Vulnerability in the vue-codemod dependency in the yarn.lock file

[sturdy5]

What problem does this feature solve?

Security vulnerability in the colors.js component which is part of the vue-codemod dependency, which only exists in the yarn.lock file - https://github.com/vuejs/vue-cli/blob/v4.5.15/yarn.lock#L19894

What does the proposed API look like?

I propose the yarn.lock file be cleaned up. There is no dependency on vue-codemod in the package.json file. I don't see a reason the vue-codemod component should still be in the yarn.lock file.

If the vue-codemod dependency is actually needed, it should be listed in the package.json file to make updates easier. Additionally, I've submitted a pull request on vue-codemod to fix the security vulnerability - vuejs/vue-codemod#34 - but there has been no activity on that repository in a while, so I'm not sure it is actively maintained any longer.