Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

[Snyk] Upgrade metalsmith from 2.5.1 to 2.6.3 #29

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

[Snyk] Upgrade metalsmith from 2.5.1 to 2.6.3 #29

wants to merge 1 commit into from

Conversation

q1blue
Copy link
Collaborator

@q1blue q1blue commented May 24, 2024

This PR was automatically created by Snyk using the credentials of a real user.


![snyk-top-banner](https://github.com/andygongea/OWASP-Benchmark/assets/818805/c518c423-16fe-447e-b67f-ad5a49b5d123)

Snyk has created this PR to upgrade metalsmith from 2.5.1 to 2.6.3.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

  • The recommended version is 4 versions ahead of your current version.

  • The recommended version was released on 3 months ago.

Issues fixed by the recommended upgrade:

Issue Score Exploit Maturity
medium severity Missing Release of Resource after Effective Lifetime
SNYK-JS-INFLIGHT-6095116		 141 Proof of Concept
Release notes
Package name: metalsmith
  • 2.6.3 - 2024-03-05

    Removed

    • Drops support for Node < 14.18.0 (4 minor, deprecated versions) to be able to use 'node:' protocol imports" b170cf0

    Updated

    • Updated README.md code samples, links, and troubleshooting section
    • Dependencies: 774a164
      • chokidar: 3.5.3 ▶︎ 3.6.0

    Fixed

    • Fixes ms.watch(false) unreliable behavior when the build errors. 0d8d791
  • 2.6.2 - 2023-11-15
    • TS fixes: add generic to Metalsmith.File, bring back Metalsmith.DoneCallback, add Metalsmith.Plugin promise signature 3ae6275
    • #394 Avoid leaking unhandled rejections in build/watch promises. cac48fc, 5b48dce
    • Fix a typo in CLI help message 642a176
  • 2.6.1 - 2023-07-11
    • 34239d9 Documents metalsmith.watch() getter signature in TS
    • a719025 Normalizes ms.watch().paths to an array, allows access to a subset of chokidar options as advertised
    • 5a516b2 Sets chokidar watchOption awaitWriteFinish to false, and batch timer to 0 to speed up watching
    • 23b0944 Fixes #389: ensure not missing watcher ready event to successfully launch build
    • 05265ce Fixes formatting issue in types JSdoc comments
  • 2.6.0 - 2023-05-29

    Added

    • [#356] Added Typescript support 58d22a3
    • Added --debug and --dry-run options to metalsmith (build) command 2d84fbe
    • Added --env option to metalsmith (build) command 9661ddc
    • Added Metalsmith CLI support for loading a .(c)js config. Reads from metalsmith.js as second default after metalsmith.json 45a4afe
    • Added support for running (C/M)JS config files from CLI 424e6ec
    • Dependencies:

    Removed

    • #231 Dropped support for Node < 14.14.0 80d8508
    • Dependencies:
      • rimraf: replaced with native Node.js methods ae05945
      • cross-spawn: baee1de

    Updated

    • Modernized Metalsmith CLI, prepared transition to imports instead of require 24fcffb 4929bc2
    • Dependencies:

    Fixed

    • Fixes a duplicate empty input check in metalsmith.match 60e173a
    • Gray-matter excerpts are removed from contents instead of being duplicated to the excerpt property 2bfe800
    • Gray-matter excerpts are trimmed acb363e

    Full Changelog: v2.5.1...v2.6.0

  • 2.5.1 - 2022-10-07
    • Dependencies: 774a164
      • debug: 4.3.3 ▶︎ 4.3.4
    • Clarified semver policy in README.md
    • Added SECURITY.md

    Fixed

    • Fixes #373: do not crash when postinstall script fails in specific environments
from metalsmith GitHub release notes

Important

  • Check the changes in this PR to ensure they won't cause issues with your project.
  • This PR was automatically created by Snyk using the credentials of a real user.
  • Max score is 1000. Note that the real score may have changed since the PR was raised.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

@snyk-bot
fix: upgrade metalsmith from 2.5.1 to 2.6.3
fb01630 
Snyk has created this PR to upgrade metalsmith from 2.5.1 to 2.6.3.

See this package in npm:
metalsmith

See this project in Snyk:
https://app.snyk.io/org/q1blue-rxw/project/9bc898c6-721d-42f7-93c9-845600113722?utm_source=github&utm_medium=referral&page=upgrade-pr
@netlify Netlify
Copy link

netlify bot commented May 24, 2024
edited
Loading

Deploy Preview for celebrated-lollipop-213a38 ready!

Name Link
🔨 Latest commit fb01630
🔍 Latest deploy log https://app.netlify.com/sites/celebrated-lollipop-213a38/deploys/6650cdec208a8a00083fb8e3
😎 Deploy Preview https://deploy-preview-29--celebrated-lollipop-213a38.netlify.app
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify site configuration.

# for free to join this conversation on GitHub. Already have an account? # to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
2 participants
@q1blue @snyk-bot