Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Snyk] Upgrade: , vue, , , , autoprefixer, axios, bootstrap, bootstrap-icons-vue, css-loader, dashjs, icecast-metadata-player, laravel-echo, moment, patch-package, sass, sass-loader, socket.io-client, vue-router, vue-tsc #179

Merged
merged 1 commit into from
Sep 21, 2024

Conversation

xorinzor
Copy link
Member

snyk-top-banner

Snyk has created this PR to upgrade multiple dependencies.

👯 The following dependencies are linked and will therefore be updated together.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

Name Versions Released on

@babel/core
from 7.22.6 to 7.25.2 | 27 versions ahead of your current version | 2 months ago
on 2024-07-30
vue
from 3.4.35 to 3.4.38 | 3 versions ahead of your current version | a month ago
on 2024-08-15
@apollo/client
from 3.11.2 to 3.11.5 | 3 versions ahead of your current version | 24 days ago
on 2024-08-28
@vue/apollo-composable
from 4.0.2 to 4.2.1 | 3 versions ahead of your current version | a month ago
on 2024-08-23
@vue/compiler-sfc
from 3.4.35 to 3.4.38 | 3 versions ahead of your current version | a month ago
on 2024-08-15
autoprefixer
from 10.4.14 to 10.4.20 | 6 versions ahead of your current version | 2 months ago
on 2024-08-02
axios
from 1.7.4 to 1.7.6 | 2 versions ahead of your current version | 22 days ago
on 2024-08-30
bootstrap
from 5.3.2 to 5.3.3 | 1 version ahead of your current version | 7 months ago
on 2024-02-20
bootstrap-icons-vue
from 1.11.1 to 1.11.3 | 1 version ahead of your current version | 8 months ago
on 2024-01-26
css-loader
from 6.8.1 to 6.11.0 | 4 versions ahead of your current version | 6 months ago
on 2024-04-03
dashjs
from 4.7.2 to 4.7.4 | 2 versions ahead of your current version | 7 months ago
on 2024-02-20
icecast-metadata-player
from 1.17.1 to 1.17.3 | 2 versions ahead of your current version | 4 months ago
on 2024-05-13
laravel-echo
from 1.15.3 to 1.16.1 | 2 versions ahead of your current version | 5 months ago
on 2024-04-09
moment
from 2.29.4 to 2.30.1 | 2 versions ahead of your current version | 9 months ago
on 2023-12-27
patch-package
from 7.0.1 to 7.0.2 | 1 version ahead of your current version | a year ago
on 2023-07-12
sass
from 1.63.3 to 1.77.8 | 36 versions ahead of your current version | 2 months ago
on 2024-07-11
sass-loader
from 13.3.2 to 13.3.3 | 1 version ahead of your current version | 9 months ago
on 2023-12-25
socket.io-client
from 4.7.2 to 4.7.5 | 3 versions ahead of your current version | 6 months ago
on 2024-03-14
vue-router
from 4.4.2 to 4.4.3 | 1 version ahead of your current version | a month ago
on 2024-08-06
vue-tsc
from 2.0.29 to 2.1.2 | 2 versions ahead of your current version | 23 days ago
on 2024-08-29

Issues fixed by the recommended upgrade:

Issue Score Exploit Maturity
high severity Inefficient Regular Expression Complexity
SNYK-JS-MICROMATCH-6838728
375 No Known Exploit
medium severity Information Exposure
SNYK-JS-VITE-8023174
375 Proof of Concept
low severity Cross-site Scripting (XSS)
SNYK-JS-VITE-8022916
375 Proof of Concept
Release notes
Package name: @babel/core
  • 7.25.2 - 2024-07-30

    v7.25.2 (2024-07-30)

    🐛 Bug Fix

    • babel-core, babel-traverse

    Committers: 2

  • 7.24.9 - 2024-07-15

    v7.24.9 (2024-07-15)

    🐛 Bug Fix

    💅 Polish

    • babel-generator, babel-plugin-transform-optional-chaining

    🏠 Internal

    • babel-helper-module-transforms

    Committers: 5

  • 7.24.8 - 2024-07-11
  • 7.24.7 - 2024-06-05
  • 7.24.6 - 2024-05-24
  • 7.24.5 - 2024-04-29
  • 7.24.4 - 2024-04-03
  • 7.24.3 - 2024-03-20
  • 7.24.1 - 2024-03-19
  • 7.24.0 - 2024-02-28
  • 7.23.9 - 2024-01-25
  • 7.23.7 - 2023-12-29
  • 7.23.6 - 2023-12-11
  • 7.23.5 - 2023-11-29
  • 7.23.3 - 2023-11-09
  • 7.23.2 - 2023-10-12
  • 7.23.0 - 2023-09-25
  • 7.22.20 - 2023-09-16
  • 7.22.19 - 2023-09-14
  • 7.22.18 - 2023-09-14
  • 7.22.17 - 2023-09-08
  • 7.22.15 - 2023-09-04
  • 7.22.11 - 2023-08-24
  • 7.22.10 - 2023-08-07
  • 7.22.9 - 2023-07-12
  • 7.22.8 - 2023-07-06
  • 7.22.7 - 2023-07-06
  • 7.22.6 - 2023-07-04
from @babel/core GitHub release notes
Package name: vue from vue GitHub release notes
Package name: @apollo/client
  • 3.11.5 - 2024-08-28

    Patch Changes

  • 3.11.4 - 2024-08-07

    Patch Changes

    • #11994 41b17e5 Thanks @ jerelmiller! - Update the Modifier function type to allow cache.modify to return deeply partial data.

    • #11989 e609156 Thanks @ phryneas! - Fix a potential crash when calling clearStore while a query was running.

      Previously, calling client.clearStore() while a query was running had one of these results:

      • useQuery would stay in a loading: true state.
      • useLazyQuery would stay in a loading: true state, but also crash with a "Cannot read property 'data' of undefined" error.

      Now, in both cases, the hook will enter an error state with a networkError, and the promise returned by the useLazyQuery execute function will return a result in an error state.

    • #11994 41b17e5 Thanks @ jerelmiller! - Prevent accidental distribution on cache.modify field modifiers when a field is a union type array.

  • 3.11.3 - 2024-08-05

    Patch Changes

    • #11984 5db1659 Thanks @ jerelmiller! - Fix an issue where multiple fetches with results that returned errors would sometimes set the data property with an errorPolicy of none.

    • #11974 c95848e Thanks @ jerelmiller! - Fix an issue where fetchMore would write its result data to the cache when using it with a no-cache fetch policy.

    • #11974 c95848e Thanks @ jerelmiller! - Fix an issue where executing fetchMore with a no-cache fetch policy could sometimes result in multiple network requests.

    • #11974 c95848e Thanks @ jerelmiller! -

      Potentially disruptive change

      When calling fetchMore with a query that has a no-cache fetch policy, fetchMore will now throw if an updateQuery function is not provided. This provides a mechanism to merge the results from the fetchMore call with the query's previous result.

  • 3.11.2 - 2024-07-31

    Patch Changes

from @apollo/client GitHub release notes
Package name: @vue/apollo-composable
  • 4.2.1 - 2024-08-23

    🩹 Fixes

    • Improved pinia support (#1571)

    📖 Documentation

    🏡 Chore

    • Specify pnpm version in package.json (732e66e)

    ❤️ Contributors

  • 4.2.0 - 2024-08-19

    🚀 Enhancements

    • Add updateQuery to useQuery (#1552)

    🩹 Fixes

    • UseMutations onDone Event hook gets triggered too early (#1559)
    • (@ vue/apollo-option) memory leak in wrapped ssrRender (#1553)
    • Reuse previous result, fix #1483 (#1569, #1483)
    • ResolveClient throwing too soon, fix #1557 (#1570, #1557)

    📖 Documentation

    • Add github link to documentation (#1549)
    • Note about continuous releases (51e09e7)

    🏡 Chore

    • Switch some tests to script setup (c8e5106)

    🤖 CI

    ❤️ Contributors

  • 4.1.0 - 2024-08-14

    🩹 Fixes

    • Change teardown to use onScopeDispose (#1545)

    📖 Documentation

    • useQuery: Document refetch with new variables (#1564)

    🏡 Chore

    ✅ Tests

    🤖 CI

    ❤️ Contributors

  • 4.0.2 - 2024-03-08

    🩹 Fixes

    • Use shallowRef on result & error (08f0fcd)

    📖 Documentation

    • Remove mentions of fetchResults, fix #1060 (#1060)

    ❤️ Contributors

from @vue/apollo-composable GitHub release notes
Package name: @vue/compiler-sfc from @vue/compiler-sfc GitHub release notes
Package name: autoprefixer from autoprefixer GitHub release notes
Package name: axios from axios GitHub release notes
Package name: bootstrap
  • 5.3.3 - 2024-02-20

    Highlights

    • Fixed a breaking change introduced with color modes where it was required to manually import variables-dark.scss when building Bootstrap with Sass. Now, _variables.scss will automatically import _variables-dark.scss. If you were already importing _variables-dark.scss manually, you should keep doing it as it won't break anything and will be the way to go in v6.
    • Fixed a regression in the selector engine that wasn't able to handle multiple IDs anymore.

    Color modes

    • Badges now use the .text-bg-* text utilities to be certain that the text is always readable (especially when the customized colors are different in light and dark modes).
    • Fixed our color-modes.js script to handle the case where the OS is set to light mode and the auto color mode is used on the website. If you copied the script from our docs, you should apply this change to your own script.
    • Fixed color schemes description in the color modes documentation to show that color-scheme() only accept light and dark values as parameters.

    Miscellaneous

    • Allowed <dl>, <dt> and <dd> in the sanitizer.
    • Dropped evenly items distribution for modal and offcanvas headers.
    • Fixed the accordion CSS selectors to avoid inheritance issues when nesting accordions.
    • Fixed the focus box-shadow for the validation stated form controls.
    • Fixed the focus ring on focused checked buttons.
    • Fixed the product example mobile navbar toggler.
    • Changed the RTL processing of carousel control icons.

    🎨 CSS

    • #37508: Use child combinators to avoid inheriting parent accordion's flush styles
    • #38719: Fix focus box-shadow for validation stated form-controls
    • #38884: fix border-radius on radio-switch
    • #39294: Tests: update navbar in visual modal test
    • #39373: refactor css: modal and offcanvas header spacing
    • #39380: Fix Sass compilation breaking change in v5.3
    • #39387: docs: fix typo
    • #39411: Optimize the accordion icon
    • #39497: Fix a typo
    • #39536: Changed RTL processing of carousel control icons
    • #39560: Drop --bs-accordion-btn-focus-border-color and deprecate $accordion-button-focus-border-color
    • #39595: CSS: Fix the focus ring on focused checked buttons

    ☕️ JavaScript

    • #39201: Selector Engine: fix multiple IDs
    • #39224: Fix edge case in color-mode.js
    • #39376: Allow dl, dt and dd in sanitizer

    📖 Docs

    • #39200: Typo Fix
    • #39214: Doc: use .text-bg-{color} for all badges
    • #39246: Docs: fix for example code blocks have unnecessary 30px right-margin
    • #39249: Doc: consistent rendering of 'Heads up!' callouts
    • #39281: Fix getOrCreateInstance() doc example
    • #39293: Update background.md
    • #39304: Doc: add expanded accordion explanation
    • #39320: Drop .table-light from table foot example
    • #39340: Doc: add dispose() to Offcanvas methods
    • #39378: Docs: fix sentence in modal
    • #39417: Fix color schemes description in Sass customization documentation
    • #39418: Docs: change vite config path import in vite guide
    • #39435: Docs: add shift-color() usage example in sass customization page
    • #39458: Docs: enhance .card-img-* description
    • #39503: Minor image compression improvements
    • #39519: Docs: use consistent HTML elements in Utilities -> Background page
    • #39520: Docs: drop unused .theme-icon class
    • #39528: docs: clean up example.html
    • #39537: Docs: fix desc around deprecated Sass mixins for alerts and list groups
    • #39539: Update links on get-started page
    • #39592: Update vite.md
    • #39604: Fix typo in 'media-breakpoint-between' in migration docs
    • #39617: Docs: add missing comma in native font stack code source in Content -> Reboot
    • #39663: updated table to be responsive

    🛠 Examples

    • #39657: Fix product example mobile navbar toggler
    • #39585: Docs: Add missing type="button" to Cheatsheet nav buttons

    🏭 Tests

    • #39294: Tests: update navbar in visual modal test

    🧰 Misc

    • #39096: CI: stop running coveralls in forks
    • #39501: CI: switch to Node.js 20

    📦 Dependencies

  • 5.3.2 - 2023-09-14

    Highlights

    • Passing a percentage unit to the global abs() is deprecated since Dart Sass v1.65.0. It resulted in a deprecation warning when compiling Bootstrap with Dart Sass. This has been fixed internally by changing the values passed to the divide() function. The divide() function has not been fixed itself so that we can keep supporting node-sass cross-compatibility. In v6, this won't be an issue as we plan to drop support for node-sass.
    • Using multiple ids in a collapse target wasn't working anymore and has been fixed.

    Color modes

    • Increased color contrast of form range track background in light and dark modes.
    • Fixed table state rendering for color modes with a focus on the striped table in dark mode to increase color contrast.
    • Allow <mark> color customization for color modes.

    Docs


    🎨 CSS

    • #38816: Use box-shadow CSS variables shadow utilities
    • #38955: Fix radios looking like ellipse on responsive mode
    • #38976: Use box-shadow CSS vars instead of Sass vars in assets and variables
    • #39030: Fix dart-sass deprecation warning
    • #39033: Color mode: fix table state rendering
    • #39095: Make form range track background more contrasted

Snyk has created this PR to upgrade:
  - @babel/core from 7.22.6 to 7.25.2.
    See this package in npm: https://www.npmjs.com/package/@babel/core
  - vue from 3.4.35 to 3.4.38.
    See this package in npm: https://www.npmjs.com/package/vue
  - @apollo/client from 3.11.2 to 3.11.5.
    See this package in npm: https://www.npmjs.com/package/@apollo/client
  - @vue/apollo-composable from 4.0.2 to 4.2.1.
    See this package in npm: https://www.npmjs.com/package/@vue/apollo-composable
  - @vue/compiler-sfc from 3.4.35 to 3.4.38.
    See this package in npm: https://www.npmjs.com/package/@vue/compiler-sfc
  - autoprefixer from 10.4.14 to 10.4.20.
    See this package in npm: https://www.npmjs.com/package/autoprefixer
  - axios from 1.7.4 to 1.7.6.
    See this package in npm: https://www.npmjs.com/package/axios
  - bootstrap from 5.3.2 to 5.3.3.
    See this package in npm: https://www.npmjs.com/package/bootstrap
  - bootstrap-icons-vue from 1.11.1 to 1.11.3.
    See this package in npm: https://www.npmjs.com/package/bootstrap-icons-vue
  - css-loader from 6.8.1 to 6.11.0.
    See this package in npm: https://www.npmjs.com/package/css-loader
  - dashjs from 4.7.2 to 4.7.4.
    See this package in npm: https://www.npmjs.com/package/dashjs
  - icecast-metadata-player from 1.17.1 to 1.17.3.
    See this package in npm: https://www.npmjs.com/package/icecast-metadata-player
  - laravel-echo from 1.15.3 to 1.16.1.
    See this package in npm: https://www.npmjs.com/package/laravel-echo
  - moment from 2.29.4 to 2.30.1.
    See this package in npm: https://www.npmjs.com/package/moment
  - patch-package from 7.0.1 to 7.0.2.
    See this package in npm: https://www.npmjs.com/package/patch-package
  - sass from 1.63.3 to 1.77.8.
    See this package in npm: https://www.npmjs.com/package/sass
  - sass-loader from 13.3.2 to 13.3.3.
    See this package in npm: https://www.npmjs.com/package/sass-loader
  - socket.io-client from 4.7.2 to 4.7.5.
    See this package in npm: https://www.npmjs.com/package/socket.io-client
  - vue-router from 4.4.2 to 4.4.3.
    See this package in npm: https://www.npmjs.com/package/vue-router
  - vue-tsc from 2.0.29 to 2.1.2.
    See this package in npm: https://www.npmjs.com/package/vue-tsc

See this project in Snyk:
https://app.snyk.io/org/shoutz0r-shared/project/71a76727-a61b-4cc8-aecd-bfff7773f421?utm_source=github&utm_medium=referral&page=upgrade-pr
Copy link

@xorinzor xorinzor merged commit ff389b4 into main Sep 21, 2024
6 of 8 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
2 participants