Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Snyk] Upgrade: , , clsx, docusaurus-plugin-sass, sass #15

Open
wants to merge 1 commit into
base: main
Choose a base branch
from

Conversation

black-da-bull
Copy link
Owner

snyk-top-banner

Snyk has created this PR to upgrade multiple dependencies.

👯 The following dependencies are linked and will therefore be updated together.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

Name Versions Released on

@commitdev/zero-doc-site-common-elements
from 0.0.7 to 0.0.9 | 2 versions ahead of your current version | 3 years ago
on 2021-07-28
@docusaurus/core
from 2.2.0 to 2.4.3 | 5 versions ahead of your current version | a year ago
on 2023-09-20
clsx
from 1.1.1 to 1.2.1 | 2 versions ahead of your current version | 2 years ago
on 2022-07-06
docusaurus-plugin-sass
from 0.2.1 to 0.2.5 | 4 versions ahead of your current version | a year ago
on 2023-07-20
sass
from 1.35.1 to 1.77.8 | 121 versions ahead of your current version | 2 months ago
on 2024-07-11

Issues fixed by the recommended upgrade:

Issue Score Exploit Maturity
critical severity Incomplete List of Disallowed Inputs
SNYK-JS-BABELTRAVERSE-5962462
786 Proof of Concept
critical severity Incomplete List of Disallowed Inputs
SNYK-JS-BABELTRAVERSE-5962462
786 Proof of Concept
Release notes
Package name: @docusaurus/core
  • 2.4.3 - 2023-09-20
  • 2.4.1 - 2023-05-15
  • 2.4.0 - 2023-03-23
  • 2.3.1 - 2023-02-03
  • 2.3.0 - 2023-01-27
  • 2.2.0 - 2022-10-29
from @docusaurus/core GitHub release notes
Package name: clsx
  • 1.2.1 - 2022-07-06

    Patches

    • Ensure CommonJS and UMD entrypoints have the named clsx export too

    Chores


    Full Changelog: v1.2.0...v1.2.1

  • 1.2.0 - 2022-07-02

    Features

    • Add named clsx export alias (#43, #44): 56ab81f
      Thank you @ danikaze~!

      This is purely an alias for the default export so that TypeScript users can avoid the esModuleInterop setting. In other words, the follow import statements are effectively identical, but the latter is preferred by TypeScript:

      import clsx from 'clsx';
      // or
      import { clsx } from 'clsx';

      Important: Just to reiterate, both still work!

    Chores


    Full Changelog: v1.1.1...v1.2.0

  • 1.1.1 - 2020-05-30

    Note: This is a performance-related patch only!
    Across all benchmarks, this version of clsx is ~1M ops/sec faster than [email protected].
    ...It also happens to be 1 byte (gzip) smaller 😅🎉

    Patches

    • fix: Remove needless spacer on string/number condition: ff11464
    • fix: Remove unnecessary recursive caller for object keys: f43dd23
    • perf: Guard all toVal calls with truthy assertions: 4fa8811, 019ec02
    • perf: Reorder typeof checks for common case: 08a5a7f

    Chores

    Benchmarks

    Run on Node.js v10.13.0.
    You may find updated browser benchmarks here.

    The snippet below is comparing [email protected] (this version) to the previous version, and to classnames for ballpark comparison. All candidates are functionally identical!

    # Strings
    classnames x 3,992,284 ops/sec ±1.64% (94 runs sampled)
    [email protected] x 11,253,372 ops/sec ±0.35% (96 runs sampled)
    [email protected] x 12,784,134 ops/sec ±0.42% (97 runs sampled)

    Objects

    classnames x 3,772,978 ops/sec ±0.46% (96 runs sampled)
    [email protected] x 7,288,178 ops/sec ±0.31% (96 runs sampled)
    [email protected] x 9,412,010 ops/sec ±0.42% (95 runs sampled)

    Arrays

    classnames x 1,665,275 ops/sec ±1.83% (93 runs sampled)
    [email protected] x 8,340,174 ops/sec ±0.53% (96 runs sampled)
    [email protected] x 9,141,916 ops/sec ±0.42% (95 runs sampled)

    Nested Arrays

    classnames x 1,164,706 ops/sec ±1.60% (95 runs sampled)
    [email protected] x 6,284,485 ops/sec ±0.58% (90 runs sampled)
    [email protected] x 7,165,151 ops/sec ±0.47% (91 runs sampled)

    Nested Arrays w/ Objects

    classnames x 1,597,180 ops/sec ±1.49% (93 runs sampled)
    [email protected] x 6,345,248 ops/sec ±0.21% (95 runs sampled)
    [email protected] x 7,651,411 ops/sec ±0.56% (95 runs sampled)

    Mixed

    classnames x 2,129,199 ops/sec ±1.46% (94 runs sampled)
    [email protected] x 6,557,515 ops/sec ±0.73% (91 runs sampled)
    [email protected] x 8,119,210 ops/sec ±0.42% (93 runs sampled)

    Mixed (Bad Data)

    classnames x 1,166,577 ops/sec ±0.84% (94 runs sampled)
    [email protected] x 2,018,654 ops/sec ±0.15% (98 runs sampled)
    [email protected] x 2,238,939 ops/sec ±0.34% (95 runs sampled)




from clsx GitHub release notes

Package name: docusaurus-plugin-sass from docusaurus-plugin-sass GitHub release notes
Package name: sass
  • 1.77.8 - 2024-07-11

    To install Sass 1.77.8, download one of the packages below and add it to your PATH, or see the Sass website for full installation instructions.

    Changes

    • No user-visible changes.

    See the full changelog for changes in earlier releases.

  • 1.77.7 - 2024-07-09

    See sass/sass#3885

  • 1.77.6 - 2024-06-17

    …264)

  • 1.77.5 - 2024-06-11

    To install Sass 1.77.5, download one of the packages below and add it to your PATH, or see the Sass website for full installation instructions.

    Changes

    • Fully trim redundant selectors generated by @ extend.

    See the full changelog for changes in earlier releases.

  • 1.77.4 - 2024-05-30

    To install Sass 1.77.4, download one of the packages below and add it to your PATH, or see the Sass website for full installation instructions.

    Changes

    Embedded Sass

    • Support passing Version input for fatalDeprecations as string over embedded protocol.

    • Fix a bug in the JS Embedded Host where Version could be incorrectly accepted as input for silenceDeprecations and futureDeprecations in pure JS.

    See the full changelog for changes in earlier releases.

  • 1.77.3 - 2024-05-29
  • 1.77.2 - 2024-05-16
  • 1.77.1 - 2024-05-10
  • 1.77.0 - 2024-05-07
  • 1.76.0 - 2024-04-30
  • 1.75.0 - 2024-04-11
  • 1.74.1 - 2024-04-04
  • 1.72.0 - 2024-03-13
  • 1.71.1 - 2024-02-21
  • 1.71.0 - 2024-02-16
  • 1.70.0 - 2024-01-18
  • 1.69.7 - 2024-01-02
  • 1.69.6 - 2023-12-28
  • 1.69.5 - 2023-10-26
  • 1.69.4 - 2023-10-17
  • 1.69.3 - 2023-10-12
  • 1.69.2 - 2023-10-10
  • 1.69.1 - 2023-10-09
  • 1.69.0 - 2023-10-05
  • 1.68.0 - 2023-09-21
  • 1.67.0 - 2023-09-14
  • 1.66.1 - 2023-08-18
  • 1.66.0 - 2023-08-17
  • 1.65.1 - 2023-08-09
  • 1.65.0 - 2023-08-09
  • 1.64.2 - 2023-07-31
  • 1.64.1 - 2023-07-22
  • 1.64.0 - 2023-07-20
  • 1.63.6 - 2023-06-21
  • 1.63.5 - 2023-06-21
  • 1.63.4 - 2023-06-14
  • 1.63.3 - 2023-06-09
  • 1.63.2 - 2023-06-08
  • 1.63.1 - 2023-06-08
  • 1.63.0 - 2023-06-07
  • 1.62.1 - 2023-04-25
  • 1.62.0 - 2023-04-11
  • 1.61.0 - 2023-04-06
  • 1.60.0 - 2023-03-23
  • 1.59.3 - 2023-03-14
  • 1.59.2 - 2023-03-11
  • 1.59.1 - 2023-03-10
  • 1.59.0 - 2023-03-10
  • 1.58.3 - 2023-02-18
  • 1.58.2 - 2023-02-17
  • 1.58.1 - 2023-02-14
  • 1.58.0 - 2023-02-01
  • 1.57.1 - 2022-12-19
  • 1.57.0 - 2022-12-17
  • 1.56.2 - 2022-12-08
  • 1.56.1 - 2022-11-09
  • 1.56.0 - 2022-11-04
  • 1.55.0 - 2022-09-21
  • 1.54.9 - 2022-09-07
  • 1.54.8 - 2022-08-31
  • 1.54.7 - 2022-08-31
  • 1.54.6 - 2022-08-29
  • 1.54.5 - 2022-08-19
  • 1.54.4 - 2022-08-10
  • 1.54.3 - 2022-08-04
  • 1.54.2 - 2022-08-03
  • 1.54.1 - 2022-08-02
  • 1.54.0 - 2022-07-22
  • 1.53.0 - 2022-06-22
  • 1.52.3 - 2022-06-08
  • 1.52.2 - 2022-06-03
  • 1.52.1 - 2022-05-20
  • 1.52.0 - 2022-05-20
  • 1.51.0 - 2022-04-26
  • 1.50.1 - 2022-04-19
  • 1.50.0 - 2022-04-07
  • 1.49.11 - 2022-04-01
  • 1.49.10 - 2022-03-30
  • 1.49.9 - 2022-02-24
  • 1.49.8 - 2022-02-17
  • 1.49.7 - 2022-02-01
  • 1.49.6 - 2022-02-01
  • 1.49.5 - 2022-02-01
  • 1.49.4 - 2022-02-01
  • 1.49.3 - 2022-02-01
  • 1.49.2 - 2022-02-01
  • 1.49.1 - 2022-01-31
  • 1.49.0 - 2022-01-18
  • 1.48.0 - 2022-01-13
  • 1.47.0 - 2022-01-07
  • 1.46.0 - 2022-01-06
  • 1.45.2 - 2021-12-31
  • 1.45.1 - 2021-12-21
  • 1.45.0 - 2021-12-10
  • 1.45.0-rc.2 - 2021-12-02
  • 1.45.0-rc.1 - 2021-11-30
  • 1.44.0 - 2021-11-30
  • 1.43.5 - 2021-11-24
  • 1.43.4 - 2021-10-26
  • 1.43.3 - 2021-10-21
  • 1.43.2 - 2021-10-13
  • 1.42.1 - 2021-09-22
  • 1.42.0 - 2021-09-21
  • 1.41.1 - 2021-09-16
  • 1.41.0 - 2021-09-14
  • 1.40.1 - 2021-09-14
  • 1.40.0 - 2021-09-13
  • 1.39.2 - 2021-09-10
  • 1.39.1 - 2021-09-09
  • 1.39.0 - 2021-09-02
  • 1.38.2 - 2021-08-28
  • 1.38.1 - 2021-08-23
  • 1.38.0 - 2021-08-17
  • 1.37.5 - 2021-08-04
  • 1.37.4 - 2021-08-03
  • 1.37.3 - 2021-08-03
  • 1.37.2 - 2021-08-03
  • 1.37.1 - 2021-08-02
  • 1.37.0 - 2021-07-30
  • 1.36.0 - 2021-07-23
  • 1.35.2 - 2021-07-07
  • 1.35.1 - 2021-06-15
from sass GitHub release notes

Important

  • Check the changes in this PR to ensure they won't cause issues with your project.
  • This PR was automatically created by Snyk using the credentials of a real user.
  • Max score is 1000. Note that the real score may have changed since the PR was raised.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

Snyk has created this PR to upgrade:
  - @commitdev/zero-doc-site-common-elements from 0.0.7 to 0.0.9.
    See this package in npm: https://www.npmjs.com/package/@commitdev/zero-doc-site-common-elements
  - @docusaurus/core from 2.2.0 to 2.4.3.
    See this package in npm: https://www.npmjs.com/package/@docusaurus/core
  - clsx from 1.1.1 to 1.2.1.
    See this package in npm: https://www.npmjs.com/package/clsx
  - docusaurus-plugin-sass from 0.2.1 to 0.2.5.
    See this package in npm: https://www.npmjs.com/package/docusaurus-plugin-sass
  - sass from 1.35.1 to 1.77.8.
    See this package in npm: https://www.npmjs.com/package/sass

See this project in Snyk:
https://app.snyk.io/org/black-da-bull/project/045f5701-98dd-4929-9a3f-df539749b694?utm_source=github&utm_medium=referral&page=upgrade-pr
Copy link

@sourcery-ai sourcery-ai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We have skipped reviewing this pull request. Here's why:

  • It seems to have been created by a bot ('[Snyk]' found in title). We assume it knows what it's doing!
  • We don't review packaging changes - Let us know if you'd like us to change this.

Copy link

squash-labs bot commented Sep 13, 2024

Manage this branch in Squash

Test this branch here: https://snyk-upgrade-a6fd021869c5f4246-56m1a.squash.io

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants