Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

[Snyk] Upgrade: , dotenv, , ajv, bootstrap-vue, jquery, jquery-hoverintent, magnific-popup, nuxt, sass, storyblok-nuxt #2

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

[Snyk] Upgrade: , dotenv, , ajv, bootstrap-vue, jquery, jquery-hoverintent, magnific-popup, nuxt, sass, storyblok-nuxt #2

wants to merge 1 commit into from

Conversation

takawiramundure
Copy link
Owner

snyk-top-banner

Snyk has created this PR to upgrade multiple dependencies.

👯‍♂ The following dependencies are linked and will therefore be updated together.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

Name Versions Released on

@nuxtjs/axios
from 5.1.1 to 5.13.6 | 46 versions ahead of your current version | 3 years ago
on 2021-06-02
dotenv
from 8.2.0 to 8.6.0 | 5 versions ahead of your current version | 3 years ago
on 2021-05-05
@nuxtjs/dotenv
from 1.4.1 to 1.4.2 | 1 version ahead of your current version | 9 months ago
on 2023-12-15
ajv
from 6.10.2 to 6.12.6 | 8 versions ahead of your current version | 4 years ago
on 2020-10-10
bootstrap-vue
from 2.1.0 to 2.23.1 | 37 versions ahead of your current version | 2 years ago
on 2022-10-26
jquery
from 3.4.1 to 3.7.1 | 9 versions ahead of your current version | a year ago
on 2023-08-28
jquery-hoverintent
from 1.10.1 to 1.10.2 | 1 version ahead of your current version | 3 years ago
on 2021-12-13
magnific-popup
from 1.1.0 to 1.2.0 | 1 version ahead of your current version | 3 months ago
on 2024-06-08
nuxt
from 2.10.2 to 2.18.1 | 41 versions ahead of your current version | 3 months ago
on 2024-06-28
sass
from 1.23.7 to 1.77.8 | 169 versions ahead of your current version | 2 months ago
on 2024-07-11
storyblok-nuxt
from 1.0.2 to 1.3.1 | 4 versions ahead of your current version | 3 years ago
on 2021-03-24

Issues fixed by the recommended upgrade:

Issue Score Exploit Maturity
high severity Arbitrary Code Injection
SNYK-JS-SERIALIZEJAVASCRIPT-570062		 706 Proof of Concept
high severity Arbitrary File Write
SNYK-JS-TAR-1579147		 706 No Known Exploit
high severity Arbitrary File Write
SNYK-JS-TAR-1579152		 706 No Known Exploit
high severity Arbitrary File Write
SNYK-JS-TAR-1579155		 706 No Known Exploit
high severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-UAPARSERJS-1023599		 706 Proof of Concept
high severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-UAPARSERJS-610226		 706 Proof of Concept
high severity Code Injection
SNYK-JS-LODASH-1040724		 706 Proof of Concept
high severity Prototype Pollution
SNYK-JS-LODASH-567746		 706 Proof of Concept
high severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-AXIOS-1579269		 706 Proof of Concept
high severity Prototype Pollution
SNYK-JS-LODASH-608086		 706 Proof of Concept
high severity Asymmetric Resource Consumption (Amplification)
SNYK-JS-BODYPARSER-7926860		 706 No Known Exploit
high severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-ACORN-559469		 706 No Known Exploit
high severity Prototype Pollution
SNYK-JS-AJV-584908		 706 No Known Exploit
high severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-ANSIHTML-1296849		 706 Proof of Concept
high severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-AXIOS-1579269		 706 Proof of Concept
high severity Improper Input Validation
SNYK-JS-FOLLOWREDIRECTS-6141137		 706 Proof of Concept
high severity Prototype Pollution
SNYK-JS-LODASH-6139239		 706 Proof of Concept
high severity Improper Verification of Cryptographic Signature
SNYK-JS-BROWSERIFYSIGN-6037026		 706 No Known Exploit
high severity Prototype Pollution
SNYK-JS-INI-1048974		 706 Proof of Concept
high severity Server-side Request Forgery (SSRF)
SNYK-JS-IP-6240864		 706 Proof of Concept
high severity Denial of Service (DoS)
SNYK-JS-DECODEURICOMPONENT-3149970		 706 Proof of Concept
high severity Remote Code Execution (RCE)
SNYK-JS-EJS-2803307		 706 Proof of Concept
high severity Prototype Poisoning
SNYK-JS-QS-3153490		 706 Proof of Concept
high severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-SEMVER-3247795		 706 Proof of Concept
high severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-SEMVER-3247795		 706 Proof of Concept
high severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-SEMVER-3247795		 706 Proof of Concept
high severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-SEMVER-3247795		 706 Proof of Concept
high severity Cross-site Scripting (XSS)
SNYK-JS-SERIALIZEJAVASCRIPT-536840		 706 No Known Exploit
high severity Arbitrary Code Injection
SNYK-JS-SERIALIZEJAVASCRIPT-570062		 706 Proof of Concept
high severity Cross-site Scripting (XSS)
SNYK-JS-SERIALIZEJAVASCRIPT-6056521		 706 No Known Exploit
high severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-NTHCHECK-1586032		 706 Proof of Concept
high severity Cryptographic Issues
SNYK-JS-ELLIPTIC-571484		 706 Proof of Concept
high severity Improper Input Validation
SNYK-JS-FOLLOWREDIRECTS-6141137		 706 Proof of Concept
high severity Remote Code Execution (RCE)
SNYK-JS-SHELLQUOTE-1766506		 706 No Known Exploit
high severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-SSRI-1246392		 706 Proof of Concept
high severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-SSRI-1246392		 706 Proof of Concept
high severity Arbitrary File Overwrite
SNYK-JS-TAR-1536528		 706 No Known Exploit
high severity Arbitrary File Overwrite
SNYK-JS-TAR-1536531		 706 No Known Exploit
high severity Path Traversal
SNYK-JS-WEBPACKDEVMIDDLEWARE-6476555		 706 Proof of Concept
high severity Denial of Service (DoS)
SNYK-JS-WS-7266574		 706 Proof of Concept
high severity Prototype Pollution
SNYK-JS-Y18N-1021887		 706 Proof of Concept
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-LODASH-1018905		 706 Proof of Concept
medium severity Uncontrolled Resource Consumption ('Resource Exhaustion')
SNYK-JS-TAR-6476909		 706 Proof of Concept
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-TERSER-2806366		 706 No Known Exploit
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-UAPARSERJS-1072471		 706 Proof of Concept
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-UGLIFYJS-1727251		 706 No Known Exploit
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-UGLIFYJS-1727251		 706 No Known Exploit
medium severity Server-Side Request Forgery (SSRF)
SNYK-JS-AXIOS-1038255		 706 Proof of Concept
medium severity Information Exposure
SNYK-JS-FOLLOWREDIRECTS-2332181		 706 Proof of Concept
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-ISSVG-1243891		 706 Proof of Concept
medium severity Cross-site Scripting (XSS)
SNYK-JS-JQUERY-565129		 706 Mature
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-BROWSERSLIST-1090194		 706 Proof of Concept
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-COLORSTRING-1082939		 706 Proof of Concept
low severity Validation Bypass
SNYK-JS-KINDOF-537849		 706 Proof of Concept
critical severity Incomplete List of Disallowed Inputs
SNYK-JS-BABELTRAVERSE-5962462		 706 Proof of Concept
medium severity Server-Side Request Forgery (SSRF)
SNYK-JS-AXIOS-1038255		 706 Proof of Concept
medium severity Information Exposure
SNYK-JS-FOLLOWREDIRECTS-6444610		 706 Proof of Concept
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-HTMLMINIFIER-3091181		 706 Proof of Concept
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-HTMLMINIFIER-3091181		 706 Proof of Concept
medium severity Denial of Service (DoS)
SNYK-JS-HTTPPROXY-569139		 706 Proof of Concept
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-ISSVG-1085627		 706 Proof of Concept
medium severity Cross-site Scripting (XSS)
SNYK-JS-JQUERY-567880		 706 Mature
medium severity Prototype Pollution
SNYK-JS-DOTPROP-543489		 706 Proof of Concept
medium severity Arbitrary Code Injection
SNYK-JS-EJS-1049328		 706 Proof of Concept
medium severity Improper Control of Dynamically-Managed Code Resources
SNYK-JS-EJS-6689533		 706 No Known Exploit
medium severity Cryptographic Issues
SNYK-JS-ELLIPTIC-1064899		 706 No Known Exploit
medium severity Information Exposure
SNYK-JS-NODEFETCH-2342118		 706 No Known Exploit
medium severity Denial of Service
SNYK-JS-NODEFETCH-674311		 706 No Known Exploit
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-PATHPARSE-1077067		 706 Proof of Concept
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-PATHTOREGEXP-7925106		 706 Proof of Concept
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-POSTCSS-1090595		 706 Proof of Concept
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-POSTCSS-1255640		 706 Proof of Concept
low severity Cross-site Scripting
SNYK-JS-SEND-7926862		 706 No Known Exploit
critical severity Improper Verification of Cryptographic Signature
SNYK-JS-ELLIPTIC-7577916		 706 Proof of Concept
critical severity Improper Verification of Cryptographic Signature
SNYK-JS-ELLIPTIC-7577917		 706 Proof of Concept
critical severity Improper Verification of Cryptographic Signature
SNYK-JS-ELLIPTIC-7577918		 706 Proof of Concept
medium severity Open Redirect
SNYK-JS-EXPRESS-6474509		 706 No Known Exploit
medium severity Cross-site Scripting
SNYK-JS-EXPRESS-7926867		 706 No Known Exploit
medium severity Information Exposure
SNYK-JS-FOLLOWREDIRECTS-2332181		 706 Proof of Concept
medium severity Information Exposure
SNYK-JS-FOLLOWREDIRECTS-6444610		 706 Proof of Concept
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-WS-1296835		 706 Proof of Concept
low severity Information Exposure
SNYK-JS-FOLLOWREDIRECTS-2396346		 706 No Known Exploit
low severity Information Exposure
SNYK-JS-FOLLOWREDIRECTS-2396346		 706 No Known Exploit
low severity Cross-site Scripting
SNYK-JS-SERVESTATIC-7926865		 706 No Known Exploit
low severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-TAR-1536758		 706 No Known Exploit
low severity Regular Expression Denial of Service (ReDoS)
npm:debug:20170905		 706 Proof of Concept
Release notes
Package name: @nuxtjs/axios
  • 5.13.6 - 2021-06-02

    Bug Fixes

    • setHeader function returns after the first scope element (#507) (cb5e29d)
  • 5.13.5 - 2021-05-26

    Bug Fixes

    • only transpile defu for client bundle (resolves #501) (ec2eb0a)
  • 5.13.4 - 2021-05-18

    Bug Fixes

    • build.transpile guard for nuxt@1.x (fixes #498) (66d56ab)
  • 5.13.3 - 2021-05-17

    Bug Fixes

  • 5.13.2 - 2021-05-17

    Dependencies:

    • Update defu to 5.x
  • 5.13.1 - 2021-02-08

    Bug Fixes

  • 5.13.0 - 2021-02-01

    Features

    • Support baseUrl and browserBaseUrl to handle casing typos (8904847)

    Bug Fixes

    • Add x-forwarded-port and x-forwarded-proto to proxyHeaderIgnore defaults (#465) (a1a1894)
  • 5.12.5 - 2021-01-04

    Bug Fixes

    • add x-forwarded-host to proxyHeaderIgnore defaults (#462) (433548b), closes #456

    Dependencies

  • 5.12.4 - 2020-12-14

    Bug Fixes

    Dependencies

    • Update @ nuxtjs/proxy to 2.1.0 (less warnings and typescript rewrite)

    Thanks

  • 5.12.3 - 2020-11-30

    Bug Fixes

  • 5.12.2 - 2020-08-25
  • 5.12.1 - 2020-08-05
  • 5.12.0 - 2020-07-10
  • 5.11.0 - 2020-06-05
  • 5.10.3 - 2020-04-30
  • 5.10.2 - 2020-04-27
  • 5.10.1 - 2020-04-22
  • 5.10.0 - 2020-04-21
  • 5.9.7 - 2020-03-30
  • 5.9.6 - 2020-03-27
  • 5.9.5 - 2020-02-02
  • 5.9.4 - 2020-01-30
  • 5.9.3 - 2020-01-11
  • 5.9.2 - 2020-01-02
  • 5.9.1 - 2020-01-02
  • 5.9.0 - 2019-12-17
  • 5.8.0 - 2019-10-23
  • 5.7.1 - 2019-10-22
  • 5.7.0 - 2019-10-22
  • 5.6.0 - 2019-08-20
  • 5.5.4 - 2019-06-05
  • 5.5.3 - 2019-05-30
  • 5.5.2 - 2019-05-26
  • 5.5.1 - 2019-05-23
  • 5.5.0 - 2019-05-22
  • 5.4.2 - 2019-05-21
  • 5.4.1 - 2019-03-05
  • 5.4.0 - 2019-03-02
  • 5.3.6 - 2018-11-08
  • 5.3.5 - 2018-11-07
  • 5.3.4 - 2018-10-30
  • 5.3.3 - 2018-09-28
  • 5.3.2 - 2018-09-21
  • 5.3.1 - 2018-03-31
  • 5.3.0 - 2018-03-31
  • 5.2.0 - 2018-03-31
  • 5.1.1 - 2018-03-06
from @nuxtjs/axios GitHub release notes
Package name: dotenv from dotenv GitHub release notes
Package name: @nuxtjs/dotenv from @nuxtjs/dotenv GitHub release notes
Package name: ajv from ajv GitHub release notes
Package name: bootstrap-vue
  • 2.23.1 - 2022-10-26

    chore(release): v2.23.1

  • 2.23.0 - 2022-10-25

    chore(release): v2.23.0

  • 2.22.0 - 2022-04-17

    🚀 Features

    • b-link
      • #6811 Support exact-path and exact-path-active-class props for router link
    • b-form-tags
      • #6395 Adds focusin & focusout to wrapper and prevents firing multiple focus/blur events
      • #6347 Add feedback-aria-live prop
    • general
      • #6375 Add headerTag and footerTag props to all componets with header and footer
    • b-dropdown
      • #6339 Add toggle-attrs prop

    🐛 Bug Fixes

    • general
      • #6834 Replace sass division with multiplication
    • b-table
      • #6645 Selected table header text no longer prevents table row selection
      • #6606 Fix range selection of b-table
      • #6603 Set aria-sort when using sortKey and no-local-sorting
      • #6383 Default role to grid when selectable and table otherwise
      • #6382 Prefer user-provided role attribute
      • #6372 Add missing role="grid" when selectable
      • #6371 Header cell overflow for .sr-only sort label
      • #6355 Add missing sortKey field type and correct a typo
    • b-skeleton
      • #6858 Accepts custom attributes
    • nav-item-dropdown
      • 97bb97b Update dropdown to set correct aria-controls
    • b-dropdown
      • #6865 Set correct aria-haspopup attribute for the toggle button
      • #6367 Decrease delay when hiding inside a navbar on no-touch devices
    • utils/dom
    • docs
      • #6545 Use https:// urls in docs
    • b-form-group
      • #6346 Remove role="alert" from valid/invalid feedback
    • b-input-tags
      • #6389 Respect custom $input-color
    • b-link
      • #6374 Remove default values from vue-router pass-down props
    • b-img-lazy
      • #6349 Fix blank placeholder for Firefox
      • #6302 Fix blank-src not working
    • b-form-input/b-form-textarea
      • #6345 Legacy browser support

    🏡 Chore

    • tests
      • 8ce291b Refactor tests not to use $children
      • b16514b Remove useless localVue usage
      • ac8ebfe Replace find with findComponents
      • d113cc7 Remove createContainer helper
    • b-form-tags
      • #6752 Correct typo b-from-tags to b-form-tags
    • icons
      • #6611 Update Bootstrap Icons to v1.5.0
    • docs
      • #6466 Add new "Vuexy - Admin Dashboard" theme
      • #6368 Make sure the clicked anchor target is reflected in URL
    • ci
      • #6592 Update workflows to new Node.js versions
    • refactor
      • #6381 Move away from lifecycle hook listeners
      • #6356 Unify event variable names

    💖 Thanks to

    • Andrei Gheorghiu
    • Connor Forbes
    • Illya Klymov
    • JD
    • James Pickard
    • Jingsong Gao
    • John Franey
    • Jonathan Guberman
    • Joshua Wu
    • Konstantin
    • Lei Wang
    • Olena Horal
    • Pete Hegman
    • Rare Kang
    • Samuel Denis-D'Ortun
    • William
    • William Teixeira
    • magical-l
    • ochowei
    • xenolithviktor
  • 2.21.2 - 2021-01-01

    🐛 Bug Fixes

    • b-dropdown
      • #6274 Only apply heading role to header when not a header tag
    • b-table
      • #6266 Allow responsive and stacked props together
      • #6251 Only set aria-describedby when caption really exists
    • general
      • #6265 Clean up props inheritance
      • #6226 Environment detection based on userAgent
    • b-form-datepicker/b-form-timepicker
    • b-sidebar
      • #6234 Make sure to not exceed 100% in height
    • b-icon
      • #6233 Title render handling

    🏡 Chore

    • docs
      • #6263 Correct typos and improve wording in theming section
      • #6244 Fix typos in <b-form-select> and <b-form-textarea> docs

@snyk-bot
fix: upgrade multiple dependencies with Snyk
59d2026 
Snyk has created this PR to upgrade:
  - @nuxtjs/axios from 5.1.1 to 5.13.6.
    See this package in npm: https://www.npmjs.com/package/@nuxtjs/axios
  - dotenv from 8.2.0 to 8.6.0.
    See this package in npm: https://www.npmjs.com/package/dotenv
  - @nuxtjs/dotenv from 1.4.1 to 1.4.2.
    See this package in npm: https://www.npmjs.com/package/@nuxtjs/dotenv
  - ajv from 6.10.2 to 6.12.6.
    See this package in npm: https://www.npmjs.com/package/ajv
  - bootstrap-vue from 2.1.0 to 2.23.1.
    See this package in npm: https://www.npmjs.com/package/bootstrap-vue
  - jquery from 3.4.1 to 3.7.1.
    See this package in npm: https://www.npmjs.com/package/jquery
  - jquery-hoverintent from 1.10.1 to 1.10.2.
    See this package in npm: https://www.npmjs.com/package/jquery-hoverintent
  - magnific-popup from 1.1.0 to 1.2.0.
    See this package in npm: https://www.npmjs.com/package/magnific-popup
  - nuxt from 2.10.2 to 2.18.1.
    See this package in npm: https://www.npmjs.com/package/nuxt
  - sass from 1.23.7 to 1.77.8.
    See this package in npm: https://www.npmjs.com/package/sass
  - storyblok-nuxt from 1.0.2 to 1.3.1.
    See this package in npm: https://www.npmjs.com/package/storyblok-nuxt

See this project in Snyk:
https://app.snyk.io/org/takawiramundure/project/fa5f5eca-0939-49a8-be4b-892878db0b92?utm_source=github&utm_medium=referral&page=upgrade-pr
# for free to join this conversation on GitHub. Already have an account? # to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
2 participants
@takawiramundure @snyk-bot