Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Upgrade: fs-extra, glob, json5, jsonc-parser, tinycolor2 #166

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

[Snyk] Upgrade: fs-extra, glob, json5, jsonc-parser, tinycolor2 #166

wants to merge 1 commit into from

Conversation

WontonSam
Copy link
Owner

snyk-top-banner

Snyk has created this PR to upgrade multiple dependencies.

👯 The following dependencies are linked and will therefore be updated together.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

Name Versions Released on

fs-extra
from 10.0.0 to 10.1.0 | 2 versions ahead of your current version | 2 years ago
on 2022-04-16
glob
from 7.2.0 to 7.2.3 | 2 versions ahead of your current version | 2 years ago
on 2022-05-15
json5
from 2.2.2 to 2.2.3 | 1 version ahead of your current version | 2 years ago
on 2022-12-31
jsonc-parser
from 3.0.0 to 3.3.1 | 5 versions ahead of your current version | 3 months ago
on 2024-06-24
tinycolor2
from 1.4.2 to 1.6.0 | 13 versions ahead of your current version | 2 years ago
on 2023-02-03

Release notes
Package name: fs-extra from fs-extra GitHub release notes
Package name: glob from glob GitHub release notes
Package name: json5
  • 2.2.3 - 2022-12-31
    • Fix: json5@2.2.3 is now the 'latest' release according to npm instead of v1.0.2. ([#299])
  • 2.2.2 - 2022-12-16
    • Fix: Properties with the name __proto__ are added to objects and arrays.
      (#199) This also fixes a prototype pollution vulnerability reported by
      Jonathan Gregson! (#295).
from json5 GitHub release notes
Package name: jsonc-parser
  • 3.3.1 - 2024-06-24

    Changes:

    • #92: remove exports, prepare 3.3.1

    This list of changes was auto generated.

  • 3.3.0 - 2024-06-24

    Changes:

    Feature Requests:

    • #11: Can we have a "insertFinalNewline" option in "FormattingOptions"?
    • #4: Source map referenced but not included in published package

    Bugs:

    • #33: Formatting valid json content is causing an invalid json
    • #40: parseTree() returns undefined on empty string input

    Others:

    • #90: prepare 3.3.0
    • #88: Allow the visitor to cease callbacks
    • #89: Bump braces from 3.0.2 to 3.0.3
    See More
    • #84: prepare 3.2.1
    • #81: perf(format): cache breaklines and spaces as much as possible
    • #79: update dependencies
    • #75: ci: add batch
    • #72: delete pr-chat action
    • #71: add publish pipeline & cleanup ci
    • #70: set preserveConstEnums: true, switch to es2020
    • #69: sort edits in applyEdits
    • #66: An additional parameter keepLines has been added into the formatting options which allows to keep the original line formatting
    • #64: Adding Microsoft SECURITY.MD
    • #62: Add JSON path supplier parameter to visitor functions
    • #44: findNodeAtLocation does not handle incomplete property pair
    • #61: Update API section in README
    • #53: Clarify whether / how Edit[] can be concatenated
    • #46: Non-standard whitespace handling
    • #47: Improve README
    • #54: readme: improve ParseOptions documentation
    • #43: Add file extenstion to typings property value
    • #34: Optimize parseLiteral for number-heavy JSON files (ala GeoJSON)
    • #39: Bump lodash from 4.17.15 to 4.17.19
    • #35: Allow for array modifications, add inPlace formatting option.
    • #32: Parse errors make parsed tree useless
    • #31: Upgrading from 2.1.1 to 2.2.0 has diagnostic for file with only comments
    • #25: Fix typo in README
    • #24: parse function should include properties with empty string as their keys
    • #21: Update README.md
    • #18: JavaScipt -> JavaScript
    • #17: add line and column information to scanner and visitor
    • #15: Fix a few typos in doc comments
    • #12: Do not mutate the given path
    • #9: Refactor computeIndentLevel method
    • #8: Fix typo of token
    • #6: Allow trailing commas in array
    • #5: add JSON formatter and editor from VS Code
    • #1: Error objects should also contain location information

    This list of changes was auto generated.

  • 3.2.1 - 2024-01-22

    prepare 3.2.1 (#84)

  • 3.2.0 - 2022-08-30

    set preserveConstEnums: true, switch to es2020 (#70)

  • 3.1.0 - 2022-07-11

    …options which allows to keep the original line formatting (#66)

    • An additional parameter keepLines has been added into the formatting options which allows to keep the original line formatting

    • Resolving the reviews and simplifying the code with the function multipleLineBreaks

    • Reverting back to the previous commit and applying the review changes

    • cleaning the code, simplifying the if/else cases

    • Updating the dependencies of package.json to their latest versions. Changed withFormatting so that keepLines option is always false.

    • Solving "Invalid: lock file's ... does not satisfy"

    • testing if higher node version in .travis.yml will solve the failing of CI

    • formatting and let-> const, avoid modification of options

    Co-authored-by: Martin Aeschlimann martinae@microsoft.com

  • 3.0.0 - 2020-11-13

    3.0.0

from jsonc-parser GitHub release notes
Package name: tinycolor2
  • 1.6.0 - 2023-02-03

    prep for version

  • 1.6.0-beta.9 - 2023-02-03
  • 1.6.0-beta.8 - 2022-12-28
  • 1.6.0-beta.7 - 2022-12-24
  • 1.6.0-beta.6 - 2022-12-24
  • 1.6.0-beta.5 - 2022-12-23
  • 1.6.0-beta.4 - 2022-12-23
  • 1.6.0-beta.3 - 2022-12-23
  • 1.6.0-beta.2 - 2022-12-22
  • 1.6.0-beta.1 - 2022-12-22

    prep for 1.6.0-beta.1

  • 1.5.2 - 2023-01-02

    prep for 1.5.2

  • 1.5.1 - 2022-12-22
  • 1.5.0 - 2022-12-21

    1.5.0

  • 1.4.2 - 2020-09-25

    prep for 1.4.2

from tinycolor2 GitHub release notes

Important

  • Check the changes in this PR to ensure they won't cause issues with your project.
  • This PR was automatically created by Snyk using the credentials of a real user.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

@snyk-bot
fix: upgrade multiple dependencies with Snyk
c472d00 
Snyk has created this PR to upgrade:
  - fs-extra from 10.0.0 to 10.1.0.
    See this package in npm: https://www.npmjs.com/package/fs-extra
  - glob from 7.2.0 to 7.2.3.
    See this package in npm: https://www.npmjs.com/package/glob
  - json5 from 2.2.2 to 2.2.3.
    See this package in npm: https://www.npmjs.com/package/json5
  - jsonc-parser from 3.0.0 to 3.3.1.
    See this package in npm: https://www.npmjs.com/package/jsonc-parser
  - tinycolor2 from 1.4.2 to 1.6.0.
    See this package in npm: https://www.npmjs.com/package/tinycolor2

See this project in Snyk:
https://app.snyk.io/org/googlecloud-fD9E4u83kGB6j2zHM2NDFc/project/132d2845-070d-4f0c-81dd-d96a6f3e7aec?utm_source=github&utm_medium=referral&page=upgrade-pr
@google-cla Google CLA
Copy link

google-cla bot commented Sep 15, 2024

Thanks for your pull request! It looks like this may be your first contribution to a Google open source project. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA).

View this failed invocation of the CLA check for more information.

For the most up to date status, view the checks section at the bottom of the pull request.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@WontonSam @snyk-bot