[Snyk] Upgrade pinia from 2.1.4 to 2.3.1

[snyk-io]

Snyk has created this PR to upgrade pinia from 2.1.4 to 2.3.1.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 15 versions ahead of your current version.

• The recommended version was released a year ago.

Issues fixed by the recommended upgrade:

	Issue	Score	Exploit Maturity
	Prototype Pollution SNYK-JS-AXIOS-15252993	111	Proof of Concept
	Cross-site Request Forgery (CSRF) SNYK-JS-AXIOS-6032459	111	Proof of Concept
	Prototype Pollution SNYK-JS-AXIOS-6144788	111	No Known Exploit
	Server-side Request Forgery (SSRF) SNYK-JS-AXIOS-7361793	111	Proof of Concept
	Improper Handling of Extra Parameters SNYK-JS-FOLLOWREDIRECTS-6141137	111	Proof of Concept
	Allocation of Resources Without Limits or Throttling SNYK-JS-AXIOS-12613773	111	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-AXIOS-6124857	111	Proof of Concept
	Server-side Request Forgery (SSRF) SNYK-JS-AXIOS-9292519	111	Proof of Concept
	Server-side Request Forgery (SSRF) SNYK-JS-AXIOS-9403194	111	No Known Exploit
	Information Exposure SNYK-JS-FOLLOWREDIRECTS-6444610	111	Proof of Concept
	Predictable Value Range from Previous Values SNYK-JS-FORMDATA-10841150	111	Proof of Concept
	Improper Input Validation SNYK-JS-NANOID-8492085	111	No Known Exploit
	Improper Input Validation SNYK-JS-POSTCSS-5926692	111	No Known Exploit

Breaking Change Risk

Notice: This assessment is enhanced by AI.

Release notes

Package name: pinia

• 2.3.1 - 2025-01-20
  

  Please refer to CHANGELOG.md for details.

• 2.3.0 - 2024-12-04
  

  Please refer to CHANGELOG.md for details.

• 2.2.8 - 2024-11-28
  

  Please refer to CHANGELOG.md for details.

• 2.2.7 - 2024-11-27
  

  Please refer to CHANGELOG.md for details.

• 2.2.6 - 2024-11-03
  

  Please refer to CHANGELOG.md for details.

• 2.2.5 - 2024-10-29
• 2.2.4 - 2024-10-01
• 2.2.3 - 2024-09-30
• 2.2.2 - 2024-08-15
• 2.2.1 - 2024-08-06
• 2.2.0 - 2024-07-26
• 2.1.8-beta.0 - 2024-04-17
• 2.1.7 - 2023-10-13
• 2.1.6 - 2023-07-26
• 2.1.5 - 2023-07-26
• 2.1.4 - 2023-06-14

from pinia GitHub release notes

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• This PR was automatically created by Snyk using the credentials of a real user.
• Max score is 1000. Note that the real score may have changed since the PR was raised.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

• 🧐 View latest project report
• 📜 Customise PR templates
• 🛠 Adjust upgrade PR settings
• 🔕 Ignore this dependency or unsubscribe from future upgrade PRs

[snyk-io]

This upgrade for pinia from version 2.1.4 to 2.3.1 introduces a new minimum requirement for Vue.js and includes a TypeScript type change that may require verification.

Key Changes:

• Vue.js Version Requirement: As of version 2.3.0, pinia now requires at least Vue 2.7. Projects using older versions of Vue 2 will need to be updated.
• TypeScript Change: Version 2.2.0 introduced a stricter type for the patch function, which now requires an unwrapped state. This could affect TypeScript projects where a ref or reactive object was passed directly to a store's $patch method.

Recommendation:
Verify that your project is using Vue 2.7 or a later version. If you are using TypeScript, check your usage of the $patch function to ensure you are passing a plain, non-reactive object.

Source: CHANGELOG.md

Notice 🤖: This content was augmented using artificial intelligence. AI-generated content may contain errors and should be reviewed for accuracy before use.