Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Snyk] Upgrade: vue, , , cross-fetch, graphql, quasar, vue-router #388

Open
wants to merge 1 commit into
base: main
Choose a base branch
from

Conversation

WontonSam
Copy link
Owner

snyk-top-banner

Snyk has created this PR to upgrade multiple dependencies.

👯‍♂ The following dependencies are linked and will therefore be updated together.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

Name Versions Released on

vue
from 3.2.47 to 3.4.38 | 82 versions ahead of your current version | a month ago
on 2024-08-15
@apollo/client
from 3.7.7 to 3.11.4 | 90 versions ahead of your current version | a month ago
on 2024-08-07
@quasar/extras
from 1.15.11 to 1.16.12 | 13 versions ahead of your current version | 2 months ago
on 2024-07-07
cross-fetch
from 3.1.5 to 3.1.8 | 4 versions ahead of your current version | a year ago
on 2023-07-02
graphql
from 16.6.0 to 16.9.0 | 8 versions ahead of your current version | 3 months ago
on 2024-06-21
quasar
from 2.11.5 to 2.16.9 | 38 versions ahead of your current version | a month ago
on 2024-08-15
vue-router
from 4.1.6 to 4.4.3 | 20 versions ahead of your current version | a month ago
on 2024-08-06

Issues fixed by the recommended upgrade:

Issue Score Exploit Maturity
medium severity Denial of Service (DoS)
SNYK-JS-GRAPHQL-5905181
586 Proof of Concept
Release notes
Package name: vue
  • 3.4.38 - 2024-08-15

    For stable releases, please refer to CHANGELOG.md for details.
    For pre-releases, please refer to CHANGELOG.md of the minor branch.

  • 3.4.37 - 2024-08-08

    For stable releases, please refer to CHANGELOG.md for details.
    For pre-releases, please refer to CHANGELOG.md of the minor branch.

  • 3.4.36 - 2024-08-06

    For stable releases, please refer to CHANGELOG.md for details.
    For pre-releases, please refer to CHANGELOG.md of the minor branch.

  • 3.4.35 - 2024-07-31

    For stable releases, please refer to CHANGELOG.md for details.
    For pre-releases, please refer to CHANGELOG.md of the minor branch.

  • 3.4.34 - 2024-07-24

    For stable releases, please refer to CHANGELOG.md for details.
    For pre-releases, please refer to CHANGELOG.md of the minor branch.

  • 3.4.33 - 2024-07-19
  • 3.4.32 - 2024-07-17
  • 3.4.31 - 2024-06-28
  • 3.4.30 - 2024-06-22
  • 3.4.29 - 2024-06-14
  • 3.4.28 - 2024-06-14
  • 3.4.27 - 2024-05-07
  • 3.4.26 - 2024-04-29
  • 3.4.25 - 2024-04-24
  • 3.4.24 - 2024-04-22
  • 3.4.23 - 2024-04-16
  • 3.4.22 - 2024-04-15
  • 3.4.21 - 2024-02-28
  • 3.4.20 - 2024-02-26
  • 3.4.19 - 2024-02-13
  • 3.4.18 - 2024-02-09
  • 3.4.17 - 2024-02-09
  • 3.4.16 - 2024-02-08
  • 3.4.15 - 2024-01-18
  • 3.4.14 - 2024-01-15
  • 3.4.13 - 2024-01-13
  • 3.4.12 - 2024-01-13
  • 3.4.11 - 2024-01-12
  • 3.4.10 - 2024-01-11
  • 3.4.9 - 2024-01-11
  • 3.4.8 - 2024-01-10
  • 3.4.7 - 2024-01-09
  • 3.4.6 - 2024-01-08
  • 3.4.5 - 2024-01-04
  • 3.4.4 - 2024-01-03
  • 3.4.3 - 2023-12-30
  • 3.4.2 - 2023-12-30
  • 3.4.1 - 2023-12-30
  • 3.4.0 - 2023-12-29
  • 3.4.0-rc.3 - 2023-12-27
  • 3.4.0-rc.2 - 2023-12-26
  • 3.4.0-rc.1 - 2023-12-25
  • 3.4.0-beta.4 - 2023-12-19
  • 3.4.0-beta.3 - 2023-12-16
  • 3.4.0-beta.2 - 2023-12-14
  • 3.4.0-beta.1 - 2023-12-13
  • 3.4.0-alpha.4 - 2023-12-04
  • 3.4.0-alpha.3 - 2023-11-28
  • 3.4.0-alpha.2 - 2023-11-27
  • 3.4.0-alpha.1 - 2023-10-28
  • 3.3.13 - 2023-12-19
  • 3.3.12 - 2023-12-16
  • 3.3.11 - 2023-12-08
  • 3.3.10 - 2023-12-04
  • 3.3.9 - 2023-11-25
  • 3.3.8 - 2023-11-06
  • 3.3.7 - 2023-10-24
  • 3.3.6 - 2023-10-20
  • 3.3.5 - 2023-10-20
  • 3.3.4 - 2023-05-18
  • 3.3.3 - 2023-05-18
  • 3.3.2 - 2023-05-12
  • 3.3.1 - 2023-05-11
  • 3.3.0 - 2023-05-11
  • 3.3.0-beta.5 - 2023-05-08
  • 3.3.0-beta.4 - 2023-05-05
  • 3.3.0-beta.3 - 2023-05-01
  • 3.3.0-beta.2 - 2023-04-25
  • 3.3.0-beta.1 - 2023-04-21
  • 3.3.0-alpha.13 - 2023-04-20
  • 3.3.0-alpha.12 - 2023-04-18
  • 3.3.0-alpha.11 - 2023-04-17
  • 3.3.0-alpha.10 - 2023-04-17
  • 3.3.0-alpha.9 - 2023-04-08
  • 3.3.0-alpha.8 - 2023-04-04
  • 3.3.0-alpha.7 - 2023-04-03
  • 3.3.0-alpha.6 - 2023-03-30
  • 3.3.0-alpha.5 - 2023-03-26
  • 3.3.0-alpha.4 - 2023-02-06
  • 3.3.0-alpha.3 - 2023-02-06
  • 3.3.0-alpha.2 - 2023-02-05
  • 3.3.0-alpha.1 - 2023-02-05
  • 3.2.47 - 2023-02-02
from vue GitHub release notes
Package name: @apollo/client
  • 3.11.4 - 2024-08-07

    Patch Changes

    • #11994 41b17e5 Thanks @ jerelmiller! - Update the Modifier function type to allow cache.modify to return deeply partial data.

    • #11989 e609156 Thanks @ phryneas! - Fix a potential crash when calling clearStore while a query was running.

      Previously, calling client.clearStore() while a query was running had one of these results:

      • useQuery would stay in a loading: true state.
      • useLazyQuery would stay in a loading: true state, but also crash with a "Cannot read property 'data' of undefined" error.

      Now, in both cases, the hook will enter an error state with a networkError, and the promise returned by the useLazyQuery execute function will return a result in an error state.

    • #11994 41b17e5 Thanks @ jerelmiller! - Prevent accidental distribution on cache.modify field modifiers when a field is a union type array.

  • 3.11.3 - 2024-08-05

    Patch Changes

    • #11984 5db1659 Thanks @ jerelmiller! - Fix an issue where multiple fetches with results that returned errors would sometimes set the data property with an errorPolicy of none.

    • #11974 c95848e Thanks @ jerelmiller! - Fix an issue where fetchMore would write its result data to the cache when using it with a no-cache fetch policy.

    • #11974 c95848e Thanks @ jerelmiller! - Fix an issue where executing fetchMore with a no-cache fetch policy could sometimes result in multiple network requests.

    • #11974 c95848e Thanks @ jerelmiller! -

      Potentially disruptive change

      When calling fetchMore with a query that has a no-cache fetch policy, fetchMore will now throw if an updateQuery function is not provided. This provides a mechanism to merge the results from the fetchMore call with the query's previous result.

  • 3.11.2 - 2024-07-31

    Patch Changes

  • 3.11.1 - 2024-07-23

    Patch Changes

    • #11969 061cab6 Thanks @ jerelmiller! - Remove check for window.__APOLLO_CLIENT__ when determining whether to connect to Apollo Client Devtools when connectToDevtools or devtools.enabled is not specified. This now simply checks to see if the application is in development mode.

    • #11971 ecf77f6 Thanks @ jerelmiller! - Prevent the setTimeout for suggesting devtools from running in non-browser environments.

  • 3.11.0 - 2024-07-22

    Potentially Breaking Fixes

    • #11789 5793301 Thanks @ phryneas! - Changes usages of the GraphQLError type to GraphQLFormattedError.

      This was a type bug - these errors were never GraphQLError instances
      to begin with, and the GraphQLError class has additional properties that can
      never be correctly rehydrated from a GraphQL result.
      The correct type to use here is GraphQLFormattedError.

      Similarly, please ensure to use the type FormattedExecutionResult
      instead of ExecutionResult - the non-"Formatted" versions of these types
      are for use on the server only, but don't get transported over the network.

    • #11626 228429a Thanks @ phryneas! - Call nextFetchPolicy with "variables-changed" even if there is a fetchPolicy specified.

      Previously this would only be called when the current fetchPolicy was equal to the fetchPolicy option or the option was not specified. If you use nextFetchPolicy as a function, expect to see this function called more often.

      Due to this bug, this also meant that the fetchPolicy might be reset to the initial fetchPolicy, even when you specified a nextFetchPolicy function. If you previously relied on this behavior, you will need to update your nextFetchPolicy callback function to implement this resetting behavior.

      As an example, if your code looked like the following:

      useQuery(QUERY, {
        nextFetchPolicy(currentFetchPolicy, info) {
          // your logic here
        }
      );

      Update your function to the following to reimplement the resetting behavior:

      useQuery(QUERY, {
        nextFetchPolicy(currentFetchPolicy, info) {
          if (info.reason === 'variables-changed') {
            return info.initialFetchPolicy;
          }
          // your logic here
        }
      );

    Minor Changes

    • #11923 d88c7f8 Thanks @ jerelmiller! - Add support for subscribeToMore function to useQueryRefHandlers.

    • #11854 3812800 Thanks @ jcostello-atlassian! - Support extensions in useSubscription

    • #11923 d88c7f8 Thanks @ jerelmiller! - Add support for subscribeToMore function to useLoadableQuery.

    • #11863 98e44f7 Thanks @ phryneas! - Reimplement useSubscription to fix rules of React violations.

    • #11869 a69327c Thanks @ phryneas! - Rewrite big parts of useQuery and useLazyQuery to be more compliant with the Rules of React and React Compiler

    • #11936 1b23337 Thanks @ jerelmiller! - Add the ability to specify a name for the client instance for use with Apollo Client Devtools. This is useful when instantiating multiple clients to identify the client instance more easily. This deprecates the connectToDevtools option in favor of a new devtools configuration.

      new ApolloClient({
        devtools: {
          enabled: true,
          name: "Test Client",
        },
      });

      This option is backwards-compatible with connectToDevtools and will be used in the absense of a devtools option.

    • #11923 d88c7f8 Thanks @ jerelmiller! - Add support for subscribeToMore function to useBackgroundQuery.

    • #11930 a768575 Thanks @ jerelmiller! - Deprecates experimental schema testing utilities introduced in 3.10 in favor of recommending @ apollo/graphql-testing-library.

    Patch Changes

  • 3.11.0-rc.2 - 2024-07-15

    Patch Changes

    • #11951 0de03af Thanks @ phryneas! - add React 19 RC to peerDependencies

    • #11937 78332be Thanks @ phryneas! - createSchemaFetch: simulate serialized errors instead of an ApolloError instance

    • #11944 8f3d7eb Thanks @ sneyderdev! - Allow IgnoreModifier to be returned from a optimisticResponse function when inferring from a TypedDocumentNode when used with a generic argument.

    • #11954 4a6e86a Thanks @ phryneas! - Document (and deprecate) the previously undocumented errors property on the useQuery QueryResult type.

  • 3.11.0-rc.1 - 2024-07-10

    Patch Changes

  • 3.11.0-rc.0 - 2024-07-09

    Minor Changes

    • #11923 d88c7f8 Thanks @ jerelmiller! - Add support for subscribeToMore function to useQueryRefHandlers.

    • #11854 3812800 Thanks @ jcostello-atlassian! - Support extensions in useSubscription

    • #11923 d88c7f8 Thanks @ jerelmiller! - Add support for subscribeToMore function to useLoadableQuery.

    • #11863 98e44f7 Thanks @ phryneas! - Reimplement useSubscription to fix rules of React violations.

    • #11869 a69327c Thanks @ phryneas! - Rewrite big parts of useQuery and useLazyQuery to be more compliant with the Rules of React and React Compiler

    • #11936 1b23337 Thanks @ jerelmiller! - Add the ability to specify a name for the client instance for use with Apollo Client Devtools. This is useful when instantiating multiple clients to identify the client instance more easily. This deprecates the connectToDevtools option in favor of a new devtools configuration.

      new ApolloClient({
        devtools: {
          enabled: true,
          name: "Test Client",
        },
      });

      This option is backwards-compatible with connectToDevtools and will be used in the absense of a devtools option.

    • #11923 d88c7f8 Thanks @ jerelmiller! - Add support for subscribeToMore function to useBackgroundQuery.

    • #11789 5793301 Thanks @ phryneas! - Changes usages of the GraphQLError type to GraphQLFormattedError.

      This was a type bug - these errors were never GraphQLError instances
      to begin with, and the GraphQLError class has additional properties that can
      never be correctly rehydrated from a GraphQL result.
      The correct type to use here is GraphQLFormattedError.

      Similarly, please ensure to use the type FormattedExecutionResult
      instead of ExecutionResult - the non-"Formatted" versions of these types
      are for use on the server only, but don't get transported over the network.

    • #11930 a768575 Thanks @ jerelmiller! - Deprecates experimental schema testing utilities introduced in 3.10 in favor of recommending @ apollo/graphql-testing-library.

    Patch Changes

  • 3.10.8 - 2024-06-27

    Patch Changes

    • #11911 1f0460a Thanks @ jerelmiller! - Allow undefined to be returned from a cache.modify modifier function when a generic type argument is used.
  • 3.10.7 - 2024-06-26

    Patch Changes

  • 3.10.6 - 2024-06-21
  • 3.10.5 - 2024-06-12
  • 3.10.4 - 2024-05-15
  • 3.10.3 - 2024-05-07
  • 3.10.2 - 2024-05-03
  • 3.10.1 - 2024-04-24
  • 3.10.0 - 2024-04-24
  • 3.10.0-rc.1 - 2024-04-15
  • 3.10.0-rc.0 - 2024-04-02
  • 3.10.0-alpha.1 - 2024-03-18
  • 3.9.11 - 2024-04-10
  • 3.9.10 - 2024-04-01
  • 3.9.9 - 2024-03-22
  • 3.9.8 - 2024-03-20
  • 3.9.7 - 2024-03-13
  • 3.9.6 - 2024-03-06
  • 3.9.5 - 2024-02-15
  • 3.9.4 - 2024-02-07
  • 3.9.3 - 2024-02-06
  • 3.9.2 - 2024-02-01
  • 3.9.1 - 2024-01-31
  • 3.9.0 - 2024-01-30
  • 3.9.0-rc.1 - 2024-01-18
  • 3.9.0-rc.0 - 2024-01-17
  • 3.9.0-beta.1 - 2023-12-21
  • 3.9.0-beta.0 - 2023-12-18
  • 3.9.0-alpha.5 - 2023-12-05
  • 3.9.0-alpha.4 - 2023-11-08
  • 3.9.0-alpha.3 - 2023-11-02
  • 3.9.0-alpha.2 - 2023-10-11
  • 3.9.0-alpha.1 - 2023-09-21
  • 3.9.0-alpha.0 - 2023-09-19
  • 3.8.10 - 2024-01-18
  • 3.8.9 - 2024-01-09
  • 3.8.8 - 2023-11-29
  • 3.8.7 - 2023-11-02
  • 3.8.6 - 2023-10-16
  • 3.8.5 - 2023-10-05
  • 3.8.4 - 2023-09-19
  • 3.8.3 - 2023-09-05
  • 3.8.2 - 2023-09-01
  • 3.8.1 - 2023-08-10
  • 3.8.0 - 2023-08-07
  • 3.8.0-rc.2 - 2023-08-01
  • 3.8.0-rc.1 - 2023-07-17
  • 3.8.0-rc.0 - 2023-07-13
  • 3.8.0-beta.7 - 2023-07-10
  • 3.8.0-beta.6 - 2023-07-05
  • 3.8.0-beta.5 - 2023-06-28
  • 3.8.0-beta.4 - 2023-06-20
  • 3.8.0-beta.3 - 2023-06-15
  • 3.8.0-beta.2 - 2023-06-07
  • 3.8.0-beta.1 - 2023-05-31
  • 3.8.0-beta.0 - 2023-05-26
  • 3.8.0-alpha.15 - 2023-05-17
  • 3.8.0-alpha.14 - 2023-05-16
  • 3.8.0-alpha.13 - 2023-05-03
  • 3.8.0-alpha.12 - 2023-04-13
  • 3.8.0-alpha.11 - 2023-03-28
  • 3.8.0-alpha.10 - 2023-03-17
  • 3.8.0-alpha.9 - 2023-03-15
  • 3.8.0-alpha.8 - 2023-03-02
  • 3.8.0-alpha.7 - 2023-02-15
  • 3.8.0-alpha.6 - 2023-02-07
  • 3.8.0-alpha.5 - 2023-01-19
  • 3.8.0-alpha.4 - 2023-01-13
  • 3.8.0-alpha.3 - 2023-01-03
  • 3.8.0-alpha.2 - 2022-12-21
  • 3.8.0-alpha.1 - 2022-12-21
  • 3.8.0-alpha.0 - 2022-12-09
  • 3.7.17 - 2023-07-05
  • 3.7.16 - 2023-06-20
  • 3.7.15 - 2023-05-26
  • 3.7.14 - 2023-05-03
  • 3.7.13 - 2023-04-27
  • 3.7.12 - 2023-04-12
  • 3.7.11 - 2023-03-31
  • 3.7.10 - 2023-03-02
  • 3.7.9 - 2023-02-17
  • 3.7.8 - 2023-02-15
  • 3.7.7 - 2023-02-03
from @apollo/client GitHub release notes
Package name: @quasar/extras
  • 1.16.12 - 2024-07-07
  • 1.16.11 - 2024-03-29
  • 1.16.10 - 2024-03-28
  • 1.16.9 - 2023-11-29
  • 1.16.8 - 2023-11-09
  • 1.16.7 - 2023-09-27
  • 1.16.6 - 2023-08-28
  • 1.16.5 - 2023-07-10
  • 1.16.4 - 2023-05-17
  • 1.16.3 - 2023-04-26
  • 1.16.2 - 2023-04-02
  • 1.16.1 - 2023-03-27
  • 1.16.0 - 2023-03-25
  • 1.15.11 - 2023-02-12
from @quasar/extras GitHub release notes
Package name: cross-fetch
  • 3.1.8 - 2023-07-02

    What's Changed

    • Restored caret range to node-fetch version for automatic feature and fix updates.

    Full Changelog: v3.1.7...v3.1.8

  • 3.1.7 - 2023-07-01

    What's Changed

    • Updated node-fetch version to 2.6.12

    Full Changelog: v3.1.6...v3.1.7

  • 3.1.7-test.0 - 2023-06-11
  • 3.1.6 - 2023-05-14
  • 3.1.5 - 2022-01-20
from cross-fetch GitHub release notes
Package name: graphql from graphql GitHub release notes
Package name: quasar
  • 2.16.9 - 2024-08-15

    New

    • feat(ui): date utils -> add format support for: Mo, do, DDDo, wo
    • feat(ui/lang): Create bs-BA language pack (#17433)

    Fixes

    • fix(ui): apply styles to only aria-disabled="true" (#17436)
    • fix(QIcon): rounded floating q-badge not "round" when working with q-icon #17342
    • fix(ui): invalid icons for the Quasar IconSets on Material Symbols (webfont + svg)

    Donations

    Quasar Framework is an open-source MIT-licensed project made possible due to the generous contributions by sponsors and backers. If you are interested in supporting this project, please consider the following:

  • 2.16.8 - 2024-08-07
  • 2.16.7 - 2024-08-05
  • 2.16.6 - 2024-07-10
  • 2.16.5 - 2024-07-03
  • 2.16.4 - 2024-05-14
  • 2.16.3 - 2024-05-13
  • 2.16.2 - 2024-05-08
  • 2.16.1 - 2024-05-07
  • 2.16.0 - 2024-05-06
  • 2.15.4 - 2024-04-23
  • 2.15.3 - 2024-04-18
  • 2.15.2 - 2024-03-29
  • 2.15.1 - 2024-03-14
  • 2.15.0 - 2024-03-12
  • 2.14.7 - 2024-03-08
  • 2.14.6 - 2024-02-29
  • 2.14.5 - 2024-02-20
  • 2.14.4 - 2024-02-15
  • 2.14.3 - ...

Snyk has created this PR to upgrade:
  - vue from 3.2.47 to 3.4.38.
    See this package in npm: https://www.npmjs.com/package/vue
  - @apollo/client from 3.7.7 to 3.11.4.
    See this package in npm: https://www.npmjs.com/package/@apollo/client
  - @quasar/extras from 1.15.11 to 1.16.12.
    See this package in npm: https://www.npmjs.com/package/@quasar/extras
  - cross-fetch from 3.1.5 to 3.1.8.
    See this package in npm: https://www.npmjs.com/package/cross-fetch
  - graphql from 16.6.0 to 16.9.0.
    See this package in npm: https://www.npmjs.com/package/graphql
  - quasar from 2.11.5 to 2.16.9.
    See this package in npm: https://www.npmjs.com/package/quasar
  - vue-router from 4.1.6 to 4.4.3.
    See this package in npm: https://www.npmjs.com/package/vue-router

See this project in Snyk:
https://app.snyk.io/org/googlecloud-fD9E4u83kGB6j2zHM2NDFc/project/12f6157b-41a9-46f1-824a-fd6a2d1a7e0c?utm_source=github&utm_medium=referral&page=upgrade-pr
Copy link

google-cla bot commented Sep 17, 2024

Thanks for your pull request! It looks like this may be your first contribution to a Google open source project. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA).

View this failed invocation of the CLA check for more information.

For the most up to date status, view the checks section at the bottom of the pull request.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

nextFetchPolicy function is not called sometimes
2 participants