf34 export type RuleSetUse
• e5fd246 export type RuleSetConditionAbsolute
• 660baad export RuleSetCondition types
• 13e3ca5 Merge pull request #11602 from webpack/bugfix/shared-runtime-chunk
• 9c0587e Merge pull request #11606 from webpack/dependabot/npm_and_yarn/simple-git-2.21.0
• 502d166 Merge pull request #11607 from webpack/dependabot/npm_and_yarn/acorn-8.0.4

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic