Data

Tools

Indexes

Applications

Experiments

Dependabot

An open index of dependabot pull requests across open source projects.

Bump the npm_and_yarn group across 3 directories with 44 updates

Open
Number: #1
Type: Pull Request
State: Open
Author: dependabot[bot] dependabot[bot]
Association: None
Comments: 0
Created: September 07, 2025 at 06:00 AM UTC
(1 day ago)
Updated: September 07, 2025 at 06:00 AM UTC
(1 day ago)
Labels:
dependencies javascript
Description:

Bumps the npm_and_yarn group with 2 updates in the /chapter-11/11.7/client directory: express and nuxt.
Bumps the npm_and_yarn group with 1 update in the /chapter-11/11.5 directory: electron.
Bumps the npm_and_yarn group with 22 updates in the /chapter-09/09.2 directory:

Package From To
vue 2.6.11 3.0.0
vue-template-compiler 2.6.11 2.7.16
express 4.17.1 4.21.2
vuetify 2.2.28 2.6.13
node-sass 4.14.1 9.0.0
sass-loader 8.0.2 16.0.5
@babel/traverse 7.9.6 7.28.4
ansi-regex 3.0.0 3.0.1
ansi-regex 4.1.0 4.1.1
ajv 6.12.2 6.12.6
async 2.6.3 2.6.4
qs 6.5.2 6.5.3
browserify-sign 4.2.0 4.2.3
cipher-base 1.0.4 1.0.6
decode-uri-component 0.2.0 0.2.2
dns-packet 1.3.1 1.3.4
ejs 2.7.4 removed
@vue/cli-plugin-babel 4.3.1 5.0.9
@vue/cli-plugin-eslint 4.3.1 5.0.9
@vue/cli-service 4.3.1 5.0.9
@vue/eslint-config-airbnb 5.0.2 5.3.0
sha.js 2.4.11 2.4.12
shelljs 0.8.4 0.8.5

Updates express from 4.21.2 to 5.1.0

Release notes

Sourced from express's releases.

v5.1.0

What's Changed

... (truncated)

Changelog

Sourced from express's changelog.

5.1.0 / 2025-03-31

  • Add support for Uint8Array in res.send()
  • Add support for ETag option in res.sendFile()
  • Add support for multiple links with the same rel in res.links()
  • Add funding field to package.json
  • perf: use loop for acceptParams
  • refactor: prefix built-in node module imports
  • deps: remove setprototypeof
  • deps: remove safe-buffer
  • deps: remove utils-merge
  • deps: remove methods
  • deps: remove depd
  • deps: debug@^4.4.0
  • deps: body-parser@^2.2.0
  • deps: router@^2.2.0
  • deps: content-type@^1.0.5
  • deps: finalhandler@^2.1.0
  • deps: qs@^6.14.0
  • deps: server-static@2.2.0
  • deps: type-is@2.0.1

5.0.1 / 2024-10-08

5.0.0 / 2024-09-10

  • remove:
    • path-is-absolute dependency - use path.isAbsolute instead
  • breaking:
    • res.status() accepts only integers, and input must be greater than 99 and less than 1000
      • will throw a RangeError: Invalid status code: ${code}. Status code must be greater than 99 and less than 1000. for inputs outside this range
      • will throw a TypeError: Invalid status code: ${code}. Status code must be an integer. for non integer inputs
    • deps: send@1.0.0
    • res.redirect('back') and res.location('back') is no longer a supported magic string, explicitly use req.get('Referrer') || '/'.
  • change:
    • res.clearCookie will ignore user provided maxAge and expires options
  • deps: cookie-signature@^1.2.1
  • deps: debug@4.3.6
  • deps: merge-descriptors@^2.0.0
  • deps: serve-static@^2.1.0
  • deps: qs@6.13.0
  • deps: accepts@^2.0.0
  • deps: mime-types@^3.0.0
    • application/javascript => text/javascript
  • deps: type-is@^2.0.0
  • deps: content-disposition@^1.0.0

... (truncated)

Commits

Updates nuxt from 2.18.1 to 4.1.1

Release notes

Sourced from nuxt's releases.

v4.1.1

v4.1.1 is a regularly scheduled patch release

✅ Upgrading

Our recommendation for upgrading is to run:

npx nuxt upgrade --dedupe

This will deduplicate your lockfile as well, and help ensure that you pull in updates from other dependencies that Nuxt relies on, particularly in the unjs ecosystem.

👉 Changelog

compare changes

🩹 Fixes

  • nuxt: Correct relative path of auto imported components (#33122)
  • nuxt: Prefer accessing globalThis over window (#33125)
  • nuxt: Migrate to AST-aware tree-shaking + route injection (#33128)
  • nuxt: Ignore #components import mapping inside packages that use it internally (#33049)
  • vite: Remove explicit vite-node configuration of deps.inline (#33133)
  • nuxt: Include trace in dev-time useRoute usage warning (#33039)
  • kit: Improve DX by displaying module name when possible (#33137)
  • nuxt: Print route middleware path in warning (#33136)
  • nuxt: Include core auto-imports from imports:sources in override warning (#33050)
  • nuxt: Render relative importmap entry path if required (#33146)

📖 Documentation

  • Add -- to bun create command (5e661f0ca)
  • Add app/ prefix in lots of cases (#33117)
  • Add JSDoc for navigateTo (#21442)

🏡 Chore

🤖 CI

  • Remove default discord reactions from thread (more noise than it's worth) (183913fe2)
  • Rewrite release workflow in ts + support multiple tags (4469ead82)
  • Pass correct flag (711037cda)
  • Pass tag via env variable (fb83cd5ba)
  • Drop 4x tags from releases (1cd8a6857)

❤️ Contributors

... (truncated)

Commits
  • f09180c v4.1.1
  • e858eea fix(nuxt): render relative importmap entry path if required (#33146)
  • 56aa16c fix(nuxt): include core auto-imports from imports:sources in override warni...
  • 27dc1f2 fix(nuxt): print route middleware path in warning (#33136)
  • b230ca2 fix(nuxt): include trace in dev-time useRoute usage warning (#33039)
  • 32d5655 fix(nuxt): ignore #components import mapping inside packages that use it inte...
  • 8314ac3 docs: add JSDoc for navigateTo (#21442)
  • 39113ab fix(nuxt): migrate to AST-aware tree-shaking + route injection (#33128)
  • c73957a fix(nuxt): prefer accessing globalThis over window (#33125)
  • 418bafe fix(nuxt): correct relative path of auto imported components (#33122)
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for nuxt since your current version.


Updates electron from 9.4.4 to 38.0.0

Release notes

Sourced from electron's releases.

electron v38.0.0

Release Notes for v38.0.0

Stack Upgrades

Breaking Changes

  • For breaking changes inherited via Chromium, see blog post

Features

Additions

  • Added before-mouse-event to allow intercepting and preventing mouse events in WebContents. #47280 (Also in 36, 37)
  • Added fileBacked and purgeable fields to process.getSystemMemoryInfo() for macOS. #48146 (Also in 37)
  • Added innerWidth and innerHeight options for window.open. #46749 (Also in 35, 36, 37)
  • Added tray.{get|set}AutosaveName to enable macOS tray icons to maintain position across launches. #48077 (Also in 36, 37)
  • Added webFrameMain.fromFrameToken(processId, frameToken) to get a WebFrameMain instance from its frame token. #47942
  • Added sublabel functionality for menus on macOS >= 14.4. #46887 (Also in 35, 36, 37)
  • Added support for app.getRecentDocuments() on Windows and macOS. #47924 (Also in 36, 37)
  • Added support for --no-experimental-global-navigator flag. #47370 (Also in 35, 36, 37)
  • Added support for HIDDevice.collections. #47391 (Also in 36, 37)
  • Added support for screen.dipToScreenPoint(point) and screen.screenToDipPoint(point) on Linux X11. #46211 (Also in 35, 36, 37)
  • Added support for customizing system accent color and highlighting of active window border. #47285 (Also in 35, 36, 37)
  • Added support for menu item role palette and header on macOS. #45538 (Also in 37)
  • Added support for node option --experimental-network-inspection. #46690 (Also in 35, 36, 37)
  • Added the priority and priorityIncremental options to net.request(). #42628 (Also in 36, 37)
  • Adds the ability to change window accent color on Windows after initial window initialization via {get|set}AccentColor. #47939 (Also in 36, 37)

Improvements

  • Exposed win.isContentProtected() to allow developers to check window protection status. #47242 (Also in 36, 37)
  • Internally switched to using DIR_ASSETS instead of DIR_MODULE/DIR_EXE to locate assets and resources, and added "assets" as a key that can be queried via app.getPath. #47950 (Also in 37)

Fixes

  • Fixed an issue where dialog.showMessageDialog showed a window incorrectly centered to monitor instead of parent window when passed. #48215
  • Fixed an issue where users on MacOS were unable to interact with a webpage loaded via loadURL. #47575
  • Fixed broken chrome://accessibility page. #47497

Also in earlier versions...

  • Fixed addChildView() crashes when adding a closed WebContentsView. #47099 (Also in 35, 36, 37)
  • Fixed a bug where app extensions filters didn't allow for selecting app bundles in macOS file dialogs. #47841 (Also in 36, 37)
  • Fixed a bug where the Referer header was not being set correctly when using webContents.downloadURL(). #47867 (Also in 36, 37)
  • Fixed a child process crash on macOS when the running application is replaced with one that has a newer implementation triggering the sandbox. #47783 (Also in 37)

... (truncated)

Changelog

Sourced from electron's changelog.

Breaking Changes

Breaking changes will be documented here, and deprecation warnings added to JS code where possible, at least one major version before the change is made.

Types of Breaking Changes

This document uses the following convention to categorize breaking changes:

  • API Changed: An API was changed in such a way that code that has not been updated is guaranteed to throw an exception.
  • Behavior Changed: The behavior of Electron has changed, but not in such a way that an exception will necessarily be thrown.
  • Default Changed: Code depending on the old default may break, not necessarily throwing an exception. The old behavior can be restored by explicitly specifying the value.
  • Deprecated: An API was marked as deprecated. The API will continue to function, but will emit a deprecation warning, and will be removed in a future release.
  • Removed: An API or feature was removed, and is no longer supported by Electron.

Planned Breaking API Changes (39.0)

Deprecated: --host-rules command line switch

Chromium is deprecating the --host-rules switch.

You should use --host-resolver-rules instead.

Behavior Changed: window.open popups are always resizable

Per current WHATWG spec, the window.open API will now always create a resizable popup window.

To restore previous behavior:

webContents.setWindowOpenHandler((details) => {
  return {
    action: 'allow',
    overrideBrowserWindowOptions: {
      resizable: details.features.includes('resizable=yes')
    }
  }
})

Behavior Changed: shared texture OSR paint event data structure

When using shared texture offscreen rendering feature, the paint event now emits a more structured object. It moves the sharedTextureHandle, planes, modifier into a unified handle property. See here for more details.

Planned Breaking API Changes (38.0)

Removed: ELECTRON_OZONE_PLATFORM_HINT environment variable

The default value of the --ozone-plaftform flag changed to auto.

... (truncated)

Commits
  • 7943386 fix: BrowserWindow add the same BrowserView (#48201)
  • a733514 fix: file-only picker incorrectly allowing some directories (#48231)
  • d590787 fix: showMessageDialog should center dialog to parent (#48215)
  • 0098160 fix: ensure dragging works again after emitting contextmenu event (#48224)
  • 207f64f chore: bump chromium to 140.0.7339.41 (38-x-y) (#48190)
  • 441cff7 feat: add fileBacked and purgeable fields to `process.getSystemMemoryInfo...
  • 9eede35 build: refactor Linux binary stripping to align with upstream (#48197)
  • 6812b13 docs: fix some module headings (#48195)
  • a64175f ci: use free GH arm runners (#48187)
  • b34e618 docs: add release timeline for Electron 39 (#48176)
  • Additional commits viewable in compare view

Updates vue from 2.6.11 to 3.0.0

Changelog

Sourced from vue's changelog.

3.0.0 (2020-09-18)

3.0.0-rc.13 (2020-09-18)

Bug Fixes

  • hmr: make hmr working with class components (#2144) (422f05e)
  • reactivity: avoid length mutating array methods causing infinite updates (#2138) (f316a33), closes #2137
  • suspense: should discard unmount effects of invalidated pending branch (5bfcad1)
  • types: component instance inference without props (#2145) (57bdaa2)

Code Refactoring

Features

  • runtime-core: support using inject() inside props default functions (58c31e3)
  • watch: support dot-delimited path in watch option (1c9a0b3)

BREAKING CHANGES

  • watch APIs now default to use flush: 'pre' instead of flush: 'post'. This change affects watch, watchEffect, the watch component option, and this.$watch. See (49bb447) for more details.

3.0.0-rc.12 (2020-09-16)

Bug Fixes

  • reactivity: effect should only recursively self trigger with explicit options (3810de7), closes #2125
  • runtime-core: ensure root stable fragments inherit elements for moving (bebd44f), closes #2134
  • runtime-core: should still do full traverse of stable fragment children in dev + hmr (dd40ad8)
  • runtime-core/async-component: fix error component when there are no error handlers (c7b4a37), closes #2129
  • types/tsx: optional props from Mixin/Extends are treated as required (#2048) (89e9ab8)

Features

  • compiler-sfc: additionalData support for css preprocessors (#2126) (066d514)

3.0.0-rc.11 (2020-09-15)

... (truncated)

Commits

Updates vue-template-compiler from 2.6.11 to 2.7.16

Release notes

Sourced from vue-template-compiler's releases.

v2.7.16 "Swan Song"

This is the final release for Vue 2.

Vue 2 will reach End of Life on December 31st, 2023. For more details, please read this blog post.

Please refer to CHANGELOG.md for details.

v2.7.16-beta.2

Please refer to CHANGELOG.md for details.

v2.7.16-beta.1

Please refer to CHANGELOG.md for details.

v2.7.15

Please refer to CHANGELOG.md for details.

v2.7.14

Please refer to CHANGELOG.md for details.

v2.7.13

Please refer to CHANGELOG.md for details.

v2.7.12

Please refer to CHANGELOG.md for details.

v2.7.11

Please refer to CHANGELOG.md for details.

v2.7.10

Please refer to CHANGELOG.md for details.

v2.7.9

Please refer to CHANGELOG.md for details.

v2.7.8

Please refer to CHANGELOG.md for details.

v2.7.7

Please refer to CHANGELOG.md for details.

v2.7.6

Please refer to CHANGELOG.md for details.

v2.7.5

Please refer to CHANGELOG.md for details.

v2.7.4

Please refer to CHANGELOG.md for details.

v2.7.3

... (truncated)

Changelog

Sourced from vue-template-compiler's changelog.

2.7.16 Swan Song (2023-12-24)

Bug Fixes

  • lifecycle: ensure component effect scopes are disconnected (56ce7f8), closes #13134

2.7.16-beta.2 (2023-12-14)

Bug Fixes

2.7.16-beta.1 (2023-12-08)

Bug Fixes

2.7.15 (2023-10-23)

Bug Fixes

  • compiler-sfc: add semicolon after defineProps statement (#12879) (51fef2c)
  • compiler-sfc: fix macro usage in multi-variable declaration (#12873) (d27c128)
  • compiler-sfc: Optimize the value of emitIdentifier (#12851) (bb59751)
  • compiler-sfc: Resolve object expression parsing errors in v-on (#12862) (b8c8b3f)
  • lifecycle: scope might changed when call hook (#13070) (74ca5a1)

... (truncated)

Commits
  • 13f4e7d release: v2.7.16
  • 56ce7f8 fix(lifecycle): esnure component effect scopes are disconnected
  • 305e4ae release: v2.7.16-beta.2
  • 3e1037e chore: bump vitest to 1.0.4
  • db9c566 fix: account for nested render calls
  • 895669f fix(types): export more types for v3 alignment (jsx / component options)
  • 73bdf14 release: v2.7.16-beta.1
  • e0747f4 fix(keep-alive): fix memory leak without breaking transition tests
  • 2632249 fix(keep-alive): fix keep-alive memory leak
  • 3650c12 fix(types): provide types for built-in components
  • Additional commits viewable in compare view

Updates express from 4.17.1 to 4.21.2

Release notes

Sourced from express's releases.

v5.1.0

What's Changed

Package Dependencies
Package:
 @babel/traverse
Ecosystem:
npm
Version Change:
7.9.6 → 7.28.4
Update Type:
Minor
Package:
vuetify
Ecosystem:
npm
Version Change:
2.2.28 → 2.6.13
Update Type:
Minor
Package:
express
Ecosystem:
npm
Version Change:
4.17.1 → 4.21.2
Update Type:
Minor
Package:
vue
Ecosystem:
npm
Version Change:
2.6.11 → 3.0.0
Update Type:
Major
Package:
decode-uri-component
Ecosystem:
npm
Version Change:
0.2.0 → 0.2.2
Update Type:
Patch
Package:
sass-loader
Ecosystem:
npm
Version Change:
8.0.2 → 16.0.5
Update Type:
Major
Package:
async
Ecosystem:
npm
Version Change:
2.6.3 → 2.6.4
Update Type:
Patch
Package:
browserify-sign
Ecosystem:
npm
Version Change:
4.2.0 → 4.2.3
Update Type:
Patch
Package:
ejs
Ecosystem:
npm
Version Change:
2.7.4 → removed
Package:
qs
Ecosystem:
npm
Version Change:
6.5.2 → 6.5.3
Update Type:
Patch
Package:
dns-packet
Ecosystem:
npm
Version Change:
1.3.1 → 1.3.4
Update Type:
Patch
Package:
shelljs
Ecosystem:
npm
Version Change:
0.8.4 → 0.8.5
Update Type:
Patch
Package:
ansi-regex
Ecosystem:
npm
Version Change:
3.0.0 → 3.0.1
Update Type:
Patch
Package:
vue-template-compiler
Ecosystem:
npm
Version Change:
2.6.11 → 2.7.16
Update Type:
Minor
Package:
ajv
Ecosystem:
npm
Version Change:
6.12.2 → 6.12.6
Update Type:
Patch
Package:
node-sass
Ecosystem:
npm
Version Change:
4.14.1 → 9.0.0
Update Type:
Major
Package:
@vue/cli-service
Ecosystem:
npm
Version Change:
4.3.1 → 5.0.9
Update Type:
Major
Package:
@vue/cli-plugin-babel
Ecosystem:
npm
Version Change:
4.3.1 → 5.0.9
Update Type:
Major
Package:
@vue/cli-plugin-eslint
Ecosystem:
npm
Version Change:
4.3.1 → 5.0.9
Update Type:
Major
Package:
@vue/eslint-config-airbnb
Ecosystem:
npm
Version Change:
5.0.2 → 5.3.0
Update Type:
Minor
Package:
sha.js
Ecosystem:
npm
Version Change:
2.4.11 → 2.4.12
Update Type:
Patch
Package:
cipher-base
Ecosystem:
npm
Version Change:
1.0.4 → 1.0.6
Update Type:
Patch
Security Advisories
cookie accepts cookie name, path, and domain with out of bounds characters
GHSA-pxg6-pf52-xh8x CVE-2024-47764 LOW
### Impact The cookie name could be used to set other fields of the cookie, resulting in an unexpected cookie value. For example, `serialize("userName=<script>alert('XSS3')</script>; Max-Age=25920...
Actions
View on GitHub View Repository All Dependabot PRs
Technical Details
ID: 7068786
UUID: 2805795121
Node ID: PR_kwDOPrPMbc6nPQkx
Host: GitHub
Repository: ibiscum/Vue.js-3.0-Cookbook
Merge State: Unknown