Skip to content

Update dependency nuxt to v3 #125

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
dev-mend-for-github-com wants to merge 1 commit into
base: trunk
Choose a base branch
from

Update dependency nuxt to v3

09e749f
Select commit
Loading
Failed to load commit list.
Open

Update dependency nuxt to v3 #125

Update dependency nuxt to v3
09e749f
Select commit
Loading
Failed to load commit list.
Dev - Mend for GitHub.com / Mend Security Check failed Feb 25, 2026 in 7m 5s

Security Report

❗️Scan Incomplete: The scan completed with partial failure. The integration encountered issues with one or more projects in this repository, preventing their scan. The errors occurred in the following package managers: php. Consequently, there may be gaps in the coverage of open-source dependencies used in the repository.

You have successfully remediated 78 vulnerabilities, but introduced 18 new vulnerabilities in this branch.

❌ New vulnerabilities:

Vulnerability Severity CVSS Score Vulnerable Library Direct Library Suggested Fix Issue Reachability
CVE-2025-53892

Path to dependency file: /src/Administration/Resources/app/administration/package.json

Path to vulnerable library: /src/Administration/Resources/app/administration/package.json

Dependency Hierarchy:

-> ❌ vue-i18n-9.2.2.tgz (Vulnerable Library)

Medium 6.1 Direct vue-i18n-9.2.2.tgz vue-i18n-9.2.2.tgz https://github.com/intlify/vue-i18n.git - no_fix None

Reachable
CVE-2025-54798

Path to dependency file: /tests/e2e/package.json

Path to vulnerable library: /tests/e2e/package.json

Dependency Hierarchy:

-> cypress-3.1.2.tgz (Root Library)

   -> cypress-12.17.4.tgz

     -> ❌ tmp-0.2.1.tgz (Vulnerable Library)

Low 2.5 Transitive tmp-0.2.1.tgz cypress-3.1.2.tgz Transitive 0.2.4 None

Reachable
CVE-2025-57820

Path to dependency file: /src/Administration/Resources/app/administration/build/nuxt-component-library/package.json

Path to vulnerable library: /src/Administration/Resources/app/administration/build/nuxt-component-library/package.json

Dependency Hierarchy:

-> nuxt-3.8.1.tgz (Root Library)

   -> ❌ devalue-4.3.3.tgz (Vulnerable Library)

Critical 10.0 Transitive devalue-4.3.3.tgz nuxt-3.8.1.tgz Transitive 5.3.2 None

Unreachable
CVE-2025-7783

Path to dependency file: /tests/e2e/package.json

Path to vulnerable library: /tests/e2e/package.json

Dependency Hierarchy:

-> cypress-3.1.2.tgz (Root Library)

   -> cypress-12.17.4.tgz

     -> request-2.88.12.tgz

       -> ❌ form-data-2.3.3.tgz (Vulnerable Library)

High 8.7 Transitive form-data-2.3.3.tgz cypress-3.1.2.tgz None

Unreachable
CVE-2025-62522

Path to dependency file: /src/Administration/Resources/app/administration/build/nuxt-component-library/package.json

Path to vulnerable library: /src/Administration/Resources/app/administration/build/nuxt-component-library/package.json

Dependency Hierarchy:

-> nuxt-3.8.1.tgz (Root Library)

   -> vite-builder-3.8.1.tgz

     -> ❌ vite-4.5.14.tgz (Vulnerable Library)

Medium 6.5 Transitive vite-4.5.14.tgz nuxt-3.8.1.tgz Transitive https://gitlab.com/remram44/taguette.git - v1.5.0 None

Unreachable
CVE-2023-28155

Path to dependency file: /tests/e2e/package.json

Path to vulnerable library: /tests/e2e/package.json

Dependency Hierarchy:

-> cypress-3.1.2.tgz (Root Library)

   -> cypress-12.17.4.tgz

     -> ❌ request-2.88.12.tgz (Vulnerable Library)

Medium 6.1 Transitive request-2.88.12.tgz cypress-3.1.2.tgz Transitive 3.0.0 None

Unreachable
CVE-2026-24001

Path to dependency file: /src/Administration/Resources/app/administration/build/nuxt-component-library/package.json

Path to vulnerable library: /src/Administration/Resources/app/administration/build/nuxt-component-library/package.json

Dependency Hierarchy:

-> nuxt-3.8.1.tgz (Root Library)

   -> devtools-1.7.0.tgz

     -> devtools-wizard-1.7.0.tgz

       -> ❌ diff-7.0.0.tgz (Vulnerable Library)

Medium 5.3 Transitive diff-7.0.0.tgz nuxt-3.8.1.tgz Transitive https://github.com/kpdecker/jsdiff.git - v4.0.4,https://github.com/kpdecker/jsdiff.git - v5.2.2,https://github.com/kpdecker/jsdiff.git - v8.0.3 None

Unreachable
CVE-2025-58752

Path to dependency file: /src/Administration/Resources/app/administration/build/nuxt-component-library/package.json

Path to vulnerable library: /src/Administration/Resources/app/administration/build/nuxt-component-library/package.json

Dependency Hierarchy:

-> nuxt-3.8.1.tgz (Root Library)

   -> vite-builder-3.8.1.tgz

     -> ❌ vite-4.5.14.tgz (Vulnerable Library)

Medium 5.3 Transitive vite-4.5.14.tgz nuxt-3.8.1.tgz Transitive vite - 6.3.6,vite - 7.1.5,vite - 7.0.7,vite - 5.4.20 None

Unreachable
CVE-2025-24360

Path to dependency file: /src/Administration/Resources/app/administration/build/nuxt-component-library/package.json

Path to vulnerable library: /src/Administration/Resources/app/administration/build/nuxt-component-library/package.json

Dependency Hierarchy:

-> nuxt-3.8.1.tgz (Root Library)

   -> ❌ vite-builder-3.8.1.tgz (Vulnerable Library)

Medium 5.3 Transitive vite-builder-3.8.1.tgz nuxt-3.8.1.tgz Transitive @nuxt/vite-builder - 3.15.3 None

Unreachable
CVE-2025-58751

Path to dependency file: /src/Administration/Resources/app/administration/build/nuxt-component-library/package.json

Path to vulnerable library: /src/Administration/Resources/app/administration/build/nuxt-component-library/package.json

Dependency Hierarchy:

-> nuxt-3.8.1.tgz (Root Library)

   -> vite-builder-3.8.1.tgz

     -> ❌ vite-4.5.14.tgz (Vulnerable Library)

Medium 4.3 Transitive vite-4.5.14.tgz nuxt-3.8.1.tgz Transitive 5.4.20 None

Unreachable
CVE-2026-2391

Path to dependency file: /tests/e2e/package.json

Path to vulnerable library: /tests/e2e/package.json

Dependency Hierarchy:

-> cypress-3.1.2.tgz (Root Library)

   -> cypress-12.17.4.tgz

     -> request-2.88.12.tgz

       -> ❌ qs-6.10.4.tgz (Vulnerable Library)

Low 3.7 Transitive qs-6.10.4.tgz cypress-3.1.2.tgz Transitive 6.14.2 None

Unreachable
CVE-2025-15284

Path to dependency file: /tests/e2e/package.json

Path to vulnerable library: /tests/e2e/package.json

Dependency Hierarchy:

-> cypress-3.1.2.tgz (Root Library)

   -> cypress-12.17.4.tgz

     -> request-2.88.12.tgz

       -> ❌ qs-6.10.4.tgz (Vulnerable Library)

Low 3.7 Transitive qs-6.10.4.tgz cypress-3.1.2.tgz Transitive qs - 6.14.1 None

Unreachable
CVE-2025-59414

Path to dependency file: /src/Administration/Resources/app/administration/build/nuxt-component-library/package.json

Path to vulnerable library: /src/Administration/Resources/app/administration/build/nuxt-component-library/package.json

Dependency Hierarchy:

-> ❌ nuxt-3.8.1.tgz (Vulnerable Library)

Low 3.1 Direct nuxt-3.8.1.tgz nuxt-3.8.1.tgz nuxt - 3.19.0,nuxt - 4.1.0 None

Unreachable
CVE-893166-217151

Path to dependency file: /tests/e2e/package.json

Path to vulnerable library: /tests/e2e/package.json

Dependency Hierarchy:

-> cypress-3.1.2.tgz (Root Library)

   -> cypress-12.17.4.tgz

     -> request-2.88.12.tgz

       -> ❌ form-data-2.3.3.tgz (Vulnerable Library)

Critical 9.8 Transitive form-data-2.3.3.tgz cypress-3.1.2.tgz None
CVE-814504-1548

Path to dependency file: /tests/e2e/package.json

Path to vulnerable library: /tests/e2e/package.json

Dependency Hierarchy:

-> cypress-3.1.2.tgz (Root Library)

   -> cypress-12.17.4.tgz

     -> request-2.88.12.tgz

       -> ❌ isstream-0.1.2.tgz (Vulnerable Library)

Critical 9.8 Transitive isstream-0.1.2.tgz cypress-3.1.2.tgz None
CVE-72435-185255

Path to dependency file: /tests/e2e/package.json

Path to vulnerable library: /tests/e2e/package.json

Dependency Hierarchy:

-> cypress-3.1.2.tgz (Root Library)

   -> cypress-12.17.4.tgz

     -> request-2.88.12.tgz

       -> http-signature-1.3.6.tgz

         -> sshpk-1.17.0.tgz

           -> ❌ tweetnacl-0.14.5.tgz (Vulnerable Library)

Critical 9.8 Transitive tweetnacl-0.14.5.tgz cypress-3.1.2.tgz None
CVE-402712-500231

Path to dependency file: /tests/e2e/package.json

Path to vulnerable library: /tests/e2e/package.json

Dependency Hierarchy:

-> cypress-3.1.2.tgz (Root Library)

   -> cypress-12.17.4.tgz

     -> request-2.88.12.tgz

       -> http-signature-1.3.6.tgz

         -> sshpk-1.17.0.tgz

           -> ❌ dashdash-1.14.1.tgz (Vulnerable Library)

Critical 9.8 Transitive dashdash-1.14.1.tgz cypress-3.1.2.tgz None
CVE-295712-399081

Path to dependency file: /tests/e2e/package.json

Path to vulnerable library: /tests/e2e/package.json

Dependency Hierarchy:

-> cypress-3.1.2.tgz (Root Library)

   -> cypress-12.17.4.tgz

     -> request-2.88.12.tgz

       -> http-signature-1.3.6.tgz

         -> sshpk-1.17.0.tgz

           -> ❌ asn1-0.2.6.tgz (Vulnerable Library)

Critical 9.8 Transitive asn1-0.2.6.tgz cypress-3.1.2.tgz None

✔️ Remediated vulnerabilities:

Vulnerability Vulnerable Library
CVE-2020-8203 lodash-4.17.15.tgz
CVE-2022-0235 node-fetch-2.6.0.tgz
CVE-2021-23337 lodash-4.17.15.tgz
GHSA-8x6c-cv3v-vp6g cacheable-request-6.1.0.tgz
CVE-2025-14505 elliptic-6.5.2.tgz
CVE-2024-21538 cross-spawn-7.0.1.tgz
CVE-2020-28469 glob-parent-5.1.0.tgz
CVE-2021-27290 ssri-7.1.0.tgz
CVE-2024-45590 body-parser-1.19.0.tgz
CVE-2021-23424 ansi-html-0.0.7.tgz
CVE-2021-23343 path-parse-1.0.6.tgz
CVE-2020-7733 ua-parser-js-0.7.20.tgz
CVE-2024-42461 elliptic-6.5.2.tgz
CVE-2024-43800 serve-static-1.14.1.tgz
CVE-495493-603164 delegates-1.0.0.tgz
CVE-2022-24999 qs-6.7.0.tgz
CVE-587792-470342 on-finished-2.3.0.tgz
CVE-2020-13822 elliptic-6.5.2.tgz
CVE-2022-25881 http-cache-semantics-4.1.0.tgz
CVE-2024-9506 vue-template-compiler-2.6.10.tgz
CVE-2021-37701 tar-4.4.8.tgz
CVE-796484-931798 lodash-4.17.15.tgz
CVE-2022-46175 json5-2.1.1.tgz
CVE-2021-23364 browserslist-4.8.2.tgz
CVE-2021-29060 color-string-1.5.3.tgz
CVE-2020-28500 lodash-4.17.15.tgz
CVE-2020-8116 dot-prop-4.2.0.tgz
CVE-2021-29059 is-svg-3.0.0.tgz
CVE-2021-3807 ansi-regex-5.0.0.tgz
CVE-2025-26862 urllib3-2.2.3-py3-none-any.whl
CVE-2020-15168 node-fetch-2.6.0.tgz
CVE-2025-13466 body-parser-1.19.0.tgz
CVE-2021-23337 lodash.template-4.5.0.tgz
CVE-2025-6545 pbkdf2-3.0.17.tgz
WS-2020-0042 acorn-6.3.0.tgz
GHSA-7fhm-mqm4-2wp7 minimist-0.0.8.tgz
CVE-2026-21441 urllib3-2.2.3-py3-none-any.whl
WS-2019-0424 elliptic-6.5.2.tgz
CVE-2020-28498 elliptic-6.5.2.tgz
CVE-2022-25927 ua-parser-js-0.7.20.tgz
CVE-2021-37712 tar-4.4.8.tgz
GHSA-6chw-6frg-f759 acorn-6.3.0.tgz
CVE-2022-37620 html-minifier-4.0.0.tgz
CVE-2020-7660 serialize-javascript-1.9.1.tgz
CVE-2021-23382 postcss-7.0.24.tgz
CVE-2024-42459 elliptic-6.5.2.tgz
CVE-2024-34343 nuxt-2.10.2.tgz
CVE-2024-9506 vue-server-renderer-2.6.10.tgz
WS-2021-0152 color-string-1.5.3.tgz
CVE-2024-43796 express-4.17.1.tgz
CVE-2024-42460 elliptic-6.5.2.tgz
CVE-2021-28092 is-svg-3.0.0.tgz
GHSA-7fhm-mqm4-2wp7 acorn-6.3.0.tgz
CVE-2020-7793 ua-parser-js-0.7.20.tgz
CVE-2021-27292 ua-parser-js-0.7.20.tgz
CVE-2025-50182 urllib3-2.2.3-py3-none-any.whl
GHSA-7fhm-mqm4-2wp7 minimist-1.2.0.tgz
CVE-2021-37713 tar-4.4.8.tgz
CVE-2024-43788 webpack-4.41.2.tgz
CVE-2024-47081 requests-2.32.3-py3-none-any.whl
CVE-2022-37598 uglify-js-3.7.2.tgz
CVE-2024-6783 vue-2.6.10.tgz
CVE-2020-7660 serialize-javascript-2.1.2.tgz
CVE-2025-6547 pbkdf2-3.0.17.tgz
CVE-2021-32640 ws-6.2.1.tgz
CVE-2021-32804 tar-4.4.8.tgz
CVE-2025-66471 urllib3-2.2.3-py3-none-any.whl
CVE-2026-2739 bn.js-4.11.8.tgz
CVE-2021-23368 postcss-7.0.24.tgz
CVE-2024-47764 cookie-0.4.0.tgz
CVE-2025-15284 qs-6.7.0.tgz
CVE-2022-25883 semver-5.7.0.tgz
CVE-2021-32803 tar-4.4.8.tgz
CVE-2021-42740 shell-quote-1.7.2.tgz
CVE-2026-2391 qs-6.7.0.tgz
CVE-2024-9506 vue-2.6.10.tgz
CVE-2024-10491 express-4.17.1.tgz
CVE-2025-50181 urllib3-2.2.3-py3-none-any.whl

Base branch total remaining vulnerabilities: 231
Base branch commit: null


Total libraries scanned: 2546

Scan token: 9168b111df304b56b8da84759c398abc

View more details on Dev - Mend for GitHub.com