Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

[Snyk] Upgrade: , , , , , docusaurus-plugin-matomo, docusaurus-plugin-sass, react-player, redocusaurus, rehype-katex, sass #32

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

[Snyk] Upgrade: , , , , , docusaurus-plugin-matomo, docusaurus-plugin-sass, react-player, redocusaurus, rehype-katex, sass #32

wants to merge 1 commit into from

Conversation

X-oss-byte
Copy link
Owner

snyk-top-banner

Snyk has created this PR to upgrade multiple dependencies.

👯 The following dependencies are linked and will therefore be updated together.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

Name Versions Released on

@code-hike/mdx
from 0.7.4 to 0.9.0 | 49 versions ahead of your current version | a year ago
on 2023-06-12
@docusaurus/core
from 2.3.1 to 2.4.3 | 3 versions ahead of your current version | a year ago
on 2023-09-20
@docusaurus/preset-classic
from 2.3.1 to 2.4.3 | 3 versions ahead of your current version | a year ago
on 2023-09-20
@emotion/react
from 11.10.4 to 11.13.0 | 9 versions ahead of your current version | 2 months ago
on 2024-07-20
@mdx-js/react
from 2.1.3 to 2.3.0 | 5 versions ahead of your current version | 2 years ago
on 2023-02-09
docusaurus-plugin-matomo
from 0.0.6 to 0.0.8 | 1 version ahead of your current version | 9 months ago
on 2023-12-03
docusaurus-plugin-sass
from 0.2.2 to 0.2.5 | 3 versions ahead of your current version | a year ago
on 2023-07-20
react-player
from 2.10.1 to 2.16.0 | 11 versions ahead of your current version | 5 months ago
on 2024-04-09
redocusaurus
from 1.3.0 to 1.6.4 | 8 versions ahead of your current version | a year ago
on 2023-09-20
rehype-katex
from 6.0.2 to 6.0.3 | 1 version ahead of your current version | a year ago
on 2023-04-23
sass
from 1.54.9 to 1.77.8 | 58 versions ahead of your current version | 2 months ago
on 2024-07-11

Issues fixed by the recommended upgrade:

Issue Score Exploit Maturity
medium severity Undesired Behavior
SNYK-JS-STYLEDCOMPONENTS-3149924		 454 No Known Exploit
medium severity Unchecked Input for Loop Condition
SNYK-JS-KATEX-6483836		 454 No Known Exploit
critical severity Incomplete List of Disallowed Inputs
SNYK-JS-BABELTRAVERSE-5962462		 454 Proof of Concept
medium severity Template Injection
SNYK-JS-DOMPURIFY-6474511		 454 Proof of Concept
Release notes
Package name: @code-hike/mdx
  • 0.9.0 - 2023-06-12
  • 0.9.0-next.1 - 2023-06-09
  • 0.9.0-next.0 - 2023-06-08
  • 0.9.0--canary.373.22ed7cb.0 - 2023-06-09
  • 0.9.0--canary.370.d6c3dc7.0 - 2023-06-08
  • 0.9.0--canary.370.d5dcee5.0 - 2023-06-08
  • 0.9.0--canary.370.772135a.0 - 2023-06-07
  • 0.9.0--canary.370.628edfe.0 - 2023-06-07
  • 0.8.4--canary.366.e2509b1.0 - 2023-05-13
  • 0.8.4--canary.366.a57484e.0 - 2023-05-16
  • 0.8.4--canary.366.a560bb7.0 - 2023-06-02
  • 0.8.4--canary.366.0fda326.0 - 2023-05-30
  • 0.8.4--canary.366.08a54b4.0 - 2023-05-30
  • 0.8.3 - 2023-05-03
  • 0.8.3-next.2 - 2023-04-30
  • 0.8.3-next.1 - 2023-04-23
  • 0.8.3-next.0 - 2023-04-22
  • 0.8.3--canary.360.f91c849.0 - 2023-04-29
  • 0.8.3--canary.360.b1b2937.0 - 2023-04-29
  • 0.8.3--canary.358.345ae60.0 - 2023-04-23
  • 0.8.3--canary.358.1004f75.0 - 2023-04-23
  • 0.8.3--canary.357.aa719d3.0 - 2023-04-22
  • 0.8.2 - 2023-04-11
  • 0.8.2-next.2 - 2023-04-11
  • 0.8.2-next.1 - 2023-04-11
  • 0.8.2-next.0 - 2023-04-05
  • 0.8.2--canary.347.563f9e4.0 - 2023-04-11
  • 0.8.1 - 2023-03-24
  • 0.8.1-next.1 - 2023-03-24
  • 0.8.1-next.0 - 2023-01-20
  • 0.8.1--canary.337.c3a0332.0 - 2023-03-24
  • 0.8.0 - 2023-01-16
  • 0.8.0-next.0 - 2023-01-15
  • 0.8.0--canary.308.ff6a04d.0 - 2022-12-17
  • 0.8.0--canary.308.f871ac0.0 - 2023-01-10
  • 0.8.0--canary.308.e25fafb.0 - 2022-12-17
  • 0.8.0--canary.308.d5a4a6c.0 - 2022-12-17
  • 0.8.0--canary.308.cf940c7.0 - 2023-01-12
  • 0.8.0--canary.308.cc62796.0 - 2022-12-17
  • 0.8.0--canary.308.a8e7e46.0 - 2023-01-13
  • 0.8.0--canary.308.a845c20.0 - 2023-01-15
  • 0.8.0--canary.308.6cc554b.0 - 2023-01-15
  • 0.8.0--canary.308.6bc684f.0 - 2023-01-15
  • 0.8.0--canary.308.4fd5437.0 - 2023-01-15
  • 0.8.0--canary.308.4931c64.0 - 2023-01-15
  • 0.8.0--canary.308.3a1754f.0 - 2022-12-23
  • 0.8.0--canary.308.2d9fc9a.0 - 2023-01-09
  • 0.7.5-next.0 - 2022-08-28
  • 0.7.5--canary.278.59b2af1.0 - 2022-08-28
  • 0.7.4 - 2022-08-22
from @code-hike/mdx GitHub release notes
Package name: @docusaurus/core
  • 2.4.3 - 2023-09-20
  • 2.4.1 - 2023-05-15
  • 2.4.0 - 2023-03-23
  • 2.3.1 - 2023-02-03
from @docusaurus/core GitHub release notes
Package name: @docusaurus/preset-classic
  • 2.4.3 - 2023-09-20
  • 2.4.1 - 2023-05-15
  • 2.4.0 - 2023-03-23
  • 2.3.1 - 2023-02-03
from @docusaurus/preset-classic GitHub release notes
Package name: @emotion/react
  • 11.13.0 - 2024-07-20

    Minor Changes

    • #3198 d8ff8a5 Thanks @ Andarist! - Migrated away from relying on process.env.NODE_ENV checks to differentiate between production and development builds.

      Development builds (and other environment-specific builds) can be used by using proper conditions (see here). Most modern bundlers/frameworks already preconfigure those for the user so no action has to be taken.

      Default files should continue to work in all environments.

    • #3215 a9f6912 Thanks @ Andarist! - Added edge-light and workerd conditions to package.json manifest to better serve users using Vercel Edge and Cloudflare Workers.

    Patch Changes

    • Updated dependencies [d8ff8a5, a9f6912]:
      • @ emotion/serialize@1.3.0
      • @ emotion/use-insertion-effect-with-fallbacks@1.1.0
      • @ emotion/utils@1.4.0
  • 11.12.0 - 2024-07-19
  • 11.11.4 - 2024-02-27
  • 11.11.3 - 2023-12-23
  • 11.11.1 - 2023-06-07
  • 11.11.0 - 2023-05-06
  • 11.10.8 - 2023-04-28
  • 11.10.6 - 2023-02-16
  • 11.10.5 - 2022-10-27
  • 11.10.4 - 2022-08-30
from @emotion/react GitHub release notes
Package name: @mdx-js/react from @mdx-js/react GitHub release notes
Package name: docusaurus-plugin-matomo from docusaurus-plugin-matomo GitHub release notes
Package name: docusaurus-plugin-sass from docusaurus-plugin-sass GitHub release notes
Package name: react-player from react-player GitHub release notes
Package name: redocusaurus
  • 1.6.4 - 2023-09-20

    redocusaurus@1.6.4

    Patch Changes

    • Updated dependencies [340c583]:
      • docusaurus-theme-redoc@1.6.4

    docusaurus-theme-redoc@1.6.4

    Patch Changes

  • 1.6.3 - 2023-06-07

    redocusaurus@1.6.3

    Patch Changes

    • Updated dependencies [e5cf828]:
      • docusaurus-theme-redoc@1.6.3

    docusaurus-theme-redoc@1.6.3

    Patch Changes

  • 1.6.2 - 2023-04-17

    redocusaurus@1.6.2

    Patch Changes

    • Updated dependencies [c0fcd04]:
      • docusaurus-theme-redoc@1.6.2

    docusaurus-theme-redoc@1.6.2

    Patch Changes

  • 1.6.1 - 2023-03-03

    redocusaurus@1.6.1

    Patch Changes

    • Updated dependencies [42bb731]:
      • docusaurus-theme-redoc@1.6.1

    docusaurus-theme-redoc@1.6.1

    Patch Changes

  • 1.6.0 - 2023-02-10

    redocusaurus@1.6.0

    Minor Changes

    Patch Changes

    • Updated dependencies [bba785a, bba785a]:
      • docusaurus-plugin-redoc@1.6.0
      • docusaurus-theme-redoc@1.6.0

    docusaurus-plugin-redoc@1.6.0

    Minor Changes

    docusaurus-theme-redoc@1.6.0

    Minor Changes

    Patch Changes

  • 1.5.1 - 2023-02-10
  • 1.5.0 - 2023-02-10
  • 1.4.0 - 2022-09-26
  • 1.3.0 - 2022-07-16
from redocusaurus GitHub release notes
Package name: rehype-katex from rehype-katex GitHub release notes
Package name: sass
  • 1.77.8 - 2024-07-11

    To install Sass 1.77.8, download one of the packages below and add it to your PATH, or see the Sass website for full installation instructions.

    Changes

    • No user-visible changes.

    See the full changelog for changes in earlier releases.

  • 1.77.7 - 2024-07-09

    See sass/sass#3885

  • 1.77.6 - 2024-06-17

    …264)

  • 1.77.5 - 2024-06-11

    To install Sass 1.77.5, download one of the packages below and add it to your PATH, or see the Sass website for full installation instructions.

    Changes

    • Fully trim redundant selectors generated by @ extend.

    See the full changelog for changes in earlier releases.

  • 1.77.4 - 2024-05-30

    To install Sass 1.77.4, download one of the packages below and add it to your PATH, or see the Sass website for full installation instructions.

    Changes

    Embedded Sass

    • Support passing Version input for fatalDeprecations as string over embedded protocol.

    • Fix a bug in the JS Embedded Host where Version could be incorrectly accepted as input for silenceDeprecations and futureDeprecations in pure JS.

    See the full changelog for changes in earlier releases.

  • 1.77.3 - 2024-05-29
  • 1.77.2 - 2024-05-16
  • 1.77.1 - 2024-05-10
  • 1.77.0 - 2024-05-07
  • 1.76.0 - 2024-04-30
  • 1.75.0 - 2024-04-11
  • 1.74.1 - 2024-04-04
  • 1.72.0 - 2024-03-13
  • 1.71.1 - 2024-02-21
  • 1.71.0 - 2024-02-16
  • 1.70.0 - 2024-01-18
  • 1.69.7 - 2024-01-02
  • 1.69.6 - 2023-12-28
  • 1.69.5 - 2023-10-26
  • 1.69.4 - 2023-10-17
  • 1.69.3 - 2023-10-12
  • 1.69.2 - 2023-10-10
  • 1.69.1 - 2023-10-09
  • 1.69.0 - 2023-10-05
  • 1.68.0 - 2023-09-21
  • 1.67.0 - 2023-09-14
  • 1.66.1 - 2023-08-18
  • 1.66.0 - 2023-08-17
  • 1.65.1 - 2023-08-09
  • 1.65.0 - 2023-08-09
  • 1.64.2 - 2023-07-31
  • 1.64.1 - 2023-07-22
  • 1.64.0 - 2023-07-20
  • 1.63.6 - 2023-06-21
  • 1.63.5 - 2023-06-21
  • 1.63.4 - 2023-06-14
  • 1.63.3 - 2023-06-09
  • 1.63.2 - 2023-06-08
  • 1.63.1 - 2023-06-08
  • 1.63.0 - 2023-06-07
  • 1.62.1 - 2023-04-25
  • 1.62.0 - 2023-04-11
  • 1.61.0 - 2023-04-06
  • 1.60.0 - 2023-03-23
  • 1.59.3 - 2023-03-14
  • 1.59.2 - 2023-03-11
  • 1.59.1 - 2023-03-10
  • 1.59.0 - 2023-03-10
  • 1.58.3 - 2023-02-18
  • 1.58.2 - 2023-02-17
  • 1.58.1 - 2023-02-14
  • 1.58.0 - 2023-02-01
  • 1.57.1 - 2022-12-19
  • 1.57.0 - 2022-12-17
  • 1.56.2 - 2022-12-08
  • 1.56.1 - 2022-11-09
  • 1.56.0 - 2022-11-04
  • 1.55.0 - 2022-09-21
  • 1.54.9 - 2022-09-07
from sass GitHub release notes

Important

  • Check the changes in this PR to ensure they won't cause issues with your project.
  • This PR was automatically created by Snyk using the credentials of a real user.
  • Max score is 1000. Note that the real score may have changed since the PR was raised.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

@snyk-bot
fix: upgrade multiple dependencies with Snyk
ffe8443 
Snyk has created this PR to upgrade:
  - @code-hike/mdx from 0.7.4 to 0.9.0.
    See this package in npm: https://www.npmjs.com/package/@code-hike/mdx
  - @docusaurus/core from 2.3.1 to 2.4.3.
    See this package in npm: https://www.npmjs.com/package/@docusaurus/core
  - @docusaurus/preset-classic from 2.3.1 to 2.4.3.
    See this package in npm: https://www.npmjs.com/package/@docusaurus/preset-classic
  - @emotion/react from 11.10.4 to 11.13.0.
    See this package in npm: https://www.npmjs.com/package/@emotion/react
  - @mdx-js/react from 2.1.3 to 2.3.0.
    See this package in npm: https://www.npmjs.com/package/@mdx-js/react
  - docusaurus-plugin-matomo from 0.0.6 to 0.0.8.
    See this package in npm: https://www.npmjs.com/package/docusaurus-plugin-matomo
  - docusaurus-plugin-sass from 0.2.2 to 0.2.5.
    See this package in npm: https://www.npmjs.com/package/docusaurus-plugin-sass
  - react-player from 2.10.1 to 2.16.0.
    See this package in npm: https://www.npmjs.com/package/react-player
  - redocusaurus from 1.3.0 to 1.6.4.
    See this package in npm: https://www.npmjs.com/package/redocusaurus
  - rehype-katex from 6.0.2 to 6.0.3.
    See this package in npm: https://www.npmjs.com/package/rehype-katex
  - sass from 1.54.9 to 1.77.8.
    See this package in npm: https://www.npmjs.com/package/sass

See this project in Snyk:
https://app.snyk.io/org/sammytezzy/project/7650a6dc-5350-43b1-a325-214be212c321?utm_source=github&utm_medium=referral&page=upgrade-pr
@stackblitz StackBlitz
Copy link

stackblitz bot commented Sep 8, 2024

Review PR in StackBlitz Codeflow Run & review this pull request in StackBlitz Codeflow.

@changeset-bot changeset-bot
Copy link

changeset-bot bot commented Sep 8, 2024

⚠️ No Changeset found

Latest commit: ffe8443

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

sourcery-ai[bot]
sourcery-ai bot reviewed Sep 8, 2024
View reviewed changes
Copy link

@sourcery-ai sourcery-ai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We have skipped reviewing this pull request. Here's why:

  • It seems to have been created by a bot ('[Snyk]' found in title). We assume it knows what it's doing!
  • We don't review packaging changes - Let us know if you'd like us to change this.

# for free to join this conversation on GitHub. Already have an account? # to comment
Reviewers

@sourcery-ai sourcery-ai[bot] sourcery-ai[bot] left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Critical dependency: the request of a dependency is an expression
2 participants
@X-oss-byte @snyk-bot