Skip to content

[pull] dev from vuejs:dev #26

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 302 commits into
base: dev
Choose a base branch
from
Open

[pull] dev from vuejs:dev #26

wants to merge 302 commits into from

Conversation

pull[bot]
Copy link

@pull pull bot commented Feb 3, 2021
edited
Loading

See Commits and Changes for more details.

Created by pull[bot] (v2.0.0-alpha.1)

Can you help keep this open source service alive? 💖 Please sponsor : )

@pull pull bot added the ⤵️ pull label Feb 3, 2021
@guardrails
Copy link

guardrails bot commented Feb 3, 2021
edited
Loading

⚠️ We detected 285 security issues in this pull request:
Mode: paranoid | Total findings: 285 | Considered vulnerability: 2

Hard-Coded Secrets (5)

vue-cli/docs/.vuepress/config.js

Line 58 in 2d3116e

apiKey: 'f6df220f7d246aff64a56300b7f19f21',

vue-cli/docs/ru/guide/browser-compatibility.md

Line 77 in 2d3116e

Content-Security-Policy: script-src 'self' 'sha256-4RS22DYeB7U14dra4KcQYxmwt5HkOInieXK1NUMBmQI='

vue-cli/docs/zh/guide/mode-and-env.md

Line 106 in 2d3116e

在构建过程中,`process.env.VUE_APP_SECRET` 将会被相应的值所取代。在 `VUE_APP_SECRET=secret` 的情况下,它会被替换为 `"secret"`

vue-cli/packages/@vue/cli-ui/src/components/dependency/NpmPackageSearch.vue

Line 6 in 2d3116e

api-key="db283631f89b5b8a10707311f911fd00"

vue-cli/packages/@vue/cli-ui/src/components/prompt/PromptsList.vue

Line 33 in 2d3116e

password: 'input'

More info on how to fix Hard-Coded Secrets in General.

Insecure Use of Regular Expressions (31)

vue-cli/packages/@vue/babel-preset-app/__tests__/babel-preset.spec.js

Line 12 in 2d3116e

return new RegExp(`"${['.*node_modules', 'core-js', 'modules', mod].join(`[\\${path.sep}]+`)}`)

vue-cli/packages/@vue/cli-plugin-babel/index.js

Line 18 in 2d3116e

return deps.length ? new RegExp(deps.join('|')) : null

vue-cli/packages/@vue/cli-plugin-e2e-cypress/index.js

Line 58 in 2d3116e

const matchRE = new RegExp(`^--${argToRemove}$`)

vue-cli/packages/@vue/cli-plugin-e2e-cypress/index.js

Line 59 in 2d3116e

const equalRE = new RegExp(`^--${argToRemove}=`)

vue-cli/packages/@vue/cli-plugin-e2e-nightwatch/index.js

Line 174 in 2d3116e

const matchRE = new RegExp(`^--${argToRemove}`)

vue-cli/packages/@vue/cli-plugin-e2e-nightwatch/index.js

Line 175 in 2d3116e

const equalRE = new RegExp(`^--${argToRemove}=`)

vue-cli/packages/@vue/cli-service/lib/commands/build/setPublicPath.js

Line 16 in 2d3116e

var src = currentScript && currentScript.src.match(/(.+\/)[^/]+\.js(\?.*)?$/)

vue-cli/packages/@vue/cli-service/lib/commands/serve.js

Line 375 in 2d3116e

from: new RegExp(`^/${name}`),

vue-cli/packages/@vue/cli-service/lib/config/assets.js

Line 39 in 2d3116e

.test(/\.(png|jpe?g|gif|webp)(\?.*)?$/)

vue-cli/packages/@vue/cli-service/lib/config/assets.js

Line 48 in 2d3116e

.test(/\.(svg)(\?.*)?$/)

vue-cli/packages/@vue/cli-service/lib/config/assets.js

Line 58 in 2d3116e

.test(/\.(mp4|webm|ogg|mp3|wav|flac|aac)(\?.*)?$/)

vue-cli/packages/@vue/cli-service/lib/config/assets.js

Line 65 in 2d3116e

.test(/\.(woff2?|eot|ttf|otf)(\?.*)?$/i)

vue-cli/packages/@vue/cli-service/lib/util/isAbsoluteUrl.js

Line 3 in 2d3116e

return /^([a-z][a-z\d+\-.]*:)?\/\//i.test(url)

vue-cli/packages/@vue/cli-ui/apollo-server/util/parse-diff.js

Line 128 in 2d3116e

[/^index\s[\da-zA-Z]+\.\.[\da-zA-Z]+(\s(\d+))?$/, index],

vue-cli/packages/@vue/cli-ui/apollo-server/util/parse-diff.js

Line 131 in 2d3116e

[/^@@\s+-(\d+),?(\d+)?\s+\+(\d+),?(\d+)?\s@@/, chunk],

vue-cli/packages/@vue/cli-ui/apollo-server/util/parse-diff.js

Line 169 in 2d3116e

const t = (/\t.*|\d{4}-\d\d-\d\d\s\d\d:\d\d:\d\d(.\d+)?\s(\+|-)\d\d\d\d/).exec(s)

vue-cli/packages/@vue/cli-ui/apollo-server/util/parse-diff.js

Line 179 in 2d3116e

return s.replace(new RegExp(`^${chars}+`), '')

vue-cli/packages/@vue/cli-ui/src/util/search.js

Line 2 in 2d3116e

return text && new RegExp(text.trim().replace(/\s+/g, '.{0,5}'), 'i')

vue-cli/packages/@vue/cli-ui/ui-defaults/tasks.js

Line 165 in 2d3116e

match: /vue-cli-service serve(\s+--\S+(\s+\S+)?)*$/,

vue-cli/packages/@vue/cli-ui/ui-defaults/tasks.js

Line 243 in 2d3116e

match: /vue-cli-service build(\s+--\S+(\s+\S+)?)*$/,

vue-cli/packages/@vue/cli/lib/add.js

Line 37 in 2d3116e

const pluginRe = /^(@?[^@]+)(?:@(.+))?$/

vue-cli/packages/@vue/cli/lib/options.js

Line 53 in 2d3116e

latestVersion: joi.string().regex(/^\d+\.\d+\.\d+(-(alpha|beta|rc)\.\d+)?$/),

vue-cli/packages/@vue/cli/lib/ui.js

Line 10 in 2d3116e

const hostRegExp = new RegExp(`^https?://(${host}|${allowedHost}|localhost)(:\\d+)?$`)

vue-cli/packages/@vue/cli/lib/util/ProjectPackageManager.js

Line 78 in 2d3116e

const nameRegExp = /^(@?[^@]+)(@.*)?$/

vue-cli/scripts/syncDeps.js

Line 152 in 2d3116e

const updatedRE = new RegExp(`'(${Array.from(updatedDeps).join('|')})': '\\^(\\d+\\.\\d+\\.\\d+[^']*)'`)

vue-cli/scripts/verifyCommitMsg.js

Line 5 in 2d3116e

const commitRE = /^(v\d+\.\d+\.\d+(-(alpha|beta|rc.\d+))?)|((revert: )?(feat|fix|docs|style|refactor|perf|test|workflow|ci|chore|types)(\(.+\))?!?: .{1,50})/

vue-cli/packages/@vue/cli/lib/Creator.js

Line 342 in 2d3116e

} else if (name.endsWith('.json') || /^\./.test(name) || path.isAbsolute(name)) {

vue-cli/packages/@vue/cli-ui/apollo-server/util/highlight.js

Line 30 in 2d3116e

language = languages.find(l => l.test.test(filename))

vue-cli/packages/@vue/cli-service/lib/util/prepareProxy.js

Line 106 in 2d3116e

if (!/^http(s)?:\/\//.test(proxy)) {

vue-cli/packages/@vue/cli-plugin-e2e-cypress/index.js

Line 63 in 2d3116e

rawArgs.splice(i, offset + (equalRE.test(rawArgs[i]) ? 0 : 1))

vue-cli/packages/@vue/cli-plugin-e2e-nightwatch/index.js

Line 178 in 2d3116e

rawArgs.splice(i, offset + (equalRE.test(rawArgs[i]) ? 0 : 1))

More info on how to fix Insecure Use of Regular Expressions in Javascript.

Insecure File Management (188)

vue-cli/packages/@vue/cli-plugin-babel/__tests__/transpileDependencies.spec.js

Line 11 in 2d3116e

const files = await fs.readdir(path.join(project.dir, 'dist/js'))

vue-cli/packages/@vue/cli-plugin-babel/__tests__/transpileDependencies.spec.js

Line 17 in 2d3116e

const files = await fs.readdir(path.join(project.dir, 'dist/js'))

vue-cli/packages/@vue/cli-plugin-e2e-nightwatch/index.js

Line 125 in 2d3116e

userOptions = require(userOptionsPath)

vue-cli/packages/@vue/cli-plugin-e2e-nightwatch/index.js

Line 163 in 2d3116e

fs.stat(source, function (err, stat) {

vue-cli/packages/@vue/cli-plugin-e2e-webdriverio/index.js

Line 37 in 2d3116e

const isTS = fs.existsSync(path.join(api.getCwd(), 'tsconfig.json'))

vue-cli/packages/@vue/cli-plugin-eslint/generator/index.js

Line 17 in 2d3116e

if (fs.existsSync(editorConfigTemplatePath)) {

vue-cli/packages/@vue/cli-plugin-eslint/generator/index.js

Line 18 in 2d3116e

if (fs.existsSync(api.resolve('.editorconfig'))) {

vue-cli/packages/@vue/cli-plugin-eslint/generator/index.js

Line 21 in 2d3116e

const editorconfig = fs.readFileSync(editorConfigTemplatePath, 'utf-8')

vue-cli/packages/@vue/cli-plugin-eslint/lint.js

Line 40 in 2d3116e

if (!fs.existsSync(api.resolve('.eslintignore')) && !config.ignorePattern) {

vue-cli/packages/@vue/cli-plugin-eslint/lint.js

Line 90 in 2d3116e

fs.writeFileSync(outputFilePath, formatter(report.results))

vue-cli/packages/@vue/cli-plugin-eslint/migrator/index.js

Line 5 in 2d3116e

const pkg = require(api.resolve('package.json'))

vue-cli/packages/@vue/cli-plugin-pwa/index.js

Line 8 in 2d3116e

if (fs.existsSync(manifestPath)) {

vue-cli/packages/@vue/cli-plugin-pwa/index.js

Line 10 in 2d3116e

userOptions.manifestOptions = require(manifestPath)

vue-cli/packages/@vue/cli-plugin-pwa/lib/noopServiceWorkerMiddleware.js

Line 14 in 2d3116e

const resetScript = fs.readFileSync(path.resolve(__dirname, 'noopServiceWorker.js'), 'utf-8')

vue-cli/packages/@vue/cli-plugin-webpack-4/index.js

Line 80 in 2d3116e

if (!isLegacyBundle && fs.existsSync(publicDir)) {

vue-cli/packages/@vue/cli-service/__tests__/Service.spec.js

Line 134 in 2d3116e

fs.writeFileSync(path.resolve('/', 'vue.config.js'), '') // only to ensure fs.existsSync returns true

vue-cli/packages/@vue/cli-service/__tests__/Service.spec.js

Line 147 in 2d3116e

fs.writeFileSync(path.resolve('/', 'vue.config.js'), '')

vue-cli/packages/@vue/cli-service/__tests__/ServiceESM.spec.js

Line 16 in 2d3116e

fs.renameSync(path.resolve(project.dir, 'babel.config.js'), path.resolve(project.dir, 'babel.config.cjs'))

vue-cli/packages/@vue/cli-service/__tests__/ServiceESM.spec.js

Line 36 in 2d3116e

fs.writeFileSync(configPath, 'module.exports = { lintOnSave: true }')

vue-cli/packages/@vue/cli-service/__tests__/ServiceESM.spec.js

Line 39 in 2d3116e

await fs.unlinkSync(configPath)

vue-cli/packages/@vue/cli-service/__tests__/ServiceESM.spec.js

Line 44 in 2d3116e

fs.writeFileSync(configPath, 'module.exports = function () { return { lintOnSave: true } }')

vue-cli/packages/@vue/cli-service/__tests__/ServiceESM.spec.js

Line 47 in 2d3116e

await fs.unlinkSync(configPath)

vue-cli/packages/@vue/cli-service/__tests__/ServiceESM.spec.js

Line 52 in 2d3116e

fs.writeFileSync(configPath, 'export default { lintOnSave: true }')

vue-cli/packages/@vue/cli-service/__tests__/ServiceESM.spec.js

Line 55 in 2d3116e

await fs.unlinkSync(configPath)

vue-cli/packages/@vue/cli-service/__tests__/ServiceESM.spec.js

Line 60 in 2d3116e

fs.writeFileSync(configPath, 'export default { lintOnSave: true }')

vue-cli/packages/@vue/cli-service/__tests__/ServiceESM.spec.js

Line 63 in 2d3116e

await fs.unlinkSync(configPath)

vue-cli/packages/@vue/cli-service/__tests__/buildWcAsync.spec.js

Line 23 in 2d3116e

const files = await fs.readdir(path.resolve(project.dir, 'dist'))

vue-cli/packages/@vue/cli-service/__tests__/modernMode.spec.js

Line 19 in 2d3116e

const files = await fs.readdir(path.join(project.dir, 'dist/js'))

vue-cli/packages/@vue/cli-service/__tests__/modernMode.spec.js

Line 92 in 2d3116e

const files = await fs.readdir(path.join(project.dir, 'dist/js'))

vue-cli/packages/@vue/cli-service/__tests__/modernMode.spec.js

Line 107 in 2d3116e

const files = await fs.readdir(path.join(project.dir, 'dist/js'))

vue-cli/packages/@vue/cli-service/__tests__/modernMode.spec.js

Line 123 in 2d3116e

const files = await fs.readdir(path.join(project.dir, 'dist/js'))

vue-cli/packages/@vue/cli-service/__tests__/modernMode.spec.js

Line 134 in 2d3116e

const jsFiles = (await fs.readdir(path.join(project.dir, 'dist/js'))).filter(f => f.endsWith('.js'))

vue-cli/packages/@vue/cli-service/__tests__/modernMode.spec.js

Line 153 in 2d3116e

const files = await fs.readdir(path.join(project.dir, 'dist/js'))

vue-cli/packages/@vue/cli-service/lib/PluginAPI.js

Line 191 in 2d3116e

if (!fs.existsSync(absolutePath)) {

vue-cli/packages/@vue/cli-service/lib/PluginAPI.js

Line 198 in 2d3116e

return JSON.stringify(require(absolutePath))

vue-cli/packages/@vue/cli-service/lib/PluginAPI.js

Line 200 in 2d3116e

return fs.readFileSync(absolutePath, 'utf-8')

vue-cli/packages/@vue/cli-service/lib/PluginAPI.js

Line 203 in 2d3116e

return fs.readFileSync(absolutePath, 'utf-8')

vue-cli/packages/@vue/cli-service/lib/Service.js

Line 159 in 2d3116e

apply: require(absolutePath || id)

vue-cli/packages/@vue/cli-service/lib/commands/build/formatStats.js

Line 48 in 2d3116e

const buffer = fs.readFileSync(filepath)

vue-cli/packages/@vue/cli-service/lib/commands/build/resolveLibConfig.js

Line 16 in 2d3116e

if (!fs.existsSync(fullEntryPath)) {

vue-cli/packages/@vue/cli-service/lib/commands/build/resolveLibConfig.js

Line 93 in 2d3116e

const entryContent = fs.readFileSync(fullEntryPath, 'utf-8')

vue-cli/packages/@vue/cli-service/lib/commands/serve.js

Line 361 in 2d3116e

if (fs.existsSync(`/proc/1/cgroup`)) {

vue-cli/packages/@vue/cli-service/lib/commands/serve.js

Line 362 in 2d3116e

const content = fs.readFileSync(`/proc/1/cgroup`, 'utf-8')

vue-cli/packages/@vue/cli-service/lib/config/app.js

Line 115 in 2d3116e

htmlOptions.template = fs.existsSync(htmlPath)

vue-cli/packages/@vue/cli-service/lib/config/app.js

Line 181 in 2d3116e

const hasDedicatedTemplate = fs.existsSync(api.resolve(templateWithoutLoader))

vue-cli/packages/@vue/cli-service/lib/config/app.js

Line 184 in 2d3116e

: fs.existsSync(htmlPath)

vue-cli/packages/@vue/cli-service/lib/config/app.js

Line 253 in 2d3116e

if (!isLegacyBundle && fs.existsSync(publicDir)) {

vue-cli/packages/@vue/cli-service/lib/config/css.js

Line 8 in 2d3116e

if (fs.existsSync(path.join(context, file))) {

vue-cli/packages/@vue/cli-service/lib/util/loadFileConfig.js

Line 18 in 2d3116e

if (resolvedPath && fs.existsSync(resolvedPath)) {

vue-cli/packages/@vue/cli-service/lib/util/prepareProxy.js

Line 52 in 2d3116e

const isPublicFileRequest = fs.existsSync(maybePublicPath) && fs.statSync(maybePublicPath).isFile()

vue-cli/packages/@vue/cli-service/lib/webpack/DashboardPlugin.js

Line 161 in 2d3116e

const buf = webpackFs.readFileSync(fullPath)

vue-cli/packages/@vue/cli-service/lib/webpack/ModernModePlugin.js

Line 34 in 2d3116e

await fs.writeFile(tempFilename, JSON.stringify(tags))

vue-cli/packages/@vue/cli-service/lib/webpack/ModernModePlugin.js

Line 70 in 2d3116e

const legacyAssets = JSON.parse(await fs.readFile(tempFilename, 'utf-8'))

vue-cli/packages/@vue/cli-service/lib/webpack/MovePlugin.js

Line 11 in 2d3116e

if (fs.existsSync(this.from)) {

vue-cli/packages/@vue/cli-shared-utils/index.js

Line 16 in 2d3116e

Object.assign(exports, require(`./lib/${m}`))

vue-cli/packages/@vue/cli-shared-utils/lib/env.js

Line 40 in 2d3116e

const result = fs.existsSync(lockFile)

vue-cli/packages/@vue/cli-shared-utils/lib/env.js

Line 121 in 2d3116e

const result = fs.existsSync(lockFile)

vue-cli/packages/@vue/cli-shared-utils/lib/env.js

Line 143 in 2d3116e

const result = fs.existsSync(lockFile)

vue-cli/packages/@vue/cli-shared-utils/lib/module.js

Line 75 in 2d3116e

return require(request)

vue-cli/packages/@vue/cli-shared-utils/lib/module.js

Line 86 in 2d3116e

return require(resolvedPath)

vue-cli/packages/@vue/cli-shared-utils/lib/pkg.js

Line 6 in 2d3116e

if (fs.existsSync(path.join(context, 'package.json'))) {

vue-cli/packages/@vue/cli-shared-utils/lib/pluginResolution.js

Line 75 in 2d3116e

pkg = require(`${id}/package.json`)

vue-cli/packages/@vue/cli-test-utils/createTestProject.js

Line 13 in 2d3116e

return fs.readFile(path.resolve(projectRoot, file), 'utf-8')

vue-cli/packages/@vue/cli-test-utils/createTestProject.js

Line 17 in 2d3116e

return fs.existsSync(path.resolve(projectRoot, file))

vue-cli/packages/@vue/cli-test-utils/createTestProject.js

Line 27 in 2d3116e

return fs.ensureDir(dir).then(() => fs.writeFile(targetPath, content))

vue-cli/packages/@vue/cli-test-utils/createUpgradableProject.js

Line 17 in 2d3116e

if (!fs.existsSync(outsideTestFolder)) {

vue-cli/packages/@vue/cli-test-utils/createUpgradableProject.js

Line 18 in 2d3116e

fs.mkdirSync(outsideTestFolder)

vue-cli/packages/@vue/cli-ui/apollo-server/api/PluginApi.js

Line 493 in 2d3116e

sharedData.watch({ id, projectId: this.project.id }, handler)

vue-cli/packages/@vue/cli-ui/apollo-server/connectors/configurations.js

Line 43 in 2d3116e

if (fs.existsSync(resolvedFile)) {

vue-cli/packages/@vue/cli-ui/apollo-server/connectors/configurations.js

Line 76 in 2d3116e

const rawContent = fs.readFileSync(file.path, { encoding: 'utf8' })

vue-cli/packages/@vue/cli-ui/apollo-server/connectors/configurations.js

Line 126 in 2d3116e

const source = fs.readFileSync(file.path, { encoding: 'utf8' })

vue-cli/packages/@vue/cli-ui/apollo-server/connectors/configurations.js

Line 138 in 2d3116e

fs.writeFileSync(file.path, rawContent, { encoding: 'utf8' })

vue-cli/packages/@vue/cli-ui/apollo-server/connectors/cwd.js

Line 20 in 2d3116e

if (!fs.existsSync(value)) return

vue-cli/packages/@vue/cli-ui/apollo-server/connectors/dependencies.js

Line 73 in 2d3116e

return resolvedPath && fs.existsSync(resolvedPath)

vue-cli/packages/@vue/cli-ui/apollo-server/connectors/folders.js

Line 19 in 2d3116e

return fs.stat(file).then((x) => x.isDirectory())

vue-cli/packages/@vue/cli-ui/apollo-server/connectors/folders.js

Line 33 in 2d3116e

const files = await fs.readdir(dir, 'utf8')

vue-cli/packages/@vue/cli-ui/apollo-server/connectors/folders.js

Line 117 in 2d3116e

return fs.existsSync(path.join(file, 'package.json'))

vue-cli/packages/@vue/cli-ui/apollo-server/connectors/folders.js

Line 132 in 2d3116e

if (fs.existsSync(pkgFile)) {

vue-cli/packages/@vue/cli-ui/apollo-server/connectors/git.js

Line 51 in 2d3116e

const highlightedContentTo = highlightCode(fileDiff.to, fs.readFileSync(path.resolve(cwd.get(), fileDiff.to), { encoding: 'utf8' })).split('\n')

vue-cli/packages/@vue/cli-ui/apollo-server/connectors/locales.js

Line 50 in 2d3116e

if (process.env.VUE_APP_CLI_UI_DEV && !watchedTrees.get(root) && fs.existsSync(folder)) {

vue-cli/packages/@vue/cli-ui/apollo-server/connectors/plugins.js

Line 105 in 2d3116e

installed: fs.existsSync(dependencies.getPath({ id, file })),

vue-cli/packages/@vue/cli-ui/apollo-server/connectors/plugins.js

Line 216 in 2d3116e

if (currentView) views.open(currentView.id)

vue-cli/packages/@vue/cli-ui/apollo-server/connectors/plugins.js

Line 263 in 2d3116e

const folder = fs.existsSync(id) ? id : dependencies.getPath({ id, file: pluginApi.cwd })

vue-cli/packages/@vue/cli-ui/apollo-server/connectors/plugins.js

Line 289 in 2d3116e

if (fs.existsSync(file)) {

vue-cli/packages/@vue/cli-ui/apollo-server/connectors/plugins.js

Line 497 in 2d3116e

let data = require(path.join(dependencies.getPath({ id, file: cwd.get() }), 'prompts'))

vue-cli/packages/@vue/cli-ui/apollo-server/connectors/projects.js

Line 54 in 2d3116e

if (fs.existsSync(project.path)) {

vue-cli/packages/@vue/cli-ui/apollo-server/connectors/projects.js

Line 66 in 2d3116e

if (currentProject && !fs.existsSync(currentProject.path)) {

vue-cli/packages/@vue/cli-ui/apollo-server/connectors/projects.js

Line 371 in 2d3116e

if (!input.force && !fs.existsSync(path.join(input.path, 'node_modules'))) {

vue-cli/packages/@vue/cli-ui/apollo-server/connectors/projects.js

Line 395 in 2d3116e

if (!fs.existsSync(project.path)) {

vue-cli/packages/@vue/cli-ui/apollo-server/connectors/projects.js

Line 458 in 2d3116e

if (fs.existsSync(gitConfigPath)) {

vue-cli/packages/@vue/cli-ui/apollo-server/connectors/shared-data.js

Line 31 in 2d3116e

if (fs.existsSync(path.resolve(rootFolder, projectId, `${id}.json`))) {

vue-cli/packages/@vue/cli-ui/apollo-server/connectors/shared-data.js

Line 49 in 2d3116e

if (await fs.exists(file)) {

vue-cli/packages/@vue/cli-ui/apollo-server/resolvers.js

Line 94 in 2d3116e

const { resolvers: r } = require(file)

vue-cli/packages/@vue/cli-ui/apollo-server/schema/folder.js

Line 46 in 2d3116e

folderOpen: (root, { path }, context) => folders.open(path, context),

vue-cli/packages/@vue/cli-ui/apollo-server/schema/project.js

Line 105 in 2d3116e

projectOpen: (root, { id }, context) => projects.open(id, context),

vue-cli/packages/@vue/cli-ui/apollo-server/schema/project.js

Line 109 in 2d3116e

projectRename: (root, args, context) => projects.rename(args, context),

vue-cli/packages/@vue/cli-ui/apollo-server/schema/task.js

Line 89 in 2d3116e

taskOpen: (root, { id }, context) => tasks.open(id, context),

vue-cli/packages/@vue/cli-ui/apollo-server/schema/view.js

Line 56 in 2d3116e

viewOpen: (root, { id }, context) => views.open(id, context)

vue-cli/packages/@vue/cli-ui/apollo-server/type-defs.js

Line 90 in 2d3116e

const { types } = require(file)

vue-cli/packages/@vue/cli-ui/graphql-server.js

Line 188 in 2d3116e

const module = require(file)

vue-cli/packages/@vue/cli-ui/src/i18n.js

Line 64 in 2d3116e

[i18n.locale]: require(`date-fns/locale/${dateFnsLocale}/index.js`)

vue-cli/packages/@vue/cli/__tests__/Generator.spec.js

Line 12 in 2d3116e

fs.writeFileSync(path.resolve(templateDir, 'foo.js'), 'foo(<%- options.n %>)')

vue-cli/packages/@vue/cli/__tests__/Generator.spec.js

Line 14 in 2d3116e

fs.writeFileSync(path.resolve(templateDir, 'bar/bar.js'), 'bar(<%- m %>)')

vue-cli/packages/@vue/cli/__tests__/Generator.spec.js

Line 15 in 2d3116e

fs.writeFileSync(path.resolve(templateDir, 'bar/_bar.js'), '.bar(<%- m %>)')

vue-cli/packages/@vue/cli/__tests__/Generator.spec.js

Line 16 in 2d3116e

fs.writeFileSync(path.resolve(templateDir, 'entry.js'), `

vue-cli/packages/@vue/cli/__tests__/Generator.spec.js

Line 25 in 2d3116e

fs.writeFileSync(path.resolve(templateDir, 'empty-entry.js'), `;`)

vue-cli/packages/@vue/cli/__tests__/Generator.spec.js

Line 26 in 2d3116e

fs.writeFileSync(path.resolve(templateDir, 'main.ts'), `const a: string = 'hello';`)

vue-cli/packages/@vue/cli/__tests__/Generator.spec.js

Line 27 in 2d3116e

fs.writeFileSync(path.resolve(templateDir, 'hello.vue'), `

vue-cli/packages/@vue/cli/__tests__/Generator.spec.js

Line 42 in 2d3116e

fs.writeFileSync(path.resolve(templateDir, 'replace.js'), `

vue-cli/packages/@vue/cli/__tests__/Generator.spec.js

Line 50 in 2d3116e

fs.writeFileSync(path.resolve(templateDir, 'multi-replace-source.js'), `

vue-cli/packages/@vue/cli/__tests__/Generator.spec.js

Line 55 in 2d3116e

fs.writeFileSync(path.resolve(templateDir, 'multi-replace.js'), `

vue-cli/packages/@vue/cli/__tests__/Generator.spec.js

Line 73 in 2d3116e

fs.writeFileSync(path.resolve(templateDir, '_vscode/config.json'), `{}`)

vue-cli/packages/@vue/cli/__tests__/Generator.spec.js

Line 74 in 2d3116e

fs.writeFileSync(path.resolve(templateDir, '_gitignore'), 'foo')

vue-cli/packages/@vue/cli/__tests__/options.spec.js

Line 13 in 2d3116e

fs.writeFileSync(rcPath, JSON.stringify({

vue-cli/packages/@vue/cli/__tests__/preset.spec.js

Line 27 in 2d3116e

const testFile = await fs.readFile(path.resolve(cwd, name, 'test.js'), 'utf-8')

vue-cli/packages/@vue/cli/__tests__/preset.spec.js

Line 30 in 2d3116e

const pkg = require(path.resolve(cwd, name, 'package.json'))

vue-cli/packages/@vue/cli/__tests__/preset.spec.js

Line 53 in 2d3116e

const testFile = await fs.readFile(path.resolve(cwd, name, 'test.js'), 'utf-8')

vue-cli/packages/@vue/cli/__tests__/preset.spec.js

Line 56 in 2d3116e

const pkg = require(path.resolve(cwd, name, 'package.json'))

vue-cli/packages/@vue/cli/__tests__/preset.spec.js

Line 79 in 2d3116e

const testFile = await fs.readFile(path.resolve(cwd, name, 'test.js'), 'utf-8')

vue-cli/packages/@vue/cli/__tests__/preset.spec.js

Line 82 in 2d3116e

const pkg = require(path.resolve(cwd, name, 'package.json'))

vue-cli/packages/@vue/cli/__tests__/preset.spec.js

Line 105 in 2d3116e

const readme = await fs.readFile(path.resolve(cwd, name, 'README.md'), 'utf-8')

vue-cli/packages/@vue/cli/__tests__/preset.spec.js

Line 108 in 2d3116e

const pkg = require(path.resolve(cwd, name, 'package.json'))

vue-cli/packages/@vue/cli/bin/vue.js

Line 30 in 2d3116e

fs.existsSync(path.resolve(process.cwd(), '../@vue')) ||

vue-cli/packages/@vue/cli/bin/vue.js

Line 31 in 2d3116e

fs.existsSync(path.resolve(process.cwd(), '../../@vue'))

vue-cli/packages/@vue/cli/lib/GeneratorAPI.js

Line 445 in 2d3116e

return (this._entryFile = fs.existsSync(this.resolve('src/main.ts')) ? 'src/main.ts' : 'src/main.js')

vue-cli/packages/@vue/cli/lib/GeneratorAPI.js

Line 482 in 2d3116e

return fs.readFileSync(name) // return buffer

vue-cli/packages/@vue/cli/lib/GeneratorAPI.js

Line 484 in 2d3116e

const template = fs.readFileSync(name, 'utf-8')

vue-cli/packages/@vue/cli/lib/GeneratorAPI.js

Line 519 in 2d3116e

finalTemplate = fs.readFileSync(extendPath, 'utf-8')

vue-cli/packages/@vue/cli/lib/Upgrader.js

Line 102 in 2d3116e

fs.writeFileSync(path.resolve(this.context, 'package.json'), JSON.stringify(this.pkg, null, 2))

vue-cli/packages/@vue/cli/lib/config.js

Line 35 in 2d3116e

await fs.writeFile(file, JSON.stringify(config, null, 2), 'utf-8')

vue-cli/packages/@vue/cli/lib/config.js

Line 68 in 2d3116e

await fs.writeFile(file, JSON.stringify(config, null, 2), 'utf-8')

vue-cli/packages/@vue/cli/lib/create.js

Line 32 in 2d3116e

if (fs.existsSync(targetDir) && !options.merge) {

vue-cli/packages/@vue/cli/lib/inspect.js

Line 21 in 2d3116e

if (fs.existsSync(binPath)) {

vue-cli/packages/@vue/cli/lib/options.js

Line 94 in 2d3116e

if (fs.existsSync(rcPath)) {

vue-cli/packages/@vue/cli/lib/options.js

Line 96 in 2d3116e

cachedOptions = JSON.parse(fs.readFileSync(rcPath, 'utf-8'))

vue-cli/packages/@vue/cli/lib/options.js

Line 127 in 2d3116e

fs.writeFileSync(rcPath, JSON.stringify(options, null, 2))

vue-cli/packages/@vue/cli/lib/util/ProjectPackageManager.js

Line 213 in 2d3116e

if (fs.existsSync(loc)) {

vue-cli/packages/@vue/cli/lib/util/ProjectPackageManager.js

Line 216 in 2d3116e

npmConfig = Object.assign({}, ini.parse(fs.readFileSync(loc, 'utf-8')), npmConfig)

vue-cli/packages/@vue/cli/lib/util/ProjectPackageManager.js

Line 423 in 2d3116e

await fs.symlink(src, dest, 'dir')

vue-cli/packages/@vue/cli/lib/util/createTools.js

Line 13 in 2d3116e

].map(file => require(`../promptModules/${file}`))

vue-cli/packages/@vue/cli/lib/util/getPkg.js

Line 12 in 2d3116e

packageJson = fs.readFileSync(packagePath, 'utf-8')

vue-cli/packages/@vue/cli/lib/util/linkBin.js

Line 18 in 2d3116e

await fs.symlink(src, dest)

vue-cli/packages/@vue/cli/lib/util/linkBin.js

Line 19 in 2d3116e

await fs.chmod(dest, '755')

vue-cli/packages/@vue/cli/lib/util/loadCommand.js

Line 9 in 2d3116e

return require(moduleName)

vue-cli/packages/@vue/cli/lib/util/loadLocalPreset.js

Line 5 in 2d3116e

const stats = fs.statSync(path)

vue-cli/packages/@vue/cli/lib/util/loadPresetFromDir.js

Line 6 in 2d3116e

if (!fs.existsSync(presetPath)) {

vue-cli/packages/@vue/cli/lib/util/loadPresetFromDir.js

Line 13 in 2d3116e

const hasGenerator = fs.existsSync(path.join(dir, 'generator.js')) || fs.existsSync(path.join(dir, 'generator/index.js'))

vue-cli/packages/@vue/cli/lib/util/rcPath.js

Line 9 in 2d3116e

if (!fs.existsSync(rcDir)) {

vue-cli/packages/@vue/cli/lib/util/rcPath.js

Line 28 in 2d3116e

if (fs.existsSync(rcFile)) {

vue-cli/packages/@vue/cli/lib/util/rcPath.js

Line 30 in 2d3116e

if (fs.existsSync(properRcFile)) {

vue-cli/packages/@vue/cli/lib/util/readFiles.js

Line 20 in 2d3116e

? fs.readFileSync(name)

vue-cli/packages/@vue/cli/lib/util/readFiles.js

Line 21 in 2d3116e

: fs.readFileSync(name, 'utf-8')

vue-cli/packages/@vue/cli/lib/util/writeFileTree.js

Line 11 in 2d3116e

return fs.unlink(path.join(directory, filename))

vue-cli/packages/@vue/cli/lib/util/writeFileTree.js

Line 33 in 2d3116e

fs.writeFileSync(filePath, files[name])

vue-cli/scripts/bootstrap.js

Line 8 in 2d3116e

const files = fs.readdirSync(packagesDir)

vue-cli/scripts/bootstrap.js

Line 19 in 2d3116e

if (!fs.existsSync(pkgPath)) {

vue-cli/scripts/bootstrap.js

Line 43 in 2d3116e

fs.writeFileSync(pkgPath, JSON.stringify(json, null, 2))

vue-cli/scripts/bootstrap.js

Line 47 in 2d3116e

if (!fs.existsSync(readmePath)) {

vue-cli/scripts/bootstrap.js

Line 48 in 2d3116e

fs.writeFileSync(readmePath, `# @vue/${pkg}\n\n> ${desc}`)

vue-cli/scripts/bootstrap.js

Line 52 in 2d3116e

if (!fs.existsSync(npmIgnorePath)) {

vue-cli/scripts/bootstrap.js

Line 53 in 2d3116e

fs.writeFileSync(npmIgnorePath, `__tests__\n__mocks__`)

vue-cli/scripts/buildEditorConfig.js

Line 96 in 2d3116e

const configList = fs.readdirSync(path.resolve(__dirname, '../packages/@vue/'))

vue-cli/scripts/buildEditorConfig.js

Line 118 in 2d3116e

if (!fs.existsSync(templateDir)) {

vue-cli/scripts/buildEditorConfig.js

Line 119 in 2d3116e

fs.mkdirSync(templateDir)

vue-cli/scripts/buildEditorConfig.js

Line 121 in 2d3116e

fs.writeFileSync(`${templateDir}/_editorconfig`, content)

vue-cli/scripts/checkLinks.js

Line 23 in 2d3116e

const contents = fs.readFileSync(file, { encoding: 'utf8' })

vue-cli/scripts/checkLinks.js

Line 36 in 2d3116e

const files = fs.readdirSync(folder)

vue-cli/scripts/checkLinks.js

Line 41 in 2d3116e

} else if (fs.statSync(fullPath).isDirectory()) {

vue-cli/scripts/genChangelog.js

Line 23 in 2d3116e

newRelease + '\n\n\n' + fs.readFileSync(changelogPath, { encoding: 'utf8' })

vue-cli/scripts/genChangelog.js

Line 24 in 2d3116e

fs.writeFileSync(changelogPath, newChangelog)

vue-cli/scripts/genDocs.js

Line 9 in 2d3116e

const entryContent = fs.readFileSync(entryPath)

vue-cli/scripts/genDocs.js

Line 11 in 2d3116e

fs.writeFile(docPath, entryContent, () => { })

vue-cli/scripts/genDocs.js

Line 15 in 2d3116e

fs.readdir(pluginsDirPath, (_, files) => {

vue-cli/scripts/patchChromedriver.js

Line 14 in 2d3116e

fs.writeFileSync(path.resolve(__dirname, '../package.json'), JSON.stringify(pkg, null, 2))

vue-cli/scripts/syncDeps.js

Line 90 in 2d3116e

fs.writeFileSync(file, writeCache[file])

vue-cli/scripts/syncDeps.js

Line 104 in 2d3116e

const pkg = require(path.resolve(__dirname, '../', filePath))

vue-cli/scripts/syncDeps.js

Line 173 in 2d3116e

return require(`../packages/${pkg}/package.json`).version

vue-cli/scripts/syncDeps.js

Line 181 in 2d3116e

return version || require(`../packages/${pkg}/package.json`).version

vue-cli/scripts/syncDeps.js

Line 188 in 2d3116e

const updated = fs.readFileSync(filePath, 'utf-8')

vue-cli/scripts/verifyCommitMsg.js

Line 3 in 2d3116e

const msg = require('fs').readFileSync(msgPath, 'utf-8').trim()

vue-cli/packages/@vue/cli-plugin-pwa/index.js

Line 13 in 2d3116e

`The ${chalk.red('public/manifest.json')} file will be ignored in favor of ${chalk.cyan('pwa.manifestOptions')}`

vue-cli/packages/@vue/cli-ui/apollo-server/connectors/files.js

Line 13 in 2d3116e

query = path.resolve(cwd.get(), input.file)

vue-cli/packages/@vue/cli-service/lib/util/getAssetPath.js

Line 5 in 2d3116e

? path.posix.join(options.assetsDir, filePath)

vue-cli/packages/@vue/cli-ui/apollo-server/connectors/projects.js

Line 269 in 2d3116e

const targetDir = path.join(cwd.get(), input.folder)

vue-cli/packages/@vue/cli-ui/apollo-server/connectors/projects.js

Line 457 in 2d3116e

const gitConfigPath = path.join(project.path, '.git', 'config')

vue-cli/packages/@vue/cli-service/lib/config/app.js

Line 102 in 2d3116e

])

vue-cli/packages/@vue/cli-plugin-e2e-webdriverio/index.js

Line 40 in 2d3116e

: path.join(api.getCwd(), 'wdio.sauce.conf.' + (isTS ? 'ts' : 'js'))

vue-cli/packages/@vue/cli-plugin-e2e-webdriverio/index.js

Line 39 in 2d3116e

? path.join(api.getCwd(), 'wdio.local.conf.' + (isTS ? 'ts' : 'js'))

More info on how to fix Insecure File Management in Javascript.

Information Disclosure (17)

vue-cli/packages/@vue/cli-plugin-e2e-cypress/generator/template/tests/e2e/_eslintrc.js

Line 1 in 2d3116e

<%_ if (hasESLint) { _%>

vue-cli/packages/@vue/cli-plugin-e2e-cypress/generator/template/tests/e2e/specs/test.js

Line 6 in 2d3116e

cy.contains('h1', 'Welcome to Your Vue.js <%- hasTS ? '+ TypeScript ' : '' %>App')

vue-cli/packages/@vue/cli-plugin-e2e-nightwatch/generator/template/tests/e2e/_eslintrc.js

Line 1 in 2d3116e

<%_ if (hasESLint) { _%>

vue-cli/packages/@vue/cli-plugin-e2e-nightwatch/generator/template/tests/e2e/specs/test.js

Line 10 in 2d3116e

.assert.containsText('h1', 'Welcome to Your Vue.js <%- hasTS ? '+ TypeScript ' : '' %>App')

vue-cli/packages/@vue/cli-plugin-e2e-webdriverio/generator/template/tests/e2e/_eslintrc.js

Line 1 in 2d3116e

<%_ if (hasESLint) { _%>

vue-cli/packages/@vue/cli-plugin-e2e-webdriverio/generator/template/tests/e2e/pageobjects/app.page.js

Line 15 in 2d3116e

<%- hasTS ? 'export default new App()' : 'module.exports = new App()' %>

vue-cli/packages/@vue/cli-plugin-e2e-webdriverio/generator/template/tests/e2e/specs/app.spec.js

Line 1 in 2d3116e

<%- hasTS ? 'import App from \'../pageobjects/app.page\'' : 'const App = require(\'../pageobjects/app.page\')' %>

vue-cli/packages/@vue/cli-plugin-e2e-webdriverio/generator/template/wdio.local.conf.js

Line 1 in 2d3116e

<%- hasTS ? 'const { config } = require(\'./wdio.shared.conf.ts\')' : 'const { config } = require(\'./wdio.shared.conf\')' %>

vue-cli/packages/@vue/cli-plugin-e2e-webdriverio/generator/template/wdio.sauce.conf.js

Line 1 in 2d3116e

<%- hasTS ? 'import { config } from \'./wdio.shared.conf.ts\'' : 'const { config } = require(\'./wdio.shared.conf\')' %>

vue-cli/packages/@vue/cli-plugin-e2e-webdriverio/generator/template/wdio.shared.conf.js

Line 14 in 2d3116e

<%_ if (hasTS) { _%>

vue-cli/packages/@vue/cli-plugin-router/generator/template-vue3/src/router/index.js

Line 1 in 2d3116e

import { createRouter<%

vue-cli/packages/@vue/cli-plugin-router/generator/template/src/router/index.js

Line 2 in 2d3116e

<%_ if (hasTypeScript) { _%>

vue-cli/packages/@vue/cli-plugin-unit-jest/generator/template/tests/unit/example.spec.js

Line 1 in 2d3116e

<%_ if (!hasTS) { _%>

vue-cli/packages/@vue/cli-plugin-unit-mocha/generator/template/tests/unit/example.spec.js

Line 1 in 2d3116e

<%_ if (!hasTS) { _%>

vue-cli/packages/@vue/cli-service/generator/template/src/main.js

Line 1 in 2d3116e

<%_ if (rootOptions.vueVersion === '3') { _%>

vue-cli/packages/@vue/cli/__tests__/mock-preset-with-async-generator/generator/template/test.js

Line 1 in 2d3116e

<%= ok %>

vue-cli/packages/@vue/cli/__tests__/mock-preset-with-template/generator/template/test.js

Line 1 in 2d3116e

<%= ok %>

More info on how to fix Information Disclosure in Javascript.

Insecure Use of Dangerous Function (18)

vue-cli/packages/@vue/cli-shared-utils/lib/env.js

Line 1 in 2d3116e

const { execSync } = require('child_process')

vue-cli/packages/@vue/cli-shared-utils/lib/openBrowser.js

Line 12 in 2d3116e

const execSync = require('child_process').execSync

vue-cli/packages/@vue/cli-ui/apollo-server/util/parse-diff.js

Line 158 in 2d3116e

const result = /\sa\/(.*)\sb\/(.*)/.exec(s)

vue-cli/packages/@vue/cli-ui/apollo-server/util/parse-diff.js

Line 169 in 2d3116e

const t = (/\t.*|\d{4}-\d\d-\d\d\s\d\d:\d\d:\d\d(.\d+)?\s(\+|-)\d\d\d\d/).exec(s)

vue-cli/packages/@vue/cli-ui/apollo-server/util/terminate.js

Line 2 in 2d3116e

const cp = require('child_process')

vue-cli/packages/@vue/cli-ui/src/util/theme.js

Line 4 in 2d3116e

const result = /\?theme=(\w+)/.exec(window.location.href)

vue-cli/scripts/buildEditorConfig.js

Line 98 in 2d3116e

const matched = /eslint-config-(\w+)/.exec(name)

vue-cli/scripts/patchChromedriver.js

Line 8 in 2d3116e

const versionString = require('child_process').execSync('wmic datafile where name="C:\\\\Program Files (x86)\\\\Google\\\\Chrome\\\\Application\\\\chrome.exe" get Version /value').toString()

vue-cli/scripts/syncDeps.js

Line 11 in 2d3116e

const { execSync } = require('child_process')

vue-cli/scripts/syncDeps.js

Line 41 in 2d3116e

const version = execSync(`npm view ${pkg} version`).toString().trim()

vue-cli/packages/@vue/cli-shared-utils/lib/openBrowser.js

Line 75 in 2d3116e

execSync('ps cax | grep "Google Chrome"')

vue-cli/packages/@vue/cli-shared-utils/lib/openBrowser.js

Line 78 in 2d3116e

stdio: 'ignore'

vue-cli/packages/@vue/cli-shared-utils/lib/env.js

Line 27 in 2d3116e

execSync('yarn --version', { stdio: 'ignore' })

vue-cli/packages/@vue/cli-shared-utils/lib/env.js

Line 58 in 2d3116e

execSync('git --version', { stdio: 'ignore' })

vue-cli/packages/@vue/cli-shared-utils/lib/env.js

Line 72 in 2d3116e

execSync('git status', { stdio: 'ignore', cwd })

vue-cli/packages/@vue/cli-shared-utils/lib/env.js

Line 94 in 2d3116e

stdio: ['pipe', 'pipe', 'ignore']

vue-cli/packages/@vue/cli-shared-utils/lib/env.js

Line 160 in 2d3116e

timeout: 10000

vue-cli/packages/@vue/cli-service/lib/commands/serve.js

Line 118 in 2d3116e

const publicHost = publicUrl ? /^[a-zA-Z]+:\/\/([^/?#]+)/.exec(publicUrl)[1] : undefined

More info on how to fix Insecure Use of Dangerous Function in Javascript.

Insecure Processing of Data (20)

vue-cli/packages/@vue/cli/__tests__/Generator.spec.js

Line 12 in 2d3116e

fs.writeFileSync(path.resolve(templateDir, 'foo.js'), 'foo(<%- options.n %>)')

vue-cli/packages/@vue/cli/__tests__/Generator.spec.js

Line 14 in 2d3116e

fs.writeFileSync(path.resolve(templateDir, 'bar/bar.js'), 'bar(<%- m %>)')

vue-cli/packages/@vue/cli/__tests__/Generator.spec.js

Line 15 in 2d3116e

fs.writeFileSync(path.resolve(templateDir, 'bar/_bar.js'), '.bar(<%- m %>)')

vue-cli/packages/@vue/cli/__tests__/Generator.spec.js

Line 640 in 2d3116e

files['foo2.js'] = render('foo(<%- n %>)', options)

vue-cli/packages/@vue/cli/__tests__/Generator.spec.js

Line 641 in 2d3116e

files['bar/bar2.js'] = render('bar(<%- n %>)', options)

vue-cli/packages/@vue/cli-service/lib/commands/build/demo-wc.html

Line 3 in 2d3116e

<title><%- htmlWebpackPlugin.options.libName %> demo</title>

vue-cli/packages/@vue/cli-service/lib/commands/build/demo-wc.html

Line 5 in 2d3116e

<script src="./<%- htmlWebpackPlugin.options.libName %>.js"></script>

vue-cli/packages/@vue/cli-service/lib/commands/build/demo-lib-js.html

Line 3 in 2d3116e

<title><%- htmlWebpackPlugin.options.libName %> demo</title>

vue-cli/packages/@vue/cli-service/lib/commands/build/demo-lib-js.html

Line 4 in 2d3116e

<script src="./<%- htmlWebpackPlugin.options.assetsFileName %>.umd.js"></script>

vue-cli/packages/@vue/cli-service/lib/commands/build/demo-lib-js.html

Line 6 in 2d3116e

<link rel="stylesheet" href="./<%- htmlWebpackPlugin.options.assetsFileName %>.css">

vue-cli/packages/@vue/cli-service/lib/commands/build/demo-lib-js.html

Line 10 in 2d3116e

console.log(<%- htmlWebpackPlugin.options.libName %>)

vue-cli/packages/@vue/cli-service/lib/commands/build/demo-lib.html

Line 3 in 2d3116e

<title><%- htmlWebpackPlugin.options.libName %> demo</title>

vue-cli/packages/@vue/cli-service/lib/commands/build/demo-lib.html

Line 4 in 2d3116e

<script src="//unpkg.com/vue@<%- htmlWebpackPlugin.options.vueMajor %>"></script>

vue-cli/packages/@vue/cli-service/lib/commands/build/demo-lib.html

Line 5 in 2d3116e

<script src="./<%- htmlWebpackPlugin.options.assetsFileName %>.umd.js"></script>

vue-cli/packages/@vue/cli-service/lib/commands/build/demo-lib.html

Line 7 in 2d3116e

<link rel="stylesheet" href="./<%- htmlWebpackPlugin.options.assetsFileName %>.css">

vue-cli/packages/@vue/cli-service/lib/commands/build/demo-lib.html

Line 18 in 2d3116e

demo: <%- htmlWebpackPlugin.options.libName %>

vue-cli/packages/@vue/cli-service/lib/commands/build/demo-lib.html

Line 24 in 2d3116e

demo: <%- htmlWebpackPlugin.options.libName %>

vue-cli/packages/@vue/cli/lib/util/configTransforms.js

Line 51 in 2d3116e

read: ({ source }) => require('js-yaml').load(source),

vue-cli/packages/@vue/cli-ui/apollo-server/connectors/configurations.js

Line 80 in 2d3116e

fileData = yaml.load(rawContent)

vue-cli/packages/@vue/cli-ui/apollo-server/connectors/client-addons.js

Line 66 in 2d3116e

res.send(`Addon ${id} not found in loaded addons. Try opening a vue-cli project first?`)

More info on how to fix Insecure Processing of Data in Javascript.

Insecure Use of SQL Queries (6)

vue-cli/packages/@vue/cli-ui/apollo-server/schema/plugin.js

Line 81 in 2d3116e

plugin: (root, { id }, context) => plugins.findOne({ id, file: cwd.get() }, context)

vue-cli/packages/@vue/cli-ui/apollo-server/schema/task.js

Line 76 in 2d3116e

plugin: (task, args, context) => plugins.findOne({ id: task.pluginId, file: task.path }, context),

vue-cli/packages/@vue/cli-ui/apollo-server/schema/configuration.js

Line 39 in 2d3116e

plugin: (configuration, args, context) => plugins.findOne({ id: configuration.pluginId, file: cwd.get() }, context)

vue-cli/packages/@vue/cli-ui/apollo-server/connectors/widgets.js

Line 59 in 2d3116e

const plugin = plugins.findOne({ id: definition.pluginId, file: cwd.get() }, context)

vue-cli/packages/@vue/cli-ui/apollo-server/connectors/views.js

Line 75 in 2d3116e

const plugin = plugins.findOne({ id: view.pluginId, file: cwd.get() }, context)

vue-cli/packages/@vue/cli-ui/src/util/shared-data.js

Line 89 in 2d3116e

const projectId = await this.$getProjectId()

More info on how to fix Insecure Use of SQL Queries in Javascript.

👉 Go to the dashboard for detailed results.

📥 Happy? Share your feedback with us.

@pull pull bot added the merge-conflict Resolve conflicts manually label Feb 22, 2021
haoqunjiang and others added 27 commits March 24, 2021 13:55
@haoqunjiang
fix: work around npm6/postcss8 hoisting issue (#6358)
27b4263 
Closes #6342
@haoqunjiang
feat: a defineConfig API from @vue/cli-service for better typing …
54d5f78 
…support in `vue.config.js` (#6355)
@haoqunjiang
feat: when transpileDependencies is set to true, transpile all de…
d64e7d3 
…pendencies in `node_modules` (#6354)
@haoqunjiang
chore: lockfile maintenance
bb01585
@haoqunjiang
fix: check hoisted postcss version (#6372)
fa46ed4 
Also reverts #6358
@haoqunjiang
chore: pre release sync
a5f822c
@haoqunjiang
v5.0.0-alpha.8
89af6c5
@ylc395
feat(cli-service): add inline loader support for html-webpack-plugin (#…
de175d4 
…5997)

Close #2697
@fangbinwei
fix(mocha): workaround the SVGElement issue in Vue (#6400)
7838c0d 
related to vuejs/core#2929
@fangbinwei
fix(cli-service): respect the existing 'devtool' (#6402)
8654e82 
Respect the existing 'devtool' when running dev server

Fixes #6398
@haoqunjiang
chore: de-prioritize "Mocha + Chai" option as it requires webpack 4 f…
ae967f7 
…or now (#6401)
@yoyo930021
feat(cli-service): provide jsconfig.json in no-ts template (#6285)
0dc604c
@haoqunjiang
feat: support vue.config.mjs (#6405)
dd217b2
@Alex-Sokolov
docs: [RU] Translation update (#6417)
6563bc7 
* docs: (ru) config/readme.md update

* docs: (ru) eslint.md update

* docs: (ru) cli-service.md update

* docs: (ru) css.md update

* docs: (ru) mode-and-env.md update

* docs: (ru) deployment.md update

Co-authored-by: Alex Sokolov <[email protected]>
@haoqunjiang
feat!: turn on modern mode by default, and provide a --no-module op…
cd78376 
…tion (#6416)
@haoqunjiang
fix: disable realContentHash optimization in app target
448ab96 
It's messing with the html-webpack-plugin, telling it the wrong hash of
the legacy bundle, therefore making the modern mode fallback unusable.

(TODO: add a test later)
@haoqunjiang
fixup! fix: disable realContentHash optimization in app target
8a3dfa4
@m0ksem
fix: show fallback message for typescript jest preset if ts-jest is n…
2f5ced3 
…ot installed (#6418)

Co-authored-by: Haoqun Jiang <[email protected]>

closes #6383
@haoqunjiang
test: use explicit targets in babel tests
f782fa3 
Fixes the issue caused by babel/babel#12989
@haoqunjiang
chore: add notes about upcoming Babel 8 esmodules change [skip ci]
3b851a8
@haoqunjiang
feat: only needs one bundle if all targets support es module (#6419)
aad72cf
@haoqunjiang
chore: should output meaningful error message for missing vue-jest dep
791fa28 
follow up of #6418
@haoqunjiang
feat!: always inject safari-nomodule-fix as an external script; drop …
0aa8a55 
…`--no-unsafe-inline` flag (#6422)
@jamesgeorge007
chore: rely on default arg parser behavior (#6413)
a16b017
@haoqunjiang
feat!: upgrade to css-minimizer-webpack-plugin v2 (#6420)
e661a92
@MowlCoder
docs: fix master to main in heroku deployment (#6359)
ad213f0
@haoqunjiang
chore: some dependency version bumps (#6430)
4473ca2 
Default Cypress version is now v7
haoqunjiang and others added 30 commits June 15, 2022 16:17
@haoqunjiang
chore: run yarn-audit-fix
b2b07a5
@haoqunjiang
fix: should correctly resolve cypress bin path for Cypress 10
697bb44 
Fixes #7194
@haoqunjiang
docs: fix 404 links
619965b
@blzsaa
fix: eliminate calling deprecated function in cli-plugin-e2e-cypress …
27dba1a 
…and cli-plugin-e2e-nightwatch (#7158)

Co-authored-by: blzsaa <[email protected]>
@blzsaa
feat(upgrade): prevent changing the structure of package.json file du…
64446e0 
…ring upgrade (#7167)

Co-authored-by: blzsaa <[email protected]>
@haoqunjiang
v5.0.5
98c66c9
@haoqunjiang
fix: compatibility with Vue 2.7
a648958
@haoqunjiang
fixup! fix: compatibility with Vue 2.7
fcf27e3
@haoqunjiang
chore: fix lint errors
6b163f2
@haoqunjiang
v5.0.6
ef08a08
@backrunner
fix: optimize the judgment on whether HTTPS has been set in options (#…
bddd64d 
…7202)
@haoqunjiang
fix: support devServer.server option, avoid deprecation warning
558dea2 
Closes #7024
Fixes #7118

I choose to not merge the PR because I don't want add additional ways
to configure https for dev server (`--http2` command line argument,
`process.env.HTTPS`, etc.)

In the current implementation, `spdy` can only be configured by setting
`{ devServer: server: { type: 'spdy' } }`.
This is a deliberate choice, because SPDY support in Node.js 15+ is
broken anyway. I don't want bother refactoring the old code to
accommodate this broken feature.
@haoqunjiang
fix: allow disabling progress plugin via devServer.client.progress
beffe8a
@haoqunjiang
chore: upgrade to apollo-server-express 3.x (#7210)
23fa20f
@haoqunjiang
chore: update fallback chromedriver version
6f9b6ec 
It is only served as a fallback version number when local Chrome version
detection failed. Updating the version to the latest may reduce
user frustrations when such rare scenarios are encountered.

Closes #7203
@haoqunjiang
v5.0.7
4a0655f
@haoqunjiang
chore: update changelog
a5a893e
@haoqunjiang
fix: Vue CLI UI graphql subscription server error
07052c4 
Fixes #7221

`subscriptions-transport-ws` is also deprecated, we need to move to
`graphql-ws` one day.
But better deprecatedthan broken.
@backrunner
fix: add devServer.server.type to useHttps judgement (#7222)
0260e4d
@haoqunjiang
ci: bump appveyor node version
4e024b7 
The dev dependency `@graphql-eslint/eslint-plugin` is causing CI
failures in Node.js 12
@haoqunjiang
v5.0.8
b154dbd
@yyx990803
chore: update readme [ci skip]
bc1c0bc
@yyx990803
docs: bump vitepress
95ad425
@yyx990803
docs: add recommendation for create-vue in docs
7c0134e
@yyx990803
docs: simplify message wording + message on landing page
248f770
@yyx990803
docs: revert vitepress version
e636817
@lvqq
fix: pnpm v7 install error (#7265)
ea4c98a
@dependabot
chore(deps): bump loader-utils from 1.4.0 to 1.4.1 (#7324)
f0f254e 
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@haoqunjiang
docs: fix a broken link [skip ci]
cb4477f 
vuejs/eslint-config-prettier#11

I would recommend using the ESLint CLI directly over
`@vue/cli-plugin-eslint` at this point.
But for users who are stuck with old versions and still read this
migration guide, they deserve a working link.
@haoqunjiang
docs: add --no flag to npx command to avoid downloading the incor…
f36a4ed 
…rect package from npm

Thanks to @alxndrsn for finding this issue and the insightful blog post.
https://www.alxndrsn.com/2024-08-01-npx-binary-confusion/

Also thanks to @lirantal for his newsletter that brought this issue to
my attention.
https://www.nodejs-security.com/newsletter/npm-supply-chain-security-prisma-orm-security-fun-nodejs-security-challenges
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
⤵️ pull merge-conflict Resolve conflicts manually
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.