[Snyk] Upgrade: vue, vue-template-compiler #16

snyk-io · 2024-08-10T05:47:32Z

Snyk has created this PR to upgrade multiple dependencies.

👯‍♂ The following dependencies are linked and will therefore be updated together.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

⚠️ Warning: This PR contains major version upgrade(s), and may be a breaking change.

Name	Versions	Released on

vue
from 2.6.10 to 3.4.33 | 253 versions ahead of your current version
⚠️ This is a major version upgrade, and may be a breaking change | 22 days ago
on 2024-07-19
vue-template-compiler
from 2.6.10 to 2.7.16 | 43 versions ahead of your current version | 8 months ago
on 2023-12-24

Issues fixed by the recommended upgrade:

Issue	Score	Exploit Maturity
Cryptographic Issues SNYK-JS-ELLIPTIC-571484	221	Proof of Concept
Prototype Pollution SNYK-JS-LOADERUTILS-3043105	221	No Known Exploit
Prototype Pollution SNYK-JS-INI-1048974	221	Proof of Concept
Server-side Request Forgery (SSRF) SNYK-JS-IP-6240864	221	Proof of Concept
Code Injection SNYK-JS-LODASH-1040724	221	Proof of Concept
Prototype Pollution SNYK-JS-LODASH-567746	221	Proof of Concept
Prototype Pollution SNYK-JS-LODASH-608086	221	Proof of Concept
Prototype Pollution SNYK-JS-LODASH-6139239	221	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-SSRI-1246392	221	Proof of Concept
Arbitrary File Overwrite SNYK-JS-TAR-1536528	221	No Known Exploit
Improper Verification of Cryptographic Signature SNYK-JS-BROWSERIFYSIGN-6037026	221	No Known Exploit
Prototype Pollution SNYK-JS-NODEFORGE-598677	221	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-LOADERUTILS-3042992	221	No Known Exploit
Denial of Service (DoS) SNYK-JS-HTTPPROXY-569139	221	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-ISSVG-1085627	221	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-ISSVG-1243891	221	Proof of Concept
Prototype Pollution SNYK-JS-JSON5-3182856	221	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-LOADERUTILS-3105943	221	No Known Exploit
Prototype Pollution SNYK-JS-JSON5-3182856	221	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	221	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-3050818	221	No Known Exploit
Information Exposure SNYK-JS-EVENTSOURCE-2823375	221	Proof of Concept
Cryptographic Issues SNYK-JS-ELLIPTIC-1064899	221	No Known Exploit
Open Redirect SNYK-JS-EXPRESS-6474509	221	No Known Exploit
Prototype Pollution SNYK-JS-MINIMIST-559764	221	Proof of Concept
Prototype Pollution SNYK-JS-MINIMIST-559764	221	Proof of Concept
Timing Attack SNYK-JS-ELLIPTIC-511941	221	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-BROWSERSLIST-1090194	221	Proof of Concept
Command Injection SNYK-JS-NODENOTIFIER-1035794	221	No Known Exploit
Validation Bypass SNYK-JS-KINDOF-537849	221	Proof of Concept
Prototype Pollution SNYK-JS-MINIMIST-2429795	221	Proof of Concept
Prototype Pollution SNYK-JS-MINIMIST-2429795	221	Proof of Concept
Incomplete List of Disallowed Inputs SNYK-JS-BABELTRAVERSE-5962462	221	Proof of Concept
Prototype Poisoning SNYK-JS-QS-3153490	221	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	221	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	221	Proof of Concept
Arbitrary File Overwrite SNYK-JS-TAR-1536531	221	No Known Exploit
Arbitrary File Write SNYK-JS-TAR-1579147	221	No Known Exploit
Denial of Service (DoS) SNYK-JS-DECODEURICOMPONENT-3149970	221	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	221	Proof of Concept
Cross-site Scripting (XSS) SNYK-JS-SERIALIZEJAVASCRIPT-536840	221	No Known Exploit
Arbitrary Code Injection SNYK-JS-SERIALIZEJAVASCRIPT-570062	221	Proof of Concept
Cross-site Scripting (XSS) SNYK-JS-SERIALIZEJAVASCRIPT-6056521	221	No Known Exploit
Arbitrary File Write SNYK-JS-TAR-1579152	221	No Known Exploit
Arbitrary File Write SNYK-JS-TAR-1579155	221	No Known Exploit
Remote Memory Exposure SNYK-JS-DNSPACKET-1293563	221	No Known Exploit
Improper Input Validation SNYK-JS-URLPARSE-2407770	221	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-WEBSOCKETEXTENSIONS-570623	221	Proof of Concept
Prototype Pollution SNYK-JS-AJV-584908	221	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIHTML-1296849	221	Proof of Concept
Prototype Pollution SNYK-JS-ASYNC-2441827	221	Proof of Concept
Denial of Service (DoS) SNYK-JS-WS-7266574	221	Proof of Concept
Prototype Pollution SNYK-JS-Y18N-1021887	221	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-COLORSTRING-1082939	221	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-PATHPARSE-1077067	221	Proof of Concept
Uncontrolled Resource Consumption ('Resource Exhaustion') SNYK-JS-TAR-6476909	221	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-POSTCSS-1090595	221	Proof of Concept
Access Restriction Bypass SNYK-JS-URLPARSE-2401205	221	Proof of Concept
Authorization Bypass SNYK-JS-URLPARSE-2407759	221	Proof of Concept
Denial of Service (DoS) SNYK-JS-SOCKJS-575261	221	Proof of Concept
Prototype Pollution SNYK-JS-DOTPROP-543489	221	Proof of Concept
Authorization Bypass Through User-Controlled Key SNYK-JS-URLPARSE-2412697	221	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-WS-1296835	221	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-TAR-1536758	221	No Known Exploit
Regular Expression Denial of Service (ReDoS) npm:debug:20170905	221	Proof of Concept
Regular Expression Denial of Service (ReDoS) npm:debug:20170905	221	Proof of Concept

Release notes

Package name: vue

3.4.33 - 2024-07-19
For stable releases, please refer to CHANGELOG.md for details.
For pre-releases, please refer to CHANGELOG.md of the minor branch.
3.4.32 - 2024-07-17
For stable releases, please refer to CHANGELOG.md for details.
For pre-releases, please refer to CHANGELOG.md of the minor branch.
3.4.31 - 2024-06-28
For stable releases, please refer to CHANGELOG.md for details.
For pre-releases, please refer to CHANGELOG.md of the minor branch.
3.4.30 - 2024-06-22
For stable releases, please refer to CHANGELOG.md for details.
For pre-releases, please refer to CHANGELOG.md of the minor branch.
3.4.29 - 2024-06-14
For stable releases, please refer to CHANGELOG.md for details.
For pre-releases, please refer to CHANGELOG.md of the minor branch.
3.4.28 - 2024-06-14
For stable releases, please refer to CHANGELOG.md for details.
For pre-releases, please refer to CHANGELOG.md of the minor branch.
3.4.27 - 2024-05-07
For stable releases, please refer to CHANGELOG.md for details.
For pre-releases, please refer to CHANGELOG.md of the minor branch.
3.4.26 - 2024-04-29
Please refer to CHANGELOG.md for details.
3.4.25 - 2024-04-24
3.4.24 - 2024-04-22
3.4.23 - 2024-04-16
3.4.22 - 2024-04-15
3.4.21 - 2024-02-28
3.4.20 - 2024-02-26
3.4.19 - 2024-02-13
3.4.18 - 2024-02-09
3.4.17 - 2024-02-09
3.4.16 - 2024-02-08
3.4.15 - 2024-01-18
3.4.14 - 2024-01-15
3.4.13 - 2024-01-13
3.4.12 - 2024-01-13
3.4.11 - 2024-01-12
3.4.10 - 2024-01-11
3.4.9 - 2024-01-11
3.4.8 - 2024-01-10
3.4.7 - 2024-01-09
3.4.6 - 2024-01-08
3.4.5 - 2024-01-04
3.4.4 - 2024-01-03
3.4.3 - 2023-12-30
3.4.2 - 2023-12-30
3.4.1 - 2023-12-30
3.4.0 - 2023-12-29
3.4.0-rc.3 - 2023-12-27
3.4.0-rc.2 - 2023-12-26
3.4.0-rc.1 - 2023-12-25
3.4.0-beta.4 - 2023-12-19
3.4.0-beta.3 - 2023-12-16
3.4.0-beta.2 - 2023-12-14
3.4.0-beta.1 - 2023-12-13
3.4.0-alpha.4 - 2023-12-04
3.4.0-alpha.3 - 2023-11-28
3.4.0-alpha.2 - 2023-11-27
3.4.0-alpha.1 - 2023-10-28
3.3.13 - 2023-12-19
3.3.12 - 2023-12-16
3.3.11 - 2023-12-08
3.3.10 - 2023-12-04
3.3.9 - 2023-11-25
3.3.8 - 2023-11-06
3.3.7 - 2023-10-24
3.3.6 - 2023-10-20
3.3.5 - 2023-10-20
3.3.4 - 2023-05-18
3.3.3 - 2023-05-18
3.3.2 - 2023-05-12
3.3.1 - 2023-05-11
3.3.0 - 2023-05-11
3.3.0-beta.5 - 2023-05-08
3.3.0-beta.4 - 2023-05-05
3.3.0-beta.3 - 2023-05-01
3.3.0-beta.2 - 2023-04-25
3.3.0-beta.1 - 2023-04-21
3.3.0-alpha.13 - 2023-04-20
3.3.0-alpha.12 - 2023-04-18
3.3.0-alpha.11 - 2023-04-17
3.3.0-alpha.10 - 2023-04-17
3.3.0-alpha.9 - 2023-04-08
3.3.0-alpha.8 - 2023-04-04
3.3.0-alpha.7 - 2023-04-03
3.3.0-alpha.6 - 2023-03-30
3.3.0-alpha.5 - 2023-03-26
3.3.0-alpha.4 - 2023-02-06
3.3.0-alpha.3 - 2023-02-06
3.3.0-alpha.2 - 2023-02-05
3.3.0-alpha.1 - 2023-02-05
3.2.47 - 2023-02-02
3.2.46 - 2023-02-02
3.2.45 - 2022-11-11
3.2.44 - 2022-11-09
3.2.43 - 2022-11-09
3.2.42 - 2022-11-09
3.2.41 - 2022-10-14
3.2.40 - 2022-09-28
3.2.39 - 2022-09-08
3.2.38 - 2022-08-30
3.2.37 - 2022-06-06
3.2.36 - 2022-05-23
3.2.35 - 2022-05-20
3.2.34 - 2022-05-19
3.2.34-beta.1 - 2022-05-17
3.2.33 - 2022-04-14
3.2.32 - 2022-04-12
3.2.31 - 2022-02-12
3.2.30 - 2022-02-07
3.2.29 - 2022-01-23
3.2.28 - 2022-01-21
3.2.27 - 2022-01-16
3.2.26 - 2021-12-12
3.2.25 - 2021-12-12
3.2.24 - 2021-12-06
3.2.23 - 2021-11-26
3.2.22 - 2021-11-15
3.2.21 - 2021-11-02
3.2.20 - 2021-10-08
3.2.19 - 2021-09-25
3.2.18 - 2021-09-24
3.2.17 - 2021-09-24
3.2.16 - 2021-09-23
3.2.15 - 2021-09-23
3.2.14 - 2021-09-22
3.2.13 - 2021-09-21
3.2.12 - 2021-09-17
3.2.11 - 2021-09-08
3.2.10 - 2021-09-07
3.2.9 - 2021-09-05
3.2.8 - 2021-09-02
3.2.7 - 2021-09-01
3.2.6 - 2021-08-24
3.2.5 - 2021-08-24
3.2.4 - 2021-08-17
3.2.3 - 2021-08-16
3.2.2 - 2021-08-11
3.2.1 - 2021-08-09
3.2.0 - 2021-08-09
3.2.0-beta.8 - 2021-08-07
3.2.0-beta.7 - 2021-07-29
3.2.0-beta.6 - 2021-07-27
3.2.0-beta.5 - 2021-07-23
3.2.0-beta.4 - 2021-07-21
3.2.0-beta.3 - 2021-07-20
3.2.0-beta.2 - 2021-07-19
3.2.0-beta.1 - 2021-07-16
3.1.5 - 2021-07-16
3.1.4 - 2021-07-02
3.1.3 - 2021-07-01
3.1.2 - 2021-06-22
3.1.1 - 2021-06-07
3.1.0 - 2021-06-07
3.1.0-beta.7 - 2021-06-02
3.1.0-beta.6 - 2021-05-28
3.1.0-beta.5 - 2021-05-26
3.1.0-beta.4 - 2021-05-24
3.1.0-beta.3 - 2021-05-12
3.1.0-beta.2 - 2021-05-08
3.1.0-beta.1 - 2021-05-08
3.0.11 - 2021-04-01
3.0.10 - 2021-03-31
3.0.9 - 2021-03-27
3.0.8 - 2021-03-26
3.0.7 - 2021-03-01
3.0.6 - 2021-02-24
3.0.5 - 2020-12-30
3.0.4 - 2020-12-02
3.0.3 - 2020-11-25
3.0.2 - 2020-10-20
3.0.1 - 2020-10-15
3.0.0 - 2020-09-18
3.0.0-rc.13 - 2020-09-18
3.0.0-rc.12 - 2020-09-16
3.0.0-rc.11 - 2020-09-15
3.0.0-rc.10 - 2020-09-02
3.0.0-rc.9 - 2020-08-26
3.0.0-rc.8 - 2020-08-25
3.0.0-rc.7 - 2020-08-21
3.0.0-rc.6 - 2020-08-19
3.0.0-rc.5 - 2020-07-28
3.0.0-rc.4 - 2020-07-21
3.0.0-rc.3 - 2020-07-21
3.0.0-rc.2 - 2020-07-19
3.0.0-rc.1 - 2020-07-17
3.0.0-beta.24 - 2020-07-16
3.0.0-beta.23 - 2020-07-16
3.0.0-beta.22 - 2020-07-15
3.0.0-beta.21 - 2020-07-14
3.0.0-beta.20 - 2020-07-08
3.0.0-beta.19 - 2020-07-07
3.0.0-beta.18 - 2020-07-02
3.0.0-beta.17 - 2020-06-30
3.0.0-beta.16 - 2020-06-29
3.0.0-beta.15 - 2020-06-12
3.0.0-beta.14 - 2020-05-18
3.0.0-beta.13 - 2020-05-17
3.0.0-beta.12 - 2020-05-11
3.0.0-beta.11 - 2020-05-11
3.0.0-beta.10 - 2020-05-07
3.0.0-beta.9 - 2020-05-04
3.0.0-beta.8 - 2020-05-04
3.0.0-beta.7 - 2020-05-02
3.0.0-beta.6 - 2020-05-01
3.0.0-beta.5 - 2020-04-30
3.0.0-beta.4 - 2020-04-24
3.0.0-beta.3 - 2020-04-20
3.0.0-beta.2 - 2020-04-17
3.0.0-beta.1 - 2020-04-16
3.0.0-alpha.13 - 2020-04-15
3.0.0-alpha.12 - 2020-04-08
3.0.0-alpha.11 - 2020-04-04
3.0.0-alpha.10 - 2020-03-24
3.0.0-alpha.9 - 2020-03-16
3.0.0-alpha.8 - 2020-03-06
3.0.0-alpha.7 - 2020-02-26
3.0.0-alpha.6 - 2020-02-22
3.0.0-alpha.5 - 2020-02-18
3.0.0-alpha.4 - 2020-01-27
3.0.0-alpha.3 - 2020-01-22
3.0.0-alpha.2 - 2020-01-13
3.0.0-alpha.1 - 2020-01-02
3.0.0-alpha.0 - 2019-12-20
2.7.16 - 2023-12-24
2.7.16-beta.2 - 2023-12-14
2.7.16-beta.1 - 2023-12-08
2.7.15 - 2023-10-23
2.7.14 - 2022-11-09
2.7.13 - 2022-10-14
2.7.12 - 2022-10-12
2.7.11 - 2022-10-11
2.7.10 - 2022-08-23
2.7.9 - 2022-08-19
2.7.8 - 2022-07-22
2.7.7 - 2022-07-16
2.7.6 - 2022-07-15
2.7.5 - 2022-07-13
2.7.4 - 2022-07-08
2.7.3 - 2022-07-06
2.7.2 - 2022-07-05
2.7.1 - 2022-07-04
2.7.0 - 2022-07-01
2.7.0-beta.8 - 2022-06-28
2.7.0-beta.7 - 2022-06-27
2.7.0-beta.6 - 2022-06-26
2.7.0-beta.5 - 2022-06-22
2.7.0-beta.4 - 2022-06-21
2.7.0-beta.3 - 2022-06-20
2.7.0-beta.2 - 2022-06-17
2.7.0-beta.1 - 2022-06-17
2.7.0-alpha.12 - 2022-06-16
2.7.0-alpha.11 - 2022-06-16
2.7.0-alpha.10 - 2022-06-16
2.7.0-alpha.9 - 2022-06-16
2.7.0-alpha.8 - 2022-06-14
2.7.0-alpha.7 - 2022-06-14
2.7.0-alpha.6 - 2022-06-09
2.7.0-alpha.5 - 2022-06-06
2.7.0-alpha.4 - 2022-06-01
2.7.0-alpha.3 - 2022-06-01
2.7.0-alpha.2 - 2022-06-01
2.7.0-alpha.1 - 2022-05-31
2.6.14 - 2021-06-07
2.6.13 - 2021-06-01
2.6.12 - 2020-08-20
2.6.11 - 2019-12-13
2.6.10 - 2019-03-20

from vue GitHub release notes

Package name: vue-template-compiler

2.7.16 - 2023-12-24
This is the final release for Vue 2.

Vue 2 will reach End of Life on December 31st, 2023. For more details, please read this blog post.

Please refer to CHANGELOG.md for details.
2.7.16-beta.2 - 2023-12-14
Please refer to CHANGELOG.md for details.
2.7.16-beta.1 - 2023-12-08
Please refer to CHANGELOG.md for details.
2.7.15 - 2023-10-23
Please refer to CHANGELOG.md for details.
2.7.14 - 2022-11-09
Please refer to CHANGELOG.md for details.
2.7.13 - 2022-10-14
Please refer to CHANGELOG.md for details.
2.7.12 - 2022-10-12
Please refer to CHANGELOG.md for details.
2.7.11 - 2022-10-11
Please refer to CHANGELOG.md for details.
2.7.10 - 2022-08-23
Please refer to CHANGELOG.md for details.
2.7.9 - 2022-08-19
Please refer to CHANGELOG.md for details.
2.7.8 - 2022-07-22
2.7.7 - 2022-07-16
2.7.6 - 2022-07-15
2.7.5 - 2022-07-13
2.7.4 - 2022-07-08
2.7.3 - 2022-07-06
2.7.2 - 2022-07-05
2.7.1 - 2022-07-04
2.7.0 - 2022-07-01
2.7.0-beta.8 - 2022-06-28
2.7.0-beta.7 - 2022-06-27
2.7.0-beta.6 - 2022-06-26
2.7.0-beta.5 - 2022-06-22
2.7.0-beta.4 - 2022-06-21
2.7.0-beta.3 - 2022-06-20
2.7.0-beta.2 - 2022-06-17
2.7.0-beta.1 - 2022-06-17
2.7.0-alpha.12 - 2022-06-16
2.7.0-alpha.11 - 2022-06-16
2.7.0-alpha.10 - 2022-06-16
2.7.0-alpha.9 - 2022-06-16
2.7.0-alpha.8 - 2022-06-14
2.7.0-alpha.7 - 2022-06-14
2.7.0-alpha.6 - 2022-06-09
2.7.0-alpha.5 - 2022-06-06
2.7.0-alpha.4 - 2022-06-01
2.7.0-alpha.3 - 2022-06-01
2.7.0-alpha.2 - 2022-06-01
2.7.0-alpha.1 - 2022-05-31
2.6.14 - 2021-06-07
2.6.13 - 2021-06-01
2.6.12 - 2020-08-20
2.6.11 - 2019-12-13
2.6.10 - 2019-03-20

from vue-template-compiler GitHub release notes

Important

Warning: This PR contains a major version upgrade, and may be a breaking change.
Check the changes in this PR to ensure they won't cause issues with your project.
This PR was automatically created by Snyk using the credentials of a real user.
Max score is 1000. Note that the real score may have changed since the PR was raised.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

📜 Customise PR templates

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

[//]: # 'snyk:metadata:{"customTemplate":{"variablesUsed":[],"fieldsUsed":[]},"dependencies":[{"name":"vue","from":"2.6.10","to":"3.4.33"},{"name":"vue-template-compiler","from":"2.6.10","to":"2.7.16"}],"env":"prod","hasFixes":true,"isBreakingChange":true,"isMajorUpgrade":true,"issuesToFix":[{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-ELLIPTIC-571484","issue_id":"SNYK-JS-ELLIPTIC-571484","priority_score":221,"priority_score_factors":[{"name":"confidentiality","value":"high"},{"name":"integrity","value":"high"},{"name":"availability","value":"low"},{"name":"scope","value":"unchanged"},{"name":"exploitCodeMaturity","value":"proofOfConcept"},{"name":"userInteraction","value":"none"},{"name":"privilegesRequired","value":"none"},{"name":"attackComplexity","value":"high"},{"name":"attackVector","value":"network"},{"name":"epss","value":0.00353},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Wed Jun 17 2020 10:03:22 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":true},{"name":"isMalicious","value":false},{"name":"businessCriticality","value":"high"},{"name":"relativeImportance","value":"high"},{"name":"relativePopularityRank","value":99},{"name":"impact","value":9.08},{"name":"likelihood","value":2.43},{"name":"scoreVersion","value":"V5"}],"severity":"high","title":"Cryptographic Issues"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JS-LOADERUTILS-3043105","issue_id":"SNYK-JS-LOADERUTILS-3043105","priority_score":115,"priority_score_factors":[{"name":"confidentiality","value":"none"},{"name":"integrity","value":"none"},{"name":"availability","value":"high"},{"name":"scope","value":"unchanged"},{"name":"exploitCodeMaturity"},{"name":"userInteraction","value":"none"},{"name":"privilegesRequired","value":"none"},{"name":"attackComplexity","value":"low"},{"name":"attackVector","value":"network"},{"name":"epss","value":0.0097},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Fri Nov 04 2022 09:08:14 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":true},{"name":"isMalicious","value":false},{"name":"businessCriticality","value":"high"},{"name":"relativeImportance","value":"high"},{"name":"relativePopularityRank","value":99},{"name":"impact","value":5.99},{"name":"likelihood","value":1.91},{"name":"scoreVersion","value":"V5"}],"severity":"high","title":"Prototype Pollution"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-INI-1048974","issue_id":"SNYK-JS-INI-1048974","priority_score":151,"priority_score_factors":[{"name":"confidentiality","value":"low"},{"name":"integrity","value":"low"},{"name":"availability","value":"low"},{"name":"scope","value":"unchanged"},{"name":"exploitCodeMaturity","value":"proofOfConcept"},{"name":"userInteraction","value":"none"},{"name":"privilegesRequired","value":"none"},{"name":"attackComplexity","value":"low"},{"name":"attackVector","value":"network"},{"name":"epss","value":0.01218},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Thu Dec 10 2020 18:08:38 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":true},{"name":"isMalicious","value":false},{"name":"businessCriticality","value":"high"},{"name":"relativeImportance","value":"high"},{"name":"relativePopularityRank","value":99},{"name":"impact","value":5.62},{"name":"likelihood","value":2.67},{"name":"scoreVersion","value":"V5"}],"severity":"high","title":"Prototype Pollution"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-IP-6240864","issue_id":"SNYK-JS-IP-6240864","priority_score":221,"priority_score_factors":[{"name":"confidentiality","value":"high"},{"name":"integrity","value":"low"},{"name":"availability","value":"low"},{"name":"scope","value":"unchanged"},{"name":"exploitCodeMaturity","value":"proofOfConcept"},{"name":"userInteraction","value":"none"},{"name":"privilegesRequired","value":"none"},{"name":"attackComplexity","value":"low"},{"name":"attackVector","value":"network"},{"name":"epss","value":0.00084},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Sun Feb 11 2024 07:37:52 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":true},{"name":"isMalicious","value":false},{"name":"businessCriticality","value":"high"},{"name":"relativeImportance","value":"high"},{"name":"relativePopularityRank","value":99},{"name":"impact","value":7.84},{"name":"likelihood","value":2.81},{"name":"scoreVersion","value":"V5"}],"severity":"high","title":"Server-side Request Forgery (SSRF)"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-LODASH-1040724","issue_id":"SNYK-JS-LODASH-1040724","priority_score":239,"priority_score_factors":[{"name":"confidentiality","value":"high"},{"name":"integrity","value":"high"},{"name":"availability","value":"high"},{"name":"scope","value":"unchanged"},{"name":"exploitCodeMaturity","value":"proofOfConcept"},{"name":"userInteraction","value":"none"},{"name":"privilegesRequired","value":"high"},{"name":"attackComplexity","value":"low"},{"name":"attackVector","value":"network"},{"name":"epss","value":0.00606},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Mon Feb 15 2021 11:50:50 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":true},{"name":"isMalicious","value":false},{"name":"businessCriticality","value":"high"},{"name":"relativeImportance","value":"high"},{"name":"relativePopularityRank","value":99},{"name":"impact","value":9.79},{"name":"likelihood","value":2.43},{"name":"scoreVersion","value":"V5"}],"severity":"high","title":"Code Injection"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-LODASH-567746","issue_id":"SNYK-JS-LODASH-567746","priority_score":189,"priority_score_factors":[{"name":"confidentiality","value":"none"},{"name":"integrity","value":"low"},{"name":"availability","value":"high"},{"name":"scope","value":"unchanged"},{"name":"exploitCodeMaturity","value":"proofOfConcept"},{"name":"userInteraction","value":"none"},{"name":"privilegesRequired","value":"none"},{"name":"attackComplexity","value":"low"},{"name":"attackVector","value":"network"},{"name":"epss","value":0.01667},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Tue Apr 28 2020 14:59:14 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":true},{"name":"isMalicious","value":false},{"name":"businessCriticality","value":"high"},{"name":"relativeImportance","value":"high"},{"name":"relativePopularityRank","value":99},{"name":"impact","value":7.03},{"name":"likelihood","value":2.68},{"name":"scoreVersion","value":"V5"}],"severity":"high","title":"Prototype Pollution"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-LODASH-608086","issue_id":"SNYK-JS-LODASH-608086","priority_score":150,"priority_score_factors":[{"name":"confidentiality","value":"low"},{"name":"integrity","value":"low"},{"name":"availability","value":"low"},{"name":"scope","value":"unchanged"},{"name":"exploitCodeMaturity","value":"proofOfConcept"},{"name":"userInteraction","value":"none"},{"name":"privilegesRequired","value":"none"},{"name":"attackComplexity","value":"low"},{"name":"attackVector","value":"network"},{"name":"epss","value":0.01055},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Fri Aug 21 2020 12:53:03 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":true},{"name":"isMalicious","value":false},{"name":"businessCriticality","value":"high"},{"name":"relativeImportance","value":"high"},{"name":"relativePopularityRank","value":99},{"name":"impact","value":5.62},{"name":"likelihood","value":2.67},{"name":"scoreVersion","value":"V5"}],"severity":"high","title":"Prototype Pollution"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-LODASH-6139239","issue_id":"SNYK-JS-LODASH-6139239","priority_score":170,"priority_score_factors":[{"name":"confidentiality","value":"none"},{"name":"integrity","value":"none"},{"name":"availability","value":"high"},{"name":"scope","value":"unchanged"},{"name":"exploitCodeMaturity","value":"proofOfConcept"},{"name":"userInteraction","value":"none"},{"name":"privilegesRequired","value":"none"},{"name":"attackComplexity","value":"low"},{"name":"attackVector","value":"network"},{"name":"epss","value":0.01055},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Mon Apr 15 2024 13:48:35 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":true},{"name":"isMalicious","value":false},{"name":"businessCriticality","value":"high"},{"name":"relativeImportance","value":"high"},{"name":"relativePopularityRank","value":99},{"name":"impact","value":5.99},{"name":"likelihood","value":2.83},{"name":"scoreVersion","value":"V5"}],"severity":"high","title":"Prototype Pollution"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-SSRI-1246392","issue_id":"SNYK-JS-SSRI-1246392","priority_score":159,"priority_score_factors":[{"name":"confidentiality","value":"none"},{"name":"integrity","value":"none"},{"name":"availability","value":"high"},{"name":"scope","value":"unchanged"},{"name":"exploitCodeMaturity","value":"proofOfConcept"},{"name":"userInteraction","value":"none"},{"name":"privilegesRequired","value":"none"},{"name":"attackComplexity","value":"low"},{"name":"attackVector","value":"network"},{"name":"epss","value":0.00242},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Thu Apr 15 2021 14:43:24 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":true},{"name":"isMalicious","value":false},{"name":"businessCriticality","value":"high"},{"name":"relativeImportance","value":"high"},{"name":"relativePopularityRank","value":99},{"name":"impact","value":5.99},{"name":"likelihood","value":2.65},{"name":"scoreVersion","value":"V5"}],"severity":"high","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JS-TAR-1536528","issue_id":"SNYK-JS-TAR-1536528","priority_score":95,"priority_score_factors":[{"name":"confidentiality","value":"high"},{"name":"integrity","value":"high"},{"name":"availability","value":"none"},{"name":"scope","value":"changed"},{"name":"exploitCodeMaturity"},{"name":"userInteraction","value":"required"},{"name":"privilegesRequired","value":"none"},{"name":"attackComplexity","value":"low"},{"name":"attackVector","value":"local"},{"name":"epss","value":0.00689},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Wed Aug 04 2021 07:24:54 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":true},{"name":"isMalicious","value":false},{"name":"businessCriticality","value":"high"},{"name":"relativeImportance","value":"high"},{"name":"relativePopularityRank","value":99},{"name":"impact","value":9.6},{"name":"likelihood","value":0.984},{"name":"scoreVersion","value":"V5"}],"severity":"high","title":"Arbitrary File Overwrite"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JS-BROWSERIFYSIGN-6037026","issue_id":"SNYK-JS-BROWSERIFYSIGN-6037026","priority_score":124,"priority_score_factors":[{"name":"confidentiality","value":"none"},{"name":"integrity","value":"high"},{"name":"availability","value":"none"},{"name":"scope","value":"unchanged"},{"name":"exploitCodeMaturity"},{"name":"userInteraction","value":"none"},{"name":"privilegesRequired","value":"none"},{"name":"attackComplexity","value":"low"},{"name":"attackVector","value":"network"},{"name":"epss","value":0.00058},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Fri Oct 27 2023 12:03:19 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":true},{"name":"isMalicious","value":false},{"name":"businessCriticality","value":"high"},{"name":"relativeImportance","value":"high"},{"name":"relativePopularityRank","value":99},{"name":"impact","value":5.99},{"name":"likelihood","value":2.06},{"name":"scoreVersion","value":"V5"}],"severity":"high","title":"Improper Verification of Cryptographic Signature"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-NODEFORGE-598677","issue_id":"SNYK-JS-NODEFORGE-598677","priority_score":149,"priority_score_factors":[{"name":"confidentiality","value":"low"},{"name":"integrity","value":"low"},{"name":"availability","value":"low"},{"name":"scope","value":"unchanged"},{"name":"exploitCodeMaturity","value":"proofOfConcept"},{"name":"userInteraction","value":"none"},{"name":"privilegesRequired","value":"none"},{"name":"attackComplexity","value":"low"},{"name":"attackVector","value":"network"},{"name":"epss","value":0.00209},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Tue Sep 01 2020 10:44:20 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":true},{"name":"isMalicious","value":false},{"name":"businessCriticality","value":"high"},{"name":"relativeImportance","value":"high"},{"name":"relativePopularityRank","value":99},{"name":"impact","value":5.62},{"name":"likelihood","value":2.65},{"name":"scoreVersion","value":"V5"}],"severity":"high","title":"Prototype Pollution"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JS-LOADERUTILS-3042992","issue_id":"SNYK-JS-LOADERUTILS-3042992","priority_score":45,"priority_score_factors":[{"name":"confidentiality","value":"none"},{"name":"integrity","value":"none"},{"name":"availability","value":"low"},{"name":"scope","value":"unchanged"},{"name":"exploitCodeMaturity"},{"name":"userInteraction","value":"none"},{"name":"privilegesRequired","value":"none"},{"name":"attackComplexity","value":"low"},{"name":"attackVector","value":"network"},{"name":"epss","value":0.00306},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Mon Nov 28 2022 08:04:26 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":true},{"name":"isMalicious","value":false},{"name":"businessCriticality","value":"high"},{"name":"relativeImportance","value":"medium"},{"name":"relativePopularityRank","value":99},{"name":"impact","value":2.35},{"name":"likelihood","value":1.9},{"name":"scoreVersion","value":"V5"}],"severity":"medium","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-HTTPPROXY-569139","issue_id":"SNYK-JS-HTTPPROXY-569139","priority_score":134,"priority_score_factors":[{"name":"confidentiality","value":"none"},{"name":"integrity","value":"none"},{"name":"availability","value":"high"},{"name":"scope","value":"unchanged"},{"name":"exploitCodeMaturity","value":"proofOfConcept"},{"name":"userInteraction","value":"required"},{"name":"privilegesRequired","value":"none"},{"name":"attackComplexity","value":"low"},{"name":"attackVector","value":"network"},{"name":"epss","value":0.01055},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Sat May 16 2020 17:02:49 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":true},{"name":"isMalicious","value":false},{"name":"businessCriticality","value":"high"},{"name":"relativeImportance","value":"medium"},{"name":"relativePopularityRank","value":99},{"name":"impact","value":5.99},{"name":"likelihood","value":2.22},{"name":"scoreVersion","value":"V5"}],"severity":"medium","title":"Denial of Service (DoS)"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-ISSVG-1085627","issue_id":"SNYK-JS-ISSVG-1085627","priority_score":63,"priority_score_factors":[{"name":"confidentiality","value":"none"},{"name":"integrity","value":"none"},{"name":"availability","value":"low"},{"name":"scope","value":"unchanged"},{"name":"exploitCodeMaturity","value":"proofOfConcept"},{"name":"userInteraction","value":"none"},{"name":"privilegesRequired","value":"none"},{"name":"attackComplexity","value":"low"},{"name":"attackVector","value":"network"},{"name":"epss","value":0.0021},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Sun Mar 14 2021 15:42:51 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":true},{"name":"isMalicious","value":false},{"name":"businessCriticality","value":"high"},{"name":"relativeImportance","value":"medium"},{"name":"relativePopularityRank","value":99},{"name":"impact","value":2.35},{"name":"likelihood","value":2.65},{"name":"scoreVersion","value":"V5"}],"severity":"medium","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-ISSVG-1243891","issue_id":"SNYK-JS-ISSVG-1243891","priority_score":63,"priority_score_factors":[{"name":"confidentiality","value":"none"},{"name":"integrity","value":"none"},{"name":"availability","value":"low"},{"name":"scope","value":"unchanged"},{"name":"exploitCodeMaturity","value":"proofOfConcept"},{"name":"userInteraction","value":"none"},{"name":"privilegesRequired","value":"none"},{"name":"attackComplexity","value":"low"},{"name":"attackVector","value":"network"},{"name":"epss","value":0.00356},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Wed May 05 2021 15:35:35 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":true},{"name":"isMalicious","value":false},{"name":"businessCriticality","value":"high"},{"name":"relativeImportance","value":"medium"},{"name":"relativePopularityRank","value":99},{"name":"impact","value":2.35},{"name":"likelihood","value":2.65},{"name":"scoreVersion","value":"V5"}],"severity":"medium","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-JSON5-3182856","issue_id":"SNYK-JS-JSON5-3182856","priority_score":178,"priority_score_factors":[{"name":"confidentiality","value":"low"},{"name":"integrity","value":"low"},{"name":"availability","value":"high"},{"name":"scope","value":"unchanged"},{"name":"exploitCodeMaturity","value":"proofOfConcept"},{"name":"userInteraction","value":"none"},{"name":"privilegesRequired","value":"low"},{"name":"attackComplexity","value":"high"},{"name":"attackVector","value":"network"},{"name":"epss","value":0.00667},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Sun Dec 25 2022 08:45:14 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":true},{"name":"isMalicious","value":false},{"name":"businessCriticality","value":"high"},{"name":"relativeImportance","value":"medium"},{"name":"relativePopularityRank","value":99},{"name":"impact","value":7.84},{"name":"likelihood","value":2.27},{"name":"scoreVersion","value":"V5"}],"severity":"medium","title":"Prototype Pollution"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JS-LOADERUTILS-3105943","issue_id":"SNYK-JS-LOADERUTILS-3105943","priority_score":45,"priority_score_factors":[{"name":"confidentiality","value":"none"},{"name":"integrity","value":"none"},{"name":"availability","value":"low"},{"name":"scope","value":"unchanged"},{"name":"exploitCodeMaturity"},{"name":"userInteraction","value":"none"},{"name":"privilegesRequired","value":"none"},{"name":"attackComplexity","value":"low"},{"name":"attackVector","value":"network"},{"name":"epss","value":0.00694},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Mon Nov 07 2022 16:01:55 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":true},{"name":"isMalicious","value":false},{"name":"businessCriticality","value":"high"},{"name":"relativeImportance","value":"medium"},{"name":"relativePopularityRank","value":99},{"name":"impact","value":2.35},{"name":"likelihood","value":1.91},{"name":"scoreVersion","value":"V5"}],"severity":"medium","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-JSON5-3182856","issue_id":"SNYK-JS-JSON5-3182856","priority_score":178,"priority_score_factors":[{"name":"confidentiality","value":"low"},{"name":"integrity","value":"low"},{"name":"availability","value":"high"},{"name":"scope","value":"unchanged"},{"name":"exploitCodeMaturity","value":"proofOfConcept"},{"name":"userInteraction","value":"none"},{"name":"privilegesRequired","value":"low"},{"name":"attackComplexity","value":"high"},{"name":"attackVector","value":"network"},{"name":"epss","value":0.00667},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Sun Dec 25 2022 08:45:14 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":true},{"name":"isMalicious","value":false},{"name":"businessCriticality","value":"high"},{"name":"relativeImportance","value":"medium"},{"name":"relativePopularityRank","value":99},{"name":"impact","value":7.84},{"name":"likelihood","value":2.27},{"name":"scoreVersion","value":"V5"}],"severity":"medium","title":"Prototype Pollution"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-LODASH-1018905","issue_id":"SNYK-JS-LODASH-1018905","priority_score":63,"priority_score_factors":[{"name":"confidentiality","value":"none"},{"name":"integrity","value":"none"},{"name":"availability","value":"low"},{"name":"scope","value":"unchanged"},{"name":"exploitCodeMaturity","value":"proofOfConcept"},{"name":"userInteraction","value":"none"},{"name":"privilegesRequired","value":"none"},{"name":"attackComplexity","value":"low"},{"name":"attackVector","value":"network"},{"name":"epss","value":0.00231},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Mon Feb 15 2021 11:50:49 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":true},{"name":"isMalicious","value":false},{"name":"businessCriticality","value":"high"},{"name":"relativeImportance","value":"medium"},{"name":"relativePopularityRank","value":99},{"name":"impact","value":2.35},{"name":"likelihood","value":2.65},{"name":"scoreVersion","value":"V5"}],"severity":"medium","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JS-MINIMATCH-3050818","issue_id":"SNYK-JS-MINIMATCH-3050818","priority_score":45,"priority_score_facto...

Snyk has created this PR to upgrade: - vue from 2.6.10 to 3.4.33. See this package in npm: https://www.npmjs.com/package/vue - vue-template-compiler from 2.6.10 to 2.7.16. See this package in npm: https://www.npmjs.com/package/vue-template-compiler See this project in Snyk: https://app.snyk.io/org/cachiman/project/cfffc614-d7ae-4132-baf2-348ca0ee437d?utm_source=github-cloud-app&utm_medium=referral&page=upgrade-pr

google-cla · 2024-08-10T05:47:36Z

Thanks for your pull request! It looks like this may be your first contribution to a Google open source project. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA).

View this failed invocation of the CLA check for more information.

For the most up to date status, view the checks section at the bottom of the pull request.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[Snyk] Upgrade: vue, vue-template-compiler #16

[Snyk] Upgrade: vue, vue-template-compiler #16

snyk-io bot commented Aug 10, 2024

google-cla bot commented Aug 10, 2024

[Snyk] Upgrade: vue, vue-template-compiler #16

Are you sure you want to change the base?

[Snyk] Upgrade: vue, vue-template-compiler #16

Conversation

snyk-io bot commented Aug 10, 2024

Snyk has created this PR to upgrade multiple dependencies.

Issues fixed by the recommended upgrade:

google-cla bot commented Aug 10, 2024