Open
Conversation
Snyk has created this PR to upgrade:
- vue from 2.6.12 to 2.7.16.
See this package in npm: https://www.npmjs.com/package/vue
- axios from 1.6.8 to 1.7.6.
See this package in npm: https://www.npmjs.com/package/axios
- core-js from 3.37.0 to 3.38.1.
See this package in npm: https://www.npmjs.com/package/core-js
- dotenv from 16.0.3 to 16.4.5.
See this package in npm: https://www.npmjs.com/package/dotenv
See this project in Snyk:
https://app.snyk.io/org/kadimakeith/project/b8e8a269-157d-48b1-b50e-2c3f048e60c5?utm_source=github&utm_medium=referral&page=upgrade-pr
❌ Deploy Preview for biasedfilmreview failed. Why did it fail? →
|
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Snyk has created this PR to upgrade multiple dependencies.
👯 The following dependencies are linked and will therefore be updated together.ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
vue
from 2.6.12 to 2.7.16 | 41 versions ahead of your current version | 9 months ago
on 2023-12-24
axios
from 1.6.8 to 1.7.6 | 10 versions ahead of your current version | 22 days ago
on 2024-08-30
core-js
from 3.37.0 to 3.38.1 | 3 versions ahead of your current version | a month ago
on 2024-08-20
dotenv
from 16.0.3 to 16.4.5 | 17 versions ahead of your current version | 7 months ago
on 2024-02-20
Issues fixed by the recommended upgrade:
SNYK-JS-AXIOS-7361793
Release notes
Package name: vue
-
2.7.16 - 2023-12-24
-
2.7.16-beta.2 - 2023-12-14
-
2.7.16-beta.1 - 2023-12-08
-
2.7.15 - 2023-10-23
-
2.7.14 - 2022-11-09
-
2.7.13 - 2022-10-14
-
2.7.12 - 2022-10-12
-
2.7.11 - 2022-10-11
-
2.7.10 - 2022-08-23
-
2.7.9 - 2022-08-19
-
2.7.8 - 2022-07-22
-
2.7.7 - 2022-07-16
-
2.7.6 - 2022-07-15
-
2.7.5 - 2022-07-13
-
2.7.4 - 2022-07-08
-
2.7.3 - 2022-07-06
-
2.7.2 - 2022-07-05
-
2.7.1 - 2022-07-04
-
2.7.0 - 2022-07-01
-
2.7.0-beta.8 - 2022-06-28
-
2.7.0-beta.7 - 2022-06-27
-
2.7.0-beta.6 - 2022-06-26
-
2.7.0-beta.5 - 2022-06-22
-
2.7.0-beta.4 - 2022-06-21
-
2.7.0-beta.3 - 2022-06-20
-
2.7.0-beta.2 - 2022-06-17
-
2.7.0-beta.1 - 2022-06-17
-
2.7.0-alpha.12 - 2022-06-16
-
2.7.0-alpha.11 - 2022-06-16
-
2.7.0-alpha.10 - 2022-06-16
-
2.7.0-alpha.9 - 2022-06-16
-
2.7.0-alpha.8 - 2022-06-14
-
2.7.0-alpha.7 - 2022-06-14
-
2.7.0-alpha.6 - 2022-06-09
-
2.7.0-alpha.5 - 2022-06-06
-
2.7.0-alpha.4 - 2022-06-01
-
2.7.0-alpha.3 - 2022-06-01
-
2.7.0-alpha.2 - 2022-06-01
-
2.7.0-alpha.1 - 2022-05-31
-
2.6.14 - 2021-06-07
-
2.6.13 - 2021-06-01
-
2.6.12 - 2020-08-20
from vue GitHub release notesPackage name: axios
-
1.7.6 - 2024-08-30
- fetch: fix content length calculation for FormData payload; (#6524) (085f568)
- fetch: optimize signals composing logic; (#6582) (df9889b)
Dmitriy Mozgovoy
Jacques Germishuys
kuroino721
-
1.7.5 - 2024-08-23
- adapter: fix undefined reference to hasBrowserEnv (#6572) (7004707)
- core: add the missed implementation of AxiosError#status property; (#6573) (6700a8a)
- core: fix
- fetch: fix credentials handling in Cloudflare workers (#6533) (550d885)
Dmitriy Mozgovoy
Antonin Bas
Hans Otto Wirtz
-
1.7.4 - 2024-08-13
- sec: CVE-2024-39338 (#6539) (#6543) (6b6b605)
- sec: disregard protocol-relative URL to remediate SSRF (#6539) (07a661a)
Lev Pachmanov
Đỗ Trọng Hải
-
1.7.3 - 2024-08-01
- adapter: fix progress event emitting; (#6518) (e3c76fc)
- fetch: fix withCredentials request config (#6505) (85d4d0e)
- xhr: return original config on errors from XHR adapter (#6515) (8966ee7)
Dmitriy Mozgovoy
Valerii Sidorenko
prianYu
-
1.7.2 - 2024-05-21
- fetch: enhance fetch API detection; (#6413) (4f79aef)
Dmitriy Mozgovoy
-
1.7.1 - 2024-05-20
- fetch: fixed ReferenceError issue when TextEncoder is not available in the environment; (#6410) (733f15f)
Dmitriy Mozgovoy
-
1.7.0 - 2024-05-19
- adapter: add fetch adapter; (#6371) (a3ff99b)
- core/axios: handle un-writable error stack (#6362) (81e0455)
Dmitriy Mozgovoy
Jay
Alexandre ABRIOUX
-
1.7.0-beta.2 - 2024-05-19
- fetch: capitalize HTTP method names; (#6395) (ad3174a)
