Skip to content

[Security] Bump semver, vuetify and vite-plugin-vuetify

Dependabot requested to merge dependabot-npm_and_yarn-semver-and-vuetify-and-vite-plugin-vuetify-7.5.4 into master

Bumps semver to 7.5.4 and updates ancestor dependencies semver, vuetify and vite-plugin-vuetify. These dependencies need to be updated together.

Updates semver from 6.3.1 to 7.5.4 This update includes a security fix.

Vulnerabilities fixed

semver vulnerable to Regular Expression Denial of Service Versions of the package semver before 7.5.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the function new Range, when untrusted user data is provided as a range.

Patched versions: 7.5.2 Affected versions: < 7.5.2

Release notes

Sourced from semver's releases.

v7.5.4

7.5.4 (2023-07-07)

Bug Fixes

v7.5.3

7.5.3 (2023-06-22)

Bug Fixes

Documentation

v7.5.2

7.5.2 (2023-06-15)

Bug Fixes

v7.5.1

7.5.1 (2023-05-12)

Bug Fixes

v7.5.0

7.5.0 (2023-04-17)

Features

Bug Fixes

v7.4.0

7.4.0 (2023-04-10)

... (truncated)

Changelog

Sourced from semver's changelog.

7.5.4 (2023-07-07)

Bug Fixes

7.5.3 (2023-06-22)

Bug Fixes

Documentation

7.5.2 (2023-06-15)

Bug Fixes

7.5.1 (2023-05-12)

Bug Fixes

7.5.0 (2023-04-17)

Features

Bug Fixes

7.4.0 (2023-04-10)

Features

... (truncated)

Commits
  • 36cd334 chore: release 7.5.4
  • 8456d87 chore: postinstall for dependabot template-oss PR
  • dde1f00 chore: postinstall for dependabot template-oss PR
  • dffcd1b chore: bump @​npmcli/template-oss from 4.16.0 to 4.17.0
  • d619f66 chore: postinstall for dependabot template-oss PR
  • 3bc4247 chore: bump @​npmcli/template-oss from 4.15.1 to 4.16.0
  • cc6fde2 fix: trim each range set before parsing
  • 99d8287 fix: correctly parse long build ids as valid (#583)
  • 4f0f6b1 chore: fix arguments in whitespace test (#574)
  • 6bd1a37 chore: remove duplicate test in semver class (#575)
  • Additional commits viewable in compare view

Updates vuetify from 3.4.6 to 3.4.7

Release notes

Sourced from vuetify's releases.

v3.4.7

🔧 Bug Fixes

Commits
  • 7a8951c chore(release): publish v3.4.7
  • 553f7d8 fix: update peer dependency ranges
  • 457e1d3 chore(VAutocomplete): fix lint
  • fc3af53 fix(Autocomplete): auto-select-first with disabled result (#18850)
  • 27c3273 fix(VSelect): defined accessibility options (#18828)
  • 5fcdeb0 fix(VCombobox/VAutocomplete): overlap selection when focused (#18817)
  • c64f19a fix(VAutocomplete): use v-model to modify search.value (#18577)
  • 50e48d5 fix(VChip): use button element for closable button (#18571)
  • 2c2b7de fix(VCombobox): remove item on backspace/delete
  • See full diff in compare view

Updates vite-plugin-vuetify from 1.0.2 to 2.0.1

Release notes

Sourced from vite-plugin-vuetify's releases.

v2.0.0

Changelogs for each package are now a separate file in their respective directories: https://github.com/vuetifyjs/vuetify-loader/tree/master/packages

v1.9.2

Bug Fixes

  • auto-import directives with v-on and v-bind (d0e115c), closes #258

v1.9.1

Bug Fixes

v1.9.0

Features

v1.7.3

Bug Fixes

  • add check before calling find on vue rule (#170) (22e2492)
  • add warning when used with asset modules (d5446df)
  • clone rules before adding oneOf (9a99f29), closes #186

v1.7.2

Bug Fixes

v1.7.1

Bug Fixes

v1.7.0

Features

v1.6.0

Bug Fixes

  • don't try to load custom blocks in .vue files (86751a1)
  • handle multiple vue-loader rules (9f0e669), closes #106

... (truncated)

Commits

Dependabot commands
You can trigger Dependabot actions by commenting on this MR
  • $dependabot rebase will rebase this MR
  • $dependabot recreate will recreate this MR rewriting all the manual changes and resolving conflicts

Merge request reports