[Snyk] Upgrade @vuepress/plugin-back-to-top from 1.4.1 to 1.8.2 #1

snyk-bot · 2021-05-10T03:57:05Z

Snyk has created this PR to upgrade @vuepress/plugin-back-to-top from 1.4.1 to 1.8.2.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

The recommended version is 11 versions ahead of your current version.
The recommended version was released 3 months ago, on 2021-02-18.

The recommended version fixes:

Issue	PriorityScore (*)	Exploit Maturity
Prototype Pollution SNYK-JS-Y18N-1021887	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-SSRI-1246392	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-SSRI-1085630	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Arbitrary Code Injection SNYK-JS-SERIALIZEJAVASCRIPT-570062	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Cross-site Scripting (XSS) SNYK-JS-PRISMJS-597628	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-PRISMJS-1076581	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Prototype Pollution SNYK-JS-NODEFORGE-598677	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Prototype Pollution SNYK-JS-LODASH-590103	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Command Injection SNYK-JS-LODASH-1040724	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Prototype Pollution SNYK-JS-INI-1048974	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Cryptographic Issues SNYK-JS-ELLIPTIC-571484	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Prototype Pollution SNYK-JS-AJV-584908	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Prototype Pollution SNYK-JS-YARGSPARSER-560381	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Improper Input Validation SNYK-JS-URLPARSE-1078283	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Denial of Service (DoS) SNYK-JS-SOCKJS-575261	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-ISSVG-1243891	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-ISSVG-1085627	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Cryptographic Issues SNYK-JS-ELLIPTIC-1064899	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-COLORSTRING-1082939	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-BROWSERSLIST-1090194	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: @vuepress/plugin-back-to-top

1.8.2 - 2021-02-18
Bug Fixes
- $default-theme: sidebar groups are not opened when directly navigating to these pages (fix #2564) (#2565) (3ab9fca)
- $markdown: support path without file extension when importing code snippets (#2677) (bb4ae4e)
1.8.1 - 2021-02-11
Bug Fixes
- $core: component CodeGroup loads correctly on clientfix #2711 (#2794) (51277f8)
- $theme-default: override algoliaOptions correctly (ba89f39)
- deps: [security] bump ini from 1.3.5 to 1.3.8 (aeb8dce)
- deps: bump autoprefixer from 9.6.1 to 9.8.6 (775b3de)
- deps: bump vue from 2.6.10 to 2.6.12 (830dd4c)
1.8.0 - 2021-01-05
Bug Fixes
- $plugin-google-analytics: report site base (#2687) (close #2169) (6bbcc69)
- $shared-utils: improve title inference and header extraction for markdown links syntax (d264e50)
- $theme-default: display header-anchor links when using keyboard navigation (#2699) (81cce39)
- Only empty the .temp directory at most once per run (fix #2254) (#2612) (970b434)
Features
- $markdown: make page suffix configurable (close #2452) (#2674) (db16389)
1.7.1 - 2020-10-15
Bug Fixes
- $core: add missing styles for OutboundLink (#2662) (e2b6641)
- $core: reference correct canonical Url frontmatter property (fix #2665) (fbf5e5d)
1.7.0 - 2020-10-13
Bug Fixes
- $core: #2627 Dup ID violates HTML5-4 (#2650) (931e7d9)
- adds accessibility to code-group component (#2630) (35865ec)
- scroll hash encoded when non-english chars are used fix #2633 (#2639) (5fcbd88)
- textlint bug causing PR's to fail checks fix #2636 (#2637) (64e92ca)
Features
- $core: add canonical link to frontmatter (#2658) (ff6c51a)
1.6.0 - 2020-09-25
Features
- $theme-default: add code group and code block components (#2594) (394c4f6)
- $theme-default: inform screen readers link opens in new tab/window (fix #2601) (#2603) (8d10119)
1.5.4 - 2020-08-23
Bug Fixes
- $core: decode regularPath when generate router config (fix #1946) (#1947) (dd26c7c)
- $shared-utils: fix date parse logic for permalinks (#2181) (d4d0380)
- $shared-utils: replace diacritics with regex (#1855) (a03e93d)
- $theme-default: overlap navbar dropdown menus (fix #2227) (#2365) (ceb0fa9)
- $theme-default: remove invalidate aria-labelledby on homepage title(#2277) (94a7de4)
1.5.3 - 2020-08-05
Bug Fixes
- $theme-default: fix editLink for repos hosted on gitlab.com (#2523) (1c3967c)
- add toml dependencyt to shared-utils (b858a6e)
- regular files should not be executable (#2535) (ffb8527)
- $theme-default: improve last-updated text color contrast (#2282) (7ca9fbc)
- allows no rel attribute on external links in the nav (#2338) (b343cd3)
- $core: style loss under build for package that specifies sideEffects: false (fix #2350) (#2471) (7e29900)
- $markdown: line highlighting not working correctly when importing code snippets (#2441) (d0f2e42)
Features
- $theme-default: add initial open group index option (#2408) (465ae40)
1.5.2 - 2020-06-14
Bug Fixes
- $core: check if meta is from head before removing it (#2403) (3c94f71)
- $theme-default: handle algolia search result with Chinese hash (close: #2431) (#2432) (6183840)
Features
- $theme-default: allow 'auto' in defined sidebars (close: #1252) (#2380) (597f83b)
1.5.1 - 2020-06-09
Bug Fixes
- $core: HMR issue caused by chokidar v3 (close: #2392) (#2436) (7e9d0c1)
- $shared-utils: use title variable for homepage (close: #2247) (#2307) (869eb8d)
1.5.0 - 2020-05-11
1.4.1 - 2020-04-15

from @vuepress/plugin-back-to-top GitHub release notes

Commit messages

Package name: @vuepress/plugin-back-to-top

11eed0f build: release version 1.8.2
bb4ae4e fix($markdown): support path without file extension when importing code snippets (#2677)
3ab9fca fix($default-theme): sidebar groups are not opened when directly navigating to these pages (fix #2564) (#2565)
e79c8b7 docs($zh): update custom page class for default theme config (#2719)
f23028e docs: fix typo in Custom Page Class of default theme config (#2725)
843c943 docs($zh): translate register plugin description (#2788)
ce85580 docs: fix broken link for out-of-box plugin references (#2797)
1aceca1 refactor($core): use `some` instead of `filter` when checking route existence (#2751)
3e1f5d8 chore: version 1.8.1 changelog
84649fb build: release version 1.8.1
51277f8 fix($core): component CodeGroup loads correctly on clientfix #2711 (#2794)
50388d9 build: bump vue-server-renderer from 2.6.10 to 2.6.12
ba89f39 fix($theme-default): override algoliaOptions correctly
4893b41 docs: add version filter for algolia search
830dd4c fix(deps): bump vue from 2.6.10 to 2.6.12
77c63d0 chore(deps-dev): bump remark-cli from 7.0.0 to 9.0.0
aeb8dce fix(deps): [security] bump ini from 1.3.5 to 1.3.8
775b3de fix(deps): bump autoprefixer from 9.6.1 to 9.8.6
80c1355 chore(deps-dev): bump textlint-rule-stop-words from 1.0.17 to 2.0.8
df1a750 chore: version 1.8.0 changelog
d2c9e2d build: release version 1.8.0
d264e50 fix($shared-utils): improve title inference and header extraction for markdown links syntax
cd4ad04 docs: remove install guide and add vuepress 2 notice
6bbcc69 fix($plugin-google-analytics): report site base (#2687) (close #2169)

Compare

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

Snyk has created this PR to upgrade @vuepress/plugin-back-to-top from 1.4.1 to 1.8.2. See this package in npm: https://www.npmjs.com/package/@vuepress/plugin-back-to-top See this project in Snyk: https://app.snyk.io/org/baby636/project/f630bc2e-c7a8-402e-ab4d-43aeca90cdaa?utm_source=github&utm_medium=upgrade-pr

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

[Snyk] Upgrade @vuepress/plugin-back-to-top from 1.4.1 to 1.8.2 #1

[Snyk] Upgrade @vuepress/plugin-back-to-top from 1.4.1 to 1.8.2 #1

Uh oh!

snyk-bot commented May 10, 2021

Bug Fixes

Bug Fixes

Bug Fixes

Features

Bug Fixes

Bug Fixes

Features

Features

Bug Fixes

Bug Fixes

Features

Bug Fixes

Features

Bug Fixes

Uh oh!

Uh oh!

[Snyk] Upgrade @vuepress/plugin-back-to-top from 1.4.1 to 1.8.2 #1

Are you sure you want to change the base?

[Snyk] Upgrade @vuepress/plugin-back-to-top from 1.4.1 to 1.8.2 #1

Uh oh!

Conversation

snyk-bot commented May 10, 2021

Snyk has created this PR to upgrade @vuepress/plugin-back-to-top from 1.4.1 to 1.8.2.

Bug Fixes

Bug Fixes

Bug Fixes

Features

Bug Fixes

Bug Fixes

Features

Features

Bug Fixes

Bug Fixes

Features

Bug Fixes

Features

Bug Fixes

Uh oh!

Uh oh!