Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Upgrade nuxt from 3.9.1 to 3.10.3 #71

Closed
wants to merge 1 commit into from
Closed

[Snyk] Upgrade nuxt from 3.9.1 to 3.10.3 #71

wants to merge 1 commit into from

Conversation

Jeb4dev
Copy link
Contributor

@Jeb4dev Jeb4dev commented Mar 27, 2024

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to upgrade nuxt from 3.9.1 to 3.10.3.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

  • The recommended version is 6 versions ahead of your current version.
  • The recommended version was released a month ago, on 2024-02-22.

The recommended version fixes:

Severity Issue PriorityScore (*) Exploit Maturity
Server-side Request Forgery (SSRF)
SNYK-JS-IP-6240864		 537/1000
Why? Proof of Concept exploit, CVSS 8.6		 Proof of Concept
Access Control Bypass
SNYK-JS-VITE-6182924		 537/1000
Why? Proof of Concept exploit, CVSS 8.6		 Proof of Concept
Uncontrolled Resource Consumption ('Resource Exhaustion')
SNYK-JS-TAR-6476909		 537/1000
Why? Proof of Concept exploit, CVSS 8.6		 Proof of Concept
Permissive Cross-domain Policy with Untrusted Domains
SNYK-JS-UNDICI-6252336		 537/1000
Why? Proof of Concept exploit, CVSS 8.6		 No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Release notes
Package name: nuxt
  • 3.10.3 - 2024-02-22

    3.10.3 is a regularly-scheduled patch release.

    ✅ Upgrading

    As usual, our recommendation for upgrading is to run:

    nuxi upgrade --force

    This will refresh your lockfile as well, and ensures that you pull in updates from other dependencies that Nuxt relies on, particularly in the vue and unjs ecosystems.

    👉 Changelog

    compare changes

    🩹 Fixes

    • nuxt: Respect dedupe option in useFetch (#25815)
    • nuxt: Bypass browser cache when fetching app build id (#25813)
    • nuxt: In dev, don't link css files with ?inline query (#25822)
    • nuxt: Pass external to navigate in custom <NuxtLink> (#25887)
    • nuxt: Mark internal island components with @ __PURE__ (#25842)
    • nuxt: Use setTimeout before scrolling when navigating (#25817)
    • nuxt: Add missing type for head in defineNuxtComponent (#25410)
    • nuxt: Handle undefined paths in resolveTrailingSlashBehavior (ba6a4132b)
    • nuxt: Set to.name to be undefined rather than deleting entirely (4ca1ab7cf)

    📖 Documentation

    • Enable more blocks for twoslash (#25830)
    • Remove .ts extension when adding compiled files (#25855)
    • Replace callout to new components (#25897)
    • Fix incorrect wording (#25902)

    🏡 Chore

    • Use nuxt.config to enable pages for docs typecheck (72a2e23cc)
    • Restore environment back to development (3f92cf04d)
    • Unpin vite version 🙈 (d326e054d)
    • nuxt: Use Exclude rather than Omit (3fc4231d3)

    🤖 CI

    • Typecheck code samples in docs (#25777)
    • Update link to stackblitz mcve page (59dd5fd93)

    ❤️ Contributors

  • 3.10.2 - 2024-02-14

    3.10.2 is a regularly-scheduled patch release.

    ✅ Upgrading

    As usual, our recommendation for upgrading is to run:

    nuxi upgrade --force

    This will refresh your lockfile as well, and ensures that you pull in updates from other dependencies that Nuxt relies on, particularly in the vue and unjs ecosystems.

    👉 Changelog

    compare changes

    🩹 Fixes

    • nuxt: Export refreshCookie (#25635)
    • nuxt: Allow prefetching urls with query string (#25658)
    • nuxt: Remove undefined keys in route object (#25667)
    • vite: Treat .pcss extension as a CSS extension (#25673)
    • nuxt: Don't check for layout/page with <ClientOnly> (#25714)
    • vite: Strip query strings for style chunk filenames (#25764)
    • nuxt: Inline entry styles before component styles (#25749)
    • vite: Optimise layer dependencies with vite (#25752)
    • nuxt: Don't add extra baseURL on server useRequestURL (#25765)
    • schema: Use rootDir, not process.cwd, for modulesDir (#25766)
    • nuxt: Only warn for useId if attrs were not rendered (#25770)
    • kit: Don't mutate existing component entry when overriding (#25786)

    📖 Documentation

    • Fix typo in useAsyncData docs (#25644)
    • Add quotes to clarify what site title is in example (#25669)
    • Enable twoslash for some code snippets (#25679)
    • Add prepend option docs for addComponentsDir (#25683)
    • Extend auto-scanned layer directories (#25720)
    • Improve wording in seo docs (#25692)
    • Add how to debug nuxt with node inspector (#25731)
    • <script setup> changed to <script setup lang="ts"> ([#25750](https://snyk.io/redirect/github//pull/25750))
    • Add missing export defaults for nuxt config (#25774)
    • Add import statement for mountSuspended (#25783)
    • Pass event to useRuntimeConfig (#25788)

    🏡 Chore

    • schema: Add missing closing code block (#25641)

    ❤️ Contributors

  • 3.10.1 - 2024-02-05
    Read more
  • 3.10.0 - 2024-01-30
    Read more
  • 3.9.3 - 2024-01-17

    3.9.3 is a hotfix release to address a regression with CSS in development

    ✅ Upgrading

    As usual, our recommendation for upgrading is to run:

    nuxi upgrade --force

    This will refresh your lockfile as well, and ensures that you pull in updates from other dependencies that Nuxt relies on, particularly in the vue and unjs ecosystems.

    👉 Changelog

    compare changes

    🩹 Fixes

    • nuxt: Render stylesheets in dev for non-islands (#25243)
    • nuxt: Don't set 2x data-island-uid for island children (#25245)
    • nuxt: Don't share object between raw cookie and cookie ref (#25255)

    📖 Documentation

    • Corrects variable name used in comment (#25238)
    • Deleted an extra character (#25248)
    • Remove space before colon (#25251)

    ✅ Tests

    • Add separate suspense test suite (#22947)

    ❤️ Contributors

  • 3.9.2 - 2024-01-16
    Read more
  • 3.9.1 - 2024-01-05
    Read more
from nuxt GitHub release notes

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

@Jeb4dev Jeb4dev closed this Mar 28, 2024
@Jeb4dev Jeb4dev deleted the snyk-upgrade-27f185561c39fb691b7595404d7b5f17 branch March 28, 2024 15:50
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@Jeb4dev @snyk-bot