[Snyk] Upgrade: , , , , , jstransformer-nunjucks, metalsmith, metalsmith-if, metalsmith-prism, metalsmith-static-files #32
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Snyk has created this PR to upgrade:
- @metalsmith/drafts from 1.2.0 to 1.3.0.
See this package in npm: https://www.npmjs.com/package/@metalsmith/drafts
- @metalsmith/layouts from 2.6.0 to 2.7.0.
See this package in npm: https://www.npmjs.com/package/@metalsmith/layouts
- @metalsmith/markdown from 1.6.0 to 1.10.0.
See this package in npm: https://www.npmjs.com/package/@metalsmith/markdown
- @metalsmith/metadata from 0.1.0 to 0.3.0.
See this package in npm: https://www.npmjs.com/package/@metalsmith/metadata
- @metalsmith/permalinks from 2.4.0 to 3.0.1.
See this package in npm: https://www.npmjs.com/package/@metalsmith/permalinks
- jstransformer-nunjucks from 1.1.0 to 1.2.0.
See this package in npm: https://www.npmjs.com/package/jstransformer-nunjucks
- metalsmith from 2.5.1 to 2.6.3.
See this package in npm: https://www.npmjs.com/package/metalsmith
- metalsmith-if from 0.1.1 to 1.0.0.
See this package in npm: https://www.npmjs.com/package/metalsmith-if
- metalsmith-prism from 4.1.0 to 4.2.2.
See this package in npm: https://www.npmjs.com/package/metalsmith-prism
- metalsmith-static-files from 0.2.0 to 0.4.0.
See this package in npm: https://www.npmjs.com/package/metalsmith-static-files
See this project in Snyk:
https://app.snyk.io/org/q1blue-rxw/project/9bc898c6-721d-42f7-93c9-845600113722?utm_source=github&utm_medium=referral&page=upgrade-pr
❌ Deploy Preview for celebrated-lollipop-213a38 failed. Why did it fail? →
|
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Snyk has created this PR to upgrade multiple dependencies.
👯♂ The following dependencies are linked and will therefore be updated together.ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
@metalsmith/drafts
⚠️ This is a major version upgrade, and may be a breaking change | 8 months ago
⚠️ This is a major version upgrade, and may be a breaking change | 7 months ago
from 1.2.0 to 1.3.0 | 1 version ahead of your current version | 2 years ago
on 2022-12-07
@metalsmith/layouts
from 2.6.0 to 2.7.0 | 1 version ahead of your current version | a year ago
on 2023-04-03
@metalsmith/markdown
from 1.6.0 to 1.10.0 | 5 versions ahead of your current version | a year ago
on 2023-06-05
@metalsmith/metadata
from 0.1.0 to 0.3.0 | 3 versions ahead of your current version | a year ago
on 2023-06-11
@metalsmith/permalinks
from 2.4.0 to 3.0.1 | 5 versions ahead of your current version
on 2024-01-19
jstransformer-nunjucks
from 1.1.0 to 1.2.0 | 1 version ahead of your current version | a year ago
on 2023-07-18
metalsmith
from 2.5.1 to 2.6.3 | 4 versions ahead of your current version | 6 months ago
on 2024-03-05
metalsmith-if
from 0.1.1 to 1.0.0 | 1 version ahead of your current version
on 2024-02-16
metalsmith-prism
from 4.1.0 to 4.2.2 | 5 versions ahead of your current version | a year ago
on 2023-08-16
metalsmith-static-files
from 0.2.0 to 0.4.0 | 3 versions ahead of your current version | 7 months ago
on 2024-02-01
Issues fixed by the recommended upgrade:
SNYK-JS-INFLIGHT-6095116
SNYK-JS-NUNJUCKS-5431309
Release notes
Package name: @metalsmith/drafts
-
1.3.0 - 2022-12-07
- Drops support for metalsmith < 2.5.0
- Adds metalsmith.debug logs, removes setImmediate
- Adds Typescript support
- Renames default export to draft for better intellisense
-
1.2.0 - 2022-08-06
- Added conditional draft use in readme file
- Support dual bundle ESM/CJS
- Feature: accept single bool param to include/omit drafts from the output
- Add Typescript types & option JSdocs
- Add example to JSdoc
- Drop support for Node < 12
from @metalsmith/drafts GitHub release notes0f3dc82b5a11b3b5d43c74dd20fc#14c26f5f30183e745e97ec29427720fa8a498Package name: @metalsmith/layouts
-
2.7.0 - 2023-04-03
- Fix docs for pattern option
- Swaps out debug for metalsmith.debug & enhances debug log output
- Renames default export to layouts for better intellisense
-
2.6.0 - 2022-09-04
- feat: dual bundling ESM/CJS
- feat: added Typescript support
from @metalsmith/layouts GitHub release notes#188f8cd11110eaa0c771212c507bb47Breaking change for uncommon use case:
If you previously imported/required the
get-transformer.jsmodule directly from@ metalsmith/layouts/lib/get-transformer.js, you should now require it like so:require('@ metalsmith/layouts').getTransformeror import it like soimport layouts from '@ metalsmith/layouts'; layouts.getTransformer...Package name: @metalsmith/markdown
-
1.10.0 - 2023-06-05
- Resolves #68: adds ability to render targets in metalsmith.metadata()
- test: update mocha to latest, move from nyc to c8 for test coverage, update Node versions
- Updates marked 4.2.12 -> 4.3.0
- Drops support for Node < 14.14.0 (Node 12 EOL = 2023-04-30)
-
1.9.2 - 2023-05-08
- Fixes missing types and adds source maps to package
-
1.9.1 - 2023-02-26
- Updates marked from 4.2.4 -> 4.2.12
- fix: don't log a warning for undefined key values, only when typeof is not string
- fix: don't crash but gracefully ignore undefined for wildcard keypaths
-
1.9.0 - 2023-02-02
- Resolves #65: adds globalRefs option
- Resolves #63: provides a render option allowing usage of any markdown parser.
- Documents the render option and restructures README.md in alignment with other core plugins
-
1.8.0 - 2022-12-18
- Resolves #62, deprecates markdown options.<option> in favor of options.engineOptions.<option>
- Provides dual ESM/CJS module
- Adds Typescript support
- Updates marked from 4.2.0 -> 4.2.4
- Renames default export to markdown for better auto-complete
-
1.6.0 - 2022-05-29
- Resolves #60: support nested keypaths for keys option
- Fixes #61: replace Travis CI badge with GH actions in README.md
- Feature: Add support for simple wildcards, get 100% test coverage
- Update supported Node version to >=10, update marked 4.0.12 -> 4.0.16
from @metalsmith/markdown GitHub release notes#68b8872a879a093967db54d78eaefcc9881d153feb48d05e39a#65#632ea44cd#62a3b62715ce04b8fd2fc65ba9c515#60#619c53cfec0d1a86Package name: @metalsmith/metadata
-
0.3.0 - 2023-06-11
- Fixes a regression introduced in 0.2.1 with array merges, handles repeat runs properly
- Drops support for metalsmith < 2.5.0 & uses metalsmith.debug instead of debug
- Updates deepmerge 4.2.2 -> 4.3.1
- Drops support for Node < 14.14.0 & migrates tests to ESM on src file
- Includes source maps in dist for better debugging
- Renames default export to 'metadata' for better editor intellisense
-
0.2.1 - 2023-05-29
- Explicitly specify array merge as concat
-
0.2.0 - 2022-11-04
- feat: provides dual bundling ESM/CJS
- Update debug from 4.3.3 -> 4.3.4, use strict
- Adds Typescript definitions
-
0.1.0 - 2022-03-19
- Complete re-write of metadata.
- Nested config files
- Don't attempt to parse a file if the key already exists in the metadata, even if the file is missing
- Revert 9e2224d
- Normalizing path options for Windows compatibility.
- Update dependencies
- Allow .yml as file extension for YAML as well
- feat: rewrite
- added tests
- added proper error reporting to done()
- run format and changelog
- debug next branch
- run utilities
- Changed options file path
- first commit
- edited readme
- fixed issue with yaml files in folder
- feat: complete & sort package.json
- don't try and parse if the key already exists in the metadata...
- Add tests for nested and deep-nested path
- more tests
- manual merge
- run changelog
- fix: fixed file/dir path for external reads
- Add regex for normalizing path
- updated name to @ metalsmith/metadata
- fixed path separator
- removed console.logs
- fixed spelling
- bump version number
- fix test name
- removed obsolete code
from @metalsmith/metadata GitHub release notes65d480e73898bf379fc4d28a0cc52555da5a63c1d391022916f4f9dcf6d5125e0b6f7d#27#19#9#16#7#8#12030593ce6ad84a6d21924a761955e8b0513ca4bdf6e370e5a48bcefc299ec8aab93171387a0eac3353d8e525a116b0cf699a8d64c8d2ad44d3fc01ec9cf34aaabfe1c6375b007edb15dbc578efcc8b115965a9b59dbd53cPackage name: @metalsmith/permalinks
-
3.0.1 - 2024-01-19
- Fixes #139: don't slugify dirname, add nested file test, document default slug options in types
- fix: slug options to defaultLinkset.slug, correct date jsdoc
- fix: accept simple quotes in permalinks as even Windows accepts it
-
3.0.0 - 2023-12-13
- Resolves #88, opens up permalinks usage for files with any extension.
- Resolves #75, adds support for dot.notated.pattern.parts
- BREAKING: Resolves #131, replaces moment.js with subset of own date-formatting tokens.
- BREAKING: Resolves #19, throw an error when the permalink resolves with invalid filepath chars
- BREAKING: Resolves #132, removes deprecated options 'relative','duplicatesFail','unique' and 'indexFile' and related bloat
- Updates README.md & types for v3.0.0
- test: refactor to ESM (actual)
- BREAKING: refactors options and default linkset handling
- BREAKING: throws an error on missing, non-optional pattern parts. See also #22 (comment)
- Allows front-matter defined permalinks to use :placeholder patterns
- BREAKING: Solves #94, removes invalid file path characters & sets more sensible slugify defaults
- test: remove obsolete test
- Formalize default permalink pattern to ':dirname/:basename'
- Updates slugify 1.6.5 -> 1.6.6
- Updates regexparam 2.0.1 -> 3.0.0
- test: refactor to ESM
- Drops support for Node < 14.14.0
-
2.5.1 - 2023-02-02
- Fixes #135 and also removes some warnings that logged when they shouldn't
-
2.5.0 - 2023-01-04
- Resolves #134: deprecates & merges options 'duplicatesFail' & 'unique' into new option 'duplicates'
- Fixes #48, aligns linkset & default options date & slug formatting
- Resolves #44: eliminate ambiguity with setImmediate(done)
- Resolves #129: provides dual ESM/CJS module
- Drops support for Metalsmith < 2.5.0, replaces debug with metalsmith.debug
- Deprecates file.path in favor of file.permalink and adds better testing
- Adds Typescript definitions
- Aligns behavior of using alt indexFile and adds indexFile test
- Deprecates the file.path property in favor of file.permalink
- Deprecates options.indexFile in favor of options.directoryIndex
- test: add test case for array matches & cheat coverage
- docs: correct typo's & omissions in README.md
- Deprecates the 'relative' option, cfr. #132
- fix: ESM build export * instead of default from regexparam
-
2.4.1 - 2022-10-31
- Updates regexparam 2.0.0 -> 2.0.1, debug 4.3.3 -> 4.3.4
- Dropped support for Node < 12
-
2.4.0 - 2022-01-30
- Resolves #122: remove deprecated substitute pkg, add regexparam instead
- Fixes #120: default linkset options should be overwritten by other linksets
- Resolves #121: Align dot & repo files with core plugins
- Update debug to 4.3.3, moment to 2.29.1, slugify to 1.6.5
- feat: proper jsdocs, cleaner option handling code
- feat: allow optional pattern placeholder
- fix: remove console.log typo, fix few README typo's
- Fixes debug channel to '@ metalsmith/permalinks'
from @metalsmith/permalinks GitHub release notes#1394b60c505af7d5d#88#75#131#19#1323d7ea2e7d9a2d27d5ca36552b549053e92eb30d875d5d199f176515ea1d2a2f804e1cd046770e3c4bba9#135#134#48#44#1297e1c0dcc7a56f16354c955d6d8614130e03b6ee0835f7734c94816a2ffb7fcbe1a9fe6309e998ec20c30#122#120#1214360a3013e3dbf4684767a7f89ea2ea03de21bc858Package name: jstransformer-nunjucks
-
1.2.0 - 2023-07-18
- Refactors filter, extension & globals resolution & addresses lint issues
- Replaces legacy extend-shallow with Object.assign
- Updated Nunjucks 3.2.3 => 3.2.4
- Fixed typo in README badge
-
1.1.0 - 2022-05-16
- Updated Nunjucks 3.0.0 => 3.2.3
- Drop support for Node < 8.0.0
- Restructure to conform to xo rules
- Tidy up README.md
from jstransformer-nunjucks GitHub release notesPackage name: metalsmith
-
2.6.3 - 2024-03-05
- Drops support for Node < 14.18.0 (4 minor, deprecated versions) to be able to use 'node:' protocol imports"
- Updated README.md code samples, links, and troubleshooting section
- Dependencies:
- Fixes ms.watch(false) unreliable behavior when the build errors.
-
2.6.2 - 2023-11-15
- TS fixes: add generic to Metalsmith.File, bring back Metalsmith.DoneCallback, add Metalsmith.Plugin promise signature
- #394 Avoid leaking unhandled rejections in build/watch promises.
- Fix a typo in CLI help message
-
2.6.1 - 2023-07-11
-
2.6.0 - 2023-05-29
- [#356] Added Typescript support
- Added --debug and --dry-run options to metalsmith (build) command
- Added --env option to metalsmith (build) command
- Added Metalsmith CLI support for loading a .(c)js config. Reads from metalsmith.js as second default after metalsmith.json
- Added support for running (C/M)JS config files from CLI
- Dependencies:
- #231 Dropped support for Node < 14.14.0
- Dependencies:
- Modernized Metalsmith CLI, prepared transition to imports instead of require
- Dependencies:
- Fixes a duplicate empty input check in metalsmith.match
- Gray-matter excerpts are removed from contents instead of being duplicated to the
- Gray-matter excerpts are trimmed
-
2.5.1 - 2022-10-07
- Dependencies:
- Clarified semver policy in README.md
- Added SECURITY.md
- Fixes #373: do not crash when postinstall script fails in specific environments
from metalsmith GitHub release notesRemoved
b170cf0Updated
774a164chokidar: 3.5.3 ▶︎ 3.6.0Fixed
0d8d7913ae6275cac48fc,5b48dce642a17634239d9Documents metalsmith.watch() getter signature in TSa719025Normalizes ms.watch().paths to an array, allows access to a subset of chokidar options as advertised5a516b2Sets chokidar watchOption awaitWriteFinish to false, and batch timer to 0 to speed up watching23b0944Fixes #389: ensure not missing watcher ready event to successfully launch build05265ceFixes formatting issue in types JSdoc commentsAdded
58d22a32d84fbe9661ddc45a4afe424e6ecchokidar9d40674lodash.clonedeepwithe12537fRemoved
80d8508rimraf: replaced with native Node.js methodsae05945cross-spawn:baee1deUpdated
24fcffb4929bc2commander: 6.2.1 -> 10.0.124fcffb0810728Fixed
60e173aexcerptproperty2bfe800acb363eFull Changelog: v2.5.1...v2.6.0
774a164debug: 4.3.3 ▶︎ 4.3.4Fixed
Package name: metalsmith-if
-
1.0.0 - 2024-02-16
- Update dependencies to latest metalsmith and mocha
- Modernize javascript style
-
0.1.1 - 2015-09-04
from metalsmith-if GitHub release notesPackage name: metalsmith-prism
-
4.2.2 - 2023-08-16
-
4.2.1 - 2023-08-15
-
4.2.0 - 2023-06-02
-
4.1.2 - 2023-03-22
-
4.1.1 - 2022-10-19
-
4.1.0 - 2022-09-24
from metalsmith-prism GitHub release notesPackage name: metalsmith-static-files
-
0.4.0 - 2024-02-01
-
0.3.0 - 2023-06-02
-
0.2.1 - 2022-10-19
-
0.2.0 - 2022-09-24
from metalsmith-static-files GitHub release notesImportant
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.
For more information: