Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Snyk] Upgrade metalsmith from 2.3.0 to 2.4.1 #57

Open
wants to merge 1 commit into
base: main
Choose a base branch
from

Conversation

snyk-bot
Copy link

Snyk has created this PR to upgrade metalsmith from 2.3.0 to 2.4.1.

merge advice
ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.


  • The recommended version is 2 versions ahead of your current version.
  • The recommended version was released 24 days ago, on 2022-01-31.
Release notes
Package name: metalsmith
  • 2.4.1 - 2022-01-31

    Fixed

    Bugfix: include index.js in package.json files

    Unfortunately release 2.4.0 missed the index.js file and was only usable by doing require('metalsmith/lib'). For this reason the release notes from 2.4.0 are re-included below:

    Added

    • #338 Added Metalsmith#match method. Plugins no longer need to require a matching library 705c4bb, f01c724
    • #358 Added TS-style JSdocs 828b17e
    • Use native fs.rm instead of rimraf when available (Node 14.4+) fcbb76e, 66e4376
    • #226 Allow passing a gray-matter options object to Metalsmith#frontmatter a6438d2
    • Modernized dev setup ef7b781
    • Added 8 new tests (match method, front-matter options, path & symbolic link handling)
    • Files object file paths are now guaranteed to be sorted aphabetically. 4eb1184
    • #211 Metalsmith#build now returns a promise which you can attach a then/catch to or await. The build callback model is still available. 6d5a42d

    Removed

    Updated

    • Dependencies: 75e6878

      • chalk: 1.1.3 ▶︎ 3.0.0
      • gray-matter: 2.0.0 ▶︎ 4.0.3
      • stat-mode: 0.2.0 ▶︎ 1.0.0
      • rimraf: 2.2.8 ▶︎ 3.0.2
      • ware: 1.2.0 ▶︎ 1.3.0
      • commander (used in CLI): 2.15.1 ▶︎ 6.2.1
      • win-fork (used in CLI): replaced with cross-spawn:7.0.3
    • Updated CHANGELOG.md format to follow “Keep A Changelog” (#266) (@ Zearin)

    Fixed

    • #206 Metalsmith#ignore now only matches paths relative to Metalsmith#source (as it should). See linked issue for details 4eb1184
    • #226 Metalsmith will no longer 'swallow' errors on invalid front-matter, they will be passed to Metalsmith#build a6438d2
    • Fix test error on Windows #158 (@ moozzyk)
    • #281 Metalsmith now properly handles symbolic links (will throw an ENOENT error or they can be Metalsmith#ignore'd) 4eb1184
    • #178 Metalsmith#ignore now removes the matched files before they are statted for glob-based ignores (saving some perf & potential errors).
    • #295 Metalsmith now catches all FS errors and passes them to the build callback/ thenable appropriately.

    Security

    • Replace all occurences of new Buffer with Buffer.from

    npm audit vulnerability fixes

    • Development Dependencies:
      • coveralls: 2.11.6 ▶︎ 3.0.1 (#308) (@ Zearin)
        Fix 5 “Moderate” vulnerabilities
      • metalsmith-markdown: 0.2.1 ▶︎ 0.2.2 (#312) (@ Zearin)
        Fix 1 “Low” vulnerability
  • 2.4.0 - 2022-01-31

    Unfortunately this release missed the index.js file and is only usable by doing require('metalsmith/lib'). This has quickly been fixed in 2.4.1 and the release notes ported to it

    Added

    • #338 Added Metalsmith#match method. Plugins no longer need to require a matching library 705c4bb, f01c724
    • #358 Added TS-style JSdocs 828b17e
    • Use native fs.rm instead of rimraf when available (Node 14.4+) fcbb76e, 66e4376
    • #226 Allow passing a gray-matter options object to Metalsmith#frontmatter a6438d2
    • Modernized dev setup ef7b781
    • Added 8 new tests (match method, front-matter options, path & symbolic link handling)
    • Files object file paths are now guaranteed to be sorted aphabetically. 4eb1184
    • #211 Metalsmith#build now returns a promise which you can attach a then/catch to or await. The build callback model is still available. 6d5a42d

    Removed

    Updated

    • Dependencies: 75e6878

      • chalk: 1.1.3 ▶︎ 3.0.0
      • gray-matter: 2.0.0 ▶︎ 4.0.3
      • stat-mode: 0.2.0 ▶︎ 1.0.0
      • rimraf: 2.2.8 ▶︎ 3.0.2
      • ware: 1.2.0 ▶︎ 1.3.0
      • commander (used in CLI): 2.15.1 ▶︎ 6.2.1
      • win-fork (used in CLI): replaced with cross-spawn:7.0.3
    • Updated CHANGELOG.md format to follow “Keep A Changelog” (#266) (@ Zearin)

    Fixed

    • #206 Metalsmith#ignore now only matches paths relative to Metalsmith#source (as it should). See linked issue for details 4eb1184
    • #226 Metalsmith will no longer 'swallow' errors on invalid front-matter, they will be passed to Metalsmith#build a6438d2
    • Fix test error on Windows #158 (@ moozzyk)
    • #281 Metalsmith now properly handles symbolic links (will throw an ENOENT error or they can be Metalsmith#ignore'd) 4eb1184
    • #178 Metalsmith#ignore now removes the matched files before they are statted for glob-based ignores (saving some perf & potential errors).
    • #295 Metalsmith now catches all FS errors and passes them to the build callback/ thenable appropriately.

    Security

    • Replace all occurences of new Buffer with Buffer.from

    npm audit vulnerability fixes

    • Development Dependencies:
      • coveralls: 2.11.6 ▶︎ 3.0.1 (#308) (@ Zearin)
        Fix 5 “Moderate” vulnerabilities
      • metalsmith-markdown: 0.2.1 ▶︎ 0.2.2 (#312) (@ Zearin)
        Fix 1 “Low” vulnerability
  • 2.3.0 - 2016-10-28

    Added

    • Add packaging metadata to build the metalsmith snap (#249)

    Updated

    • Update dependencies (#246)

    Removed

    • Remove unused dependencies

    Fixed

    • Fix error when reading a symbolic link to a dir (#229)

    Security

    • Upgrade dependency to include security fix (#258)
from metalsmith GitHub release notes
Commit messages
Package name: metalsmith

Compare


Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

i18n: Create Handlebars helper for dynamic navigation
1 participant