Skip to content

Update dependency vuetify to v2.6.10 [SECURITY]#21

Open
renovate[bot] wants to merge 1 commit into
masterfrom
renovate/npm-vuetify-vulnerability
Open

Update dependency vuetify to v2.6.10 [SECURITY]#21
renovate[bot] wants to merge 1 commit into
masterfrom
renovate/npm-vuetify-vulnerability

Conversation

@renovate

@renovate renovate Bot commented Sep 25, 2022

Copy link
Copy Markdown

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package Change Age Confidence
vuetify (source) 2.4.62.6.10 age confidence

Vuetify Cross-site Scripting vulnerability

CVE-2022-25873 / GHSA-q4q5-c5cv-2p68

More information

Details

The package vuetify from 2.0.0-beta.4 and before 2.6.10 are vulnerable to Cross-site Scripting (XSS) due to improper input sanitization in the 'eventName' function within the VCalendar component.

Severity

  • CVSS Score: 5.4 / 10 (Medium)
  • Vector String: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

References

This data is provided by the GitHub Advisory Database (CC-BY 4.0).


Release Notes

vuetifyjs/vuetify (vuetify)

v2.6.10

Compare Source

🔧 Bug Fixes
🔬 Code Refactoring
  • VSelect: render highlight with vnodes instead of innerHTML (4468e3c)
BREAKING CHANGES
  • VCalendar: eventName function can no longer render arbitrary HTML, convert to VNodes instead.
    eventSummary can no longer be used with v-html, replace with <component :is="{ render: eventSummary }" />

v2.6.9

Compare Source

🔧 Bug Fixes

v2.6.8

Compare Source

🔧 Bug Fixes

v2.6.7

Compare Source

🔧 Bug Fixes

v2.6.6

Compare Source

🔧 Bug Fixes
🔬 Code Refactoring

v2.6.5

Compare Source

🔧 Bug Fixes

v2.6.4

Compare Source

🔧 Bug Fixes

v2.6.3

Compare Source

🔧 Bug Fixes

v2.6.2

Compare Source

🔧 Bug Fixes

v2.6.1

Compare Source

🔧 Bug Fixes

v2.6.0

Compare Source

v2.6.0 (Horizon)

Welcome to the v2.6.0 release of Vuetify!

🤚 FAQ

  • Where is the upgrade guide?
    • There are no upgrade steps to go from v2.5 to v2.6

💪 Support Vuetify Development

Vuetify is an open source MIT project that has been made possible due to the generous contributions by our sponsors and backers. If you are interested in supporting this project, please consider:

💯 Release notes

🔧 Bug Fixes
🚀 Features
v2.6.0.beta.0 - v2.6.0

Includes bugfixes from 2.5.11 to 2.5.14

🚀 Features

v2.5.14

Compare Source

🔧 Bug Fixes

v2.5.13

Compare Source

🔧 Bug Fixes

v2.5.12

Compare Source

🔧 Bug Fixes
  • detachable: remove content element in beforeDestroy (0a0d743), closes #​14380

v2.5.11

Compare Source

🔧 Bug Fixes

v2.5.10

Compare Source

🔧 Bug Fixes

v2.5.9

Compare Source

🔧 Bug Fixes
🔄 Reverts

v2.5.8

Compare Source

🔨 Bug Fixes

v2.5.7

Compare Source

🔧 Bug Fixes

v2.5.6

Compare Source

🔧 Bug Fixes

v2.5.5

Compare Source

🔧 Bug Fixes

v2.5.4

Compare Source

🔧 Bug Fixes
  • VCalendar: missing events under certa

Note

PR body was truncated to here.


Configuration

📅 Schedule: (UTC)

  • Branch creation
    • At any time (no schedule defined)
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.


  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate Bot changed the title Update dependency vuetify to v2.6.10 [SECURITY] Update dependency vuetify to v2.6.10 [SECURITY] - autoclosed Feb 24, 2024
@renovate renovate Bot closed this Feb 24, 2024
@renovate renovate Bot deleted the renovate/npm-vuetify-vulnerability branch February 24, 2024 07:46
@renovate renovate Bot changed the title Update dependency vuetify to v2.6.10 [SECURITY] - autoclosed Update dependency vuetify to v2.6.10 [SECURITY] Feb 24, 2024
@renovate renovate Bot reopened this Feb 24, 2024
@renovate renovate Bot restored the renovate/npm-vuetify-vulnerability branch February 24, 2024 09:34
@renovate renovate Bot force-pushed the renovate/npm-vuetify-vulnerability branch from d1e7bdd to 2d4aea3 Compare February 24, 2024 09:34
@renovate renovate Bot force-pushed the renovate/npm-vuetify-vulnerability branch from 2d4aea3 to 8a7e524 Compare August 10, 2025 12:36
@renovate renovate Bot force-pushed the renovate/npm-vuetify-vulnerability branch from 8a7e524 to fa76217 Compare September 25, 2025 16:28
@renovate renovate Bot force-pushed the renovate/npm-vuetify-vulnerability branch from fa76217 to 248fad8 Compare October 21, 2025 14:43
@renovate renovate Bot force-pushed the renovate/npm-vuetify-vulnerability branch from 248fad8 to 725a095 Compare March 5, 2026 19:53
@renovate renovate Bot changed the title Update dependency vuetify to v2.6.10 [SECURITY] Update dependency vuetify to v2.6.10 [SECURITY] - autoclosed Mar 27, 2026
@renovate renovate Bot closed this Mar 27, 2026
@renovate renovate Bot deleted the renovate/npm-vuetify-vulnerability branch March 27, 2026 01:55
@renovate renovate Bot changed the title Update dependency vuetify to v2.6.10 [SECURITY] - autoclosed Update dependency vuetify to v2.6.10 [SECURITY] Mar 30, 2026
@renovate renovate Bot reopened this Mar 30, 2026
@renovate renovate Bot force-pushed the renovate/npm-vuetify-vulnerability branch 2 times, most recently from 725a095 to 60e6215 Compare March 30, 2026 22:12
@renovate renovate Bot force-pushed the renovate/npm-vuetify-vulnerability branch from 60e6215 to d80ee17 Compare April 29, 2026 20:12
@renovate renovate Bot force-pushed the renovate/npm-vuetify-vulnerability branch from d80ee17 to 9558772 Compare May 12, 2026 12:31
@renovate renovate Bot force-pushed the renovate/npm-vuetify-vulnerability branch from 9558772 to d44f528 Compare May 28, 2026 16:44
@renovate renovate Bot force-pushed the renovate/npm-vuetify-vulnerability branch from d44f528 to b5dbea2 Compare June 1, 2026 19:49
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants