[Snyk] Upgrade @vue/cli-plugin-babel from 4.5.13 to 5.0.8

[MarcelRaschke]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to upgrade @vue/cli-plugin-babel from 4.5.13 to 5.0.8.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

Warning: This is a major version upgrade, and may be a breaking change.

• The recommended version is 36 versions ahead of your current version.
• The recommended version was released a month ago, on 2022-07-07.

The recommended version fixes:

Severity	Issue	PriorityScore (*)	Exploit Maturity
	Prototype Pollution SNYK-JS-Y18N-1021887	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-XSS-1584355	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Improper Input Validation SNYK-JS-URLPARSE-2407770	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Improper Input Validation SNYK-JS-URLPARSE-2407770	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-TMPL-1583443	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-SSRI-1246392	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Information Exposure SNYK-JS-SIMPLEGET-2361683	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Improper Privilege Management SNYK-JS-SHELLJS-2332187	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Prototype Pollution SNYK-JS-SETVALUE-450213	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Prototype Pollution SNYK-JS-SETVALUE-1540541	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Prototype Pollution SNYK-JS-SETVALUE-450213	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Prototype Pollution SNYK-JS-SETVALUE-1540541	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-PRISMJS-1585202	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-PRISMJS-1585202	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-PRISMJS-1314893	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-PRISMJS-1076581	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Authorization Bypass Through User-Controlled Key SNYK-JS-URLPARSE-2412697	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Authorization Bypass SNYK-JS-URLPARSE-2407759	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Access Restriction Bypass SNYK-JS-URLPARSE-2401205	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Authorization Bypass Through User-Controlled Key SNYK-JS-URLPARSE-2412697	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Authorization Bypass SNYK-JS-URLPARSE-2407759	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Access Restriction Bypass SNYK-JS-URLPARSE-2401205	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Open Redirect SNYK-JS-URLPARSE-1533425	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-TERSER-2806366	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-TERSER-2806366	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-RAMDA-1582370	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Cross-site Scripting (XSS) SNYK-JS-PRISMJS-2404333	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Cross-site Scripting (XSS) SNYK-JS-PRISMJS-2404333	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-POSTCSS-1255640	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-POSTCSS-1090595	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-POSTCSS-1255640	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-POSTCSS-1090595	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-POSTCSS-1255640	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-POSTCSS-1090595	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Cross-site Scripting (XSS) SNYK-JS-PARSEURL-2942134	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Server-side Request Forgery (SSRF) SNYK-JS-PARSEURL-2936249	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Prototype Pollution SNYK-JS-OBJECTPATH-1585658	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-NORMALIZEURL-1296539	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-MOMENT-2944238	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Directory Traversal SNYK-JS-MOMENT-2440688	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Prototype Pollution SNYK-JS-JSONSCHEMA-1920922	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Denial of Service (DoS) SNYK-JS-JPEGJS-2859218	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Prototype Pollution SNYK-JS-INI-1048974	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-AXIOS-1579269	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Prototype Pollution SNYK-JS-ASYNC-2441827	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIHTML-1296849	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Prototype Pollution SNYK-JS-AJV-584908	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Prototype Pollution SNYK-JS-AJV-584908	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Prototype Pollution SNYK-JS-AJV-584908	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Information Exposure SNYK-JS-PARSEURL-2935947	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Cross-site Scripting (XSS) SNYK-JS-PARSEURL-2935944	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Denial of Service (DoS) SNYK-JS-NWSAPI-2841516	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Information Exposure SNYK-JS-NODEFETCH-2342118	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Information Exposure SNYK-JS-NANOID-2332193	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Prototype Pollution SNYK-JS-MINIMIST-559764	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Prototype Pollution SNYK-JS-MINIMIST-559764	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Denial of Service (DoS) SNYK-JS-JPEGJS-570039	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-HOSTEDGITINFO-1088355	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Information Exposure SNYK-JS-FOLLOWREDIRECTS-2332181	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Information Exposure SNYK-JS-EVENTSOURCE-2823375	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Cryptographic Issues SNYK-JS-ELLIPTIC-1064899	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Prototype Pollution SNYK-JS-MINIMIST-2429795	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Prototype Pollution SNYK-JS-MINIMIST-2429795	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Prototype Pollution SNYK-JS-MINIMIST-2429795	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Validation Bypass SNYK-JS-KINDOF-537849	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Information Exposure SNYK-JS-FOLLOWREDIRECTS-2396346	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: @vue/cli-plugin-babel

• 5.0.8 - 2022-07-07
  

  🐛 Bug Fix

  • @ vue/cli-service
    • 0260e4d fix: add devServer.server.type to useHttps judgement (#7222)
  • @ vue/cli-ui
    • 07052c4 fix: Vue CLI UI graphql subscription server error, fixes #7221
• 5.0.7 - 2022-07-05
  
  • @ vue/cli-service
    • #7202, [558dea2] fix: support devServer.server option, avoid deprecation warnings (@ backrunner, @ sodatea)
    • [beffe8a] fix: allow disabling progress plugin via devServer.client.progress
  • @ vue/cli-ui
    • #7210 chore: upgrade to apollo-server-express 3.x

  Committers: 2

  • BackRunner (@ backrunner)
  • Haoqun Jiang (@ sodatea)
• 5.0.6 - 2022-06-16
  

  Fix compatibility with the upcoming Vue 2.7 (currently in alpha) and Vue Loader 15.10 (currently in beta).

  In Vue 2.7, vue-template-compiler is no longer a required peer dependency. Rather, there's a new export under the main package as vue/compiler-sfc.

• 5.0.5 - 2022-06-16
  

  🐛 Bug Fix

  • @ vue/cli
    • #7167 fix(upgrade): prevent changing the structure of package.json file during upgrade (@ blzsaa)
  • @ vue/cli-service
    • #7023 fix: windows vue.config.mjs support (@ xiaoxiangmoe)
  • @ vue/cli-plugin-e2e-cypress
    • [697bb44] fix: should correctly resolve cypress bin path for Cypress 10 (Note that the project is still created with Cypress 9 by default, but you can upgrade to Cypress 10 on your own now)

  Committers: 3

  • Martijn Jacobs (@ maerteijn)
  • ZHAO Jinxiang (@ xiaoxiangmoe)
  • @ blzsaa
• 5.0.4 - 2022-03-22
  

  🐛 Bug Fix

  • @ vue/cli-service
    • #7005 Better handling of publicPath: 'auto' (@ AndreiSoroka)
  • @ vue/cli-shared-utils, @ vue/cli-ui
    • 75826d6 fix: replace node-ipc with @ achrinza/node-ipc to further secure the dependency chain

  Committers: 1

  • Andrei (@ AndreiSoroka)
  • Haoqun Jiang (@ sodatea)
• 5.0.3 - 2022-03-15
  

  5.0.3 (2022-03-15)

  🐛 Bug Fix

  • @ vue/cli-shared-utils, @ vue/cli-ui
    • Lock node-ipc to v9.2.1
• 5.0.2 - 2022-03-15
  

  🐛 Bug Fix

  • @ vue/cli-service
    • #7044 fix(cli-service): devServer proxy should be optional (@ ntnyq)
    • #7039 chore: add scss to LoaderOptions (@ hiblacker)

  Committers: 2

  • Blacker (@ hiblacker)
  • ntnyq (@ ntnyq)
• 5.0.1 - 2022-02-17
• 5.0.0 - 2022-02-17
• 5.0.0-rc.3 - 2022-02-10
• 5.0.0-rc.2 - 2022-01-15
• 5.0.0-rc.1 - 2021-11-17
• 5.0.0-rc.0 - 2021-11-06
• 5.0.0-beta.7 - 2021-10-26
• 5.0.0-beta.6 - 2021-10-14
• 5.0.0-beta.5 - 2021-10-10
• 5.0.0-beta.4 - 2021-09-15
• 5.0.0-beta.3 - 2021-08-10
• 5.0.0-beta.2 - 2021-06-09
• 5.0.0-beta.1 - 2021-05-14
• 5.0.0-beta.0 - 2021-04-25
• 5.0.0-alpha.8 - 2021-03-24
• 5.0.0-alpha.7 - 2021-03-11
• 5.0.0-alpha.6 - 2021-03-10
• 5.0.0-alpha.5 - 2021-02-23
• 5.0.0-alpha.4 - 2021-02-18
• 5.0.0-alpha.3 - 2021-01-22
• 5.0.0-alpha.2 - 2021-01-06
• 5.0.0-alpha.1 - 2021-01-06
• 5.0.0-alpha.0 - 2020-12-14
• 4.5.19 - 2022-06-28
  

  IMPORTANT NOTE: IE 11 has reached End-of-Life. The default browserslist query no longer includes IE 11 as a target.
  If your project still has to support IE 11, you MUST manually add IE 11 to the last line of the .browserslistrc file in the project (or browserslist field in package.json)

  🐛 Bug Fix

  • @ vue/babel-preset-app
    • [c7fa1cf] fix: always transpile syntaxes introduced in ES2020 or later, so that optional chaining and nullish coalescing syntaxes won't cause errors in webpack 4 and ESLint 6.
  • @ vue/cli-plugin-typescript
    • [5b57792] fix: typechecking with Vue 2.7, fixes #7213
• 4.5.18 - 2022-06-16
  

  Fix compatibility with the upcoming Vue 2.7 (currently in alpha) and Vue Loader 15.10 (currently in beta).

  In Vue 2.7, vue-template-compiler is no longer a required peer dependency. Rather, there's a new export under the main package as vue/compiler-sfc.

• 4.5.17 - 2022-03-23
  

  🐛 Bug Fix

  • @ vue/cli-shared-utils, @ vue/cli-ui
    • d7a9881 fix: replace node-ipc with @ achrinza/node-ipc to further secure the dependency chain

  Committers: 1

  • Haoqun Jiang (@ sodatea)
• 4.5.16 - 2022-03-15
• 4.5.15 - 2021-10-28
• 4.5.14 - 2021-10-14
• 4.5.13 - 2021-05-08

from @vue/cli-plugin-babel GitHub release notes

Commit messages

Package name: @vue/cli-plugin-babel

• b154dbd v5.0.8
• 4e024b7 ci: bump appveyor node version
• 0260e4d fix: add devServer.server.type to useHttps judgement (Modifying author names does not cause works in search results to show new name internetarchive/openlibrary#7222)
• 07052c4 fix: Vue CLI UI graphql subscription server error
• a5a893e chore: update changelog
• 4a0655f v5.0.7
• 6f9b6ec chore: update fallback chromedriver version
• 23fa20f chore: upgrade to apollo-server-express 3.x (Parallel process importbot imports to increase throughput + bug fixes internetarchive/openlibrary#7210)
• beffe8a fix: allow disabling progress plugin via `devServer.client.progress`
• 558dea2 fix: support `devServer.server` option, avoid deprecation warning
• bddd64d fix: optimize the judgment on whether HTTPS has been set in options (Don't import from partner data where publish_date is a future year internetarchive/openlibrary#7202)
• ef08a08 v5.0.6
• 6b163f2 chore: fix lint errors
• fcf27e3 fixup! fix: compatibility with Vue 2.7
• a648958 fix: compatibility with Vue 2.7
• 98c66c9 v5.0.5
• 64446e0 feat(upgrade): prevent changing the structure of package.json file during upgrade (Prevent reordering of work records in merge UI internetarchive/openlibrary#7167)
• 27dba1a fix: eliminate calling deprecated function in cli-plugin-e2e-cypress and cli-plugin-e2e-nightwatch (Update hamburger menu internetarchive/openlibrary#7158)
• 619965b docs: fix 404 links
• 697bb44 fix: should correctly resolve cypress bin path for Cypress 10
• b2b07a5 chore: run yarn-audit-fix
• d5bb358 chore: update lockfile
• 1452cd3 feat: update cypress to 9.x
• 00fd2b6 chore: update the @ achrinza/node-ipc to support Node.js 18

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs