[Snyk] Upgrade: , vue, , , , autoprefixer, bootstrap, bootstrap-icons-vue, css-loader, dashjs, icecast-metadata-player, laravel-echo, moment, patch-package, sass, sass-loader, socket.io-client, vue-router

[xorinzor]

Snyk has created this PR to upgrade multiple dependencies.

👯 The following dependencies are linked and will therefore be updated together.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

Name	Versions	Released on

@babel/core
from 7.22.6 to 7.25.2 | 27 versions ahead of your current version | a month ago
on 2024-07-30
vue
from 3.4.35 to 3.4.38 | 3 versions ahead of your current version | a month ago
on 2024-08-15
@apollo/client
from 3.11.2 to 3.11.4 | 2 versions ahead of your current version | a month ago
on 2024-08-07
@vue/apollo-composable
from 4.0.2 to 4.2.0 | 2 versions ahead of your current version | 23 days ago
on 2024-08-19
@vue/compiler-sfc
from 3.4.35 to 3.4.38 | 3 versions ahead of your current version | a month ago
on 2024-08-15
autoprefixer
from 10.4.14 to 10.4.20 | 6 versions ahead of your current version | a month ago
on 2024-08-02
bootstrap
from 5.3.2 to 5.3.3 | 1 version ahead of your current version | 7 months ago
on 2024-02-20
bootstrap-icons-vue
from 1.11.1 to 1.11.3 | 1 version ahead of your current version | 8 months ago
on 2024-01-26
css-loader
from 6.8.1 to 6.11.0 | 4 versions ahead of your current version | 5 months ago
on 2024-04-03
dashjs
from 4.7.2 to 4.7.4 | 2 versions ahead of your current version | 7 months ago
on 2024-02-20
icecast-metadata-player
from 1.17.1 to 1.17.3 | 2 versions ahead of your current version | 4 months ago
on 2024-05-13
laravel-echo
from 1.15.3 to 1.16.1 | 2 versions ahead of your current version | 5 months ago
on 2024-04-09
moment
from 2.29.4 to 2.30.1 | 2 versions ahead of your current version | 8 months ago
on 2023-12-27
patch-package
from 7.0.1 to 7.0.2 | 1 version ahead of your current version | a year ago
on 2023-07-12
sass
from 1.63.3 to 1.77.8 | 36 versions ahead of your current version | 2 months ago
on 2024-07-11
sass-loader
from 13.3.2 to 13.3.3 | 1 version ahead of your current version | 9 months ago
on 2023-12-25
socket.io-client
from 4.7.2 to 4.7.5 | 3 versions ahead of your current version | 6 months ago
on 2024-03-14
vue-router
from 4.4.2 to 4.4.3 | 1 version ahead of your current version | a month ago
on 2024-08-06

Issues fixed by the recommended upgrade:

	Issue	Score	Exploit Maturity
	Inefficient Regular Expression Complexity SNYK-JS-MICROMATCH-6838728	375	No Known Exploit

Release notes

Package name: @babel/core

• 7.25.2 - 2024-07-30
  

  v7.25.2 (2024-07-30)

  🐛 Bug Fix

  • babel-core, babel-traverse
    • #16695 Ensure that requeueComputedKeyAndDecorators is available (@ nicolo-ribaudo)

  Committers: 2

  • Huáng Jùnliàng (@ JLHwung)
  • Nicolò Ribaudo (@ nicolo-ribaudo)
• 7.24.9 - 2024-07-15
  

  v7.24.9 (2024-07-15)

  🐛 Bug Fix

  • babel-core, babel-standalone
    • #16639 Avoid require() call in @ babel/standalone bundle (@ nicolo-ribaudo)
  • babel-types
    • #16638 fix: provide legacy typings for TS < 4.1 (@ JLHwung)

  💅 Polish

  • babel-generator, babel-plugin-transform-optional-chaining
    • #16617 Avoid extra parens in TS as/satisfies (@ nicolo-ribaudo)

  🏠 Internal

  • babel-helper-module-transforms
    • #16629 Lazy top-level initializations for module transforms (@ guybedford)

  Committers: 5

  • Babel Bot (@ babel-bot)
  • Guy Bedford (@ guybedford)
  • Huáng Jùnliàng (@ JLHwung)
  • Nicolò Ribaudo (@ nicolo-ribaudo)
  • @ liuxingbaoyu
• 7.24.8 - 2024-07-11
• 7.24.7 - 2024-06-05
• 7.24.6 - 2024-05-24
• 7.24.5 - 2024-04-29
• 7.24.4 - 2024-04-03
• 7.24.3 - 2024-03-20
• 7.24.1 - 2024-03-19
• 7.24.0 - 2024-02-28
• 7.23.9 - 2024-01-25
• 7.23.7 - 2023-12-29
• 7.23.6 - 2023-12-11
• 7.23.5 - 2023-11-29
• 7.23.3 - 2023-11-09
• 7.23.2 - 2023-10-12
• 7.23.0 - 2023-09-25
• 7.22.20 - 2023-09-16
• 7.22.19 - 2023-09-14
• 7.22.18 - 2023-09-14
• 7.22.17 - 2023-09-08
• 7.22.15 - 2023-09-04
• 7.22.11 - 2023-08-24
• 7.22.10 - 2023-08-07
• 7.22.9 - 2023-07-12
• 7.22.8 - 2023-07-06
• 7.22.7 - 2023-07-06
• 7.22.6 - 2023-07-04

from @babel/core GitHub release notes

Package name: vue

• 3.4.38 - 2024-08-15
  

  For stable releases, please refer to CHANGELOG.md for details.
  For pre-releases, please refer to CHANGELOG.md of the minor branch.

• 3.4.37 - 2024-08-08
  

  For stable releases, please refer to CHANGELOG.md for details.
  For pre-releases, please refer to CHANGELOG.md of the minor branch.

• 3.4.36 - 2024-08-06
  

  For stable releases, please refer to CHANGELOG.md for details.
  For pre-releases, please refer to CHANGELOG.md of the minor branch.

• 3.4.35 - 2024-07-31
  

  For stable releases, please refer to CHANGELOG.md for details.
  For pre-releases, please refer to CHANGELOG.md of the minor branch.

from vue GitHub release notes

Package name: @apollo/client

• 3.11.4 - 2024-08-07
  

  Patch Changes

  • #11994 41b17e5 Thanks @ jerelmiller! - Update the Modifier function type to allow cache.modify to return deeply partial data.

  • #11989 e609156 Thanks @ phryneas! - Fix a potential crash when calling clearStore while a query was running.

    Previously, calling client.clearStore() while a query was running had one of these results:

    • useQuery would stay in a loading: true state.
    • useLazyQuery would stay in a loading: true state, but also crash with a "Cannot read property 'data' of undefined" error.

    Now, in both cases, the hook will enter an error state with a networkError, and the promise returned by the useLazyQuery execute function will return a result in an error state.

  • #11994 41b17e5 Thanks @ jerelmiller! - Prevent accidental distribution on cache.modify field modifiers when a field is a union type array.

• 3.11.3 - 2024-08-05
  

  Patch Changes

  • #11984 5db1659 Thanks @ jerelmiller! - Fix an issue where multiple fetches with results that returned errors would sometimes set the data property with an errorPolicy of none.

  • #11974 c95848e Thanks @ jerelmiller! - Fix an issue where fetchMore would write its result data to the cache when using it with a no-cache fetch policy.

  • #11974 c95848e Thanks @ jerelmiller! - Fix an issue where executing fetchMore with a no-cache fetch policy could sometimes result in multiple network requests.

  • #11974 c95848e Thanks @ jerelmiller! -

    Potentially disruptive change

    When calling fetchMore with a query that has a no-cache fetch policy, fetchMore will now throw if an updateQuery function is not provided. This provides a mechanism to merge the results from the fetchMore call with the query's previous result.

• 3.11.2 - 2024-07-31
  

  Patch Changes

  • #11980 38c0a2c Thanks @ jerelmiller! - Fix missing getServerSnapshot error when using useSubscription on the server.

from @apollo/client GitHub release notes

Package name: @vue/apollo-composable

• 4.2.0 - 2024-08-19
  

  🚀 Enhancements

  • Add updateQuery to useQuery (#1552)

  🩹 Fixes

  • UseMutations onDone Event hook gets triggered too early (#1559)
  • (@ vue/apollo-option) memory leak in wrapped ssrRender (#1553)
  • Reuse previous result, fix #1483 (#1569, #1483)
  • ResolveClient throwing too soon, fix #1557 (#1570, #1557)

  📖 Documentation

  • Add github link to documentation (#1549)
  • Note about continuous releases (51e09e7)

  🏡 Chore

  • Switch some tests to script setup (c8e5106)

  🤖 CI

  • Nightly releases (319f6ec)

  ❤️ Contributors

  • Guillaume Chau (@ Akryum)
  • Matt Garrett [email protected]
  • Mobsean (@ mobsean)
  • Leonardo Santos (@ syllomex)
  • Alex Liu (@ Mini-ghost)
• 4.1.0 - 2024-08-14
  

  🩹 Fixes

  • Change teardown to use onScopeDispose (#1545)

  📖 Documentation

  • useQuery: Document refetch with new variables (#1564)

  🏡 Chore

  • Updqte pnpm to v9 (827ea6e)

  ✅ Tests

  • UseSubscription (0f5ae61)
  • Fix subscription test (#1547)

  🤖 CI

  • Update versions (fe66840)

  ❤️ Contributors

  • Guillaume Chau (@ Akryum)
  • Nick Messing (@ nickmessing)
• 4.0.2 - 2024-03-08
  

  🩹 Fixes

  • Use shallowRef on result & error (08f0fcd)

  📖 Documentation

  • Remove mentions of fetchResults, fix #1060 (#1060)

  ❤️ Contributors

  • Guillaume Chau (@ Akryum)

from @vue/apollo-composable GitHub release notes

Package name: @vue/compiler-sfc

• 3.4.38 - 2024-08-15
  

  For stable releases, please refer to CHANGELOG.md for details.
  For pre-releases, please refer to CHANGELOG.md of the minor branch.

• 3.4.37 - 2024-08-08
  

  For stable releases, please refer to CHANGELOG.md for details.
  For pre-releases, please refer to CHANGELOG.md of the minor branch.

• 3.4.36 - 2024-08-06
  

  For stable releases, please refer to CHANGELOG.md for details.
  For pre-releases, please refer to CHANGELOG.md of the minor branch.

• 3.4.35 - 2024-07-31
  

  For stable releases, please refer to CHANGELOG.md for details.
  For pre-releases, please refer to CHANGELOG.md of the minor branch.

from @vue/compiler-sfc GitHub release notes

Package name: autoprefixer

• 10.4.20 - 2024-08-02
  
  • Fixed fit-content prefix for Firefox.
• 10.4.19 - 2024-03-20
  
  • Removed end value has mixed support, consider using flex-end warning since end/start now have good support.
• 10.4.18 - 2024-03-01
  
  • Fixed removing -webkit-box-orient on -webkit-line-clamp (@ Goodwine).
• 10.4.17 - 2024-01-17
  
  • Fixed user-select: contain prefixes.
• 10.4.16 - 2023-09-20
  
  • Improved performance (by @ romainmenke).
  • Fixed docs (by @ coliff).
• 10.4.15 - 2023-08-13
  
  • Fixed ::backdrop prefixes (by @ yisibl).
  • Fixed docs (by @ coliff).
• 10.4.14 - 2023-03-09
  
  • Improved startup time and reduced JS bundle size (by @ Knagis).

from autoprefixer GitHub release notes

Package name: bootstrap

• 5.3.3 - 2024-02-20
  

  Highlights

  • Fixed a breaking change introduced with color modes where it was required to manually import variables-dark.scss when building Bootstrap with Sass. Now, _variables.scss will automatically import _variables-dark.scss. If you were already importing _variables-dark.scss manually, you should keep doing it as it won't break anything and will be the way to go in v6.
  • Fixed a regression in the selector engine that wasn't able to handle multiple IDs anymore.

  Color modes

  • Badges now use the .text-bg-* text utilities to be certain that the text is always readable (especially when the customized colors are different in light and dark modes).
  • Fixed our color-modes.js script to handle the case where the OS is set to light mode and the auto color mode is used on the website. If you copied the script from our docs, you should apply this change to your own script.
  • Fixed color schemes description in the color modes documentation to show that color-scheme() only accept light and dark values as parameters.

  Miscellaneous

  • Allowed <dl>, <dt> and <dd> in the sanitizer.
  • Dropped evenly items distribution for modal and offcanvas headers.
  • Fixed the accordion CSS selectors to avoid inheritance issues when nesting accordions.
  • Fixed the focus box-shadow for the validation stated form controls.
  • Fixed the focus ring on focused checked buttons.
  • Fixed the product example mobile navbar toggler.
  • Changed the RTL processing of carousel control icons.

  ---

  🎨 CSS

  • #37508: Use child combinators to avoid inheriting parent accordion's flush styles
  • #38719: Fix focus box-shadow for validation stated form-controls
  • #38884: fix border-radius on radio-switch
  • #39294: Tests: update navbar in visual modal test
  • #39373: refactor css: modal and offcanvas header spacing
  • #39380: Fix Sass compilation breaking change in v5.3
  • #39387: docs: fix typo
  • #39411: Optimize the accordion icon
  • #39497: Fix a typo
  • #39536: Changed RTL processing of carousel control icons
  • #39560: Drop --bs-accordion-btn-focus-border-color and deprecate $accordion-button-focus-border-color
  • #39595: CSS: Fix the focus ring on focused checked buttons

  ☕️ JavaScript

  • #39201: Selector Engine: fix multiple IDs
  • #39224: Fix edge case in color-mode.js
  • #39376: Allow dl, dt and dd in sanitizer

  📖 Docs

  • #39200: Typo Fix
  • #39214: Doc: use .text-bg-{color} for all badges
  • #39246: Docs: fix for example code blocks have unnecessary 30px right-margin
  • #39249: Doc: consistent rendering of 'Heads up!' callouts
  • #39281: Fix getOrCreateInstance() doc example
  • #39293: Update background.md
  • #39304: Doc: add expanded accordion explanation
  • #39320: Drop .table-light from table foot example
  • #39340: Doc: add dispose() to Offcanvas methods
  • #39378: Docs: fix sentence in modal
  • #39417: Fix color schemes description in Sass customization documentation
  • #39418: Docs: change vite config path import in vite guide
  • #39435: Docs: add shift-color() usage example in sass customization page
  • #39458: Docs: enhance .card-img-* description
  • #39503: Minor image compression improvements
  • #39519: Docs: use consistent HTML elements in Utilities -> Background page
  • #39520: Docs: drop unused .theme-icon class
  • #39528: docs: clean up example.html
  • #39537: Docs: fix desc around deprecated Sass mixins for alerts and list groups
  • #39539: Update links on get-started page
  • #39592: Update vite.md
  • #39604: Fix typo in 'media-breakpoint-between' in migration docs
  • #39617: Docs: add missing comma in native font stack code source in Content -> Reboot
  • #39663: updated table to be responsive

  🛠 Examples

  • #39657: Fix product example mobile navbar toggler
  • #39585: Docs: Add missing type="button" to Cheatsheet nav buttons

  🏭 Tests

  • #39294: Tests: update navbar in visual modal test

  🧰 Misc

  • #39096: CI: stop running coveralls in forks
  • #39501: CI: switch to Node.js 20

  📦 Dependencies

  • Updated numerous devDependencies
• 5.3.2 - 2023-09-14
  

  Highlights

  • Passing a percentage unit to the global abs() is deprecated since Dart Sass v1.65.0. It resulted in a deprecation warning when compiling Bootstrap with Dart Sass. This has been fixed internally by changing the values passed to the divide() function. The divide() function has not been fixed itself so that we can keep supporting node-sass cross-compatibility. In v6, this won't be an issue as we plan to drop support for node-sass.
  • Using multiple ids in a collapse target wasn't working anymore and has been fixed.

  Color modes

  • Increased color contrast of form range track background in light and dark modes.
  • Fixed table state rendering for color modes with a focus on the striped table in dark mode to increase color contrast.
  • Allow <mark> color customization for color modes.

  Docs

  • Added alternative CDNs section in Getting started -> Download.
  • Added Discord and Bootstrap subreddit links in README and Getting started -> Introduction:
    • Discord maintained by the community
    • Bootstrap subreddit

  ---

  🎨 CSS

  • #38816: Use box-shadow CSS variables shadow utilities
  • #38955: Fix radios looking like ellipse on responsive mode
  • #38976: Use box-shadow CSS vars instead of Sass vars in assets and variables
  • #39030: Fix dart-sass deprecation warning
  • #39033: Color mode: fix table state rendering
  • #39095: Make form range track background more contrasted
  • #39119: New Sass var $btn-link-focus-shadow-rgb to allow customization
  • #39141: New Sass variable to handle <mark> dark mode bg color

  ☕️ JavaScript

  • #38989: Collapse: Fix multiple ids calls
  • #39046: Dropdown: reuse variable

  📖 Docs

  • #38873: Discord reddit bootstrap
  • #38970: docs: add BootstrapVueNext to docs
  • #38977: Docs: Add missing form elements in focusable elements
  • #38978: Docs: Fix popover template role error
  • #38995: introduction: drop details element
  • #39037: Further improve image compression with oxipng and the latest jpegoptim
  • #39054: Docs: Remove incorrect mention of .left- and .right- utilities from migration guide
  • #39060: Migration: add back v5.0.0 heading
  • #39145: Docs: add warning callout to add a workaround when jsDelivr is not available
  • #39177: Fix: make theme selector tick icon visible when active in examples layout
  • #39179: download: Reword CDN paragraph

  🛠 Examples

  • #38994: examples: update 3rd-party packages
  • #39086: Correct grammar error in examples/starter-template

  🌎 Accessibility

  • #38978: Docs: Fix popover template role error
  • #39095: Make form range track background more contrasted

  🧰 Misc

  • #38983: Improve change-version script
  • #38984: Convert build scripts to ESM
  • #39021: CI: update permissions for calibreapp-image-actions.yml

  📦 Dependencies

  • Updated numerous devDependencies

from bootstrap GitHub release notes

Package name: bootstrap-icons-vue

• 1.11.3 - 2024-01-26
  

  Some small upstream fixes since v1.11.1. (Release notes: v1.11.2 v1.11.3)

  Fixed issue #15 (thanks @ tobiasquadflieg for the contribution)

• 1.11.1 - 2023-10-04
  

  Bootstrap Icons v1.11.0 introduced 100s of new ...

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarCloud