Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

[Snyk] Security upgrade @vue/cli from 4.5.13 to 5.0.7 #725

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

[Snyk] Security upgrade @vue/cli from 4.5.13 to 5.0.7 #725

wants to merge 1 commit into from

Conversation

SelfhostedPro
Copy link
Owner

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • frontend/package.json
    • frontend/package-lock.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
medium severity 601/1000
Why? Recently disclosed, Has a fix available, CVSS 6.3		 Cross-site Scripting (XSS)
SNYK-JS-COOKIE-8163060		 Yes No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: @vue/cli The new version differs by 250 commits.
  • 4a0655f v5.0.7
  • 6f9b6ec chore: update fallback chromedriver version
  • 23fa20f chore: upgrade to apollo-server-express 3.x (#7210)
  • beffe8a fix: allow disabling progress plugin via `devServer.client.progress`
  • 558dea2 fix: support `devServer.server` option, avoid deprecation warning
  • bddd64d fix: optimize the judgment on whether HTTPS has been set in options (#7202)
  • ef08a08 v5.0.6
  • 6b163f2 chore: fix lint errors
  • fcf27e3 fixup! fix: compatibility with Vue 2.7
  • a648958 fix: compatibility with Vue 2.7
  • 98c66c9 v5.0.5
  • 64446e0 feat(upgrade): prevent changing the structure of package.json file during upgrade (#7167)
  • 27dba1a fix: eliminate calling deprecated function in cli-plugin-e2e-cypress and cli-plugin-e2e-nightwatch (#7158)
  • 619965b docs: fix 404 links
  • 697bb44 fix: should correctly resolve cypress bin path for Cypress 10
  • b2b07a5 chore: run yarn-audit-fix
  • d5bb358 chore: update lockfile
  • 1452cd3 feat: update cypress to 9.x
  • 00fd2b6 chore: update the @ achrinza/node-ipc to support Node.js 18
  • ce97e62 fix: add XMLSerializer to the global scope (#7101)
  • 940e436 fix: update `@ achrinza/node-ipc` to support non-LTS Node.js versions
  • 6035629 chore: remove redundant yorkie dependency in typescript plugin
  • dded73a fix: windows vue.config.mjs support (#7023)
  • a3ccc3d docs: add 4.5.17 changelog

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Cross-site Scripting (XSS)

@snyk-bot
fix: frontend/package.json & frontend/package-lock.json to reduce vul…
31852f7 
…nerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-COOKIE-8163060
# for free to join this conversation on GitHub. Already have an account? # to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@SelfhostedPro @snyk-bot