[Snyk] Upgrade: , , acorn, astring, data-uri-to-buffer, dotenv, glob-stream, preact, reflect-metadata, ws #2
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Snyk has created this PR to upgrade:
- @jridgewell/trace-mapping from 0.3.22 to 0.3.25.
See this package in npm: https://www.npmjs.com/package/@jridgewell/trace-mapping
- @jridgewell/gen-mapping from 0.3.3 to 0.3.5.
See this package in npm: https://www.npmjs.com/package/@jridgewell/gen-mapping
- acorn from 8.11.3 to 8.12.1.
See this package in npm: https://www.npmjs.com/package/acorn
- astring from 1.8.6 to 1.9.0.
See this package in npm: https://www.npmjs.com/package/astring
- data-uri-to-buffer from 6.0.1 to 6.0.2.
See this package in npm: https://www.npmjs.com/package/data-uri-to-buffer
- dotenv from 16.4.1 to 16.4.5.
See this package in npm: https://www.npmjs.com/package/dotenv
- glob-stream from 8.0.0 to 8.0.2.
See this package in npm: https://www.npmjs.com/package/glob-stream
- preact from 10.19.3 to 10.23.2.
See this package in npm: https://www.npmjs.com/package/preact
- reflect-metadata from 0.2.1 to 0.2.2.
See this package in npm: https://www.npmjs.com/package/reflect-metadata
- ws from 8.17.1 to 8.18.0.
See this package in npm: https://www.npmjs.com/package/ws
See this project in Snyk:
https://app.snyk.io/org/organich/project/92930878-01dd-4ea8-a902-57c4539fd95c?utm_source=github&utm_medium=referral&page=upgrade-pr
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Snyk has created this PR to upgrade multiple dependencies.
👯 The following dependencies are linked and will therefore be updated together.ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
@jridgewell/trace-mapping
from 0.3.22 to 0.3.25 | 3 versions ahead of your current version | 6 months ago
on 2024-03-02
@jridgewell/gen-mapping
from 0.3.3 to 0.3.5 | 2 versions ahead of your current version | 6 months ago
on 2024-03-01
acorn
from 8.11.3 to 8.12.1 | 2 versions ahead of your current version | 2 months ago
on 2024-07-03
astring
from 1.8.6 to 1.9.0 | 1 version ahead of your current version | 21 days ago
on 2024-08-25
data-uri-to-buffer
from 6.0.1 to 6.0.2 | 1 version ahead of your current version | 7 months ago
on 2024-02-12
dotenv
from 16.4.1 to 16.4.5 | 4 versions ahead of your current version | 7 months ago
on 2024-02-20
glob-stream
from 8.0.0 to 8.0.2 | 2 versions ahead of your current version | 5 months ago
on 2024-04-08
preact
from 10.19.3 to 10.23.2 | 13 versions ahead of your current version | a month ago
on 2024-08-12
reflect-metadata
from 0.2.1 to 0.2.2 | 1 version ahead of your current version | 6 months ago
on 2024-03-29
ws
from 8.17.1 to 8.18.0 | 1 version ahead of your current version | 2 months ago
on 2024-07-03
Release notes
Package name: @jridgewell/trace-mapping
-
0.3.25 - 2024-03-02
- Support
-
0.3.24 - 2024-03-01
- Add
-
0.3.23 - 2024-02-24
-
0.3.22 - 2024-01-19
- Specify all exported types to unbreak TS v4.* by @ jridgewell in #34
from @jridgewell/trace-mapping GitHub release notesWhat's Changed
TraceMapinstances inSectionedSourceMap'ssectionsfield: 8d8fc35Full Changelog: v0.3.24...v0.3.25
What's Changed
ignoreList(andx_google_ignoreList) support: 1027ce6Full Changelog: v0.3.23...v0.3.24
Full Changelog: v0.3.22...v0.3.23
What's Changed
Full Changelog: v0.3.21...v0.3.22
Package name: @jridgewell/gen-mapping
-
0.3.5 - 2024-03-01
- Add
-
0.3.4 - 2024-02-24
-
0.3.3 - 2023-04-07
from @jridgewell/gen-mapping GitHub release notesWhat's Changed
ignoreListsupport: 9add0c2Full Changelog: v0.3.4...v0.3.5
Full Changelog: v0.3.3...v0.3.4
Full Changelog: v0.3.2...v0.3.3
Package name: acorn
-
8.12.1 - 2024-07-03
-
8.12.0 - 2024-06-14
-
8.11.3 - 2023-12-29
from acorn GitHub release notesBug fixes
Fix a regression that caused Acorn to no longer run on Node versions <8.10.
New features
Support ES2025 duplicate capture group names in regular expressions.
Bug fixes
Include
VariableDeclaratorin theAnyNodetype so that walker objects can refer to it without getting a type error.Properly raise a parse error for invalid
for/ofstatements usingasyncas binding name.Properly recognize "use strict" when preceded by a string with an escaped newline.
Mark the
Parserconstructor as protected, not private, so plugins can extend it without type errors.Fix a bug where some invalid
deleteexpressions were let through when the operand was parenthesized andpreserveParenswas enabled.Properly normalize line endings in raw strings of invalid template tokens.
Properly track line numbers for escaped newlines in strings.
Fix a bug that broke line number accounting after a template literal with invalid escape sequences.
Bug fixes
Add
FunctionandClassto theAggregateTypetype, so that they can be used in walkers without raising a type error.Make sure
onTokenget animportkeyword token when parsingimport.meta.Fix a bug where
.loc.startcould be undefined fornew.targetmetanodes.Package name: astring
-
1.9.0 - 2024-08-25
-
1.8.6 - 2023-05-30
from astring GitHub release notesNo content.
No content.
Package name: data-uri-to-buffer
-
6.0.2 - 2024-02-12
-
6.0.1 - 2023-09-30
from data-uri-to-buffer GitHub release notesPackage name: dotenv
-
16.4.5 - 2024-02-20
-
16.4.4 - 2024-02-13
-
16.4.3 - 2024-02-12
-
16.4.2 - 2024-02-10
-
16.4.1 - 2024-01-24
from dotenv GitHub release notes16.4.5
16.4.4
16.4.3
16.4.2
16.4.1
Package name: glob-stream
-
8.0.2 - 2024-04-08
- Avoid blowing the call stack when processing many files (#133) (bb21c9d)
- Avoid following circular symlinks (#126) (cf8b197)
- Only traverse directories that can match the glob base (#131) (8e74e21)
-
8.0.1 - 2024-03-25
- Avoid pushing additional paths to queue when error occurs (#124) (8eaab85)
- Traverse symlink folders (#122) (d49d9bd)
-
8.0.0 - 2023-04-23
- Switch to streamx (#119)
- Combine GlobStream & GlobReadable into unified API
- Replace glob with anymatch & custom directory walk (#118)
- Drop support for ordered globs (#115)
- Combine GlobStream & GlobReadable into unified API (6aad264)
- Replace glob with anymatch & custom directory walk (#118) (6aad264)
- Switch to streamx (#119) (8d6b35c)
- Normalize cwd on windows (8d6b35c)
- Properly handle glob-like characters in paths (#117) (872a957)
- Resolve cwd to support relative cwd paths (8d6b35c)
- Drop support for ordered globs (#115) (f37bccc)
from glob-stream GitHub release notesBug Fixes
Bug Fixes
⚠ BREAKING CHANGES
Features
Bug Fixes
Miscellaneous Chores
Package name: preact
-
10.23.2 - 2024-08-12
- Fix shifting VNode children to the front (#4472, thanks @ JoviDeCroock)
- Add TypeScript support for Container.contains (#4471, thanks @ sjoerdmulder)
- Add AriaRole types export (#4466, thanks @ kuronijin)
- Bump to oxlint v0.7.0 (#4469, thanks @ Boshen)
- General performance improvements for folks using compat (#4459, thanks @ JoviDeCroock)
- Prepare for no-unused-vars (#4462, thanks @ DonIsaac)
-
10.23.1 - 2024-07-25
- Fix debug-issue in testing libraries where there might not be a DOM node (#4454, thanks @ JoviDeCroock)
-
10.23.0 - 2024-07-23
- Support ref cleanup functions (#4436, thanks @ marvinhagemeister)
- Child-diffing should shift keyed fragmented lists (#4448, thanks @ JoviDeCroock)
- Invalid DOM check not firing when p/a/button have a parent (#4449, thanks @ JoviDeCroock)
- Support comments for streaming renders (#4446, thanks @ JoviDeCroock)
- Import renderToPipeableStream in server.mjs for re-exporting (#4440, thanks @ 3846masa)
- Add missing types ElementType and ComponentPropsWithoutRef (#4433, thanks @ hamza0867)
- Add html attributes types #4099 (#4100, thanks @ samsam-ahmadi)
- Dependency maintenance (#4431, thanks @ JoviDeCroock)
- Fix coveralls reporting on PRs (#4430, thanks @ JoviDeCroock)
-
10.22.1 - 2024-07-01
- Only check is connected for dom nodes (#4409, thanks @ JoviDeCroock)
- Prevent useMemo from being too lazy with repeated renders (#4426, thanks @ JoviDeCroock)
- Replace isConnected with parentDom.contains (#4421, thanks @ JoviDeCroock)
- Graciously handle array shuffling (#4413, thanks @ JoviDeCroock)
- Support popover boolean attribute (#4393, thanks @ JoviDeCroock)
- Improve React compatibility for
- Expose stream render from
- Prefer
- Bump lockfile version to v3 (#4398, thanks @ rschristian)
- Improve perf by skipping some lifecycle hooks for perf (#4366, thanks @ JoviDeCroock)
- Create hot path for unmounting a tree of context (#4396, thanks @ JoviDeCroock)
- Migrate husky v9 (#4390, thanks @ castrogarciajs)
- Migrate to oxlint (#4387, thanks @ JoviDeCroock)
- Migrate to biome (#4386, thanks @ JoviDeCroock)
-
10.22.0 - 2024-05-15
- Support MathML namespace (#4364, thanks @ rschristian)
- Add popover types (#4378, thanks @ rschristian)
- Skip running compressed-size builds twice (#4377, thanks @ rschristian)
- Test types and warnings (#4369, thanks @ rschristian)
- Bump compressed-size-action (#4368, thanks @ rschristian)
- Allow the same component to render many times across different phases (#4382, thanks @ JoviDeCroock)
- Provide error for illegal nesting of
- Disallow
- Change syntax in
-
10.21.0 - 2024-04-30
- Debug throw on too many rerenders (#4349, thanks @ rschristian)
- Add compat/client types (#4345, thanks @ rschristian)
- Expose hooks through compat's
- Respect default value (#4341, thanks @ JoviDeCroock)
- Incorrect "missing transform-jsx-source" warning (#4350, thanks @ rschristian)
- Support ComponentChild(ren) in compat render/hydrate/createPortal (#4346, thanks @ rschristian)
- Import and re-export PreactElement (#3228, thanks @ henryqdineen)
- Add zustand and redux-toolkit to the demo. (#3523, thanks @ MortezaMirjavadi)
- Optimise jsx runtime (#4337, thanks @ JoviDeCroock)
-
10.20.2 - 2024-04-09
- Check whether
- Simplify the logic introduced in #4322 & use eventClock for capture events too (#4324, thanks @ jviide)
- Use a virtual clock instead of Date.now() for event dispatch times (#4322, thanks @ jviide)
- Add template tag JSX type (#4334, thanks @ marvinhagemeister)
- Integrate the new benchmarks repo and update (#4310, thanks @ andrewiggins)
- Some byte improvements (#4321, thanks @ JoviDeCroock)
-
10.20.1 - 2024-03-23
- Add special case for focusIn and focusOut (#4316, thanks @ JoviDeCroock)
-
10.20.0 - 2024-03-20
- Add isMemo to compact to allow compatibility with react-is dependant libraries (#4302, thanks @ ziongh)
- Fix case where shrinking a list would cause an exception (#4312, thanks @ JoviDeCroock)
-
10.19.7 - 2024-03-18
-
10.19.6 - 2024-02-22
-
10.19.5 - 2024-02-16
-
10.19.4 - 2024-02-08
-
10.19.3 - 2023-12-08
from preact GitHub release notesFixes
Types
Maintenance
Fixes
Features
This adds support for returning a function in functional refs, example
Fixes
Types
Maintenance
Fixes
Types
Reftype. (#4403, thanks @ maxbrieiev)preact-render-to-string(#4395, thanks @ Austaras)Maintenance
globalThisoverwindowif available (#4401, thanks @ marvinhagemeister)Performance
Features
Types
Maintenance
Fixes
<button>and<a>(#4376, thanks @ rschristian)<tr>as a child of<table>(#4375, thanks @ rschristian)compat/clientfor IE11 support (#4372, thanks @ rschristian)Features
Fixes
ReactCurrentDispatcher(#4342, thanks @ rschristian)Types
Maintenance
Fixes
oldDomis present in the DOM (#4318, thanks @ JoviDeCroock)Types
Maintenance
Fixes
Features
Fixes
Package name: reflect-metadata
-
0.2.2 - 2024-03-29
-
0.2.1 - 2023-12-14
- Fix stack overflow crash in isProviderFor by @ rbuckton in #155
- Update main to v0.2.1 by @ rbuckton in #156
from reflect-metadata GitHub release notesWhat's Changed
Full Changelog: v0.2.0...v0.2.1
Package name: ws
Features
Blob(#2229).Bug fixes
A request with a number of headers exceeding the
server.maxHeadersCountthreshold could be used to crash a ws server.
const WebSocket = require('ws');
const wss = new WebSocket.Server({ port: 0 }, function () {
const chars = "!#$%&'*+-.0123456789abcdefghijklmnopqrstuvwxyz^_`|~".split('');
const headers = {};
let count = 0;
for (let i = 0; i < chars.length; i++) {
if (count === 2000) break;
}
headers.Connection = 'Upgrade';
headers.Upgrade = 'websocket';
headers['Sec-WebSocket-Key'] = 'dGhlIHNhbXBsZSBub25jZQ=='<span class="p...