[Snyk] Upgrade cheerio from 1.0.0-rc.3 to 1.0.0 #70

0xbaha · 2024-10-11T02:04:29Z

Snyk has created this PR to upgrade cheerio from 1.0.0-rc.3 to 1.0.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

The recommended version is 10 versions ahead of your current version.
The recommended version was released 2 months ago, on 2024-08-09.

The recommended version fixes:

Issue	PriorityScore (*)	Exploit Maturity
Asymmetric Resource Consumption (Amplification) SNYK-JS-BODYPARSER-7926860	624/1000 Why? Has a fix available, CVSS 8.2	No Known Exploit
Code Injection SNYK-JS-LODASH-1040724	624/1000 Why? Has a fix available, CVSS 8.2	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-NTHCHECK-1586032	624/1000 Why? Has a fix available, CVSS 8.2	Proof of Concept
Open Redirect SNYK-JS-EXPRESS-6474509	624/1000 Why? Has a fix available, CVSS 8.2	No Known Exploit
Cross-site Scripting SNYK-JS-EXPRESS-7926867	624/1000 Why? Has a fix available, CVSS 8.2	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	624/1000 Why? Has a fix available, CVSS 8.2	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-PATHTOREGEXP-7925106	624/1000 Why? Has a fix available, CVSS 8.2	Proof of Concept
Cross-site Scripting SNYK-JS-SEND-7926862	624/1000 Why? Has a fix available, CVSS 8.2	No Known Exploit
Cross-site Scripting SNYK-JS-SERVESTATIC-7926865	624/1000 Why? Has a fix available, CVSS 8.2	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: cheerio

1.0.0 - 2024-08-09
Cheerio 1.0 is here! 🎉

Announcement Blog Post

Breaking Changes
- The minimum NodeJS version is now 18.17 or higher #3959
- Import paths were simplified. For example, use cheerio/slim instead of
  cheerio/lib/slim. #3970
- The deprecated default Cheerio instance and static methods were removed. #3974
  
  Before, it was possible to write code like this:
  
  import cheerio, { html } from 'cheerio';
  
  html(cheerio('<test></test>')); // ~ '<test></test>' -- NO LONGER WORKS
  
  Make sure to always load documents first:
  
  import * as cheerio from 'cheerio';
  
  cheerio.load('<test></test>').html();
- Node types previously re-exported by Cheerio must now be imported directly
  from (domhandler)(https://github.com/fb55/domhandler). #3969
- htmlparser2 options now reside exclusively under the xml key (#2916):
```
const $ = cheerio.load('<html>', {
  xml: {
    withStartIndices: true,
  },
});
```
New Features
- Add functions to load buffers, streams & URLs in NodeJS by @ fb55 in #2857
- Add extract method by @ fb55 in #2750
Fixes
- Allow imports of cheerio/utils by @ blixt in #2601
- Allow empty string in data, and simplify by @ fb55 in #2818
- Make closest be able to start from text nodes by @ Qualtagh in #2811
- Fix potential github action smells by @ ceddy4395 in #3826
Other
- Cheerio has a new website, featuring updated API docs and guides! #2950
Full Changelog: v1.0.0-rc.12...v1.0.0
1.0.0-rc.12 - 2022-06-26
Bugfix release. Fixed issues:
- Align prop undefined handling with jQuery by @ fb55 in #2557
- Allow deep imports of cheerio/lib/utils by @ blixt in #2601
New Contributors
- @ blixt made their first contribution in #2601
Full Changelog: v1.0.0-rc.11...v1.0.0-rc.12
1.0.0-rc.11 - 2022-05-20
Read more
1.0.0-rc.10 - 2021-06-08
Fixes:
- .html(node) now moves passed nodes (#1923, fixes #940) 258b26b
- Boolean attributes are no longer special in xmlMode (#1903, fixes #1805) b393e4a
- Rename parser adapter files (#1873, fixes #1847) 8f55dd8
- Make filter work on all collections (#1870, fixes #1867) fb8d31e
- Bump cheerio-select (#1922, fixes https://www.npmjs.com/advisories/1754) 5cd2b9c
Documentation:
- Document how to define TS types for Plug-Ins (#1915, fixes #1778) 880fd2c
- Remove obsolete Testing section e0c7cbb
- Remove now-invalid require 5dfbd35
Refactors:
- Wrap shared behavior in traversing (#1909) 58e090a
- Move is to traversing, optimize (#1908) 1c6fa3e
- Change order of arguments of internal domEach (#1892) feda230
- Have load export a function (#1869) c370f4e
v1.0.0-rc.9...v1.0.0-rc.10
1.0.0-rc.9 - 2021-05-06
Read more
1.0.0-rc.8 - 2021-05-06
Second botched release. Please use v1.0.0-rc.9 instead.
1.0.0-rc.7 - 2021-05-06
Published without a lib directory — please ignore.
1.0.0-rc.6 - 2021-04-08
Read more
1.0.0-rc.5 - 2020-12-21
Hotfix release
- fix(package): Use cheerio-select-tmp until naming issue is resolved 3751929
v1.0.0-rc.4...v1.0.0-rc.5
1.0.0-rc.4 - 2020-12-21
Read more
1.0.0-rc.3 - 2019-04-06

from cheerio GitHub release notes

Commit messages

Package name: cheerio

50b5d5c 1.0.0
eea2fec fix(eslint): Disable misfiring lint rule
e60f659 chore(package): Update published files
4fe3e7b chore(docs): Add 1.0 Announcement Post (#3984)
944553b build(deps): bump docusaurus-plugin-typedoc in /website (#3983)
e34967e build(deps-dev): bump tsx from 4.16.5 to 4.17.0 (#3982)
eb7122b chore(traversing): Add test case for `lowerCaseTags` (#3981)
b824ba8 fix(website): Fix ReactLiveScope examples (#3980)
08ebee5 build(deps-dev): bump eslint-plugin-jsdoc from 49.0.0 to 50.0.0 (#3979)
bf5f44c build(deps-dev): bump eslint-plugin-jsdoc from 48.11.0 to 49.0.0 (#3976)
c9b92c1 docs(readme): Update Sponsors (#3978)
816cff3 build(deps-dev): bump husky from 8.0.3 to 9.1.4 (#3952)
e739aad Bump minimum Node version to 18.17, upgrade undici (#3959)
48a86bd build(deps-dev): bump @ typescript-eslint from 7.18.0 to 8.0.1 (#3972)
d6cc54f fix(website): Update markup in loading example (#3642)
e48f022 fix(website): Revert docusaurus changes, fixes
98e41ae chore: Add `ts` lint (#3975)
bcdc28e Update Sponsors (#3963)
ca00ea5 refactor: Make exports explicit
5f9b028 refactor: Remove unused eslint disable directives
599967f fix(website): Remove invalid redirects
d4eb8d3 Remove deprecated exports (#3974)
c07bbf0 Fix web builds (#3973)
caab069 Update build tooling, update imports, require Node 16 (#3970)