[Snyk] Upgrade jscodeshift from 0.11.0 to 0.12.0

[snyk-bot]

Snyk has created this PR to upgrade jscodeshift from 0.11.0 to 0.12.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 1 version ahead of your current version.
• The recommended version was released 21 days ago, on 2021-04-21.

Release notes

Package name: jscodeshift

• 0.12.0 - 2021-04-21
  No content.
• 0.11.0 - 2020-09-02
  

  0.11.0

from jscodeshift GitHub release notes

Commit messages

Package name: jscodeshift

• 711a2eb 0.12.0
• 788d6e1 Support newer TypeScript syntax (can't work with less-loader-4.0.0 vuejs/vue-cli#410)
• d8fb5ec Allow transform to be a promise. Resolves [Snyk] Security upgrade lerna from 3.22.1 to 5.5.2 #210.
• 5910a4d Merge pull request Escape double quotes in string prompts vuejs/vue-cli#388 from facebook/dependabot/npm_and_yarn/handlebars-4.7.6
• ae306e8 Merge pull request Generate .tern-project with vue init vuejs/vue-cli#404 from facebook/dependabot/npm_and_yarn/ini-1.3.7
• 62089ff Merge pull request Add filename when in handlebars errors vuejs/vue-cli#407 from lpoulter/bump-recast
• ecb9350 chore: update recast to allow ChainExpression types
• d2835fe Bump ini from 1.3.5 to 1.3.7
• 99eee8d Bump handlebars from 4.5.1 to 4.7.6
• 48f5d6d Merge pull request Make prompts when support function. vuejs/vue-cli#385 from martinsuchan/fix-license
• 3dc9fba Added "license" field to package.json. Fixes Complete not running vuejs/vue-cli#384

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

[mistaken-pull-closer]

Thanks for your submission.

It appears that you've created a pull request using one of our repository's branches. Since this is
almost always a mistake, we're going to go ahead and close this. If it was intentional, please
let us know what you were intending and we can see about reopening it.

Thanks again!

[pull-dog]

*Ruff* 🐶 I wasn't able to find any Docker Compose files in your repository at any of the given paths in the pull-dog.json configuration file, or the default docker-compose.yml file 😩 Make sure the given paths are correct.

Files checked:

• docker-compose.yml

What is this?

Pull Dog is a GitHub app that makes test environments for your pull requests using Docker, from a docker-compose.yml file you specify. It takes 19 seconds to set up (we counted!) and there's a free plan available.

Visit our website to learn more.

Commands

• @pull-dog up to reprovision or provision the server.
• @pull-dog down to delete the provisioned server.

Troubleshooting

Need help? Don't hesitate to file an issue in our repository

Configuration

{
  "isLazy": false,
  "dockerComposeYmlFilePaths": [
    "docker-compose.yml"
  ],
  "expiry": "00:00:00",
  "conversationMode": "singleComment"
}

Trace ID
6dfa8c40-b389-11eb-929c-c28e8467ed01

[guardrails]

⚠️ We detected 273 security issues in this pull request:

Mode: paranoid | Total findings: 273 | Considered vulnerability: 0

Hard-Coded Secrets (7)

Docs	Details
💡	Title: Hard-coded Secrets vue-cli/docs/.vuepress/config.js Line 58 in a0ca441 apiKey: 'f6df220f7d246aff64a56300b7f19f21',
💡	Title: Hard-coded Secrets vue-cli/docs/guide/browser-compatibility.md Line 77 in a0ca441 Content-Security-Policy: script-src 'self' 'sha256-4RS22DYeB7U14dra4KcQYxmwt5HkOInieXK1NUMBmQI='
💡	Title: Hard-coded Secrets vue-cli/docs/ru/guide/browser-compatibility.md Line 77 in a0ca441 Content-Security-Policy: script-src 'self' 'sha256-4RS22DYeB7U14dra4KcQYxmwt5HkOInieXK1NUMBmQI='
💡	Title: Hard-coded Secrets vue-cli/docs/zh/guide/browser-compatibility.md Line 77 in a0ca441 Content-Security-Policy: script-src 'self' 'sha256-4RS22DYeB7U14dra4KcQYxmwt5HkOInieXK1NUMBmQI='
💡	Title: Hard-coded Secrets vue-cli/docs/zh/guide/mode-and-env.md Line 106 in a0ca441 在构建过程中，`process.env.VUE_APP_SECRET` 将会被相应的值所取代。在 `VUE_APP_SECRET=secret` 的情况下，它会被替换为 `"secret"`。
💡	Title: Hard-coded Secrets vue-cli/packages/@vue/cli-ui/src/components/dependency/NpmPackageSearch.vue Line 6 in a0ca441 api-key="db283631f89b5b8a10707311f911fd00"
💡	Title: Hard-coded Secrets vue-cli/packages/@vue/cli-ui/src/components/prompt/PromptsList.vue Line 33 in a0ca441 password: 'input'

More info on how to fix Hard-Coded Secrets in General.

---

Insecure Use of Regular Expressions (31)

Docs	Details
💡	Title: Regex DOS (ReDOS) vue-cli/packages/@vue/babel-preset-app/__tests__/babel-preset.spec.js Line 12 in a0ca441 return new RegExp(`"${['.*node_modules', 'core-js', 'modules', mod].join(`[\\${path.sep}]+`)}`)
💡	Title: Regex DOS (ReDOS) vue-cli/packages/@vue/cli-plugin-babel/index.js Line 18 in a0ca441 return deps.length ? new RegExp(deps.join('|')) : null
💡	Title: Regex DOS (ReDOS) vue-cli/packages/@vue/cli-plugin-e2e-cypress/index.js Line 58 in a0ca441 const matchRE = new RegExp(`^--${argToRemove}$`)
💡	Title: Regex DOS (ReDOS) vue-cli/packages/@vue/cli-plugin-e2e-cypress/index.js Line 59 in a0ca441 const equalRE = new RegExp(`^--${argToRemove}=`)
💡	Title: Regex DOS (ReDOS) vue-cli/packages/@vue/cli-plugin-e2e-nightwatch/index.js Line 174 in a0ca441 const matchRE = new RegExp(`^--${argToRemove}`)
💡	Title: Regex DOS (ReDOS) vue-cli/packages/@vue/cli-plugin-e2e-nightwatch/index.js Line 175 in a0ca441 const equalRE = new RegExp(`^--${argToRemove}=`)
💡	Title: Regex DOS (ReDOS) vue-cli/packages/@vue/cli-service/lib/commands/build/setPublicPath.js Line 16 in a0ca441 var src = currentScript && currentScript.src.match(/(.+\/)[^/]+\.js(\?.*)?$/)
💡	Title: Regex DOS (ReDOS) vue-cli/packages/@vue/cli-service/lib/commands/serve.js Line 372 in a0ca441 from: new RegExp(`^/${name}`),
💡	Title: Regex DOS (ReDOS) vue-cli/packages/@vue/cli-service/lib/config/assets.js Line 39 in a0ca441 .test(/\.(png|jpe?g|gif|webp)(\?.*)?$/)
💡	Title: Regex DOS (ReDOS) vue-cli/packages/@vue/cli-service/lib/config/assets.js Line 48 in a0ca441 .test(/\.(svg)(\?.*)?$/)
💡	Title: Regex DOS (ReDOS) vue-cli/packages/@vue/cli-service/lib/config/assets.js Line 58 in a0ca441 .test(/\.(mp4|webm|ogg|mp3|wav|flac|aac)(\?.*)?$/)
💡	Title: Regex DOS (ReDOS) vue-cli/packages/@vue/cli-service/lib/config/assets.js Line 65 in a0ca441 .test(/\.(woff2?|eot|ttf|otf)(\?.*)?$/i)
💡	Title: Regex DOS (ReDOS) vue-cli/packages/@vue/cli-service/lib/util/isAbsoluteUrl.js Line 3 in a0ca441 return /^([a-z][a-z\d+\-.]*:)?\/\//i.test(url)
💡	Title: Regex DOS (ReDOS) vue-cli/packages/@vue/cli-ui/apollo-server/util/parse-diff.js Line 128 in a0ca441 [/^index\s[\da-zA-Z]+\.\.[\da-zA-Z]+(\s(\d+))?$/, index],
💡	Title: Regex DOS (ReDOS) vue-cli/packages/@vue/cli-ui/apollo-server/util/parse-diff.js Line 131 in a0ca441 [/^@@\s+-(\d+),?(\d+)?\s+\+(\d+),?(\d+)?\s@@/, chunk],
💡	Title: Regex DOS (ReDOS) vue-cli/packages/@vue/cli-ui/apollo-server/util/parse-diff.js Line 169 in a0ca441 const t = (/\t.*|\d{4}-\d\d-\d\d\s\d\d:\d\d:\d\d(.\d+)?\s(\+|-)\d\d\d\d/).exec(s)
💡	Title: Regex DOS (ReDOS) vue-cli/packages/@vue/cli-ui/apollo-server/util/parse-diff.js Line 179 in a0ca441 return s.replace(new RegExp(`^${chars}+`), '')
💡	Title: Regex DOS (ReDOS) vue-cli/packages/@vue/cli-ui/src/util/search.js Line 2 in a0ca441 return text && new RegExp(text.trim().replace(/\s+/g, '.{0,5}'), 'i')
💡	Title: Regex DOS (ReDOS) vue-cli/packages/@vue/cli-ui/ui-defaults/tasks.js Line 164 in a0ca441 match: /vue-cli-service serve(\s+--\S+(\s+\S+)?)*$/,
💡	Title: Regex DOS (ReDOS) vue-cli/packages/@vue/cli-ui/ui-defaults/tasks.js Line 242 in a0ca441 match: /vue-cli-service build(\s+--\S+(\s+\S+)?)*$/,
💡	Title: Regex DOS (ReDOS) vue-cli/packages/@vue/cli/lib/add.js Line 37 in a0ca441 const pluginRe = /^(@?[^@]+)(?:@(.+))?$/
💡	Title: Regex DOS (ReDOS) vue-cli/packages/@vue/cli/lib/options.js Line 53 in a0ca441 latestVersion: joi.string().regex(/^\d+\.\d+\.\d+(-(alpha|beta|rc)\.\d+)?$/),
💡	Title: Regex DOS (ReDOS) vue-cli/packages/@vue/cli/lib/ui.js Line 10 in a0ca441 const hostRegExp = new RegExp(`^https?://(${host}|${allowedHost}|localhost)(:\\d+)?$`)
💡	Title: Regex DOS (ReDOS) vue-cli/packages/@vue/cli/lib/util/ProjectPackageManager.js Line 78 in a0ca441 const nameRegExp = /^(@?[^@]+)(@.*)?$/
💡	Title: Regex DOS (ReDOS) vue-cli/scripts/syncDeps.js Line 152 in a0ca441 const updatedRE = new RegExp(`'(${Array.from(updatedDeps).join('|')})': '\\^(\\d+\\.\\d+\\.\\d+[^']*)'`)
💡	Title: Regex DOS (ReDOS) vue-cli/scripts/verifyCommitMsg.js Line 5 in a0ca441 const commitRE = /^(v\d+\.\d+\.\d+(-(alpha|beta|rc.\d+))?)|((revert: )?(feat|fix|docs|style|refactor|perf|test|workflow|ci|chore|types)(\(.+\))?!?: .{1,50})/
💡	Title: Regex DOS (ReDOS) vue-cli/packages/@vue/cli-service/lib/util/prepareProxy.js Line 106 in a0ca441 if (!/^http(s)?:\/\//.test(proxy)) {
💡	Title: Regex DOS (ReDOS) vue-cli/packages/@vue/cli/lib/Creator.js Line 342 in a0ca441 } else if (name.endsWith('.json') || /^\./.test(name) || path.isAbsolute(name)) {
💡	Title: Regex DOS (ReDOS) vue-cli/packages/@vue/cli-ui/apollo-server/util/highlight.js Line 30 in a0ca441 language = languages.find(l => l.test.test(filename))
💡	Title: Regex DOS (ReDOS) vue-cli/packages/@vue/cli-plugin-e2e-nightwatch/index.js Line 178 in a0ca441 rawArgs.splice(i, offset + (equalRE.test(rawArgs[i]) ? 0 : 1))
💡	Title: Regex DOS (ReDOS) vue-cli/packages/@vue/cli-plugin-e2e-cypress/index.js Line 63 in a0ca441 rawArgs.splice(i, offset + (equalRE.test(rawArgs[i]) ? 0 : 1))

More info on how to fix Insecure Use of Regular Expressions in JavaScript.

---

Insecure File Management (178)

Docs	Details
💡	Title: Use of non-literal fs filename vue-cli/packages/@vue/cli-plugin-babel/__tests__/transpileDependencies.spec.js Line 11 in a0ca441 const files = await fs.readdir(path.join(project.dir, 'dist/js'))
💡	Title: Use of non-literal require vue-cli/packages/@vue/cli-plugin-e2e-nightwatch/index.js Line 125 in a0ca441 userOptions = require(userOptionsPath)
💡	Title: Use of non-literal fs filename vue-cli/packages/@vue/cli-plugin-e2e-nightwatch/index.js Line 163 in a0ca441 fs.stat(source, function (err, stat) {
💡	Title: Use of non-literal fs filename vue-cli/packages/@vue/cli-plugin-e2e-webdriverio/index.js Line 37 in a0ca441 const isTS = fs.existsSync(path.join(api.getCwd(), 'tsconfig.json'))
💡	Title: Use of non-literal fs filename vue-cli/packages/@vue/cli-plugin-eslint/generator/index.js Line 17 in a0ca441 if (fs.existsSync(editorConfigTemplatePath)) {
💡	Title: Use of non-literal fs filename vue-cli/packages/@vue/cli-plugin-eslint/generator/index.js Line 18 in a0ca441 if (fs.existsSync(api.resolve('.editorconfig'))) {
💡	Title: Use of non-literal fs filename vue-cli/packages/@vue/cli-plugin-eslint/generator/index.js Line 21 in a0ca441 const editorconfig = fs.readFileSync(editorConfigTemplatePath, 'utf-8')
💡	Title: Use of non-literal fs filename vue-cli/packages/@vue/cli-plugin-eslint/lint.js Line 40 in a0ca441 if (!fs.existsSync(api.resolve('.eslintignore')) && !config.ignorePattern) {
💡	Title: Use of non-literal fs filename vue-cli/packages/@vue/cli-plugin-eslint/lint.js Line 90 in a0ca441 fs.writeFileSync(outputFilePath, formatter(report.results))
💡	Title: Use of non-literal require vue-cli/packages/@vue/cli-plugin-eslint/migrator/index.js Line 5 in a0ca441 const pkg = require(api.resolve('package.json'))
💡	Title: Use of non-literal fs filename vue-cli/packages/@vue/cli-plugin-pwa/index.js Line 8 in a0ca441 if (fs.existsSync(manifestPath)) {
💡	Title: Use of non-literal require vue-cli/packages/@vue/cli-plugin-pwa/index.js Line 10 in a0ca441 userOptions.manifestOptions = require(manifestPath)
💡	Title: Use of non-literal fs filename vue-cli/packages/@vue/cli-plugin-pwa/lib/noopServiceWorkerMiddleware.js Line 14 in a0ca441 const resetScript = fs.readFileSync(path.resolve(__dirname, 'noopServiceWorker.js'), 'utf-8')
💡	Title: Use of non-literal fs filename vue-cli/packages/@vue/cli-service/__tests__/Service.spec.js Line 134 in a0ca441 fs.writeFileSync(path.resolve('/', 'vue.config.js'), '') // only to ensure fs.existsSync returns true
💡	Title: Use of non-literal fs filename vue-cli/packages/@vue/cli-service/__tests__/Service.spec.js Line 147 in a0ca441 fs.writeFileSync(path.resolve('/', 'vue.config.js'), '')
💡	Title: Use of non-literal fs filename vue-cli/packages/@vue/cli-service/__tests__/ServiceESM.spec.js Line 10 in a0ca441 fs.writeFileSync(path.resolve('/', 'package.json'), JSON.stringify({
💡	Title: Use of non-literal fs filename vue-cli/packages/@vue/cli-service/__tests__/ServiceESM.spec.js Line 19 in a0ca441 if (fs.existsSync(configPath)) {
💡	Title: Use of non-literal fs filename vue-cli/packages/@vue/cli-service/__tests__/ServiceESM.spec.js Line 20 in a0ca441 fs.unlinkSync(configPath)
💡	Title: Use of non-literal fs filename vue-cli/packages/@vue/cli-service/__tests__/ServiceESM.spec.js Line 41 in a0ca441 fs.writeFileSync(configPath, '')
💡	Title: Use of non-literal fs filename vue-cli/packages/@vue/cli-service/__tests__/ServiceESM.spec.js Line 48 in a0ca441 fs.writeFileSync(configPath, '')
💡	Title: Use of non-literal fs filename vue-cli/packages/@vue/cli-service/__tests__/buildWcAsync.spec.js Line 23 in a0ca441 const files = await fs.readdir(path.resolve(project.dir, 'dist'))
💡	Title: Use of non-literal fs filename vue-cli/packages/@vue/cli-service/__tests__/modernMode.spec.js Line 19 in a0ca441 const files = await fs.readdir(path.join(project.dir, 'dist/js'))
💡	Title: Use of non-literal fs filename vue-cli/packages/@vue/cli-service/__tests__/modernMode.spec.js Line 92 in a0ca441 const files = await fs.readdir(path.join(project.dir, 'dist/js'))
💡	Title: Use of non-literal fs filename vue-cli/packages/@vue/cli-service/lib/PluginAPI.js Line 191 in a0ca441 if (!fs.existsSync(absolutePath)) {
💡	Title: Use of non-literal require vue-cli/packages/@vue/cli-service/lib/PluginAPI.js Line 198 in a0ca441 return JSON.stringify(require(absolutePath))
💡	Title: Use of non-literal fs filename vue-cli/packages/@vue/cli-service/lib/PluginAPI.js Line 200 in a0ca441 return fs.readFileSync(absolutePath, 'utf-8')
💡	Title: Use of non-literal fs filename vue-cli/packages/@vue/cli-service/lib/PluginAPI.js Line 203 in a0ca441 return fs.readFileSync(absolutePath, 'utf-8')
💡	Title: Use of non-literal require vue-cli/packages/@vue/cli-service/lib/Service.js Line 148 in a0ca441 apply: require(absolutePath || id)
💡	Title: Use of non-literal fs filename vue-cli/packages/@vue/cli-service/lib/Service.js Line 321 in a0ca441 if (resolvedPath && fs.existsSync(resolvedPath)) {
💡	Title: Use of non-literal fs filename vue-cli/packages/@vue/cli-service/lib/commands/build/formatStats.js Line 48 in a0ca441 const buffer = fs.readFileSync(filepath)
💡	Title: Use of non-literal fs filename vue-cli/packages/@vue/cli-service/lib/commands/build/resolveLibConfig.js Line 14 in a0ca441 if (!fs.existsSync(fullEntryPath)) {
💡	Title: Use of non-literal fs filename vue-cli/packages/@vue/cli-service/lib/commands/build/resolveLibConfig.js Line 90 in a0ca441 const entryContent = fs.readFileSync(fullEntryPath, 'utf-8')
💡	Title: Use of non-literal fs filename vue-cli/packages/@vue/cli-service/lib/commands/serve.js Line 358 in a0ca441 if (fs.existsSync(`/proc/1/cgroup`)) {
💡	Title: Use of non-literal fs filename vue-cli/packages/@vue/cli-service/lib/commands/serve.js Line 359 in a0ca441 const content = fs.readFileSync(`/proc/1/cgroup`, 'utf-8')
💡	Title: Use of non-literal fs filename vue-cli/packages/@vue/cli-service/lib/config/app.js Line 146 in a0ca441 htmlOptions.template = fs.existsSync(htmlPath)
💡	Title: Use of non-literal fs filename vue-cli/packages/@vue/cli-service/lib/config/app.js Line 208 in a0ca441 const hasDedicatedTemplate = fs.existsSync(api.resolve(template))
💡	Title: Use of non-literal fs filename vue-cli/packages/@vue/cli-service/lib/config/app.js Line 211 in a0ca441 : fs.existsSync(htmlPath)
💡	Title: Use of non-literal fs filename vue-cli/packages/@vue/cli-service/lib/config/app.js Line 280 in a0ca441 if (!isLegacyBundle && fs.existsSync(publicDir)) {
💡	Title: Use of non-literal fs filename vue-cli/packages/@vue/cli-service/lib/config/css.js Line 7 in a0ca441 if (fs.existsSync(path.join(context, file))) {
💡	Title: Use of non-literal fs filename vue-cli/packages/@vue/cli-service/lib/util/prepareProxy.js Line 52 in a0ca441 const isPublicFileRequest = fs.existsSync(maybePublicPath) && fs.statSync(maybePublicPath).isFile()
💡	Title: Use of non-literal fs filename vue-cli/packages/@vue/cli-service/lib/webpack/DashboardPlugin.js Line 161 in a0ca441 const buf = webpackFs.readFileSync(fullPath)
💡	Title: Use of non-literal fs filename vue-cli/packages/@vue/cli-service/lib/webpack/ModernModePlugin.js Line 35 in a0ca441 await fs.writeFile(tempFilename, JSON.stringify(data.bodyTags))
💡	Title: Use of non-literal fs filename vue-cli/packages/@vue/cli-service/lib/webpack/ModernModePlugin.js Line 67 in a0ca441 const legacyAssets = JSON.parse(await fs.readFile(tempFilename, 'utf-8'))
💡	Title: Use of non-literal fs filename vue-cli/packages/@vue/cli-service/lib/webpack/MovePlugin.js Line 11 in a0ca441 if (fs.existsSync(this.from)) {
💡	Title: Use of non-literal require vue-cli/packages/@vue/cli-shared-utils/index.js Line 16 in a0ca441 Object.assign(exports, require(`./lib/${m}`))
💡	Title: Use of non-literal fs filename vue-cli/packages/@vue/cli-shared-utils/lib/env.js Line 40 in a0ca441 const result = fs.existsSync(lockFile)
💡	Title: Use of non-literal fs filename vue-cli/packages/@vue/cli-shared-utils/lib/env.js Line 121 in a0ca441 const result = fs.existsSync(lockFile)
💡	Title: Use of non-literal fs filename vue-cli/packages/@vue/cli-shared-utils/lib/env.js Line 143 in a0ca441 const result = fs.existsSync(lockFile)
💡	Title: Use of non-literal require vue-cli/packages/@vue/cli-shared-utils/lib/module.js Line 75 in a0ca441 return require(request)
💡	Title: Use of non-literal require vue-cli/packages/@vue/cli-shared-utils/lib/module.js Line 86 in a0ca441 return require(resolvedPath)
💡	Title: Use of non-literal fs filename vue-cli/packages/@vue/cli-shared-utils/lib/pkg.js Line 6 in a0ca441 if (fs.existsSync(path.join(context, 'package.json'))) {
💡	Title: Use of non-literal require vue-cli/packages/@vue/cli-shared-utils/lib/pluginResolution.js Line 75 in a0ca441 pkg = require(`${id}/package.json`)
💡	Title: Use of non-literal fs filename vue-cli/packages/@vue/cli-test-utils/createTestProject.js Line 13 in a0ca441 return fs.readFile(path.resolve(projectRoot, file), 'utf-8')
💡	Title: Use of non-literal fs filename vue-cli/packages/@vue/cli-test-utils/createTestProject.js Line 17 in a0ca441 return fs.existsSync(path.resolve(projectRoot, file))
💡	Title: Use of non-literal fs filename vue-cli/packages/@vue/cli-test-utils/createTestProject.js Line 27 in a0ca441 return fs.ensureDir(dir).then(() => fs.writeFile(targetPath, content))
💡	Title: Use of non-literal fs filename vue-cli/packages/@vue/cli-test-utils/createUpgradableProject.js Line 17 in a0ca441 if (!fs.existsSync(outsideTestFolder)) {
💡	Title: Use of non-literal fs filename vue-cli/packages/@vue/cli-test-utils/createUpgradableProject.js Line 18 in a0ca441 fs.mkdirSync(outsideTestFolder)
💡	Title: Use of non-literal fs filename vue-cli/packages/@vue/cli-ui/apollo-server/api/PluginApi.js Line 493 in a0ca441 sharedData.watch({ id, projectId: this.project.id }, handler)
💡	Title: Use of non-literal fs filename vue-cli/packages/@vue/cli-ui/apollo-server/connectors/configurations.js Line 43 in a0ca441 if (fs.existsSync(resolvedFile)) {
💡	Title: Use of non-literal fs filename vue-cli/packages/@vue/cli-ui/apollo-server/connectors/configurations.js Line 76 in a0ca441 const rawContent = fs.readFileSync(file.path, { encoding: 'utf8' })
💡	Title: Use of non-literal fs filename vue-cli/packages/@vue/cli-ui/apollo-server/connectors/configurations.js Line 126 in a0ca441 const source = fs.readFileSync(file.path, { encoding: 'utf8' })
💡	Title: Use of non-literal fs filename vue-cli/packages/@vue/cli-ui/apollo-server/connectors/configurations.js Line 138 in a0ca441 fs.writeFileSync(file.path, rawContent, { encoding: 'utf8' })
💡	Title: Use of non-literal fs filename vue-cli/packages/@vue/cli-ui/apollo-server/connectors/cwd.js Line 20 in a0ca441 if (!fs.existsSync(value)) return
💡	Title: Use of non-literal fs filename vue-cli/packages/@vue/cli-ui/apollo-server/connectors/dependencies.js Line 73 in a0ca441 return resolvedPath && fs.existsSync(resolvedPath)
💡	Title: Use of non-literal fs filename vue-cli/packages/@vue/cli-ui/apollo-server/connectors/folders.js Line 19 in a0ca441 return fs.stat(file).then((x) => x.isDirectory())
💡	Title: Use of non-literal fs filename vue-cli/packages/@vue/cli-ui/apollo-server/connectors/folders.js Line 33 in a0ca441 const files = await fs.readdir(dir, 'utf8')
💡	Title: Use of non-literal fs filename vue-cli/packages/@vue/cli-ui/apollo-server/connectors/folders.js Line 117 in a0ca441 return fs.existsSync(path.join(file, 'package.json'))
💡	Title: Use of non-literal fs filename vue-cli/packages/@vue/cli-ui/apollo-server/connectors/folders.js Line 132 in a0ca441 if (fs.existsSync(pkgFile)) {
💡	Title: Use of non-literal fs filename vue-cli/packages/@vue/cli-ui/apollo-server/connectors/git.js Line 51 in a0ca441 const highlightedContentTo = highlightCode(fileDiff.to, fs.readFileSync(path.resolve(cwd.get(), fileDiff.to), { encoding: 'utf8' })).split('\n')
💡	Title: Use of non-literal fs filename vue-cli/packages/@vue/cli-ui/apollo-server/connectors/locales.js Line 50 in a0ca441 if (process.env.VUE_APP_CLI_UI_DEV && !watchedTrees.get(root) && fs.existsSync(folder)) {
💡	Title: Use of non-literal fs filename vue-cli/packages/@vue/cli-ui/apollo-server/connectors/plugins.js Line 105 in a0ca441 installed: fs.existsSync(dependencies.getPath({ id, file })),
💡	Title: Use of non-literal fs filename vue-cli/packages/@vue/cli-ui/apollo-server/connectors/plugins.js Line 216 in a0ca441 if (currentView) views.open(currentView.id)
💡	Title: Use of non-literal fs filename vue-cli/packages/@vue/cli-ui/apollo-server/connectors/plugins.js Line 263 in a0ca441 const folder = fs.existsSync(id) ? id : dependencies.getPath({ id, file: pluginApi.cwd })
💡	Title: Use of non-literal fs filename vue-cli/packages/@vue/cli-ui/apollo-server/connectors/plugins.js Line 289 in a0ca441 if (fs.existsSync(file)) {
💡	Title: Use of non-literal require vue-cli/packages/@vue/cli-ui/apollo-server/connectors/plugins.js Line 497 in a0ca441 let data = require(path.join(dependencies.getPath({ id, file: cwd.get() }), 'prompts'))
💡	Title: Use of non-literal fs filename vue-cli/packages/@vue/cli-ui/apollo-server/connectors/projects.js Line 54 in a0ca441 if (fs.existsSync(project.path)) {
💡	Title: Use of non-literal fs filename vue-cli/packages/@vue/cli-ui/apollo-server/connectors/projects.js Line 66 in a0ca441 if (currentProject && !fs.existsSync(currentProject.path)) {
💡	Title: Use of non-literal fs filename vue-cli/packages/@vue/cli-ui/apollo-server/connectors/projects.js Line 371 in a0ca441 if (!input.force && !fs.existsSync(path.join(input.path, 'node_modules'))) {
💡	Title: Use of non-literal fs filename vue-cli/packages/@vue/cli-ui/apollo-server/connectors/projects.js Line 395 in a0ca441 if (!fs.existsSync(project.path)) {
💡	Title: Use of non-literal fs filename vue-cli/packages/@vue/cli-ui/apollo-server/connectors/projects.js Line 458 in a0ca441 if (fs.existsSync(gitConfigPath)) {
💡	Title: Use of non-literal fs filename vue-cli/packages/@vue/cli-ui/apollo-server/connectors/shared-data.js Line 31 in a0ca441 if (fs.existsSync(path.resolve(rootFolder, projectId, `${id}.json`))) {
💡	Title: Use of non-literal fs filename vue-cli/packages/@vue/cli-ui/apollo-server/connectors/shared-data.js Line 49 in a0ca441 if (await fs.exists(file)) {
💡	Title: Use of non-literal require vue-cli/packages/@vue/cli-ui/apollo-server/resolvers.js Line 94 in a0ca441 const { resolvers: r } = require(file)
💡	Title: Use of non-literal fs filename vue-cli/packages/@vue/cli-ui/apollo-server/schema/folder.js Line 46 in a0ca441 folderOpen: (root, { path }, context) => folders.open(path, context),
💡	Title: Use of non-literal fs filename vue-cli/packages/@vue/cli-ui/apollo-server/schema/project.js Line 105 in a0ca441 projectOpen: (root, { id }, context) => projects.open(id, context),
💡	Title: Use of non-literal fs filename vue-cli/packages/@vue/cli-ui/apollo-server/schema/project.js Line 109 in a0ca441 projectRename: (root, args, context) => projects.rename(args, context),
💡	Title: Use of non-literal fs filename vue-cli/packages/@vue/cli-ui/apollo-server/schema/task.js Line 89 in a0ca441 taskOpen: (root, { id }, context) => tasks.open(id, context),
💡	Title: Use of non-literal fs filename vue-cli/packages/@vue/cli-ui/apollo-server/schema/view.js Line 56 in a0ca441 viewOpen: (root, { id }, context) => views.open(id, context)
💡	Title: Use of non-literal require vue-cli/packages/@vue/cli-ui/apollo-server/type-defs.js Line 90 in a0ca441 const { types } = require(file)
💡	Title: Use of non-literal require vue-cli/packages/@vue/cli-ui/graphql-server.js Line 188 in a0ca441 const module = require(file)
💡	Title: Use of non-literal require vue-cli/packages/@vue/cli-ui/src/i18n.js Line 57 in a0ca441 [i18n.locale]: require(`date-fns/locale/${dateFnsLocale}/index.js`)
💡	Title: Use of non-literal fs filename vue-cli/packages/@vue/cli/__tests__/Generator.spec.js Line 12 in a0ca441 fs.writeFileSync(path.resolve(templateDir, 'foo.js'), 'foo(<%- options.n %>)')
💡	Title: Use of non-literal fs filename vue-cli/packages/@vue/cli/__tests__/Generator.spec.js Line 14 in a0ca441 fs.writeFileSync(path.resolve(templateDir, 'bar/bar.js'), 'bar(<%- m %>)')
💡	Title: Use of non-literal fs filename vue-cli/packages/@vue/cli/__tests__/Generator.spec.js Line 15 in a0ca441 fs.writeFileSync(path.resolve(templateDir, 'bar/_bar.js'), '.bar(<%- m %>)')
💡	Title: Use of non-literal fs filename vue-cli/packages/@vue/cli/__tests__/Generator.spec.js Line 16 in a0ca441 fs.writeFileSync(path.resolve(templateDir, 'entry.js'), `
💡	Title: Use of non-literal fs filename vue-cli/packages/@vue/cli/__tests__/Generator.spec.js Line 25 in a0ca441 fs.writeFileSync(path.resolve(templateDir, 'empty-entry.js'), `;`)
💡	Title: Use of non-literal fs filename vue-cli/packages/@vue/cli/__tests__/Generator.spec.js Line 26 in a0ca441 fs.writeFileSync(path.resolve(templateDir, 'main.ts'), `const a: string = 'hello';`)
💡	Title: Use of non-literal fs filename vue-cli/packages/@vue/cli/__tests__/Generator.spec.js Line 27 in a0ca441 fs.writeFileSync(path.resolve(templateDir, 'hello.vue'), `
💡	Title: Use of non-literal fs filename vue-cli/packages/@vue/cli/__tests__/Generator.spec.js Line 42 in a0ca441 fs.writeFileSync(path.resolve(templateDir, 'replace.js'), `
💡	Title: Use of non-literal fs filename vue-cli/packages/@vue/cli/__tests__/Generator.spec.js Line 50 in a0ca441 fs.writeFileSync(path.resolve(templateDir, 'multi-replace-source.js'), `
💡	Title: Use of non-literal fs filename vue-cli/packages/@vue/cli/__tests__/Generator.spec.js Line 55 in a0ca441 fs.writeFileSync(path.resolve(templateDir, 'multi-replace.js'), `
💡	Title: Use of non-literal fs filename vue-cli/packages/@vue/cli/__tests__/Generator.spec.js Line 73 in a0ca441 fs.writeFileSync(path.resolve(templateDir, '_vscode/config.json'), `{}`)
💡	Title: Use of non-literal fs filename vue-cli/packages/@vue/cli/__tests__/Generator.spec.js Line 74 in a0ca441 fs.writeFileSync(path.resolve(templateDir, '_gitignore'), 'foo')
💡	Title: Use of non-literal fs filename vue-cli/packages/@vue/cli/__tests__/options.spec.js Line 13 in a0ca441 fs.writeFileSync(rcPath, JSON.stringify({
💡	Title: Use of non-literal fs filename vue-cli/packages/@vue/cli/__tests__/preset.spec.js Line 27 in a0ca441 const testFile = await fs.readFile(path.resolve(cwd, name, 'test.js'), 'utf-8')
💡	Title: Use of non-literal require vue-cli/packages/@vue/cli/__tests__/preset.spec.js Line 30 in a0ca441 const pkg = require(path.resolve(cwd, name, 'package.json'))
💡	Title: Use of non-literal fs filename vue-cli/packages/@vue/cli/__tests__/preset.spec.js Line 53 in a0ca441 const testFile = await fs.readFile(path.resolve(cwd, name, 'test.js'), 'utf-8')
💡	Title: Use of non-literal require vue-cli/packages/@vue/cli/__tests__/preset.spec.js Line 56 in a0ca441 const pkg = require(path.resolve(cwd, name, 'package.json'))
💡	Title: Use of non-literal fs filename vue-cli/packages/@vue/cli/__tests__/preset.spec.js Line 79 in a0ca441 const testFile = await fs.readFile(path.resolve(cwd, name, 'test.js'), 'utf-8')
💡	Title: Use of non-literal require vue-cli/packages/@vue/cli/__tests__/preset.spec.js Line 82 in a0ca441 const pkg = require(path.resolve(cwd, name, 'package.json'))
💡	Title: Use of non-literal fs filename vue-cli/packages/@vue/cli/__tests__/preset.spec.js Line 105 in a0ca441 const readme = await fs.readFile(path.resolve(cwd, name, 'README.md'), 'utf-8')
💡	Title: Use of non-literal require vue-cli/packages/@vue/cli/__tests__/preset.spec.js Line 108 in a0ca441 const pkg = require(path.resolve(cwd, name, 'package.json'))
💡	Title: Use of non-literal fs filename vue-cli/packages/@vue/cli/bin/vue.js Line 30 in a0ca441 fs.existsSync(path.resolve(process.cwd(), '../@vue')) ||
💡	Title: Use of non-literal fs filename vue-cli/packages/@vue/cli/bin/vue.js Line 31 in a0ca441 fs.existsSync(path.resolve(process.cwd(), '../../@vue'))
💡	Title: Use of non-literal fs filename vue-cli/packages/@vue/cli/lib/GeneratorAPI.js Line 442 in a0ca441 return (this._entryFile = fs.existsSync(this.resolve('src/main.ts')) ? 'src/main.ts' : 'src/main.js')
💡	Title: Use of non-literal fs filename vue-cli/packages/@vue/cli/lib/GeneratorAPI.js Line 479 in a0ca441 return fs.readFileSync(name) // return buffer
💡	Title: Use of non-literal fs filename vue-cli/packages/@vue/cli/lib/GeneratorAPI.js Line 481 in a0ca441 const template = fs.readFileSync(name, 'utf-8')
💡	Title: Use of non-literal fs filename vue-cli/packages/@vue/cli/lib/GeneratorAPI.js Line 516 in a0ca441 finalTemplate = fs.readFileSync(extendPath, 'utf-8')
💡	Title: Use of non-literal fs filename vue-cli/packages/@vue/cli/lib/Upgrader.js Line 102 in a0ca441 fs.writeFileSync(path.resolve(this.context, 'package.json'), JSON.stringify(this.pkg, null, 2))
💡	Title: Use of non-literal fs filename vue-cli/packages/@vue/cli/lib/config.js Line 35 in a0ca441 await fs.writeFile(file, JSON.stringify(config, null, 2), 'utf-8')
💡	Title: Use of non-literal fs filename vue-cli/packages/@vue/cli/lib/config.js Line 68 in a0ca441 await fs.writeFile(file, JSON.stringify(config, null, 2), 'utf-8')
💡	Title: Use of non-literal fs filename vue-cli/packages/@vue/cli/lib/create.js Line 32 in a0ca441 if (fs.existsSync(targetDir) && !options.merge) {
💡	Title: Use of non-literal fs filename vue-cli/packages/@vue/cli/lib/inspect.js Line 21 in a0ca441 if (fs.existsSync(binPath)) {
💡	Title: Use of non-literal fs filename vue-cli/packages/@vue/cli/lib/options.js Line 94 in a0ca441 if (fs.existsSync(rcPath)) {
💡	Title: Use of non-literal fs filename vue-cli/packages/@vue/cli/lib/options.js Line 96 in a0ca441 cachedOptions = JSON.parse(fs.readFileSync(rcPath, 'utf-8'))
💡	Title: Use of non-literal fs filename vue-cli/packages/@vue/cli/lib/options.js Line 127 in a0ca441 fs.writeFileSync(rcPath, JSON.stringify(options, null, 2))
💡	Title: Use of non-literal fs filename vue-cli/packages/@vue/cli/lib/util/ProjectPackageManager.js Line 213 in a0ca441 if (fs.existsSync(loc)) {
💡	Title: Use of non-literal fs filename vue-cli/packages/@vue/cli/lib/util/ProjectPackageManager.js Line 216 in a0ca441 npmConfig = Object.assign({}, ini.parse(fs.readFileSync(loc, 'utf-8')), npmConfig)
💡	Title: Use of non-literal fs filename vue-cli/packages/@vue/cli/lib/util/ProjectPackageManager.js Line 423 in a0ca441 await fs.symlink(src, dest, 'dir')
💡	Title: Use of non-literal require vue-cli/packages/@vue/cli/lib/util/createTools.js Line 13 in a0ca441 ].map(file => require(`../promptModules/${file}`))
💡	Title: Use of non-literal fs filename vue-cli/packages/@vue/cli/lib/util/getPkg.js Line 12 in a0ca441 packageJson = fs.readFileSync(packagePath, 'utf-8')
💡	Title: Use of non-literal fs filename vue-cli/packages/@vue/cli/lib/util/linkBin.js Line 18 in a0ca441 await fs.symlink(src, dest)
💡	Title: Use of non-literal fs filename vue-cli/packages/@vue/cli/lib/util/linkBin.js Line 19 in a0ca441 await fs.chmod(dest, '755')
💡	Title: Use of non-literal require vue-cli/packages/@vue/cli/lib/util/loadCommand.js Line 9 in a0ca441 return require(moduleName)
💡	Title: Use of non-literal fs filename vue-cli/packages/@vue/cli/lib/util/loadLocalPreset.js Line 5 in a0ca441 const stats = fs.statSync(path)
💡	Title: Use of non-literal fs filename vue-cli/packages/@vue/cli/lib/util/loadPresetFromDir.js Line 6 in a0ca441 if (!fs.existsSync(presetPath)) {
💡	Title: Use of non-literal fs filename vue-cli/packages/@vue/cli/lib/util/loadPresetFromDir.js Line 13 in a0ca441 const hasGenerator = fs.existsSync(path.join(dir, 'generator.js')) || fs.existsSync(path.join(dir, 'generator/index.js'))
💡	Title: Use of non-literal fs filename vue-cli/packages/@vue/cli/lib/util/rcPath.js Line 9 in a0ca441 if (!fs.existsSync(rcDir)) {
💡	Title: Use of non-literal fs filename vue-cli/packages/@vue/cli/lib/util/rcPath.js Line 28 in a0ca441 if (fs.existsSync(rcFile)) {
💡	Title: Use of non-literal fs filename vue-cli/packages/@vue/cli/lib/util/rcPath.js Line 30 in a0ca441 if (fs.existsSync(properRcFile)) {
💡	Title: Use of non-literal fs filename vue-cli/packages/@vue/cli/lib/util/readFiles.js Line 20 in a0ca441 ? fs.readFileSync(name)
💡	Title: Use of non-literal fs filename vue-cli/packages/@vue/cli/lib/util/readFiles.js Line 21 in a0ca441 : fs.readFileSync(name, 'utf-8')
💡	Title: Use of non-literal fs filename vue-cli/packages/@vue/cli/lib/util/writeFileTree.js Line 11 in a0ca441 return fs.unlink(path.join(directory, filename))
💡	Title: Use of non-literal fs filename vue-cli/packages/@vue/cli/lib/util/writeFileTree.js Line 33 in a0ca441 fs.writeFileSync(filePath, files[name])
💡	Title: Use of non-literal fs filename vue-cli/scripts/bootstrap.js Line 8 in a0ca441 const files = fs.readdirSync(packagesDir)
💡	Title: Use of non-literal fs filename vue-cli/scripts/bootstrap.js Line 19 in a0ca441 if (!fs.existsSync(pkgPath)) {
💡	Title: Use of non-literal fs filename vue-cli/scripts/bootstrap.js Line 43 in a0ca441 fs.writeFileSync(pkgPath, JSON.stringify(json, null, 2))
💡	Title: Use of non-literal fs filename vue-cli/scripts/bootstrap.js Line 47 in a0ca441 if (!fs.existsSync(readmePath)) {
💡	Title: Use of non-literal fs filename vue-cli/scripts/bootstrap.js Line 48 in a0ca441 fs.writeFileSync(readmePath, `# @vue/${pkg}\n\n> ${desc}`)
💡	Title: Use of non-literal fs filename vue-cli/scripts/bootstrap.js Line 52 in a0ca441 if (!fs.existsSync(npmIgnorePath)) {
💡	Title: Use of non-literal fs filename vue-cli/scripts/bootstrap.js Line 53 in a0ca441 fs.writeFileSync(npmIgnorePath, `__tests__\n__mocks__`)
💡	Title: Use of non-literal fs filename vue-cli/scripts/buildEditorConfig.js Line 96 in a0ca441 const configList = fs.readdirSync(path.resolve(__dirname, '../packages/@vue/'))
💡	Title: Use of non-literal fs filename vue-cli/scripts/buildEditorConfig.js Line 118 in a0ca441 if (!fs.existsSync(templateDir)) {
💡	Title: Use of non-literal fs filename vue-cli/scripts/buildEditorConfig.js Line 119 in a0ca441 fs.mkdirSync(templateDir)
💡	Title: Use of non-literal fs filename vue-cli/scripts/buildEditorConfig.js Line 121 in a0ca441 fs.writeFileSync(`${templateDir}/_editorconfig`, content)
💡	Title: Use of non-literal fs filename vue-cli/scripts/checkLinks.js Line 23 in a0ca441 const contents = fs.readFileSync(file, { encoding: 'utf8' })
💡	Title: Use of non-literal fs filename vue-cli/scripts/checkLinks.js Line 36 in a0ca441 const files = fs.readdirSync(folder)
💡	Title: Use of non-literal fs filename vue-cli/scripts/checkLinks.js Line 41 in a0ca441 } else if (fs.statSync(fullPath).isDirectory()) {
💡	Title: Use of non-literal fs filename vue-cli/scripts/genChangelog.js Line 23 in a0ca441 newRelease + '\n\n\n' + fs.readFileSync(changelogPath, { encoding: 'utf8' })
💡	Title: Use of non-literal fs filename vue-cli/scripts/genChangelog.js Line 24 in a0ca441 fs.writeFileSync(changelogPath, newChangelog)
💡	Title: Use of non-literal fs filename vue-cli/scripts/genDocs.js Line 9 in a0ca441 const entryContent = fs.readFileSync(entryPath)
💡	Title: Use of non-literal fs filename vue-cli/scripts/genDocs.js Line 11 in a0ca441 fs.writeFile(docPath, entryContent, () => { })
💡	Title: Use of non-literal fs filename vue-cli/scripts/genDocs.js Line 15 in a0ca441 fs.readdir(pluginsDirPath, (_, files) => {
💡	Title: Use of non-literal fs filename vue-cli/scripts/patchChromedriver.js Line 14 in a0ca441 fs.writeFileSync(path.resolve(__dirname, '../package.json'), JSON.stringify(pkg, null, 2))
💡	Title: Use of non-literal fs filename vue-cli/scripts/syncDeps.js Line 90 in a0ca441 fs.writeFileSync(file, writeCache[file])
💡	Title: Use of non-literal require vue-cli/scripts/syncDeps.js Line 104 in a0ca441 const pkg = require(path.resolve(__dirname, '../', filePath))
💡	Title: Use of non-literal require vue-cli/scripts/syncDeps.js Line 173 in a0ca441 return require(`../packages/${pkg}/package.json`).version
💡	Title: Use of non-literal require vue-cli/scripts/syncDeps.js Line 181 in a0ca441 return version || require(`../packages/${pkg}/package.json`).version
💡	Title: Use of non-literal fs filename vue-cli/scripts/syncDeps.js Line 188 in a0ca441 const updated = fs.readFileSync(filePath, 'utf-8')
💡	Title: Use of non-literal fs filename vue-cli/scripts/verifyCommitMsg.js Line 3 in a0ca441 const msg = require('fs').readFileSync(msgPath, 'utf-8').trim()
💡	Title: User input in require() vue-cli/packages/@vue/cli-plugin-pwa/index.js Line 13 in a0ca441 `The ${chalk.red('public/manifest.json')} file will be ignored in favor of ${chalk.cyan('pwa.manifestOptions')}`
💡	Title: Path Traversal from user input vue-cli/packages/@vue/cli-service/lib/config/app.js Line 115 in a0ca441 ])
💡	Title: Path Traversal from user input vue-cli/packages/@vue/cli-ui/apollo-server/connectors/projects.js Line 269 in a0ca441 const targetDir = path.join(cwd.get(), input.folder)
💡	Title: Path Traversal from user input vue-cli/packages/@vue/cli-ui/apollo-server/connectors/projects.js Line 457 in a0ca441 const gitConfigPath = path.join(project.path, '.git', 'config')
💡	Title: Path Traversal from user input vue-cli/packages/@vue/cli-ui/apollo-server/connectors/files.js Line 13 in a0ca441 query = path.resolve(cwd.get(), input.file)
💡	Title: Path Traversal from user input vue-cli/packages/@vue/cli-service/lib/util/getAssetPath.js Line 5 in a0ca441 ? path.posix.join(options.assetsDir, filePath)

---

This comment has been truncated due to comment length limitations, please go to the dashboard for further details.

---

👉 Go to the dashboard for detailed results.

📥 Happy? Share your feedback with us.