[Snyk] Upgrade @11ty/eleventy from 2.0.1 to 3.0.0

[Sec32fun32]

Snyk has created this PR to upgrade @11ty/eleventy from 2.0.1 to 3.0.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

⚠️ Warning: This PR contains major version upgrade(s), and may be a breaking change.

• The recommended version is 25 versions ahead of your current version.

• The recommended version was released 3 months ago.

Release notes

Package name: @11ty/eleventy

• 3.0.0 - 2024-10-01
  

  We did it. After 22 pre-releases and over a year of work, Eleventy 3.0.0 is now available. You can try it out now on your project using:

  npm install @11ty/eleventy@latest

  If you’re upgrading from a previous version of Eleventy, use the Upgrade Help plugin for automated checks and help with your upgrade!

  Why should you use Eleventy? Eleventy is a flexible and production-ready site generator known for its zero-client JavaScript footprint, speedy sites, speedy builds, and full control over the output.

  A few numbers on the best version of Eleventy yet:

  Stats	v2.0.1	v3.0.0
  20% smaller	35.2 MB	28.1 MB
  11% fewer dependencies	213	189
  9% faster npm install	4.511s*	4.103s*

  *fastest time of 3 runs (bypassing local cache)

  Flagship 3.0 features

  1. Eleventy is now written in ESM with full support for ESM in your projects: configuration, data files, 11ty.js templates, etc. For many projects this won’t be a breaking change and we’ll continue to support CommonJS too. Every example on the docs now includes both a CommonJS and ESM version. Docs: https://v3.11ty.dev/docs/cjs-esm/
  // ESM
  export default function(eleventyConfig) {}

  // We’ll keep supporting CommonJS:
  module.exports = function(eleventyConfig) {}

  2. Supporting more package managers and runtimes: pnpm, yarn, Deno. More examples on the docs! https://v3.11ty.dev/docs/
  3. Asynchronous configuration #614 Docs: https://v3.11ty.dev/docs/config/
  // ESM
  export default async function(eleventyConfig) {}

  // CommonJS
  module.exports = async function(eleventyConfig) {}

  4. For-free performance improvement to built-in slugify, inputPathToUrl universal filters (via memoization) #840 Docs: https://v3.11ty.dev/docs/memoize/
  5. Named config export improves consistency for plugins #3246 and set*Directory configuration API methods #1503 Docs: https://v3.11ty.dev/docs/config-shapes/#optional-export-config-object and https://v3.11ty.dev/docs/config/#configuration-options
  export default function(eleventyConfig) {
  eleventyConfig.setInputDirectory(".");
  eleventyConfig.setOutputDirectory("_site");
  };

  export const config = {
  dir: {
  input: ".",
  output: "_site"
  },
  };

  6. Virtual Templates, configuration API to add content (great for plugins, used by the new RSS plugin!) #1612 Docs: https://v3.11ty.dev/docs/virtual-templates/

  export default function(eleventyConfig) {
    eleventyConfig.addTemplate("robots.njk", "User-agent: *\nAllow: /", {
      permalink: "/robots.txt",
    });
  };

  7. IdAttribute plugin adds id attributes to headings for on-page anchor links (supports all template-languages) #3363 Docs: https://v3.11ty.dev/docs/plugins/id-attribute/

  <h1>Welcome to my web site</h1> becomes <h1 id="welcome-to-my-web-site">Welcome to my web site</h1>

  8. Plain-text Bundler included: https://v3.11ty.dev/docs/plugins/bundle/

  export default function(eleventyConfig) {
    eleventyConfig.addBundle("css"); // Adds {% css %} paired shortcode to create per-page CSS bundles
  };

  9. InputPath to URL plugin lets you link directly to an input file path (and we’ll output the right URL) Docs: https://www.11ty.dev/docs/plugins/inputpath-to-url/

  <a href="my-template.md">Home</a> becomes <a href="/my-template/">Home</a>

  10. Use arbitrary JavaScript with the js Front Matter #2819 Docs: https://v3.11ty.dev/docs/data-frontmatter/#javascript-front-matter

  ---js
  const hello = "hi";
  ---
  {{ hello }}

  11. page.rawInput unlocks access to raw template content #1206 https://v3.11ty.dev/docs/data-eleventy-supplied/#page-variable
  12. addPreprocessor configuration API to modify raw content before rendering works for file ignores and drafts #188 Docs: https://v3.11ty.dev/docs/config-preprocessors/
  13. addDateParsing configuration API to add your own custom date parsing logic #867 Docs: https://v3.11ty.dev/docs/dates/#configuration-api-for-custom-date-parsing
  14. eleventyDataSchema data option to validate data cascade values #879 Docs: https://v3.11ty.dev/docs/data-validate/
  15. Reserved Eleventy properties in data cascade are now frozen #1173 Docs: https://v3.11ty.dev/docs/data-eleventy-supplied/#frozen-data
  16. Support for asynchronous plugins and async-friendly addPlugin configuration API #2675 Docs: https://v3.11ty.dev/docs/plugins/#plugins-are-configuration
  17. useLayouts option for Custom Template Languages allows opt-out of Eleventy Layouts #2830 Docs: https://v3.11ty.dev/docs/languages/custom/#uselayouts
  18. renderTransforms Universal Filter will run project transforms on an arbitrary block of content (useful for RSS and other feeds) #3294
  19. --incremental=filename.md on the command line #3324 Docs: https://v3.11ty.dev/docs/usage/#incremental-for-partial-incremental-builds
  20. renderContent Universal Filter now included with Render Plugin #3370 Docs: https://v3.11ty.dev/docs/plugins/render/#rendercontent-filter
  21. Dev Server updates including onRequest API for handling requests dynamically during development (used with the new Image Transform plugin)

  Breaking Changes and Upgrade Path

  Rather than navigating this list manually, use the Upgrade Help plugin for automated project checks and upgrade help!

  • Requires Node 18 or newer.
  • Removes Serverless and Edge plugins.
  • Use of bundled Eleventy plugins from CommonJS requires changing require("@ 11ty/eleventy") to await import("@ 11ty/eleventy") for ESM reasons. We provide helpful error messaging for this.
  • pug, ejs, haml, mustache, and handlebars template languages moved from core to official plugins:
    • handlebars: https://v3.11ty.dev/docs/languages/handlebars/
    • mustache: https://v3.11ty.dev/docs/languages/mustache/
    • ejs: https://v3.11ty.dev/docs/languages/ejs/
    • haml: https://v3.11ty.dev/docs/languages/haml/
    • pug: https://v3.11ty.dev/docs/languages/pug/
  • Throw errors if --config= command line file is missing #3373
  • The htmlOutputSuffix feature was removed #3327
  • Aliased custom templates must be declared in active formats #3302
  • --formats= and --formats="" on command line means no formats (previously aliased to *) #3255
  • Custom Template Language compileOptions.permalink option changed from true to "raw" #2780
  • Major semver updates of dependencies:
    • js-yaml v3 to v4 Changelog
      • Better error messaging when using tabs in YAML
      • Numbers are now parsed according to YAML 1.2 spec (from 1.1)
    • @ sindresorhus/slugify v2 to v3 Changelog: Node 12+, Pure ESM
    • bcp-47-normalize v1 to v2 Changelog: Pure ESM
    • dependency-graph v0.x to v1 Changelog
    • iso-639-1 v2 to v3 Changelog: Pure ESM
    • markdown-it v13 to v14 Changelog: Pure ESM, removed dist folder
  • Full list of breaking changes

  Minutiae

  • Packages are now published using npm package provenance.
  • The code base is using tabs 😱😈 #3098

  Full Eleventy v3 Milestone (177 closed): https://github.com/11ty/eleventy/milestone/40?closed=1
  Full Changelog: v2.0.1...v3.0.0

  Thank You Notes

  This release would not have been possible without our community and supporters.

  • To everyone that has built something with Eleventy: thank you!
  • To everyone that has answered a question about Eleventy: on the Discord, on social media, in GitHub issues or discussion, at your local meetup or coffee shop: thank you!
  • To everyone that attended the 11ty Conference earlier this year: thank you!
  • To everyone that brought a well-intentioned complaint about something you didn’t like about Eleventy: thank you!
  • To everyone that dropped a few nice words of appreciation: thank you!
  • To everyone that has supported us and made this release possible: thank you!

  Thank you to @ bobmonsour, @ pdehaan, @ Snapstromegon, @ cdransf, @ 5t3ph, @ BenDMyers, @ siakaramalegos, @ shivjm, @ dleatherman, @ darthmall, @ clottman, @ nachtfunke, @ David-Large, Olivia Nicholson, and @ mneumegen for their community contributions!

  Thank you for the code contributions from @ VividVisions, @ mayank99, @ Zearin, @ chriskirknielsen, @ mendhak, @ fqueze, @ shivjm, @ rdela, @ w0whitaker, @ vrugtehagel, @ sachac, @ Snapstromegon, @ alifeee, @ uncenter, @ Zwyx, @ mayankkamboj47, @ aschrab, @ jgarber623, @ korverdev, @ mathertel, @ mathieuprog, @ epelc, @ Ryuno-Ki, @ lexoyo, @ satgo1546, @ KiwiKilian

• 3.0.0-beta.2 - 2024-09-30
  

  What's Changed from 3.0.0-beta.1

  • Includes Dev Server v2.0.4:
    • https://github.com/11ty/eleventy-dev-server/releases/tag/v2.0.4
    • https://github.com/11ty/eleventy-dev-server/releases/tag/v2.0.3
    • Add your own headers (e.g. CORS)
    • Improvements to DOM Diff algorithm for Declarative Shadow DOM, Custom Elements, inline <script>.
  • Fix issue with front matter updates on subsequent builds #3397: #3421
  • Fix TemplateContentUnrenderedTemplateError issue during incremental builds #3410
  • Fix wildcard in extensions argument in .addPreprocessor() by @ vrugtehagel in #3418
  • Add support for relative paths in InputPath to URL Plugin #3417
  • Commit lockfile for consistent CI by @ uncenter in #3100
  • fix #3425 import of Liquid.js by @ lexoyo in #3426
  • fix: encodeURI for passthrough aliases by @ satgo1546 in #3346
  • Add flag to run event handlers sequentially by @ vrugtehagel in #3423
  • Add --loader flag to force ESM/CJS mode by @ vrugtehagel in #3377
  • Fixes conflicts with existing id attributes from IdAttributePlugin #3430
  • Adds filter callback to IdAttributePlugin #3430
  • Adds eleventyConfig.once method for events 7a96035
  • Fix type of HtmlTransformer plugins attribute by @ aschrab in #3403
  • Fix: missing logger when a transform returns an empty string
  • Internals: adds enabled callback to HtmlTransformer
  • addPreprocessor support for 11ty.js and Custom templates (via useJavaScriptImport property) in #3452
  • Better error messaging on templates that output to files without file extensions (with project or data-cascade opt-out) #3399
  • Adds eleventy:id-ignore opt-out for Id Attribute plugin 98f7edc
  • Fixes Bundle Plugin to remove nodes that try to use empty bundles: 26c0fcf 11ty/eleventy-plugin-bundle#8

  Minutiae

  Full Changelog: v3.0.0-beta.1...v3.0.0-beta.2
  Full Eleventy v3 Milestone (176 closed): https://github.com/11ty/eleventy/milestone/40?closed=1

• 3.0.0-beta.1 - 2024-07-31
  

  We did it. It’s happening. After 18 alpha pre-releases and over a year of work, our very first beta release of Eleventy 3.0 is now available. We’re still working on shipping documentation for some of these features but you can try it out now on your project using:

  npm install @11ty/eleventy@beta

  If you’re upgrading, use the Upgrade Help plugin for automated project checks and help!

  A few numbers on the best version of Eleventy yet:

  Stats	v2.0.1	v3.0.0-beta.1
  23% smaller	35.2 MB	27.1 MB
  6.6% fewer third-party dependencies	210	196
  21.7% faster npm install	6.572s*	5.146s*

  (*fastest time of 3 runs bypassing cache)

  🙌🏻🚨 We still need your help! 🚨🙌🏻

  11ty is now operating independently, with full time development and maintenance funded by our Open Collective supporters. We need your help to keep going! We have a goal of $6000 USD recurring monthly budget. Read more about this fundraising push and head directly to our Open Collective to start your recurring contribution!

  Every recurring contribution helps!

  Flagship 3.0 features

  1. Eleventy is now written in ESM with full support for ESM in your projects (#836): configuration, data files, 11ty.js templates, etc. For many projects this won’t be a breaking change and we’ll continue to support CommonJS too. You can read more about what ECMAScript Modules (ESM) means for Eleventy projects on the 11ty Blog.
  // ESM
  export default function(eleventyConfig) {}

  // We’ll keep supporting CommonJS:
  module.exports = function(eleventyConfig) {}

  2. Supporting more package managers and runtimes: Deno, pnpm, yarn (more to come!)
  3. Asynchronous configuration #614
  // ESM
  export default async function(eleventyConfig) {}

  // CommonJS
  module.exports = async function(eleventyConfig) {}

  4. For-free performance improvement to built-in slugify, inputPathToUrl universal filters (via memoization) #840
  5. Named config export improves consistency for plugins #3246 and set*Directory configuration API methods #1503
  export default function(eleventyConfig) {
  eleventyConfig.setInputDirectory(".");
  eleventyConfig.setOutputDirectory("_site");
  };

  export const config = {
  dir: {
  input: ".",
  output: "_site"
  },
  };

  6. Virtual Templates, configuration API to add content (great for plugins, used by the new RSS plugin!) #1612

  export default function(eleventyConfig) {
    eleventyConfig.addTemplate("robots.njk", "User-agent: *\nAllow: /", {
      permalink: "/robots.txt",
    });
  };

  7. IdAttribute plugin adds id attributes to headings for on-page anchor links (supports all template-languages) #3363

  <h1>Welcome to my web site</h1> becomes <h1 id="welcome-to-my-web-site">Welcome to my web site</h1>

  8. Plain-text Bundler included (via eleventy-plugin-bundle)

  export default function(eleventyConfig) {
    eleventyConfig.addBundle("css"); // Adds {% css %} paired shortcode to create per-page CSS bundles
  };

  9. InputPath to URL plugin lets you link directly to an input file path (and we’ll output the right URL)

  <a href="my-template.md">Home</a> becomes <a href="/my-template/">Home</a>

  10. Use arbitrary JavaScript with the js Front Matter #2819

  ---js
  const hello = "hi";
  ---
  {{ hello }}

  11. page.rawInput unlocks access to raw template content #1206
  12. addPreprocessor configuration API to modify raw content before rendering works for file ignores and drafts

[github-actions]

Hi everyone, it looks like we lost track of this pull request. Please review and see what the next steps are. This pull request will auto-close in 7 days without an update.

[github-actions]

This pull request was auto-closed due to inactivity. While we wish we could keep working on every request, we unfortunately don't have the bandwidth to continue here and need to focus on other things. You can resubmit this pull request if you would like to continue working on it.

[socket-security]

New, updated, and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package	New capabilities	Transitives	Size	Publisher
npm/@11ty/eleventy@3.0.0 🔁 npm/@11ty/eleventy@2.0.1	Transitive: eval, network, shell	+97	12.9 MB	zachleat
npm/npm-run-all2@5.0.2	environment Transitive: filesystem	+15	359 kB	bret
npm/postcss-cli@10.1.0	environment, filesystem Transitive: unsafe	+40	2.38 MB	ryanzim
npm/postcss-html@1.8.0	unsafe Transitive: environment, filesystem, network	+10	862 kB	ota-meshi
npm/prismjs@1.29.0	None	0	2.05 MB	rundevelopment

🚮 Removed packages: npm/@arethetypeswrong/cli@0.17.3, npm/@eslint-community/eslint-plugin-eslint-comments@4.4.1, npm/eslint-plugin-jsdoc@48.11.0, npm/eslint-plugin-n@17.15.1, npm/eslint-plugin-unicorn@52.0.0, npm/typescript@5.7.3

View full report↗︎

[socket-security]

🚨 Potential security issues detected. Learn more about Socket for GitHub ↗︎

To accept the risk, merge this PR and you will not be notified again.

Alert	Package	Note	Source	CI
Unstable ownership	npm/parse5-htmlparser2-tree-adapter@7.1.0	Author: 43081j	docs/package.json	⚠︎

View full report↗︎

Next steps

What is unstable ownership?

A new collaborator has begun publishing package versions. Package stability and security risk may be elevated.

Try to reduce the number of authors you depend on to reduce the risk to malicious actors gaining access to your supply chain. Packages should remove inactive collaborators with publishing rights from packages on npm.

Take a deeper look at the dependency

Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support [AT] socket [DOT] dev.

Remove the package

If you happen to install a dependency that Socket reports as Known Malware you should immediately remove it and select a different dependency. For other alert types, you may may wish to investigate alternative packages or consider if there are other ways to mitigate the specific risk posed by the dependency.

Mark a package as acceptable risk

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of ecosystem/package-name@version specifiers. e.g. @SocketSecurity ignore npm/foo@1.0.0 or ignore all packages with @SocketSecurity ignore-all

• @SocketSecurity ignore npm/parse5-htmlparser2-tree-adapter@7.1.0