[Snyk] Upgrade metalsmith from 2.3.0 to 2.4.2 #44
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Snyk has created this PR to upgrade metalsmith from 2.3.0 to 2.4.2.
ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
Release notes
Package name: metalsmith
Updated
af9dec0
chalk
: 3.0.0 ▶︎ 4.1.2Fixed
ebf82f4
Fixed
Bugfix: include index.js in package.json files
Unfortunately release 2.4.0 missed the index.js file and was only usable by doing require('metalsmith/lib'). For this reason the release notes from 2.4.0 are re-included below:
Added
Metalsmith#match
method. Plugins no longer need to require a matching library705c4bb
,f01c724
828b17e
fs.rm
instead ofrimraf
when available (Node 14.4+)fcbb76e
,66e4376
Metalsmith#frontmatter
a6438d2
ef7b781
4eb1184
Metalsmith#build
now returns a promise which you can attach athen/catch
to orawait
. The build callback model is still available.6d5a42d
Removed
2db47f5
,75e6878
has-generators
: obsolete in supported Node versions2db47f5
absolute
replaced with native Nodepath.isAbsolute
c05f9e2
(@ Zearin)is
replaced with own implementation7eaac9e2
,54dba0c1
(@ Zearin)recursive-readdir
: replaced with own implementation4eb1184
Updated
Dependencies:
75e6878
chalk
: 1.1.3 ▶︎ 3.0.0gray-matter
: 2.0.0 ▶︎ 4.0.3stat-mode
: 0.2.0 ▶︎ 1.0.0rimraf
: 2.2.8 ▶︎ 3.0.2ware
: 1.2.0 ▶︎ 1.3.0commander
(used in CLI): 2.15.1 ▶︎ 6.2.1win-fork
(used in CLI): replaced withcross-spawn
:7.0.3Updated
CHANGELOG.md
format to follow “Keep A Changelog” (#266) (@ Zearin)Fixed
Metalsmith#ignore
now only matches paths relative toMetalsmith#source
(as it should). See linked issue for details4eb1184
Metalsmith#build
a6438d2
Metalsmith#ignore
'd)4eb1184
Metalsmith#ignore
now removes the matched files before they arestatted
for glob-based ignores (saving some perf & potential errors).Security
new Buffer
withBuffer.from
npm audit
vulnerability fixescoveralls
: 2.11.6 ▶︎ 3.0.1 (#308) (@ Zearin)Fix 5 “Moderate” vulnerabilities
metalsmith-markdown
: 0.2.1 ▶︎ 0.2.2 (#312) (@ Zearin)Fix 1 “Low” vulnerability
Unfortunately this release missed the index.js file and is only usable by doing
require('metalsmith/lib')
. This has quickly been fixed in 2.4.1 and the release notes ported to itAdded
Metalsmith#match
method. Plugins no longer need to require a matching library705c4bb
,f01c724
828b17e
fs.rm
instead ofrimraf
when available (Node 14.4+)fcbb76e
,66e4376
Metalsmith#frontmatter
a6438d2
ef7b781
4eb1184
Metalsmith#build
now returns a promise which you can attach athen/catch
to orawait
. The build callback model is still available.6d5a42d
Removed
2db47f5
,75e6878
has-generators
: obsolete in supported Node versions2db47f5
absolute
replaced with native Nodepath.isAbsolute
c05f9e2
(@ Zearin)is
replaced with own implementation7eaac9e2
,54dba0c1
(@ Zearin)recursive-readdir
: replaced with own implementation4eb1184
Updated
Dependencies:
75e6878
chalk
: 1.1.3 ▶︎ 3.0.0gray-matter
: 2.0.0 ▶︎ 4.0.3stat-mode
: 0.2.0 ▶︎ 1.0.0rimraf
: 2.2.8 ▶︎ 3.0.2ware
: 1.2.0 ▶︎ 1.3.0commander
(used in CLI): 2.15.1 ▶︎ 6.2.1win-fork
(used in CLI): replaced withcross-spawn
:7.0.3Updated
CHANGELOG.md
format to follow “Keep A Changelog” (#266) (@ Zearin)Fixed
Metalsmith#ignore
now only matches paths relative toMetalsmith#source
(as it should). See linked issue for details4eb1184
Metalsmith#build
a6438d2
Metalsmith#ignore
'd)4eb1184
Metalsmith#ignore
now removes the matched files before they arestatted
for glob-based ignores (saving some perf & potential errors).Security
new Buffer
withBuffer.from
npm audit
vulnerability fixescoveralls
: 2.11.6 ▶︎ 3.0.1 (#308) (@ Zearin)Fix 5 “Moderate” vulnerabilities
metalsmith-markdown
: 0.2.1 ▶︎ 0.2.2 (#312) (@ Zearin)Fix 1 “Low” vulnerability
Added
Updated
Removed
Fixed
Security
Commit messages
Package name: metalsmith
Compare
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.
For more information:
🧐 View latest project report
🛠 Adjust upgrade PR settings
🔕 Ignore this dependency or unsubscribe from future upgrade PRs