Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Snyk] Upgrade prettier-plugin-solidity from 1.0.0-beta.19 to 1.3.1 #8

Open
wants to merge 1 commit into
base: main
Choose a base branch
from

Conversation

BitcoinOutput
Copy link
Owner

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to upgrade prettier-plugin-solidity from 1.0.0-beta.19 to 1.3.1.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.


  • The recommended version is 16 versions ahead of your current version.
  • The recommended version was released 21 days ago, on 2023-12-24.

The recommended version fixes:

Severity Issue PriorityScore (*) Exploit Maturity
Regular Expression Denial of Service (ReDoS)
SNYK-JS-SEMVER-3247795
696/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.5
Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Release notes
Package name: prettier-plugin-solidity
  • 1.3.1 - 2023-12-24
  • 1.3.0 - 2023-12-22

    This version ships with 2 substantial changes.

    1. The parser had a great improvement in size package making our bundled size go from 773.5 KB to 417 KB and 90 KB gzipped, making our support for browser more impactful. (#967)
    2. We embraced prettier's ternaries formatting improvements and support the new option externalTernaries, so we invite people to start experimenting with it and give us some feedback. (#953)
  • 1.2.0 - 2023-11-09

    A few improvements on this release:

    • Dropped support for node 14 (#887)
    • Migrated the whole codebase to ESM (#894)
      • The bundled version now has the .cjs extension
    • Improved the bundled file to better support projects targeting browsers (#943 thanks to @ folego and electric_gary on Telegram)
      • Projects can easily import from prettier-plugin-solidity/standalone
    • Added support for negative e notation 1000e-2 (solidity-parser/parser#95)
    • Full support of file level event definitions, introduced with solidity 0.8.22 (solidity-parser/parser#97)

    A few tweaks in the code and refactor for simplicity and efficiency.

  • 1.1.4-dev - 2023-11-06
  • 1.1.3 - 2023-03-01

    This version adds support for user-defined operators, a feature introduced in Solidity 0.8.19.

  • 1.1.2 - 2023-02-06

    This version adds support for named parameters in mappings, introduced in Solidity 0.8.18. This means you can add names to your mappings parameters:

    mapping(address account => uint balance) balanceOf; 

    and Prettier Solidity will format it correctly.

    Thanks to @ zemse for working on this!

  • 1.1.1 - 2022-12-29

    With this version we started supporting prettier V3 which at the moment it's in their 3.0.0-alpha.4 version. (#757)

    Some internal tweaks and removed some dependencies that were no longer used. (thanks to @ frangio for noticing #780)

  • 1.1.0 - 2022-12-13

    With this version, we are releasing a standalone build (#727).
    It follows the same patterns Prettier uses for their internal plugins such as UMD.
    Hopefully this will make integration for projects based on the browser easy and will be automatically shipped on each release to http://unpkg.com/prettier-plugin-solidity@latest.

    We also took care of a small bug that would print an extra line when formatting solidity code within a markdown code block (#765).

  • 1.0.0 - 2022-11-17

    We are happy to release the first stable version of Prettier Solidity! 🎉 🎉

    What does this mean for you as a user? Semantic versioning doesn't make a lot of sense for a formatter, so it's hard to give hard rules about what will be the meaning of future versions. But we'll try to follow these guidelines:

    • We won't make big formatting changes within the same major version. For example, you shouldn't get all your function signatures changed just because you upgraded to, say, v1.1.0.
    • We won't remove any option within the same major version.
    • We'll use patch versions (e.g., moving from 1.2.3 to 1.2.4) for bug fixes and very minor formatting changes.
    • We'll use minor versions (e.g., moving from 1.2.3 to 1.3.0) for new language constructs, new options (if any) and somewhat bigger formatting changes.

    What separates a "very minor formatting change" from a "bigger one" is hard to define precisely, of course, so some of these decisions will be very subjective, but we'll try to do our best.

    Thanks for using our plugin and remember to star the repo! ⭐

  • 1.0.0-rc.1 - 2022-11-02

    This is our first release candidate for a stable v1.0.0!

    This version includes some significant changes:

    • We removed the explicitTypes option, since we believe that this belongs to a linter. The behavior now is the same one that you would get if using explicitTypes: "preserve", meaning that we'll never convert an uint to an uint256 or vice versa.
    • In previous versions, the parameters of a function definition would always be split if there were more than two of them. Starting now, we only split them if the line doesn't fit in line-width. Plus, the way this works is that first the parameters are split, then the modifiers (if they also don't fit in a single line), and finally the return parameters (also only if they don't fit).
    • The exponentiation operator (**) now has spaces around it. This is more consistent with other operators, and it looks better for long variable names (that is, base ** decimals is better than base**decimals). We do know that this is not as nice for some cases (2 ** 10), but we are erring on the side of consistency and a better worst-case scenario.

    As an example, a function like this:

    contract Foo {
      function f(uint x, uint y, uint z) mod1 mod2 { x**y**z; }
    }

    would be formatted in the previous version like this:

    contract Foo {
        function f(
            uint256 x,
            uint256 y,
            uint256 z
        ) mod1 mod2 {
            x**y**z;
        }
    }

    and now it will be formatted like this:

    contract Foo {
        function f(uint x, uint y, uint z) mod1 mod2 {
            x ** y ** z;
        }
    }

    Please upgrade to the latest version and let us if you find any issues!

  • 1.0.0-dev.24 - 2022-10-19
  • 1.0.0-dev.23 - 2022-07-15
  • 1.0.0-dev.22 - 2022-07-11
  • 1.0.0-dev.21 - 2022-02-10
  • 1.0.0-beta.24 - 2022-08-06

    Bump to beta.24

  • 1.0.0-beta.20 - 2022-02-10
  • 1.0.0-beta.19 - 2021-11-11
from prettier-plugin-solidity GitHub release notes
Commit messages
Package name: prettier-plugin-solidity
  • cf96d07 hot fix to address feedback from @ pcaversaccio
  • 57ac1c6 updating the parser and bumping the version (#967)
  • 6ed961c Experimental ternaries (#953)
  • e1ca377 Bump eslint from 8.55.0 to 8.56.0 (#966)
  • c4f81fc Bump solidity-comments-extractor from 0.0.7 to 0.0.8 (#965)
  • 18fb196 using optional chaining since this has been implemented by all our targets (#913)
  • ba16ec5 Bump eslint-plugin-import from 2.29.0 to 2.29.1 (#963)
  • e42144e Bump prettier from 3.1.0 to 3.1.1 (#962)
  • 57c60c6 Removing forced separation of functions and contracts (#960)
  • 2984bcc Bump eslint from 8.54.0 to 8.55.0 (#959)
  • 09d3e63 Bump eslint-config-prettier from 9.0.0 to 9.1.0 (#958)
  • c17679d Bump @ babel/code-frame from 7.23.4 to 7.23.5 (#957)
  • d21c313 Bump jest-light-runner from 0.5.1 to 0.6.0 (#956)
  • 093345e Bump @ babel/code-frame from 7.22.13 to 7.23.4 (#955)
  • 92e9ac2 Bump eslint from 8.53.0 to 8.54.0 (#954)
  • 1ac130b Bump prettier from 3.0.3 to 3.1.0 (#951)
  • 46ccf3c adding tests for number literals
  • 5996443 Bump solc from 0.8.22 to 0.8.23 (#950)
  • d5e92bf ready to publish (#949)
  • 57344d4 Bump esmock from 2.5.9 to 2.6.0 (#948)
  • 39f002f Proposal to avoid separating function definitions without an implementation (#941)
  • 71ba936 Bump lines-and-columns from 2.0.3 to 2.0.4 (#947)
  • 35536b4 Bump esm-utils from 4.1.2 to 4.2.1 (#946)
  • 02b991c bump version

Compare


Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants