Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Snyk] Upgrade vue from 2.5.16 to 2.6.11 #2

Merged
merged 2 commits into from
Mar 13, 2020

Conversation

snyk-bot
Copy link

Snyk has created this PR to upgrade vue from 2.5.16 to 2.6.11.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
  • The recommended version is 23 versions ahead of your current version.
  • The recommended version was released a month ago, on 2019-12-13.

The recommended version fixes:

Severity Issue Exploit Maturity
Cross-site Scripting (XSS)
npm:vue:20180802
No Known Exploit
Release notes
Package name: vue
  • 2.6.11 - 2019-12-13

    Security Fixes

    • Bump vue-server-renderer's dependency of serialize-javascript to 2.1.2

    Bug Fixes

  • 2.6.10 - 2019-03-20

    Bug Fixes

  • 2.6.9 - 2019-03-14

    Bug Fixes

  • 2.6.8 - 2019-03-01

    Bug Fixes

  • 2.6.7 - 2019-02-21

    Bug Fixes

  • 2.6.6 - 2019-02-12

    Bug Fixes

    • ensure scoped slot containing passed down slot content updates properly 21fca2f
    • fix keyCode check for Chrome autofill fake key events 29c348f, closes #9441
  • 2.6.5 - 2019-02-11

    Bug Fixes

    • allow passing multiple arguments to scoped slot e7d49cd, closes #9468
    • bail out of event blocking for iOS bug 0bad7e2, closes #9462
    • do not cache scoped slots when mixed with normal slots 060686d
  • 2.6.4 - 2019-02-08

    Performance Improvements

    • cache result from functional ctx.slots() calls 7a0dfd0
    • skip scoped slots normalization when possible 099f3ba

    Bug Fixes

    • avoid breaking avoriaz edge case 9011b83
    • avoid logging same error twice when thrown by user in global handler ca57920, closes #9445
    • empty scoped slot should return undefined 57bc80a, closes #9452
    • expose v-slot slots without scope on this.$slots 0e8560d, closes #9421 #9458
    • new syntax slots without scope should also be exposed on functional slots() 8a80086
  • 2.6.3 - 2019-02-06

    Bug Fixes

    • async component should use render owner as force update context b9de23b, closes #9432
    • avoid exposing internal flags on $scopedSlots 24b4640, closes #9443
    • bail out scoped slot optimization when there are nested scopes 4d4d22a, closes #9438
    • compiler: fix v-bind dynamic arguments on slot outlets 96a09aa, closes #9444
    • types: add Vue.version to types (#9431) 54e6a12, closes #9431
    • skip microtask fix if event is fired from different document dae7e41, closes #9448
    • skip microtask fix in Firefix <= 53 7bc88f3, closes #9446

    Reverts

    • revert: expose all scoped slots on this.$slots d5ade28
  • 2.6.2 - 2019-02-05

    Improvements

    • Reverted in 2.6.3 expose all scoped slots on this.$slots. 0129b0e, closes #9421

    Bug Fixes

    • always set transformed model value on attrs b034abf (Fixes v-select issue in Vuetify)
    • restore slot-scope + v-if behavior 44a4ca3, closes #9422
  • 2.6.1 - 2019-02-04
  • 2.6.0 - 2019-02-04
  • 2.6.0-beta.3 - 2019-01-30
  • 2.6.0-beta.2 - 2019-01-26
  • 2.6.0-beta.1 - 2019-01-16
  • 2.5.22 - 2019-01-11
  • 2.5.21 - 2018-12-11
  • 2.5.20 - 2018-12-10
  • 2.5.19 - 2018-12-09
  • 2.5.18 - 2018-12-07
  • 2.5.18-beta.0 - 2018-12-02
  • 2.5.17 - 2018-08-01
  • 2.5.17-beta.0 - 2018-03-23
  • 2.5.16 - 2018-03-13
from vue GitHub release notes
Commit messages
Package name: vue
  • ec78fc8 build: release 2.6.11
  • a98048f build: build 2.6.11
  • fc41f91 chore: update yarn.lock
  • 70429c3 build(deps-dev): bump serialize-javascript from 1.3.0 to 2.1.2 (#10914)
  • 9fbd416 chore: update sponsors [ci skip] (#10896)
  • a974022 chore: update backers [ci skip] (#10895)
  • 6b4c0f9 chore: typo in comment
  • fd0eaf9 chore: update sponsors [ci skip] (#10841)
  • 2c6a827 chore: update sponsors [ci skip] (#10821)
  • f796ab4 chore: update sponsors [ci skip] (#10800)
  • 276c082 chore: update backers [ci skip] (#10799)
  • 4821149 fix(types): fix prop constructor type inference (#10779)
  • 9f5563c chore: update sponsors [ci skip]
  • b805a19 build(deps-dev): bump lodash.template from 4.4.0 to 4.5.0 (#10636)
  • bd47e5b build(deps-dev): bump lodash from 4.17.11 to 4.17.13 (#10635)
  • fd42082 build(deps): bump ecstatic from 3.3.0 to 3.3.2 (#10634)
  • fa55a20 build(deps): bump handlebars from 4.0.12 to 4.4.3 (#10633)
  • d1164f1 chore: Fastcoding Inc broken icon [ci skip] (#10638)
  • 3c90820 build(deps): bump js-yaml from 3.12.1 to 3.13.1 (#10632)
  • 3bc7322 build(deps): bump mixin-deep from 1.3.1 to 1.3.2 (#10631)
  • 0645fe6 build(deps): bump eslint-utils from 1.3.1 to 1.4.2 (#10630)
  • b885e1e chore: update sponsors [ci skip] (#10750)
  • d7d8ff0 chore: fix typo in `next-tick.js` comment (#10607)
  • e8ca21f chore: fix sponsor link

Compare


Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

@anyulled anyulled merged commit c49c7ad into master Mar 13, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment