Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Upgrade javascript-kit-swift from 0.3.0 to 0.10.1 #4

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

[Snyk] Upgrade javascript-kit-swift from 0.3.0 to 0.10.1 #4

wants to merge 1 commit into from

Conversation

snyk-bot
Copy link

Snyk has created this PR to upgrade javascript-kit-swift from 0.3.0 to 0.10.1.

merge advice
ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

  • The recommended version is 10 versions ahead of your current version.
  • The recommended version was released 2 months ago, on 2021-04-29.

The recommended version fixes:

Severity Issue PriorityScore (*) Exploit Maturity
Prototype Pollution
SNYK-JS-Y18N-1021887		 472/1000
Why? Proof of Concept exploit, CVSS 7.3		 Proof of Concept
Regular Expression Denial of Service (ReDoS)
SNYK-JS-SSRI-1246392		 472/1000
Why? Proof of Concept exploit, CVSS 7.3		 Proof of Concept
Regular Expression Denial of Service (ReDoS)
SNYK-JS-SSRI-1085630		 472/1000
Why? Proof of Concept exploit, CVSS 7.3		 No Known Exploit
Arbitrary Code Injection
SNYK-JS-SERIALIZEJAVASCRIPT-570062		 472/1000
Why? Proof of Concept exploit, CVSS 7.3		 Proof of Concept
Prototype Pollution
SNYK-JS-INI-1048974		 472/1000
Why? Proof of Concept exploit, CVSS 7.3		 Proof of Concept
Cryptographic Issues
SNYK-JS-ELLIPTIC-571484		 472/1000
Why? Proof of Concept exploit, CVSS 7.3		 Proof of Concept
Remote Memory Exposure
SNYK-JS-BL-608877		 472/1000
Why? Proof of Concept exploit, CVSS 7.3		 No Known Exploit
Prototype Pollution
SNYK-JS-AJV-584908		 472/1000
Why? Proof of Concept exploit, CVSS 7.3		 No Known Exploit
Cryptographic Issues
SNYK-JS-ELLIPTIC-1064899		 472/1000
Why? Proof of Concept exploit, CVSS 7.3		 No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Release notes
Package name: javascript-kit-swift
  • 0.10.1 - 2021-04-29

    This is a minor patch release that includes updates to our dependencies and minor documentation tweaks.

    Closed issues:

    • Do you accept contributions for wrappers over JavaScript objects? (#124)
    • Can't read from a file using JSPromise (#121)
    • TypeError when trying to implement a JSBridgedClass for WebSocket.send (#120)

    Merged pull requests:

  • 0.10.0 - 2021-01-21

    This release contains multiple breaking changes in preparation for enabling async/await, when this feature is available in a stable SwiftWasm release. Namely:

    • JSClosure.init(_ body: @ escaping ([JSValue]) -> ()) overload is deprecated to simplify type checking. Its presence requires explicit type signatures at the place of use. It will be removed in a future version of JavaScriptKit.
    • JSClosure is no longer a subclass of JSFunction. These classes are not related enough to keep them in the same class hierarchy. As a result, you can no longer call JSClosure objects directly from Swift. Call wrapped closures directly instead.
    • Introduced JSOneshotClosure for closures that are going to be called only once. You don't need to manage references to these closures manually, as opposed to JSClosure. However, they can only be called a single time from the JS side. Subsequent invocation attempts will raise a fatal error on the Swift side.
    • Removed generic parameters on JSPromise, now both success and failure values are always assumed to be of JSValue type. This also significantly simplifies type checking and allows callers to fully control type casting if needed.

    Closed issues:

    • DOMKit? (#21)

    Merged pull requests:

  • 0.9.0 - 2020-11-27

    This release introduces support for catching JSError instances in Swift from throwing JavaScript functions. This is possible thanks to the new JSThrowingFunction and JSThrowingObject classes. The former can only be called with try, while the latter will expose all of its member functions as throwing. Use the new throws property on JSFunction to convert it to JSThrowingFunction, and the new throwing property on JSObject to convert it to JSThrowingObject.

    Closed issues:

    • Support JS errors (#37)

    Merged pull requests:

  • 0.8.0 - 2020-10-21

    This release introduces a few enhancements and deprecations. Namely, JSValueConstructible and JSValueConvertible were renamed to ConstructibleFromJSValue and ConvertibleToJSValue respectively. The old names are deprecated, and you should move away from using the old names in your code. Additionally, JavaScriptKit now requires the most recent 5.3 and development toolchains, but thanks to this it no longer uses unsafe flags, which prevented building other libraries depending on JavaScriptKit on other platforms.

    The main user-visible enhancement is that now force casts are no longer required in client code. That is, we now allow this

    let document = JSObject.global.document
let foundDivs = document.getElementsByTagName("div")

    in addition to the previously available explicit style with force unwrapping:

    let document = JSObject.global.document.object!
let foundDivs = document.getElementsByTagName!("div").object!

    Note that the code in the first example is still dynamically typed. The Swift compiler won't warn you if you misspell names of properties or cast them to a wrong type. This feature is purely additive, and is added for convenience. You can still use force unwraps in your code interfacing with JavaScriptKit. If you're interested in a statically-typed DOM API, we recommend having a look at the DOMKit library, which is currently in development.

    Lastly, JSError now conforms to the JSBridgedClass protocol, which makes it easier to integrate with idiomatic Swift code.

    Closed issues:

    • Errors building example: undefined symbols (#95)
    • Documentation website is broken (#93)
    • Rename JSValueConstructible and JSValueConvertible (#87)
    • Build fails with the unsafe flags error (#6)

    Merged pull requests:

  • 0.7.2 - 2020-09-28

    This is a bugfix release that resolves an issue with the JavaScript runtime being unavailable when installed via NPM.

  • 0.7.1 - 2020-09-27

    This is a bugfix release that resolves an issue with the JavaScript runtime being unavailable when installed via NPM.

    Closed issues:

    • 0.7.0 unavailable on NPM (#79)
    • Automatic performance testing (#67)

    Merged pull requests:

  • 0.7.0 - 2020-09-25

    This release adds multiple new types bridged from JavaScript, namely JSError, JSDate, JSTimer (which corresponds to setTimeout/setInterval calls and manages closure lifetime for you), JSString and JSPromise. We now also have documentation published automatically for the main branch.

    Closed issues:

    • TypedArray improvement? (#52)

    Merged pull requests:

  • 0.6.0 - 2020-09-11
    Read more
  • 0.5.0 - 2020-07-18

    Bump 0.5.0

  • 0.4.0 - 2020-06-20

    Bump 0.4.0

  • 0.3.0 - 2020-04-30
from javascript-kit-swift GitHub release notes

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@snyk-bot