A high severity vulnerability introduced in your package

Hi, a vulnerability https://snyk.io/vuln/SNYK-JS-MERGE-1040469 is introduced in @vue/cli-ui@4.5.13  via:
●  @vue/cli-ui@5.0.0-beta.3 ➔ watch@1.0.2 ➔ exec-sh@0.2.2 ➔ merge@1.2.1

---
However, watch is a legacy package, which has not been maintained for about 4 years.
Is it possible to migrate watch to other package or remove it to remediate this vulnerability?

I noticed a migration record in other js repo for watch:

● in @google/clasp, version 2.3.2 ➔ 2.4.0, Migrate from watch to chokidar via [commit](https://github.com/google/clasp/commit/003d422b5b5fdae4ece6eb6c24db2591b53fc956)
● in forever-monitor, version 1.5.2 ➔ 1.6.0, Migrate from watch to chokidar via [commit](https://github.com/foreversd/forever-monitor/commit/12e35fcd17f0e7beace9a62dfd949300fe4fb371)

Thanks.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

A high severity vulnerability introduced in your package #6632

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Uh oh!

A high severity vulnerability introduced in your package #6632

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions