Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore(deps): update devdependency nuxt to v3.4.3 [security] #349

Merged
merged 1 commit into from
Jun 23, 2023
Merged

chore(deps): update devdependency nuxt to v3.4.3 [security] #349

merged 1 commit into from
Jun 23, 2023

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Jun 23, 2023

Mend Renovate

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
nuxt 3.4.2 -> 3.4.3 age adoption passing confidence

GitHub Vulnerability Alerts

CVE-2023-3224

he Nuxt dev server between versions 3.4.0 and 3.4.3 is vulnerable to code injection when it is exposed publicly.

Release Notes

nuxt/nuxt

v3.4.3

Compare Source

3.4.3 is a patch release with the latest bug fixes. 🐞 It is expected that the next release will be v3.5, in approximately two weeks' time.

✅ Upgrading

As usual, our recommendation for upgrading is to run:

nuxi upgrade --force

This will refresh your lockfile as well, and ensures that you pull in updates from other dependencies that Nuxt relies on, particularly in the unjs ecosystem.

👉 Changelog

compare changes

🩹 Fixes
  • nuxt: Don't call timeEnd unless we're debugging (#​20424)
  • nuxt: Use key to force server component re-rendering (#​19911)
  • nuxt: Add basic typings for <ClientOnly> (f1ded44e8)
  • nuxt: Use event.node.req in cookie utility (#​20474)
  • deps: Relax upper node version constraint (#​20472)
  • nuxi,schema: Support devServer.https: true (#​20498)
  • nuxt: Throw 404 when accessing /__nuxt_error directly (#​20497)
  • nuxt: Use callAsync for executing hooks with context (#​20510)
  • nuxt: Improved typing support for app config (#​20526)
  • nuxt: Call app:error in SSR before rendering error page (#​20511)
  • nuxt: Restrict access to single renderer outside of test/rootDir (#​20543)
  • nuxt: Throw errors when running legacy asyncData (#​20535)
  • nuxt: Transform #components imports into direct component imports (#​20547)
  • nuxt: Return RenderResponse for redirects (#​20496)
📖 Documentation
  • Fix typos on docs homepage (#​20456)
  • Update links to vue-router docs (#​20454)
  • Remove RC reference and add link to vue migration build (#​20485)
  • Add cdn proxy section (#​20408)
  • Add a next steps link to first page of migration docs (#​20512)
  • Add custom fetch composable example (#​20115)
  • Adjust wrong link after repo migration (#​20536)
✅ Tests
🤖 CI
  • Publish edge release with provenance (ec1503731)
  • Run release script with node 18 (0d10e9734)
  • Try releasing nuxt-edge with provenance (753c4c2a3)
  • Run nuxt2 nightly release on node 14 again (48c034cf0)
❤️ Contributors

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate. View repository job log here.

@renovate renovate bot merged commit 8a69ddd into main Jun 23, 2023
1 check passed
@renovate renovate bot deleted the renovate/npm-nuxt-vulnerability branch June 23, 2023 06:02
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
chore dependencies
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants