Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Snyk] Security upgrade bootstrap-vue from 2.0.0-rc.2 to 2.0.0 #21

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

shoter
Copy link
Owner

@shoter shoter commented Jul 8, 2022

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • frontend/package.json
    • frontend/package-lock.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 696/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.5
Regular Expression Denial of Service (ReDoS)
SNYK-JS-ANSIREGEX-1583908
No Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: bootstrap-vue The new version differs by 250 commits.
  • e42ef07 Merge pull request #3862 from bootstrap-vue/dev
  • 5930f04 chore: bump version and update changelog (#4017)
  • 72ceef8 chore: coverage fixes for babel dep upgrades (#4034)
  • efe84a1 Revert "chore(deps): update devdependency @ nuxtjs/pwa to ^3.0.0-beta.17 (#4026)" (#4031)
  • 4b8a8c7 fix(docs): hading before margin (#4029)
  • cbeeef9 feat(b-table, b-table-lite): add new scoped slot `custom-foot` to allow user to create their own table footer (closes #3960) (#4027)
  • 81efb89 fix(b-dropdown-*): ensure class bindings are placed on root element for all dropdown sub-components (closes #4022) (#4024)
  • c7cb16f fix(b-table, b-table-lite): use `:key` for row details based on the primary key value if available (#4025)
  • 2012d07 chore(deps): update devdependency @ nuxtjs/pwa to ^3.0.0-beta.17 (#4026)
  • 6aa16b8 chore(deps): update devdependency eslint-plugin-jest to ^22.17.0 (#4023)
  • 64735a3 chore: tooltip/popover directives execute title/content if function before each show (#4020)
  • 10ff04a chore(deps): update devdependency eslint-plugin-node to v10 (#4019)
  • acb34e7 chore(docs): minor adjustments to the table docs (#4016)
  • 78c604c perf(b-table): cache cell slot names each render cycle (addresses #4008) (#4011)
  • 5855330 docs(router-links): add more details to `active-class` and `exact-active-class` props (closes #4012) (#4013)
  • 113b802 chore(docs): better ARIA compliant `b-nav` + `b-card` examples (#4006)
  • 332b79f fix(modal): fix scroll to top issue when modal has `no-fade` set (#4004)
  • 3aa78fd chore(deps): update devdependency eslint-config-prettier to ^6.2.0 (#4005)
  • dfabe51 docs(b-nav): add example markup for using vue-router/nuxt-child (closes #3999) (#4000)
  • 464d257 feat(dropdown): add `role=presentation` to `<li>` elements for improved a11y (#3996)
  • 484f012 chore(deps): update devdependency cross-env to ^5.2.1 (#3995)
  • e05cc0d chore(pagination): change `role="none presentation"` to `role="presentation"` (closes #2921) (#3993)
  • f6f73c7 feat(b-table, b-table-lite): use `aria-details` rather than `aria-describedby` when details row showing (addresses #3801) (#3992)
  • 444d8b0 chore(docs): remove duplicate IDs from dropdown examples (#3991)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.


Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic


Learn how to fix vulnerabilities with free interactive lessons:

🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants