Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

[Snyk] Upgrade: , semver, , arch, fs-extra, glob, inversify, jsonc-parser, minimatch, reflect-metadata, rxjs, tmp, untildify, vscode-debugprotocol, which, winreg, xml2js #2

Open
wants to merge 1 commit into
base: main
Choose a base branch
from

Conversation

snyk-io[bot]
Copy link

@snyk-io snyk-io bot commented Sep 22, 2024

snyk-top-banner

Snyk has created this PR to upgrade multiple dependencies.

👯 The following dependencies are linked and will therefore be updated together.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

⚠️ Warning: This PR contains major version upgrade(s), and may be a breaking change.

Name Versions Released on

@iarna/toml
from 2.2.5 to 3.0.0 | 1 version ahead of your current version
⚠️ This is a major version upgrade, and may be a breaking change | 4 years ago
on 2020-04-23
semver
from 7.6.0 to 7.6.3 | 3 versions ahead of your current version | 2 months ago
on 2024-07-16
@vscode/extension-telemetry
from 0.8.4 to 0.9.7 | 9 versions ahead of your current version | 2 months ago
on 2024-08-02
arch
from 2.2.0 to 3.0.0 | 1 version ahead of your current version
⚠️ This is a major version upgrade, and may be a breaking change | 7 months ago
on 2024-02-12
fs-extra
from 10.0.1 to 11.2.0 | 5 versions ahead of your current version
⚠️ This is a major version upgrade, and may be a breaking change | 10 months ago
on 2023-11-28
glob
from 7.2.0 to 11.0.0 | 54 versions ahead of your current version
⚠️ This is a major version upgrade, and may be a breaking change | 2 months ago
on 2024-07-08
inversify
from 5.0.5 to 6.0.2 | 4 versions ahead of your current version
⚠️ This is a major version upgrade, and may be a breaking change | a year ago
on 2023-10-20
jsonc-parser
from 3.2.0 to 3.3.1 | 3 versions ahead of your current version | 3 months ago
on 2024-06-24
minimatch
from 5.1.0 to 10.0.1 | 52 versions ahead of your current version
⚠️ This is a major version upgrade, and may be a breaking change | 2 months ago
on 2024-07-08
reflect-metadata
from 0.1.13 to 0.2.2 | 5 versions ahead of your current version | 6 months ago
on 2024-03-29
rxjs
from 6.6.7 to 7.8.1 | 41 versions ahead of your current version
⚠️ This is a major version upgrade, and may be a breaking change | a year ago
on 2023-04-26
tmp
from 0.0.33 to 0.2.3 | 5 versions ahead of your current version | 7 months ago
on 2024-02-29
untildify
from 4.0.0 to 5.0.0 | 1 version ahead of your current version
⚠️ This is a major version upgrade, and may be a breaking change | a year ago
on 2023-06-11
vscode-debugprotocol
from 1.35.0 to 1.51.0 | 36 versions ahead of your current version | 3 years ago
on 2021-12-02
which
from 2.0.2 to 4.0.0 | 3 versions ahead of your current version
⚠️ This is a major version upgrade, and may be a breaking change | a year ago
on 2023-08-29
winreg
from 1.2.4 to 1.2.5 | 1 version ahead of your current version | a year ago
on 2023-10-20
xml2js
from 0.5.0 to 0.6.2 | 3 versions ahead of your current version | a year ago
on 2023-07-26

Issues fixed by the recommended upgrade:

Issue Score Exploit Maturity
medium severity Missing Release of Resource after Effective Lifetime
SNYK-JS-INFLIGHT-6095116
631 Proof of Concept
Release notes
Package name: @iarna/toml from @iarna/toml GitHub release notes
Package name: semver from semver GitHub release notes
Package name: @vscode/extension-telemetry
  • 0.9.7 - 2024-08-02

    Changes:

    • #213: Bump version + packages
    • #211: Update readme + support connection string
    • #210: Send user id in extension paylod
    • #207: Bump braces from 3.0.2 to 3.0.3
    • #206: Update packages
    • #204: Rollback packages

    This list of changes was auto generated.

  • 0.9.6 - 2024-03-22

    Update packages (#206)

  • 0.9.5 - 2024-03-20

    Rollback packages (#204)

  • 0.9.4 - 2024-03-20
    • Allows measurements to also be undefined for easy omitting, similar to how properties work
  • 0.9.3 - 2024-02-29
    • Improves on the user agent metric shown when navigator.userAgentData is unavailable. Thanks to @ sezna
    • Fixes a bug with telemetry fetching using app insights on older version of node. Thanks to @ devm33
  • 0.9.2 - 2023-12-19

    This release contains a small fix to the 1DS package used by Microsoft extensions in the web to ensure compliance with the California's Global Privacy Control. If you're not a Microsoft extension, then it is safe to disregard this release as it contains no new features or improvements for the third party flow.

  • 0.9.1 - 2023-12-12

    Thanks to a community contribution by @ ilia-db the unhandlederror event handler has been properly fixed to include common properties.

