Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Snyk] Upgrade: markdown-it, , algoliasearch, autoprefixer, cheerio, highlight.js, markdown-it-attrs, postcss, sass, tailwindcss, terser #1

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

XavierMP14
Copy link
Owner

snyk-top-banner

Snyk has created this PR to upgrade multiple dependencies.

👯 The following dependencies are linked and will therefore be updated together.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

Name Versions Released on

markdown-it
from 13.0.1 to 13.0.2 | 1 version ahead of your current version | a year ago
on 2023-09-26
@11ty/eleventy-fetch
from 4.0.0 to 4.0.1 | 1 version ahead of your current version | 6 months ago
on 2024-03-04
algoliasearch
from 4.22.1 to 4.24.0 | 5 versions ahead of your current version | 3 months ago
on 2024-06-25
autoprefixer
from 10.4.17 to 10.4.20 | 3 versions ahead of your current version | a month ago
on 2024-08-02
cheerio
from 1.0.0-rc.12 to 1.0.0 | 1 version ahead of your current version | a month ago
on 2024-08-09
highlight.js
from 11.7.0 to 11.10.0 | 3 versions ahead of your current version | 2 months ago
on 2024-07-06
markdown-it-attrs
from 4.1.6 to 4.2.0 | 1 version ahead of your current version | a month ago
on 2024-08-11
postcss
from 8.4.34 to 8.4.41 | 7 versions ahead of your current version | a month ago
on 2024-08-05
sass
from 1.58.2 to 1.77.8 | 49 versions ahead of your current version | 2 months ago
on 2024-07-11
tailwindcss
from 3.4.1 to 3.4.10 | 9 versions ahead of your current version | a month ago
on 2024-08-13
terser
from 5.27.0 to 5.31.6 | 19 versions ahead of your current version | a month ago
on 2024-08-13

Issues fixed by the recommended upgrade:

Issue Score Exploit Maturity
high severity Infinite loop
SNYK-JS-MARKDOWNIT-6483324
696 Proof of Concept
Release notes
Package name: markdown-it
  • 13.0.2 - 2023-09-26

    13.0.2 released

  • 13.0.1 - 2022-05-03

    Merge branch 'master' of github.com:markdown-it/markdown-it

from markdown-it GitHub release notes
Package name: @11ty/eleventy-fetch from @11ty/eleventy-fetch GitHub release notes
Package name: algoliasearch
  • 4.24.0 - 2024-06-25
  • 4.23.3 - 2024-04-10
  • 4.23.2 - 2024-03-27
  • 4.23.1 - 2024-03-26
  • 4.23.0 - 2024-03-26
  • 4.22.1 - 2024-01-09
from algoliasearch GitHub release notes
Package name: autoprefixer
  • 10.4.20 - 2024-08-02
    • Fixed fit-content prefix for Firefox.
  • 10.4.19 - 2024-03-20
    • Removed end value has mixed support, consider using flex-end warning since end/start now have good support.
  • 10.4.18 - 2024-03-01
    • Fixed removing -webkit-box-orient on -webkit-line-clamp (@ Goodwine).
  • 10.4.17 - 2024-01-17
    • Fixed user-select: contain prefixes.
from autoprefixer GitHub release notes
Package name: cheerio
  • 1.0.0 - 2024-08-09

    Cheerio 1.0 is here! 🎉

    Announcement Blog Post

    Breaking Changes

    • The minimum NodeJS version is now 18.17 or higher #3959

    • Import paths were simplified. For example, use cheerio/slim instead of
      cheerio/lib/slim. #3970

    • The deprecated default Cheerio instance and static methods were removed. #3974

      Before, it was possible to write code like this:

      import cheerio, { html } from 'cheerio';

      html(cheerio('<test></test>')); // ~ '<test></test>' -- NO LONGER WORKS

      Make sure to always load documents first:

      import * as cheerio from 'cheerio';

      cheerio.load('<test></test>').html();

    • Node types previously re-exported by Cheerio must now be imported directly
      from (domhandler)(https://github.com/fb55/domhandler). #3969

    • htmlparser2 options now reside exclusively under the xml key (#2916):

      const $ = cheerio.load('<html>', {
        xml: {
          withStartIndices: true,
        },
      });

    New Features

    • Add functions to load buffers, streams & URLs in NodeJS by @ fb55 in #2857
    • Add extract method by @ fb55 in #2750

    Fixes

    Other

    Full Changelog: v1.0.0-rc.12...v1.0.0

  • 1.0.0-rc.12 - 2022-06-26

    Bugfix release. Fixed issues:

    • Align prop undefined handling with jQuery by @ fb55 in #2557
    • Allow deep imports of cheerio/lib/utils by @ blixt in #2601

    New Contributors

    Full Changelog: v1.0.0-rc.11...v1.0.0-rc.12

from cheerio GitHub release notes
Package name: highlight.js
  • 11.10.0 - 2024-07-06

    Sorry for the wait, this one is a doozie, thanks to all the contributors who made it possible!


    CAVEATS / POTENTIALLY BREAKING CHANGES

    Important

    This version drops support for Node 16.x, which is no longer supported by Node.js.


    Core Grammars:

    • enh(typescript) add support for satisfies operator Kisaragi Hiu
    • enc(c) added more C23 keywords Melkor-1
    • enh(json) added jsonc as an alias BackupMiles
    • enh(gml) updated to latest language version (GML v2024.2) gnysek
    • enh(c) added more C23 keywords and preprcoessor directives Eisenwave
    • enh(js/ts) support namespaced tagged template strings Aral Balkan
    • enh(perl) fix false-positive variable match at end of string Josh Goebel
    • fix(cpp) not all kinds of number literals are highlighted correctly Lê Duy Quang
    • fix(css) fix overly greedy pseudo class matching Bradley Mackey
    • enh(arcade) updated to ArcGIS Arcade version 1.24 Kristian Ekenes
    • fix(typescript): params types Mohamed Ali
    • fix(rust) fix escaped double quotes in string Mohamed Ali
    • fix(rust) fix for r# raw identifier not being highlighted correctly. JaeBaek Lee
    • enh(rust) Adding union to be recognized as a keyword in Rust. JaeBaek Lee
    • fix(yaml) fix for yaml with keys having brackets highlighted incorrectly Aneesh Kulkarni
    • fix(csharp) add raw string highlighting for C# 11. Tara
    • fix(bash) fix # within token being detected as the start of a comment Felix Uhl
    • fix(python) fix or conflicts with string highlighting Mohamed Ali
    • enh(python) adds a scope to the self variable [Lee Falin][]
    • enh(delphi) allow digits to be omitted for hex and binary literals Jonah Jeleniewski
    • enh(delphi) add support for digit separators Jonah Jeleniewski
    • enh(delphi) add support for character strings with non-decimal numerics Jonah Jeleniewski
    • fix(javascript) incorrect function name highlighting CY Fung
    • fix(1c) fix escaped symbols "+-;():=,[]" literals Vitaly Barilko
    • fix(swift) correctly highlight generics and conformances in type definitions Bradley Mackey
    • enh(swift) add package keyword Bradley Mackey
    • fix(swift) ensure keyword attributes highlight correctly Bradley Mackey
    • fix(types) fix interface LanguageDetail > keywords Patrick Chiu
    • enh(java) add goto to be recognized as a keyword in Java Alvin Joy
    • enh(bash) add keyword sudo Alvin Joy
    • fix(haxe) captures new keyword without capturing it within variables/class names Cameron Taylor
    • fix(go) fix go number literals to accept _ separators, add hex p exponents Lisa Ugray
    • enh(markdown) add entity support David Schach TaraLei
    • enh(css) add justify-items and justify-self attributes Vasily Polovnyov
    • enh(css) add accent-color, appearance, color-scheme, rotate, scale and translate attributes Carl Räfting
    • fix(fortran) fixes parsing of keywords delimited by dots Julien Bloino
    • enh(css) add select, option, optgroup, picture and source to list of known tags Vasily Polovnyov
    • enh(css) add inset, inset-*, border-start-*-radius and border-end-*-radius attributes Vasily Polovnyov
    • enh(css) add text-decoration-skip-ink, text-decoration-thickness and text-underline-offset attributes Vasily Polovnyov

    New Grammars:

    • added 3rd party CODEOWNERS grammar to SUPPORTED_LANGUAGES nataliia-radina
    • added 3rd party Luau grammar to SUPPORTED_LANGUAGES Robloxian Demo
    • added 3rd party ReScript grammar to SUPPORTED_LANGUAGES Paul Tsnobiladzé
    • added 3rd party Zig grammar to SUPPORTED_LANGUAGES [Hyou BunKen][]
    • added 3rd party WGSL grammar to SUPPORTED_LANGUAGES Arman Uguray
    • added 3rd party Unison grammar to SUPPORTED_LANGUAGES Rúnar Bjarnason
    • added 3rd party Phix grammar to SUPPORTED_LANGUAGES PeteLomax
    • added 3rd party Mirth grammar to SUPPORTED_LANGUAGES Sierra
    • added 3rd party JSONata grammar to SUPPORTED_LANGUAGES Vlad Dimov

    Developer Tool:

    Themes:

    • Added 1c-light theme a like in the IDE 1C:Enterprise 8 (for 1c) Vitaly Barilko
  • 11.9.0 - 2023-10-09

    Version 11.9.0

    CAVEATS / POTENTIALLY BREAKING CHANGES

    • Drops support for Node 14.x, which is no longer supported by Node.js.
    • In the node build styles/*.css files now ship un-minified
      with minified counterparts as: styles/*.min.css mvorisek
      (this makes things consistent with our cdn builds)

    Parser:

    • (enh) prevent re-highlighting of an element [joshgoebel][]
    • (chore) Remove discontinued badges from README Bradley Mackey
    • (chore) Fix build size report Bradley Mackey

    New Grammars:

    • added 3rd party Iptables grammar to SUPPORTED_LANGUAGES Checconio
    • added 3rd party x86asmatt grammar to SUPPORTED_LANGUAGES gondow
    • added 3rd party riscv64 grammar to SUPPORTED_LANGUAGES aana-h2
    • added 3rd party Ballerina grammar to SUPPORTED_LANGUAGES Yasith Deelaka

    Core Grammars:

    • fix(rust) added negative-lookahead for callable keywords if while for [Omar Hussein][]
    • enh(armasm) added x0-x30 and w0-w30 ARMv8 registers Nicholas Thompson
    • enh(haxe) added final, is, macro keywords and $ identifiers Robert Borghese
    • enh(haxe) support numeric separators and suffixes Robert Borghese
    • fix(haxe) fixed metadata arguments and support non-colon syntax Robert Borghese
    • fix(haxe) differentiate abstract declaration from keyword Robert Borghese
    • fix(bash) do not delimit a string by an escaped apostrophe [hancar][]
    • enh(swift) support macro keyword Bradley Mackey
    • enh(swift) support parameter pack keywords Bradley Mackey
    • enh(swift) regex literal support Bradley Mackey
    • enh(swift) @ unchecked and @ Sendable support Bradley Mackey
    • enh(scala) add using directives support //> using foo bar [Jamie Thompson][]
    • fix(scala) fixed comments in constructor arguments not being properly highlighted Isaac Nonato
    • enh(swift) ownership modifiers support Bradley Mackey
    • enh(nsis) Add !assert compiler flag [idleberg][]
    • fix(haskell) do not treat double dashes inside infix operators as comments [Zlondrej][]
    • enh(rust) added eprintln! macro qoheniac
    • enh(leaf) update syntax to 4.0 Samuel Bishop
    • fix(reasonml) simplify syntax and align it with ocaml jchavarri
    • fix(swift) warn_unqualified_access is an attribute Bradley Mackey
    • enh(swift) macro attributes are highlighted as keywords Bradley Mackey
    • enh(stan) updated for version 2.33 (#3859) Brian Ward
    • fix(css) added '_' css variable detection Md Saad Akhtar
    • enh(groovy) add record and var as keywords Guillaume Laforge

    Developer Tool:

  • 11.8.0 - 2023-04-29

    Changelog

    Parser engine:

    • added a function to default export to generate a fresh highlighter instance to be used by extensions WisamMechano
    • added BETA __emitTokens key to grammars to allow then to direct their own parsing, only using Highlight.js for the HTML rendering Josh Goebel
    • (enh) add removePlugin api faga295
    • (fix) typo in language name of JavaScript Cyrus Kao

    New Grammars:

    • added 3rd party Lang grammar to SUPPORTED_LANGUAGES AdamRaichu
    • added 3rd party C3 grammar to SUPPORTED_LANGUAGES aliaegik

    Core Grammars:

    • enh(sql) support _ in variable names [joshgoebel][]
    • enh(mathematica) update keywords list to 13.2.1 arnoudbuzing
    • enh(protobuf) add proto alias for Protobuf [dimitropoulos][]
    • enh(sqf) latest changes in Arma 3 v2.11 Leopard20
    • enh(js/ts) Added support for GraphQL tagged template strings Ali Ukani
    • enh(javascript) add sessionStorage to list of built-in variables Jeroen van Vianen
    • enh(http) Add supporxt for HTTP/3 Rijenkii
    • added 3rd party Motoko grammar to SUPPORTED_LANGUAGES rvanasa
    • added 3rd party Candid grammar to SUPPORTED_LANGUAGES rvanasa
    • fix(haskell) Added support for characters CrystalSplitter
    • enh(dart) Add base, interface, sealed, and when keywords Sam Rawlins
    • enh(php) detect newer more flexible NOWdoc syntax (#3679) Timur Kamaev
    • enh(python) improve autodetection of code with type hinting any function's return type (making the -> operator legal) Keyacom
    • enh(bash) add select and until as keywords
  • 11.7.0 - 2022-11-23

    Version 11.7.0

    New Grammars:

    • added 3rd party LookML grammar to SUPPORTED_LANGUAGES Josh Temple
    • added 3rd party FunC grammar to SUPPORTED_LANGUAGES [Nikita Sobolev][]
    • Added 3rd party Flix grammar to SUPPORTED_LANGUAGES The Flix Organisation
    • Added 3rd party RVT grammar to SUPPORTED_LANGUAGES Sopitive

    Grammars:

    • enh(scheme) add scm alias for Scheme matyklug18
    • fix(typescript) patterns like <T = are not JSX Josh Goebel
    • fix(bash) recognize the (( keyword Nick Chambers
    • enh(Ruby) misc improvements (kws, class names, etc) Josh Goebel
    • fix(js) do not flag import() as a function, rather a keyword nathnolt
    • fix(bash) recognize the (( keyword Nick Chambers
    • fix(nix) support escaped dollar signs in strings h7x4
    • enh(cmake) support bracket comments Hirse
    • enh(java) add yield keyword to java MBoegers
    • enh(java) add permits keyword to java MBoegers
    • fix(javascript/typescript) correct identifier matching when using numbers Lachlan Heywood

    Improvements:

from highlight.js GitHub release notes
Package name: markdown-it-attrs from markdown-it-attrs GitHub release notes
Package name: postcss from postcss GitHub release notes
Package name: sass
  • 1.77.8 - 2024-07-11

    To install Sass 1.77.8, download one of the packages below and add it to your PATH, or see the Sass website for full installation instructions.

    Changes

    • No user-visible changes.

    See the full changelog for changes in earlier releases.

  • 1.77.7 - 2024-07-09

    See sass/sass#3885

  • 1.77.6 - 2024-06-17

    …264)

  • 1.77.5 - 2024-06-11

    To install Sass 1.77.5, download one of the packages below and add it to your PATH, or see the Sass website for full installation instructions.

    Changes

    • Fully trim redundant selectors generated by @ extend.

    See the full changelog for changes in earlier releases.

  • 1.77.4 - 2024-05-30

    To install Sass 1.77.4, download one of the packages below and add it to your PATH, or see the Sass website for full installation instructions.

    Changes

    Embedded Sass

    • Support passing Version input for fatalDeprecations as string over embedded protocol.

    • Fix a bug in the JS Embedded Host where Version could be incorrectly accepted as input for silenceDeprecations and futureDeprecations in pure JS.

    See the full changelog for changes in earlier releases.

  • 1.77.3 - 2024-05-29
  • 1.77.2 - 2024-05-16
  • 1.77.1 - 2024-05-10
  • 1.77.0 - 2024-05-07
  • 1.76.0 - 2024-04-30
  • 1.75.0 - 2024-04-11
  • 1.74.1 - 2024-04-04
  • 1.72.0 - 2024-03-13
  • 1.71.1 - 2024-02-21
  • 1.71.0 - 2024-02-16
  • 1.70.0 - 2024-01-18
  • 1.69.7 - 2024-01-02
  • 1.69.6 - 2023-12-28
  • 1.69.5 - 2023-10-26
  • 1.69.4 - 2023-10-17
  • 1.69.3 - 2023-10-12
  • 1.69.2 - 2023-10-10
  • 1.69.1 - 2023-10-09
  • 1.69.0 - 2023-10-05
  • 1.68.0 - 2023-09-21
  • 1.67.0 - 2023-09-14
  • 1.66.1 - 2023-08-18
  • 1.66.0 - 2023-08-17
  • 1.65.1 - 2023-08-09
  • 1.65.0 - 2023-08-09
  • 1.64.2 - 2023-07-31
  • 1.64.1 - 2023-07-22
  • 1.64.0 - 2023-07-20
  • 1.63.6 - 2023-06-21
  • 1.63.5 - 2023-06-21
  • 1.63.4 - 2023-06-14
  • 1.63.3 - 2023-06-09
  • 1.63.2 - 2023-06-08
  • 1.63.1 - 2023-06-08
  • 1.63.0 - 2023-06-07
  • 1.62.1 - 2023-04-25
  • 1.62.0 - 2023-04-11
  • 1.61.0 - 2023-04-06
  • 1.60.0 - 2023-03-23
  • 1.59.3 - 2023-03-14
  • 1.59.2 - 2023-03-11
  • 1.59.1 - 2023-03-10
  • 1.59.0 - 2023-03-10
  • 1.58.3 - 2023-02-18
  • 1.58.2 - 2023-02-17
from sass GitHub release notes
Package name: tailwindcss
  • 3.4.10 - 2024-08-13

    Fixed

    • Bump versions of plugins in the Standalone CLI (#14185)
  • 3.4.9 - 2024-08-08

    Fixed

    • No longer warns when broad glob patterns are detecting vendor folders
  • 3.4.8 - 2024-08-07

    Fixed

    • Fix minification when using nested CSS (#14105)
    • Warn when broad glob patterns are used in the content configuration (#14140)
  • 3.4.7 - 2024-07-25

    Fixed

    • Fix class detection in Slim templates with attached attributes and ID (#14019)
    • Ensure attribute values in data-* and aria-* modifiers are always quoted in the generated CSS (#14037)
  • 3.4.6 - 2024-07-16

    Fixed

    • Fix detection of some utilities in Slim/Pug templates (#14006)

    Changed

    • Loosen :is() wrapping rules when using an important selector (#13900)
  • 3.4.5 - 2024-07-15

    Fixed

    • Disable automatic var() injection for anchor properties (#13826)
    • Use no value instead of blur(0px) for backdrop-blur-none and blur-none utilities (#13830)
    • Add .mts and .cts config file detection (#13940)
    • Don't generate utilities like px-1 unnecessarily when using utilities like px-1.5 (#13959)
    • Always generate -webkit-backdrop-filter for backdrop-* utilities (#13997)
  • 3.4.4 - 2024-06-05
  • 3.4.3 - 2024-03-27
  • 3.4.2 - 2024-03-27
  • 3.4.1 - 2024-01-05
from tailwindcss GitHub release notes
Package name: terser from terser GitHub release notes

Important

  • Check the changes in this PR to ensure they won't cause issues with your project.
  • This PR was automatically created by Snyk using the credentials of a real user.
  • Max score is 1000. Note that the real score may have changed since the PR was raised.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

Snyk has created this PR to upgrade:
  - markdown-it from 13.0.1 to 13.0.2.
    See this package in npm: https://www.npmjs.com/package/markdown-it
  - @11ty/eleventy-fetch from 4.0.0 to 4.0.1.
    See this package in npm: https://www.npmjs.com/package/@11ty/eleventy-fetch
  - algoliasearch from 4.22.1 to 4.24.0.
    See this package in npm: https://www.npmjs.com/package/algoliasearch
  - autoprefixer from 10.4.17 to 10.4.20.
    See this package in npm: https://www.npmjs.com/package/autoprefixer
  - cheerio from 1.0.0-rc.12 to 1.0.0.
    See this package in npm: https://www.npmjs.com/package/cheerio
  - highlight.js from 11.7.0 to 11.10.0.
    See this package in npm: https://www.npmjs.com/package/highlight.js
  - markdown-it-attrs from 4.1.6 to 4.2.0.
    See this package in npm: https://www.npmjs.com/package/markdown-it-attrs
  - postcss from 8.4.34 to 8.4.41.
    See this package in npm: https://www.npmjs.com/package/postcss
  - sass from 1.58.2 to 1.77.8.
    See this package in npm: https://www.npmjs.com/package/sass
  - tailwindcss from 3.4.1 to 3.4.10.
    See this package in npm: https://www.npmjs.com/package/tailwindcss
  - terser from 5.27.0 to 5.31.6.
    See this package in npm: https://www.npmjs.com/package/terser

See this project in Snyk:
https://app.snyk.io/org/xaviermp14/project/54edc9a0-5f79-4e93-a1b4-7fc6e86368a7?utm_source=github&utm_medium=referral&page=upgrade-pr
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants