[Snyk] Upgrade @vueuse/core from 9.13.0 to 10.7.1

[naiba4]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to upgrade @vueuse/core from 9.13.0 to 10.7.1.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

Warning: This is a major version upgrade, and may be a breaking change.

• The recommended version is 21 versions ahead of your current version.
• The recommended version was released a month ago, on 2023-12-27.

Release notes

Package name: @vueuse/core

• 10.7.1 - 2023-12-27
  

     🚀 Features

  • syncRef: Enhance type  -  by @ Doctor-wu in #3678 (dad66)

     🐞 Bug Fixes

  • Fix tryOnMounted in vue2  -  by @ Doctor-wu in #3658 (ce420)
  • nuxt: Stable optimizeDeps augmenting  -  by @ antfu (98985)
  • useDropzone: Avoid circular reference  -  by @ diegopf in #3683 (15a38)
  • useElementBounding: Trigger by css or style  -  by @ huiliangShen in #3664 (70dbd)
  • useIpcRenderer: Set explicit return type  -  by @ antfu (dd820)
  • useMouse: Handle Touch class compatibility for Firefox  -  by @ elschilling in #3679 (5719b)
  • useVirtualList: Ensure component applies overflow style  -  by @ reubns in #3626 (286c3)

      View changes on GitHub

• 10.7.0 - 2023-12-05
  Read more
• 10.6.1 - 2023-11-13
  

     🐞 Bug Fixes

  • useScroll: Can not read properties of null (reading document)  -  by @ Jokerzhzh and @ joaopslins in #3544 (e9742)
  • useVirtualList: .style can be undefined  -  by @ antfu (3d6b9)

      View changes on GitHub

• 10.6.0 - 2023-11-09
  Read more
• 10.5.0 - 2023-10-07
  

     🚀 Features

  • Add Promisify type definition  -  by @ Alfred-Skyblue in #3420 (b067b)
  • createInjectionState: Allow provide and inject in same component  -  by @ xiaoxiangmoe and @ antfu in #3387 (5d948)
  • createInjectionState: Add injectionKey option  -  by @ PPetau and @ antfu in #3404 (90d34)
  • rxjs: Add useExtractedObservable and watchExtractedObservable  -  by @ Voltra in #3453 (23b8c)
  • useFavicon: Add link tag if it doesn't exist  -  by @ babu-ch in #3444 (d1fcc)
  • useMousePressed: Add capture option  -  by @ DerZade and @ antfu in #3392 (d5c81)
  • useMutationObserver: Use MaybeComputedElementRef  -  by @ huodoushigemi in #3430 (8167b)
  • useRafFn: Option fpsLimit  -  by @ f820602h and @ antfu in #3459 (8e4c0)

     🐞 Bug Fixes

  • Vue 2 support for provideLocal and injectLocal  -  by @ xiaoxiangmoe in #3464 (cf757)
  • useBreakpoints: Add missing breakpoint for the bootstrap  -  by @ edtorba in #3413 (ec9a4)
  • useDrauu: Spread options for brush  -  by @ 17359898647 in #3463 (87ea3)
  • useVModels: Type error with passive: true  -  by @ chaii3 in #3362 (51f01)
  • useWebNotification: Condition check on permission  -  by @ SampsonCrowley in #3422 (2f2b4)
  • useWebSocket: Ssr support  -  by @ huangyan321 in #3370 (c3a69)

      View changes on GitHub

• 10.4.1 - 2023-08-28
  

     🐞 Bug Fixes

  • Transpile target to es2018, close #3349  -  by @ antfu in #3349 (0e4a5)
  • useEventListener: Immutable options on removal, close #2825  -  by @ antfu in #3346 and #2825 (3ef59)

      View changes on GitHub

• 10.4.0 - 2023-08-25
  Read more
• 10.3.0 - 2023-07-30
  Read more
• 10.2.1 - 2023-06-28
  Read more
• 10.2.0 - 2023-06-16
  Read more
• 10.1.2 - 2023-05-02
• 10.1.0 - 2023-04-22
• 10.0.2 - 2023-04-14
• 10.0.1 - 2023-04-14
• 10.0.0 - 2023-04-14
• 10.0.0-beta.5 - 2023-04-13
• 10.0.0-beta.4 - 2023-04-13
• 10.0.0-beta.3 - 2023-04-12
• 10.0.0-beta.2 - 2023-03-28
• 10.0.0-beta.1 - 2023-03-23
• 10.0.0-beta.0 - 2023-03-14
• 9.13.0 - 2023-02-18

from @vueuse/core GitHub release notes

Commit messages

Package name: @vueuse/core

• 6bfac55 chore: release v10.7.1
• d627112 chore: update lock
• 70dbd65 fix(useElementBounding): trigger by css or style (#3664)
• 361ff73 chore: revert integrations version
• 01a0a48 chore: update deps
• b759270 docs(useWebWorker): escape table divider (#3640)
• 15a38e1 fix(useDropzone): avoid circular reference (#3683)
• 5719bfb fix(useMouse): handle Touch class compatibility for Firefox (#3679)
• 669002a docs: fix install command code block (#3677)
• dad663e feat(syncRef): enhance type (#3678)
• 0c246cc chore(onClickOutside): Fixed export type (#3673)
• ce420c4 fix: fix `tryOnMounted` in vue2 (#3658)
• dd82044 fix(useIpcRenderer): set explicit return type
• 98985a4 fix(nuxt): stable optimizeDeps augmenting
• 286c357 fix(useVirtualList): ensure component applies overflow style (#3626)
• ab2e1b9 docs(integrations): add dependencies version in docs (#3629)
• 83064f1 docs: fix old links (#3637)
• 316cba2 docs: prefer using class in demo (#3631)
• dfca46f chore: include `.gitattributes` (#3630)
• 45e4b31 chore(contributors): add contributors :D (#3628)
• 5c5b50d docs: fix vitepress style (#3618)
• 4520b6c chore: release v10.7.0
• 1c2d928 chore: docs
• 3ac2147 chore: update

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

[socket-security]

New dependencies detected. Learn more about Socket for GitHub ↗︎

Package	New capabilities	Transitives	Size	Publisher
npm/@vueuse/core@10.7.2	environment, network Transitive: eval, filesystem, unsafe	+24	15.3 MB	antfu

View full report↗︎

[socket-security]

🚨 Potential security issues detected. Learn more about Socket for GitHub ↗︎

To accept the risk, merge this PR and you will not be notified again.

Alert	Package	Note	Source
New author	npm/vue-demi@0.14.6	New Author: posva Previous Author: antfu	theme/package.json
Environment variable access	npm/@vueuse/core@10.7.2	Env Vars: NODE_ENV Location: Package overview	theme/package.json
Environment variable access	npm/@vueuse/shared@10.7.2	Env Vars: NODE_ENV Location: Package overview	theme/package.json

View full report↗︎

Next steps

What is new author?

A new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.

Scrutinize new collaborator additions to packages because they now have the ability to publish code into your dependency tree. Packages should avoid frequent or unnecessary additions or changes to publishing rights.

What is environment variable access?

Package accesses environment variables, which may be a sign of credential stuffing or data theft.

Packages should be clear about which environment variables they access, and care should be taken to ensure they only access environment variables they claim to.

Take a deeper look at the dependency

Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support [AT] socket [DOT] dev.

Remove the package

If you happen to install a dependency that Socket reports as Known Malware you should immediately remove it and select a different dependency. For other alert types, you may may wish to investigate alternative packages or consider if there are other ways to mitigate the specific risk posed by the dependency.

Mark a package as acceptable risk

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of ecosystem/package-name@version specifiers. e.g. @SocketSecurity ignore npm/foo@1.0.0 or ignore all packages with @SocketSecurity ignore-all

• @SocketSecurity ignore npm/vue-demi@0.14.6
• @SocketSecurity ignore npm/@vueuse/core@10.7.2
• @SocketSecurity ignore npm/@vueuse/shared@10.7.2

[pull-request-quantifier-deprecated]

This PR has 2 quantified lines of changes. In general, a change size of upto 200 lines is ideal for the best PR experience!

---

Quantification details

Label      : Extra Small
Size       : +1 -1
Percentile : 0.8%

Total files changed: 1

Change summary by file extension:
.json : +1 -1

Change counts above are quantified counts, based on the PullRequestQuantifier customizations.

Why proper sizing of changes matters

Optimal pull request sizes drive a better predictable PR flow as they strike a
balance between between PR complexity and PR review overhead. PRs within the
optimal size (typical small, or medium sized PRs) mean:

• Fast and predictable releases to production:
  • Optimal size changes are more likely to be reviewed faster with fewer
    iterations.
  • Similarity in low PR complexity drives similar review times.
• Review quality is likely higher as complexity is lower:
  • Bugs are more likely to be detected.
  • Code inconsistencies are more likely to be detected.
• Knowledge sharing is improved within the participants:
  • Small portions can be assimilated better.
• Better engineering practices are exercised:
  • Solving big problems by dividing them in well contained, smaller problems.
  • Exercising separation of concerns within the code changes.

What can I do to optimize my changes

• Use the PullRequestQuantifier to quantify your PR accurately
  • Create a context profile for your repo using the context generator
  • Exclude files that are not necessary to be reviewed or do not increase the review complexity. Example: Autogenerated code, docs, project IDE setting files, binaries, etc. Check out the Excluded section from your prquantifier.yaml context profile.
  • Understand your typical change complexity, drive towards the desired complexity by adjusting the label mapping in your prquantifier.yaml context profile.
  • Only use the labels that matter to you, see context specification to customize your prquantifier.yaml context profile.
• Change your engineering behaviors
  • For PRs that fall outside of the desired spectrum, review the details and check if:
    • Your PR could be split in smaller, self-contained PRs instead
    • Your PR only solves one particular issue. (For example, don't refactor and code new features in the same PR).

How to interpret the change counts in git diff output

• One line was added: +1 -0
• One line was deleted: +0 -1
• One line was modified: +1 -1 (git diff doesn't know about modified, it will
  interpret that line like one addition plus one deletion)
• Change percentiles: Change characteristics (addition, deletion, modification)
  of this PR in relation to all other PRs within the repository.

---

Was this comment helpful? 👍  :ok_hand:  :thumbsdown: (Email)
Customize PullRequestQuantifier for this repository.