[Snyk] Upgrade: vue, , axios, core-js, moment, qs, vue-router, vue-sweetalert2, vuetify, vuex #2
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Snyk has created this PR to upgrade:
- vue from 3.4.18 to 3.4.38.
See this package in npm: https://www.npmjs.com/package/vue
- @mdi/font from 7.0.96 to 7.4.47.
See this package in npm: https://www.npmjs.com/package/@mdi/font
- axios from 1.6.7 to 1.7.5.
See this package in npm: https://www.npmjs.com/package/axios
- core-js from 3.30.1 to 3.38.1.
See this package in npm: https://www.npmjs.com/package/core-js
- moment from 2.29.4 to 2.30.1.
See this package in npm: https://www.npmjs.com/package/moment
- qs from 6.11.1 to 6.13.0.
See this package in npm: https://www.npmjs.com/package/qs
- vue-router from 4.1.6 to 4.4.3.
See this package in npm: https://www.npmjs.com/package/vue-router
- vue-sweetalert2 from 5.0.5 to 5.0.11.
See this package in npm: https://www.npmjs.com/package/vue-sweetalert2
- vuetify from 3.5.3 to 3.7.1.
See this package in npm: https://www.npmjs.com/package/vuetify
- vuex from 4.0.2 to 4.1.0.
See this package in npm: https://www.npmjs.com/package/vuex
See this project in Snyk:
https://app.snyk.io/org/jonathan.estefani/project/647bf5b6-c43c-4af6-ab01-ed8cfb06f700?utm_source=github&utm_medium=referral&page=upgrade-pr
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Snyk has created this PR to upgrade multiple dependencies.
👯♂ The following dependencies are linked and will therefore be updated together.ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
vue
from 3.4.18 to 3.4.38 | 20 versions ahead of your current version | a month ago
on 2024-08-15
@mdi/font
from 7.0.96 to 7.4.47 | 4 versions ahead of your current version | 9 months ago
on 2023-12-27
axios
from 1.6.7 to 1.7.5 | 10 versions ahead of your current version | a month ago
on 2024-08-23
core-js
from 3.30.1 to 3.38.1 | 19 versions ahead of your current version | a month ago
on 2024-08-20
moment
from 2.29.4 to 2.30.1 | 2 versions ahead of your current version | 9 months ago
on 2023-12-27
qs
from 6.11.1 to 6.13.0 | 6 versions ahead of your current version | 2 months ago
on 2024-08-01
vue-router
from 4.1.6 to 4.4.3 | 20 versions ahead of your current version | a month ago
on 2024-08-06
vue-sweetalert2
from 5.0.5 to 5.0.11 | 4 versions ahead of your current version | 3 months ago
on 2024-06-04
vuetify
from 3.5.3 to 3.7.1 | 39 versions ahead of your current version | 22 days ago
on 2024-08-27
vuex
from 4.0.2 to 4.1.0 | 1 version ahead of your current version | 2 years ago
on 2022-10-14
Issues fixed by the recommended upgrade:
SNYK-JS-AXIOS-7361793
SNYK-JS-FOLLOWREDIRECTS-6444610
SNYK-JS-SWEETALERT2-2774674
Release notes
Package name: vue
-
3.4.38 - 2024-08-15
-
3.4.37 - 2024-08-08
-
3.4.36 - 2024-08-06
-
3.4.35 - 2024-07-31
-
3.4.34 - 2024-07-24
-
3.4.33 - 2024-07-19
-
3.4.32 - 2024-07-17
-
3.4.31 - 2024-06-28
-
3.4.30 - 2024-06-22
-
3.4.29 - 2024-06-14
-
3.4.28 - 2024-06-14
-
3.4.27 - 2024-05-07
-
3.4.26 - 2024-04-29
-
3.4.25 - 2024-04-24
-
3.4.24 - 2024-04-22
-
3.4.23 - 2024-04-16
-
3.4.22 - 2024-04-15
-
3.4.21 - 2024-02-28
-
3.4.20 - 2024-02-26
-
3.4.19 - 2024-02-13
-
3.4.18 - 2024-02-09
from vue GitHub release notesFor stable releases, please refer to CHANGELOG.md for details.
For pre-releases, please refer to CHANGELOG.md of the
minorbranch.For stable releases, please refer to CHANGELOG.md for details.
For pre-releases, please refer to CHANGELOG.md of the
minorbranch.For stable releases, please refer to CHANGELOG.md for details.
For pre-releases, please refer to CHANGELOG.md of the
minorbranch.For stable releases, please refer to CHANGELOG.md for details.
For pre-releases, please refer to CHANGELOG.md of the
minorbranch.For stable releases, please refer to CHANGELOG.md for details.
For pre-releases, please refer to CHANGELOG.md of the
minorbranch.Package name: @mdi/font
-
7.4.47 - 2023-12-27
-
7.3.67 - 2023-10-07
-
7.2.96 - 2023-03-19
-
7.1.96 - 2022-12-11
-
7.0.96 - 2022-07-20
from @mdi/font GitHub release notesv7.4.47
v7.3.67
v7.2.96
v7.1.96
v7.0.96
Package name: axios
-
1.7.5 - 2024-08-23
- adapter: fix undefined reference to hasBrowserEnv (#6572) (7004707)
- core: add the missed implementation of AxiosError#status property; (#6573) (6700a8a)
- core: fix
- fetch: fix credentials handling in Cloudflare workers (#6533) (550d885)
Dmitriy Mozgovoy
Antonin Bas
Hans Otto Wirtz
-
1.7.4 - 2024-08-13
- sec: CVE-2024-39338 (#6539) (#6543) (6b6b605)
- sec: disregard protocol-relative URL to remediate SSRF (#6539) (07a661a)
Lev Pachmanov
Đỗ Trọng Hải
-
1.7.3 - 2024-08-01
- adapter: fix progress event emitting; (#6518) (e3c76fc)
- fetch: fix withCredentials request config (#6505) (85d4d0e)
- xhr: return original config on errors from XHR adapter (#6515) (8966ee7)
Dmitriy Mozgovoy
Valerii Sidorenko
prianYu
-
1.7.2 - 2024-05-21
- fetch: enhance fetch API detection; (#6413) (4f79aef)
Dmitriy Mozgovoy
-
1.7.1 - 2024-05-20
- fetch: fixed ReferenceError issue when TextEncoder is not available in the environment; (#6410) (733f15f)
Dmitriy Mozgovoy
-
1.7.0 - 2024-05-19
- adapter: add fetch adapter; (#6371) (a3ff99b)
- core/axios: handle un-writable error stack (#6362) (81e0455)
Dmitriy Mozgovoy
Jay
Alexandre ABRIOUX
-
1.7.0-beta.2 - 2024-05-19
- fetch: capitalize HTTP method names; (#6395) (ad3174a)
- fetch: fix & optimize progress capturing for cases when the request data has a nullish value or zero data length (#6400) (95a3e8e)
- fetch: fix headers getting from a stream response; (#6401) (870e0a7)
Dmitriy Mozgovoy
-
1.7.0-beta.1 - 2024-05-07
- core/axios: handle un-writable error stack (#6362) (81e0455)
- fetch: fix cases when ReadableStream or Response.body are not available; (#6377) (d1d359d)
- fetch: treat fetch-related TypeError as an AxiosError.ERR_NETWORK error; (#6380) (bb5f9a5)
Alexandre ABRIOUX
Dmitriy Mozgovoy
-
1.7.0-beta.0 - 2024-04-28
- adapter: add fetch adapter; (#6371) (a3ff99b)
Dmitriy Mozgovoy
Jay
-
1.6.8 - 2024-03-15
-
1.6.7 - 2024-01-25
from axios GitHub release notesRelease notes:
Bug Fixes
ReferenceError: navigator is not definedfor custom environments; (#6567) (fed1a4b)Contributors to this release
Release notes:
Bug Fixes
Contributors to this release
Release notes:
Bug Fixes
Contributors to this release
Release notes:
Bug Fixes
Contributors to this release
Release notes:
Bug Fixes
Contributors to this release
Release notes:
Features
Bug Fixes
Contributors to this release
Release notes:
Bug Fixes
Contributors to this release
Release notes:
Bug Fixes
Contributors to this release
Install
Release notes:
Features
Contributors to this release
Install
Package name: core-js
-
3.38.1 - 2024-08-20
- Changes v3.38.0...v3.38.1
- Fixed some cases of
- Some stylistic changes and minor optimizations
- Compat data improvements:
- Added Hermes 0.13 compat data, similar to React Native 0.75 Hermes
- Added Opera Android 84 compat data mapping
-
3.38.0 - 2024-08-04
- Changes v3.37.1...v3.38.0
- Built-ins:
- Moved to stage 3, June 2024 and July 2024 TC39 meetings
- Updated the way of escaping, regex-escaping/77
- Throw an error on non-strings, regex-escaping/58
- Added
- Built-ins:
- Moved to stage 3, June 2024 TC39 meeting
- Added
- Built-ins:
- Added
- Added
- Added
- Added throwing a
- Unconditional forced replacement changed to feature detection
- Fixed
- Improved some cases of environment detection
- Uses
- Uses
- Some minor optimizations
- Updated
- Compat data improvements:
- Added Safari 18.0 compat data:
- Fixed
- Fixed throwing a
- Fixed
- Fixed
- Added
- Added Deno 1.44 and 1.45 compat data mapping
- Added Electron 32 and 33 compat data mapping
- Added Opera Android 83 compat data mapping
- Added Samsung Internet 27 compat data mapping
- Added Oculus Quest Browser 34 compat data mapping
-
3.37.1 - 2024-05-14
- Changes v3.37.0...v3.37.1
- Fixed
- Compat data improvements:
- Added Rhino 1.7.15 compat data, many features marked as supported
- Added NodeJS 22.0 compat data mapping
- Added Deno 1.43 compat data mapping
- Added Electron 31 compat data mapping
- Updated Opera Android 82 compat data mapping
- Added Samsung Internet 26 compat data mapping
- Added Oculus Quest Browser 33 compat data mapping
-
3.37.0 - 2024-04-16
- Changes v3.36.1...v3.37.0
- New
- Built-ins:
- Moved to stable ES, April 2024 TC39 meeting
- Added
- Explicit Resource Management stage 3 proposal
- Some minor updates like explicit-resource-management/217
- Added
- Built-ins:
- Built-ins:
- Added optional arguments support, promise-try/16
- Moved to stage 2.7, April 2024 TC39 meeting
- Moved to hex-escape semantics, regex-escaping/67
- It's not the final change of the way of escaping, waiting for regex-escaping/77 soon
- Pattern matching stage 1 proposal:
- Built-ins:
- Once again, the used well-known symbol was renamed
- Added new entries for that
- Added Extractors stage 1 proposal:
- Built-ins:
- Since the
- Added
- Engines bugs fixes:
- Added a fix of Safari
- Added a fix of Safari bug with double call of constructor in
- Compat data improvements:
- New
- Added Opera Android 82 compat data mapping
-
3.36.1 - 2024-03-19
- Changes v3.36.0...v3.36.1
- Fixed some validation cases in
- Fixed the order of validations in
- Added a fix of Bun
- Added a fix of Bun
- Added a fix of Bun
- Compat data improvements:
- Added React Native 0.74 Hermes compat data,
- Added Deno 1.41.3 compat data mapping
- Added Opera Android 81 compat data mapping
- Added Samsung Internet 25 compat data mapping
- Added Oculus Quest Browser 32 compat data mapping
- Updated Electron 30 compat data mapping
-
3.36.0 - 2024-02-14
- Built-ins:
- Moved to stable ES, Febrary 2024 TC39 meeting
- Added
- Methods:
- Moved to stage 3, Febrary 2024 TC39 meeting
- Added
- Skipped adding new methods of writing to existing arrays to clarification some moments
- Added an entry point for the new TC39 proposals stage -
- Fixed regression in
- Fixed a missed check in
- Fixed a missed check in
- Fixed
- Fixed dependencies loading for modules from
- Dropped context workaround from collection static methods entries since with current methods semantic it's no longer required
- Added instance methods polyfills to entries of collections static methods that produce collection instances
- Added missed
- Added debugging info in some missed cases
- Compat data improvements:
- New
- Added Deno 1.40 compat data mapping
- Updated Electron 30 compat data mapping
-
3.35.1 - 2024-01-20
- Fixed internal
- Removed significant redundant code from
- Fixed setting names of methods with symbol keys in some old engines
- Minor fix of prototype methods export logic in the pure version
- Compat data improvements:
- Note that V8 ~ Chrome 122 add
- Added Oculus Quest Browser 31 compat data mapping
- Updated Electron 29 and added Electron 30 compat data mapping
-
3.35.0 - 2023-12-28
- Fixed handling some cases of non-enumerable symbol keys from
- Removed unneeded NodeJS domains-related logic from
- Fixed subclassing of wrapped
- Refactoring, many different minor optimizations
- Compat data improvements:
- It seems that the ancient
- Since
- Added Opera Android 80 and updated Opera Android 79 compat data mapping
- Added Samsung Internet 24 compat data mapping
-
3.34.0 - 2023-12-05
- Methods:
- Moved to stable ES, November 2023 TC39 meeting
- Added
- Method:
- Moved to stable ES, November 2023 TC39 meeting
- Added
- Fixed a web incompatibility issue of
- Added
- Methods:
- Relaxed some specific cases of
- Fixed
- Fixed the order of arguments validation in
- Some minor
- Compat data improvements:
-
3.33.3 - 2023-11-19
-
3.33.2 - 2023-10-30
-
3.33.1 - 2023-10-20
-
3.33.0 - 2023-10-01
-
3.32.2 - 2023-09-07
-
3.32.1 - 2023-08-18
-
3.32.0 - 2023-07-27
-
3.31.1 - 2023-07-06
-
3.31.0 - 2023-06-11
-
3.30.2 - 2023-05-06
-
3.30.1 - 2023-04-13
from core-js GitHub release notesURLSearchParamspercent decoding, #1357, #1361, thanks @ slowcheetahIteratorhelpers proposal methods marked as shipped from FF131Math.f16roundandDataView.prototype.{ getFloat16, setFloat16 }marked as shipped from Bun 1.1.23RegExp.escapemarked as shipped from Bun 1.1.22Promise.trymarked as shipped from Bun 1.1.22Uint8Arrayto / from base64 and hex proposal methods marked as shipped from Bun 1.1.22RegExp.escapeproposal:RegExp.escape/actual/namespace entries, unconditional forced replacement changed to feature detectionPromise.tryproposal:Promise.try/actual/namespace entries, unconditional forced replacement changed to feature detectionUint8Arrayto / from base64 and hex stage 3 proposal:Uint8Array.fromBase64Uint8Array.fromHexUint8Array.prototype.setFromBase64Uint8Array.prototype.setFromHexUint8Array.prototype.toBase64Uint8Array.prototype.toHexUint8Array.prototype.{ setFromBase64, setFromHex }methodsUint8Array.fromBase64andUint8Array.prototype.setFromBase64lastChunkHandlingoption, proposal-arraybuffer-base64/33Uint8Array.prototype.toBase64omitPaddingoption, proposal-arraybuffer-base64/60TypeErroron arrays backed by detached buffersRegExpnamed capture groups polyfill in combination with non-capturing groups, #1352, thanks @ Ulopprocess.getBuiltinModulefor getting built-in NodeJS modules where it's availablehttpsinstead ofhttpinURLconstructor feature detection to avoid extra notifications from some overly vigilant security scanners, #1345browserslistincore-js-compatdependencies that fixes an upstream issue with incorrect interpretation of somebrowserslistqueries, #1344, browserslist/829, browserslist/836Object.groupByandMap.groupByto work for non-objectsRangeErrorifSetmethods are called on an object with negative size propertySet.prototype.symmetricDifferenceto callthis.hasin each iterationArray.fromAsyncto not call theArrayconstructor twiceURL.parseMath.f16roundandDataView.prototype.{ getFloat16, setFloat16 }marked as shipped from FF129Symbol.asyncDisposeadded and marked as supported from V8 ~ Chromium 127Promise.tryadded and marked as supported from V8 ~ Chromium 128selfdescriptor is broken in Deno 1.45.3 (again)URL.parsefeature detection for some specific casesSetmethods proposal added and marked as supported from FF 127Symbol.disposeadded and marked as supported from V8 ~ Chromium 125Math.f16roundandDataView.prototype.{ getFloat16, setFloat16 }added and marked as supported from Deno 1.43URL.parseadded and marked as supported from Chromium 126URL.parseadded and marked as supported from NodeJS 22.0URL.parseadded and marked as supported from Deno 1.43Setmethods proposal:Set.prototype.intersectionSet.prototype.unionSet.prototype.differenceSet.prototype.symmetricDifferenceSet.prototype.isSubsetOfSet.prototype.isSupersetOfSet.prototype.isDisjointFromes.namespace modules,/es/and/stable/namespaces entriesMath.sumPrecisestage 2.7 proposal:Math.sumPrecisePromise.tryproposal:Promise.tryRegExp.escapestage 2 proposal:Symbol.customMatcherSymbol.customMatcherSymbol.customMatcherwell-known symbol from the pattern matching proposal is also used in the exactors proposal, added an entry also for this proposalURL.parse, url/825{ Object, Map }.groupBybug that does not support iterable primitivesArray.fromAsyncURL.parseadded and marked as supported from FF 126URL.parseadded and marked as supported from Bun 1.1.4URL.canParsefixed and marked as supported from Bun 1.1.0Setmethods fixed in JavaScriptCore and marked as supported from Bun 1.1.1Object.setPrototypeOf, #1329, thanks @ minseok-choeArray.from, #1331, thanks @ minseok-choequeueMicrotaskarityURL.canParsearitySuppressedErrorextra arguments support and arityvalueargument ofURLSearchParams.prototype.{ has, delete }marked as supported from Bun 1.0.31Array.prototype.{ toSpliced, toReversed, with }andatobmarked as supportedArrayBuffer.prototype.transferand friends proposal:ArrayBuffer.prototype.detachedArrayBuffer.prototype.transferArrayBuffer.prototype.transferToFixedLengthes.namespace modules,/es/and/stable/namespaces entriesUint8Arrayto / from base64 and hex proposal:Uint8Array.fromBase64Uint8Array.fromHexUint8Array.prototype.toBase64Uint8Array.prototype.toHex/actual/namespace entriesPromise.tryproposal has been resurrected and moved to stage 2, Febrary 2024 TC39 meetingcore-js/stage/2.7- still emptySet.prototype.intersectionfeature detectionArray.prototype.{ indexOf, lastIndexOf, includes }, #1325, thanks @ minseok-choeArray.prototype.{ reduce, reduceRight }, #1327, thanks @ minseok-choeArray.fromand some other methods with proxy targets, #1322, thanks @ minseok-choeArrayBuffer.prototype.transferand friends proposal in some specific cases in IE10-Date.prototype.toJSONtoJSON.stringifyentries dependencies{ Map, Object }.groupBy,Promise.withResolvers,ArrayBuffer.prototype.transferand friends marked as supported from Safari 17.4Setmethods fixed and marked as supported from V8 ~ Chrome 123Symbol.metadatamarked as supported from Deno 1.40.4ToLengthoperation with bigints, #1318String#splitpolyfillIteratorhelpers proposal methods marked as supported from V8 ~ Chrome 122Setmethods, but they have a bug similar to Safariselfmarked as fixed from Bun 1.0.22SuppressedErrorandSymbol.{ dispose, asyncDispose }marked as supported from Bun 1.0.23{ Map, Set, WeakMap, WeakSet }.{ from, of }became non-generic, following this and some other notes. Now they can be invoked withoutthis, but no longer return subclass instancesSymbolpolyfillqueueMicrotaskpolyfillArrayBufferArray.fromAsyncmarked as supported from V8 ~ Chrome 121Array.prototype.pushbug is fixed in V8 ~ Chrome 122 (Hallelujah!)ArrayBuffer.prototype.transferand friends proposal features marked as supported from FF 122 and Bun 1.0.19Object.groupByandMap.groupBymarked as supported from Bun 1.0.19Iteratorhelpers proposal methods are still not disabled in Deno, the web compatibility issue why it was disabled in Chromium makes no sense for Deno and fixed in the spec, they marked as supported from Deno 1.37Arraygrouping proposal:Object.groupByMap.groupByes.namespace modules,/es/and/stable/namespaces entriesPromise.withResolversproposal:Promise.withResolverses.namespace module,/es/and/stable/namespaces entriesIteratorhelpers proposal, proposal-iterator-helpers/287 and some following changes, November 2023 TC39 meetingUint8Arrayto / from base64 and hex stage 2 proposal:Uint8Array.fromBase64Uint8Array.fromHexUint8Array.prototype.toBase64Uint8Array.prototype.toHexNumber.fromStringvalidation before clarification of proposal-number-fromstring/24@@ toStringTagproperty descriptors on DOM collections, #1312Arrayiteration methods, #1313atob/btoaimprovementsPromise.withResolversmarked as shipped from FF121Package name: moment
-
2.30.1 - 2023-12-27
-
2.30.0 - 2023-12-26
-
2.29.4 - 2022-07-06
from moment GitHub release notes2.30.1
2.30.0
2.29.4
Package name: qs
-
6.13.0 - 2024-08-01
-
6.12.3 - 2024-07-08
-
6.12.2 - 2024-07-01
-
6.12.1 - 2024-04-12
-
6.12.0 - 2024-03-06
-
6.11.2 - 2023-05-15
-
6.11.1 - 2023-03-06
from qs GitHub release notesv6.13.0
v6.12.3
v6.12.2
v6.12.1
v6.12.0
v6.11.2
v6.11.1
Package name: vue-router
-
4.4.3 - 2024-08-06
-
4.4.2 - 2024-08-01
-
4.4.1 - 2024-07-31
-
4.4.0 - 2024-06-21
-
4.4.0-alpha.3 - 2024-06-19
-
4.4.0-alpha.2 - 2024-06-12
-
4.4.0-alpha.1 - 2024-06-12
-
4.4.0-alpha.0 - 2024-06-11
-
4.3.3 - 2024-06-10
-
4.3.2 - 2024-04-18
-
4.3.1 - 2024-04-17
-
4.3.0 - 2024-02-21
-
4.3.0-alpha.1 - 2024-01-18
-
4.3.0-alpha.0 - 2024-01-18
-
4.2.5 - 2023-09-22
-
4.2.4 - 2023-07-06
-
4.2.3 - 2023-07-05
-
4.2.2 - 2023-05-29
-
4.2.1 - 2023-05-18
-
4.2.0 - 2023-05-11
-
4.1.6 - 2022-10-24
from vue-router GitHub release notesPlease refer to CHANGELOG.md for details.
Please refer to CHANGELOG.md for details.
Please refer to CHANGELOG.md for details.
Please refer to CHANGELOG.md for details.
Please refer to CHANGELOG.md for details.
Please refer to CHANGELOG.md for details.
Please refer to CHANGELOG.md for details.
Please refer to CHANGELOG.md for details.
Please refer to CHANGELOG.md for details.
Please refer to CHANGELOG.md for details.
Package name: vue-sweetalert2
-
5.0.11 - 2024-06-04
-
5.0.10 - 2024-05-15
-
5.0.9 - 2024-05-13
-
5.0.7 - 2024-05-13
-
5.0.5 - 2022-05-10
from vue-sweetalert2 GitHub release notesfix: fixed nuxt2 exports in package.json
fix: #158 fixed exports from package
fix: #156 fixed exports from package
ver: 5.0.5 update deps
Package name: vuetify
🔧 Bug Fixes
🧪 Labs
🚀 Features