Skip to content

[Snyk] Upgrade: , , , chalk, command-line-args, jsonc-parser, leven, tmp #1

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
lucentlabz merged 1 commit into from
Sep 11, 2024
Merged

[Snyk] Upgrade: , , , chalk, command-line-args, jsonc-parser, leven, tmp #1

lucentlabz merged 1 commit into from
Sep 11, 2024

Conversation

@lucentlabz
Copy link
Owner

@lucentlabz lucentlabz commented Sep 10, 2024

snyk-top-banner

Snyk has created this PR to upgrade multiple dependencies.

👯‍♂ The following dependencies are linked and will therefore be updated together.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

⚠️ Warning: This PR contains major version upgrade(s), and may be a breaking change.

Name Versions Released on

@iarna/toml
from 2.2.5 to 3.0.0 | 1 version ahead of your current version
⚠️ This is a major version upgrade, and may be a breaking change | 4 years ago
on 2020-04-23
@yarnpkg/libzip
from 2.3.0 to 3.1.0 | 54 versions ahead of your current version
⚠️ This is a major version upgrade, and may be a breaking change | 4 months ago
on 2024-05-08
@yarnpkg/fslib
from 2.10.4 to 3.1.0 | 55 versions ahead of your current version
⚠️ This is a major version upgrade, and may be a breaking change | 4 months ago
on 2024-05-08
chalk
from 4.1.2 to 5.3.0 | 7 versions ahead of your current version
⚠️ This is a major version upgrade, and may be a breaking change | a year ago
on 2023-06-29
command-line-args
from 5.2.1 to 6.0.0 | 2 versions ahead of your current version
⚠️ This is a major version upgrade, and may be a breaking change | 2 months ago
on 2024-07-05
jsonc-parser
from 3.2.1 to 3.3.1 | 2 versions ahead of your current version | 3 months ago
on 2024-06-24
leven
from 3.1.0 to 4.0.0 | 1 version ahead of your current version
⚠️ This is a major version upgrade, and may be a breaking change | 3 years ago
on 2021-08-10
tmp
from 0.2.1 to 0.2.3 | 2 versions ahead of your current version | 6 months ago
on 2024-02-29

Issues fixed by the recommended upgrade:

Issue Score Exploit Maturity
medium severity Missing Release of Resource after Effective Lifetime
SNYK-JS-INFLIGHT-6095116		 631 Proof of Concept
Release notes
Package name: @iarna/toml from @iarna/toml GitHub release notes
Package name: @yarnpkg/libzip
  • 3.1.0 - 2024-05-08
  • 3.0.1 - 2024-01-30
  • 3.0.0 - 2023-10-22
  • 3.0.0-rc.53 - 2023-10-03
  • 3.0.0-rc.52 - 2023-09-29
  • 3.0.0-rc.51 - 2023-09-17
  • 3.0.0-rc.50 - 2023-08-23
  • 3.0.0-rc.49 - 2023-08-17
  • 3.0.0-rc.48 - 2023-07-02
  • 3.0.0-rc.47 - 2023-06-29
  • 3.0.0-rc.46 - 2023-06-22
  • 3.0.0-rc.45 - 2023-06-01
  • 3.0.0-rc.44 - 2023-05-17
  • 3.0.0-rc.43 - 2023-05-01
  • 3.0.0-rc.42 - 2023-03-30
  • 3.0.0-rc.41 - 2023-03-27
  • 3.0.0-rc.40 - 2023-03-05
  • 3.0.0-rc.39 - 2023-02-08
  • 3.0.0-rc.38 - 2023-02-04
  • 3.0.0-rc.37 - 2023-01-29
  • 3.0.0-rc.36 - 2023-01-18
  • 3.0.0-rc.35 - 2023-01-09
  • 3.0.0-rc.34 - 2022-12-20
  • 3.0.0-rc.33 - 2022-12-11
  • 3.0.0-rc.32 - 2022-11-30
  • 3.0.0-rc.31 - 2022-11-22
  • 3.0.0-rc.30 - 2022-11-18
  • 3.0.0-rc.29 - 2022-11-16
  • 3.0.0-rc.28 - 2022-11-10
  • 3.0.0-rc.27 - 2022-10-28
  • 3.0.0-rc.26 - 2022-10-18
  • 3.0.0-rc.25 - 2022-10-10
  • 3.0.0-rc.24 - 2022-10-08
  • 3.0.0-rc.23 - 2022-10-08
  • 3.0.0-rc.22 - 2022-09-28
  • 3.0.0-rc.21 - 2022-09-26
  • 3.0.0-rc.20 - 2022-09-19
  • 3.0.0-rc.18 - 2022-09-06
  • 3.0.0-rc.17 - 2022-09-06
  • 3.0.0-rc.16 - 2022-09-06
  • 3.0.0-rc.15 - 2022-08-24
  • 3.0.0-rc.14 - 2022-07-21
  • 3.0.0-rc.12 - 2022-07-13
  • 3.0.0-rc.11 - 2022-07-01
  • 3.0.0-rc.10 - 2022-06-24
  • 3.0.0-rc.9 - 2022-06-10
  • 3.0.0-rc.8 - 2022-06-09
  • 3.0.0-rc.7 - 2022-06-08
  • 3.0.0-rc.6 - 2022-05-16
  • 3.0.0-rc.5 - 2022-05-09
  • 3.0.0-rc.4 - 2022-05-01
  • 3.0.0-rc.3 - 2022-04-26
  • 3.0.0-rc.2 - 2022-04-12
  • 3.0.0-rc.1 - 2022-04-07
  • 2.3.0 - 2023-03-16
from @yarnpkg/libzip GitHub release notes
Package name: @yarnpkg/fslib
  • 3.1.0 - 2024-05-08
  • 3.0.2 - 2024-01-30
  • 3.0.1 - 2023-10-28
  • 3.0.0 - 2023-10-22
  • 3.0.0-rc.53 - 2023-10-03
  • 3.0.0-rc.52 - 2023-09-29
  • 3.0.0-rc.51 - 2023-09-17
  • 3.0.0-rc.50 - 2023-08-23
  • 3.0.0-rc.49 - 2023-08-17
  • 3.0.0-rc.48 - 2023-07-02
  • 3.0.0-rc.47 - 2023-06-29
  • 3.0.0-rc.46 - 2023-06-22
  • 3.0.0-rc.45 - 2023-06-01
  • 3.0.0-rc.44 - 2023-05-17
  • 3.0.0-rc.43 - 2023-05-01
  • 3.0.0-rc.42 - 2023-03-30
  • 3.0.0-rc.41 - 2023-03-27
  • 3.0.0-rc.40 - 2023-03-05
  • 3.0.0-rc.39 - 2023-02-08
  • 3.0.0-rc.38 - 2023-02-04
  • 3.0.0-rc.37 - 2023-01-29
  • 3.0.0-rc.36 - 2023-01-18
  • 3.0.0-rc.35 - 2023-01-09
  • 3.0.0-rc.34 - 2022-12-20
  • 3.0.0-rc.33 - 2022-12-11
  • 3.0.0-rc.32 - 2022-11-30
  • 3.0.0-rc.31 - 2022-11-22
  • 3.0.0-rc.30 - 2022-11-18
  • 3.0.0-rc.29 - 2022-11-16
  • 3.0.0-rc.28 - 2022-11-10
  • 3.0.0-rc.27 - 2022-10-28
  • 3.0.0-rc.26 - 2022-10-18
  • 3.0.0-rc.25 - 2022-10-10
  • 3.0.0-rc.24 - 2022-10-08
  • 3.0.0-rc.23 - 2022-10-08
  • 3.0.0-rc.22 - 2022-09-28
  • 3.0.0-rc.21 - 2022-09-26
  • 3.0.0-rc.20 - 2022-09-19
  • 3.0.0-rc.18 - 2022-09-06
  • 3.0.0-rc.17 - 2022-09-06
  • 3.0.0-rc.16 - 2022-09-06
  • 3.0.0-rc.15 - 2022-08-24
  • 3.0.0-rc.14 - 2022-07-21
  • 3.0.0-rc.12 - 2022-07-13
  • 3.0.0-rc.11 - 2022-07-01
  • 3.0.0-rc.10 - 2022-06-24
  • 3.0.0-rc.9 - 2022-06-10
  • 3.0.0-rc.8 - 2022-06-09
  • 3.0.0-rc.7 - 2022-06-08
  • 3.0.0-rc.6 - 2022-05-16
  • 3.0.0-rc.5 - 2022-05-09
  • 3.0.0-rc.4 - 2022-05-01
  • 3.0.0-rc.3 - 2022-04-26
  • 3.0.0-rc.2 - 2022-04-12
  • 3.0.0-rc.1 - 2022-04-07
  • 2.10.4 - 2024-02-01
from @yarnpkg/fslib GitHub release notes
Package name: chalk from chalk GitHub release notes
Package name: command-line-args
  • 6.0.0 - 2024-07-05

    This is a non-functional release intended to refresh the codebase and dependency tree. There are no changes to the library's API or behaviour.

    Breaking changes since 5.2.1

    • Dropped support for Node versions less than v12.20

    Misc other improvements

    • The package is now a native ES6 module while still maintaining support for CommonJS
    • All dependencies updated to their latest version

    Upgrade Notes

    • If you're using Node v12.20 or above it's safe to upgrade with zero changes to your code.
    • Users of older versions of Node should stick with command-line-args v5.2.1.
  • 6.0.0-preview.1 - 2018-06-25

    6.0.0-preview.1

  • 5.2.1 - 2022-01-29

    5.2.1

from command-line-args GitHub release notes
Package name: jsonc-parser
  • 3.3.1 - 2024-06-24

    Changes:

    • #92: remove exports, prepare 3.3.1

    This list of changes was auto generated.

  • 3.3.0 - 2024-06-24

    Changes:

    Feature Requests:

    • #11: Can we have a "insertFinalNewline" option in "FormattingOptions"?
    • #4: Source map referenced but not included in published package

    Bugs:

    • #33: Formatting valid json content is causing an invalid json
    • #40: parseTree() returns undefined on empty string input

    Others:

    • #90: prepare 3.3.0
    • #88: Allow the visitor to cease callbacks
    • #89: Bump braces from 3.0.2 to 3.0.3
    See More
    • #84: prepare 3.2.1
    • #81: perf(format): cache breaklines and spaces as much as possible
    • #79: update dependencies
    • #75: ci: add batch
    • #72: delete pr-chat action
    • #71: add publish pipeline & cleanup ci
    • #70: set preserveConstEnums: true, switch to es2020
    • #69: sort edits in applyEdits
    • #66: An additional parameter keepLines has been added into the formatting options which allows to keep the original line formatting
    • #64: Adding Microsoft SECURITY.MD
    • #62: Add JSON path supplier parameter to visitor functions
    • #44: findNodeAtLocation does not handle incomplete property pair
    • #61: Update API section in README
    • #53: Clarify whether / how Edit[] can be concatenated
    • #46: Non-standard whitespace handling
    • #47: Improve README
    • #54: readme: improve ParseOptions documentation
    • #43: Add file extenstion to typings property value
    • #34: Optimize parseLiteral for number-heavy JSON files (ala GeoJSON)
    • #39: Bump lodash from 4.17.15 to 4.17.19
    • #35: Allow for array modifications, add inPlace formatting option.
    • #32: Parse errors make parsed tree useless
    • #31: Upgrading from 2.1.1 to 2.2.0 has diagnostic for file with only comments
    • #25: Fix typo in README
    • #24: parse function should include properties with empty string as their keys
    • #21: Update README.md
    • #18: JavaScipt -> JavaScript
    • #17: add line and column information to scanner and visitor
    • #15: Fix a few typos in doc comments
    • #12: Do not mutate the given path
    • #9: Refactor computeIndentLevel method
    • #8: Fix typo of token
    • #6: Allow trailing commas in array
    • #5: add JSON formatter and editor from VS Code
    • #1: Error objects should also contain location information

    This list of changes was auto generated.

  • 3.2.1 - 2024-01-22

    prepare 3.2.1 (#84)

from jsonc-parser GitHub release notes
Package name: leven from leven GitHub release notes
Package name: tmp from tmp GitHub release notes

Important

  • Warning: This PR contains a major version upgrade, and may be a breaking change.
  • Check the changes in this PR to ensure they won't cause issues with your project.
  • This PR was automatically created by Snyk using the credentials of a real user.
  • Max score is 1000. Note that the real score may have changed since the PR was raised.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

@snyk-bot
feat: upgrade multiple dependencies with Snyk
08f9186 
Snyk has created this PR to upgrade:
  - @iarna/toml from 2.2.5 to 3.0.0.
    See this package in npm: https://www.npmjs.com/package/@iarna/toml
  - @yarnpkg/libzip from 2.3.0 to 3.1.0.
    See this package in npm: https://www.npmjs.com/package/@yarnpkg/libzip
  - @yarnpkg/fslib from 2.10.4 to 3.1.0.
    See this package in npm: https://www.npmjs.com/package/@yarnpkg/fslib
  - chalk from 4.1.2 to 5.3.0.
    See this package in npm: https://www.npmjs.com/package/chalk
  - command-line-args from 5.2.1 to 6.0.0.
    See this package in npm: https://www.npmjs.com/package/command-line-args
  - jsonc-parser from 3.2.1 to 3.3.1.
    See this package in npm: https://www.npmjs.com/package/jsonc-parser
  - leven from 3.1.0 to 4.0.0.
    See this package in npm: https://www.npmjs.com/package/leven
  - tmp from 0.2.1 to 0.2.3.
    See this package in npm: https://www.npmjs.com/package/tmp

See this project in Snyk:
https://app.snyk.io/org/lucentlabz/project/55ef41f9-4f36-41e7-bad0-ae31e46f0795?utm_source=github&utm_medium=referral&page=upgrade-pr
@lucentlabz lucentlabz merged commit f3d229b into main Sep 11, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@lucentlabz @snyk-bot