Skip to content

chore(deps): update dependency vue-i18n-legacy to v11 [security] #103

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
renovate wants to merge 1 commit into
base: main
Choose a base branch
from
Open

chore(deps): update dependency vue-i18n-legacy to v11 [security] #103

renovate wants to merge 1 commit into from
+44 −21

Conversation

@renovate
Copy link
Contributor

@renovate renovate bot commented Dec 2, 2024
edited
Loading

Note: This PR body was truncated due to platform limits.

This PR contains the following updates:

Package Change Age Confidence
vue-i18n-legacy (source) 8 -> 11 age confidence

GitHub Vulnerability Alerts

CVE-2024-52809

Vulnerability type

XSS

Description

vue-i18n can be passed locale messages to createI18n or useI18n.
we can then translate them using t and $t.
vue-i18n has its own syntax for local messages, and uses a message compiler to generate AST.
In order to maximize the performance of the translation function, vue-i18n uses bundler plugins such as @intlify/unplugin-vue-i18n and bulder to convert the AST in advance when building the application.
By using that AST as the locale message, it is no longer necessary to compile, and it is possible to translate using the AST.

The AST generated by the message compiler has special properties for each node in the AST tree to maximize performance. In the PoC example below, it is a static property, but that is just one of the optimizations.
About details of special properties, see https://github.com/intlify/vue-i18n/blob/master/packages/message-compiler/src/nodes.ts

In general, the locale messages of vue-i18n are optimized during production builds using @intlify/unplugin-vue-i18n,
so there is always a property that is attached during optimization like this time.
But if you are using a locale message AST in development mode or your own, there is a possibility of XSS if a third party injects.

Reproduce (PoC)

<!doctype html>
<html>
  <head>
    <meta charset="utf-8" />
    <title>vue-i18n XSS</title>
    <script src="https://unpkg.com/vue@3"></script>
    <script src="https://unpkg.com/vue-i18n@10"></script>
    <!-- Scripts that perform prototype contamination, such as being distributed from malicious hosting sites or injected through supply chain attacks, etc. -->
    <script>
      /**
       * Prototype pollution vulnerability with `Object.prototype`.
       * The 'static' property is part of the optimized AST generated by the vue-i18n message compiler.
       * About details of special properties, see https://github.com/intlify/vue-i18n/blob/master/packages/message-compiler/src/nodes.ts
       *
       * In general, the locale messages of vue-i18n are optimized during production builds using `@intlify/unplugin-vue-i18n`,
       * so there is always a property that is attached during optimization like this time.
       * But if you are using a locale message AST in development or your own, there is a possibility of XSS if a third party injects prototype pollution code.
       */
      Object.defineProperty(Object.prototype, 'static', {
        configurable: true,
        get() {
          alert('prototype polluted!')
          return 'prototype pollution'
        }
      })
    </script> 
 </head>
  <body>
    <div id="app">
      <p>{{ t('hello') }}</p>
    </div>
    <script>
      const { createApp } = Vue
      const { createI18n, useI18n } = VueI18n

      // AST style locale message, which build by `@intlify/unplugin-vue-i18n`
      const en = {
        hello: {
          type: 0,
          body: {
            items: [
              {
                type: 3,
                value: 'hello world!'
              }
            ]
          }
        }
      }

      const i18n = createI18n({
        legacy: false,
        locale: 'en',
        messages: {
          en
        }
      })

      const app = createApp({
        setup() {
          const { t } = useI18n()
          return { t }
        }
      })
      app.use(i18n)
      app.mount('#app')
    </script>
  </body>
</html>

Workarounds

Before v10.0.0, we can work around this vulnerability by using the regular compilation (jit: false of @intlify/unplugin-vue-i18n plugin configuration) way instead of jit compilation.

References

CVE-2025-27597

Vulnerability type:
Prototype Pollution

Vulnerability Location(s):

# v9.1
node_modules/@&#8203;intlify/message-resolver/index.js

# v9.2 or later
node_modules/@&#8203;intlify/vue-i18n-core/index.js

Description:

The latest version of @intlify/message-resolver (9.1) and @intlify/vue-i18n-core (9.2 or later), (previous versions might also affected), is vulnerable to Prototype Pollution through the entry function(s) handleFlatJson. An attacker can supply a payload with Object.prototype setter to introduce or modify properties within the global prototype chain, causing denial of service (DoS) a the minimum consequence.

Moreover, the consequences of this vulnerability can escalate to other injection-based attacks, depending on how the library integrates within the application. For instance, if the polluted property propagates to sensitive Node.js APIs (e.g., exec, eval), it could enable an attacker to execute arbitrary commands within the application's context.

PoC:

// install the package with the latest version
~$ npm install @&#8203;intlify/message-resolver@9.1.10
// run the script mentioned below 
~$ node poc.js
//The expected output (if the code still vulnerable) is below. 
// Note that the output may slightly differs from function to another.
Before Attack:  {}
After Attack:  {"pollutedKey":123}
// poc.js
(async () => {
    const lib = await import('@&#8203;intlify/message-resolver');
    var someObj = {}
    console.log("Before Attack: ", JSON.stringify({}.__proto__));
    try {
        // for multiple functions, uncomment only one for each execution.
        lib.handleFlatJson ({ "__proto__.pollutedKey": "pollutedValue" })
    } catch (e) { }
    console.log("After Attack: ", JSON.stringify({}.__proto__));
    delete Object.prototype.pollutedKey;
})();

CVE-2025-53892

Summary

The escapeParameterHtml: true option in Vue I18n is designed to protect against HTML/script injection by escaping interpolated parameters. However, this setting fails to prevent execution of certain tag-based payloads, such as <img src=x onerror=...>, if the interpolated value is inserted inside an HTML context using v-html.

This may lead to a DOM-based XSS vulnerability, even when using escapeParameterHtml: true, if a translation string includes minor HTML and is rendered via v-html.

Details

When escapeParameterHtml: true is enabled, it correctly escapes common injection points.

However, it does not sanitize entire attribute contexts, which can be used as XSS vectors via:

<img src=x onerror=alert(1)>

PoC

In your Vue I18n configuration:

const i18n = createI18n({
  escapeParameterHtml: true,
  messages: {
    en: {
      vulnerable: 'Caution: <img src=x onerror="{payload}">'
    }
  }
});

Use this interpolated payload:

const payload = '<script>alert("xss")</script>';
Render the translation using v-html (even not using v-html):

<p v-html="$t('vulnerable', { payload })"></p>
Expected: escaped content should render as text, not execute.

Actual: script executes in some environments (or the payload is partially parsed as HTML).

Impact

This creates a DOM-based Cross-Site Scripting (XSS) vulnerability despite enabling a security option (escapeParameterHtml) .

Release Notes

intlify/vue-i18n (vue-i18n-legacy)

v11.2.2

Compare Source

What's Changed

🐛 Bug Fixes

Full Changelog: intlify/vue-i18n@v11.2.1...v11.2.2

v11.2.1

Compare Source

Full Changelog: intlify/vue-i18n@v11.2.0...v11.2.1

v11.1.12

Compare Source

What's Changed

⚡ Improvement Features
  • fix: Emit INVALID_TOKEN_IN_PLACEHOLDER instead of UNTERMINATED_CLOSING_BRACE when invalid token is in placeholder and update docs by @​kazupon in #​2255

Full Changelog: intlify/vue-i18n@v11.1.11...v11.1.12

v11.1.11

Compare Source

What's Changed

⚡ Improvement Features
  • fix: change warning from error for mutiple useI18n local scope calling by @​kazupon in #​2235

Full Changelog: intlify/vue-i18n@v11.1.10...v11.1.11

v11.1.10

Compare Source

🔒 Security Fixes
  • fix: DOM-based XSS via tag attributes for escape parameter, about details see GHSA-x8qp-wqqm-57ph

Full Changelog: intlify/vue-i18n@v11.1.9...v11.1.10

v11.1.9

Compare Source

Full Changelog: intlify/vue-i18n@v11.1.8...v11.1.9

v11.1.8

Compare Source

What's Changed

⚡ Improvement Features

Full Changelog: intlify/vue-i18n@v11.1.7...v11.1.8

v11.1.7

Compare Source

What's Changed

🐛 Bug Fixes
  • fix: declaration order in Number formatting with options ResourceKeys by @​kazupon in #​2208

Full Changelog: intlify/vue-i18n@v11.1.6...v11.1.7

v11.1.6

Compare Source

What's Changed

⚡ Improvement Features

Full Changelog: intlify/vue-i18n@v11.1.5...v11.1.6

v11.1.5

Compare Source

What's Changed

🐛 Bug Fixes

Full Changelog: intlify/vue-i18n@v11.1.4...v11.1.5

v11.1.4

Compare Source

What's Changed

🌟 Features
⚡ Improvement Features

Full Changelog: intlify/vue-i18n@v11.1.3...v11.1.4

v11.1.3

Compare Source

What's Changed

🐛 Bug Fixes
⚡ Improvement Features

Full Changelog: intlify/vue-i18n@v11.1.2...v11.1.3

v11.1.2

Compare Source

What's Changed

🔒 Security Fixes

Full Changelog: intlify/vue-i18n@v11.1.1...v11.1.2

v11.1.1

Compare Source

Full Changelog: intlify/vue-i18n@v11.1.0...v11.1.1

v11.1.0

Compare Source

What's Changed

🌟 Features
📝️ Documentations

Full Changelog: intlify/vue-i18n@v11.0.1...v11.1.0

v11.0.1

Compare Source

This changelog is generated by GitHub Releases

What's Changed

🌟 Features
🐛 Bug Fixes
💥 Breaking Changes
⚡ Improvement Features
📈 Performance Fixes
📝️ Documentations

New Contributors

Full Changelog: intlify/vue-i18n@v11.0.1...v12.0.0-alpha.1

v11.0.0

Compare Source

This changelog is generated by GitHub Releases

What's Changed

⚡ Improvement Features

Full Changelog: intlify/vue-i18n@v11.0.0...v11.0.1

v10.0.8

Compare Source

What's Changed

🔒 Security Fixes

Full Changelog: intlify/vue-i18n@v10.0.7...v10.0.8

v10.0.7

Compare Source

What's Changed

🐛 Bug Fixes

Full Changelog: intlify/vue-i18n@v10.0.6...v10.0.7

v10.0.6

Compare Source

What's Changed

🔒 Security Fixes

Full Changelog: intlify/vue-i18n@v10.0.5...v10.0.6

v10.0.5

Compare Source

What's Changed

🔒 Security Fixes

Full Changelog: intlify/vue-i18n@v10.0.4...v10.0.5

v10.0.4

Compare Source

This changelog is generated by GitHub Releases

What's Changed

Deprecate Legacy API mode

The Legacy API mode was the API mode compatible with v8 for Vue 2. When v9 was released, the Legacy API was provided to smooth the migration from v8 to v9.

Legacy API mode will be deprecated in v11, as previous vue-i18n releases have already provided the following to support migration to Composition API mode

  • Migration from Legacy API mode to Composition API mode, see the docs
  • Composition API usage, see the docs

For compatibility, Legacy API mode still works in v11, but will be removed entirely in v12, so Legacy API mode will not work after that version.

Deprecate Custom Directive v-t

The advantage of v-t was that it could optimize performance using the vue compiler transform and the pre-translation of vue-i18n-extension.

This feature was supported from Vue 2.
About details see the blog article

In Vue 3, due to the Composition API, the pre-translation of vue-i18n-extension is now limited only for global scope.

In addition, Vue 3 Virtual DOM optimization has been introduced, and the optimization provided by vue-i18n-extension is no longer very effective. We need to require settings for SSR, the benefits of using v-t have disappeared. And DX of templates using v-t is not good. Custom directives do not work with key completion in editors (e.g. vscode).

For compatibility, v-t mode still works in v11, but will be removed entirely in v12, so v-t will not work after that version.

Drop tc and $tc for Legacy API mode

These APIs had already deprecated in warning about being dropped in v11. docs says

Vue I18n maintenance Status

Vue I18n v8 is no longer supported after 2025. Vue I18n v9 and Vue I18n v10 is in maintenance mode after 2025 July.

With the release of Vue I18n v11, that version will become mainstream.

The maintenance detail status of Vue I18n v9 and Vue I18n v10 is as follows:

You can check the maintenance status on the docs

❗ Breaking Changes
⚡ Improvement Features
🔒 Security Fixes
📝️ Documentations

👋 New Contributors

Full Changelog: intlify/vue-i18n@v10.0.4...v11.0.0

v10.0.3

Compare Source

This changelog is generated by GitHub Releases

What's Changed

🐛 Bug Fixes
📝️ Documentations

New Contributors

Full Changelog: intlify/vue-i18n@v10.0.3...v10.0.4

v10.0.2

Compare Source

This changelog is generated by GitHub Releases

What's Changed

🐛 Bug Fixes
  • fix(petite-vue-i18n): cannot register correctly message resolver and locale fallbacker by @​kazupon in #​1967
📝️ Documentations

Full Changelog: intlify/vue-i18n@v10.0.2...v10.0.3

v10.0.1

Compare Source

This changelog is generated by GitHub Releases

What's Changed

⚡ Improvement Features
📝️ Documentations

Full Changelog: intlify/vue-i18n@v10.0.1...v10.0.2

v10.0.0

Compare Source

This changelog is generated by GitHub Releases

What's Changed

🐛 Bug Fixes

New Contributors

Full Changelog: intlify/vue-i18n@v10.0.0...v10.0.1

v9.14.5

Compare Source

What's Changed

🔒 Security Fixes

Full Changelog: intlify/vue-i18n@v9.14.4...v9.14.5

v9.14.4

Compare Source

What's Changed
🐛 Bug Fixes

Full Changelog: intlify/vue-i18n@v9.14.3...v9.14.4

v9.14.3

Compare Source

What's Changed
🔒 Security Fixes

Full Changelog: intlify/vue-i18n@v9.14.2...v9.14.3

v9.14.2

Compare Source

What's Changed

🔒 Security Fixes

Full Changelog: intlify/vue-i18n@v9.14.1...v9.14.2

v9.14.1

Compare Source

What's Changed

🐛 Bug Fixes

Full Changelog: intlify/vue-i18n@v9.14.0...v9.14.1

v9.14.0

Compare Source

What's Changed

⚡ Improvement Features

Full Changelog: intlify/vue-i18n@v9.13.1...v9.14.0

v9.13.1

Compare Source

This changelog is generated by GitHub Releases

What's Changed

💥 Breaking Changes

Full Changelog: intlify/vue-i18n@v9.13.1...v10.0.0-alpha.1

v9.13.0

Compare Source

This changelog is generated by GitHub Releases

What's Changed

🐛 Bug Fixes

Full Changelog: intlify/vue-i18n@v9.13.0...v9.13.1

v9.12.1

Compare Source

This changelog is generated by GitHub Releases

What's Changed

⚠️ Deprecated Features
⚡ Improvement Features
📝️ Documentations

New Contributors

Full Changelog: intlify/vue-i18n@v9.12.1...v9.13.0

v9.12.0

Compare Source

This changelog is generated by GitHub Releases

What's Changed

🐛 Bug Fixes
👕 Refactoring

Full Changelog: intlify/vue-i18n@v9.12.0...v9.12.1

v9.11.1

Compare Source

This changelog is generated by GitHub Releases

What's Changed

🌟 Features

Full Changelog: intlify/vue-i18n@v9.11.1...v9.12.0

v9.11.0

Compare Source

This changelog is generated by GitHub Releases

What's Changed

🐛 Bug Fixes

Full Changelog: intlify/vue-i18n@v9.11.0...v9.11.1

v9.10.2

Compare Source

This changelog is generated by GitHub Releases

What's Changed

🌟 Features

New Contributors

Full Changelog: intlify/vue-i18n@v9.10.2...v9.11.0

v9.10.1

Compare Source

This changelog is generated by GitHub Releases

What's Changed

🐛 Bug Fixes

New Contributors

Full Changelog: intlify/vue-i18n@v9.10.1...v9.10.2

v9.10.0

Compare Source

This changelog is generated by GitHub Releases

What's Changed

⚡ Improvement Features
📝️ Documentations

New Contributors

Full Changelog: intlify/vue-i18n@v9.10.0...v9.10.1

v9.9.1

Compare Source

This changelog is generated by GitHub Releases

What's Changed

🌟 Features
📝️ Documentations

New Contributors

Full Changelog: intlify/vue-i18n@v9.9.1...v9.10.0

v9.9.0

Compare Source

This changelog is generated by GitHub Releases

What's Changed

🐛 Bug Fixes
📝️ Documentations

New Contributors

Full Changelog: intlify/vue-i18n@v9.9.0...v9.9.1

v9.8.0

Compare Source

This changelog is generated by GitHub Releases

What's Changed

⚡ Improvement Features
📈 Performance Fixes
📝️ Documentations

New Contributors

Full Changelog: intlify/vue-i18n@v9.8.0...v9.9.0

v9.7.1

Compare Source

This changelog is generated by GitHub Releases

What's Changed

🌟 Features

Full Changelog: intlify/vue-i18n@v9.7.1...v9.8.0

v9.7.0

Compare Source

This changelog is generated by GitHub Releases

What's Changed

⚡ Improvement Features

Full Changelog: intlify/vue-i18n@v9.7.0...v9.7.1

v9.6.5

Compare Source

This changelog is generated by GitHub Releases

What's Changed

🌟 Features

Full Changelog: intlify/vue-i18n@v9.6.5...v9.7.0

v9.6.4

Compare Source

This changelog is generated by GitHub Releases

What's Changed

🐛 Bug Fixes

New Contributors

Full Changelog: intlify/vue-i18n@v9.6.4...v9.6.5

v9.6.3

Compare Source

This changelog is generated by GitHub Releases

What's Changed

🐛 Bug Fixes
  • fix: wrong source getting by @​kazupon in [intlify/vue-i1

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate bot changed the title chore(deps): update dependency vue-i18n-legacy to v9 [security] chore(deps): update dependency vue-i18n-legacy to v9 [security] - autoclosed Dec 8, 2024
@renovate renovate bot closed this Dec 8, 2024
@renovate renovate bot deleted the renovate/npm-vue-i18n-legacy-vulnerability branch December 8, 2024 19:01
@renovate renovate bot changed the title chore(deps): update dependency vue-i18n-legacy to v9 [security] - autoclosed chore(deps): update dependency vue-i18n-legacy to v9 [security] Dec 8, 2024
@renovate renovate bot reopened this Dec 8, 2024
@renovate renovate bot force-pushed the renovate/npm-vue-i18n-legacy-vulnerability branch from ddfea19 to 3f4ac72 Compare December 8, 2024 22:01
@renovate renovate bot force-pushed the renovate/npm-vue-i18n-legacy-vulnerability branch from 3f4ac72 to be5b346 Compare December 17, 2024 19:56
@renovate renovate bot changed the title chore(deps): update dependency vue-i18n-legacy to v9 [security] chore(deps): update dependency vue-i18n-legacy to v10 [security] Dec 17, 2024
@renovate renovate bot force-pushed the renovate/npm-vue-i18n-legacy-vulnerability branch from be5b346 to be692fb Compare December 17, 2024 23:51
@renovate renovate bot changed the title chore(deps): update dependency vue-i18n-legacy to v10 [security] chore(deps): update dependency vue-i18n-legacy to v9 [security] Dec 17, 2024
@renovate renovate bot force-pushed the renovate/npm-vue-i18n-legacy-vulnerability branch from be692fb to a1f820f Compare December 22, 2024 18:57
@renovate renovate bot changed the title chore(deps): update dependency vue-i18n-legacy to v9 [security] chore(deps): update dependency vue-i18n-legacy to v10 [security] Dec 22, 2024
@renovate renovate bot force-pushed the renovate/npm-vue-i18n-legacy-vulnerability branch from a1f820f to 5fff31c Compare December 22, 2024 21:29
@renovate renovate bot changed the title chore(deps): update dependency vue-i18n-legacy to v10 [security] chore(deps): update dependency vue-i18n-legacy to v9 [security] Dec 22, 2024
@renovate renovate bot force-pushed the renovate/npm-vue-i18n-legacy-vulnerability branch from 5fff31c to 81760e2 Compare January 14, 2025 17:28
@renovate renovate bot changed the title chore(deps): update dependency vue-i18n-legacy to v9 [security] chore(deps): update dependency vue-i18n-legacy to v11 [security] Jan 14, 2025
@renovate renovate bot force-pushed the renovate/npm-vue-i18n-legacy-vulnerability branch from 81760e2 to 1d9ba05 Compare January 15, 2025 00:00
@renovate renovate bot changed the title chore(deps): update dependency vue-i18n-legacy to v11 [security] chore(deps): update dependency vue-i18n-legacy to v9 [security] Jan 15, 2025
@renovate renovate bot force-pushed the renovate/npm-vue-i18n-legacy-vulnerability branch from 1d9ba05 to dcef09d Compare January 23, 2025 17:03
@renovate renovate bot changed the title chore(deps): update dependency vue-i18n-legacy to v9 [security] chore(deps): update dependency vue-i18n-legacy to v11 [security] Jan 23, 2025
@renovate renovate bot force-pushed the renovate/npm-vue-i18n-legacy-vulnerability branch from dcef09d to 8b80aa8 Compare January 23, 2025 21:28
@renovate renovate bot changed the title chore(deps): update dependency vue-i18n-legacy to v11 [security] chore(deps): update dependency vue-i18n-legacy to v9 [security] Jan 23, 2025
@renovate renovate bot force-pushed the renovate/npm-vue-i18n-legacy-vulnerability branch from 8b80aa8 to 209f31c Compare January 30, 2025 17:50
@renovate renovate bot changed the title chore(deps): update dependency vue-i18n-legacy to v9 [security] chore(deps): update dependency vue-i18n-legacy to v11 [security] Jan 30, 2025
@renovate renovate bot force-pushed the renovate/npm-vue-i18n-legacy-vulnerability branch from 209f31c to c4fe81f Compare January 30, 2025 21:41
@renovate renovate bot changed the title chore(deps): update dependency vue-i18n-legacy to v11 [security] chore(deps): update dependency vue-i18n-legacy to v9 [security] Jan 30, 2025
@renovate renovate bot force-pushed the renovate/npm-vue-i18n-legacy-vulnerability branch from c4fe81f to 6af586a Compare February 9, 2025 13:34
@renovate renovate bot changed the title chore(deps): update dependency vue-i18n-legacy to v9 [security] chore(deps): update dependency vue-i18n-legacy to v11 [security] Feb 9, 2025
@renovate renovate bot force-pushed the renovate/npm-vue-i18n-legacy-vulnerability branch from 6af586a to 41ffc03 Compare February 9, 2025 17:57
@renovate renovate bot changed the title chore(deps): update dependency vue-i18n-legacy to v9 [security] chore(deps): update dependency vue-i18n-legacy to v11 [security] Aug 31, 2025
@renovate renovate bot force-pushed the renovate/npm-vue-i18n-legacy-vulnerability branch from 9043623 to 306504c Compare August 31, 2025 14:08
@renovate renovate bot changed the title chore(deps): update dependency vue-i18n-legacy to v11 [security] chore(deps): update dependency vue-i18n-legacy to v9 [security] Aug 31, 2025
@renovate renovate bot force-pushed the renovate/npm-vue-i18n-legacy-vulnerability branch from 306504c to 278187d Compare September 25, 2025 16:27
@renovate renovate bot changed the title chore(deps): update dependency vue-i18n-legacy to v9 [security] chore(deps): update dependency vue-i18n-legacy to v11 [security] Sep 25, 2025
@renovate renovate bot force-pushed the renovate/npm-vue-i18n-legacy-vulnerability branch from 278187d to a3e6812 Compare September 25, 2025 23:04
@renovate renovate bot changed the title chore(deps): update dependency vue-i18n-legacy to v11 [security] chore(deps): update dependency vue-i18n-legacy to v9 [security] Sep 25, 2025
@renovate renovate bot force-pushed the renovate/npm-vue-i18n-legacy-vulnerability branch from a3e6812 to 0727bff Compare October 9, 2025 11:10
@renovate renovate bot changed the title chore(deps): update dependency vue-i18n-legacy to v9 [security] chore(deps): update dependency vue-i18n-legacy to v11 [security] Oct 9, 2025
@renovate renovate bot changed the title chore(deps): update dependency vue-i18n-legacy to v11 [security] chore(deps): update dependency vue-i18n-legacy to v9 [security] Oct 9, 2025
@renovate renovate bot force-pushed the renovate/npm-vue-i18n-legacy-vulnerability branch from 0727bff to bc0593a Compare October 9, 2025 15:34
@renovate renovate bot force-pushed the renovate/npm-vue-i18n-legacy-vulnerability branch from bc0593a to 07eb12b Compare October 21, 2025 21:01
@renovate renovate bot changed the title chore(deps): update dependency vue-i18n-legacy to v9 [security] chore(deps): update dependency vue-i18n-legacy to v11 [security] Oct 21, 2025
@renovate renovate bot force-pushed the renovate/npm-vue-i18n-legacy-vulnerability branch from 07eb12b to 534d271 Compare October 22, 2025 10:38
@renovate renovate bot changed the title chore(deps): update dependency vue-i18n-legacy to v11 [security] chore(deps): update dependency vue-i18n-legacy to v9 [security] Oct 22, 2025
@renovate renovate bot force-pushed the renovate/npm-vue-i18n-legacy-vulnerability branch from 534d271 to 1358dcc Compare November 10, 2025 19:56
@renovate renovate bot changed the title chore(deps): update dependency vue-i18n-legacy to v9 [security] chore(deps): update dependency vue-i18n-legacy to v11 [security] Nov 10, 2025
@renovate renovate bot force-pushed the renovate/npm-vue-i18n-legacy-vulnerability branch from 1358dcc to 9e0c97c Compare November 11, 2025 04:06
@renovate renovate bot changed the title chore(deps): update dependency vue-i18n-legacy to v11 [security] chore(deps): update dependency vue-i18n-legacy to v9 [security] Nov 11, 2025
@renovate renovate bot force-pushed the renovate/npm-vue-i18n-legacy-vulnerability branch from 9e0c97c to f6a5a52 Compare November 19, 2025 00:36
@renovate renovate bot changed the title chore(deps): update dependency vue-i18n-legacy to v9 [security] chore(deps): update dependency vue-i18n-legacy to v11 [security] Nov 19, 2025
@renovate renovate bot force-pushed the renovate/npm-vue-i18n-legacy-vulnerability branch from f6a5a52 to 6539bbf Compare November 19, 2025 04:55
@renovate renovate bot changed the title chore(deps): update dependency vue-i18n-legacy to v11 [security] chore(deps): update dependency vue-i18n-legacy to v9 [security] Nov 19, 2025
@renovate renovate bot force-pushed the renovate/npm-vue-i18n-legacy-vulnerability branch from 6539bbf to a45006e Compare December 3, 2025 18:09
@renovate renovate bot changed the title chore(deps): update dependency vue-i18n-legacy to v9 [security] chore(deps): update dependency vue-i18n-legacy to v11 [security] Dec 3, 2025
@renovate renovate bot force-pushed the renovate/npm-vue-i18n-legacy-vulnerability branch from a45006e to 6fef4a8 Compare December 3, 2025 20:56
@renovate renovate bot changed the title chore(deps): update dependency vue-i18n-legacy to v11 [security] chore(deps): update dependency vue-i18n-legacy to v9 [security] Dec 3, 2025
@renovate renovate bot force-pushed the renovate/npm-vue-i18n-legacy-vulnerability branch from 6fef4a8 to 3df56da Compare December 15, 2025 17:43
@renovate renovate bot changed the title chore(deps): update dependency vue-i18n-legacy to v9 [security] chore(deps): update dependency vue-i18n-legacy to v11 [security] Dec 15, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

Type: Dependency

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant