Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Snyk] Upgrade: bootstrap-icons, cropperjs, datatables.net, magnific-popup, summernote #1130

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

RohitM-IN
Copy link
Owner

snyk-top-banner

Snyk has created this PR to upgrade multiple dependencies.

👯 The following dependencies are linked and will therefore be updated together.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

Name Versions Released on

bootstrap-icons
from 1.5.0 to 1.11.3 | 21 versions ahead of your current version | 8 months ago
on 2024-01-03
cropperjs
from 1.5.12 to 1.6.2 | 4 versions ahead of your current version | 5 months ago
on 2024-04-21
datatables.net
from 1.11.2 to 1.13.11 | 16 versions ahead of your current version | 7 months ago
on 2024-02-27
magnific-popup
from 1.1.0 to 1.2.0 | 1 version ahead of your current version | 3 months ago
on 2024-06-08
summernote
from 0.8.18 to 0.8.20 | 2 versions ahead of your current version | 3 years ago
on 2021-10-14

Issues fixed by the recommended upgrade:

Issue Score Exploit Maturity
low severity Cross-site Scripting (XSS)
SNYK-JS-DATATABLESNET-1540544
476 Proof of Concept
Release notes
Package name: bootstrap-icons
  • 1.11.3 - 2024-01-03

    📖 Docs

    • #1835: Add the network tag to router and router-fill icons
    • #1889 and #1902: docs: trim query from search

    🧰 Maintenance

    • #1877: CI: switch to Node.js 20
    • #1888: Update svgo config

    📦 Dependencies

    • #1883: build(deps-dev): bump clean-css-cli from 5.6.2 to 5.6.3
    • #1884: build(deps-dev): bump svgo from 3.0.4 to 3.0.5
    • #1890: build(deps-dev): bump eslint from 8.54.0 to 8.55.0
    • #1891: build(deps-dev): bump postcss from 8.4.31 to 8.4.32
    • #1894: build(deps-dev): bump hugo-bin from 0.116.4 to 0.117.1
    • #1895: build(deps-dev): bump svgo from 3.0.5 to 3.1.0
    • #1896: build(deps-dev): bump postcss-cli from 10.1.0 to 11.0.0
    • #1900: build(deps): bump github/codeql-action from 2 to 3
    • #1901: build(deps-dev): bump eslint from 8.55.0 to 8.56.0
    • #1903: build(deps-dev): bump @ twbs/fantasticon from 2.7.1 to 2.7.2
    • #1909: build(deps-dev): bump hugo-bin from 0.117.1 to 0.118.0
    • #1910: build(deps-dev): bump stylelint and stylelint-config-twbs-bootstrap
    • #1912: build(deps-dev): bump stylelint from 16.0.2 to 16.1.0
    • #1914: build(deps-dev): bump svgo from 3.1.0 to 3.2.0
  • 1.11.2 - 2023-11-21

    📖 Docs

    • #1867: ban page: add block tag
    • #1875: Improve PNG compression
    • #1873: Fix Broken link in usage instructions
    • #1825: Docs: mention the CSS minified file

    🧰 Maintenance

    • #1855: README: add link to license

    📦 Dependencies

    • #1876: Update dependencies
    • #1872: Fix svg sprite
    • #1871: build(deps-dev): bump hugo-bin from 0.116.2 to 0.116.4
    • #1869: build(deps-dev): bump eslint from 8.52.0 to 8.54.0
    • #1850: build(deps-dev): bump fuse.js from 6.6.2 to 7.0.0
    • #1849: build(deps-dev): bump hugo-bin from 0.115.0 to 0.116.2
    • #1851: build(deps): bump actions/setup-node from 3 to 4
    • #1848: build(deps-dev): bump eslint from 8.50.0 to 8.52.0
    • #1847: build(deps-dev): bump stylelint from 15.10.3 to 15.11.0
    • #1846: build(deps-dev): bump npm-run-all2 from 6.0.6 to 6.1.1
    • #1827: build(deps-dev): bump postcss from 8.4.29 to 8.4.31
    • #1828: build(deps-dev): bump autoprefixer from 10.4.15 to 10.4.16
    • #1829: build(deps-dev): bump hugo-bin from 0.114.2 to 0.115.0
    • #1830: build(deps-dev): bump bootstrap from 5.3.1 to 5.3.2
    • #1831: build(deps-dev): bump eslint from 8.49.0 to 8.50.0
    • #1832: build(deps): bump actions/checkout from 3 to 4
  • 1.11.1 - 2023-09-17

    Changes

    • #1820: v1.11.1
    • #1814: Update new send icons tags
    • #1815: Added "gauge" tag to speedometer icon
    • #1816: Revert "Deploy: upload bootstrap icons zip"

    📦 Dependencies

    • #1812: Update devDependencies
  • 1.11.0 - 2023-09-12

    Changes

    📖 Docs

    • #1805: Add tags for icons added in v1.10.0
    • #1713: Add paper plane tag to send icons
    • #1785: Add comment to tags for chat icons
    • #1734: Updated "vehicle" tags
    • #1723: Improve color modes JS
    • #1725: Fix 'Spite' → 'Sprite' typo
    • #1715: docs: fix "Arrow bar down" page title

    🧰 Maintenance

    • #1707: Deploy: upload bootstrap icons zip

    📦 Dependencies

    • #1781: build(deps-dev): bump eslint from 8.45.0 to 8.46.0
    • #1779: build(deps-dev): bump bootstrap from 5.3.0 to 5.3.1
    • #1756: build(deps-dev): bump npm-run-all2 from 6.0.5 to 6.0.6
    • #1757: build(deps-dev): bump hugo-bin from 0.111.0 to 0.111.1
    • #1758: build(deps-dev): bump lockfile-lint from 4.10.5 to 4.10.6
    • #1755: build(deps-dev): bump postcss from 8.4.24 to 8.4.25
    • #1747: build(deps-dev): bump eslint from 8.43.0 to 8.44.0
    • #1726: build(deps-dev): bump bootstrap from 5.3.0-alpha3 to 5.3.0
    • #1728: build(deps-dev): bump lockfile-lint from 4.10.1 to 4.10.5
    • #1729: build(deps-dev): bump postcss from 8.4.23 to 8.4.24
    • #1730: build(deps-dev): bump eslint from 8.40.0 to 8.41.0
    • #1727: build(deps-dev): bump hugo-bin from 0.102.1 to 0.105.0
    • #1711: build(deps-dev): bump find-unused-sass-variables from 4.0.8 to 5.0.0
    • #1710: build(deps-dev): bump stylelint-config-twbs-bootstrap from 9.0.1 to 10.0.0
  • 1.10.5 - 2023-04-26

    Changes

    🚀 Features

    • #1684: Provide a minified font CSS file too

    📖 Docs

    • #1688: docs: reword CDN section
    • #1686: docs: build JS with esbuild

    🧰 Maintenance

    • #1694: Add a script to bump the version
    • #1663: build: switch to modules
    • #1684: Provide a minified font CSS file too
    • #1698: Deploy CI: build all icons too
    • #1695: CI: move lint to a separate workflow
    • #1683: package.json: add funding information
    • #1682: check-icons.js: remove dynamic extension
  • 1.10.4 - 2023-04-03

    🚀 Features

    • #731: docs: filter icons by URL search query
    • #1636: font: add license header
    • #1653: docs: change search function from list.js to fuse.js

    🐛 Bug fixes

    • #1521: Remove non-existent icons from font
    • #1566: Fix sass quoted string interpolation for hugo 0.110.0
    • #1645: Fix three icon font rendering issues
    • #1647: Update font SCSS template to use a loop thus reducing the SCSS filesize

    📖 Docs

    • #731: docs: filter icons by URL search query
    • #1561: Fix icons release and repo links
    • #1618: Docs: move color-modes to /assets/js
    • #1619: Backport color-modes.js from upstream
    • #1628: Fix theme toggle JavaScript and A11y
    • #1632: Remove unused Hugo partials
    • #1635: Update Bootstrap to v5.3.0-alpha2
    • #1637: sprite.html: fix wrong breadcrumb
    • #1638: Add missing tags and categories
    • #1644: Fix spacing and sizing of examples
    • #1651: Work around list.js not working with hyphens
    • #1652: docs: specify searchDelay: 250 for list.js
    • #1653: docs: change search function from list.js to fuse.js
    • #1655: config.yml: mount bootstrap.bundle.min.js in static folder
    • #1658: Add some tags to multiple icons
    • #1661: docs: use bootstrap.svg from the /assets/icons dir
    • #1679: Update bootstrap to v5.3.0-alpha3

    🧰 Maintenance

    • #1521: Remove non-existent icons from font
    • #1566: Fix sass quoted string interpolation for hugo 0.110.0
    • #1571: Fix minor error in README
    • #1617: Assorted JS tweaks
    • #1633: Update vnu-jar.js from upstream
    • #1636: font: add license header
    • #1647: Update font SCSS template to use a loop
    • #1648: package.json: specify q for zip
    • #1649: Tweak README.md
    • #1656: Update SVGO config: remove sortAttrs since it's enabled by default
    • #1657: build: add a script to check font JSON for differences with SVGs
    • #1660: Tweak check-icons.js
    • #1662: package.json: update icons-zip script to remove existent zip files first
    • #1669: CI: add permissions and limit triggers to main
    • #1681: package.json: add a few more keywords

    📦 Dependencies


    Full changelog: v1.10.3...v1.10.4

  • 1.10.3 - 2022-12-27

    Changes

    • #1545: Ship v1.10.3
    • #1544: Update Icons to Bootstrap v5.3.0-alpha1
    • #1524: Update build/font files

    📖 Docs

    • #824: Drop SVG sprite for font on docs homepage
    • #1518: Docs: load all JS files from node_modules
    • #1519: Docs: remove Slack
    • #1517: docs: remove the unused static/assets/css/bootstrap.min.css
    • #1515: docs: stop including Bootstrap JS twice

    📦 Dependencies

    • #1543: Update devDependencies
    • #1531: build(deps): bump decode-uri-component from 0.2.0 to 0.2.2
    • #1526: build(deps-dev): bump postcss-cli from 10.0.0 to 10.1.0
    • #1514: Update devDependencies
  • 1.10.2 - 2022-11-13

    Changes

    Fixes fill rules on five icons.

    📦 Dependencies

    • #1490: Update devDependencies
  • 1.10.1 - 2022-11-12

    Changes

    • #1488: Fix various fill rules
  • 1.10.0 - 2022-11-11

    Highlights

    Nearly 150 new icons added, including:

    • 22 new person icons
    • 26 new house icons
    • 24 new building icons, including a renamed building to buildings
    • 22 new database icons
    • 24 new street sign icons
    • New globe icons
    • New EV, taxi, bus, and scooter transportation icons
    • New rockets
    • and more!

    Changes

    • #1485: v1.10.0 prep
    • #1484: More v1.10.0 icons
    • #1468: v1.10.0: Add new icons
    • #1467: Fix fill rules and rotation of some icons

    🚀 Features

    • #706: Generate font page with Hugo

    🐛 Bug fixes

    • #1425: Adjust fill-rule of 1-circle-fill

    📖 Docs

    • #1433: Adding profile tag to user icons
    • #1403: adding remove tag to delete icons
    • #706: Generate font page with Hugo
    • #1379: Update Bootstrap to stable release
    • #1387: Add "aircraft" tag to airplane icons
    • #1389: update the count from 1,600 to 1,800

    📦 Dependencies

    • #1472: build(deps-dev): bump hugo-bin from 0.92.3 to 0.93.0
    • #1471: build(deps-dev): bump autoprefixer from 10.4.12 to 10.4.13
    • #1469: build(deps-dev): bump svg-sprite from 2.0.0 to 2.0.1
    • #1462: Update devDependencies
    • #1456: build(deps): bump @ xmldom/xmldom from 0.7.5 to 0.7.6
    • #1450: build(deps-dev): bump vnu-jar from 21.10.12 to 22.9.29
    • #1448: build(deps-dev): bump lockfile-lint from 4.9.3 to 4.9.5
    • #1449: build(deps-dev): bump svg-sprite from 2.0.0-beta7 to 2.0.0
    • #1447: build(deps-dev): bump stylelint from 14.12.1 to 14.13.0
    • #1446: build(deps-dev): bump hugo-bin from 0.92.1 to 0.92.2
    • #1445: build(deps-dev): bump postcss from 8.4.16 to 8.4.17
    • #1436: Update devDependencies and Bootstrap

Snyk has created this PR to upgrade:
  - bootstrap-icons from 1.5.0 to 1.11.3.
    See this package in npm: https://www.npmjs.com/package/bootstrap-icons
  - cropperjs from 1.5.12 to 1.6.2.
    See this package in npm: https://www.npmjs.com/package/cropperjs
  - datatables.net from 1.11.2 to 1.13.11.
    See this package in npm: https://www.npmjs.com/package/datatables.net
  - magnific-popup from 1.1.0 to 1.2.0.
    See this package in npm: https://www.npmjs.com/package/magnific-popup
  - summernote from 0.8.18 to 0.8.20.
    See this package in npm: https://www.npmjs.com/package/summernote

See this project in Snyk:
https://app.snyk.io/org/rootandroid58/project/1e8b090a-a56e-401c-bafb-f0cc084cf2c9?utm_source=github&utm_medium=referral&page=upgrade-pr
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants