fix(deps): update dependency vue to v3 [security]#739

Closed

renovate[bot] wants to merge 1 commit into

mainfrom

renovate/npm-vue-vulnerability

renovate Bot commented Aug 15, 2025 •

edited

Loading

This PR contains the following updates:

Package	Change	Age	Confidence
vue (source)	`=2` -> `=2 \|\| =3.5.19`
vue (source)	`2.6.13` -> `3.0.0`

GitHub Vulnerability Alerts

CVE-2024-9506

The ReDoS can be exploited through the parseHTML function in the html-parser.ts file. This flaw allows attackers to slow down the application by providing specially crafted input that causes inefficient processing of regular expressions, leading to excessive resource consumption.

To demonstrate this vulnerability, here's an example. In a Vue client-side application, create a new Vue instance with a template string that includes a <script> tag but closes it incorrectly with something like </textarea>.

new Vue({
  el: '#app',
  template: '
    <div>
      Hello, world!
      <script>${'<'.repeat(1000000)}</textarea>
    </div>'
});

Next, set up a basic HTML page (e.g., index.html) to load this JavaScript and mount the Vue instance:

<!DOCTYPE html>
<html>
<head>
  <title>My first Vue app</title>
</head>
<body>
  <div id=\"app\">Loading...</div>
</body>
</html>

When you visit the app in your browser at http://localhost:3000, you'll notice that the time taken to parse and mount the Vue application increases significantly due to the ReDoS vulnerability, demonstrating how the flaw can affect performance.

Release Notes

vuejs/core (vue)

`v3.5.19`

Bug Fixes

compiler-core: adjacent v-else should cause a compiler error (#13699) (911e670), closes #13698
compiler-core: prevent cached array children from retaining detached dom nodes (#13691) (7f60ef8), closes element-plus/element-plus#21408 #13211
compiler-sfc: improve type inference for generic type aliases types (#12876) (d9dd628), closes #12872
compiler-sfc: throw mismatched script langs error before invoking babel (#13194) (0562548), closes #13193
compiler-ssr: disable v-memo transform in ssr vdom fallback branch (#13725) (0a202d8), closes #13724
devtools: clear performance measures (#13701) (c875019), closes #13700
hmr: prevent updating unmounting component during HMR rerender (#13775) (6e5143d), closes #13771 #13772
hydration: also set vShow name if __FEATURE_PROD_HYDRATION_MISMATCH_DETAILS__ flag is enabled (#13777) (439e1a5), closes #13744
reactivity: warn on nested readonly ref update during unwrapping (#12141) (1498821)
runtime-core: avoid setting direct ref of useTemplateRef in dev (#13449) (4a2953f)
runtime-core: improve consistency of PublicInstanceProxyHandlers.has (#13507) (d7283f3)
suspense: don't immediately resolve suspense on last dep unmount (#13456) (a871315), closes #13453
transition: handle KeepAlive + transition leaving edge case (#13152) (3190b17), closes #13153

`v3.5.18`

Bug Fixes

compiler-core: avoid cached text vnodes retaining detached DOM nodes (#13662) (00695a5), closes #13661
compiler-core: avoid self updates of v-pre (#12556) (21b685a)
compiler-core: identifiers in function parameters should not be inferred as references (#13548) (9b02923)
compiler-core: recognize empty string as non-identifier (#12553) (ce93339)
compiler-core: transform empty v-bind dynamic argument content correctly (#12554) (d3af67e)
compiler-sfc: transform empty srcset w/ includeAbsolute: true (#13639) (d8e40ef), closes vitejs/vite-plugin-vue#631
css-vars: nullish v-bind in style should not lead to unexpected inheritance (#12461) (c85f1b5), closes #12434 #12439 #7474 #7475
custom-element: ensure exposed methods are accessible from custom elements by making them enumerable (#13634) (90573b0), closes #13632
hydration: prevent lazy hydration for updated components (#13511) (a9269c6), closes #13510
runtime-core: ensure correct anchor el for unresolved async components (#13560) (7f29943), closes #13559
slots: refine internal key checking to support slot names starting with an underscore (#13612) (c5f7db1), closes #13611
ssr: ensure empty slots render as a comment node in Transition (#13396) (8cfc10a), closes #13394

`v3.5.17`

Bug Fixes

compat: allow v-model built in modifiers on component (#12654) (cb14b86), closes #12652
compile-sfc: handle mapped types work with omit and pick (#12648) (4eb46e4), closes #12647
compiler-core: do not increase newlines in InEntity state (#13362) (f05a8d6)
compiler-core: ignore whitespace when matching adjacent v-if (#12321) (10ebcef), closes #9173
compiler-core: prevent comments from blocking static node hoisting (#13345) (55dad62), closes #13344
compiler-sfc: improved type resolution for function type aliases (#13452) (f3479aa), closes #13444
custom-element: ensure configureApp is applied to async component (#12607) (5ba1afb), closes #12448
custom-element: prevent injecting child styles if shadowRoot is false (#12769) (73055d8), closes #12630
reactivity: add __v_skip flag to Dep to prevent reactive conversion (#12804) (e8d8f5f), closes #12803
runtime-core: unset old ref during patching when new ref is absent (#12900) (47ddf98), closes #12898
slots: make cache indexes marker non-enumerable (#13469) (919c447), closes #13468
ssr: handle initial selected state for select with v-model + v-for/v-if option (#13487) (1552095), closes #13486
types: typo of vOnce and vSlot (#13343) (762fae4)

`v3.5.16`

Reverts

Revert "fix(compiler-sfc): add scoping tag to trailing universal selector" (#13406) (19f23b1), closes #13406
Revert "fix(compiler-sfc): add error handling for defineModel() without variable" (#13390) (42f879f), closes #13390

`v3.5.15`

Bug Fixes

compat: ensure false value on input retains value attribute (#13216) (1a66474), closes #13205
compat: should not warn COMPILER_V_BIND_OBJECT_ORDER when using v-bind together with v-for (#12993) (93949e6), closes #12992
compile-sfc: handle inline template source map in prod build (#12701) (89edc6c), closes #12682 vitejs/vite-plugin-vue#500
compiler-core: ensure mapping is added only if node source is available (#13285) (d37a2ac), closes #13261 vitejs/vite-plugin-vue#368
compiler-dom: improve HTML nesting validation to allow any child element within template tag (#13320) (163b365), closes #13318
compiler-sfc: add error handling for defineModel() without variable assignment (#13352) (00734af), closes #13280
compiler-sfc: add scoping tag to trailing universal selector (#12918) (949df80), closes #12906
compiler-sfc: improve type inference for TSTypeAliasDeclaration with better runtime type detection (#13245) (cf5a5e0), closes #13240
compiler-sfc: simulate allowArbitraryExtensions on resolving type (#13301) (f7ce5ae), closes #13295
custom-element: allow injecting values from app context in nested elements (#13219) (b991075), closes #13212
custom-element: ensure proper remount and prevent redundant slot parsing with shadowRoot false (#13201) (1d41d4d), closes #13199
custom-element: preserve appContext during update (#12455) (013749e), closes #12453
custom-element: properly resolve props for sync component defs (#12855) (a683c80), closes #12854
hydration: handle transition appear hydration edge case (#13339) (35aeae7), closes #13335
hydration: skip lazy hydration for patched components (#13283) (80055fd), closes #13255
suspense: handle edge case in patching list nodes within Suspense (#13306) (772b008), closes #13305
teleport: handle deferred teleport updates before and after mount (#13350) (d15dce3), closes #13349
types: avoid merging component instance into $props in ComponentInstance (#12870) (f44feed), closes #12751
types: exclude undefined from inferred prop types with default values (#13007) (5179d32), closes #13006
watch: update oldValue before running cb to prevent stale value (#12296) (c69c4bb), closes #12294

`v3.5.14`

Bug Fixes

compat: correct deprecation message for v-bind.sync usage (#13137) (466b30f), closes #13133
compiler-core: remove slot cache from parent renderCache during unmounting (#13215) (5d166f3)
compiler-sfc: fix scope handling for props destructure in function parameters and catch clauses (8e34357), closes #12790
compiler-sfc: treat the return value of useTemplateRef as a definite ref (#13197) (8ae1122)
compiler: fix spelling error in domTagConfig (#13043) (388295b)
customFormatter: properly accessing ref value during debugger (#12948) (fdbd026)
hmr/teleport: adjust static children traversal for HMR in dev mode (#12819) (5e37dd0), closes #12816
hmr: avoid hydration for hmr root reload (#12450) (1f98a9c), closes vitejs/vite-plugin-vue#146 vitejs/vite-plugin-vue#477
hmr: avoid hydration for hmr updating (#12262) (9c4dbbc), closes #7706 #8170
reactivity: ensure markRaw objects are not reactive (#12824) (295b5ec), closes #12807
reactivity: ensure multiple effectScope on() and off() calls maintains correct active scope (22dcbf3), closes #12631 #12632 #12641
reactivity: should not recompute if computed does not track reactive data (#12341) (0b23fd2), closes #12337
runtime-core: stop tracking deps in setRef during unmount (#13210) (016c472)
runtime-core: update __vnode of static nodes when patching along the optimized path (#13223) (b3ecee3)
runtime-core: inherit comment nodes during block patch in production build (#10748) (6264505), closes #10747 #12650
runtime-core: prevent unmounted vnode from being inserted during transition leave (#12862) (d6a6ec1), closes #12860
runtime-core: respect immutability for readonly reactive arrays in v-for (#13091) (3f27c58), closes #13087
runtime-dom: always treat autocorrect as attribute (#13001) (1499135), closes #5705
slots: properly warn if slot invoked in setup (#12195) (9196222), closes #12194
ssr: properly init slots during ssr rendering (#12441) (2206cd2), closes #12438
transition: fix KeepAlive with transition out-in mode behavior in production (#12468) (343c891), closes #12465
TransitionGroup: reset prevChildren to prevent memory leak (#13183) (8b848cb), closes #13181
types: allow return any for Options API lifecycle hooks (#5914) (06310e8)
types: the directive's modifiers should be optional (#12605) (10e54dc)
typos: fix comments referencing transformElement.ts (#12551)[ci-skip] (11c053a)

Features

types: add type TemplateRef (#12645) (636a861)

`v3.5.13`

Bug Fixes

compiler-core: handle v-memo + v-for with functional key (#12014) (99009ee), closes #12013
compiler-dom: properly stringify template string style (#12392) (2d78539), closes #12391
custom-element: avoid triggering mutationObserver when relecting props (352bc88), closes #12214 #12215
deps: update dependency postcss to ^8.4.48 (#12356) (b5ff930)
hydration: the component vnode's el should be updated when a mismatch occurs. (#12255) (a20a4cb), closes #12253
reactivity: avoid unnecessary watcher effect removal from inactive scope (2193284), closes #5783 #5806
reactivity: release nested effects/scopes on effect scope stop (#12373) (bee2f5e), closes #12370
runtime-dom: set css vars before user onMounted hooks (2d5c5e2), closes #11533
runtime-dom: set css vars on update to handle child forcing reflow in onMount (#11561) (c4312f9)
ssr: avoid updating subtree of async component if it is resolved (#12363) (da7ad5e), closes #12362
ssr: ensure v-text updates correctly with custom directives in SSR output (#12311) (1f75d4e), closes #12309
ssr: handle initial selected state for select with v-model + v-for option (#12399) (4f8d807), closes #12395
teleport: handle deferred teleport update before mounted (#12168) (8bff142), closes #12161
templateRef: set ref on cached async component which wrapped in KeepAlive (#12290) (983eb50), closes #4999 #5004
test: update snapshot (#12169) (828d4a4)
Transition: fix transition memory leak edge case (#12182) (660132d), closes #12181
transition: reflow before leave-active class after leave-from (#12288) (4b479db), closes #2593
types: defineEmits w/ interface declaration (#12343) (1022eab), closes #8457
v-once: setting hasOnce to current block only when in v-once (#12374) (37300fc), closes #12371

Performance Improvements

reactivity: do not track inner key `__v_skip`` (#11690) (d637bd6)
runtime-core: use feature flag for call to resolveMergedOptions (#12163) (1755ac0)

`v3.5.12`

Bug Fixes

compiler-dom: avoid stringify option with null value (#12096) (f6d9926), closes #12093
compiler-sfc: do not skip TSInstantiationExpression when transforming props destructure (#12064) (d3ecde8)
compiler-sfc: use sass modern api if available and avoid deprecation warning (#11992) (4474c11)
compiler: clone loc to ifNode (#12131) (cde2c06), closes vuejs/language-tools#4911
custom-element: properly remove hyphenated attribute (#12143) (e16e9a7), closes #12139
defineModel: handle kebab-case model correctly (#12063) (c0418a3), closes #12060
deps: update dependency monaco-editor to ^0.52.0 (#12119) (f7cbea2)
hydration: provide compat fallback for idle callback hydration strategy (#11935) (1ae545a)
reactivity: trigger reactivity for Map key undefined (#12055) (7ad289e), closes #12054
runtime-core: allow symbol values for slot prop key (#12069) (d9d4d4e), closes #12068
runtime-core: fix required prop check false positive for kebab-case edge cases (#12034) (9da1ac1), closes #12011
runtime-dom: prevent unnecessary updates in v-model checkbox when value is unchanged (#12146) (ea943af), closes #12144
teleport: handle disabled teleport with updateCssVars (#12113) (76a8223), closes #12112
transition/ssr: make transition appear work with Suspense in SSR (#12047) (f1a4f67), closes #12046
types: ensure this.$props type does not include string (#12123) (704173e), closes #12122
types: retain union type narrowing with defaults applied (#12108) (05685a9), closes #12106
useId: ensure useId consistency when using serverPrefetch (#12128) (b4d3534), closes #12102
watch: watchEffect clean-up with SSR (#12097) (b094c72), closes #11956

Performance Improvements

reactivity: avoid unnecessary recursion in removeSub (#12135) (ec917cf)

`v3.5.11`

Bug Fixes

compiler-sfc: do not skip TSSatisfiesExpression when transforming props destructure (#12062) (2328b05), closes #12061
reactivity: prevent overwriting next property during batch processing (#12075) (d3f5e6e), closes #12072
scheduler: job ordering when the post queue is flushing (#12090) (577edca)
types: correctly infer TypeProps when it is any (#12073) (57315ab), closes #12058
types: should not intersect PublicProps with Props (#12077) (6f85894)
types: infer the first generic type of Ref correctly (#12094) (c97bb84)

`v3.5.10`

Bug Fixes

custom-element: properly set kebab-case props on Vue custom elements (ea3efa0), closes #12030 #12032
reactivity: fix nested batch edge case (93c95dd)
reactivity: only clear notified flags for computed in first batch iteration (aa9ef23), closes #12045
types/ref: handle nested refs in UnwrapRef (#12049) (e2c19c2), closes #12044

`v3.5.9`

Bug Fixes

reactivity: fix property dep removal regression (6001e5c), closes #12020 #12021
reactivity: fix recursive sync watcher on computed edge case (10ff159), closes #12033 #12037
runtime-core: avoid rendering plain object as VNode (#12038) (cb34b28), closes #12035 vitejs/vite-plugin-vue#353
runtime-core: make useId() always return a string (a177092)
types: correct type inference of union event names (#12022) (4da6881)
vue: properly cache runtime compilation (#12019) (fa0ba24)

`v3.5.8`

Bug Fixes

reactivity: do not remove dep from depsMap when cleaning up deps of computed (#11995) (0267a58)

`v3.5.7`

Bug Fixes

compile-core: fix v-model with newlines edge case (#11960) (6224288), closes #8306
compiler-sfc: initialize scope with null prototype object (#11963) (215e154)
hydration: avoid observing non-Element node (#11954) (7257e6a), closes #11952
reactivity: do not remove dep from depsMap when unsubbed by computed (960706e)
reactivity: fix dev-only memory leak by updating dep.subsHead on sub removal (5c8b76e), closes #11956
reactivity: fix memory leak from dep instances of garbage collected objects (235ea47), closes #11979 #11971
reactivity: fix triggerRef call on ObjectRefImpl returned by toRef (#11986) (b030c8b), closes #11982
scheduler: ensure recursive jobs can't be queued twice (#11955) (d18d6aa)
ssr: don't render comments in TransitionGroup (#11961) (a2f6ede), closes #11958
transition: respect duration setting even when it is 0 (#11967) (f927a4a)
types: correct type inference of all-optional props (#11644) (9eca65e), closes #11733 vuejs/language-tools#4704

Performance Improvements

hydration: avoid observer if element is in viewport (#11639) (e075dfa)

`v3.5.6`

Bug Fixes

compile-dom: should be able to stringify mathML (#11891) (85c138c)
compiler-sfc: preserve old behavior when using withDefaults with desutructure (8492c3c), closes #11930
reactivity: avoid exponential perf cost and reduce call stack depth for deeply chained computeds (#11944) (c74bb8c), closes #11928
reactivity: rely on dirty check only when computed has deps (#11931) (aa5dafd), closes #11929
watch: once option should be ignored by watchEffect (#11884) (49fa673)
watch: unwatch should be callable during SSR (#11925) (2d6adf7), closes #11924

`v3.5.5`

Bug Fixes

compiler-core: fix handling of delimiterOpen in VPre (#11915) (706d4ac), closes #11913
compiler-dom: fix stringify static edge for partially eligible chunks in cached parent (1d99d61), closes #11879 #11890
compiler-dom: should ignore leading newline in <textarea> per spec (3c4bf76)
compiler-sfc: nested css supports atrule and comment (#11899) (0e7bc71), closes #11896
custom-element: handle nested customElement mount w/ shadowRoot false (#11861) (f2d8019), closes #11851 #11871
hmr: reload async child wrapped in Suspense + KeepAlive (#11907) (10a2c60), closes #11868
hydration: fix mismatch of leading newline in <textarea> and <pre> (a5f3c2e), closes #11873 #11874
reactivity: properly clean up deps, fix memory leak (8ea5d6d), closes #11901
runtime-core: properly update async component nested in KeepAlive (#11917) (7fe6c79), closes #11916
TransitionGroup: not warn unkeyed text children with whitespece preserve (#11888) (7571f20), closes #11885

`v3.5.4`

Bug Fixes

compiler-sfc: correct scoped injection for nesting selector (#11854) (b1de75e), closes [#&#82

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about these updates again.

If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

renovate Bot commented Aug 15, 2025

Author

⚠️ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

any of the package files in this branch needs updating, or
the branch becomes conflicted, or
you click the rebase/retry checkbox if found above, or
you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: pnpm-lock.yaml

Scope: all 28 workspace projects
.                                        |  WARN  There are cyclic workspace dependencies
Progress: resolved 1, reused 0, downloaded 0, added 0
 WARN  GET https://registry.npmjs.org/@angular-builders/custom-webpack/-/custom-webpack-13.1.0.tgz error (ERR_INVALID_THIS). Will retry in 10 seconds. 2 retries left.
 WARN  GET https://registry.npmjs.org/@angular-devkit/build-angular/-/build-angular-13.3.11.tgz error (ERR_INVALID_THIS). Will retry in 10 seconds. 2 retries left.
 WARN  GET https://registry.npmjs.org/@angular/cli/-/cli-13.3.11.tgz error (ERR_INVALID_THIS). Will retry in 10 seconds. 2 retries left.
 WARN  GET https://registry.npmjs.org/@angular/compiler/-/compiler-13.4.0.tgz error (ERR_INVALID_THIS). Will retry in 10 seconds. 2 retries left.
 WARN  GET https://registry.npmjs.org/@angular/compiler-cli/-/compiler-cli-13.4.0.tgz error (ERR_INVALID_THIS). Will retry in 10 seconds. 2 retries left.
 WARN  GET https://registry.npmjs.org/@types/jasmine/-/jasmine-3.10.18.tgz error (ERR_INVALID_THIS). Will retry in 10 seconds. 2 retries left.
 WARN  GET https://registry.npmjs.org/@types/jasminewd2/-/jasminewd2-2.0.13.tgz error (ERR_INVALID_THIS). Will retry in 10 seconds. 2 retries left.
 WARN  GET https://registry.npmjs.org/@types/node/-/node-12.20.55.tgz error (ERR_INVALID_THIS). Will retry in 10 seconds. 2 retries left.
 WARN  GET https://registry.npmjs.org/codelyzer/-/codelyzer-6.0.2.tgz error (ERR_INVALID_THIS). Will retry in 10 seconds. 2 retries left.
 WARN  GET https://registry.npmjs.org/html-webpack-plugin/-/html-webpack-plugin-5.6.3.tgz error (ERR_INVALID_THIS). Will retry in 10 seconds. 2 retries left.
 WARN  GET https://registry.npmjs.org/jasmine-core/-/jasmine-core-3.6.0.tgz error (ERR_INVALID_THIS). Will retry in 10 seconds. 2 retries left.
 WARN  GET https://registry.npmjs.org/jasmine-spec-reporter/-/jasmine-spec-reporter-5.0.2.tgz error (ERR_INVALID_THIS). Will retry in 10 seconds. 2 retries left.
 WARN  GET https://registry.npmjs.org/karma/-/karma-5.2.3.tgz error (ERR_INVALID_THIS). Will retry in 10 seconds. 2 retries left.
 WARN  GET https://registry.npmjs.org/vue error (ERR_INVALID_THIS). Will retry in 10 seconds. 2 retries left.
Progress: resolved 2, reused 0, downloaded 0, added 0
 WARN  GET https://registry.npmjs.org/@angular-builders/custom-webpack/-/custom-webpack-13.1.0.tgz error (ERR_INVALID_THIS). Will retry in 1 minute. 1 retries left.
 WARN  GET https://registry.npmjs.org/@angular-devkit/build-angular/-/build-angular-13.3.11.tgz error (ERR_INVALID_THIS). Will retry in 1 minute. 1 retries left.
 WARN  GET https://registry.npmjs.org/@angular/cli/-/cli-13.3.11.tgz error (ERR_INVALID_THIS). Will retry in 1 minute. 1 retries left.
 WARN  GET https://registry.npmjs.org/@angular/compiler/-/compiler-13.4.0.tgz error (ERR_INVALID_THIS). Will retry in 1 minute. 1 retries left.
 WARN  GET https://registry.npmjs.org/@angular/compiler-cli/-/compiler-cli-13.4.0.tgz error (ERR_INVALID_THIS). Will retry in 1 minute. 1 retries left.
 WARN  GET https://registry.npmjs.org/@types/jasmine/-/jasmine-3.10.18.tgz error (ERR_INVALID_THIS). Will retry in 1 minute. 1 retries left.
 WARN  GET https://registry.npmjs.org/@types/jasminewd2/-/jasminewd2-2.0.13.tgz error (ERR_INVALID_THIS). Will retry in 1 minute. 1 retries left.
 WARN  GET https://registry.npmjs.org/@types/node/-/node-12.20.55.tgz error (ERR_INVALID_THIS). Will retry in 1 minute. 1 retries left.
 WARN  GET https://registry.npmjs.org/codelyzer/-/codelyzer-6.0.2.tgz error (ERR_INVALID_THIS). Will retry in 1 minute. 1 retries left.
 WARN  GET https://registry.npmjs.org/html-webpack-plugin/-/html-webpack-plugin-5.6.3.tgz error (ERR_INVALID_THIS). Will retry in 1 minute. 1 retries left.
 WARN  GET https://registry.npmjs.org/jasmine-core/-/jasmine-core-3.6.0.tgz error (ERR_INVALID_THIS). Will retry in 1 minute. 1 retries left.
 WARN  GET https://registry.npmjs.org/jasmine-spec-reporter/-/jasmine-spec-reporter-5.0.2.tgz error (ERR_INVALID_THIS). Will retry in 1 minute. 1 retries left.
 WARN  GET https://registry.npmjs.org/karma/-/karma-5.2.3.tgz error (ERR_INVALID_THIS). Will retry in 1 minute. 1 retries left.
 WARN  GET https://registry.npmjs.org/vue error (ERR_INVALID_THIS). Will retry in 1 minute. 1 retries left.
 WARN  GET https://registry.npmjs.org/karma-chrome-launcher/-/karma-chrome-launcher-3.2.0.tgz error (ERR_INVALID_THIS). Will retry in 10 seconds. 2 retries left.
 ERR_INVALID_THIS  Value of "this" must be of type URLSearchParams

pnpm [ERR_INVALID_THIS]: Value of "this" must be of type URLSearchParams
    at Proxy.getAll (node:internal/url:549:13)
    at Proxy.<anonymous> (/opt/containerbase/tools/pnpm/7.6.0/22.18.0/node_modules/pnpm/dist/pnpm.cjs:52634:55)
    at /opt/containerbase/tools/pnpm/7.6.0/22.18.0/node_modules/pnpm/dist/pnpm.cjs:52684:31
    at Array.reduce (<anonymous>)
    at Proxy.raw (/opt/containerbase/tools/pnpm/7.6.0/22.18.0/node_modules/pnpm/dist/pnpm.cjs:52683:33)
    at new Headers (/opt/containerbase/tools/pnpm/7.6.0/22.18.0/node_modules/pnpm/dist/pnpm.cjs:52584:28)
    at getNodeRequestOptions (/opt/containerbase/tools/pnpm/7.6.0/22.18.0/node_modules/pnpm/dist/pnpm.cjs:52891:23)
    at /opt/containerbase/tools/pnpm/7.6.0/22.18.0/node_modules/pnpm/dist/pnpm.cjs:52948:25
    at new Promise (<anonymous>)
    at fetch (/opt/containerbase/tools/pnpm/7.6.0/22.18.0/node_modules/pnpm/dist/pnpm.cjs:52946:14)
 WARN  GET https://registry.npmjs.org/karma-coverage-istanbul-reporter/-/karma-coverage-istanbul-reporter-3.0.3.tgz error (ERR_INVALID_THIS). Will retry in 10 seconds. 2 retries left.
 WARN  GET https://registry.npmjs.org/karma-jasmine-html-reporter/-/karma-jasmine-html-reporter-1.7.0.tgz error (ERR_INVALID_THIS). Will retry in 10 seconds. 2 retries left.
 WARN  GET https://registry.npmjs.org/protractor/-/protractor-7.0.0.tgz error (ERR_INVALID_THIS). Will retry in 10 seconds. 2 retries left.
 WARN  GET https://registry.npmjs.org/ts-node/-/ts-node-8.10.2.tgz error (ERR_INVALID_THIS). Will retry in 10 seconds. 2 retries left.
 WARN  GET https://registry.npmjs.org/tslint/-/tslint-6.1.3.tgz error (ERR_INVALID_THIS). Will retry in 10 seconds. 2 retries left.
 WARN  GET https://registry.npmjs.org/typescript/-/typescript-4.4.3.tgz error (ERR_INVALID_THIS). Will retry in 10 seconds. 2 retries left.
 WARN  GET https://registry.npmjs.org/webpack/-/webpack-5.100.2.tgz error (ERR_INVALID_THIS). Will retry in 10 seconds. 2 retries left.
 WARN  GET https://registry.npmjs.org/@angular/animations/-/animations-13.2.4.tgz error (ERR_INVALID_THIS). Will retry in 10 seconds. 2 retries left.
 WARN  GET https://registry.npmjs.org/@angular/common/-/common-13.2.4.tgz error (ERR_INVALID_THIS). Will retry in 10 seconds. 2 retries left.
 WARN  GET https://registry.npmjs.org/@angular/core/-/core-13.2.4.tgz error (ERR_INVALID_THIS). Will retry in 10 seconds. 2 retries left.
 WARN  GET https://registry.npmjs.org/@angular/forms/-/forms-13.2.4.tgz error (ERR_INVALID_THIS). Will retry in 10 seconds. 2 retries left.
 WARN  GET https://registry.npmjs.org/@angular/platform-browser/-/platform-browser-13.2.4.tgz error (ERR_INVALID_THIS). Will retry in 10 seconds. 2 retries left.
 WARN  GET https://registry.npmjs.org/@angular/platform-browser-dynamic/-/platform-browser-dynamic-13.2.4.tgz error (ERR_INVALID_THIS). Will retry in 10 seconds. 2 retries left.
 WARN  GET https://registry.npmjs.org/@angular/router/-/router-13.2.4.tgz error (ERR_INVALID_THIS). Will retry in 10 seconds. 2 retries left.
 WARN  GET https://registry.npmjs.org/rxjs/-/rxjs-6.6.7.tgz error (ERR_INVALID_THIS). Will retry in 10 seconds. 2 retries left.

vercel Bot commented Aug 15, 2025 •

edited

Loading

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Preview	Comments	Updated (UTC)
garfish	Ready	Preview	Comment	Aug 19, 2025 11:37pm

vercel Bot deployed to Preview

August 15, 2025 08:01

View deployment

renovate Bot force-pushed the renovate/npm-vue-vulnerability branch from 79db008 to 35f2f01 Compare

August 15, 2025 10:08

vercel Bot deployed to Preview

August 15, 2025 10:08

View deployment

renovate Bot force-pushed the renovate/npm-vue-vulnerability branch from 35f2f01 to 7c97fd2 Compare

August 19, 2025 19:42

vercel Bot deployed to Preview

August 19, 2025 19:43

View deployment


          fix(deps): update dependency vue to v3 [security]

e44ef40

renovate Bot force-pushed the renovate/npm-vue-vulnerability branch from 7c97fd2 to e44ef40 Compare

August 19, 2025 23:36

vercel Bot deployed to Preview

August 19, 2025 23:37

View deployment

zhoushaw closed this

renovate Bot commented Aug 21, 2025

Author

Renovate Ignore Notification

Because you closed this PR without merging, Renovate will ignore this update. You will not get PRs for any future 3.x releases. But if you manually upgrade to 3.x then Renovate will re-enable minor and patch updates automatically.

If you accidentally closed this PR, or if you changed your mind: rename this PR to get a fresh replacement PR.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet