[Snyk] Upgrade: autoprefixer, fibers, handlebars, jstransformer-handlebars, marked, metalsmith, postcss, sass, semver, strftime #284
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Snyk has created this PR to upgrade multiple dependencies.
👯 The following dependencies are linked and will therefore be updated together.ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
autoprefixer
from 10.0.4 to 10.4.20 | 37 versions ahead of your current version | a month ago
on 2024-08-02
fibers
from 5.0.0 to 5.0.3 | 3 versions ahead of your current version | 2 years ago
on 2022-08-30
handlebars
from 4.7.6 to 4.7.8 | 2 versions ahead of your current version | a year ago
on 2023-08-01
jstransformer-handlebars
from 1.1.0 to 1.2.0 | 1 version ahead of your current version | 3 years ago
on 2022-01-17
marked
from 1.2.5 to 1.2.9 | 4 versions ahead of your current version | 4 years ago
on 2021-02-03
metalsmith
from 2.3.0 to 2.6.3 | 10 versions ahead of your current version | 6 months ago
on 2024-03-05
postcss
from 8.1.10 to 8.4.41 | 74 versions ahead of your current version | a month ago
on 2024-08-05
sass
from 1.29.0 to 1.77.8 | 141 versions ahead of your current version | 2 months ago
on 2024-07-11
semver
from 7.3.2 to 7.6.3 | 16 versions ahead of your current version | 2 months ago
on 2024-07-16
strftime
from 0.10.0 to 0.10.3 | 3 versions ahead of your current version | 3 months ago
on 2024-06-12
Issues fixed by the recommended upgrade:
SNYK-JS-ANSIREGEX-1583908
SNYK-JS-BRACES-6838727
SNYK-JS-HANDLEBARS-1056767
SNYK-JS-BROWSERSLIST-1090194
SNYK-JS-GLOBPARENT-1016905
SNYK-JS-NANOID-2332193
SNYK-JS-POSTCSS-1090595
SNYK-JS-POSTCSS-1255640
SNYK-JS-POSTCSS-5926692
SNYK-JS-HANDLEBARS-1279029
SNYK-JS-INFLIGHT-6095116
Release notes
Package name: autoprefixer
fit-content
prefix for Firefox.end value has mixed support, consider using flex-end
warning sinceend
/start
now have good support.-webkit-box-orient
on-webkit-line-clamp
(@ Goodwine).user-select: contain
prefixes.::backdrop
prefixes (by @ yisibl).text-decoration
prefixes by moving to MDN data (by @ romainmenke).Package name: fibers
creating tag for version 5.0.2
5.0.1
Package name: handlebars
Commits
v4.7.7
v4.7.6
Package name: jstransformer-handlebars
1.1.0
Package name: marked
1.2.9 (2021-02-03)
Bug Fixes
1.2.8 (2021-01-26)
Bug Fixes
1.2.7 (2020-12-15)
Bug Fixes
1.2.6 (2020-12-10)
Bug Fixes
possible breaking change: When using the block.heading rule the text provided in capture group 2 will not be trimmed of whitespace.
1.2.5 (2020-11-19)
Bug Fixes
Package name: metalsmith
Removed
b170cf0
Updated
774a164
chokidar
: 3.5.3 ▶︎ 3.6.0Fixed
0d8d791
3ae6275
cac48fc
,5b48dce
642a176
34239d9
Documents metalsmith.watch() getter signature in TSa719025
Normalizes ms.watch().paths to an array, allows access to a subset of chokidar options as advertised5a516b2
Sets chokidar watchOption awaitWriteFinish to false, and batch timer to 0 to speed up watching23b0944
Fixes #389: ensure not missing watcher ready event to successfully launch build05265ce
Fixes formatting issue in types JSdoc commentsAdded
58d22a3
2d84fbe
9661ddc
45a4afe
424e6ec
chokidar
9d40674
lodash.clonedeepwith
e12537f
Removed
80d8508
rimraf
: replaced with native Node.js methodsae05945
cross-spawn
:baee1de
Updated
24fcffb
4929bc2
commander
: 6.2.1 -> 10.0.124fcffb
0810728
Fixed
60e173a
excerpt
property2bfe800
acb363e
Full Changelog: v2.5.1...v2.6.0
774a164
debug
: 4.3.3 ▶︎ 4.3.4Fixed
Important note to metalsmith-watch users:
Although 2.5.0 is a semver-minor release, it breaks compatibility with metalsmith-watch, which relies on the Metalsmith < 2.4.x private method signature using the outdated unyield package. See issue #374 for more details.
Added
Metalsmith#env
method. Supports passingDEBUG
andDEBUG_LOG
amongst others. SetsCLI: true
when run from the metalsmith CLI.b42df8c
,446c676
,33d936b
,4c483a3
Metalsmith#debug
method for creating plugin debuggersMetalsmith#read
,Metalsmith#readFile
,Metalsmith#write
,Metalsmith#writeFile
,Metalsmith#run
andMetalsmith#process
) to dual callback-/ promise-based methods16a91c5
,faf6ab6
,6cb6229
3a11a24
Removed
0a53007
thunkify
: replaced with promise-based implementationfaf6ab6
unyield
replaced with promise-based implementationfaf6ab6
co-fs-extra
: replaced with native Node.js methodsfaf6ab6
chalk
: not necessary for the few colors used by Metalsmith CLI1dae1cb
clone
: see #247a871af6
Updated
README.md
0da0c4d
Metalsmith#metadata
no longer clones the object passed to it, overwriting the previous metadata, but merges it into existing metadata.Fixed
metalsmith.directory()
5d75539
Updated
774a164
micromatch
: 4.0.4 ▶︎ 4.0.5Fixed
metalsmith.match
file cache in repeat runs without re-read, see metalsmith/layouts#183a727309
Updated
af9dec0
chalk
: 3.0.0 ▶︎ 4.1.2Fixed
ebf82f4
Fixed
Bugfix: include index.js in package.json files
Unfortunately release 2.4.0 missed the index.js file and was only usable by doing require('metalsmith/lib'). For this reason the release notes from 2.4.0 are re-included below:
Added
Metalsmith#match
method. Plugins no longer need to require a matching library705c4bb
,f01c724
828b17e
fs.rm
instead ofrimraf
when available (Node 14.4+)fcbb76e
,66e4376
Metalsmith#frontmatter
a6438d2
ef7b781
4eb1184
Metalsmith#build
now returns a promise which you can attach athen/catch
to orawait
. The build callback model is still available.6d5a42d
Removed
2db47f5
,75e6878
has-generators
: obsolete in supported Node versions2db47f5
absolute
replaced with native Nodepath.isAbsolute
c05f9e2
(@ Zearin)is
replaced with own implementation7eaac9e2
,54dba0c1
(@ Zearin)recursive-readdir
: replaced with own implementation4eb1184
Updated
Dependencies:
75e6878
chalk
: 1.1.3 ▶︎ 3.0.0gray-matter
: 2.0.0 ▶︎ 4.0.3stat-mode
: 0.2.0 ▶︎ 1.0.0rimraf
: 2.2.8 ▶︎ 3.0.2ware
: 1.2.0 ▶︎ 1.3.0commander
(used in CLI): 2.15.1 ▶︎ 6.2.1win-fork
(used in CLI): replaced withcross-spawn
:7.0.3Updated
CHANGELOG.md
format to follow “Keep A Changelog” (#266) (@ Zearin)Fixed
Metalsmith#ignore
now only matches paths relative toMetalsmith#source
(as it should). See linked issue for details4eb1184
Metalsmith#build
a6438d2
Metalsmith#ignore
'd)4eb1184
Metalsmith#ignore
now removes the matched files before they arestatted
for glob-based ignores (saving some perf & potential errors).Security
new Buffer
withBuffer.from
npm audit
vulnerability fixescoveralls
: 2.11.6 ▶︎ 3.0.1 (#308) (@ Zearin)Fix 5 “Moderate” vulnerabilities
metalsmith-markdown
: 0.2.1 ▶︎ 0.2.2 (#312) (@ Zearin)Fix 1 “Low” vulnerability
Unfortunately this release missed the index.js file and is only usable by doing
require('metalsmith/lib')
. This has quickly been fixed in 2.4.1 and the release notes ported to itAdded
Metalsmith#match
method. Plugins no longer need to require a matching library705c4bb
,f01c724
828b17e
fs.rm
instead ofrimraf
when available (Node 14.4+)fcbb76e
,66e4376
Metalsmith#frontmatter
a6438d2
ef7b781
4eb1184
Metalsmith#build
now returns a promise which you can attach athen/catch
to orawait
. The build callback model is still available.6d5a42d
Removed
2db47f5
,75e6878
has-generators
: obsolete in supported Node versions2db47f5
absolute
replaced with native Nodepath.isAbsolute
c05f9e2
(@ Zearin)is
replaced with own implementation7eaac9e2
,54dba0c1
(@ Zearin)recursive-readdir
: replaced with own implementation4eb1184
Updated
Dependencies:
75e6878
chalk
: 1.1.3 ▶︎ 3.0.0gray-matter
: 2.0.0 ▶︎ 4.0.3stat-mode
: 0.2.0 ▶︎ 1.0.0rimraf
: 2.2.8 ▶︎ 3.0.2ware
: 1.2.0 ▶︎ 1.3.0commander
(used in CLI): 2.15.1 ▶︎ 6.2.1win-fork
(used in CLI): replaced withcross-spawn
:7.0.3Updated
CHANGELOG.md
format to follow “Keep A Changelog” (#266) (@ Zearin)Fixed
Metalsmith#ignore
now only matches paths relative toMetalsmith#source
(as it should). See linked issue for details4eb1184
Metalsmith#build
a6438d2
Metalsmith#ignore
'd)4eb1184
Metalsmith#ignore
now removes the matched files before they arestatted
for glob-based ignores (saving some perf & potential errors).Security
new Buffer
withBuffer.from
npm audit
vulnerability fixescoveralls
: 2.11.6 ▶︎ 3.0.1 (#308) (@ Zearin)Fix 5 “Moderate” vulnerabilities
metalsmith-markdown
: 0.2.1 ▶︎ 0.2.2 (#312) (@ Zearin)Fix 1 “Low” vulnerability
Package name: postcss
CssSyntaxError
types (by @ romainmenke).endIndex: 0
in errors and warnings (by @ romainmenke).original.column are not numbers
error in another case.original.column are not numbers
error on broken previous source map.Package name: sass
To install Sass 1.77.8, download one of the packages below and add it to your PATH, or see the Sass website for full installation instructions.
Changes
See the full changelog for changes in earlier releases.
See sass/sass#3885
…264)
To install Sass 1.77.5, download one of the packages below and add it to your PATH, or see the Sass website for full installation instructions.
Changes
@ extend
.See the full changelog for changes in earlier releases.
To install Sass 1.77.4, download one of the packages below and add it to your PATH, or see the Sass website for full installation instructions.
Changes
Embedded Sass
Support passing
Version
input forfatalDeprecations
as string over embedded protocol.Fix a bug in the JS Embedded Host where
Version
could be incorrectly accepted as input forsilenceDeprecations
andfutureDeprecations
in pure JS.See the full changelog for changes in earlier releases.