From 75826d6598e7c17f727a891432d1902b9f31db0e Mon Sep 17 00:00:00 2001
From: Haoqun Jiang <haoqunjiang@gmail.com>
Date: Tue, 22 Mar 2022 21:32:18 +0800
Subject: [PATCH] fix: replace `node-ipc` with `@achrinza/node-ipc` to further
 secure the dependency chain

---
 packages/@vue/cli-shared-utils/lib/ipc.js     |  2 +-
 packages/@vue/cli-shared-utils/package.json   |  2 +-
 .../@vue/cli-ui/apollo-server/util/ipc.js     |  2 +-
 packages/@vue/cli-ui/package.json             |  2 +-
 yarn.lock                                     | 34 +++++++++----------
 5 files changed, 21 insertions(+), 21 deletions(-)

diff --git a/packages/@vue/cli-shared-utils/lib/ipc.js b/packages/@vue/cli-shared-utils/lib/ipc.js
index 96b5d4afd8..1f7f88d331 100644
--- a/packages/@vue/cli-shared-utils/lib/ipc.js
+++ b/packages/@vue/cli-shared-utils/lib/ipc.js
@@ -1,4 +1,4 @@
-const ipc = require('node-ipc')
+const ipc = require('@achrinza/node-ipc')
 
 const DEFAULT_ID = process.env.VUE_CLI_IPC || 'vue-cli'
 const DEFAULT_IDLE_TIMEOUT = 3000
diff --git a/packages/@vue/cli-shared-utils/package.json b/packages/@vue/cli-shared-utils/package.json
index 3a24c9061a..1e810e0789 100644
--- a/packages/@vue/cli-shared-utils/package.json
+++ b/packages/@vue/cli-shared-utils/package.json
@@ -26,7 +26,7 @@
     "launch-editor": "^2.2.1",
     "lru-cache": "^6.0.0",
     "node-fetch": "^2.6.7",
-    "node-ipc": "9.2.1",
+    "@achrinza/node-ipc": "9.2.2",
     "open": "^8.0.2",
     "ora": "^5.3.0",
     "read-pkg": "^5.1.1",
diff --git a/packages/@vue/cli-ui/apollo-server/util/ipc.js b/packages/@vue/cli-ui/apollo-server/util/ipc.js
index ce850afaa5..b7eb294cfd 100644
--- a/packages/@vue/cli-ui/apollo-server/util/ipc.js
+++ b/packages/@vue/cli-ui/apollo-server/util/ipc.js
@@ -1,4 +1,4 @@
-const ipc = require('node-ipc')
+const ipc = require('@achrinza/node-ipc')
 // Utils
 const { log, dumpObject } = require('../util/logger')
 
diff --git a/packages/@vue/cli-ui/package.json b/packages/@vue/cli-ui/package.json
index 48e2ed9966..1a84fe2126 100644
--- a/packages/@vue/cli-ui/package.json
+++ b/packages/@vue/cli-ui/package.json
@@ -53,7 +53,7 @@
     "lodash.merge": "^4.6.1",
     "lowdb": "^1.0.0",
     "lru-cache": "^6.0.0",
-    "node-ipc": "9.2.1",
+    "@achrinza/node-ipc": "9.2.2",
     "node-notifier": "^10.0.0",
     "parse-git-config": "^3.0.0",
     "portfinder": "^1.0.26",
diff --git a/yarn.lock b/yarn.lock
index fb9d915cde..13d9a1e7b1 100644
--- a/yarn.lock
+++ b/yarn.lock
@@ -2,6 +2,15 @@
 # yarn lockfile v1
 
 
+"@achrinza/node-ipc@9.2.2":
+  version "9.2.2"
+  resolved "https://registry.yarnpkg.com/@achrinza/node-ipc/-/node-ipc-9.2.2.tgz#ae1b5d3d6a9362034eea60c8d946b93893c2e4ec"
+  integrity sha512-b90U39dx0cU6emsOvy5hxU4ApNXnE3+Tuo8XQZfiKTGelDwpMwBVgBP7QX6dGTcJgu/miyJuNJ/2naFBliNWEw==
+  dependencies:
+    "@node-ipc/js-queue" "2.0.3"
+    event-pubsub "4.3.0"
+    js-message "1.0.7"
+
 "@akryum/winattr@^3.0.0":
   version "3.0.0"
   resolved "https://registry.yarnpkg.com/@akryum/winattr/-/winattr-3.0.0.tgz#c345d49f8415583897e345729c12b3503927dd11"
@@ -2824,6 +2833,13 @@
     pathval "1.1.1"
     type-detect "4.0.5"
 
+"@node-ipc/js-queue@2.0.3":
+  version "2.0.3"
+  resolved "https://registry.yarnpkg.com/@node-ipc/js-queue/-/js-queue-2.0.3.tgz#ac7fe33d766fa53e233ef8fedaf3443a01c5a4cd"
+  integrity sha512-fL1wpr8hhD5gT2dA1qifeVaoDFlQR5es8tFuKqjHX+kdOtdNHnxkVZbtIrR2rxnMFvehkjaZRNV2H/gPXlb0hw==
+  dependencies:
+    easy-stack "1.0.1"
+
 "@nodelib/fs.scandir@2.1.5":
   version "2.1.5"
   resolved "https://registry.yarnpkg.com/@nodelib/fs.scandir/-/fs.scandir-2.1.5.tgz#7619c2eb21b25483f6d167548b4cfd5a7488c3d5"
@@ -8622,7 +8638,7 @@ duplexer@^0.1.1, duplexer@^0.1.2, duplexer@~0.1.1:
   resolved "https://registry.yarnpkg.com/duplexer/-/duplexer-0.1.2.tgz#3abe43aef3835f8ae077d136ddce0f276b0400e6"
   integrity sha512-jtD6YG370ZCIi/9GTaJKQxWTZD045+4R4hTk/x1UyoqadyJ9x9CgSi1RlVDQF8U2sxLLSnFkCaMihqljHIWgMg==
 
-easy-stack@^1.0.1:
+easy-stack@1.0.1:
   version "1.0.1"
   resolved "https://registry.yarnpkg.com/easy-stack/-/easy-stack-1.0.1.tgz#8afe4264626988cabb11f3c704ccd0c835411066"
   integrity sha512-wK2sCs4feiiJeFXn3zvY0p41mdU5VUgbgs1rNsc/y5ngFUijdWd+iIN8eoyuZHKB8xN6BL4PdWmzqFmxNg6V2w==
@@ -12826,13 +12842,6 @@ js-message@1.0.7:
   resolved "https://registry.yarnpkg.com/js-message/-/js-message-1.0.7.tgz#fbddd053c7a47021871bb8b2c95397cc17c20e47"
   integrity sha512-efJLHhLjIyKRewNS9EGZ4UpI8NguuL6fKkhRxVuMmrGV2xN/0APGdQYwLFky5w9naebSZ0OwAGp0G6/2Cg90rA==
 
-js-queue@2.0.2:
-  version "2.0.2"
-  resolved "https://registry.yarnpkg.com/js-queue/-/js-queue-2.0.2.tgz#0be590338f903b36c73d33c31883a821412cd482"
-  integrity sha512-pbKLsbCfi7kriM3s1J4DDCo7jQkI58zPLHi0heXPzPlj0hjUsm+FesPUbE0DSbIVIK503A36aUBoCN7eMFedkA==
-  dependencies:
-    easy-stack "^1.0.1"
-
 "js-tokens@^3.0.0 || ^4.0.0", js-tokens@^4.0.0:
   version "4.0.0"
   resolved "https://registry.yarnpkg.com/js-tokens/-/js-tokens-4.0.0.tgz#19203fb59991df98e3a287050d4647cdeaf32499"
@@ -14919,15 +14928,6 @@ node-int64@^0.4.0:
   resolved "https://registry.yarnpkg.com/node-int64/-/node-int64-0.4.0.tgz#87a9065cdb355d3182d8f94ce11188b825c68a3b"
   integrity sha1-h6kGXNs1XTGC2PlM4RGIuCXGijs=
 
-node-ipc@9.2.1:
-  version "9.2.1"
-  resolved "https://registry.yarnpkg.com/node-ipc/-/node-ipc-9.2.1.tgz#b32f66115f9d6ce841dc4ec2009d6a733f98bb6b"
-  integrity sha512-mJzaM6O3xHf9VT8BULvJSbdVbmHUKRNOH7zDDkCrA1/T+CVjq2WVIDfLt0azZRXpgArJtl3rtmEozrbXPZ9GaQ==
-  dependencies:
-    event-pubsub "4.3.0"
-    js-message "1.0.7"
-    js-queue "2.0.2"
-
 node-notifier@^10.0.0:
   version "10.0.1"
   resolved "https://registry.yarnpkg.com/node-notifier/-/node-notifier-10.0.1.tgz#0e82014a15a8456c4cfcdb25858750399ae5f1c7"