Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Snyk] Upgrade: jest, mkdirp, slug #544

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

WontonSam
Copy link
Owner

snyk-top-banner

Snyk has created this PR to upgrade multiple dependencies.

👯‍♂ The following dependencies are linked and will therefore be updated together.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

⚠️ Warning: This PR contains major version upgrade(s), and may be a breaking change.

Name Versions Released on

jest
from 24.9.0 to 29.7.0 | 128 versions ahead of your current version
⚠️ This is a major version upgrade, and may be a breaking change | a year ago
on 2023-09-12
mkdirp
from 0.5.6 to 3.0.1 | 15 versions ahead of your current version
⚠️ This is a major version upgrade, and may be a breaking change | a year ago
on 2023-04-24
slug
from 1.1.0 to 9.1.0 | 47 versions ahead of your current version
⚠️ This is a major version upgrade, and may be a breaking change | 4 months ago
on 2024-05-24

Issues fixed by the recommended upgrade:

Issue Score Exploit Maturity
high severity Uncontrolled resource consumption
SNYK-JS-BRACES-6838727
169 Proof of Concept
high severity Inefficient Regular Expression Complexity
SNYK-JS-MICROMATCH-6838728
169 No Known Exploit
high severity Prototype Pollution
SNYK-JS-UNSETVALUE-2400660
169 No Known Exploit
medium severity Reverse Tabnabbing
SNYK-JS-ISTANBULREPORTS-2328088
169 No Known Exploit
Release notes
Package name: jest
  • 29.7.0 - 2023-09-12

    Features

    • [create-jest] Add npm init / yarn create initialiser for Jest projects (#14465)
    • [jest-validate] Allow deprecation warnings for unknown options (#14499)

    Fixes

    • [jest-resolver] Replace unmatched capture groups in moduleNameMapper with empty string instead of undefined (#14507)
    • [jest-snapshot] Allow for strings as well as template literals in inline snapshots (#14465)
    • [@ jest/test-sequencer] Calculate test runtime if perStats.duration is missing (#14473)

    Performance

    • [@ jest/create-cache-key-function] Cache access of NODE_ENV and BABEL_ENV (#14455)

    Chore & Maintenance

    • [jest-cli] Move internal config initialisation logic to the create-jest package (#14465)

    New Contributors

    Full Changelog: v29.6.4...v29.7.0

  • 29.6.4 - 2023-08-24

    Fixes

    • [jest-core] Fix typo in scheduleAndRun performance marker (#14434)
    • [jest-environment-node] Make sure atob and btoa are writeable in Node 20 (#14446)
    • [jest-worker] Additional error wrapper for parentPort.postMessage to fix unhandled DataCloneError. (#14437)

    New Contributors

    Full Changelog: v29.6.3...v29.6.4

  • 29.6.3 - 2023-08-21

    Fixes

    • [expect, @ jest/expect-utils] ObjectContaining support symbol as key (#14414)
    • [expect] Remove @ types/node from dependencies (#14385)
    • [jest-core] Use workers in watch mode by default to avoid crashes (#14059 & #14085).
    • [jest-reporters] Update istanbul-lib-instrument dependency to v6. (#14401)
    • [jest-mock] Revert #13692 as it was a breaking change (#14429)
    • [jest-mock] Revert #13866 as it was a breaking change (#14429)
    • [jest-mock] Revert #13867 as it was a breaking change (#14429)
    • [@ jest/reporters] Marks Reporter's hooks as optional (#14433)
    • [jest-runtime] Fix dynamic ESM import module bug when loaded module through jest.isolateModulesAsync (#14397)

    Chore & Maintenance

    • [jest-changed-files, jest-circus, jest-console, @ jest/core, @ jest/runtime, @ jest/transform] Use invariant and notEmpty from jest-util rather than own internal (#14366)

    New Contributors

    Full Changelog: v29.6.2...v29.6.3

  • 29.6.2 - 2023-07-27

    Fixes

    • [jest-circus] Fix snapshot matchers in concurrent tests when nr of tests exceeds maxConcurrency (#14335)
    • [@ jest/core] When running global setup and teardown, do not try to change the message property of the thrown error object when the message property is unwritable (#14113)
    • [jest-snapshot] Move @ types/prettier from dependencies to devDependencies (#14328)
    • [jest-snapshot] Throw an explicit error if Prettier v3 is used (#14367)
    • [jest-reporters] Add "skipped" and "todo" symbols to Github Actions Reporter (#14309)

    Chore & Maintenance

    • [@ jest/core] Use pluralize from jest-util rather than own internal (#14322)

    New Contributors

    Full Changelog: v29.6.1...v29.6.2

  • 29.6.1 - 2023-07-06

    Fixes

    • [jest-circus] Revert #14110 as it was a breaking change (#14304)

    Full Changelog: v29.6.0...v29.6.1

  • 29.6.0 - 2023-07-04

    Features

    • [jest-circus, jest-snapshot] Add support for snapshot matchers in concurrent tests (#14139)
    • [jest-cli] Include type definitions to generated config files (#14078)
    • [jest-snapshot] Support arrays as property matchers (#14025)
    • [jest-core, jest-circus, jest-reporter, jest-runner] Added support for reporting about start individual test cases using jest-circus (#14174)

    Fixes

    • [jest-circus] Prevent false test failures caused by promise rejections handled asynchronously (#14110)
    • [jest-config] Handle frozen config object (#14054)
    • [jest-config] Allow coverageDirectory and collectCoverageFrom in project config (#14180)
    • [jest-core] Always use workers in watch mode to avoid crashes (#14059).
    • [jest-environment-jsdom, jest-environment-node] Fix assignment of customExportConditions via testEnvironmentOptions when custom env subclass defines a default value (#13989)
    • [jest-matcher-utils] Fix copying value of inherited getters (#14007)
    • [jest-mock] Tweak typings to allow jest.replaceProperty() replace methods (#14008)
    • [jest-mock] Improve user input validation and error messages of spyOn and replaceProperty methods (#14087)
    • [jest-runtime] Bind jest.isolateModulesAsync to this (#14083)
    • [jest-runtime] Forward wrapperLength to the Script constructor as columnOffset for accurate debugging (#14148)
    • [jest-runtime] Guard _isMockFunction access with in (#14188)
    • [jest-snapshot] Fix a potential bug when not using prettier and improve performance (#14036)
    • [@ jest/transform] Do not instrument .json modules (#14048)
    • [jest-worker] Restart a shut down worker before sending it a task (#14015)

    Chore & Maintenance

    • [*] Update semver dependency to get vulnerability fix (#14262)
    • [docs] Updated documentation for the --runTestsByPath CLI command (#14004)
    • [docs] Updated documentation regarding the synchronous fallback when asynchronous code transforms are unavailable (#14056)
    • [docs] Update jest statistics of use and downloads in website Index.

    New Contributors

    Full Changelog: v29.5.0...v29.6.0

  • 29.5.0 - 2023-03-06

    Features

    • [jest-changed-files] Support Sapling (#13941)
    • [jest-circus, @ jest/cli, jest-config] Add feature to randomize order of tests via CLI flag or through the config file(#12922)
    • [jest-cli, jest-config, @ jest/core, jest-haste-map, @ jest/reporters, jest-runner, jest-runtime, @ jest/types] Add workerThreads configuration option to allow using worker threads for parallelization (#13939)
    • [jest-cli] Export yargsOptions (#13970)
    • [jest-config] Add openHandlesTimeout option to configure possible open handles warning. (#13875)
    • [@ jest/create-cache-key-function] Allow passing length argument to createCacheKey() function and set its default value to 16 on Windows (#13827)
    • [jest-message-util] Add support for AggregateError (#13946 & #13947)
    • [jest-message-util] Add support for Error causes in test and it (#13935 & #13966)
    • [jest-reporters] Add summaryThreshold option to summary reporter to allow overriding the internal threshold that is used to print the summary of all failed tests when the number of test suites surpasses it (#13895)
    • [jest-runtime] Expose @ sinonjs/fake-timers async APIs functions advanceTimersByTimeAsync(msToRun) (tickAsync(msToRun)), advanceTimersToNextTimerAsync(steps) (nextAsync), runAllTimersAsync (runAllAsync), and runOnlyPendingTimersAsync (runToLastAsync) (#13981)
    • [jest-runtime, @ jest/transform] Allow V8 coverage provider to collect coverage from files which were not loaded explicitly (#13974)
    • [jest-snapshot] Add support to cts and mts TypeScript files to inline snapshots (#13975)
    • [jest-worker] Add start method to worker farms (#13937)
    • [jest-worker] Support passing a URL as path to worker (#13982)

    Fixes

    • [babel-plugin-jest-hoist] Fix unwanted hoisting of nested jest usages (#13952)
    • [jest-circus] Send test case results for todo tests (#13915)
    • [jest-circus] Update message printed on test timeout (#13830)
    • [jest-circus] Avoid creating the word "testfalse" when takesDoneCallback is false in the message printed on test timeout AND updated timeouts test (#13954)
    • [jest-environment-jsdom] Stop setting document to null on teardown (#13972)
    • [@ jest/expect-utils] Update toStrictEqual() to be able to check jest.fn().mock.calls (#13960)
    • [@ jest/test-result] Allow TestResultsProcessor type to return a Promise (#13950)

    Chore & Maintenance

    • [jest-snapshot] Remove dependency on jest-haste-map (#13977)

    New Contributors

    Full Changelog: v29.4.3...v29.5.0

  • 29.4.3 - 2023-02-15

    Features

    • [expect] Update toThrow() to be able to use error causes (#13606)
    • [jest-core] allow to use workerIdleMemoryLimit with only 1 worker or runInBand option (#13846)
    • [jest-message-util] Add support for error causes (#13868 & #13912)
    • [jest-runtime] Revert import assertions for JSON modules as it's been relegated to Stage 2 (#13911)

    Fixes

    • [@ jest/expect-utils] subsetEquality should consider also an object's inherited string keys (#13824)
    • [jest-mock] Clear mock state when jest.restoreAllMocks() is called (#13867)
    • [jest-mock] Prevent mockImplementationOnce and mockReturnValueOnce bleeding into withImplementation (#13888)
    • [jest-mock] Do not restore mocks when jest.resetAllMocks() is called (#13866)

    New Contributors

    Full Changelog: v29.4.2...v29.4.3

  • 29.4.2 - 2023-02-07

    Features

    Fixes

    • [expect, @ jest/expect] Provide type of actual as a generic argument to Matchers to allow better-typed extensions (#13848)
    • [jest-circus] Added explicit mention of test failing because done() is not being called in error message (#13847)
    • [jest-runtime] Handle CJS re-exports of node core modules from ESM (#13856)
    • [jest-transform] Downgrade write-file-atomic to v4 (#13853)
    • [jest-worker] Ignore IPC messages not intended for Jest (#13543)

    Chore & Maintenance

    • [*] make sure to exclude .eslintcache from published module (#13832)
    • [docs] Cleanup incorrect links in CHANGELOG.md (#13857)

    New Contributors

    Full Changelog: v29.4.1...v29.4.2

  • 29.4.1 - 2023-01-26

    Features

    • [expect, jest-circus, @ jest/types] Implement numPassingAsserts of testResults to track the number of passing asserts in a test (#13795)
    • [jest-core] Add newlines to JSON output (#13817)
    • [@ jest/reporters] Automatic log folding in GitHub Actions Reporter (#13626)

    Fixes

    • [@ jest/expect-utils] toMatchObject diffs should include Symbol properties (#13810)
    • [jest-runtime] Handle missing replaceProperty (#13823)
    • [@ jest/types] Add partial support for done callbacks in typings of each (#13756)

    New Contributors

    Ful...

Snyk has created this PR to upgrade:
  - jest from 24.9.0 to 29.7.0.
    See this package in npm: https://www.npmjs.com/package/jest
  - mkdirp from 0.5.6 to 3.0.1.
    See this package in npm: https://www.npmjs.com/package/mkdirp
  - slug from 1.1.0 to 9.1.0.
    See this package in npm: https://www.npmjs.com/package/slug

See this project in Snyk:
https://app.snyk.io/org/cachiman/project/2943dbde-73e0-42c1-8d37-a2c9124b355d?utm_source=github&utm_medium=referral&page=upgrade-pr
Copy link

google-cla bot commented Sep 19, 2024

Thanks for your pull request! It looks like this may be your first contribution to a Google open source project. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA).

View this failed invocation of the CLA check for more information.

For the most up to date status, view the checks section at the bottom of the pull request.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants