build(deps): bump serialize-javascript and nuxt in /examples/integration/contentful #155

dependabot · 2025-02-10T21:51:21Z

Bumps serialize-javascript to 6.0.2 and updates ancestor dependency nuxt. These dependencies need to be updated together.

Updates serialize-javascript from 1.4.0 to 6.0.2

Release notes

Sourced from serialize-javascript's releases.

v6.0.2

fix: serialize URL string contents to prevent XSS (#173) f27d65d

Bump @babel/traverse from 7.10.1 to 7.23.7 (#171) 02499c0

docs: update readme with URL support (#146) 0d88527

chore: update node version and lock file e2a3a91

fix typo (#164) 5a1fa64

yahoo/serialize-javascript@v6.0.1...v6.0.2

v6.0.1

What's Changed

Bump mocha from 9.0.1 to 9.0.2 by @dependabot in yahoo/serialize-javascript#126

Bump mocha from 9.0.2 to 9.0.3 by @dependabot in yahoo/serialize-javascript#127

Bump path-parse from 1.0.6 to 1.0.7 by @dependabot in yahoo/serialize-javascript#129

Bump mocha from 9.0.3 to 9.1.0 by @dependabot in yahoo/serialize-javascript#130

Bump mocha from 9.1.0 to 9.1.1 by @dependabot in yahoo/serialize-javascript#131

Bump mocha from 9.1.1 to 9.1.2 by @dependabot in yahoo/serialize-javascript#132

Bump mocha from 9.1.2 to 9.1.3 by @dependabot in yahoo/serialize-javascript#133

Bump mocha from 9.1.3 to 9.1.4 by @dependabot in yahoo/serialize-javascript#137

Bump mocha from 9.1.4 to 9.2.0 by @dependabot in yahoo/serialize-javascript#138

Bump chai from 4.3.4 to 4.3.6 by @dependabot in yahoo/serialize-javascript#140

Bump ansi-regex from 5.0.0 to 5.0.1 by @dependabot in yahoo/serialize-javascript#141

Bump mocha from 9.2.0 to 9.2.2 by @dependabot in yahoo/serialize-javascript#143

Bump minimist from 1.2.5 to 1.2.6 by @dependabot in yahoo/serialize-javascript#144

Bump mocha from 9.2.2 to 10.0.0 by @dependabot in yahoo/serialize-javascript#145

Bump mocha from 10.0.0 to 10.1.0 by @dependabot in yahoo/serialize-javascript#149

Bump chai from 4.3.6 to 4.3.7 by @dependabot in yahoo/serialize-javascript#150

ci: test.yml - actions bump by @piwysocki in yahoo/serialize-javascript#151

Bump minimatch from 3.0.4 to 3.1.2 by @dependabot in yahoo/serialize-javascript#152

Bump mocha from 10.1.0 to 10.2.0 by @dependabot in yahoo/serialize-javascript#153

Bump json5 from 2.1.3 to 2.2.3 by @dependabot in yahoo/serialize-javascript#155

Fix serialization issue for 0n. by @momocow in yahoo/serialize-javascript#156

Release v6.0.1 by @okuryu in yahoo/serialize-javascript#157

New Contributors

@piwysocki made their first contribution in yahoo/serialize-javascript#151

@momocow made their first contribution in yahoo/serialize-javascript#156

Full Changelog: yahoo/serialize-javascript@v6.0.0...v6.0.1

v6.0.0

Changelog

Add support for URL's (#123)

Bump mocha from 9.0.0 to 9.0.1 (#124)

Bump mocha from 8.4.0 to 9.0.0 (#121)

Update Node.js CI matrix (#122)

Bump mocha from 8.3.2 to 8.4.0 (#120)

Bump lodash from 4.17.19 to 4.17.21 (#119)

Bump y18n from 4.0.0 to 4.0.1 (#116)

Bump chai from 4.3.3 to 4.3.4 (#115)

... (truncated)

Commits

b71ec23 6.0.2
f27d65d fix: serialize URL string contents to prevent XSS (#173)
02499c0 Bump @babel/traverse from 7.10.1 to 7.23.7 (#171)
0d88527 docs: update readme with URL support (#146)
e2a3a91 chore: update node version and lock file
5a1fa64 fix typo (#164)
7139f92 Release v6.0.1 (#157)
7e23ae8 Fix serialization issue for 0n. (#156)
343abd9 Bump json5 from 2.1.3 to 2.2.3 (#155)
38d0e70 Bump mocha from 10.1.0 to 10.2.0 (#153)
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by redonkulus, a new releaser for serialize-javascript since your current version.

Updates nuxt from 1.3.0 to 3.15.4

Release notes

Sourced from nuxt's releases.

v3.15.4

3.15.4 is the next patch release.

✅ Upgrading

As usual, our recommendation for upgrading is to run:
npx nuxi@latest upgrade --force
This will refresh your lockfile as well, and ensures that you pull in updates from other dependencies that Nuxt relies on, particularly in the unjs ecosystem.

👉 Changelog

compare changes

🩹 Fixes

nuxt: Improve error logging when parsing with acorn (#30754)

nuxt: Clear island uid before saving into the payload (#30767)

kit: Load @nuxt/schema from nuxt package dir (#30774)

nuxt: Allow restarting nuxt on paths outside srcDir (#30771)

nuxt: Don't warn about calling useRoute in SFC setup (#30788)

webpack: Disallow cross-site requests in no-cors mode (#30757)

vite: Restore externality for dev server externals (#30802)

💅 Refactors

vite: Use new rollup chunk.names for asset names (#30780)

❤️ Contributors

Daniel Roe (@danielroe)

Peter Radko (@Gwynerva)

Lansi (@lansi951)

Julien Huang (@huang-julien)

Norbiros (@Norbiros)

v3.15.3

3.15.3 is the next regularly scheduled patch release.

👀 Highlights

CORS configuration for dev server

Alongside a range of improvements, we've also shipped a significant fix to impose CORS origin restrictions on the dev server. This applies to your Vite or Webpack/Rspack dev middleware only.

This is a significant/breaking change we would not normally ship in a patch but it is a security fix (see GHSA-4gf7-ff8x-hq99 and GHSA-2452-6xj8-jh47) and we urge you to update ASAP.

You can configure the allowed origins and other CORS options via the devServer.cors options in your nuxt.config, which may be relevant if you are developing with a custom hostname:
export default defineNuxtConfig({
</tr></table> 

... (truncated)

Commits

244da17 v3.15.4
ceaf0f5 chore(deps): update all non-major dependencies (3.x) (#30804)
626eba0 fix(nuxt): don't warn about calling useRoute in SFC setup (#30788)
7a1e5c8 fix(nuxt): allow restarting nuxt on paths outside srcDir (#30771)
ca2d91f fix(kit): load @nuxt/schema from nuxt package dir (#30774)
b78da56 fix(nuxt): clear island uid before saving into the payload (#30767)
e0c47f9 fix(nuxt): improve error logging when parsing with acorn (#30754)
940bcb8 chore(deps): update all non-major dependencies (3.x) (#30747)
048f974 v3.15.3
e96a96d perf(nuxt): enable Transition component only on client side (#30720)
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by danielroe, a new releaser for nuxt since your current version.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the Security Alerts page.

Bumps [serialize-javascript](https://github.com/yahoo/serialize-javascript) to 6.0.2 and updates ancestor dependency [nuxt](https://github.com/nuxt/nuxt/tree/HEAD/packages/nuxt). These dependencies need to be updated together. Updates `serialize-javascript` from 1.4.0 to 6.0.2 - [Release notes](https://github.com/yahoo/serialize-javascript/releases) - [Commits](yahoo/serialize-javascript@v1.4.0...v6.0.2) Updates `nuxt` from 1.3.0 to 3.15.4 - [Release notes](https://github.com/nuxt/nuxt/releases) - [Commits](https://github.com/nuxt/nuxt/commits/v3.15.4/packages/nuxt) --- updated-dependencies: - dependency-name: serialize-javascript dependency-type: indirect - dependency-name: nuxt dependency-type: direct:production ... Signed-off-by: dependabot[bot] <[email protected]>

ibcheckmarx · 2025-02-10T22:04:33Z

Checkmarx One – Scan Summary & Details – 2dff1b95-5024-4ece-8dd7-6493af13dc75

New Issues (124)

Checkmarx found the following issues in this Pull Request

Issue	Source File / Package	Checkmarx Insight
CVE-2022-37611	Npm-gh-pages-1.1.0	details Recommended version: 5.0.0 Description: Prototype pollution vulnerability in the package gh-pages versions 0.2.0 through 4.0.0 via the "partial" variable in "util.js". Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
CVE-2024-40643	Npm-htmlparser2-3.10.1	details Recommended version: 5.0.0 Description: Joplin is a free, open-source note-taking and to-do application. Joplin fails to consider that "<" followed by a non-letter character will not be c... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
CVE-2024-40643	Npm-htmlparser2-3.9.2	details Recommended version: 5.0.0 Description: Joplin is a free, open-source note-taking and to-do application. Joplin fails to consider that "<" followed by a non-letter character will not be c... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
CVE-2024-40643	Npm-htmlparser2-3.3.0	details Recommended version: 5.0.0 Description: Joplin is a free, open-source note-taking and to-do application. Joplin fails to consider that "<" followed by a non-letter character will not be c... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
CVE-2024-42461	Npm-elliptic-6.4.0	details Recommended version: 6.6.0 Description: In the elliptic package, "ECDSA" signature malleability occurs because "BER-encoded" signatures are allowed which leads to Improper Verification of... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
CVE-2024-42461	Npm-elliptic-6.4.1	details Recommended version: 6.6.0 Description: In the elliptic package, "ECDSA" signature malleability occurs because "BER-encoded" signatures are allowed which leads to Improper Verification of... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
CVE-2024-48949	Npm-elliptic-6.4.1	details Recommended version: 6.6.0 Description: The verify function in "lib/elliptic/eddsa/index.js" in the Elliptic versions 4.0.0 through 6.5.5 for Node.js omits "sig.S().gte(sig.eddsa.curve.n)... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
CVE-2024-48949	Npm-elliptic-6.4.0	details Recommended version: 6.6.0 Description: The verify function in "lib/elliptic/eddsa/index.js" in the Elliptic versions 4.0.0 through 6.5.5 for Node.js omits "sig.S().gte(sig.eddsa.curve.n)... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
CVE-2019-10742	Npm-axios-0.17.1	details Recommended version: 0.28.0 Description: Axios versions 0.19.0-beta.1 and all versions up to and including 0.18.0 allows attackers to cause a denial of service (application crash) by conti... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
CVE-2020-26311	Npm-useragent-2.3.0	details Description: Useragent is a user agent parser for Node.js. All versions as of time of publication contain one or more regular expressions that are vulnerable to... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
CVE-2021-3749	Npm-axios-0.17.1	details Recommended version: 0.28.0 Description: The package axios prior to 0.21.2 is vulnerable to Inefficient Regular Expression Complexity Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
CVE-2022-37620	Npm-html-minifier-3.5.16	details Description: A Regular Expression Denial of Service (ReDoS) flaw was found in html-minifier versions 2.1.0 through 4.0.0 via the "candidate" variable in "htmlmi... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
CVE-2022-37620	Npm-html-minifier-3.5.21	details Description: A Regular Expression Denial of Service (ReDoS) flaw was found in html-minifier versions 2.1.0 through 4.0.0 via the "candidate" variable in "htmlmi... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
CVE-2022-37620	Npm-html-minifier-3.5.5	details Description: A Regular Expression Denial of Service (ReDoS) flaw was found in html-minifier versions 2.1.0 through 4.0.0 via the "candidate" variable in "htmlmi... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
CVE-2024-21536	Npm-http-proxy-middleware-0.17.3	details Recommended version: 2.0.7 Description: The http-proxy-middleware versions through 2.0.7-beta.0 and 3.0.0-beta.0 through 3.0.2 are vulnerable to Denial of Service (DoS) due to an "Unhandl... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
CVE-2024-21536	Npm-http-proxy-middleware-0.17.4	details Recommended version: 2.0.7 Description: The http-proxy-middleware versions through 2.0.7-beta.0 and 3.0.0-beta.0 through 3.0.2 are vulnerable to Denial of Service (DoS) due to an "Unhandl... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
CVE-2024-21536	Npm-http-proxy-middleware-0.18.0	details Recommended version: 2.0.7 Description: The http-proxy-middleware versions through 2.0.7-beta.0 and 3.0.0-beta.0 through 3.0.2 are vulnerable to Denial of Service (DoS) due to an "Unhandl... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
CVE-2024-21536	Npm-http-proxy-middleware-0.19.2	details Recommended version: 2.0.7 Description: The http-proxy-middleware versions through 2.0.7-beta.0 and 3.0.0-beta.0 through 3.0.2 are vulnerable to Denial of Service (DoS) due to an "Unhandl... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
CVE-2024-21536	Npm-http-proxy-middleware-0.19.1	details Recommended version: 2.0.7 Description: The http-proxy-middleware versions through 2.0.7-beta.0 and 3.0.0-beta.0 through 3.0.2 are vulnerable to Denial of Service (DoS) due to an "Unhandl... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
CVE-2024-21538	Npm-cross-spawn-3.0.1	details Recommended version: 6.0.6 Description: Versions of the package cross-spawn prior to 6.0.6 and 7.x prior to 7.0.5 are vulnerable to Regular Expression Denial of Service (ReDoS), due to im... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
CVE-2024-21538	Npm-cross-spawn-5.1.0	details Recommended version: 6.0.6 Description: Versions of the package cross-spawn prior to 6.0.6 and 7.x prior to 7.0.5 are vulnerable to Regular Expression Denial of Service (ReDoS), due to im... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
CVE-2024-21538	Npm-cross-spawn-6.0.5	details Recommended version: 6.0.6 Description: Versions of the package cross-spawn prior to 6.0.6 and 7.x prior to 7.0.5 are vulnerable to Regular Expression Denial of Service (ReDoS), due to im... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
CVE-2024-29180	Npm-webpack-dev-middleware-1.10.1	details Recommended version: 5.3.4 Description: In webpack-dev-middleware versions prior to 5.3.4, 6.x.x prior to 6.1.2, and 7.0.0 the development middleware for devpack does not validate the sup... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
CVE-2024-29180	Npm-webpack-dev-middleware-3.6.2	details Recommended version: 5.3.4 Description: In webpack-dev-middleware versions prior to 5.3.4, 6.x.x prior to 6.1.2, and 7.0.0 the development middleware for devpack does not validate the sup... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
CVE-2024-29180	Npm-webpack-dev-middleware-3.6.0	details Recommended version: 5.3.4 Description: In webpack-dev-middleware versions prior to 5.3.4, 6.x.x prior to 6.1.2, and 7.0.0 the development middleware for devpack does not validate the sup... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
CVE-2024-29180	Npm-webpack-dev-middleware-1.12.0	details Recommended version: 5.3.4 Description: In webpack-dev-middleware versions prior to 5.3.4, 6.x.x prior to 6.1.2, and 7.0.0 the development middleware for devpack does not validate the sup... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
CVE-2024-29180	Npm-webpack-dev-middleware-2.0.6	details Recommended version: 5.3.4 Description: In webpack-dev-middleware versions prior to 5.3.4, 6.x.x prior to 6.1.2, and 7.0.0 the development middleware for devpack does not validate the sup... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
CVE-2024-29180	Npm-webpack-dev-middleware-1.12.2	details Recommended version: 5.3.4 Description: In webpack-dev-middleware versions prior to 5.3.4, 6.x.x prior to 6.1.2, and 7.0.0 the development middleware for devpack does not validate the sup... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
CVE-2024-29180	Npm-webpack-dev-middleware-3.4.0	details Recommended version: 5.3.4 Description: In webpack-dev-middleware versions prior to 5.3.4, 6.x.x prior to 6.1.2, and 7.0.0 the development middleware for devpack does not validate the sup... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
CVE-2024-29415	Npm-ip-1.1.9	details Description: The ip package 0.0.2 through 2.0.1 for Node.js might allow SSRF because some IP addresses (such as 127.1, 01200034567, 012.1.2.3, 000:0:0000::01, a... Attack Vector: NETWORK Attack Complexity: HIGH Vulnerable Package
CVE-2024-29415	Npm-ip-1.0.1	details Description: The ip package 0.0.2 through 2.0.1 for Node.js might allow SSRF because some IP addresses (such as 127.1, 01200034567, 012.1.2.3, 000:0:0000::01, a... Attack Vector: NETWORK Attack Complexity: HIGH Vulnerable Package
CVE-2024-29415	Npm-ip-1.1.5	details Description: The ip package 0.0.2 through 2.0.1 for Node.js might allow SSRF because some IP addresses (such as 127.1, 01200034567, 012.1.2.3, 000:0:0000::01, a... Attack Vector: NETWORK Attack Complexity: HIGH Vulnerable Package
CVE-2024-33883	Npm-ejs-2.5.7	details Recommended version: 3.1.10 Description: The ejs (aka Embedded JavaScript templates) package versions prior to 3.1.10 for Node.js lacks certain pollution protection. Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
CVE-2024-33883	Npm-ejs-2.6.1	details Recommended version: 3.1.10 Description: The ejs (aka Embedded JavaScript templates) package versions prior to 3.1.10 for Node.js lacks certain pollution protection. Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
CVE-2024-37890	Npm-ws-6.1.3	details Recommended version: 6.2.3 Description: The ws is an open-source WebSocket client and server for Node.js. A request with a number of headers exceeding the "server.maxHeadersCount" thresho... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
CVE-2024-37890	Npm-ws-3.2.0	details Recommended version: 5.2.4 Description: The ws is an open-source WebSocket client and server for Node.js. A request with a number of headers exceeding the "server.maxHeadersCount" thresho... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
CVE-2024-37890	Npm-ws-3.3.3	details Recommended version: 5.2.4 Description: The ws is an open-source WebSocket client and server for Node.js. A request with a number of headers exceeding the "server.maxHeadersCount" thresho... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
CVE-2024-37890	Npm-ws-4.1.0	details Recommended version: 5.2.4 Description: The ws is an open-source WebSocket client and server for Node.js. A request with a number of headers exceeding the "server.maxHeadersCount" thresho... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
CVE-2024-37890	Npm-ws-2.3.1	details Recommended version: 5.2.4 Description: The ws is an open-source WebSocket client and server for Node.js. A request with a number of headers exceeding the "server.maxHeadersCount" thresho... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
CVE-2024-38355	Npm-socket.io-2.1.1	details Recommended version: 2.5.1 Description: Socket.IO is an open-source, real-time, bidirectional, event-based, communication framework. A specially crafted Socket.IO packet can trigger an un... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
CVE-2024-4068	Npm-braces-0.1.5	details Recommended version: 3.0.3 Description: The NPM package "braces", versions prior to 3.0.3, fails to limit the number of characters it can handle, which could lead to Memory Exhaustion. In... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
CVE-2024-4068	Npm-braces-2.3.2	details Recommended version: 3.0.3 Description: The NPM package "braces", versions prior to 3.0.3, fails to limit the number of characters it can handle, which could lead to Memory Exhaustion. In... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
CVE-2024-4068	Npm-braces-1.8.5	details Recommended version: 3.0.3 Description: The NPM package "braces", versions prior to 3.0.3, fails to limit the number of characters it can handle, which could lead to Memory Exhaustion. In... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
CVE-2024-45296	Npm-path-to-regexp-1.7.0	details Recommended version: 1.9.0 Description: The path-to-regexp turns path strings into regular expressions. In certain cases, path-to-regexp will output a regular expression that can be explo... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package

More results are available on the CxOne platform

Fixed Issues (45)

Great job! The following issues were fixed in this Pull Request

Severity	Issue	Source File / Package
	CVE-2018-3745	Npm-atob-2.0.3
	CVE-2021-25949	Npm-set-getter-0.1.0
	CVE-2023-26115	Npm-word-wrap-1.2.3
	Client_DOM_XSS	/docs/assets/js/app.a1057ba4.js: 4481
	Cx2a483c11-ee9d	Npm-underscore.string-2.3.3
	Cx89601373-08db	Npm-debug-3.2.6
	Cx89601373-08db	Npm-debug-3.0.1
	Cx89601373-08db	Npm-debug-2.6.8
	Cx89601373-08db	Npm-debug-2.6.9
	Cx89601373-08db	Npm-debug-0.7.4
	Cx89601373-08db	Npm-debug-4.1.1
	Cx89601373-08db	Npm-debug-3.2.7
	Cx89601373-08db	Npm-debug-2.6.1
	Cx89601373-08db	Npm-debug-2.2.0
	Cx89601373-08db	Npm-debug-4.1.0
	Cx89601373-08db	Npm-debug-2.6.3
	Cx89601373-08db	Npm-debug-3.1.0
	Cxab55612e-3a56	Npm-braces-3.0.2
	Cxab55612e-3a56	Npm-braces-1.8.5
	Cxab55612e-3a56	Npm-braces-0.1.5
	Cxab55612e-3a56	Npm-braces-2.3.0
	Cxab55612e-3a56	Npm-braces-2.3.2
	Cxca84a1c2-1f12	Npm-micromatch-3.1.10
	Cxca84a1c2-1f12	Npm-micromatch-3.1.5
	Cxca84a1c2-1f12	Npm-micromatch-2.3.11
	Cxf6e7f2c1-dc59	Npm-yauzl-2.4.1
	Cxf6e7f2c1-dc59	Npm-yauzl-2.10.0
	Prototype_Pollution	/docs/assets/js/app.a1057ba4.js: 4063
	Prototype_Pollution	/docs/assets/js/app.a1057ba4.js: 4166
	Prototype_Pollution	/docs/assets/js/app.a1057ba4.js: 4082
	Prototype_Pollution	/docs/assets/js/app.a1057ba4.js: 4082
	Prototype_Pollution	/docs/assets/js/app.a1057ba4.js: 3996
	CVE-2018-7651	Npm-ssri-5.2.1
	Client_Potential_XSS	/docs/assets/js/app.a1057ba4.js: 2470
	Client_Potential_XSS	/docs/assets/js/app.a1057ba4.js: 2470
	Client_ReDoS_From_Regex_Injection	/docs/assets/js/app.a1057ba4.js: 5785
	Cx14b19a02-387a	Npm-body-parser-1.19.0
	Cx14b19a02-387a	Npm-body-parser-1.18.3
	Cx14b19a02-387a	Npm-body-parser-1.18.2
	Cx65afcea4-5e85	Npm-event-pubsub-4.3.0
	Cxba768ce4-aa4e	Npm-node-ipc-9.1.1
	Cxc785342e-d1eb	Npm-js-message-1.0.5
	Cxe84e5215-7539	Npm-js-queue-2.0.0
	Cxf9de4751-620f	Npm-easy-stack-1.0.0
	Missing_HSTS_Header	/examples/integration/contentful/bin/download-content-model.js: 56

dependabot bot added the dependencies Pull requests that update a dependency file label Feb 10, 2025

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

build(deps): bump serialize-javascript and nuxt in /examples/integration/contentful #155

build(deps): bump serialize-javascript and nuxt in /examples/integration/contentful #155

dependabot bot commented on behalf of github Feb 10, 2025

ibcheckmarx commented Feb 10, 2025

build(deps): bump serialize-javascript and nuxt in /examples/integration/contentful #155

Are you sure you want to change the base?

build(deps): bump serialize-javascript and nuxt in /examples/integration/contentful #155

Conversation

dependabot bot commented on behalf of github Feb 10, 2025

v6.0.2

v6.0.1

What's Changed

New Contributors

v6.0.0

v3.15.4

✅ Upgrading

👉 Changelog

🩹 Fixes

💅 Refactors

❤️ Contributors

v3.15.3

👀 Highlights

CORS configuration for dev server

ibcheckmarx commented Feb 10, 2025