- fetch: fix & optimize progress capturing for cases when the request data has a nullish value or zero data length (#6400) (95a3e8e)
- fetch: fix headers getting from a stream response; (#6401) (870e0a7)
Dmitriy Mozgovoy
-
1.7.0-beta.1 - 2024-05-07
- core/axios: handle un-writable error stack (#6362) (81e0455)
- fetch: fix cases when ReadableStream or Response.body are not available; (#6377) (d1d359d)
- fetch: treat fetch-related TypeError as an AxiosError.ERR_NETWORK error; (#6380) (bb5f9a5)
Alexandre ABRIOUX
Dmitriy Mozgovoy
-
1.7.0-beta.0 - 2024-04-28
- adapter: add fetch adapter; (#6371) (a3ff99b)
Dmitriy Mozgovoy
Jay
-
1.6.8 - 2024-03-15
from axios GitHub release notesRelease notes:
Bug Fixes
Contributors to this release
Release notes:
Bug Fixes
ReferenceError: navigator is not definedfor custom environments; (#6567) (fed1a4b)Contributors to this release
Release notes:
Bug Fixes
Contributors to this release
Release notes:
Bug Fixes
Contributors to this release
Release notes:
Bug Fixes
Contributors to this release
Release notes:
Bug Fixes
Contributors to this release
Release notes:
Features
Bug Fixes
Contributors to this release
Release notes:
Bug Fixes
Contributors to this release
Release notes:
Bug Fixes
Contributors to this release
Install
Release notes:
Features
Contributors to this release
Install
Package name: core-js
-
3.38.1 - 2024-08-20
- Changes v3.38.0...v3.38.1
- Fixed some cases of
- Some stylistic changes and minor optimizations
- Compat data improvements:
- Added Hermes 0.13 compat data, similar to React Native 0.75 Hermes
- Added Opera Android 84 compat data mapping
-
3.38.0 - 2024-08-04
- Changes v3.37.1...v3.38.0
- Built-ins:
- Moved to stage 3, June 2024 and July 2024 TC39 meetings
- Updated the way of escaping, regex-escaping/77
- Throw an error on non-strings, regex-escaping/58
- Added
- Built-ins:
- Moved to stage 3, June 2024 TC39 meeting
- Added
- Built-ins:
- Added
- Added
- Added
- Added throwing a
- Unconditional forced replacement changed to feature detection
- Fixed
- Improved some cases of environment detection
- Uses
- Uses
- Some minor optimizations
- Updated
- Compat data improvements:
- Added Safari 18.0 compat data:
- Fixed
- Fixed throwing a
- Fixed
- Fixed
- Added
- Added Deno 1.44 and 1.45 compat data mapping
- Added Electron 32 and 33 compat data mapping
- Added Opera Android 83 compat data mapping
- Added Samsung Internet 27 compat data mapping
- Added Oculus Quest Browser 34 compat data mapping
-
3.37.1 - 2024-05-14
- Changes v3.37.0...v3.37.1
- Fixed
- Compat data improvements:
- Added Rhino 1.7.15 compat data, many features marked as supported
- Added NodeJS 22.0 compat data mapping
- Added Deno 1.43 compat data mapping
- Added Electron 31 compat data mapping
- Updated Opera Android 82 compat data mapping
- Added Samsung Internet 26 compat data mapping
- Added Oculus Quest Browser 33 compat data mapping
-
3.37.0 - 2024-04-16
- Changes v3.36.1...v3.37.0
- New
- Built-ins:
- Moved to stable ES, April 2024 TC39 meeting
- Added
- Explicit Resource Management stage 3 proposal
- Some minor updates like explicit-resource-management/217
- Added
- Built-ins:
- Built-ins:
- Added optional arguments support, promise-try/16
- Moved to stage 2.7, April 2024 TC39 meeting
- Moved to hex-escape semantics, regex-escaping/67
- It's not the final change of the way of escaping, waiting for regex-escaping/77 soon
- Pattern matching stage 1 proposal:
- Built-ins:
- Once again, the used well-known symbol was renamed
- Added new entries for that
- Added Extractors stage 1 proposal:
- Built-ins:
- Since the
- Added
- Engines bugs fixes:
- Added a fix of Safari
- Added a fix of Safari bug with double call of constructor in
- Compat data improvements:
- New
- Added Opera Android 82 compat data mapping
from core-js GitHub release notesURLSearchParamspercent decoding, #1357, #1361, thanks @ slowcheetahIteratorhelpers proposal methods marked as shipped from FF131Math.f16roundandDataView.prototype.{ getFloat16, setFloat16 }marked as shipped from Bun 1.1.23RegExp.escapemarked as shipped from Bun 1.1.22Promise.trymarked as shipped from Bun 1.1.22Uint8Arrayto / from base64 and hex proposal methods marked as shipped from Bun 1.1.22RegExp.escapeproposal:RegExp.escape/actual/namespace entries, unconditional forced replacement changed to feature detectionPromise.tryproposal:Promise.try/actual/namespace entries, unconditional forced replacement changed to feature detectionUint8Arrayto / from base64 and hex stage 3 proposal:Uint8Array.fromBase64Uint8Array.fromHexUint8Array.prototype.setFromBase64Uint8Array.prototype.setFromHexUint8Array.prototype.toBase64Uint8Array.prototype.toHexUint8Array.prototype.{ setFromBase64, setFromHex }methodsUint8Array.fromBase64andUint8Array.prototype.setFromBase64lastChunkHandlingoption, proposal-arraybuffer-base64/33Uint8Array.prototype.toBase64omitPaddingoption, proposal-arraybuffer-base64/60TypeErroron arrays backed by detached buffersRegExpnamed capture groups polyfill in combination with non-capturing groups, #1352, thanks @ Ulopprocess.getBuiltinModulefor getting built-in NodeJS modules where it's availablehttpsinstead ofhttpinURLconstructor feature detection to avoid extra notifications from some overly vigilant security scanners, #1345browserslistincore-js-compatdependencies that fixes an upstream issue with incorrect interpretation of somebrowserslistqueries, #1344, browserslist/829, browserslist/836Object.groupByandMap.groupByto work for non-objectsRangeErrorifSetmethods are called on an object with negative size propertySet.prototype.symmetricDifferenceto callthis.hasin each iterationArray.fromAsyncto not call theArrayconstructor twiceURL.parseMath.f16roundandDataView.prototype.{ getFloat16, setFloat16 }marked as shipped from FF129Symbol.asyncDisposeadded and marked as supported from V8 ~ Chromium 127Promise.tryadded and marked as supported from V8 ~ Chromium 128selfdescriptor is broken in Deno 1.45.3 (again)URL.parsefeature detection for some specific casesSetmethods proposal added and marked as supported from FF 127Symbol.disposeadded and marked as supported from V8 ~ Chromium 125Math.f16roundandDataView.prototype.{ getFloat16, setFloat16 }added and marked as supported from Deno 1.43URL.parseadded and marked as supported from Chromium 126URL.parseadded and marked as supported from NodeJS 22.0URL.parseadded and marked as supported from Deno 1.43Setmethods proposal:Set.prototype.intersectionSet.prototype.unionSet.prototype.differenceSet.prototype.symmetricDifferenceSet.prototype.isSubsetOfSet.prototype.isSupersetOfSet.prototype.isDisjointFromes.namespace modules,/es/and/stable/namespaces entriesMath.sumPrecisestage 2.7 proposal:Math.sumPrecisePromise.tryproposal:Promise.tryRegExp.escapestage 2 proposal:Symbol.customMatcherSymbol.customMatcherSymbol.customMatcherwell-known symbol from the pattern matching proposal is also used in the exactors proposal, added an entry also for this proposalURL.parse, url/825{ Object, Map }.groupBybug that does not support iterable primitivesArray.fromAsyncURL.parseadded and marked as supported from FF 126URL.parseadded and marked as supported from Bun 1.1.4URL.canParsefixed and marked as supported from Bun 1.1.0Setmethods fixed in JavaScriptCore and marked as supported from Bun 1.1.1Package name: dotenv
-
16.4.5 - 2024-02-20
-
16.4.4 - 2024-02-13
-
16.4.3 - 2024-02-12
-
16.4.2 - 2024-02-10
-
16.4.1 - 2024-01-24
-
16.4.0 - 2024-01-23
-
16.3.2 - 2024-01-19
-
16.3.1 - 2023-06-17
-
16.3.0 - 2023-06-16
-
16.2.0 - 2023-06-16
-
16.1.4 - 2023-06-04
-
16.1.3 - 2023-05-31
-
16.1.2 - 2023-05-31
-
16.1.1 - 2023-05-31
-
16.1.0 - 2023-05-30
-
16.1.0-rc2 - 2023-05-21
-
16.1.0-rc1 - 2023-04-07
-
16.0.3 - 2022-09-29
from dotenv GitHub release notes16.4.5
16.4.4
16.4.3
16.4.2
16.4.1
16.4.0
16.3.2
16.3.1
16.3.0
16.2.0
Important
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.
For more information: