[Snyk] Upgrade: , vue, , , postcss, , autoprefixer, axios, bootstrap, bootstrap-icons-vue, css-loader, dashjs, icecast-metadata-player, laravel-echo, moment, patch-package, sass, sass-loader, socket.io-client, vue-router, vue-tsc

[xorinzor]

Snyk has created this PR to upgrade multiple dependencies.

👯 The following dependencies are linked and will therefore be updated together.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

Name	Versions	Released on

@babel/core
from 7.22.6 to 7.25.2 | 27 versions ahead of your current version | 2 months ago
on 2024-07-30
vue
from 3.4.35 to 3.4.38 | 3 versions ahead of your current version | a month ago
on 2024-08-15
@apollo/client
from 3.11.2 to 3.11.5 | 3 versions ahead of your current version | a month ago
on 2024-08-28
@vue/apollo-composable
from 4.0.2 to 4.2.1 | 3 versions ahead of your current version | a month ago
on 2024-08-23
postcss
from 8.4.41 to 8.4.44 | 3 versions ahead of your current version | 21 days ago
on 2024-09-02
@vue/compiler-sfc
from 3.4.35 to 3.4.38 | 3 versions ahead of your current version | a month ago
on 2024-08-15
autoprefixer
from 10.4.14 to 10.4.20 | 6 versions ahead of your current version | 2 months ago
on 2024-08-02
axios
from 1.7.4 to 1.7.7 | 3 versions ahead of your current version | 22 days ago
on 2024-08-31
bootstrap
from 5.3.2 to 5.3.3 | 1 version ahead of your current version | 7 months ago
on 2024-02-20
bootstrap-icons-vue
from 1.11.1 to 1.11.3 | 1 version ahead of your current version | 8 months ago
on 2024-01-26
css-loader
from 6.8.1 to 6.11.0 | 4 versions ahead of your current version | 6 months ago
on 2024-04-03
dashjs
from 4.7.2 to 4.7.4 | 2 versions ahead of your current version | 7 months ago
on 2024-02-20
icecast-metadata-player
from 1.17.1 to 1.17.3 | 2 versions ahead of your current version | 4 months ago
on 2024-05-13
laravel-echo
from 1.15.3 to 1.16.1 | 2 versions ahead of your current version | 5 months ago
on 2024-04-09
moment
from 2.29.4 to 2.30.1 | 2 versions ahead of your current version | 9 months ago
on 2023-12-27
patch-package
from 7.0.1 to 7.0.2 | 1 version ahead of your current version | a year ago
on 2023-07-12
sass
from 1.63.3 to 1.77.8 | 36 versions ahead of your current version | 2 months ago
on 2024-07-11
sass-loader
from 13.3.2 to 13.3.3 | 1 version ahead of your current version | 9 months ago
on 2023-12-25
socket.io-client
from 4.7.2 to 4.7.5 | 3 versions ahead of your current version | 6 months ago
on 2024-03-14
vue-router
from 4.4.2 to 4.4.3 | 1 version ahead of your current version | 2 months ago
on 2024-08-06
vue-tsc
from 2.0.29 to 2.1.4 | 3 versions ahead of your current version | 23 days ago
on 2024-08-31

Issues fixed by the recommended upgrade:

	Issue	Score	Exploit Maturity
	Inefficient Regular Expression Complexity SNYK-JS-MICROMATCH-6838728	375	No Known Exploit
	Information Exposure SNYK-JS-VITE-8023174	375	Proof of Concept
	Cross-site Scripting (XSS) SNYK-JS-VITE-8022916	375	Proof of Concept

Release notes

Package name: @babel/core

• 7.25.2 - 2024-07-30
  

  v7.25.2 (2024-07-30)

  🐛 Bug Fix

  • babel-core, babel-traverse
    • #16695 Ensure that requeueComputedKeyAndDecorators is available (@ nicolo-ribaudo)

  Committers: 2

  • Huáng Jùnliàng (@ JLHwung)
  • Nicolò Ribaudo (@ nicolo-ribaudo)
• 7.24.9 - 2024-07-15
  

  v7.24.9 (2024-07-15)

  🐛 Bug Fix

  • babel-core, babel-standalone
    • #16639 Avoid require() call in @ babel/standalone bundle (@ nicolo-ribaudo)
  • babel-types
    • #16638 fix: provide legacy typings for TS < 4.1 (@ JLHwung)

  💅 Polish

  • babel-generator, babel-plugin-transform-optional-chaining
    • #16617 Avoid extra parens in TS as/satisfies (@ nicolo-ribaudo)

  🏠 Internal

  • babel-helper-module-transforms
    • #16629 Lazy top-level initializations for module transforms (@ guybedford)

  Committers: 5

  • Babel Bot (@ babel-bot)
  • Guy Bedford (@ guybedford)
  • Huáng Jùnliàng (@ JLHwung)
  • Nicolò Ribaudo (@ nicolo-ribaudo)
  • @ liuxingbaoyu
• 7.24.8 - 2024-07-11
• 7.24.7 - 2024-06-05
• 7.24.6 - 2024-05-24
• 7.24.5 - 2024-04-29
• 7.24.4 - 2024-04-03
• 7.24.3 - 2024-03-20
• 7.24.1 - 2024-03-19
• 7.24.0 - 2024-02-28
• 7.23.9 - 2024-01-25
• 7.23.7 - 2023-12-29
• 7.23.6 - 2023-12-11
• 7.23.5 - 2023-11-29
• 7.23.3 - 2023-11-09
• 7.23.2 - 2023-10-12
• 7.23.0 - 2023-09-25
• 7.22.20 - 2023-09-16
• 7.22.19 - 2023-09-14
• 7.22.18 - 2023-09-14
• 7.22.17 - 2023-09-08
• 7.22.15 - 2023-09-04
• 7.22.11 - 2023-08-24
• 7.22.10 - 2023-08-07
• 7.22.9 - 2023-07-12
• 7.22.8 - 2023-07-06
• 7.22.7 - 2023-07-06
• 7.22.6 - 2023-07-04

from @babel/core GitHub release notes

Package name: vue

• 3.4.38 - 2024-08-15
  

  For stable releases, please refer to CHANGELOG.md for details.
  For pre-releases, please refer to CHANGELOG.md of the minor branch.

• 3.4.37 - 2024-08-08
  

  For stable releases, please refer to CHANGELOG.md for details.
  For pre-releases, please refer to CHANGELOG.md of the minor branch.

• 3.4.36 - 2024-08-06
  

  For stable releases, please refer to CHANGELOG.md for details.
  For pre-releases, please refer to CHANGELOG.md of the minor branch.

• 3.4.35 - 2024-07-31
  

  For stable releases, please refer to CHANGELOG.md for details.
  For pre-releases, please refer to CHANGELOG.md of the minor branch.

from vue GitHub release notes

Package name: @apollo/client

• 3.11.5 - 2024-08-28
  

  Patch Changes

  • #12027 eb3e21b Thanks @ JavaScriptBach! - Type MutationResult.reset as an arrow function

  • #12020 82d8cb4 Thanks @ jerelmiller! - Better conform to Rules of React by avoiding write of ref in render for useFragment.

• 3.11.4 - 2024-08-07
  

  Patch Changes

  • #11994 41b17e5 Thanks @ jerelmiller! - Update the Modifier function type to allow cache.modify to return deeply partial data.

  • #11989 e609156 Thanks @ phryneas! - Fix a potential crash when calling clearStore while a query was running.

    Previously, calling client.clearStore() while a query was running had one of these results:

    • useQuery would stay in a loading: true state.
    • useLazyQuery would stay in a loading: true state, but also crash with a "Cannot read property 'data' of undefined" error.

    Now, in both cases, the hook will enter an error state with a networkError, and the promise returned by the useLazyQuery execute function will return a result in an error state.

  • #11994 41b17e5 Thanks @ jerelmiller! - Prevent accidental distribution on cache.modify field modifiers when a field is a union type array.

• 3.11.3 - 2024-08-05
  

  Patch Changes

  • #11984 5db1659 Thanks @ jerelmiller! - Fix an issue where multiple fetches with results that returned errors would sometimes set the data property with an errorPolicy of none.

  • #11974 c95848e Thanks @ jerelmiller! - Fix an issue where fetchMore would write its result data to the cache when using it with a no-cache fetch policy.

  • #11974 c95848e Thanks @ jerelmiller! - Fix an issue where executing fetchMore with a no-cache fetch policy could sometimes result in multiple network requests.

  • #11974 c95848e Thanks @ jerelmiller! -

    Potentially disruptive change

    When calling fetchMore with a query that has a no-cache fetch policy, fetchMore will now throw if an updateQuery function is not provided. This provides a mechanism to merge the results from the fetchMore call with the query's previous result.

• 3.11.2 - 2024-07-31
  

  Patch Changes

  • #11980 38c0a2c Thanks @ jerelmiller! - Fix missing getServerSnapshot error when using useSubscription on the server.

from @apollo/client GitHub release notes

Package name: @vue/apollo-composable

• 4.2.1 - 2024-08-23
  

  🩹 Fixes

  • Improved pinia support (#1571)

  📖 Documentation

  • Update broken circleci badge (9622392)
  • Readme smaller logo (ff836ea)
  • Use nightly.akryum.dev (7f3cf7d)

  🏡 Chore

  • Specify pnpm version in package.json (732e66e)

  ❤️ Contributors

  • Nick Messing (@ nickmessing)
  • Guillaume Chau (@ Akryum)
• 4.2.0 - 2024-08-19
  

  🚀 Enhancements

  • Add updateQuery to useQuery (#1552)

  🩹 Fixes

  • UseMutations onDone Event hook gets triggered too early (#1559)
  • (@ vue/apollo-option) memory leak in wrapped ssrRender (#1553)
  • Reuse previous result, fix #1483 (#1569, #1483)
  • ResolveClient throwing too soon, fix #1557 (#1570, #1557)

  📖 Documentation

  • Add github link to documentation (#1549)
  • Note about continuous releases (51e09e7)

  🏡 Chore

  • Switch some tests to script setup (c8e5106)

  🤖 CI

  • Nightly releases (319f6ec)

  ❤️ Contributors

  • Guillaume Chau (@ Akryum)
  • Matt Garrett [email protected]
  • Mobsean (@ mobsean)
  • Leonardo Santos (@ syllomex)
  • Alex Liu (@ Mini-ghost)
• 4.1.0 - 2024-08-14
  

  🩹 Fixes

  • Change teardown to use onScopeDispose (#1545)

  📖 Documentation

  • useQuery: Document refetch with new variables (#1564)

  🏡 Chore

  • Updqte pnpm to v9 (827ea6e)

  ✅ Tests

  • UseSubscription (0f5ae61)
  • Fix subscription test (#1547)

  🤖 CI

  • Update versions (fe66840)

  ❤️ Contributors

  • Guillaume Chau (@ Akryum)
  • Nick Messing (@ nickmessing)
• 4.0.2 - 2024-03-08
  

  🩹 Fixes

  • Use shallowRef on result & error (08f0fcd)

  📖 Documentation

  • Remove mentions of fetchResults, fix #1060 (#1060)

  ❤️ Contributors

  • Guillaume Chau (@ Akryum)

from @vue/apollo-composable GitHub release notes

Package name: postcss

• 8.4.44 - 2024-09-02
  
  • Another way to fix markClean is not a function error.
• 8.4.43 - 2024-09-01
  
  • Fixed markClean is not a function error.
• 8.4.42 - 2024-08-31
  
  • Fixed CSS syntax error on long minified files (by @ varpstar).
• 8.4.41 - 2024-08-05
  
  • Fixed types (by @ nex3 and @ querkmachine).
  • Cleaned up RegExps (by @ bluwy).

from postcss GitHub release notes

Package name: @vue/compiler-sfc

• 3.4.38 - 2024-08-15
  

  For stable releases, please refer to CHANGELOG.md for details.
  For pre-releases, please refer to CHANGELOG.md of the minor branch.

• 3.4.37 - 2024-08-08
  

  For stable releases, please refer to CHANGELOG.md for details.
  For pre-releases, please refer to CHANGELOG.md of the minor branch.

• 3.4.36 - 2024-08-06
  

  For stable releases, please refer to CHANGELOG.md for details.
  For pre-releases, please refer to CHANGELOG.md of the minor branch.

• 3.4.35 - 2024-07-31
  

  For stable releases, please refer to CHANGELOG.md for details.
  For pre-releases, please refer to CHANGELOG.md of the minor branch.

from @vue/compiler-sfc GitHub release notes

Package name: autoprefixer

• 10.4.20 - 2024-08-02
  
  • Fixed fit-content prefix for Firefox.
• 10.4.19 - 2024-03-20
  
  • Removed end value has mixed support, consider using flex-end warning since end/start now have good support.
• 10.4.18 - 2024-03-01
  
  • Fixed removing -webkit-box-orient on -webkit-line-clamp (@ Goodwine).
• 10.4.17 - 2024-01-17
  
  • Fixed user-select: contain prefixes.
• 10.4.16 - 2023-09-20
  
  • Improved performance (by @ romainmenke).
  • Fixed docs (by @ coliff).
• 10.4.15 - 2023-08-13
  
  • Fixed ::backdrop prefixes (by @ yisibl).
  • Fixed docs (by @ coliff).
• 10.4.14 - 2023-03-09
  
  • Improved startup time and reduced JS bundle size (by @ Knagis).

from autoprefixer GitHub release notes

Package name: axios

• 1.7.7 - 2024-08-31
  

  Release notes:

  Bug Fixes

  • fetch: fix stream handling in Safari by fallback to using a stream reader instead of an async iterator; (#6584) (d198085)
  • http: fixed support for IPv6 literal strings in url (#5731) (364993f)

  Contributors to this release

  • Rishi556
  • Dmitriy Mozgovoy
• 1.7.6 - 2024-08-30
  

  Release notes:

  Bug Fixes

  • fetch: fix content length calculation for FormData payload; (#6524) (085f568)
  • fetch: optimize signals composing logic; (#6582) (df9889b)

  Contributors to this release

  • Dmitriy Mozgovoy
  • Jacques Germishuys
  • kuroino721
• 1.7.5 - 2024-08-23
  

  Release notes:

  Bug Fixes

  • adapter: fix undefined reference to hasBrowserEnv (#6572) (7004707)
  • core: add the missed implementation of AxiosError#status property; (#6573) (6700a8a)
  • core: fix ReferenceError: navigator is not defined for custom environments; (#6567) (fed1a4b)
  • fetch: fix credentials handling in Cloudflare workers (#6533) (550d885)

  Contributors to this release

  • Dmitriy Mozgovoy
  • Antonin Bas
  • Hans Otto Wirtz
• 1.7.4 - 2024-08-13
  

  Release notes:

  Bug Fixes

  • sec: CVE-2024-39338 (#6539) (#6543) (6b6b605)
  • sec: disregard protocol-relative URL to remediate SSRF (#6539) (07a661a)

  Contributors to this release

  • Lev Pachmanov
  • Đỗ Trọng Hải

from axios GitHub release notes

Package name: bootstrap

• 5.3.3 - 2024-02-20
  

  Highlights

  • Fixed a breaking change introduced with color modes where it was required to manually import variables-dark.scss when building Bootstrap with Sass. Now, _variables.scss will automatically import _variables-dark.scss. If you were already importing _variables-dark.scss manually, you should keep doing it as it won't break anything and will be the way to go in v6.
  • Fixed a regression in the selector engine that wasn't able to handle multiple IDs anymore.

  Color modes

  • Badges now use the .text-bg-* text utilities to be certain that the text is always readable (especially when the customized colors are different in light and dark modes).
  • Fixed our color-modes.js script to handle the case where the OS is set to light mode and the auto color mode is used on the website. If you copied the script from our docs, you should apply this change to your own script.
  • Fixed color schemes description in the color modes documentation to show that color-scheme() only accept light and dark values as parameters.

  Miscellaneous

  • Allowed <dl>, <dt> and <dd> in the sanitizer.
  • Dropped evenly items distribution for modal and offcanvas headers.
  • Fixed the accordion CSS selectors to avoid inheritance issues when nesting accordions.
  • Fixed the focus box-shadow for the validation stated form controls.
  • Fixed the focus ring on focused checked buttons.
  • Fixed the product example mobile navbar toggler.
  • Changed the RTL processing of carousel control icons.

  ---

  🎨 CSS

  • #37508: Use child combinators to avoid inheriting parent accordion's flush styles
  • #38719: Fix focus box-shadow for validation stated form-controls
  • #38884: fix border-radius on radio-switch
  • #39294: Tests: update navbar in visual modal test
  • #39373: refactor css: modal and offcanvas header spacing
  • #39380: Fix Sass compilation breaking change in v5.3
  • #39387: docs: fix typo
  • #39411: Optimize the accordion icon
  • #39497: Fix a typo
  • #39536: Changed RTL processing of carousel control icons
  • #39560: Drop --bs-accordion-btn-focus-border-color and deprecate $accordion-button-focus-border-color
  • #39595: CSS: Fix the focus ring on focused checked buttons

  ☕️ JavaScript

  • #39201: Selector Engine: fix multiple IDs
  • #39224: Fix edge case in color-mode.js
  • #39376: Allow dl, dt and dd in sanitizer

  📖 Docs

  • #39200: Typo Fix
  • #39214: Doc: use .text-bg-{color} for all badges
  • #39246: Docs: fix for example code blocks have unnecessary 30px right-margin
  • #39249: Doc: consistent rendering of 'Heads up!' callouts
  • #39281: Fix getOrCreateInstance() doc example
  • #39293: Update background.md
  • #39304: Doc: add expanded accordion explanation
  • #39320: Drop .table-light from table foot example
  • #39340: Doc: add dispose() to Offcanvas methods
  • #39378: Docs: fix sentence in modal
  • #39417: Fix color schemes description in Sass customization documentation
  • #39418: Docs: change vite config path import in vite guide
  • #39435: Docs: add shift-color() usage example in sass customization page
  • #39458: Docs: enhance .card-img-* description
  • #39503: Minor image compression improvements
  • #39519: Docs: use consistent HTML elements in Utilities -> Background page
  • #39520: Docs: drop unused .theme-icon class
  • #39528: docs: clean up example.html
  • #39537: Docs: fix desc around deprecated Sass mixins for alerts and list groups
  • #39539: Update links on get-started page
  • #39592: Update vite.md
  • #39604: Fix typo in 'media-breakpoint-between' in migration docs
  • #39617: Docs: add missing comma in native font stack code source in Content -> Reboot
  • #39663: updated table to be responsive

  🛠 Examples

  • #39657: Fix product example mobile navbar toggler
  • #39585: Docs: Add missing type="button" to Cheatsheet nav buttons

  🏭 Tests

  • #39294: Tests: update navbar in visual modal test

  🧰 Misc

  • #39096: CI: stop running coveralls in forks
  • #39501: CI: switch to Node.js 20

  📦 Dependencies

  • Updated numerous devDependencies
• 5.3.2 - 2023-09-14
  

  Highlights

  • Passing a percentage unit to the global abs() is deprecated since Dart Sass v1.65.0. It resulted in a deprecation warning when compiling Bootstrap with Dart Sass. This has been fixed internally by changing the values passed to the divide() function. The divide() function has not been fixed itself so that we can keep supporting node-sass cross-compatibility. In v6, this won't be an issue as we plan to drop support for node-sass.
  • Using multiple ids in a collapse target wasn't working anymore and has been fixed.

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarCloud