[Snyk] Upgrade vue from 2.5.13 to 2.6.11

[tt9133github]

Snyk has created this PR to upgrade vue from 2.5.13 to 2.6.11.

As this is a private repository, Snyk-bot does not have access. Therefore, this PR has been created automatically, but appears to have been created by a real user.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 26 versions ahead of your current version.
• The recommended version was released 2 months ago, on 2019-12-13.

The recommended version fixes:

Severity	Issue	Exploit Maturity
	Cross-site Scripting (XSS) npm:vue:20180802	No Known Exploit
	Regular Expression Denial of Service (ReDoS) npm:vue:20180222	Proof of Concept

Release notes

Package name: vue

• 2.6.11 - 2019-12-13
  

  Security Fixes

  • Bump vue-server-renderer's dependency of serialize-javascript to 2.1.2

  Bug Fixes

  • types: fix prop constructor type inference (#10779) 4821149, closes #10779
  • fix function expression regex (#9922) 569b728, closes #9922 #9920
  • compiler: Remove the warning for valid v-slot value (#9917) 085d188, closes #9917
  • types: fix global namespace declaration for UMD bundle (#9912) ab50e8e, closes #9912
• 2.6.10 - 2019-03-20
  

  Bug Fixes

  • codegen: support named function expression in v-on (#9709) 3433ba5, closes #9709 #9707
  • core: cleanup timeouts for async components (#9649) 02d21c2, closes #9649 #9648
  • core: only unset dom prop when not present f11449d, closes #9650
  • core: use window.performance for compatibility in JSDOM (#9700) 653c74e, closes #9700 #9698
  • scheduler: revert timeStamp check 22790b2, closes #9729 #9632
  • slots: fix slots not updating when passing down normal slots as $scopedSlots ebc1893, closes #9699
  • types: allow using functions on the PropTypes (#9733) df4af4b, closes #9733 #9692
  • types: support string type for style in VNode data (#9728) 982d5a4, closes #9728 #9727
• 2.6.9 - 2019-03-14
  

  Bug Fixes

  • event timeStamp check for Qt 7591b9d, closes #9681
  • should consider presence of normal slots when caching normalized scoped slots 9313cf9, closes #9644
  • should not swallow user catch on rejected promise in methods 7186940, closes #9694
  • should use fallback for scoped slots with single falsy v-if 781c705, closes #9658
  • ssr: not push non-async css files into map (#9677) d282400, closes #9677
  • v-bind object should be overridable by single bindings (#9653) 0b57380, closes #9653 #9641
  • compiler: whitespace: 'condense' should honor pre tag as well (#9660) f1bdd7f, closes #9660
  • scheduler: fix getNow check in IE9 (#9647) da77d6a, closes #9647 #9632
  • scheduler: getNow detection can randomly fail (#9667) ef2a380, closes #9667
  • ssr: fix nested async functional componet rendering (#9673) 8082d2f, closes #9673 #9643
  • transition: fix appear check for transition wrapper components (#9668) 4de4649, closes #9668
• 2.6.8 - 2019-03-01
  

  Bug Fixes

  • avoid compression of unicode sequences by using regexps (#9595) 7912f75, closes #9595 #9456
  • fix modifier parsing for dynamic argument with deep path (#9585) 060c3b9, closes #9585 #9577
  • further adjust max stack size 571a488, closes #9562
  • handle async component when parent is toggled before resolve (#9572) ed34113, closes #9572 #9571
  • scoped slots dynamic check should include v-for on element itself 2277b23, closes #9596
  • compiler: set end location for incomplete elements (#9598) cbad54a, closes #9598
  • types: allow scoped slots to return a single VNode (#9563) 241eea1, closes #9563
  • types: update this for nextTick api (#9541) f333016, closes #9541
• 2.6.7 - 2019-02-21
  

  Bug Fixes

  • avoid errors thrown during dom props update 8a80a23, closes #9459
  • avoid possible infinite loop by accessing observables in error handler (#9489) ee29e41, closes #9489
  • ensure generated scoped slot code is compatible with 2.5 7ec4627, closes #9545
  • ensure scoped slots update in conditional branches d9b27a9, closes #9534
  • scoped slots should update when inside v-for 8f004ea, closes #9506
  • #9511: avoid promise catch multiple times (#9526) 2f3020e, closes #9511 #9526 #9511 #9511 #9511
  • compiler: handle negative length in codeframe repeat 7a8de91
• 2.6.6 - 2019-02-12
  

  Bug Fixes

  • ensure scoped slot containing passed down slot content updates properly 21fca2f
  • fix keyCode check for Chrome autofill fake key events 29c348f, closes #9441
• 2.6.5 - 2019-02-11
  

  Bug Fixes

  • allow passing multiple arguments to scoped slot e7d49cd, closes #9468
  • bail out of event blocking for iOS bug 0bad7e2, closes #9462
  • do not cache scoped slots when mixed with normal slots 060686d
• 2.6.4 - 2019-02-08
  

  Performance Improvements

  • cache result from functional ctx.slots() calls 7a0dfd0
  • skip scoped slots normalization when possible 099f3ba

  Bug Fixes

  • avoid breaking avoriaz edge case 9011b83
  • avoid logging same error twice when thrown by user in global handler ca57920, closes #9445
  • empty scoped slot should return undefined 57bc80a, closes #9452
  • expose v-slot slots without scope on this.$slots 0e8560d, closes #9421 #9458
  • new syntax slots without scope should also be exposed on functional slots() 8a80086
• 2.6.3 - 2019-02-06
  

  Bug Fixes

  • async component should use render owner as force update context b9de23b, closes #9432
  • avoid exposing internal flags on $scopedSlots 24b4640, closes #9443
  • bail out scoped slot optimization when there are nested scopes 4d4d22a, closes #9438
  • compiler: fix v-bind dynamic arguments on slot outlets 96a09aa, closes #9444
  • types: add Vue.version to types (#9431) 54e6a12, closes #9431
  • skip microtask fix if event is fired from different document dae7e41, closes #9448
  • skip microtask fix in Firefix <= 53 7bc88f3, closes #9446

  Reverts

  • revert: expose all scoped slots on this.$slots d5ade28
• 2.6.2 - 2019-02-05
  

  Improvements

  • Reverted in 2.6.3 expose all scoped slots on this.$slots. 0129b0e, closes #9421

  Bug Fixes

  • always set transformed model value on attrs b034abf (Fixes v-select issue in Vuetify)
  • restore slot-scope + v-if behavior 44a4ca3, closes #9422
• 2.6.1 - 2019-02-04
• 2.6.0 - 2019-02-04
• 2.6.0-beta.3 - 2019-01-30
• 2.6.0-beta.2 - 2019-01-26
• 2.6.0-beta.1 - 2019-01-16
• 2.5.22 - 2019-01-11
• 2.5.21 - 2018-12-11
• 2.5.20 - 2018-12-10
• 2.5.19 - 2018-12-09
• 2.5.18 - 2018-12-07
• 2.5.18-beta.0 - 2018-12-02
• 2.5.17 - 2018-08-01
• 2.5.17-beta.0 - 2018-03-23
• 2.5.16 - 2018-03-13
• 2.5.15 - 2018-03-10
• 2.5.14 - 2018-03-09
• 2.5.13 - 2017-12-19

from vue GitHub release notes

Commit messages

Package name: vue

• ec78fc8 build: release 2.6.11
• a98048f build: build 2.6.11
• fc41f91 chore: update yarn.lock
• 70429c3 build(deps-dev): bump serialize-javascript from 1.3.0 to 2.1.2 (#10914)
• 9fbd416 chore: update sponsors [ci skip] (#10896)
• a974022 chore: update backers [ci skip] (#10895)
• 6b4c0f9 chore: typo in comment
• fd0eaf9 chore: update sponsors [ci skip] (#10841)
• 2c6a827 chore: update sponsors [ci skip] (#10821)
• f796ab4 chore: update sponsors [ci skip] (#10800)
• 276c082 chore: update backers [ci skip] (#10799)
• 4821149 fix(types): fix prop constructor type inference (#10779)
• 9f5563c chore: update sponsors [ci skip]
• b805a19 build(deps-dev): bump lodash.template from 4.4.0 to 4.5.0 (#10636)
• bd47e5b build(deps-dev): bump lodash from 4.17.11 to 4.17.13 (#10635)
• fd42082 build(deps): bump ecstatic from 3.3.0 to 3.3.2 (#10634)
• fa55a20 build(deps): bump handlebars from 4.0.12 to 4.4.3 (#10633)
• d1164f1 chore: Fastcoding Inc broken icon [ci skip] (#10638)
• 3c90820 build(deps): bump js-yaml from 3.12.1 to 3.13.1 (#10632)
• 3bc7322 build(deps): bump mixin-deep from 1.3.1 to 1.3.2 (#10631)
• 0645fe6 build(deps): bump eslint-utils from 1.3.1 to 1.4.2 (#10630)
• b885e1e chore: update sponsors [ci skip] (#10750)
• d7d8ff0 chore: fix typo in `next-tick.js` comment (#10607)
• e8ca21f chore: fix sponsor link

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

[//]: # (snyk:metadata:{"dependencies":[{"name":"vue","from":"2.5.13","to":"2.6.11"}],"packageManager":"npm","type":"auto","projectUrl":"https://app.snyk.io/org/t438879/project/33205a16-c8fe-4fd9-a2c7-8f6880a0d475?utm_source=github&utm_medium=upgrade-pr","projectPublicId":"33205a16-c8fe-4fd9-a2c7-8f6880a0d475","env":"prod","prType":"upgrade","vulns":["npm:vue:20180802","npm:vue:20180222"],"issuesToFix":[{"issueId":"npm:vue:20180802","severity":"medium","title":"Cross-site Scripting (XSS)","exploitMaturity":"no-known-exploit"},{"issueId":"npm:vue:20180222","severity":"low","title":"Regular Expression Denial of Service (ReDoS)","exploitMaturity":"proof-of-concept"}],"upgrade":["npm:vue:20180802","npm:vue:20180222"],"upgradeInfo":{"versionsDiff":26,"publishedDate":"2019-12-13T19:58:51.873Z"},"templateVariants":[],"hasFixes":true,"isMajorUpgrade":false,"isBreakingChange":false})