[Snyk] Upgrade @vitejs/plugin-vue from 3.1.2 to 5.2.4

[nerdy-tech-com-gitub]

Snyk has created this PR to upgrade @vitejs/plugin-vue from 3.1.2 to 5.2.4.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

⚠️ Warning: This PR contains major version upgrade(s), and may be a breaking change.

• The recommended version is 49 versions ahead of your current version.

• The recommended version was released a month ago.

Issues fixed by the recommended upgrade:

	Issue	Score	Exploit Maturity
	Regular Expression Denial of Service (ReDoS) SNYK-JS-ES5EXT-6095076	161	Proof of Concept
	Access Control Bypass SNYK-JS-VITE-6182924	161	Proof of Concept
	Incorrect Authorization SNYK-JS-VITE-9653016	161	Proof of Concept
	Improper Input Validation SNYK-JS-NANOID-8492085	161	No Known Exploit
	Improper Input Validation SNYK-JS-POSTCSS-5926692	161	No Known Exploit
	Cross-site Scripting (XSS) SNYK-JS-ROLLUP-8073097	161	Proof of Concept
	Improper Access Control SNYK-JS-VITE-6531286	161	Proof of Concept
	Information Exposure SNYK-JS-VITE-8023174	161	Proof of Concept
	Origin Validation Error SNYK-JS-VITE-8648411	161	Proof of Concept
	Incorrect Authorization SNYK-JS-VITE-9512410	161	Mature
	Access Control Bypass SNYK-JS-VITE-9576207	161	Proof of Concept
	Information Exposure SNYK-JS-VITE-9685035	161	Proof of Concept
	Directory Traversal SNYK-JS-VITE-9919777	161	Proof of Concept
	Cross-site Scripting (XSS) SNYK-JS-VITE-8022916	161	Proof of Concept

Release notes

Package name: @vitejs/plugin-vue

• 5.2.4 - 2025-05-09
  

  Please refer to CHANGELOG.md for details.

• 5.2.3 - 2025-03-17
  

  Please refer to CHANGELOG.md for details.

• 5.2.2 - 2025-03-17
  

  Please refer to CHANGELOG.md for details.

• 5.2.1 - 2024-11-26
• 5.2.0 - 2024-11-13
• 5.1.5 - 2024-11-11
• 5.1.4 - 2024-09-18
• 5.1.3 - 2024-08-29
• 5.1.2 - 2024-08-01
• 5.1.1 - 2024-07-27
• 5.1.0 - 2024-07-23
• 5.0.5 - 2024-05-31
• 5.0.4 - 2024-02-09
• 5.0.3 - 2024-01-10
• 5.0.2 - 2023-12-30
• 5.0.1 - 2023-12-29
• 5.0.0 - 2023-12-25
• 5.0.0-beta.1 - 2023-12-14
• 5.0.0-beta.0 - 2023-12-07
  

  Please refer to CHANGELOG.md for details.

• 5.0.0-alpha.0 - 2023-11-28
• 4.6.2 - 2023-12-31
• 4.6.1 - 2023-12-29
• 4.6.0 - 2023-12-25
• 4.5.2 - 2023-12-07
• 4.5.1 - 2023-12-01
• 4.5.0 - 2023-11-16
• 4.4.1 - 2023-11-08
• 4.4.0 - 2023-10-02
• 4.3.4 - 2023-08-29
• 4.3.3 - 2023-08-22
• 4.3.2 - 2023-08-21
• 4.3.1 - 2023-08-17
• 4.3.0 - 2023-08-17
• 4.2.3 - 2023-05-12
• 4.2.2 - 2023-05-11
• 4.2.1 - 2023-04-26
• 4.2.0 - 2023-04-25
  

  Please refer to CHANGELOG.md for details.

• 4.2.0-beta.3 - 2023-04-19
• 4.2.0-beta.1 - 2023-04-18
• 4.2.0-beta.0 - 2023-04-17
• 4.1.0 - 2023-03-16
• 4.1.0-beta.0 - 2023-03-07
• 4.0.0 - 2022-12-09
• 4.0.0-beta.0 - 2022-12-05
• 4.0.0-alpha.2 - 2022-11-30
• 4.0.0-alpha.1 - 2022-11-22
• 4.0.0-alpha.0 - 2022-11-15
• 3.2.0 - 2022-10-26
• 3.2.0-beta.0 - 2022-10-05
• 3.1.2 - 2022-10-02

from @vitejs/plugin-vue GitHub release notes

---

Important

• Warning: This PR contains a major version upgrade, and may be a breaking change.
• Check the changes in this PR to ensure they won't cause issues with your project.
• This PR was automatically created by Snyk using the credentials of a real user.
• Max score is 1000. Note that the real score may have changed since the PR was raised.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

• 🧐 View latest project report
• 📜 Customise PR templates
• 🛠 Adjust upgrade PR settings
• 🔕 Ignore this dependency or unsubscribe from future upgrade PRs

Summary by Sourcery

Upgrade @vitejs/plugin-vue to the latest major version to resolve known security vulnerabilities and keep the project dependencies up-to-date.

Bug Fixes:

• Resolve multiple security vulnerabilities including ReDoS, access control bypass, XSS, and information exposure by upgrading the plugin.

Enhancements:

• Bump @vitejs/plugin-vue from 3.1.0 to 5.2.4 for improved compatibility and security.

Build:

• Update package.json devDependency for @vitejs/plugin-vue to version 5.2.4.

[sourcery-ai]

Reviewer's Guide

This PR upgrades the @vitejs/plugin-vue devDependency in the Vue3 user-management example from version 3.x to 5.x to address multiple security vulnerabilities and keep dependencies up to date, introducing a major version bump that may require compatibility verification.

Flow diagram for @vitejs/plugin-vue dependency upgrade

graph TD
    subgraph "vue3-user-management/package.json"
        A["@vitejs/plugin-vue: ^3.1.0"];
        B["@vitejs/plugin-vue: ^5.2.4"];
    end
    A -- "Snyk Upgrade" --> B;

Loading

File-Level Changes

Change	Details	Files
Upgrade @vitejs/plugin-vue from ^3.1.0 to ^5.2.4	Bumped version spec in devDependencies Reinstalled dependencies to pull in the new plugin version	examples/user-management/vue3-user-management/package.json

---

Tips and commands

Interacting with Sourcery

• Trigger a new review: Comment @sourcery-ai review on the pull request.
• Continue discussions: Reply directly to Sourcery's review comments.
• Generate a GitHub issue from a review comment: Ask Sourcery to create an
  issue from a review comment by replying to it. You can also reply to a
  review comment with @sourcery-ai issue to create an issue from it.
• Generate a pull request title: Write @sourcery-ai anywhere in the pull
  request title to generate a title at any time. You can also comment
  @sourcery-ai title on the pull request to (re-)generate the title at any time.
• Generate a pull request summary: Write @sourcery-ai summary anywhere in
  the pull request body to generate a PR summary at any time exactly where you
  want it. You can also comment @sourcery-ai summary on the pull request to
  (re-)generate the summary at any time.
• Generate reviewer's guide: Comment @sourcery-ai guide on the pull
  request to (re-)generate the reviewer's guide at any time.
• Resolve all Sourcery comments: Comment @sourcery-ai resolve on the
  pull request to resolve all Sourcery comments. Useful if you've already
  addressed all the comments and don't want to see them anymore.
• Dismiss all Sourcery reviews: Comment @sourcery-ai dismiss on the pull
  request to dismiss all existing Sourcery reviews. Especially useful if you
  want to start fresh with a new review - don't forget to comment
  @sourcery-ai review to trigger a new review!

Customizing Your Experience

Access your dashboard to:

• Enable or disable review features such as the Sourcery-generated pull request
  summary, the reviewer's guide, and others.
• Change the review language.
• Add, remove or edit custom review instructions.
• Adjust other review settings.

Getting Help

• Contact our support team for questions or feedback.
• Visit our documentation for detailed guides and information.
• Keep in touch with the Sourcery team by following us on X/Twitter, LinkedIn or GitHub.