  • 0.9.0 - 2023-11-01

    Application insights web basics comes with the ability to pass in a fetch pollyfill that allows it to be used for both Node and Web. This is similar to what we already do for first party extensions using the 1DS package.

    While there is no breaking changes here, the replacement of a key dependency with what should be an equivalent alternative may have unknown edge cases that were not accounted for, therefore the version has been bumped to reflect this.

    Bundlephobia reports a 67Kb decline in bundle size with this change.

  • 0.8.5 - 2023-09-20
    • Improves shutdown performance by lessening the amount of time which is allocated to disposing the telemetry reporters. Additionally, removes a few redundant flushes. Fixes microsoft/vscode#192742
  • 0.8.4 - 2023-08-24
    • Fixes a bug where if the user's connection were to drop during a session, telemetry would no longer send for the rest of that session
    • Fixes a bug with sendRawTelemetryEvent sending key: key pairs instead of key: value pairs
from @vscode/extension-telemetry GitHub release notes
Package name: arch from arch GitHub release notes
Package name: fs-extra from fs-extra GitHub release notes
Package name: glob
  • 11.0.0 - 2024-07-08

    11.0.0

  • 10.4.5 - 2024-07-09
  • 10.4.4 - 2024-07-08

    10.4.4

  • 10.4.3 - 2024-07-06

    10.4.3

  • 10.4.2 - 2024-06-19

    10.4.2

  • 10.4.1 - 2024-05-24

    10.4.1

  • 10.4.0 - 2024-05-24

    10.4.0

  • 10.3.16 - 2024-05-21

    10.3.16

  • 10.3.15 - 2024-05-12

    10.3.15

  • 10.3.14 - 2024-05-09

    10.3.14

  • 10.3.13 - 2024-05-09

    10.3.13

  • 10.3.12 - 2024-03-28
  • 10.3.11 - 2024-03-28
  • 10.3.10 - 2023-09-27
  • 10.3.9 - 2023-09-26
  • 10.3.8 - 2023-09-26
  • 10.3.7 - 2023-09-24
  • 10.3.6 - 2023-09-23
  • 10.3.5 - 2023-09-20
  • 10.3.4 - 2023-08-30
  • 10.3.3 - 2023-07-08
  • 10.3.2 - 2023-07-08
  • 10.3.1 - 2023-06-27
  • 10.3.0 - 2023-06-21
  • 10.2.7 - 2023-06-06
  • 10.2.6 - 2023-05-20
  • 10.2.5 - 2023-05-17
  • 10.2.4 - 2023-05-15
  • 10.2.3 - 2023-05-09
  • 10.2.2 - 2023-04-23
  • 10.2.1 - 2023-04-17
  • 10.2.0 - 2023-04-17
  • 10.1.0 - 2023-04-14
  • 10.0.0 - 2023-04-09
  • 9.3.5 - 2023-04-09
  • 9.3.4 - 2023-04-02
  • 9.3.3 - 2023-04-02
  • 9.3.2 - 2023-03-22
  • 9.3.1 - 2023-03-21
  • 9.3.0 - 2023-03-14
  • 9.2.1 - 2023-03-03
  • 9.2.0 - 2023-03-02
  • 9.1.2 - 2023-03-01
  • 9.1.1 - 2023-03-01
  • 9.1.0 - 2023-03-01
  • 9.0.2 - 2023-02-28
  • 9.0.1 - 2023-02-27
  • 9.0.0 - 2023-02-27
  • 8.1.0 - 2023-01-14
  • 8.0.3 - 2022-05-13
  • 8.0.2 - 2022-05-12
  • 8.0.1 - 2022-04-11
  • 7.2.3 - 2022-05-15
  • 7.2.2 - 2022-05-13
  • 7.2.0 - 2021-09-22
from glob GitHub release notes
Package name: inversify
  • 6.0.2 - 2023-10-20
    • I updated chaangelog, I excluded any changes to documentation only - please let me know if I missed anything
  • 6.0.1 - 2021-10-14

    Added

    • add API method for check dependency only in current container
    • createTaggedDecorator #1343
    • Async bindings #1132
    • Async binding resolution (getAllAsync, getAllNamedAsync, getAllTaggedAsync, getAsync, getNamedAsync, getTaggedAsync, rebindAsync, unbindAsync, unbindAllAsync, unloadAsync) #1132
    • Global onActivation / onDeactivation #1132
    • Parent/Child onActivation / onDeactivation #1132
    • Module onActivation / onDeactivation #1132
    • Added @ preDestroy decorator #1132

    Changed

    • @ PostConstruct can target an asyncronous function #1132
    • Singleton scoped services cache resolved values once the result promise is fulfilled #1320

    Fixed

    • only inject decorator can be applied to setters #1342
    • Container.resolve should resolve in that container #1338
  • 5.1.1 - 2021-04-25
    No content.
  • 5.1.0 - 2021-04-25

    Added

    • Upgrade information for v4.x to v5.x

    Fixed

    • Fix Target.isTagged() to exclude optional from tag injections #1190.
    • Update toConstructor, toFactory, toFunction, toAutoFactory, toProvider and toConstantValue to have singleton scope #1297.
    • Fix injection on optional properties when targeting ES6 #928
  • 5.0.5 - 2020-12-10
    No content.
from inversify GitHub release notes
Package name: jsonc-parser
  • 3.3.1 - 2024-06-24

    Changes:

    • #92: remove exports, prepare 3.3.1

    This list of changes was auto generated.

  • 3.3.0 - 2024-06-24

    Changes:

    Feature Requests:

    • #11: Can we have a "insertFinalNewline" option in "FormattingOptions"?
    • #4: Source map referenced but not included in published package

    Bugs:

    • #33: Formatting valid json content is causing an invalid json
    • #40: parseTree() returns undefined on empty string input

    Others:

    • #90: prepare 3.3.0
    • #88: Allow the visitor to cease callbacks
    • #89: Bump braces from 3.0.2 to 3.0.3
    See More
    • #84: prepare 3.2.1
    • #81: perf(format): cache breaklines and spaces as much as possible
    • #79: update dependencies
    • #75: ci: add batch
    • #72: delete pr-chat action
    • #71: add publish pipeline & cleanup ci
    • #70: set preserveConstEnums: true, switch to es2020
    • #69: sort edits in applyEdits
    • #66: An additional parameter keepLines has been added into the formatting options which allows to keep the original line formatting
    • #64: Adding Microsoft SECURITY.MD
    • #62: Add JSON path supplier parameter to visitor functions
    • #44: findNodeAtLocation does not handle incomplete property pair
    • #61: Update API section in README
    • #53: Clarify whether / how Edit[] can be concatenated
    • #46: Non-standard whitespace handling
    • #47: Improve README
    • #54: readme: improve ParseOptions documentation
    • #43: Add file extenstion to typings property value
    • #34: Optimize parseLiteral for number-heavy JSON files (ala GeoJSON)
    • #39: Bump lodash from 4.17.15 to 4.17.19
    • #35: Allow for array modifications, add inPlace formatting option.
    • #32: Parse errors make parsed tree useless
    • #31: Upgrading from 2.1.1 to 2.2.0 has diagnostic for file with only comments
    • #25: Fix typo in README
    • #24: parse function should include properties with empty string as their keys
    • #21: Update README.md
    • #18: JavaScipt -> JavaScript
    • #17: add line and column information to scanner and visitor
    • #15: Fix a few typos in doc comments
    • #12: Do not mutate the given path
    • #9: Refactor computeIndentLevel method
    • #8: Fix typo of token
    • #6: Allow trailing commas in array

Snyk has created this PR to upgrade:
  - @iarna/toml from 2.2.5 to 3.0.0.
    See this package in npm: https://www.npmjs.com/package/@iarna/toml
  - semver from 7.6.0 to 7.6.3.
    See this package in npm: https://www.npmjs.com/package/semver
  - @vscode/extension-telemetry from 0.8.4 to 0.9.7.
    See this package in npm: https://www.npmjs.com/package/@vscode/extension-telemetry
  - arch from 2.2.0 to 3.0.0.
    See this package in npm: https://www.npmjs.com/package/arch
  - fs-extra from 10.0.1 to 11.2.0.
    See this package in npm: https://www.npmjs.com/package/fs-extra
  - glob from 7.2.0 to 11.0.0.
    See this package in npm: https://www.npmjs.com/package/glob
  - inversify from 5.0.5 to 6.0.2.
    See this package in npm: https://www.npmjs.com/package/inversify
  - jsonc-parser from 3.2.0 to 3.3.1.
    See this package in npm: https://www.npmjs.com/package/jsonc-parser
  - minimatch from 5.1.0 to 10.0.1.
    See this package in npm: https://www.npmjs.com/package/minimatch
  - reflect-metadata from 0.1.13 to 0.2.2.
    See this package in npm: https://www.npmjs.com/package/reflect-metadata
  - rxjs from 6.6.7 to 7.8.1.
    See this package in npm: https://www.npmjs.com/package/rxjs
  - tmp from 0.0.33 to 0.2.3.
    See this package in npm: https://www.npmjs.com/package/tmp
  - untildify from 4.0.0 to 5.0.0.
    See this package in npm: https://www.npmjs.com/package/untildify
  - vscode-debugprotocol from 1.35.0 to 1.51.0.
    See this package in npm: https://www.npmjs.com/package/vscode-debugprotocol
  - which from 2.0.2 to 4.0.0.
    See this package in npm: https://www.npmjs.com/package/which
  - winreg from 1.2.4 to 1.2.5.
    See this package in npm: https://www.npmjs.com/package/winreg
  - xml2js from 0.5.0 to 0.6.2.
    See this package in npm: https://www.npmjs.com/package/xml2js

See this project in Snyk:
https://app.snyk.io/org/organich/project/09faea7a-cb03-4c59-a353-3870151c3173?utm_source=github-cloud-app&utm_medium=referral&page=upgrade-pr
# for free to join this conversation on GitHub. Already have an account? # to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Update to 1.82.0, VSCode takes more time to kill processes after quit
0 participants