Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update dependency @vue/cli-service to v5 #97

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

mend-for-github.aaakk.us.kg[bot]
Copy link

@mend-for-github.aaakk.us.kg mend-for-github.aaakk.us.kg bot commented Apr 24, 2023

This PR contains the following updates:

Package Type Update Change
@vue/cli-service (source) devDependencies major ~4.2.3 -> ~5.0.0

By merging this PR, the below issues will be automatically resolved and closed:

Severity CVSS Score CVE GitHub Issue
Critical 9.8 CVE-2020-7720 #17
Critical 9.8 CVE-2022-0691 #45
Critical 9.8 CVE-2022-29078 #56
Critical 9.8 CVE-2022-37601 #64
Critical 9.8 CVE-2023-42282 #113
Critical 9.8 WS-2021-0153 #55
Critical 9.1 CVE-2022-0686 #46
High 8.6 CVE-2020-7677 #60
High 8.1 CVE-2020-7660 #3
High 8.1 CVE-2022-1650 #57
High 7.8 CVE-2021-43138 #54
High 7.7 CVE-2021-23386 #78
High 7.5 CVE-2020-7662 #21
High 7.5 CVE-2021-23424 #79
High 7.5 CVE-2021-27290 #87
High 7.5 CVE-2021-27290 #87
High 7.5 CVE-2021-28092 #84
High 7.5 CVE-2021-29059 #81
High 7.5 CVE-2021-3803 #82
High 7.5 CVE-2022-24771 #51
High 7.5 CVE-2022-24772 #50
High 7.5 CVE-2022-24999 #71
High 7.5 CVE-2024-37890 #-1
High 7.5 WS-2020-0091 #7
High 7.5 WS-2021-0152 #90
High 7.3 CVE-2020-7774 #19
High 7.3 CVE-2023-26159 #107
High 7.1 CVE-2022-46175 #76
Medium 6.6 WS-2022-0008 #24
Medium 6.5 CVE-2022-0155 #29
Medium 6.1 CVE-2022-0122 #26
Medium 5.3 CVE-2020-28469 #30
Medium 5.3 CVE-2020-7608 #11
Medium 5.3 CVE-2020-7693 #2
Medium 5.3 CVE-2021-23364 #92
Medium 5.3 CVE-2021-23368 #89
Medium 5.3 CVE-2021-23382 #88
Medium 5.3 CVE-2021-27515 #41
Medium 5.3 CVE-2021-29060 #91
Medium 5.3 CVE-2021-32640 #77
Medium 5.3 CVE-2021-3664 #40
Medium 5.3 CVE-2022-0512 #39
Medium 5.3 CVE-2022-0639 #47
Medium 5.3 CVE-2022-24773 #49
Medium 5.3 CVE-2022-25858 #59
Low 3.7 CVE-2017-16137 #104
Low 2.6 CVE-2022-0536 #38

Release Notes

vuejs/vue-cli (@​vue/cli-service)

v5.0.1

Compare Source

Same as 5.0.0.

v4.5.19

Compare Source

IMPORTANT NOTE: IE 11 has reached End-of-Life. The default browserslist query no longer includes IE 11 as a target.
If your project still has to support IE 11, you MUST manually add IE 11 to the last line of the .browserslistrc file in the project (or browserslist field in package.json)

🐛 Bug Fix
  • @vue/babel-preset-app
    • [c7fa1cf] fix: always transpile syntaxes introduced in ES2020 or later, so that optional chaining and nullish coalescing syntaxes won't cause errors in webpack 4 and ESLint 6.
  • @vue/cli-plugin-typescript

v4.5.18

Compare Source

Fix compatibility with the upcoming Vue 2.7 (currently in alpha) and Vue Loader 15.10 (currently in beta).

In Vue 2.7, vue-template-compiler is no longer a required peer dependency. Rather, there's a new export under the main package as vue/compiler-sfc.

v4.5.17

Compare Source

🐛 Bug Fix
  • @vue/cli-shared-utils, @vue/cli-ui
    • d7a9881 fix: replace node-ipc with @achrinza/node-ipc to further secure the dependency chain
Committers: 1

v4.5.16

Compare Source

🐛 Bug Fix
  • @vue/cli-service
    • Fix demo-lib.html and demo-wc.html for Vue 2
  • @vue/cli-shared-utils, @vue/cli-ui
    • Lock node-ipc to v9.2.1

v4.5.15

Compare Source

Bug Fixes
  • fix: set .mjs file type to javascript/auto [15b1e1b]

This change allows an .mjs file to import named exports from .cjs and plain .js files.
Fixes compatibility with pinia.

v4.5.14

Compare Source

Security Fixes

This version fixed a CORS vulnerability and an XSS vulnerability in Vue CLI UI.
We recommend all users of vue ui to upgrade to this version as soon as possible.

Credits:

Ngo Wei Lin (@​Creastery) of STAR Labs (@​starlabs_sg)

v4.5.13

Compare Source

🐛 Bug Fix
Others
Committers: 3

v4.5.12

Compare Source

v4.5.11

Compare Source

🐛 Bug Fix
Committers: 1

v4.5.10

Compare Source

🐛 Bug Fix
  • @vue/cli-plugin-unit-mocha
  • @vue/cli-plugin-unit-mocha, @vue/cli-service
  • @vue/cli-ui
  • @vue/cli-service-global, @vue/cli-service
Committers: 3

v4.5.9

Compare Source

🚀 New Features
Committers: 1

v4.5.8

Compare Source

🐛 Bug Fix
Committers: 2

v4.5.7

Compare Source

🐛 Bug Fix
  • @vue/cli-plugin-babel, @vue/cli-plugin-typescript, @vue/cli-service
  • @vue/cli
  • @vue/cli-plugin-pwa, @vue/cli-service
📝 Documentation
Committers: 4

v4.5.6

Compare Source

🐛 Bug Fix
Committers: 1

v4.5.5

Compare Source

🐛 Bug Fix
🏠 Internal
  • @vue/cli-ui
    • #​3687 perf(ui): improve get folder list to use Promises instead of sync (@​pikax)
🔨 Underlying Tools
  • @vue/babel-preset-app
Committers: 8

v4.5.4

Compare Source

🐛 Bug Fix
Committers: 3

v4.5.3

Compare Source

🐛 Bug Fix
  • @vue/cli-service
  • @vue/cli-plugin-e2e-webdriverio, @vue/cli-plugin-typescript
    • #​5769 fix: add missing mocha type if wdio is not installed along with any unit testing frameworks (@​sodatea)
  • @vue/cli-plugin-typescript
Committers: 1

v4.5.2

Compare Source

🐛 Bug Fix
  • @vue/cli-plugin-typescript
📝 Documentation
  • @vue/babel-preset-app, @vue/cli-plugin-e2e-nightwatch, @vue/cli-plugin-eslint, @vue/cli-plugin-typescript, @vue/cli-service, @vue/cli
🏠 Internal
  • @vue/babel-preset-app, @vue/cli-plugin-e2e-nightwatch, @vue/cli-plugin-eslint, @vue/cli-plugin-typescript, @vue/cli-service, @vue/cli
Committers: 3

v4.5.1

Compare Source

IMPORTANT NOTE: IE 11 has reached End-of-Life. The default browserslist query no longer includes IE 11 as a target.
If your project still has to support IE 11, you MUST manually add IE 11 to the last line of the .browserslistrc file in the project (or browserslist field in package.json)

🐛 Bug Fix
  • @vue/babel-preset-app
    • [c7fa1cf] fix: always transpile syntaxes introduced in ES2020 or later, so that optional chaining and nullish coalescing syntaxes won't cause errors in webpack 4 and ESLint 6.
  • @vue/cli-plugin-typescript

v4.5.0

Compare Source

🚀 New Features
  • @vue/babel-preset-app, @vue/cli-plugin-babel, @vue/cli-plugin-eslint, @vue/cli-plugin-router, @vue/cli-plugin-typescript, @vue/cli-plugin-unit-jest, @vue/cli-plugin-unit-mocha, @vue/cli-plugin-vuex, @vue/cli-service, @vue/cli-test-utils, @vue/cli-ui, @vue/cli
  • @vue/cli-plugin-typescript
  • @vue/cli-service, @vue/cli-test-utils, @vue/cli
  • @vue/cli-plugin-typescript, @vue/cli-service
  • @vue/cli-service, @vue/cli
🐛 Bug Fix
📝 Documentation
🏠 Internal
Committers: 7

v4.4.6

Compare Source

🐛 Bug Fix
📝 Documentation
Committers: 1

v4.4.5

Compare Source

🐛 Bug Fix
  • @vue/cli-service
    • #​5592 fix polyfill injection when building app on multiple threads (@​dtcz)
    • #​5598 fix: fix an edge case that VUE_CLI_SERVICE_CONFIG_PATH might be ignored (@​sodatea)
  • @vue/cli-plugin-e2e-cypress
  • @vue/cli
  • @vue/cli-plugin-e2e-nightwatch
    • #​5528 fix(nightwatch): should not install corresponding webdriver if the browser is unselected (@​sodatea)
🏠 Internal
  • @vue/cli-shared-utils
Committers: 5

v4.4.4

Compare Source

🐛 Bug Fix
  • @vue/cli-plugin-typescript
Committers: 1

v4.4.3

Compare Source

🐛 Bug Fix
🏠 Internal
Committers: 5

v4.4.2

Compare Source

📝 Documentation
  • @vue/cli-plugin-pwa
Committers: 1

v4.4.1

Compare Source

🐛 Bug Fix
📝 Documentation
🏠 Internal
  • @vue/babel-preset-app
Committers: 3

v4.4.0

Compare Source

🚀 New Features
  • @vue/cli
    • #​5498 feat(plugin-api): expose inquirer to prompts.js, allowing custom prompt types (@​sodatea)
  • @vue/cli-service
🐛 Bug Fix
  • @vue/cli-service, @vue/cli-shared-utils
  • @vue/cli-plugin-unit-jest
    • #​5499 fix(unit-jest): fix .vue coverage report when babel plugin is not enabled (@​sodatea)
  • @vue/cli
    • #​5497 fix: allow specifying plugin version when calling vue add (@​sodatea)
    • #​5493 fix(ui): the logs from creator should be displayed in the UI (@​sodatea)
    • #​5472 fix(creator): do not override the README.md generated by plugins (@​sodatea)
    • #​5395 Update ProjectPackageManager.js upgrade() method: manage multiple package names separated by spaces (@​motla)
    • #​5424 fix: normalize the file argument of transformScript, fix Windows compatibility (@​sodatea)
  • @vue/cli-plugin-unit-mocha
  • @vue/cli-service
  • @vue/cli-plugin-eslint
  • @vue/cli-shared-utils
  • @vue/cli-plugin-e2e-nightwatch
📝 Documentation
🏠 Internal
  • @vue/babel-preset-app, @vue/cli-plugin-babel, @vue/cli-plugin-e2e-nightwatch, @vue/cli-plugin-eslint, @vue/cli-plugin-typescript, @vue/cli-plugin-unit-jest, @vue/cli-plugin-unit-mocha, @vue/cli-plugin-vuex, @vue/cli-service, @vue/cli-ui-addon-webpack, @vue/cli-ui, @vue/cli
Committers: 14

v4.3.1

Compare Source

🐛 Bug Fix
  • @vue/cli-plugin-eslint
  • @vue/cli
    • #​5360 fix: run migrator in a separator process, fix require cache issues during upgrade (@​sodatea)
Committers: 1

v4.3.0

Compare Source

🚀 New Features
  • @vue/cli-plugin-unit-mocha
    • #​5294 feat(service): Allow mocha unit tests debugger to be bound to a specified IP and port (@​darrylkuhn)
  • @vue/babel-preset-app
  • @vue/cli-service
  • @vue/cli
  • @vue/cli-plugin-typescript
  • @vue/cli-plugin-eslint, @vue/cli-service-global, @vue/cli-ui-addon-widgets
  • @vue/cli-service, @vue/cli-ui-addon-webpack, @vue/cli-ui-addon-widgets, @vue/cli-ui
  • @vue/cli-plugin-router
🐛 Bug Fix
📝 Documentation
🏠 Internal
🔨 Underlying Tools
  • @vue/cli-plugin-eslint
    • #​5273 chore(eslint): bump minimum required eslint-loader version to support ESLint 6 (@​megos)
Committers: 15

  • If you want to rebase/retry this PR, check this box

@mend-for-github.aaakk.us.kg mend-for-github.aaakk.us.kg bot added the security fix Security fix generated by WhiteSource label Apr 24, 2023
@mend-for-github.aaakk.us.kg mend-for-github.aaakk.us.kg bot changed the title Update dependency @vue/cli-service to v5 Update dependency @vue/cli-service to v5 - autoclosed Jun 14, 2023
@mend-for-github.aaakk.us.kg mend-for-github.aaakk.us.kg bot deleted the whitesource-remediate/vue-cli-service-5.x branch June 14, 2023 19:51
@mend-for-github.aaakk.us.kg mend-for-github.aaakk.us.kg bot changed the title Update dependency @vue/cli-service to v5 - autoclosed Update dependency @vue/cli-service to v5 Jun 19, 2023
@mend-for-github.aaakk.us.kg mend-for-github.aaakk.us.kg bot restored the whitesource-remediate/vue-cli-service-5.x branch June 19, 2023 13:52
@mend-for-github.aaakk.us.kg mend-for-github.aaakk.us.kg bot force-pushed the whitesource-remediate/vue-cli-service-5.x branch from 72a1202 to d04c49c Compare June 19, 2023 13:53
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
security fix Security fix generated by WhiteSource
Projects
None yet
Development

Successfully merging this pull request may close these issues.

0 participants