[Snyk] Upgrade: vue, vue-template-compiler

[snyk-bot]

Snyk has created this PR to upgrade multiple dependencies.

👯‍♂ The following dependencies are linked and will therefore be updated together.

:information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

Name	Versions	Released on
vue from 2.6.12 to 2.6.14	2 versions ahead of your current version	22 days ago on 2021-06-07
vue-template-compiler from 2.6.12 to 2.6.14	2 versions ahead of your current version	22 days ago on 2021-06-07

The recommended version fixes:

Severity	Issue	PriorityScore (*)	Exploit Maturity
	Regular Expression Denial of Service (ReDoS) SNYK-JS-SSRI-1246392	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-SSRI-1085630	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-SSRI-1246392	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-SSRI-1085630	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	No Known Exploit
	Remote Memory Exposure SNYK-JS-DNSPACKET-1293563	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-WS-1296835	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-POSTCSS-1255640	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-POSTCSS-1090595	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-PATHPARSE-1077067	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-ISSVG-1243891	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-ISSVG-1085627	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-HOSTEDGITINFO-1088355	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-COLORSTRING-1082939	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-BROWSERSLIST-1090194	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: vue

• 2.6.14 - 2021-06-07
  

  Bug Fixes

  • types: async Component types (#11906) c52427b, closes #11990
  • v-slot: fix scoped slot normalization combined with v-if (#12104) 38f71de, closes #12102

  Features

  • ssr: vue-ssr-webpack-plugin compatible with webpack 5 (#12002) 80e7730, closes #11718
• 2.6.13 - 2021-06-01
  Read more
• 2.6.12 - 2020-08-20
  

  build: release 2.6.12

from vue GitHub release notes

Package name: vue-template-compiler

• 2.6.14 - 2021-06-07
  

  Bug Fixes

  • types: async Component types (#11906) c52427b, closes #11990
  • v-slot: fix scoped slot normalization combined with v-if (#12104) 38f71de, closes #12102

  Features

  • ssr: vue-ssr-webpack-plugin compatible with webpack 5 (#12002) 80e7730, closes #11718
• 2.6.13 - 2021-06-01
  Read more
• 2.6.12 - 2020-08-20
  

  build: release 2.6.12

from vue-template-compiler GitHub release notes

Commit messages

Package name: vue

• 612fb89 build: release 2.6.14
• 8f6c4c3 build: build 2.6.14
• c52427b fix(types): async Component types (#11906)
• 80e7730 feat(ssr): vue-ssr-webpack-plugin compatible with webpack 5 (#12002)
• 38f71de fix(v-slot): fix scoped slot normalization combined with v-if (#12104)
• 67901e7 test(ssr): add missing test for async component in slot
• 1866033 build: release 2.6.13
• f34f6bb build: build 2.6.13
• f038000 refactor: check is function for fallback slots
• d6ac00f chore: display more oc sponsors on readme [ci skip]
• 0ff1356 chore: fix typo in README.md [ci skip] (#12064)
• f2a6a1b chore: update sponsors [ci skip] (#12054)
• df4e385 chore: fix opencollective silver sponsors in backers.md [ci skip]
• bb9190b build(deps): bump ssri from 6.0.1 to 6.0.2 (#12047)
• e7cf063 chore: update sponsors [ci skip] (#12021)
• e7baaa1 fix(keep-alive): cache what is really needed not the whole VNode data (#12015)
• 2b93e86 fix(types): make $refs undefined possible (#11112)
• 5260830 fix(core): fix sameVnode for async component (#11107)
• e4dea59 fix(errorHandler): async error handling for watchers (#9484)
• 3ad60fe feat(warn): warn computed conflict with methods (#10119)
• c6d7a6f fix(v-on): avoid events with empty keyCode (autocomplete) (#11326)
• ce457f9 fix(slot): add a function to return the slot fallback content (#12014)
• 77b5330 fix: force update between two components with and without slot (#11795)
• af54514 fix: handle async placeholders in normalizeScopedSlot (#11963)

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs