[Snyk] Upgrade: , , , cspell, gulp, hugo-extended, markdownlint, postcss-cli, textlint, textlint-rule-terminology

[WontonSam]

Snyk has created this PR to upgrade multiple dependencies.

👯 The following dependencies are linked and will therefore be updated together.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

⚠️ Warning: This PR contains major version upgrade(s), and may be a breaking change.

Name	Versions	Released on

@opentelemetry/auto-instrumentations-web
from 0.33.2 to 0.40.0 | 7 versions ahead of your current version | 3 months ago
on 2024-06-06
@opentelemetry/exporter-trace-otlp-http
from 0.41.2 to 0.52.1 | 15 versions ahead of your current version | 3 months ago
on 2024-06-20
@opentelemetry/instrumentation
from 0.41.2 to 0.52.1 | 15 versions ahead of your current version | 3 months ago
on 2024-06-20
cspell
from 6.31.3 to 8.14.2 | 65 versions ahead of your current version
⚠️ This is a major version upgrade, and may be a breaking change | a month ago
on 2024-08-20
gulp
from 4.0.2 to 5.0.0 | 1 version ahead of your current version
⚠️ This is a major version upgrade, and may be a breaking change | 6 months ago
on 2024-03-29
hugo-extended
from 0.115.4 to 0.133.0 | 49 versions ahead of your current version | a month ago
on 2024-08-20
markdownlint
from 0.29.0 to 0.34.0 | 7 versions ahead of your current version | 6 months ago
on 2024-03-21
postcss-cli
from 10.1.0 to 11.0.0 | 1 version ahead of your current version
⚠️ This is a major version upgrade, and may be a breaking change | 9 months ago
on 2023-12-05
textlint
from 13.4.1 to 14.2.0 | 9 versions ahead of your current version
⚠️ This is a major version upgrade, and may be a breaking change | a month ago
on 2024-08-18
textlint-rule-terminology
from 3.0.5 to 5.2.6 | 42 versions ahead of your current version
⚠️ This is a major version upgrade, and may be a breaking change | 2 months ago
on 2024-08-02

Issues fixed by the recommended upgrade:

	Issue	Score	Exploit Maturity
	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	159	Proof of Concept
	Uncontrolled resource consumption SNYK-JS-BRACES-6838727	159	Proof of Concept
	Infinite loop SNYK-JS-MARKDOWNIT-6483324	159	Proof of Concept
	Inefficient Regular Expression Complexity SNYK-JS-MICROMATCH-6838728	159	No Known Exploit
	Prototype Pollution SNYK-JS-UNSETVALUE-2400660	159	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-GLOBPARENT-1016905	159	Proof of Concept

Release notes

Package name: @opentelemetry/auto-instrumentations-web

• 0.40.0 - 2024-06-06
  

  0.40.0 (2024-09-02)

  Features

  • update deps matching "@ opentelemetry/" (9fa058e)

  Dependencies

  • The following workspace dependencies were updated
    • devDependencies
      • @ opentelemetry/winston-transport bumped from ^0.5.0 to ^0.6.0
• 0.39.0 - 2024-04-25
• 0.38.0 - 2024-04-03
• 0.37.0 - 2024-03-06
• 0.36.0 - 2024-01-29
• 0.35.0 - 2024-01-04
• 0.34.0 - 2023-11-13
• 0.33.2 - 2023-10-11

from @opentelemetry/auto-instrumentations-web GitHub release notes

Package name: @opentelemetry/exporter-trace-otlp-http

• 0.52.1 - 2024-06-20
  

  0.52.1

  🚀 (Enhancement)

  • refactor(instrumentation-fetch): move fetch to use SEMATRR #4632
  • refactor(otlp-transformer): use explicit exports #4785 @ pichlermarc

  🐛 (Bug Fix)

  • fix(sdk-node): register context manager if no tracer options are provided #4781 @ pichlermarc
  • fix(instrumentation): Update import-in-the-middle to fix numerous bugs #4806 @ timfish
  • chore(instrumentation): Use a caret version for import-in-the-middle dependency #4810 @ timfish

  🏠 (Internal)

  • test: add npm run maint:regenerate-test-certs maintenance script and regenerate recently expired test certs #4777
• 0.52.0 - 2024-06-05
  

  0.52.0

  💥 Breaking Change

  • feat(exporter--otlp-)!: move serialization for Node.js exporters to @ opentelemetry/otlp-transformer #4542 @ pichlermarc
    • Breaking changes:
      • (user-facing) convert() now returns an empty object and will be removed in a follow-up
      • (internal) OTLPExporterNodeBase now has additional constructor parameters that are required
      • (internal) OTLPExporterNodeBase now has an additional ResponseType type parameter
  • feat(exporter--otlp-)!: move serialization for Node.js exporters to @ opentelemetry/otlp-transformer #4581 @ pichlermarc
    • Breaking changes:
      • (user-facing) convert() has been removed from all exporters
      • (internal) OTLPExporterBrowserBase: RequestType has been replaced by a ResponseType type-argument
      • (internal) OTLPExporterNodeBase: ServiceRequest has been replaced by a ServiceResponse type-argument
      • (internal) the @ opentelemetry/otlp-exporter-proto-base package has been removed, and will from now on be deprecated in npm
  • feat(instrumentation): remove default value for config in base instrumentation constructor #4695: @ blumamir
  • fix(instrumentation)!: remove unused supportedVersions from Instrumentation interface #4694 @ blumamir
  • feat(instrumentation)!: simplify registerInstrumentations() API
    • Breaking changes:
      • removes InstrumentationOptions type
      • occurrences of InstrumentationOptions are now replaced by (Instrumentation | Instrumentation[])[]
        • migrate usages of registerInstrumentations({instrumentations: fooInstrumentation}) to registerInstrumentations({instrumentations: [fooInstrumentation]})
        • passing Instrumentation classes to registerInstrumentations() is now not possible anymore.
  • feat(sdk-node)!: simplify type of instrumentations option
    • Breaking changes:
      • replaces InstrumentationOptions with (Instrumentation | Instrumentation[])[]

  🚀 (Enhancement)

  • feat(instrumentation): apply unwrap before wrap in base class #4692
  • feat(instrumentation): add util to execute span customization hook in base class #4663 @ blumamir
  • feat(instrumentation): generic config type in instrumentation base #4659 @ blumamir
  • feat: support node 22 #4666 @ dyladan
  • feat(propagator-aws-xray-lambda): add AWS Xray Lambda propagator 4554
  • refactor(instrumentation-xml-http-request): use exported strings for semantic attributes. #4681

  🐛 (Bug Fix)

  • fix(instrumentation): Update import-in-the-middle to fix numerous bugs #4745 @ timfish

  📚 (Refine Doc)

  • docs(instrumentation): better docs for supportedVersions option #4693 @ blumamir
  • docs: align all supported versions to a common format #4696 @ blumamir
  • refactor(examples): use new exported string constants for semconv in experimental/examples/opencensus-shim #4763 @ Zen-cronic
• 0.51.1 - 2024-05-07
• 0.51.0 - 2024-04-24
• 0.50.0 - 2024-04-03
• 0.49.1 - 2024-02-29
• 0.49.0 - 2024-02-29
• 0.48.0 - 2024-01-26
• 0.47.0 - 2024-01-15
• 0.46.0 - 2023-12-14
• 0.45.1 - 2023-11-08
• 0.45.0 - 2023-11-07
• 0.44.0 - 2023-10-10
• 0.43.0 - 2023-09-12
• 0.42.0 - 2023-09-11
• 0.41.2 - 2023-08-08

from @opentelemetry/exporter-trace-otlp-http GitHub release notes

Package name: @opentelemetry/instrumentation

• 0.52.1 - 2024-06-20
  

  0.52.1

  🚀 (Enhancement)

  • refactor(instrumentation-fetch): move fetch to use SEMATRR #4632
  • refactor(otlp-transformer): use explicit exports #4785 @ pichlermarc

  🐛 (Bug Fix)

  • fix(sdk-node): register context manager if no tracer options are provided #4781 @ pichlermarc
  • fix(instrumentation): Update import-in-the-middle to fix numerous bugs #4806 @ timfish
  • chore(instrumentation): Use a caret version for import-in-the-middle dependency #4810 @ timfish

  🏠 (Internal)

  • test: add npm run maint:regenerate-test-certs maintenance script and regenerate recently expired test certs #4777
• 0.52.0 - 2024-06-05
  

  0.52.0

  💥 Breaking Change

  • feat(exporter--otlp-)!: move serialization for Node.js exporters to @ opentelemetry/otlp-transformer #4542 @ pichlermarc
    • Breaking changes:
      • (user-facing) convert() now returns an empty object and will be removed in a follow-up
      • (internal) OTLPExporterNodeBase now has additional constructor parameters that are required
      • (internal) OTLPExporterNodeBase now has an additional ResponseType type parameter
  • feat(exporter--otlp-)!: move serialization for Node.js exporters to @ opentelemetry/otlp-transformer #4581 @ pichlermarc
    • Breaking changes:
      • (user-facing) convert() has been removed from all exporters
      • (internal) OTLPExporterBrowserBase: RequestType has been replaced by a ResponseType type-argument
      • (internal) OTLPExporterNodeBase: ServiceRequest has been replaced by a ServiceResponse type-argument
      • (internal) the @ opentelemetry/otlp-exporter-proto-base package has been removed, and will from now on be deprecated in npm
  • feat(instrumentation): remove default value for config in base instrumentation constructor #4695: @ blumamir
  • fix(instrumentation)!: remove unused supportedVersions from Instrumentation interface #4694 @ blumamir
  • feat(instrumentation)!: simplify registerInstrumentations() API
    • Breaking changes:
      • removes InstrumentationOptions type
      • occurrences of InstrumentationOptions are now replaced by (Instrumentation | Instrumentation[])[]
        • migrate usages of registerInstrumentations({instrumentations: fooInstrumentation}) to registerInstrumentations({instrumentations: [fooInstrumentation]})
        • passing Instrumentation classes to registerInstrumentations() is now not possible anymore.
  • feat(sdk-node)!: simplify type of instrumentations option
    • Breaking changes:
      • replaces InstrumentationOptions with (Instrumentation | Instrumentation[])[]

  🚀 (Enhancement)

  • feat(instrumentation): apply unwrap before wrap in base class #4692
  • feat(instrumentation): add util to execute span customization hook in base class #4663 @ blumamir
  • feat(instrumentation): generic config type in instrumentation base #4659 @ blumamir
  • feat: support node 22 #4666 @ dyladan
  • feat(propagator-aws-xray-lambda): add AWS Xray Lambda propagator 4554
  • refactor(instrumentation-xml-http-request): use exported strings for semantic attributes. #4681

  🐛 (Bug Fix)

  • fix(instrumentation): Update import-in-the-middle to fix numerous bugs #4745 @ timfish

  📚 (Refine Doc)

  • docs(instrumentation): better docs for supportedVersions option #4693 @ blumamir
  • docs: align all supported versions to a common format #4696 @ blumamir
  • refactor(examples): use new exported string constants for semconv in experimental/examples/opencensus-shim #4763 @ Zen-cronic
• 0.51.1 - 2024-05-07
• 0.51.0 - 2024-04-24
• 0.50.0 - 2024-04-03
• 0.49.1 - 2024-02-29
• 0.49.0 - 2024-02-29
• 0.48.0 - 2024-01-26
• 0.47.0 - 2024-01-15
• 0.46.0 - 2023-12-14
• 0.45.1 - 2023-11-08
• 0.45.0 - 2023-11-07
• 0.44.0 - 2023-10-10
• 0.43.0 - 2023-09-12
• 0.42.0 - 2023-09-11
• 0.41.2 - 2023-08-08

from @opentelemetry/instrumentation GitHub release notes

Package name: cspell

• 8.14.2 - 2024-08-20
  

  Changes

  Fixes

  fix: Remove timeout in ESLint plugin (#6124)

  fix: Remove timeout in ESLint plugin (#6124)

  fixes #5825

  ---

• 8.14.1 - 2024-08-17
  

  Changes

  • Republish
• 8.13.3 - 2024-08-12
  

  Changes

  Fixes

  fix: Try non-English suffix endings on word breaks (#6066)

  fix: Try non-English suffix endings on word breaks (#6066)

  Related to #6065.

  When breaking a camel case word into its parts there are two word break patterns:

  • regExpCamelCaseWordBreaks
  • regExpCamelCaseWordBreaksWithEnglishSuffix is the default pattern.
    It is the same as regExpCamelCaseWordBreaks, but will not split ALL CAPS words with English suffixes.

  Using just regExpCamelCaseWordBreaks misses unknown 4-letter words.
  The code below was tried, but it missed flagging words like LSTMs:

  • LSTM was caught.
  • LSTMs was missed because it becomes LST and Ms.

  const results = _checkCamelCaseWord(vr, regExpCamelCaseWordBreaks);
  if (!results.length) return results;
  const resultsEnglishBreaks = _checkCamelCaseWord(vr, regExpCamelCaseWordBreaksWithEnglishSuffix);
  return results.length < resultsEnglishBreaks.length ? results : resultsEnglishBreaks;

  • Make sure the API doesn't change when adding functions to text.ts.
  • Fix possible accent issue with wordSplitter (note, not an issue with Normalized strings).

  ---

  Dictionary Updates

  fix: Workflow Bot -- Update Dictionaries (main) (#6070)

  fix: Workflow Bot -- Update Dictionaries (main) (#6070)

  Update Dictionaries (main)

  Summary

   packages/cspell-bundled-dicts/package.json |  2 +-
   pnpm-lock.yaml                             | 10 +++++-----
   2 files changed, 6 insertions(+), 6 deletions(-)
  

  ---

  Documentation

  docs: fix grammar issue. (#6064)

  docs: fix grammar issue. (#6064)

  fixes #6059

  ---

• 8.13.2 - 2024-08-08
  

  Changes

  Fixes

  fix: Stop duplicate issue output. (#6058)

  fix: Stop duplicate issue output. (#6058)

  Kind of reverts #4495

  Since the output no longer lists each file, repeating the issues at the end is redundant.

  8.11.0
  

  8.13.0
  

  After this change.
  

  ---

  fix: make sure reported issues are consistent. (#6032)

  fix: make sure reported issues are consistent. (#6032)

  ---

  Dictionary Updates

  fix: Workflow Bot -- Update Dictionaries (main) (#6050)

  fix: Workflow Bot -- Update Dictionaries (main) (#6050)

  Update Dictionaries (main)

  Summary

   packages/cspell-bundled-dicts/package.json |  6 +++---
   pnpm-lock.yaml                             | 31 ++++++++++++++++++------------
   2 files changed, 22 insertions(+), 15 deletions(-)
  

  ---

  fix: Workflow Bot -- Update Dictionaries (main) (#6037)

  fix: Workflow Bot -- Update Dictionaries (main) (#6037)

  Update Dictionaries (main)

  Summary

   .../Azure/azure-rest-api-specs/report.yaml         |    2 +-
   .../googleapis/google-cloud-cpp/report.yaml        |    5 +-
   .../googleapis/google-cloud-cpp/snapshot.txt       |    3 +-
   .../snapshots/ktaranov/sqlserver-kit/report.yaml   | 3590 ++----------
   .../snapshots/ktaranov/sqlserver-kit/snapshot.txt  | 5849 ++++++--------------
   .../microsoft/TypeScript-Website/report.yaml       |    2 +-
   .../snapshots/vitest-dev/vitest/report.yaml        |    2 +-
   packages/cspell-bundled-dicts/package.json         |    6 +-
   pnpm-lock.yaml                                     |   30 +-
   9 files changed, 1983 insertions(+), 7506 deletions(-)
  

  ---

  Documentation

  docs: fix website build (#6055)

  docs: fix website build (#6055)

  ---

• 8.13.1 - 2024-08-02
  

  Fixes

  fix: Use the resolved root when setting Glob Root (#6027)

  fix: Use the resolved root when setting Glob Root (#6027)

  fixes #6025

  ---

  fix: Perf improve check text speed (#6024)

  fix: Perf improve check text speed (#6024)

  ---

  fix: Improve perf of camel case word splitter. (#6019)

  fix: Improve perf of camel case word splitter. (#6019)

  ---

  perf: Reduce the use of Generators in critical sections. (#6015)

  perf: Reduce the use of Generators in critical sections. (#6015)

  ---

• 8.13.0 - 2024-07-30
  

  Features

  Speed Improvement

  On average, 8.13.0 is 1.5x - 2x faster than 8.12

  Spell check the CSpell Repo: 1467 files.

  Version	Time
  8.13.0	9.8s
  8.12.1	18.0s
  8.11.0	18.2s
  8.10.4	19.0s

  feat: Improve the speed of checking text. (#6004)

  feat: Improve the speed of checking text. (#6004)

  After doing a bit of perf testing, it became clear that some of the Pipe function took up a decent percent of the time.

  Converting Generators to Iterables resulting in a significant speed improvement.

  ---

  Fixes

  refactor: Use text.matchAll instead of sequenceFromRegExpMatch (#5994)

  refactor: Use text.matchAll instead of sequenceFromRegExpMatch (#5994)

  ---

  fix: trie lookup performance (#5985)

  fix: trie lookup performance (#5985)

  This is currently a place holder for per work.

  Initial Perf:

  File: src/perf/has.perf.ts
  Running Perf Suite: trie has
  ✔ trie has words             7.31 ops/sec      4 iterations  546.87ms time
  ✔ fastTrieBlob has words    14.43 ops/sec      8 iterations  554.57ms time
  ✔ trieBlob has words        19.27 ops/sec     10 iterations  518.86ms time
  ✔ iTrieFast has words       12.64 ops/sec      7 iterations  553.83ms time
  ✔ iTrieBlob has words       16.79 ops/sec      9 iterations  536.03ms time
  done.
  File: src/perf/has.perf.ts
  Running Perf Suite: dictionary has
  ✔ dictionary has 100k words               24.43 ops/sec     13 iterations  532.14ms time
  ✔ dictionary has 100k words (2nd time)    24.68 ops/sec     13 iterations  526.69ms time
  ✔ collection has 100k words               13.44 ops/sec      7 iterations  520.71ms time
  ✔ iTrie has 100k words                    32.54 ops/sec     17 iterations  522.51ms time
  ✔ iTrie.hasWord has 100k words            33.18 ops/sec     17 iterations  512.32ms time
  ✔ iTrie.data has 100k words               37.27 ops/sec     19 iterations  509.79ms time
  Running Perf Suite: dictionary has Not
  ✔ dictionary has not 100k words                6.65 ops/sec      4 iterations  601.33ms time
  ✔ dictionary has not 100k words (2nd time)     6.36 ops/sec      4 iterations  628.84ms time
  ✔ collection has not 100k words                2.57 ops/sec      2 iterations  776.87ms time
  ✔ iTrie has not 100k words                    29.93 ops/sec     15 iterations  501.20ms time
  ✔ iTrie.hasWord has not 100k words            27.78 ops/sec     14 iterations  503.89ms time
  ✔ iTrie.data has not 100k words               33.93 ops/sec     17 iterations  500.99ms time
  done.
  

  result:

[google-cla]

Thanks for your pull request! It looks like this may be your first contribution to a Google open source project. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA).

View this failed invocation of the CLA check for more information.

For the most up to date status, view the checks section at the bottom of the pull request.