[Snyk] Upgrade: lodash, , , chart.js, dayjs, nuxt, nuxt-buefy, vue-chartjs #3

takawiramundure · 2024-09-17T04:30:58Z

Snyk has created this PR to upgrade multiple dependencies.

👯 The following dependencies are linked and will therefore be updated together.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

Name	Versions	Released on

lodash
from 4.17.20 to 4.17.21 | 1 version ahead of your current version | 4 years ago
on 2021-02-20
@nuxtjs/axios
from 5.12.1 to 5.13.6 | 11 versions ahead of your current version | 3 years ago
on 2021-06-02
@nuxtjs/pwa
from 3.0.0 to 3.3.5 | 14 versions ahead of your current version | 4 years ago
on 2021-01-26
chart.js
from 2.9.3 to 2.9.4 | 1 version ahead of your current version | 4 years ago
on 2020-10-18
dayjs
from 1.8.33 to 1.11.13 | 35 versions ahead of your current version | a month ago
on 2024-08-20
nuxt
from 2.14.3 to 2.18.1 | 29 versions ahead of your current version | 3 months ago
on 2024-06-28
nuxt-buefy
from 0.3.31 to 0.4.29 | 30 versions ahead of your current version | 6 months ago
on 2024-04-01
vue-chartjs
from 3.5.0 to 3.5.1 | 1 version ahead of your current version | 4 years ago
on 2020-08-22

Issues fixed by the recommended upgrade:

Issue	Score	Exploit Maturity
Prototype Poisoning SNYK-JS-QS-3153490	696	Proof of Concept
Remote Code Execution (RCE) SNYK-JS-EJS-2803307	696	Proof of Concept
Improper Input Validation SNYK-JS-FOLLOWREDIRECTS-6141137	696	Proof of Concept
Improper Input Validation SNYK-JS-FOLLOWREDIRECTS-6141137	696	Proof of Concept
Prototype Pollution SNYK-JS-INI-1048974	696	Proof of Concept
Server-side Request Forgery (SSRF) SNYK-JS-IP-6240864	696	Proof of Concept
Prototype Pollution SNYK-JS-LOADERUTILS-3043105	696	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-NTHCHECK-1586032	696	Proof of Concept
Authorization Bypass Through User-Controlled Key SNYK-JS-PARSEPATH-2936439	696	Proof of Concept
Arbitrary Code Injection SNYK-JS-SERIALIZEJAVASCRIPT-570062	696	Proof of Concept
Asymmetric Resource Consumption (Amplification) SNYK-JS-BODYPARSER-7926860	696	No Known Exploit
Improper Verification of Cryptographic Signature SNYK-JS-BROWSERIFYSIGN-6037026	696	No Known Exploit
Prototype Pollution SNYK-JS-CHARTJS-1018716	696	Proof of Concept
Denial of Service (DoS) SNYK-JS-DECODEURICOMPONENT-3149970	696	Proof of Concept
Remote Code Execution (RCE) SNYK-JS-SHELLQUOTE-1766506	696	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-SSRI-1246392	696	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-SSRI-1246392	696	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-UAPARSERJS-1023599	696	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-UAPARSERJS-610226	696	Proof of Concept
Path Traversal SNYK-JS-WEBPACKDEVMIDDLEWARE-6476555	696	Proof of Concept
Denial of Service (DoS) SNYK-JS-WS-7266574	696	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIHTML-1296849	696	Proof of Concept
Prototype Pollution SNYK-JS-LOADERUTILS-3043105	696	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-AXIOS-1579269	696	Proof of Concept
Code Injection SNYK-JS-LODASH-1040724	696	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-LOADERUTILS-3105943	696	No Known Exploit
Arbitrary Code Injection SNYK-JS-EJS-1049328	696	Proof of Concept
Improper Control of Dynamically-Managed Code Resources SNYK-JS-EJS-6689533	696	No Known Exploit
Cryptographic Issues SNYK-JS-ELLIPTIC-1064899	696	No Known Exploit
Information Exposure SNYK-JS-PARSEURL-2935947	696	Proof of Concept
Information Exposure SNYK-JS-FOLLOWREDIRECTS-6444610	696	Proof of Concept
Information Exposure SNYK-JS-FOLLOWREDIRECTS-2332181	696	Proof of Concept
Information Exposure SNYK-JS-FOLLOWREDIRECTS-6444610	696	Proof of Concept
Open Redirect SNYK-JS-EXPRESS-6474509	696	No Known Exploit
Cross-site Scripting SNYK-JS-EXPRESS-7926867	696	No Known Exploit
Information Exposure SNYK-JS-FOLLOWREDIRECTS-2332181	696	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-HTMLMINIFIER-3091181	696	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-ISSVG-1085627	696	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-ISSVG-1243891	696	Proof of Concept
Prototype Pollution SNYK-JS-JSON5-3182856	696	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-LOADERUTILS-3042992	696	No Known Exploit
Information Exposure SNYK-JS-NANOID-2332193	696	Proof of Concept
Denial of Service SNYK-JS-NODEFETCH-674311	696	No Known Exploit
Information Exposure SNYK-JS-FOLLOWREDIRECTS-2396346	696	No Known Exploit
Prototype Pollution SNYK-JS-MINIMIST-2429795	696	Proof of Concept
Information Exposure SNYK-JS-FOLLOWREDIRECTS-2396346	696	No Known Exploit
Improper Verification of Cryptographic Signature SNYK-JS-ELLIPTIC-7577916	696	Proof of Concept
Improper Verification of Cryptographic Signature SNYK-JS-ELLIPTIC-7577917	696	Proof of Concept
Improper Verification of Cryptographic Signature SNYK-JS-ELLIPTIC-7577918	696	Proof of Concept
Prototype Pollution SNYK-JS-JSON5-3182856	696	Proof of Concept
Information Exposure SNYK-JS-NODEFETCH-2342118	696	No Known Exploit
Cross-site Scripting (XSS) SNYK-JS-PARSEURL-2935944	696	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-BROWSERSLIST-1090194	696	Proof of Concept
Cross-site Scripting (XSS) SNYK-JS-BUEFY-598386	696	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-COLORSTRING-1082939	696	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-UAPARSERJS-1072471	696	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-UGLIFYJS-1727251	696	No Known Exploit
Cross-site Scripting (XSS) SNYK-JS-PARSEURL-2942134	696	Proof of Concept
Server-side Request Forgery (SSRF) SNYK-JS-PARSEURL-3023021	696	Proof of Concept
Improper Input Validation SNYK-JS-PARSEURL-3024398	696	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-PATHPARSE-1077067	696	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-PATHTOREGEXP-7925106	696	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-POSTCSS-1090595	696	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-POSTCSS-1255640	696	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	696	Proof of Concept
Cross-site Scripting SNYK-JS-SERVESTATIC-7926865	696	No Known Exploit
Server-side Request Forgery (SSRF) SNYK-JS-PARSEURL-2936249	696	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-WS-1296835	696	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-LOADERUTILS-3042992	696	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-LOADERUTILS-3105943	696	No Known Exploit
Server-Side Request Forgery (SSRF) SNYK-JS-AXIOS-1038255	696	Proof of Concept
Cross-site Scripting SNYK-JS-SEND-7926862	696	No Known Exploit
Regular Expression Denial of Service (ReDoS) npm:debug:20170905	696	Proof of Concept
Incomplete List of Disallowed Inputs SNYK-JS-BABELTRAVERSE-5962462	696	Proof of Concept
Incomplete List of Disallowed Inputs SNYK-JS-BABELTRAVERSE-5962462	696	Proof of Concept

Release notes

Package name: lodash

4.17.21 - 2021-02-20
Bump to v4.17.21
4.17.20 - 2020-08-13
Bump to v4.17.20.

from lodash GitHub release notes

Package name: @nuxtjs/axios

5.13.6 - 2021-06-02
Bug Fixes
- setHeader function returns after the first scope element (#507) (cb5e29d)
5.13.5 - 2021-05-26
Bug Fixes
- only transpile defu for client bundle (resolves #501) (ec2eb0a)
5.13.4 - 2021-05-18
Bug Fixes
- build.transpile guard for [email protected] (fixes #498) (66d56ab)
5.13.3 - 2021-05-17
Bug Fixes
- transpile defu (cf1a03f), closes unjs/defu#28
5.13.2 - 2021-05-17
Dependencies:
- Update defu to 5.x
5.13.1 - 2021-02-08
Bug Fixes
- types: add missing type for create() (#475) (62f17ca)
- types: update interceptors type (#476) (ecfab9a)
5.13.0 - 2021-02-01
Features
- Support baseUrl and browserBaseUrl to handle casing typos (8904847)
Bug Fixes
- Add x-forwarded-port and x-forwarded-proto to proxyHeaderIgnore defaults (#465) (a1a1894)
5.12.5 - 2021-01-04
Bug Fixes
- add x-forwarded-host to proxyHeaderIgnore defaults (#462) (433548b), closes #456
Dependencies
- Update axios to ^0.21.1 (axios/axios#3410) (#460)
5.12.4 - 2020-12-14
Bug Fixes
- Preserve default headers with custom headers (#452) (55f994f) (resolves resolves #411, #444)
Dependencies
- Update @ nuxtjs/proxy to 2.1.0 (less warnings and typescript rewrite)
Thanks
- Gábor Egyed (@ 1ed)
5.12.3 - 2020-11-30
Bug Fixes
- $loading().set(Infinity) issue (#424) (7b32262)
5.12.2 - 2020-08-25
5.12.1 - 2020-08-05

from @nuxtjs/axios GitHub release notes

Package name: @nuxtjs/pwa

3.3.5 - 2021-01-26
Bug Fixes
- meta: add missing hid to icon tags (#428) (d9addb7)
3.3.4 - 2021-01-07
Bug Fixes
- types: mark module options fields as optional (#420) (7d75c28)
3.3.3 - 2020-12-20
Bug Fixes
- workbox: add additional details for uncaught errors and fix chromium cors (#417) (f20489c)
- workbox: deepClone options to avoid cross-build mutation (e39027e)
Update Notes

If you was previously using workbox.clientsClaim: false option in nuxt.config to handle uncaught error, you have to revert it because disabling makes caching issues
3.3.2 - 2020-11-30
Bug Fixes
- avoid adding revision to start_url (1c44cff)
3.3.1 - 2020-11-29
Bug Fixes
- append to start_url without query param (fixes #403) (054b8a2)
3.3.0 - 2020-11-28
Features
- manifest: add revision to start_url (ad26827)
Bug Fixes
- manifest: invalidate start_url cache (240d4a1)
- add revision to precache assets (#386) (872dce1)
3.2.2 - 2020-10-13
Bug Fixes
- serve static webpack assets from disk in dev mode (fixes #373) (8298f95)
3.2.1 - 2020-10-13
Bug Fixes
- workbox: precache start_url (resolves #372) (27e19a0)
3.2.0 - 2020-10-13
Changes
- Support static mode build cache (#371) (9a825c9) (resolves #367, #353, #352)
- meta: fix mergeMeta cjs export (774f1a8) (resolves #369)
3.1.2 - 2020-10-07
Bug Fixes
- meta: avoid unnecessary log for meta.json (de8e039)
- meta: fix issues regarding favicon.ico fallback (7a1e773)
3.1.1 - 2020-10-07
3.1.0 - 2020-10-06
3.0.2 - 2020-08-26
3.0.1 - 2020-08-17
3.0.0 - 2020-08-16

from @nuxtjs/pwa GitHub release notes

Package name: chart.js

2.9.4 - 2020-10-18
This is the last release of v2 and focused on fixing bugs identified in the v2.9.3 release.

Bugs Fixed
- #7404 - Preserve prototypes when cloning. Thanks @ iddings
- #7587 - Fix docs for external moment.js. Thanks @ mojoaxel
- #7853 - Fix box recursion when dimensions are NaN. Thanks @ alessandroasm
- #7883 - Fix call stack exception when computing label sizes. Thanks @ silentmatt
- #7918 - Prevent global prototype pollution via the merge helper
- #7920 - Use Object.create(null) as merge target, to prevent prototype pollution
2.9.3 - 2019-11-14
Bug Fixes
- #6698 Fix undefined variable
- #6719 Don't make legend empty when fill is false
Thanks to the maintainers and collaborators for their help to improve and test Chart.js (@ kurkle, @ benmccann, and @ etimberg).

from chart.js GitHub release notes

Package name: dayjs

1.11.13 - 2024-08-20
1.11.13 (2024-08-20)

Bug Fixes
- customParseFormat supports Q quter / w ww weekOfYear (#2705) (8ca74f1)
1.11.12 - 2024-07-18
1.11.12 (2024-07-18)

Bug Fixes
- Add NegativeYear Plugin support (#2640) (6a42e0d)
- add UTC support to negativeYear plugin (#2692) (f3ef705)
- Fix zero offset issue when use tz with locale (#2532) (d0e6738)
- Improve typing for min/max plugin (#2573) (4fbe94a)
- timezone plugin currect parse UTC tz (#2693) (b575c81)
1.11.11 - 2024-04-28
1.11.11 (2024-04-28)

Bug Fixes
- day of week type literal (#2630) (f68d73e)
- improve locale "zh-hk" format and meridiem (#2419) (a947a51)
- Update 'da' locale to match correct first week of year (#2592) (44b0936)
- update locale Bulgarian monthsShort Jan (#2538) (f0c9a41)
1.11.10 - 2023-09-19
1.11.10 (2023-09-19)

Bug Fixes
- Add Korean Day of Month with ordinal (#2395) (dd55ee2)
- change back fa locale to the Gregorian calendar equivalent (#2411) (95e9458)
- duration plugin - MILLISECONDS_A_MONTH const calculation (#2362) (f0a0b54)
- duration plugin getter get result 0 instead of undefined (#2369) (061aa7e)
- fix isDayjs check logic (#2383) (5f3f878)
- fix timezone plugin to get correct locale setting (#2420) (4f45012)
- locale: add meridiem in ar locale (#2418) (361be5c)
- round durations to millisecond precision for ISO string (#2367) (890a17a)
- sub-second precisions need to be rounded at the seconds field to avoid adding floats (#2377) (a9d7d03)
- update $x logic to avoid plugin error (#2429) (2254635)
- Update Slovenian locale for relative time (#2396) (5470a15)
- update uzbek language translation (#2327) (0a91056)
1.11.9 - 2023-07-01
1.11.9 (2023-07-01)

Bug Fixes
- Add null to min and max plugin return type (#2355) (62d9042)
- check if null passed to objectSupport parser (#2175) (013968f)
- dayjs.diff improve performance (#2244) (33c80e1)
- dayjs(null) throws error, not return dayjs object as invalid date (#2334) (c79e2f5)
- objectSupport plugin causes an error when null is passed to dayjs function (closes #2277) (#2342) (89bf31c)
- Optimize format method (#2313) (1fe1b1d)
- update Duration plugin add/subtract take into account days in month (#2337) (3b1060f)
- update MinMax plugin 1. ignore the 'null' in args 2. return the only one arg (#2330) (3c2c6ee)
1.11.8 - 2023-06-02
1.11.8 (2023-06-02)

Bug Fixes
- .format add padding to 'YYYY' (#2231) (00c223b)
- Added .valueOf method to Duration class (#2226) (9b4fcfd)
- timezone type mark date parameter as optional (#2222) (b87aa0e)
- type file first parameter date is optional in isSame(), isBefore(), isAfter() (#2272) (4d56f3e)
1.11.7 - 2022-12-06
1.11.7 (2022-12-06)

Bug Fixes
- Add locale (zh-tw) meridiem (#2149) (1e9ba76)
- update fa locale (#2151) (1c26732)
1.11.6 - 2022-10-21
1.11.6 (2022-10-21)

Bug Fixes
- add BigIntSupport plugin (#2087) (f6dce48)
- Fix objectSupport collides with Duration plugin - issue #2027 (#2038) (c9370ea)
1.11.5 - 2022-08-12
1.11.5 (2022-08-12)

Bug Fixes
- ordinal for nl not working (#2011) (c93c85e)
- wrong ordinal for french locale (#2010) (dd192a7)
1.11.4 - 2022-07-19
1.11.4 (2022-07-19)

Bug Fixes
- correct past property in ku (kurdish) locale (#1916) (74e82b9)
- fix French [fr] local ordinal (#1932) (8f09834)
- fix objectSupport plugin ConfigTypeMap type (#1441) (#1990) (fd51fe4)
- fix type error to add ordianl property in InstanceLocaleDataReturn and GlobalLocaleDataReturn types (#1931) (526f0ae)
- update locale ar-* meridiem function (#1954) (3d31611)
- zh-tw / zh-hk locale ordinal error (#1976) (0a1bd08)
1.11.3 - 2022-06-06
1.11.2 - 2022-05-06
1.11.1 - 2022-04-15
1.11.0 - 2022-03-14
1.10.8 - 2022-02-28
1.10.7 - 2021-09-10
1.10.6 - 2021-07-06
1.10.5 - 2021-05-26
1.10.4 - 2021-01-22
1.10.3 - 2021-01-09
1.10.2 - 2021-01-05
1.10.1 - 2021-01-03
1.10.0 - 2021-01-03
1.9.8 - 2020-12-27
1.9.7 - 2020-12-05
1.9.6 - 2020-11-10
1.9.5 - 2020-11-05
1.9.4 - 2020-10-23
1.9.3 - 2020-10-13
1.9.2 - 2020-10-13
1.9.1 - 2020-09-28
1.9.0 - 2020-09-28
1.8.36 - 2020-09-17
1.8.35 - 2020-09-02
1.8.34 - 2020-08-20
1.8.33 - 2020-08-10

from dayjs GitHub release notes

Package name: nuxt

2.18.1 - 2024-06-28
👉 Changelog

compare changes

🩹 Fixes
- webpack: Depend on earlier version of mkdirp (f67056b9e)
❤️ Contributors
- Daniel Roe (@ danielroe)
2.18.0 - 2024-06-27
👉 Changelog

compare changes

🚀 Enhancements
- webpack: Migrate to memfs (#27652)
🩹 Fixes
- vue-app: Don't throw if we can't read sessionStorage (#27662)
- config: Add back md4 monkey-patch for wider ecosystem (#27865)
🏡 Chore
- Bump internal versions (9e829b59a)
- Add non-applicable advisory

Snyk has created this PR to upgrade: - lodash from 4.17.20 to 4.17.21. See this package in npm: https://www.npmjs.com/package/lodash - @nuxtjs/axios from 5.12.1 to 5.13.6. See this package in npm: https://www.npmjs.com/package/@nuxtjs/axios - @nuxtjs/pwa from 3.0.0 to 3.3.5. See this package in npm: https://www.npmjs.com/package/@nuxtjs/pwa - chart.js from 2.9.3 to 2.9.4. See this package in npm: https://www.npmjs.com/package/chart.js - dayjs from 1.8.33 to 1.11.13. See this package in npm: https://www.npmjs.com/package/dayjs - nuxt from 2.14.3 to 2.18.1. See this package in npm: https://www.npmjs.com/package/nuxt - nuxt-buefy from 0.3.31 to 0.4.29. See this package in npm: https://www.npmjs.com/package/nuxt-buefy - vue-chartjs from 3.5.0 to 3.5.1. See this package in npm: https://www.npmjs.com/package/vue-chartjs See this project in Snyk: https://app.snyk.io/org/takawiramundure/project/3f8cc0e5-fa42-476c-97d6-4e079e154f0b?utm_source=github&utm_medium=referral&page=upgrade-pr

[Snyk] Upgrade: lodash, , , chart.js, dayjs, nuxt, nuxt-buefy, vue-chartjs #3

Are you sure you want to change the base?

[Snyk] Upgrade: lodash, , , chart.js, dayjs, nuxt, nuxt-buefy, vue-chartjs #3

Uh oh!

Conversation

takawiramundure commented Sep 17, 2024

Snyk has created this PR to upgrade multiple dependencies.

Issues fixed by the recommended upgrade:

Bug Fixes

Bug Fixes

Bug Fixes

Bug Fixes

Bug Fixes

Features

Bug Fixes

Bug Fixes

Dependencies

Bug Fixes

Dependencies

Thanks

Bug Fixes

Bug Fixes

Bug Fixes

Bug Fixes

Update Notes

Bug Fixes

Bug Fixes

Features

Bug Fixes

Bug Fixes

Bug Fixes

Changes

Bug Fixes

Bugs Fixed

Bug Fixes

1.11.13 (2024-08-20)

Bug Fixes

1.11.12 (2024-07-18)

Bug Fixes

1.11.11 (2024-04-28)

Bug Fixes

1.11.10 (2023-09-19)

Bug Fixes

1.11.9 (2023-07-01)

Bug Fixes

1.11.8 (2023-06-02)

Bug Fixes

1.11.7 (2022-12-06)

Bug Fixes

1.11.6 (2022-10-21)

Bug Fixes

1.11.5 (2022-08-12)

Bug Fixes

1.11.4 (2022-07-19)

Bug Fixes

👉 Changelog

🩹 Fixes

❤️ Contributors

👉 Changelog

🚀 Enhancements

🩹 Fixes

🏡 Chore

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants