[Snyk] Upgrade vue-tsc from 1.8.19 to 2.1.6

[WontonSam]

Snyk has created this PR to upgrade vue-tsc from 1.8.19 to 2.1.6.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

⚠️ Warning: This PR contains major version upgrade(s), and may be a breaking change.

• The recommended version is 46 versions ahead of your current version.

• The recommended version was released on 2 months ago.

Issues fixed by the recommended upgrade:

	Issue	Score	Exploit Maturity
	Access Control Bypass SNYK-JS-VITE-6182924	108	Proof of Concept
	Cross-site Request Forgery (CSRF) SNYK-JS-AXIOS-6032459	108	Proof of Concept
	Prototype Pollution SNYK-JS-AXIOS-6144788	108	No Known Exploit
	Server-side Request Forgery (SSRF) SNYK-JS-AXIOS-7361793	108	Proof of Concept
	Uncontrolled resource consumption SNYK-JS-BRACES-6838727	108	Proof of Concept
	Prototype Pollution SNYK-JS-DOMPURIFY-7984421	108	No Known Exploit
	Improper Handling of Extra Parameters SNYK-JS-FOLLOWREDIRECTS-6141137	108	Proof of Concept
	Inefficient Regular Expression Complexity SNYK-JS-MICROMATCH-6838728	108	No Known Exploit
	Cross-site Scripting (XSS) SNYK-JS-ROLLUP-8073097	108	Proof of Concept
	Cross-Site Scripting (XSS) SNYK-JS-VITE-6098386	108	Proof of Concept
	Improper Access Control SNYK-JS-VITE-6531286	108	Proof of Concept
	Information Exposure SNYK-JS-VITE-8023174	108	Proof of Concept
	Cross-site Scripting (XSS) SNYK-JS-VUETEMPLATECOMPILER-7554675	108	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-AXIOS-6124857	108	Proof of Concept
	Template Injection SNYK-JS-DOMPURIFY-6474511	108	Proof of Concept
	Information Exposure SNYK-JS-FOLLOWREDIRECTS-6444610	108	Proof of Concept
	Cross-site Scripting (XSS) SNYK-JS-VITE-8022916	108	Proof of Concept

Release notes

Package name: vue-tsc

• 2.1.6 - 2024-09-04
  

  Features

  • language-plugin-pug: support initial indentation (#4774)
  • language-service: JSDoc display support when typing props on component template (#4796) - Thanks to @ joy-yu!
  • language-core: typed directives in template (#4807) - Thanks to @ KazariEX!

  Bug Fixes

  • language-core: wrap template refs with unref in interpolation (#4777) - Thanks to @ KazariEX!
  • language-core: ensure to pass tsc on inline global types (#4782) - Thanks to @ KazariEX!
  • language-core: infer native template ref as build-in element interface (#4786) - Thanks to @ KazariEX!
  • language-core: generate __VLS_StyleModules after template (#4790) - Thanks to @ KazariEX!
  • language-core: make expose of non-generic template ref required (#4795) - Thanks to @ zhiyuanzmj!
  • language-core: avoid using __typeProps with runtime props (#4800) - Thanks to @ KazariEX!
  • language-core: ignore unknown attrs error when strictTemplates is not enabled (#4785)
  • language-core: prevent append globalTypes to virtual file (#4806) - Thanks to @ zhiyuanzmj!
  • language-core: prevent type error when use defineSlots and non-template (#4809) - Thanks to @ zhiyuanzmj!
  • typescript-plugin: disconnect socket on error (#4672)

  Performance

  • language-core: don't emit event lnlayhint when content is none (#4776) - Thanks to @ Gehbt!

  Other Changes

  • language-core: split __VLS_templateResult (#4781) - Thanks to @ KazariEX!
  • language-core: wrap template virtual code into a function (#4784)
  • language-core: move templateRef into composibles (#4791) - Thanks to @ KazariEX!
  • language-core: generate global types for the first parsed Vue component if cannot write global types file

  Tests

  • language-server: add renaming case for template ref() (#4794) - Thanks to @ KazariEX!
  • tsc: update to Vue 3.5 (#4725)
  • tsc: unknown props on non-strict generic component (#4792)

  Please refer to CHANGELOG.md for details.

  Sponsors

  Special Sponsor
  Stay in the flow with instant dev experiences. No more hours stashing/pulling/installing locally — just click, and start coding.
  Platinum Sponsors
  An approachable, performant and versatile framework for building web user interfaces.			<img src="https://raw.githubusercontent.com/johnsoncodehk/sponsors/master/logos/Astro.svg" width="200" style="max-width: 100%;"> </a> <p>Astro powers the world's fastest websites, client-side web apps, dynamic API endpoints, and everything in-between.</p> </td> </tr> <tr> <td align="center" valign="middle" colspan="3"> <a href="https://www.jetbrains.com/" rel="nofollow"> <img src="https://raw.githubusercontent.com/johnsoncodehk/sponsors/master/logos/JetBrains.svg" width="80" style="max-width: 100%;"> </a> <p>Essential tools for software developers and teams.</p> </td> <td align="center" valign="middle" colspan="3"> <a href="https://opensource.microsoft.com/" rel="nofollow"> <img src="https://raw.githubusercontent.com/johnsoncodehk/sponsors/master/logos/Microsoft.svg" width="200" style="max-width: 100%;"> </a> <p>Open Source enables Microsoft products and services to bring choice, technology and community to our customers.</p> </td> </tr> <tr> <td align="center" valign="middle" colspan="6"> <b>Silver Sponsors</b> </td> </tr> <tr> <td align="center" valign="middle" width="33.3%" colspan="2"> <a href="https://www.prefect.io/" rel="nofollow"><img src="https://raw.githubusercontent.com/johnsoncodehk/sponsors/master/logos/Prefect.svg" width="200" style="max-width: 100%;"></a> </td> <td align="center" valign="middle" width="33.3%" colspan="2"> <a href="https://www.techjobasia.com/" rel="nofollow"><img src="https://raw.githubusercontent.com/johnsoncodehk/sponsors/master/logos/TechJobAsia.svg" width="200" style="max-width: 100%;"></a> </td> <td align="center" valign="middle" width="33.3%" colspan="2"> <a href="https://haoqun.blog/" rel="nofollow"><img src="https://avatars.githubusercontent.com/u/3277634?v=4" height="80" style="max-width: 100%;"></a> </td> </tr> <tr> <td align="center" valign="middle" width="33.3%" colspan="2"> <a href="https://antfu.me/" rel="nofollow"><img src="https://avatars.githubusercontent.com/u/11247099?v=4" height="80" style="max-width: 100%;"></a> </td> </tr>

  Become a sponsor

• 2.1.5 - 2024-08-31
• 2.1.4 - 2024-08-31
  

  Features

  • typescript-plugin, language-server: generate global types file into node_modules/.vue-global-types (#4752) - Thanks to @ KazariEX!
  • language-core: navigation support for template-ref (#4726) - Thanks to @ KazariEX!

  Bug Fixes

  • language-core, typescript-plugin, language-server: apply snake case on globalTypes filename (#4749) - Thanks to @ KazariEX!
  • language-core: hoist $refs type (#4763)
  • language-core: disable lib check on global types file (#4767) - Thanks to @ KazariEX!
  • language-core: prevent circular reference of templateRef (#4768) - Thanks to @ zhiyuanzmj!
  • language-core: using interface merging for GlobalComponents
  • language-core: fallthroughAttributes causes global components to be self-referential (#4761)
  • language-core: auto-completion for the last line of template block (#4771) - Thanks to @ zhiyuanzmj!
  • language-core: update ast correctly on repeated v-for modifications (#4772) - Thanks to @ KazariEX!
  • language-server: leaking named pipes (#4672)
  • typescript-plugin: compatible with Yarn PnP (#4751)
  • vscode: whitelist ms-dynamics-smb.al extension for Vue Hybrid Mode. (#4765) - Thanks to @ kyleweishaupt!

  Other Changes

  • Add optional "dependencies" textarea to issue template (#4758) - Thanks to @ davidmatter!

  Please refer to CHANGELOG.md for details.

  Sponsors

  Special Sponsor
  Stay in the flow with instant dev experiences. No more hours stashing/pulling/installing locally — just click, and start coding.
  Platinum Sponsors
  An approachable, performant and versatile framework for building web user interfaces.			<img src="https://raw.githubusercontent.com/johnsoncodehk/sponsors/master/logos/Astro.svg" width="200" style="max-width: 100%;"> </a> <p>Astro powers the world's fastest websites, client-side web apps, dynamic API endpoints, and everything in-between.</p> </td> </tr> <tr> <td align="center" valign="middle" colspan="3"> <a href="https://www.jetbrains.com/" rel="nofollow"> <img src="https://raw.githubusercontent.com/johnsoncodehk/sponsors/master/logos/JetBrains.svg" width="80" style="max-width: 100%;"> </a> <p>Essential tools for software developers and teams.</p> </td> <td align="center" valign="middle" colspan="3"> <a href="https://opensource.microsoft.com/" rel="nofollow"> <img src="https://raw.githubusercontent.com/johnsoncodehk/sponsors/master/logos/Microsoft.svg" width="200" style="max-width: 100%;"> </a> <p>Open Source enables Microsoft products and services to bring choice, technology and community to our customers.</p> </td> </tr> <tr> <td align="center" valign="middle" colspan="6"> <b>Silver Sponsors</b> </td> </tr> <tr> <td align="center" valign="middle" width="33.3%" colspan="2"> <a href="https://www.prefect.io/" rel="nofollow"><img src="https://raw.githubusercontent.com/johnsoncodehk/sponsors/master/logos/Prefect.svg" width="200" style="max-width: 100%;"></a> </td> <td align="center" valign="middle" width="33.3%" colspan="2"> <a href="https://www.techjobasia.com/" rel="nofollow"><img src="https://raw.githubusercontent.com/johnsoncodehk/sponsors/master/logos/TechJobAsia.svg" width="200" style="max-width: 100%;"></a> </td> <td align="center" valign="middle" width="33.3%" colspan="2"> <a href="https://haoqun.blog/" rel="nofollow"><img src="https://avatars.githubusercontent.com/u/3277634?v=4" height="80" style="max-width: 100%;"></a> </td> </tr> <tr> <td align="center" valign="middle" width="33.3%" colspan="2"> <a href="https://antfu.me/" rel="nofollow"><img src="https://avatars.githubusercontent.com/u/11247099?v=4" height="80" style="max-width: 100%;"></a> </td> </tr>

  Become a sponsor

• 2.1.2 - 2024-08-29
  

  Bug Fixes

  • language-core, typescript-plugin, language-server: write globalTypes into dist for correct export (#4740) (#4737) (#4738) (#4739) - Thanks to @ KazariEX!
  • language-core: don't default vueCompilerOptions.lib to @ vue/runtime-dom for Vue 2

  Please refer to CHANGELOG.md for details.

  Sponsors

  Special Sponsor
  Stay in the flow with instant dev experiences. No more hours stashing/pulling/installing locally — just click, and start coding.
  Platinum Sponsors
  An approachable, performant and versatile framework for building web user interfaces.			<img src="https://raw.githubusercontent.com/johnsoncodehk/sponsors/master/logos/Astro.svg" width="200" style="max-width: 100%;"> </a> <p>Astro powers the world's fastest websites, client-side web apps, dynamic API endpoints, and everything in-between.</p> </td> </tr> <tr> <td align="center" valign="middle" colspan="3"> <a href="https://www.jetbrains.com/" rel="nofollow"> <img src="https://raw.githubusercontent.com/johnsoncodehk/sponsors/master/logos/JetBrains.svg" width="80" style="max-width: 100%;"> </a> <p>Essential tools for software developers and teams.</p> </td> <td align="center" valign="middle" colspan="3"> <a href="https://opensource.microsoft.com/" rel="nofollow"> <img src="https://raw.githubusercontent.com/johnsoncodehk/sponsors/master/logos/Microsoft.svg" width="200" style="max-width: 100%;"> </a> <p>Open Source enables Microsoft products and services to bring choice, technology and community to our customers.</p> </td> </tr> <tr> <td align="center" valign="middle" colspan="6"> <b>Silver Sponsors</b> </td> </tr> <tr> <td align="center" valign="middle" width="33.3%" colspan="2"> <a href="https://www.prefect.io/" rel="nofollow"><img src="https://raw.githubusercontent.com/johnsoncodehk/sponsors/master/logos/Prefect.svg" width="200" style="max-width: 100%;"></a> </td> <td align="center" valign="middle" width="33.3%" colspan="2"> <a href="https://www.techjobasia.com/" rel="nofollow"><img src="https://raw.githubusercontent.com/johnsoncodehk/sponsors/master/logos/TechJobAsia.svg" width="200" style="max-width: 100%;"></a> </td> <td align="center" valign="middle" width="33.3%" colspan="2"> <a href="https://haoqun.blog/" rel="nofollow"><img src="https://avatars.githubusercontent.com/u/3277634?v=4" height="80" style="max-width: 100%;"></a> </td> </tr> <tr> <td align="center" valign="middle" width="33.3%" colspan="2"> <a href="https://antfu.me/" rel="nofollow"><img src="https://avatars.githubusercontent.com/u/11247099?v=4" height="80" style="max-width: 100%;"></a> </td> </tr>

  Become a sponsor

• 2.1.0 - 2024-08-29
  

  Features

  • language-core: inlay hints for destructured props (#4634) - Thanks to @ KazariEX!
  • language-core: typed fallthrough attributes (#4103) - Thanks to @ A5rocks, @ so1ve!
  • language-core: document links for classname within :class (#4642) - Thanks to @ KazariEX!
  • language-core: auto infer type for $refs & useTemplateRef (#4644) - Thanks to @ zhiyuanzmj!
  • language-core: type support for CSS Modules API (#4674) - Thanks to @ KazariEX!
  • language-service: better completion for directives (#4640) - Thanks to @ KazariEX!
  • language-service: better sorting & filtering of completion (#4671) - Thanks to @ KazariEX!
  • language-service: add style scoped and module completion (#4705) - Thanks to @ runyasak!

  Bug Fixes

  • vscode: type of vue.server.hybridMode config (#4703) - Thanks to @ KermanX!
  • language-core: dependency on vulnerable version of vue-template-compiler (#4613) - Thanks to @ yyx990803!
  • language-core: support parse method to access ctx var in object (#4609) - Thanks to @ linghaoSu!
  • language-core: escape \ and ' in className avoid type error (#4619) - Thanks to @ linghaoSu!
  • language-core: semantic highlight of the end tag of namespaced elements (#4623) - Thanks to @ KermanX!
  • language-core: nullable modelvalues (#4648) - Thanks to @ davidmatter!
  • language-core: should try casting dynamic slot name into constant (#4669) - Thanks to @ KermanX!
  • language-core: local name support for prop using runtime api (#4650) - Thanks to @ KazariEX!
  • language-core: optimize matching of scoped class and v-bind() (#4679) - Thanks to @ KazariEX!
  • language-core: should preserve generic info in directive (#4686) - Thanks to @ KermanX!
  • language-core: generate ref as identifier instead of interpolation (#4688) - Thanks to @ KazariEX!
  • language-core: correct type narrowing from script to template (#4689) - Thanks to @ KazariEX!
  • language-core: should camelize prop name in experimentalModelPropName (#4691) - Thanks to @ KermanX!
  • language-core: drop duplicate hints on incomplete tag (#4696) - Thanks to @ KazariEX!
  • language-core: correct inlay hints for v-bind with modifier (#4721) - Thanks to @ KazariEX!
  • language-core: transform range of file-md correctly (#4735) - Thanks to @ KazariEX!
  • language-plugin-pug: should cache proxyed object (#4626) - Thanks to @ KermanX!
  • language-plugin-pug: compute offset correctly of pug class (#4652) - Thanks to @ KazariEX!
  • language-service: completion documentations for binding attributes (#4667) - Thanks to @ KazariEX!
  • language-service: avoid converting internal id of special tags (#4643) - Thanks to @ KazariEX!
  • language-service: reinstate the completion for modifiers (#4639) - Thanks to @ KazariEX!
  • language-service: consistent data from provider for sfc completion (#4645) - Thanks to @ KazariEX!
  • typescript-plugin: unknown request type warning (#4715) - Thanks to @ davidmatter!

  Refactors

  • language-core: extract SFC root tags to separate virtual code
  • language-core: removed __hint trick from codegen
  • language-core: rewrite a part of confusing codegen code
  • language-core: reduce virtual code generated by component tags (#4714)
  • language-core: do not wrap template virtual code with function (#4731)
  • language-core: write real files to FS for shared global types (#4736)
  • component-meta: remove deprecated createComponentMetaCheckerByJsonConfig, createComponentMetaChecker api

  Other Changes

  • Upgraded Volar from v2.4.0-alpha.18 to v2.4.1:
    • Ensure unopened files are synced to project (#4711) (#4632) - Thanks to @ davidmatter!
  • ci: integrated pkg.pr.new
  • tsc: test all typecheck cases in one tsconfig (

[google-cla]

Thanks for your pull request! It looks like this may be your first contribution to a Google open source project. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA).

View this failed invocation of the CLA check for more information.

For the most up to date status, view the checks section at the bottom of the pull request.