[Snyk] Upgrade: lodash, , , chart.js, dayjs, nuxt, nuxt-buefy, vue-chartjs #2
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Snyk has created this PR to upgrade:
- lodash from 4.17.20 to 4.17.21.
See this package in npm: https://www.npmjs.com/package/lodash
- @nuxtjs/axios from 5.12.1 to 5.13.6.
See this package in npm: https://www.npmjs.com/package/@nuxtjs/axios
- @nuxtjs/pwa from 3.0.0 to 3.3.5.
See this package in npm: https://www.npmjs.com/package/@nuxtjs/pwa
- chart.js from 2.9.3 to 2.9.4.
See this package in npm: https://www.npmjs.com/package/chart.js
- dayjs from 1.8.33 to 1.11.13.
See this package in npm: https://www.npmjs.com/package/dayjs
- nuxt from 2.14.3 to 2.18.1.
See this package in npm: https://www.npmjs.com/package/nuxt
- nuxt-buefy from 0.3.31 to 0.4.29.
See this package in npm: https://www.npmjs.com/package/nuxt-buefy
- vue-chartjs from 3.5.0 to 3.5.1.
See this package in npm: https://www.npmjs.com/package/vue-chartjs
See this project in Snyk:
https://app.snyk.io/org/takawiramundure/project/3f8cc0e5-fa42-476c-97d6-4e079e154f0b?utm_source=github&utm_medium=referral&page=upgrade-pr
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Snyk has created this PR to upgrade multiple dependencies.
👯♂ The following dependencies are linked and will therefore be updated together.ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
lodash
from 4.17.20 to 4.17.21 | 1 version ahead of your current version | 4 years ago
on 2021-02-20
@nuxtjs/axios
from 5.12.1 to 5.13.6 | 11 versions ahead of your current version | 3 years ago
on 2021-06-02
@nuxtjs/pwa
from 3.0.0 to 3.3.5 | 14 versions ahead of your current version | 4 years ago
on 2021-01-26
chart.js
from 2.9.3 to 2.9.4 | 1 version ahead of your current version | 4 years ago
on 2020-10-18
dayjs
from 1.8.33 to 1.11.13 | 35 versions ahead of your current version | a month ago
on 2024-08-20
nuxt
from 2.14.3 to 2.18.1 | 29 versions ahead of your current version | 3 months ago
on 2024-06-28
nuxt-buefy
from 0.3.31 to 0.4.29 | 30 versions ahead of your current version | 5 months ago
on 2024-04-01
vue-chartjs
from 3.5.0 to 3.5.1 | 1 version ahead of your current version | 4 years ago
on 2020-08-22
Issues fixed by the recommended upgrade:
SNYK-JS-QS-3153490
SNYK-JS-EJS-2803307
SNYK-JS-FOLLOWREDIRECTS-6141137
SNYK-JS-FOLLOWREDIRECTS-6141137
SNYK-JS-INI-1048974
SNYK-JS-IP-6240864
SNYK-JS-LOADERUTILS-3043105
SNYK-JS-NTHCHECK-1586032
SNYK-JS-PARSEPATH-2936439
SNYK-JS-SERIALIZEJAVASCRIPT-570062
SNYK-JS-BODYPARSER-7926860
SNYK-JS-BROWSERIFYSIGN-6037026
SNYK-JS-CHARTJS-1018716
SNYK-JS-DECODEURICOMPONENT-3149970
SNYK-JS-SHELLQUOTE-1766506
SNYK-JS-SSRI-1246392
SNYK-JS-SSRI-1246392
SNYK-JS-UAPARSERJS-1023599
SNYK-JS-UAPARSERJS-610226
SNYK-JS-WEBPACKDEVMIDDLEWARE-6476555
SNYK-JS-WS-7266574
SNYK-JS-ANSIHTML-1296849
SNYK-JS-LOADERUTILS-3043105
SNYK-JS-AXIOS-1579269
SNYK-JS-LODASH-1040724
SNYK-JS-LOADERUTILS-3105943
SNYK-JS-EJS-1049328
SNYK-JS-EJS-6689533
SNYK-JS-ELLIPTIC-1064899
SNYK-JS-PARSEURL-2935947
SNYK-JS-FOLLOWREDIRECTS-6444610
SNYK-JS-FOLLOWREDIRECTS-2332181
SNYK-JS-FOLLOWREDIRECTS-6444610
SNYK-JS-EXPRESS-6474509
SNYK-JS-EXPRESS-7926867
SNYK-JS-FOLLOWREDIRECTS-2332181
SNYK-JS-HTMLMINIFIER-3091181
SNYK-JS-ISSVG-1085627
SNYK-JS-ISSVG-1243891
SNYK-JS-JSON5-3182856
SNYK-JS-LOADERUTILS-3042992
SNYK-JS-NANOID-2332193
SNYK-JS-NODEFETCH-674311
SNYK-JS-FOLLOWREDIRECTS-2396346
SNYK-JS-MINIMIST-2429795
SNYK-JS-FOLLOWREDIRECTS-2396346
SNYK-JS-ELLIPTIC-7577916
SNYK-JS-ELLIPTIC-7577917
SNYK-JS-ELLIPTIC-7577918
SNYK-JS-JSON5-3182856
SNYK-JS-NODEFETCH-2342118
SNYK-JS-PARSEURL-2935944
SNYK-JS-BROWSERSLIST-1090194
SNYK-JS-BUEFY-598386
SNYK-JS-COLORSTRING-1082939
SNYK-JS-UAPARSERJS-1072471
SNYK-JS-UGLIFYJS-1727251
SNYK-JS-PARSEURL-2942134
SNYK-JS-PARSEURL-3023021
SNYK-JS-PARSEURL-3024398
SNYK-JS-PATHPARSE-1077067
SNYK-JS-PATHTOREGEXP-7925106
SNYK-JS-POSTCSS-1090595
SNYK-JS-POSTCSS-1255640
SNYK-JS-LODASH-1018905
SNYK-JS-SERVESTATIC-7926865
SNYK-JS-PARSEURL-2936249
SNYK-JS-WS-1296835
SNYK-JS-LOADERUTILS-3042992
SNYK-JS-LOADERUTILS-3105943
SNYK-JS-AXIOS-1038255
SNYK-JS-SEND-7926862
npm:debug:20170905
SNYK-JS-BABELTRAVERSE-5962462
SNYK-JS-BABELTRAVERSE-5962462
Release notes
Package name: lodash
-
4.17.21 - 2021-02-20
-
4.17.20 - 2020-08-13
from lodash GitHub release notesBump to v4.17.21
Bump to v4.17.20.
Package name: @nuxtjs/axios
-
5.13.6 - 2021-06-02
- setHeader function returns after the first scope element (#507) (cb5e29d)
-
5.13.5 - 2021-05-26
- only transpile defu for client bundle (resolves #501) (ec2eb0a)
-
5.13.4 - 2021-05-18
-
5.13.3 - 2021-05-17
- transpile defu (cf1a03f), closes unjs/defu#28
-
5.13.2 - 2021-05-17
- Update defu to 5.x
-
5.13.1 - 2021-02-08
- types: add missing type for
- types: update interceptors type (#476) (ecfab9a)
-
5.13.0 - 2021-02-01
- Support
- Add
-
5.12.5 - 2021-01-04
- add
- Update axios to ^0.21.1 (axios/axios#3410) (#460)
-
5.12.4 - 2020-12-14
- Preserve default headers with custom headers (#452) (55f994f) (resolves resolves #411, #444)
- Update @ nuxtjs/proxy to 2.1.0 (less warnings and typescript rewrite)
- Gábor Egyed (@ 1ed)
-
5.12.3 - 2020-11-30
-
5.12.2 - 2020-08-25
-
5.12.1 - 2020-08-05
from @nuxtjs/axios GitHub release notesBug Fixes
Bug Fixes
Bug Fixes
build.transpileguard for[email protected](fixes #498) (66d56ab)Bug Fixes
Dependencies:
Bug Fixes
create()(#475) (62f17ca)Features
baseUrlandbrowserBaseUrlto handle casing typos (8904847)Bug Fixes
x-forwarded-portandx-forwarded-prototoproxyHeaderIgnoredefaults (#465) (a1a1894)Bug Fixes
x-forwarded-hosttoproxyHeaderIgnoredefaults (#462) (433548b), closes #456Dependencies
Bug Fixes
Dependencies
Thanks
Bug Fixes
$loading().set(Infinity)issue (#424) (7b32262)Package name: @nuxtjs/pwa
-
3.3.5 - 2021-01-26
- meta: add missing
-
3.3.4 - 2021-01-07
- types: mark module options fields as optional (#420) (7d75c28)
-
3.3.3 - 2020-12-20
- workbox: add additional details for uncaught errors and fix chromium cors (#417) (f20489c)
- workbox: deepClone options to avoid cross-build mutation (e39027e)
-
3.3.2 - 2020-11-30
- avoid adding revision to start_url (1c44cff)
-
3.3.1 - 2020-11-29
- append to start_url without query param (fixes #403) (054b8a2)
-
3.3.0 - 2020-11-28
- manifest: add revision to start_url (ad26827)
- manifest: invalidate start_url cache (240d4a1)
- add revision to precache assets (#386) (872dce1)
-
3.2.2 - 2020-10-13
- serve static webpack assets from disk in dev mode (fixes #373) (8298f95)
-
3.2.1 - 2020-10-13
- workbox: precache
-
3.2.0 - 2020-10-13
- Support static mode build cache (#371) (9a825c9) (resolves #367, #353, #352)
- meta: fix
-
3.1.2 - 2020-10-07
- meta: avoid unnecessary log for meta.json (de8e039)
- meta: fix issues regarding favicon.ico fallback (7a1e773)
-
3.1.1 - 2020-10-07
-
3.1.0 - 2020-10-06
-
3.0.2 - 2020-08-26
-
3.0.1 - 2020-08-17
-
3.0.0 - 2020-08-16
from @nuxtjs/pwa GitHub release notesBug Fixes
hidto icon tags (#428) (d9addb7)Bug Fixes
Bug Fixes
Update Notes
If you was previously using
workbox.clientsClaim: falseoption innuxt.configto handleuncaught error, you have to revert it because disabling makes caching issuesBug Fixes
Bug Fixes
Features
Bug Fixes
Bug Fixes
Bug Fixes
start_url(resolves #372) (27e19a0)Changes
mergeMetacjs export (774f1a8) (resolves #369)Bug Fixes
Package name: chart.js
-
2.9.4 - 2020-10-18
- #7404 - Preserve prototypes when cloning. Thanks @ iddings
- #7587 - Fix docs for external moment.js. Thanks @ mojoaxel
- #7853 - Fix box recursion when dimensions are NaN. Thanks @ alessandroasm
- #7883 - Fix call stack exception when computing label sizes. Thanks @ silentmatt
- #7918 - Prevent global prototype pollution via the merge helper
- #7920 - Use Object.create(null) as
-
2.9.3 - 2019-11-14
- #6698 Fix undefined variable
- #6719 Don't make legend empty when fill is false
from chart.js GitHub release notesThis is the last release of v2 and focused on fixing bugs identified in the v2.9.3 release.
Bugs Fixed
mergetarget, to prevent prototype pollutionBug Fixes
Thanks to the maintainers and collaborators for their help to improve and test Chart.js (@ kurkle, @ benmccann, and @ etimberg).
Package name: dayjs
-
1.11.13 - 2024-08-20
- customParseFormat supports Q quter / w ww weekOfYear (#2705) (8ca74f1)
-
1.11.12 - 2024-07-18
- Add NegativeYear Plugin support (#2640) (6a42e0d)
- add UTC support to negativeYear plugin (#2692) (f3ef705)
- Fix zero offset issue when use tz with locale (#2532) (d0e6738)
- Improve typing for min/max plugin (#2573) (4fbe94a)
- timezone plugin currect parse UTC tz (#2693) (b575c81)
-
1.11.11 - 2024-04-28
- day of week type literal (#2630) (f68d73e)
- improve locale "zh-hk" format and meridiem (#2419) (a947a51)
- Update 'da' locale to match correct first week of year (#2592) (44b0936)
- update locale Bulgarian monthsShort Jan (#2538) (f0c9a41)
-
1.11.10 - 2023-09-19
- Add Korean Day of Month with ordinal (#2395) (dd55ee2)
- change back fa locale to the Gregorian calendar equivalent (#2411) (95e9458)
- duration plugin - MILLISECONDS_A_MONTH const calculation (#2362) (f0a0b54)
- duration plugin getter get result 0 instead of undefined (#2369) (061aa7e)
- fix isDayjs check logic (#2383) (5f3f878)
- fix timezone plugin to get correct locale setting (#2420) (4f45012)
- locale: add meridiem in
- round durations to millisecond precision for ISO string (#2367) (890a17a)
- sub-second precisions need to be rounded at the seconds field to avoid adding floats (#2377) (a9d7d03)
- update $x logic to avoid plugin error (#2429) (2254635)
- Update Slovenian locale for relative time (#2396) (5470a15)
- update uzbek language translation (#2327) (0a91056)
-
1.11.9 - 2023-07-01
- Add null to min and max plugin return type (#2355) (62d9042)
- check if null passed to objectSupport parser (#2175) (013968f)
- dayjs.diff improve performance (#2244) (33c80e1)
- dayjs(null) throws error, not return dayjs object as invalid date (#2334) (c79e2f5)
- objectSupport plugin causes an error when null is passed to dayjs function (closes #2277) (#2342) (89bf31c)
- Optimize format method (#2313) (1fe1b1d)
- update Duration plugin add/subtract take into account days in month (#2337) (3b1060f)
- update MinMax plugin 1. ignore the 'null' in args 2. return the only one arg (#2330) (3c2c6ee)
-
1.11.8 - 2023-06-02
- .format add padding to 'YYYY' (#2231) (00c223b)
- Added .valueOf method to Duration class (#2226) (9b4fcfd)
- timezone type mark
- type file first parameter date is optional in isSame(), isBefore(), isAfter() (#2272) (4d56f3e)
-
1.11.7 - 2022-12-06
- Add locale (zh-tw) meridiem (#2149) (1e9ba76)
- update fa locale (#2151) (1c26732)
-
1.11.6 - 2022-10-21
- add BigIntSupport plugin (#2087) (f6dce48)
- Fix objectSupport collides with Duration plugin - issue #2027 (#2038) (c9370ea)
-
1.11.5 - 2022-08-12
- ordinal for nl not working (#2011) (c93c85e)
- wrong ordinal for french locale (#2010) (dd192a7)
-
1.11.4 - 2022-07-19
- correct past property in ku (kurdish) locale (#1916) (74e82b9)
- fix French [fr] local ordinal (#1932) (8f09834)
- fix objectSupport plugin ConfigTypeMap type (#1441) (#1990) (fd51fe4)
- fix type error to add ordianl property in InstanceLocaleDataReturn and GlobalLocaleDataReturn types (#1931) (526f0ae)
- update locale ar-* meridiem function (#1954) (3d31611)
- zh-tw / zh-hk locale ordinal error (#1976) (0a1bd08)
-
1.11.3 - 2022-06-06
-
1.11.2 - 2022-05-06
-
1.11.1 - 2022-04-15
-
1.11.0 - 2022-03-14
-
1.10.8 - 2022-02-28
-
1.10.7 - 2021-09-10
-
1.10.6 - 2021-07-06
-
1.10.5 - 2021-05-26
-
1.10.4 - 2021-01-22
-
1.10.3 - 2021-01-09
-
1.10.2 - 2021-01-05
-
1.10.1 - 2021-01-03
-
1.10.0 - 2021-01-03
-
1.9.8 - 2020-12-27
-
1.9.7 - 2020-12-05
-
1.9.6 - 2020-11-10
-
1.9.5 - 2020-11-05
-
1.9.4 - 2020-10-23
-
1.9.3 - 2020-10-13
-
1.9.2 - 2020-10-13
-
1.9.1 - 2020-09-28
-
1.9.0 - 2020-09-28
-
1.8.36 - 2020-09-17
-
1.8.35 - 2020-09-02
-
1.8.34 - 2020-08-20
-
1.8.33 - 2020-08-10
from dayjs GitHub release notes1.11.13 (2024-08-20)
Bug Fixes
1.11.12 (2024-07-18)
Bug Fixes
1.11.11 (2024-04-28)
Bug Fixes
1.11.10 (2023-09-19)
Bug Fixes
arlocale (#2418) (361be5c)1.11.9 (2023-07-01)
Bug Fixes
1.11.8 (2023-06-02)
Bug Fixes
dateparameter as optional (#2222) (b87aa0e)1.11.7 (2022-12-06)
Bug Fixes
1.11.6 (2022-10-21)
Bug Fixes
1.11.5 (2022-08-12)
Bug Fixes
1.11.4 (2022-07-19)
Bug Fixes
Package name: nuxt
👉 Changelog
compare changes
🩹 Fixes
mkdirp(f67056b9e)❤️ Contributors
👉 Changelog
compare changes
🚀 Enhancements
memfs(#27652)🩹 Fixes
sessionStorage(#27662)🏡 Chore