MT#61724 Dependencies upgrade January

Resolved 21 out of 22 vulnerabilities (1 Low, 6 Moderate, 15 High). Only vulnerability left is a moderate one from "vue-template-compiler", a dependency of @quasar/quasar-app-extension-testing-unit-jest. Tried the yarn resolution method too, however the version needed to resolve the vulnerability is not compatible with our current setup. Change-Id: I5477c791542196d14dcb6b809c76c4981c8a0973 (cherry picked from commit 09f639c935) (cherry picked from commit d2ff287a63)
11 months ago · 8b0f5d8ae3
parent ee9384331e
commit 8b0f5d8ae3
3 changed files with 2203 additions and 2285 deletions
--- a/package.json
+++ b/package.json
@ -34,7 +34,6 @@
    "axios": "1.7.4",
    "content-disposition": "^0.5.4",
    "core-js": "^3.6.5",
-    "crypto": "npm:crypto-browserify",
    "crypto-browserify": "^3.12.0",
    "decode-uri-component": "^0.4.0",
    "eventsource": "^2.0.2",
@ -50,25 +49,25 @@
    "path": "0.12.7",
    "qrcode": "1.5.0",
    "quasar": "2.17.0",
-    "stream": "npm:stream-browserify",
    "stream-browserify": "^3.0.0",
    "terser": "^5.14.2",
    "tiny-emitter": "2.1.0",
-    "vue": "3",
-    "vue-i18n": "9.2.2",
+    "vue": "3.5.13",
+    "vue-i18n": "9.14.2",
    "vue-resource": "^1.5.1",
-    "vue-router": "4",
+    "vue-router": "4.5.0",
    "vue-scrollto": "^2.18.2",
    "vue-simple-password-meter": "1.3.4",
-    "vuex": "4",
+    "vuex": "4.1.0",
    "zxcvbn": "^4.4.2"
  },
  "devDependencies": {
+    "@babel/core": "^7.11.0",
    "@babel/eslint-parser": "^7.25.7",
    "@babel/plugin-transform-private-methods": "7.25.7",
-    "@quasar/app-webpack": "3.14.0",
+    "@quasar/app-webpack": "3.15.1",
    "@quasar/cli": "2.4.1",
-    "@quasar/quasar-app-extension-testing": "1.0.5",
+    "@quasar/quasar-app-extension-testing": "2.2.0",
    "@quasar/quasar-app-extension-testing-unit-jest": "3.0.3",
    "@vue/test-utils": "2.4.1",
    "commander": "6.2.1",
@ -91,7 +90,7 @@
    "parseuri": "^0.0.6",
    "stylus": "0.63.0",
    "stylus-loader": "8.1.1",
-    "uuid": "8.3.1",
+    "uuid": "11.0.4",
    "vue-wait": "^1.5.3",
    "vuelidate": "^0.7.7"
  },
--- a/quasar.conf.js
+++ b/quasar.conf.js
@ -124,6 +124,11 @@ module.exports = function (ctx) {

            // https://quasar.dev/quasar-cli/handling-webpack
            extendWebpack (cfg) {
+                cfg.resolve.fallback = {
+                    crypto: 'crypto-browserify',
+                    stream: 'stream-browserify',
+                    vm: false
+                }
                cfg.plugins.push(
                    new ESLintPlugin({ extensions: ['js', 'vue'] })
                )
--- a/yarn.lock
+++ b/yarn.lock