[Security] Bump semver, vuetify and vite-plugin-vuetify
Bumps semver to 7.5.4 and updates ancestor dependencies semver, vuetify and vite-plugin-vuetify. These dependencies need to be updated together.
Updates semver
from 6.3.1 to 7.5.4 This update includes a security fix.
Vulnerabilities fixed
semver vulnerable to Regular Expression Denial of Service Versions of the package semver before 7.5.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the function new Range, when untrusted user data is provided as a range.
Patched versions: 7.5.2 Affected versions: < 7.5.2
Release notes
Sourced from semver's releases.
v7.5.4
7.5.4 (2023-07-07)
Bug Fixes
cc6fde2
#588 trim each range set before parsing (@lukekarrys
)99d8287
#583 correctly parse long build ids as valid (#583) (@lukekarrys
)v7.5.3
7.5.3 (2023-06-22)
Bug Fixes
abdd93d
#571 set max lengths in regex for numeric and build identifiers (#571) (@lukekarrys
)Documentation
v7.5.2
7.5.2 (2023-06-15)
Bug Fixes
58c791f
#566 diff when detecting major change from prerelease (#566) (@lukekarrys
)5c8efbc
#565 preserve build in raw after inc (#565) (@lukekarrys
)717534e
#564 better handling of whitespace (#564) (@lukekarrys
)v7.5.1
7.5.1 (2023-05-12)
Bug Fixes
d30d25a
#559 show type on invalid semver error (#559) (@tjenkinson
)v7.5.0
7.5.0 (2023-04-17)
Features
503a4e5
#548 allow identifierBase to be false (#548) (@lsvalina
)Bug Fixes
e219bb4
#552 throw on bad version with correct error message (#552) (@wraithgar
)fc2f3df
#546 incorrect results from diff sometimes with prerelease versions (#546) (@tjenkinson
)2781767
#547 avoid re-instantiating SemVer during diff compare (#547) (@macno
)v7.4.0
7.4.0 (2023-04-10)
... (truncated)
Changelog
Sourced from semver's changelog.
7.5.4 (2023-07-07)
Bug Fixes
cc6fde2
#588 trim each range set before parsing (@lukekarrys
)99d8287
#583 correctly parse long build ids as valid (#583) (@lukekarrys
)7.5.3 (2023-06-22)
Bug Fixes
abdd93d
#571 set max lengths in regex for numeric and build identifiers (#571) (@lukekarrys
)Documentation
7.5.2 (2023-06-15)
Bug Fixes
58c791f
#566 diff when detecting major change from prerelease (#566) (@lukekarrys
)5c8efbc
#565 preserve build in raw after inc (#565) (@lukekarrys
)717534e
#564 better handling of whitespace (#564) (@lukekarrys
)7.5.1 (2023-05-12)
Bug Fixes
d30d25a
#559 show type on invalid semver error (#559) (@tjenkinson
)7.5.0 (2023-04-17)
Features
503a4e5
#548 allow identifierBase to be false (#548) (@lsvalina
)Bug Fixes
e219bb4
#552 throw on bad version with correct error message (#552) (@wraithgar
)fc2f3df
#546 incorrect results from diff sometimes with prerelease versions (#546) (@tjenkinson
)2781767
#547 avoid re-instantiating SemVer during diff compare (#547) (@macno
)7.4.0 (2023-04-10)
Features
113f513
#532 identifierBase parameter for .inc (#532) (@wraithgar
,@b-bly
)48d8f8f
#530 export new RELEASE_TYPES constant (@hcharley
)
... (truncated)
Commits
-
36cd334
chore: release 7.5.4 -
8456d87
chore: postinstall for dependabot template-oss PR -
dde1f00
chore: postinstall for dependabot template-oss PR -
dffcd1b
chore: bump@npmcli/template-oss
from 4.16.0 to 4.17.0 -
d619f66
chore: postinstall for dependabot template-oss PR -
3bc4247
chore: bump@npmcli/template-oss
from 4.15.1 to 4.16.0 -
cc6fde2
fix: trim each range set before parsing -
99d8287
fix: correctly parse long build ids as valid (#583) -
4f0f6b1
chore: fix arguments in whitespace test (#574) -
6bd1a37
chore: remove duplicate test in semver class (#575) - Additional commits viewable in compare view
Updates vuetify
from 3.4.6 to 3.4.7
Release notes
Sourced from vuetify's releases.
v3.4.7
🔧 Bug Fixes
- update peer dependency ranges (553f7d8), closes #18856
- Autocomplete: auto-select-first with disabled result (#18850) (fc3af53), closes #18839
- VAutocomplete: use v-model to modify search.value (#18577) (c64f19a), closes #18494
- VChip: use button element for closable button (#18571) (50e48d5), closes #18547
- VCombobox: remove item on backspace/delete (2c2b7de), closes #18833
- VCombobox/VAutocomplete: overlap selection when focused (#18817) (5fcdeb0), closes #18796
- VSelect: defined accessibility options (#18828) (27c3273), closes #18495
Commits
-
7a8951c
chore(release): publish v3.4.7 -
553f7d8
fix: update peer dependency ranges -
457e1d3
chore(VAutocomplete): fix lint -
fc3af53
fix(Autocomplete): auto-select-first with disabled result (#18850) -
27c3273
fix(VSelect): defined accessibility options (#18828) -
5fcdeb0
fix(VCombobox/VAutocomplete): overlap selection when focused (#18817) -
c64f19a
fix(VAutocomplete): use v-model to modify search.value (#18577) -
50e48d5
fix(VChip): use button element for closable button (#18571) -
2c2b7de
fix(VCombobox): remove item on backspace/delete - See full diff in compare view
Updates vite-plugin-vuetify
from 1.0.2 to 2.0.1
Release notes
Sourced from vite-plugin-vuetify's releases.
v2.0.0
Changelogs for each package are now a separate file in their respective directories: https://github.com/vuetifyjs/vuetify-loader/tree/master/packages
v1.9.2
Bug Fixes
v1.9.1
Bug Fixes
- expand sharp peerDependency version (fd2bd7f), closes #253
- load external templates (#251) (33a75b6), closes #250
- support pug 3 (#254) (6185962)
v1.9.0
Features
v1.7.3
Bug Fixes
- add check before calling find on vue rule (#170) (22e2492)
- add warning when used with asset modules (d5446df)
- clone rules before adding oneOf (9a99f29), closes #186
v1.7.2
Bug Fixes
v1.7.1
Bug Fixes
v1.7.0
Features
v1.6.0
Bug Fixes
... (truncated)
Commits
-
13548af
chore: release -
9683bf5
fix: support node 18 -
c396176
chore: release -
55ead16
feat: allow labs auto-import -
d1b3ae7
docs: remove styles:expose from readme -
1328d49
feat: add autoImport ignore option (#323) -
8cc31a8
fix: update transformAssetUrls -
34a03c1
feat: add esm build -
c43dc80
feat: removestyles: 'expose'
-
c4ead73
chore: update branches - Additional commits viewable in compare view
Dependabot commands
You can trigger Dependabot actions by commenting on this MR
-
$dependabot rebase
will rebase this MR -
$dependabot recreate
will recreate this MR rewriting all the manual changes and resolving conflicts