Skip to content

Bump jest version in @vue/cli-plugin-unit-jest #3450

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
fourpixels opened this issue Feb 13, 2019 · 7 comments
Closed

Bump jest version in @vue/cli-plugin-unit-jest #3450

fourpixels opened this issue Feb 13, 2019 · 7 comments
Labels
semver: major

Comments

@fourpixels
Copy link

What problem does this feature solve?

It's been said that Jest 24 comes with the option to transpile globalSetup files using babel (to use ES6 modules), but current jest version in cli-plugin-unit-jest is "^23.6.0"

What does the proposed API look like?

"^24.1.0"
@ghost
Copy link

ghost commented Feb 18, 2019

Beside the new options, the current jest ^23.6.0 transitively depends on braces ^1.8.2 through micromatch ^2.3.11.

This causes the vue-projects that use the current @vue/cli-plugin-unit-jest to have 63 low severity vulnerabilities because of https://www.npmjs.com/advisories/786.

Similar to #3257 but it is nightwatch there.

@dcrystalj
Copy link

is there any workaround yet?

@bendebebe
Copy link

According to: facebook/jest#6743

Unless you're using micromatch to generate passwords or API tokens, I think it's safe to say that this is unlikely to actually be a concern

You should be able to use v23.6.0 in the meantime - of course, that's only if you aren't taking advantage of v24 already.

@fourpixels
Copy link
Author

Any news? Are there any blockers to do so? It's been a while..

@thomasmichaelwallace
Copy link

I've been successful with yarn resolutions adding the following to package.json

  "resolutions": {
    "@vue/cli-plugin-unit-jest/jest": "^24.6.0",
    "@vue/cli-plugin-unit-jest/babel-jest": "^24.6.0"
  },

@haoqunjiang haoqunjiang mentioned this issue Apr 23, 2019
Merged
haoqunjiang added a commit that referenced this issue Apr 25, 2019
@haoqunjiang
feat!: upgrade jest to v24 (#3870)
edc52af 
BREAKING CHANGE:
See:
https://jestjs.io/blog/2019/01/25/jest-24-refreshing-polished-typescript-friendly
https://github.com/facebook/jest/blob/20ba4be9499d50ed0c9231b86d4a64ec8a6bd303/CHANGELOG.md#2400

closes #3450
closes #3605
closes #3497
@grtjn
Copy link

grtjn commented May 31, 2019

It seems it is fixed in 4-alpha, but not in 3.8.2 yet. Could it be bumped in v3 branch as well? Getting one vulnerability message repeated 63 times for just a dev dependency, even if it is just low, is pretty disturbing..

@haoqunjiang
Copy link
Member

We can't. Because it's a breaking change.

@yannbertrand yannbertrand mentioned this issue Aug 5, 2019
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
semver: major
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
6 participants
@grtjn @dcrystalj @thomasmichaelwallace @haoqunjiang @fourpixels @bendebebe