Update dependency vuetify to v2.6.10 [SECURITY] #227

renovate · 2022-09-25T10:43:47Z

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
vuetify (source)	`2.5.8` -> `2.6.10`

GitHub Vulnerability Alerts

CVE-2022-25873

The package vuetify from 2.0.0-beta.4 and before 2.6.10 are vulnerable to Cross-site Scripting (XSS) due to improper input sanitization in the 'eventName' function within the VCalendar component.

Release Notes

vuetifyjs/vuetify (vuetify)

`v2.6.10`

Compare Source

🔧 Bug Fixes

VCalendar: prevent XSS from eventName function (ade1434), closes #15757
VDialog: don't try to focus tabindex="-1" or hidden inputs (89e3850), closes #15745
VMenu: disable activatorFixed when attach is enabled (#15709) (464529a), closes #14922
VTextField: only show clear icon on hover or when focused (7a51ad0)
VTextField: prevent tabbing to clear button (f8ee680), closes #11202
web-types: add support for VDataTable pattern slots (#15694) (ac45c98)

🔬 Code Refactoring

VSelect: render highlight with vnodes instead of innerHTML (4468e3c)

BREAKING CHANGES

VCalendar: eventName function can no longer render arbitrary HTML, convert to VNodes instead.
eventSummary can no longer be used with v-html, replace with <component :is="{ render: eventSummary }" />

`v2.6.9`

Compare Source

🔧 Bug Fixes

VCalendar: add aria roles to monthly calendar (#14640) (2cd34b4), closes #14604
VCalendar: forward all bound events to internal elements (#15592) (299330c)
VCarousel: add keys to delimiter buttons (#15459) (8d3895b)
VPagination: ignore invalid length values (f3f8d15), closes #15499
VRadio: change icon color when disabled (0cc43e2)
VSwitch: only affect control opacity when disabled (1e0a4ad)

`v2.6.8`

Compare Source

🔧 Bug Fixes

VDataTable: display header text instead of value in group headers (100053f), closes #11516
VItemGroup: use valueComparator when updating value (#15395) (8bedb7c), closes #15394
VSimpleCheckbox: directly specify ripple directive definition (00a9668), closes #12224

`v2.6.7`

Compare Source

🔧 Bug Fixes

styles: resolve css validation errors (621f273), closes #15320
VDialog: focus on internal content when shown (#14584) (ffbaae1), closes #14581
VInput: allow text selection in disabled inputs (#14465) (760490d), closes #14238
VList: don't trigger keyboard events on disabled items (#15339) (817df79), closes #15322
VOtpInput: support paste and autofill on mobile (8c67ed8), closes #14801
VRadio: use correct disabled color for icons (3115798)
VSelect: allow keyboard selection of items with value 0 (969aba4), closes #15166
VTabs: use ResizeObserver if available (ff519c6), closes #4733 #10455 #12783 #14195 #15316
VTimeline: disable arrow shadow on clickable cards (27ba2c9), closes #14193

`v2.6.6`

Compare Source

🔧 Bug Fixes

locale: update catalan translations (#15012) (2eab4f2)
mdi-svg: update contextual icons (5918484), closes #14327
VOverflowBtn: make persistentPlaceholder label visible (#15055) (002afbe), closes #15052
VSelect: set min-height on correct element (d41a327), closes #15047

🔬 Code Refactoring

VDatePicker: single split call (#15082) (dc48652)

`v2.6.5`

Compare Source

🔧 Bug Fixes

locale: add missing Finnish translations (#14824) (f0e5889)
locale: improve spanish translations (#14965) (a427b96)
selection controls: emit focus/blur events (75404fb), closes #14862
VCalendar: fix transparent header on category calendar (#14725) (33002fa), closes #14723
VImg: accept scopedSlots (96888d5), closes #14686
VTreeview: independent selection inheriting parent state (#14956) (2034df6), closes #14955

`v2.6.4`

Compare Source

🔧 Bug Fixes

VDialog/VMenu: remove duplicate toggleable mixin (860be6b), closes #14719
VPagination: get available width before initial mount (472bbb4), closes #14590
VSelect: update menu position on selection change (5974a84), closes #14688

`v2.6.3`

Compare Source

🔧 Bug Fixes

VCalendar: use theme background color for categories (#14558) (185408b), closes #14433
VData: don't reset sortBy/sortDesc to [] on clear (9cf48e4), closes #14423
VDialog: change the role from "document" to "dialog" (#14602) (158e0b5), closes #14231
VMenu: null check content in mouseleave handler (e13eee1), closes #14619
VMenu: wrong alignment in RTL mode (#14556) (446963f), closes #12195
VNavigationDrawer: don't update miniVariant without expandOnHover (bb2b11e), closes #14555
VTab: disabled tab can be reached by keyboard (#14606) (d110f58), closes #14601

`v2.6.2`

Compare Source

🔧 Bug Fixes

application: allow use of multiple drawers (#14450) (85a1186), closes #13665
types: add missing VOtpInput export in lib.d.ts (#14497) (00f3f0a), closes #14496
VBottomNavigation: only calculate isActive state when using hideOnScroll (f58afb4), closes #11640
VCombobox: don't reset search when cleared (#14531) (79cd41d), closes #14507
VMenu: don't add button role with openOnHover (24ccd88), closes #14377
VNavigationDrawer: always bind mouseover events (#14523) (03e683f), closes #13309
VOtpInput: update internalValue on paste (bab2fa2), closes #14536
VOtpInput: update the otp when value changes (#14460) (c58f02a), closes #14437
VSelect: Do not keep null items when filtering duplicates (#14464) (8fd3510), closes #14421
VSlideGroup: account for inverted RTL scrolling (092fceb), closes #14529
VSlideGroup: skip width update if destroyed (1bb1455), closes #14470
VStepper: editable step tab navigation (#14036) (256fa93), closes #14022
VTabs: correctly set active state with exact prop (#14500) (74ec950), closes #14431 #14459
VTextarea: apply correct input styles with solo-inverted prop (ea96084), closes #11848
VTooltip: allow disabling openOnClick/openOnFocus (28a64c4), closes #14444

`v2.6.1`

Compare Source

🔧 Bug Fixes

locale: update it translations (#14398) (33385d5)
VBanner: remove background when using the outlined prop (2af9a41), closes #12081
VCalendar: add nativeEvent to all re-emitted events (#14307) (bb78e4e), closes #9485
VCalendar: continue touchMove event between days (#14392) (10c78d2), closes #13174
VCard: remove default click handler (6d1c0f6), closes #14447
VDataTable: use hasOwnProperty to check dynamic slot presence (ca4cbda), closes #14425
VDialog: allow width to be set to auto (ef8b3cc), closes #6919 #14419
VItemGroup: allow null values (#14436) (a0dd90d), closes #9073
VItemGroup: allow object values and custom comparator (#14328) (324b818), closes #10571
VRipple: use $ripple-animation-visible-opacity variable (#14365) (3f8f577), closes #11505
VStepper: expand stepper label to full width (#14362) (e6e5fd2), closes #12584
VTabs: allow set VTab inactive if optional property is set (#14399) (958d4e6), closes #14397

`v2.6.0`

Compare Source

v2.6.0 (Horizon)

Welcome to the v2.6.0 release of Vuetify!

❗️ Important Links

📄 Docs
🚨 Issues
🏬 Store
🎮 Play
💬 Discord
🐦 Twitter
👽 Reddit

🤚 FAQ

Where is the upgrade guide?
- There are no upgrade steps to go from v2.5 to v2.6

💪 Support Vuetify Development

Vuetify is an open source MIT project that has been made possible due to the generous contributions by our sponsors and backers. If you are interested in supporting this project, please consider:

💯 Release notes

🔧 Bug Fixes

VAutocomplete: remove selected item when input is cleared (#13854) (57d3469), closes #5917
VDialog: default to auto width (6ac8007), closes #6919

🚀 Features

framework: add tag attribute to createSimpleFunctional (682936b), closes #10026 #5469
locale: add danish locale (#13733) (0ec9d53)
styles: add $spacers-steps sass variable (#14367) (60d3e54), closes #12341
VCalendar: pass native event to v-calendar click:* events (#13760) (4429e6e), closes #13142
VCalendar: support horizontal scroll (#13164) (f55ee97), closes #13070
VDataTable: allow item.* slots to return a <td> or <th> element (a4b8856), closes #8474 #12791
VDatePicker: add date range first & last classes (#12855) (988558b), closes #12851 #12851 #12851 #12851
VInput: add hide-spin-buttons prop (#13682) (bc2d6cb), closes #6157
VOtpInput: create new component (#12761) (e3aeae7), closes #11425
VSlideGroup: add overscroll friction (3796587)
VSnackbar: only add app padding if app prop is true (28e9e9d), closes #11758
VTooltip: add $tooltip-opacity sass variable (bfdd32c), closes #11184
VTreeview: add disabled prop (de0820c), closes #5918
VTreeview: add disablePerNode prop (#14297) (f37438b), closes #14282

v2.6.0.beta.0 - v2.6.0

Includes bugfixes from 2.5.11 to 2.5.14

🚀 Features

styles: add $spacers-steps sass variable (#14367) (60d3e54), closes #12341
VTreeview: add disablePerNode prop (#14297) (f37438b), closes #14282

`v2.5.14`

Compare Source

🔧 Bug Fixes

directives: null check handlers on unbind (0eec92f), closes #14390
VSelect: don't select dividers or headers on arrow press (13f08b6), closes #14372
VTextField: set label dimensions on mount (6e3d83f), closes #14391

`v2.5.13`

Compare Source

🔧 Bug Fixes

directives: remove listeners if bound multiple times to one element (64c254f), closes #13701 #14386
transitions: don't remove display style afterLeave (99f77d9), closes #14312
VCalendar: resolve drag drop issue on firefox (#14385) (2d63881), closes #14243
VDialog: allow scrolling <select multiple> in safari (0ca7d0d), closes #9470
VDialog: support horizontal scrolling (bc82074), closes #3765
VOverlay: passthrough native events (6e2f6cd), closes #11326
VRadioGroup: passthrough custom attributes (75e0ecc), closes #10704
VRangeSlider: allow both thumbs to be set to the same value (2aedfc5), closes #13738
VTabs: don't try to reactivate inactive tabs (c41b5bf), closes #14387

`v2.5.12`

Compare Source

🔧 Bug Fixes

detachable: remove content element in beforeDestroy (0a0d743), closes #14380

`v2.5.11`

Compare Source

🔧 Bug Fixes

breakpoints: prevent overlap on HiDPI displays (#14358) (e3f28a4), closes #14353
detachable: wait for transition to finish before removing activator (4c12e40), closes #7422
locale: fix aria-label for FR locale (#14296) (933212c)
VCalendar: implicitly narrow TouchEvent (#14280) (15e28f6), closes #14276
VCombobox: keep highlighted item on filteredItems change (#14196) (da5493b), closes #14194
VDialog: don't re-focus autofocused children (262057a), closes #14345
VDialog: prevent pointer events during transition (562294b), closes #14224
VListItem: allow default color to change when inactive (#14207) (3df308f), closes #9285
VTabs: prevent selection of disabled tabs (#14229) (13545ab), closes #13728

`v2.5.10`

Compare Source

🔧 Bug Fixes

click-outside: check for ShadowRoot support (30dd6bc), closes #13845
goTo: check targetLocation when reach bottom (#13903) (c5e181e)
menuable: apply custom absolute position when attached (83f262a), closes #6877
menuable: remove unused fixed prop (52ac86e), closes #10946
Ripple: don't use Symbol to prevent ripples on parent elements (4c28ef1), closes #13383
selection-controls: don't override icon color in label if disabled (674fd5d), closes #14050 #14081
transitions: make hideOnLeave display !important (0e5438b), closes #13973
VAppBar: update active state when hide-on-scroll is changed (5eae27d), closes #12505
VCalendar: seconds -> milliseconds in error message (69bd908), closes #14160
VCalendar: touchmove does not notice category change (#14084) (1ec8c6a), closes #12366
VDataTable: don't empty header on mobile (#14191) (031b1f5), closes #14174
VSlideGroup: update scroll position on tab focus (5836928), closes #14003 #14019
VSnackbar: show background below text (ea33d85), closes #13075
VStepper: correct vertical padding in rtl (#14267) (b86eb5e), closes #13981
VTabs: do not deactivate item on same route query change (#14240) (c999017), closes #14156
VTextarea: update height when auto-grow is toggled (6045d49), closes #12444
VTooltip: ignore scroll offset when attached (#14223) (46938c7), closes #13961
VTreeView: independent selection drops async children (#13950) (71d6bde), closes #8791

`v2.5.9`

Compare Source

🔧 Bug Fixes

click-outside: check for ShadowRoot support (a1ce45d), closes #13845
click-outside: listen for events on document instead of body (0635cd3), closes #14040
locale: update czech translations (#14171) (1a76236)
locale: update es translation (#14095) (48c3158)
VAutocomplete: don't reset tab focus on blur (5ce6946), closes #14009
VFileInput: support persistent-placeholder (#14154) (d34c50d), closes #13969
VIcon: properly apply dense height to svg (#14129) (c15cfc7)
VListItem: override subtitle color when disabled (283218e)
VMenu: only scroll selected item into view if needed (919cc26)
VSelect: focus newly selected item on click when multiple (7f5901b), closes #11969
VSlider: prevent NaN for inputWidth when same min & max (#14116) (46cb7a2), closes #14114
VSlider: remove attributes inherit from thumb container (#14173) (50c02fd), closes #14010
VTextField: properly inherit state colors on iOS (25e9e57), closes #11942

🔄 Reverts

fix(VChip): icon size based on chip size prop (#13412) (0f980ad), closes #13813
fix(VListItem): allow default color to change when inactive (#13719) (4e4b1ea), closes #14186

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

codecov · 2022-09-25T10:46:00Z

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 25.80%. Comparing base (32fb565) to head (64b1707).
Report is 1 commits behind head on new-main.

Additional details and impacted files

@@            Coverage Diff            @@
##           new-main     #227   +/-   ##
=========================================
  Coverage     25.80%   25.80%           
=========================================
  Files             2        2           
  Lines            31       31           
  Branches          4        4           
=========================================
  Hits              8        8           
  Misses           23       23

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

Update dependency vuetify to 2.6.10 [SECURITY]

64b1707

renovate bot added the Dependency label Sep 25, 2022

renovate bot changed the title ~~Update dependency vuetify to 2.6.10 [SECURITY]~~ Update dependency vuetify to v2.6.10 [SECURITY] Mar 23, 2023

renovate bot changed the title ~~Update dependency vuetify to v2.6.10 [SECURITY]~~ Update dependency vuetify to 2.6.10 [SECURITY] Apr 30, 2023

renovate bot changed the title ~~Update dependency vuetify to 2.6.10 [SECURITY]~~ Update dependency vuetify to v2.6.10 [SECURITY] May 28, 2023

renovate bot enabled auto-merge (rebase) March 20, 2024 16:22

renovate bot changed the title ~~Update dependency vuetify to v2.6.10 [SECURITY]~~ Update dependency vuetify to v2.6.10 [SECURITY] - autoclosed Dec 8, 2024

renovate bot closed this Dec 8, 2024

auto-merge was automatically disabled December 8, 2024 18:51
Pull request was closed

renovate bot deleted the renovate/npm-vuetify-vulnerability branch December 8, 2024 18:51

renovate bot changed the title ~~Update dependency vuetify to v2.6.10 [SECURITY] - autoclosed~~ Update dependency vuetify to v2.6.10 [SECURITY] Dec 8, 2024

renovate bot reopened this Dec 8, 2024

renovate bot force-pushed the renovate/npm-vuetify-vulnerability branch from 65cbcd9 to 64b1707 Compare December 8, 2024 21:35

renovate bot enabled auto-merge (squash) December 9, 2024 01:28

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Update dependency vuetify to v2.6.10 [SECURITY] #227

Update dependency vuetify to v2.6.10 [SECURITY] #227

renovate bot commented Sep 25, 2022 •

edited

Loading

codecov bot commented Sep 25, 2022 •

edited

Loading

Update dependency vuetify to v2.6.10 [SECURITY] #227

Are you sure you want to change the base?

Update dependency vuetify to v2.6.10 [SECURITY] #227

Conversation

renovate bot commented Sep 25, 2022 • edited Loading

GitHub Vulnerability Alerts

Release Notes

🔧 Bug Fixes

🔬 Code Refactoring

BREAKING CHANGES

🔧 Bug Fixes

🔧 Bug Fixes

🔧 Bug Fixes

🔧 Bug Fixes

🔬 Code Refactoring

🔧 Bug Fixes

🔧 Bug Fixes

🔧 Bug Fixes

🔧 Bug Fixes

🔧 Bug Fixes

v2.6.0 (Horizon)

❗️ Important Links

🤚 FAQ

💪 Support Vuetify Development

💯 Release notes

🔧 Bug Fixes

🚀 Features

🚀 Features

🔧 Bug Fixes

🔧 Bug Fixes

🔧 Bug Fixes

🔧 Bug Fixes

🔧 Bug Fixes

🔧 Bug Fixes

🔄 Reverts

Configuration

codecov bot commented Sep 25, 2022 • edited Loading

Codecov Report

renovate bot commented Sep 25, 2022 •

edited

Loading

codecov bot commented Sep 25, 2022 •

edited

Loading