[Snyk] Security upgrade hexo from 3.3.9 to 4.0.0

[ekmixon]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • site/package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	718/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 6.5	Uncontrolled Resource Consumption ('Resource Exhaustion') SNYK-JS-TAR-6476909	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: hexo

The new version differs by 250 commits.

• 9662366 Merge pull request #3695 from curbengh/4.0.0
• ac03b72 Merge pull request #3768 from seaoak/bugfix/backtick_code_block_on_blockquote_always_terminates_the_blockquote_block
• 84c4c66 Disable to insert extra new line character into the end of backtick code block (fix #3767)
• 6b329e9 Merge pull request #3765 from seaoak/feature/correct_filter_backtick_code_block_on_blockquote
• deaad6b docs(backtick_code): mention PR #3765
• 894408a Correct processing of backtick code block on blockquote (fix Issue#2969)
• 6bf6e98 release: 4.0.0
• 79bdc95 fix(#2318): allow backtick code block in "blockquote" tag plugin (#2321)
• bd70086 Merge pull request #3760 from seaoak/bugfix/test-of-box-fails-on-race-condition
• e61116a Merge pull request #3761 from curbengh/warehouse-3-0-1
• e353f46 Fix up potential race condition in test cases of "box" (fix #3759)
• 6f6084c perf(cache): improve cache and reduce Memory Usages (#3756)
• 612a15a chore(deps): update warehouse from ^3.0.0 to ^3.0.1
• d2662d4 Merge pull request #3686 from curbengh/url-encoding
• 6f7fe0c test(asset_img): attribute shouldn't be similar to value, unless it's boolean
• 09ccc9f refactor: cheerio is no longer necessary
• 02041eb chore(deps): update hexo-util from ^1.3.1 to ^1.4.0
• 62e6e5c fix(open_graph): url might be null
• e6ed3f8 test(open_graph): avoid double-escaping
• 8bd3439 fix(open_graph): htmlTag escapes html by default
• d5fb012 refactor: utilize encodeURL of hexo-util
• c6190ca fix(open_graph): do not format empty url
• 5043bac test(open_graph): IDN handling
• 79ef191 fix(open_graph): support IDN url

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Uncontrolled Resource Consumption ('Resource Exhaustion')

[secure-code-warrior-for-github]

Micro-Learning Topic: Race condition (Detected by phrase)

Matched on "race condition"

What is this? (2min video)

A race condition is a flaw that produces an unexpected result when the timing of actions impact other actions.

Try a challenge in Secure Code Warrior

Micro-Learning Topic: Resource exhaustion (Detected by phrase)

Matched on "Resource Exhaustion"

What is this? (2min video)

Allocating objects or timers with user-controlled sizes or durations can cause resource exhaustion.

Try a challenge in Secure Code Warrior

[sourcery-ai]

We have skipped reviewing this pull request. It seems to have been created by a bot ('[Snyk]' found in title). We assume it knows what it's doing!