Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Upgrade vuetify from 1.5.4 to 2.1.12 #9

Merged
merged 1 commit into from
Dec 8, 2019
Merged

[Snyk] Upgrade vuetify from 1.5.4 to 2.1.12 #9

merged 1 commit into from
Dec 8, 2019

Conversation

snyk-bot
Copy link
Contributor

@snyk-bot snyk-bot commented Dec 8, 2019

Snyk has created this PR to upgrade vuetify from 1.5.4 to 2.1.12.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

Warning: This is a major version upgrade, and may be a breaking change.

  • The recommended version is 83 versions ahead of your current version.
  • The recommended version was released 11 days ago, on 2019-11-27.

The recommended version fixes:

Severity Issue
Cross-site Scripting (XSS)
SNYK-JS-VUETIFY-474604
Release notes
Package name: vuetify
  • 2.1.12 - 2019-11-27

    🔧 Bug Fixes

    • styles: add missing ltr() rules (#9649) (8f772a7), closes #7586
    • VBtn: add missing sass variable for text-transform (9cd96a8), closes #8619
    • VBtn: normalize width behavior (426dd02), closes #8699
    • VImg: resolve NaN value when computing normalizedSrc (8d110bf)
    • VItemGroup: apply maximum width for use in flex containers (6362eec), closes #8752
    • VListItem: only apply user-select style when using a link (fbc8ed8), closes #8648
    • VTextField: fix style cascading when combinging multiple style props (fc7b05a), closes #8586
    • VTextField: remove unnecessary margin on filled inputs (130fa8e)
  • 2.1.11 - 2019-11-20

    🔧 Bug Fixes

    • breakpoint: allow 0 value for scrollBarWidth (#9401) (a169612)
    • locale: update Portuguese translation (#9683) (dd3acaf)
    • styles: apply correct opacity for secondary text (#9495) (bdb9f0a), closes #9366
    • transitions: correctly merge event listeners (ad1f6ce), closes #9691
    • types: missing currentTheme in Theme interface (#9697) (b7701dc), closes #9546
    • types: missing VCardSubtitle declaration (2a3d380)
    • VComboBox: disallow items editing when readonly (#9429) (22d1bd7), closes #8867
    • VDataTable: change page when items length decreases (#9634) (18365e0), closes #9010
    • VDataTable: display non-string item values (#8562) (c3789d9), closes #8554
    • VDataTable: items-per-page event should not emit immediately (#9615) (cbcd8e4), closes #9599
    • VDataTable: overlapping text in mobile rows (#9639) (0f84349), closes #8761
    • VDataTable: properly display divider in headers (#9635) (b43716c), closes #8514 #7411
    • VDialog: correct v-card-subtitle positioning (a178ac1), closes #9468
    • VDialog: only emit click:outside once (f11d845), closes #9682
    • VExpansionPanels: outer panels styles cascade to inner panels (#9696) (c27b42d), closes #9692
    • VGrid: add max-width for row in container and fill-height (#9731) (3b4d26c)
    • VList: keep circular ripple on checkboxes in shaped list items (f8f46d5)
    • VSkeletonLoader: avatar is not rounded (#9708) (5f073b5), closes #9447
    • VSlider: disable label in readonly slider (#9709) (89050b9), closes #9660
    • VTreeview: stuttering animation of toggle icon when loading (#9705) (b729afc), closes #9475
  • 2.1.10 - 2019-11-12

    🔧 Bug Fixes

    • grid: allow binding style strings (3279945), closes #8328
    • locale: update Russian translation (#9563) (bbae296)
    • locale: update Ukrainian translation (#9562) (ddb90b1)
    • types: add missing component declarations (#9652) (50e66da),
      closes #9364
    • VBtn: keep border of outlined button when focused (cad50e2), closes #9603
    • VColorPicker: allow null as initial value (#9616) (2246e6b),
      closes #9472
    • VDataTable: revert to non locale sensitive number sort (a54a21d), closes #9515
    • VImg: remove observer once init (1700d57), closes #9490
    • VMenu: only use the activator slot in getActivator if it exists (0c6175f)
    • VMenu: prefer the activator slot over a click event (baeb7ba), closes #6906

    Reverts

    • fix(VDialog): check if element is already focused on focusin event (7ecc216), closes #9144, see #8459
      If you get infinite recursion errors in a dialog, add :retain-focus="false"
  • 2.1.9 - 2019-10-31

    🔧 Bug Fixes

    • VMesssages: apply escapeHTML to provided values (9fd5e0a), closes #9491

    ⚠️ BREAKING CHANGES

    A low impact security vulnerability was identified with the v-messages component. Using the value prop, it was possible to perform an XSS attack.

    NOTICE
    If you are not using HTML for the props rules, messages, hint, success-messages or error-messages, you do not need to do anything.

    All values for v-message are now escaped. This primarily affects inputs as they use v-message for rule and hint output. To accommodate this change, a scoped slot has been added for users who
    need to customize the styling of messages as they will no longer render html.

    Components this fix impacts:

    • v-autocomplete
    • v-checkbox
    • v-combobox
    • v-file-input
    • v-input
    • v-messages
    • v-overflow-btn
    • v-radio-group
    • v-select
    • v-slider
    • v-switch
    • v-textarea
    • v-text-field
    <!-- v2.1.8 -->

    <v-text-field :rules="['<em>Foo<em>']" />

    <!-- v2.1.9  -->

    <v-text-field :rules="['Foo']">
    
<template v-slot:message="{ message, key }">
    
<em :key="key">{{ message }}</em>
    
</template>
    
</v-text-field>

    If you have any questions, please reach out to us in our community, https://community.vuetifyjs.com

  • 2.1.8 - 2019-10-31

    🔧 Bug Fixes

    NOTICE
    A snafu with cherry-picking caused the previous security fix to not make it in. Please see https://github.com/vuetifyjs/vuetify/releases/tag/v2.1.9

  • 2.1.7 - 2019-10-25

    🔧 Bug Fixes

    • locale: update Norwegian translation (#9455) (051399a)
    • VCalendar: escape html of event name (#9387) (283d601)
    • VDataTable: adjust filter & sort functions to use Intl.Collator (#7805) (43adae8), closes #3672 #4622
    • VDialog: fix close on outside click with persist and hide-overlay (#9304) (ba99a45), closes #8697 #8697
    • VFileInput: trigger onInput after value has changed (#9091) (507f1b0), closes #9045
    • VImg: do not lazy load if intersection observer is not supported (22e23e2), closes #9412
    • VLazy: properly show transition on activation (ac7136d)
    • VSwitch/VCheckbox: color not applied if value is 0/false (#9431) (9856ca7)
  • 2.1.6 - 2019-10-22

    🔧 Bug Fixes

    • theme: use new vue-meta api (#9268) (6d829ef)
    • VAlert: remove pointer events from psuedo element (1958333), closes #9407
    • VListItem: fix to misplaced small icon in dense list (#9395) (f5b5e98)
    • VPagination: max length (#9423) (1394b6c)
    • VRangeSlider: allow handles on same value (#9218) (3ab0f67), closes #8756
    • VSkeletonLoader: properly cascade border-radius (74bc901)
    • VTextField: dense filled & outlined (#9403) (2283635)
  • 2.1.5 - 2019-10-17

    🔧 Bug Fixes

    • sass: move global style imports to component variable files (63f128f), closes #9323
    • VAlert: typo in computedIcon (#9390) (15ba83b), closes #9386
  • 2.1.4 - 2019-10-15
  • 2.1.3 - 2019-10-10
  • 2.1.2 - 2019-10-09
  • 2.1.1 - 2019-10-03
  • 2.1.0 - 2019-10-01
  • 2.1.0-beta.1 - 2019-09-26
  • 2.1.0-beta.0 - 2019-09-25
  • 2.0.20 - 2019-10-01
  • 2.0.19 - 2019-09-25
  • 2.0.18 - 2019-09-17
  • 2.0.17 - 2019-09-11
  • 2.0.16 - 2019-09-10
  • 2.0.15 - 2019-09-06
  • 2.0.14 - 2019-09-04
  • 2.0.13 - 2019-09-04
  • 2.0.12 - 2019-09-03
  • 2.0.11 - 2019-08-27
  • 2.0.10 - 2019-08-21
  • 2.0.9 - 2019-08-20
  • 2.0.8 - 2019-08-20
  • 2.0.7 - 2019-08-13
  • 2.0.6 - 2019-08-13
  • 2.0.5 - 2019-08-06
  • 2.0.4 - 2019-08-01
  • 2.0.3 - 2019-07-30
  • 2.0.2 - 2019-07-28
  • 2.0.1 - 2019-07-25
  • 2.0.0 - 2019-07-23
  • 2.0.0-beta.9 - 2019-07-19
  • 2.0.0-beta.8 - 2019-07-16
  • 2.0.0-beta.7 - 2019-07-09
  • 2.0.0-beta.6 - 2019-07-09
  • 2.0.0-beta.5 - 2019-07-02
  • 2.0.0-beta.4 - 2019-06-25
  • 2.0.0-beta.3 - 2019-06-18
  • 2.0.0-beta.2 - 2019-06-11
  • 2.0.0-beta.1 - 2019-06-05
  • 2.0.0-beta.0 - 2019-05-28
  • 2.0.0-alpha.20 - 2019-05-14
  • 2.0.0-alpha.19 - 2019-05-07
  • 2.0.0-alpha.18 - 2019-04-30
  • 2.0.0-alpha.17 - 2019-04-23
  • 2.0.0-alpha.16 - 2019-04-17
  • 2.0.0-alpha.15 - 2019-04-16
  • 2.0.0-alpha.14 - 2019-04-09
  • 2.0.0-alpha.13 - 2019-04-09
  • 2.0.0-alpha.12 - 2019-04-02
  • 2.0.0-alpha.11 - 2019-03-29
  • 2.0.0-alpha.10 - 2019-03-19
  • 2.0.0-alpha.9 - 2019-03-13
  • 2.0.0-alpha.8 - 2019-03-12
  • 2.0.0-alpha.7 - 2019-03-05
  • 2.0.0-alpha.6 - 2019-02-26
  • 2.0.0-alpha.5 - 2019-02-19
  • 2.0.0-alpha.4 - 2019-02-13
  • 2.0.0-alpha.3 - 2019-01-29
  • 2.0.0-alpha.2 - 2019-01-24
  • 2.0.0-alpha.1 - 2019-01-22
  • 2.0.0-alpha.0 - 2019-01-15
  • 1.5.21 - 2019-11-11

    🔧 Bug Fixes

    • VInput: target correct scoped slot for messages (23c355c), closes #9584
  • 1.5.20 - 2019-10-31

    🔧 Bug Fixes

    • VMesssages: apply escapeHTML to provided values (9fd5e0a), closes #9491

    ⚠️ BREAKING CHANGES

    A low impact security vulnerability was identified with the v-messages component. Using the value prop, it was possible to perform an XSS attack.

    NOTICE
    If you are not using HTML for the props rules, messages, hint, success-messages or error-messages, you do not need to do anything.

    All values for v-message are now escaped. This primarily affects inputs as they use v-message for rule and hint output. To accommodate this change, a scoped slot has been added for users who
    need to customize the styling of messages as they will no longer render html.

    Components this fix impacts:

    • v-autocomplete
    • v-checkbox
    • v-combobox
    • v-file-input
    • v-input
    • v-messages
    • v-overflow-btn
    • v-radio-group
    • v-select
    • v-slider
    • v-switch
    • v-textarea
    • v-text-field
    <!-- v1.5.19 -->

    <v-text-field :rules="['<em>Foo<em>']" />

    <!-- v1.5.20 -->

    <v-text-field :rules="['Foo']">
    
<template v-slot:messages="{ message, key }">
    
<em :key="key">{{ message }}</em>
    
</template>
    
</v-text-field>

    If you have any questions, please reach out to us in our community, https://community.vuetifyjs.com

  • 1.5.19 - 2019-10-15
  • 1.5.18 - 2019-08-20
  • 1.5.17 - 2019-08-13
  • 1.5.16 - 2019-06-18
  • 1.5.14 - 2019-04-30
  • 1.5.13 - 2019-04-23
  • 1.5.12 - 2019-04-16
  • 1.5.11 - 2019-04-09
  • 1.5.10 - 2019-04-09
  • 1.5.9 - 2019-04-02
  • 1.5.8 - 2019-03-29
  • 1.5.7 - 2019-03-19
  • 1.5.6 - 2019-03-12
  • 1.5.5 - 2019-03-05
  • 1.5.4 - 2019-02-28
from vuetify GitHub release notes

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

@drakeg drakeg merged commit 1f3a4e0 into master Dec 8, 2019
@johnleider
Copy link

Is it possible to disable these? It's adding to our issues as linked tasked.

@drakeg drakeg deleted the snyk-upgrade-6c04450606011fdec0e28531d929ca1b branch May 26, 2020 21:09
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
3 participants
@snyk-bot @johnleider @drakeg