webml-polyfill icon indicating copy to clipboard operation
webml-polyfill copied to clipboard

Published 20 hours ago β€’ verified publisher icon intel

[Snyk] Upgrade nuxt from 2.13.2 to 2.15.8

Open rdower opened this issue 3 years ago β€’ 0 comments

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to upgrade nuxt from 2.13.2 to 2.15.8.

merge advice :information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

  • The recommended version is 23 versions ahead of your current version.
  • The recommended version was released a year ago, on 2021-08-11.

The recommended version fixes:

Severity Issue PriorityScore (*) Exploit Maturity
Regular Expression Denial of Service (ReDoS)
SNYK-JS-UAPARSERJS-610226		 482/1000
Why? Proof of Concept exploit, CVSS 7.5		 Proof of Concept
Regular Expression Denial of Service (ReDoS)
SNYK-JS-UAPARSERJS-1023599		 482/1000
Why? Proof of Concept exploit, CVSS 7.5		 Proof of Concept
Regular Expression Denial of Service (ReDoS)
SNYK-JS-SSRI-1246392		 482/1000
Why? Proof of Concept exploit, CVSS 7.5		 Proof of Concept
Regular Expression Denial of Service (ReDoS)
SNYK-JS-SSRI-1246392		 482/1000
Why? Proof of Concept exploit, CVSS 7.5		 Proof of Concept
Remote Code Execution (RCE)
SNYK-JS-SHELLQUOTE-1766506		 482/1000
Why? Proof of Concept exploit, CVSS 7.5		 No Known Exploit
Arbitrary Code Injection
SNYK-JS-SERIALIZEJAVASCRIPT-570062		 482/1000
Why? Proof of Concept exploit, CVSS 7.5		 Proof of Concept
Regular Expression Denial of Service (ReDoS)
SNYK-JS-UGLIFYJS-1727251		 482/1000
Why? Proof of Concept exploit, CVSS 7.5		 No Known Exploit
Regular Expression Denial of Service (ReDoS)
SNYK-JS-UAPARSERJS-1072471		 482/1000
Why? Proof of Concept exploit, CVSS 7.5		 Proof of Concept
Regular Expression Denial of Service (ReDoS)
SNYK-JS-TERSER-2806366		 482/1000
Why? Proof of Concept exploit, CVSS 7.5		 No Known Exploit
Cross-site Scripting (XSS)
SNYK-JS-PARSEURL-2942134		 482/1000
Why? Proof of Concept exploit, CVSS 7.5		 Proof of Concept
Server-side Request Forgery (SSRF)
SNYK-JS-PARSEURL-2936249		 482/1000
Why? Proof of Concept exploit, CVSS 7.5		 Proof of Concept
Remote Code Execution (RCE)
SNYK-JS-EJS-2803307		 482/1000
Why? Proof of Concept exploit, CVSS 7.5		 Proof of Concept
Regular Expression Denial of Service (ReDoS)
SNYK-JS-ANSIHTML-1296849		 482/1000
Why? Proof of Concept exploit, CVSS 7.5		 Proof of Concept
Information Exposure
SNYK-JS-PARSEURL-2935947		 482/1000
Why? Proof of Concept exploit, CVSS 7.5		 Proof of Concept
Cross-site Scripting (XSS)
SNYK-JS-PARSEURL-2935944		 482/1000
Why? Proof of Concept exploit, CVSS 7.5		 Proof of Concept
Denial of Service
SNYK-JS-NODEFETCH-674311		 482/1000
Why? Proof of Concept exploit, CVSS 7.5		 No Known Exploit
Information Exposure
SNYK-JS-NODEFETCH-2342118		 482/1000
Why? Proof of Concept exploit, CVSS 7.5		 No Known Exploit
Information Exposure
SNYK-JS-NANOID-2332193		 482/1000
Why? Proof of Concept exploit, CVSS 7.5		 Proof of Concept
Regular Expression Denial of Service (ReDoS)
SNYK-JS-ISSVG-1243891		 482/1000
Why? Proof of Concept exploit, CVSS 7.5		 Proof of Concept
Regular Expression Denial of Service (ReDoS)
SNYK-JS-ISSVG-1085627		 482/1000
Why? Proof of Concept exploit, CVSS 7.5		 Proof of Concept
Prototype Pollution
SNYK-JS-FLAT-596927		 482/1000
Why? Proof of Concept exploit, CVSS 7.5		 Proof of Concept
Cryptographic Issues
SNYK-JS-ELLIPTIC-1064899		 482/1000
Why? Proof of Concept exploit, CVSS 7.5		 No Known Exploit
Arbitrary Code Injection
SNYK-JS-EJS-1049328		 482/1000
Why? Proof of Concept exploit, CVSS 7.5		 Proof of Concept
Regular Expression Denial of Service (ReDoS)
SNYK-JS-COLORSTRING-1082939		 482/1000
Why? Proof of Concept exploit, CVSS 7.5		 Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Release notes
Package name: nuxt
  • 2.15.8 - 2021-08-11

    πŸ› Bug Fixes

    • vue-app
      • #9460 Don't normalise route path if it's valid
    • babel
      • #9631 Loose option for babel private-property-in-object
  • 2.15.7 - 2021-06-14

    πŸ”° Security advisory

    Please upgrade to nuxt@^2.15.7 if using [email protected] or [email protected]

    πŸ› Bug Fixes

    • vue-app
      • #9431 Check whether a route exists within the nuxt app before replacing
  • 2.15.6 - 2021-05-12

    πŸ› Bug Fixes

  • 2.15.5 - 2021-05-09

    πŸ› Bug Fixes

    • babel
      • #9232 Loose option for babel class-properties and private-methods (resolves #9224)
    • vue-app
      • #9201 Use route.replace instead of router.push to trigger navigation guards (resolves #9111)
    • builder
      • #9153 Resolve aliases in build.watch paths (resolves #9045)
    • cli
      • #9152 Add warning for css-loader < 4.2 (resolves #9117)

    πŸ’– Thanks to

  • 2.15.4 - 2021-04-01

    πŸ› Bug Fixes

    • vue-app
      • #8978 Reload page once after loading chunk error (resolves #3389)
      • #9008 Fallback to global nuxt instance of $root is not available (resolves #8995)
      • #9010 Use app.context.route to match components in server (resolves #9009)
      • #9024 Serialize redirect functions in routes (resolves #8979)
      • #9026 Re-call $fetch if data is missing in payload (resolves #9016)
      • #9050 Use app.context.route for resolving components (resolves #9049)
      • #9075 Move internal app runtime config to _app namespace (resolves #9074)
    • config
      • #9014 Set compileType to icss for css-loader v4
    • server
      • #9034 Avoid caching .js assets in development to fix HMR in safari (resolves #3828)
    • cli

    πŸ‘• Types

    • #9078 Inline @ types/terser-webpack-plugin
    • #9086 Use options from sass-loader rather than sass (resolves #9085)
    • #9053 Css-loader v4 type definitions
    • #9018 Don't require all csp policies as keys (resolves #9017)
    • #9059 Add stub entrypoint to allow node resolution of @ nuxt/types (resolves #9030)

    πŸ’– Thanks to

  • 2.15.3 - 2021-03-10

    πŸ› Bug Fixes

    • types
      • #8953 Export interface for NuxtConfig instead of type
    • webpack
      • #8951 Update hmr option for extract-css-chunks-webpack-plugin
    • general
      • #8936 Allow force overriding resolve paths
      • #8935 Allow relative public paths
      • #8887 Update @ babel/preset-env to 2.13.x
    • vue-renderer
      • #8912 Respect injectScripts for static target

    πŸ’– Thanks to

  • 2.15.2 - 2021-02-23

    πŸ› Bug Fixes

    • babel-preset-app
      • #8882 Pin @ babel/preset-env to ~7.12
      • #8883 Avoid relying on preset-env internal utils

    πŸ’– Thanks to

  • 2.15.1 - 2021-02-19 Read more
  • 2.15.0 - 2021-02-15 Read more
  • 2.14.12 - 2020-12-16 Read more
  • 2.14.11 - 2020-12-09
  • 2.14.10 - 2020-12-07
  • 2.14.9 - 2020-12-02
  • 2.14.8 - 2020-12-01
  • 2.14.7 - 2020-10-15
  • 2.14.6 - 2020-09-21
  • 2.14.5 - 2020-09-10
  • 2.14.4 - 2020-08-27
  • 2.14.3 - 2020-08-16
  • 2.14.2 - 2020-08-16
  • 2.14.1 - 2020-08-04
  • 2.14.0 - 2020-07-27
  • 2.13.3 - 2020-07-02
  • 2.13.2 - 2020-06-26
from nuxt GitHub release notes

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

πŸ›  Adjust upgrade PR settings

πŸ”• Ignore this dependency or unsubscribe from future upgrade PRs

rdower avatar Aug 25 '22 02:08 rdower