[Snyk] Upgrade: cz-customizable, eslint-plugin-import, typedoc, typescript, typescript-eslint-parser

[satoshinakamoto007]

Snyk has created this PR to upgrade multiple dependencies.

👯 The following dependencies are linked and will therefore be updated together.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

Name	Versions	Released on

cz-customizable
from 5.2.0 to 5.10.0 | 11 versions ahead of your current version | 5 years ago
on 2019-04-05
eslint-plugin-import
from 2.12.0 to 2.29.1 | 45 versions ahead of your current version | 9 months ago
on 2023-12-14
typedoc
from 0.15.0 to 0.26.6 | 242 versions ahead of your current version | 22 days ago
on 2024-08-18
typescript
from 4.0.2 to 4.9.5 | 824 versions ahead of your current version | 2 years ago
on 2023-01-30
typescript-eslint-parser
from 15.0.0 to 15.0.1 | 1 version ahead of your current version | 6 years ago
on 2018-06-04

Issues fixed by the recommended upgrade:

	Issue	Score	Exploit Maturity
	Arbitrary File Overwrite SNYK-JS-TAR-1536528	479	No Known Exploit
	Arbitrary File Overwrite SNYK-JS-TAR-1536531	479	No Known Exploit
	Prototype Pollution SNYK-JS-JSONSCHEMA-1920922	479	No Known Exploit
	Code Injection SNYK-JS-LODASH-1040724	479	Proof of Concept
	Prototype Pollution SNYK-JS-INI-1048974	479	Proof of Concept
	Prototype Pollution SNYK-JS-Y18N-1021887	479	Proof of Concept
	Prototype Poisoning SNYK-JS-QS-3153490	479	Proof of Concept
	Improper Privilege Management SNYK-JS-SHELLJS-2332187	479	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-SSRI-1246392	479	Proof of Concept
	Arbitrary File Write SNYK-JS-TAR-1579147	479	No Known Exploit
	Arbitrary File Write SNYK-JS-TAR-1579152	479	No Known Exploit
	Arbitrary File Write SNYK-JS-TAR-1579155	479	No Known Exploit
	Denial of Service (DoS) SNYK-JS-DECODEURICOMPONENT-3149970	479	Proof of Concept
	Remote Code Execution (RCE) SNYK-JS-HANDLEBARS-1056767	479	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-3050818	479	No Known Exploit
	Information Exposure SNYK-JS-NODEFETCH-2342118	479	No Known Exploit
	Denial of Service SNYK-JS-NODEFETCH-674311	479	No Known Exploit
	Prototype Pollution SNYK-JS-HANDLEBARS-1279029	479	Proof of Concept
	Prototype Pollution SNYK-JS-HIGHLIGHTJS-1045326	479	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-HIGHLIGHTJS-1048676	479	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-HOSTEDGITINFO-1088355	479	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-HOSTEDGITINFO-1088355	479	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-PATHPARSE-1077067	479	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-TRIMOFFNEWLINES-1296850	479	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-UGLIFYJS-1727251	479	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	479	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-MARKED-2342073	479	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-MARKED-2342082	479	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-MARKED-584281	479	No Known Exploit
	Arbitrary Code Injection SNYK-JS-UNDERSCORE-1080984	479	Proof of Concept
	Cross-site Scripting (XSS) SNYK-JS-PARSEURL-2935944	479	Proof of Concept
	Information Exposure SNYK-JS-PARSEURL-2935947	479	Proof of Concept
	Cross-site Scripting (XSS) SNYK-JS-PARSEURL-2942134	479	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-PATHPARSE-1077067	479	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-CONVENTIONALCOMMITSPARSER-1766960	479	No Known Exploit
	Prototype Pollution SNYK-JS-MINIMIST-2429795	479	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-WORDWRAP-3149973	479	Proof of Concept
	Regular Expression Denial of Service (ReDoS) npm:debug:20170905	479	Proof of Concept
	Regular Expression Denial of Service (ReDoS) npm:debug:20170905	479	Proof of Concept
	Server-side Request Forgery (SSRF) SNYK-JS-PARSEURL-2936249	479	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-TAR-1536758	479	No Known Exploit

Release notes

Package name: cz-customizable

• 5.10.0 - 2019-04-05
  

  5.10.0 (2019-04-05)

  Features

  • add configuration option upperCaseSubject (#83) (0ac2aa8), closes #82
• 5.9.0 - 2019-04-05
  

  5.9.0 (2019-04-05)

  Features

  • add option for breakline in footer and body (#80) (61c1869), closes #29
• 5.8.0 - 2019-04-04
  

  5.8.0 (2019-04-04)

  Features

  • add possibility to set empty footerPrefix (#74) (b46ec36), closes #73
• 5.7.0 - 2019-04-04
  

  5.7.0 (2019-04-04)

  Features

  • add options subjectSeparator typePrefix and typeSuffix (#77) (3a4b4d0)
• 5.6.0 - 2019-04-04
  

  5.6.0 (2019-04-04)

  Features

  • make entry point executable (#76) (48dc07d)
• 5.5.3 - 2019-03-14
  

  5.5.3 (2019-03-14)

  Bug Fixes

  • TICKET-69 remove winston log overkill (#70) (f7e1ddd)
• 5.5.2 - 2019-03-14
  

  5.5.2 (2019-03-14)

  Bug Fixes

  • remove double escaping for backticks (#68) (7aef66f), closes #67
• 5.5.1 - 2019-03-13
  

  5.5.1 (2019-03-13)

  Bug Fixes

  • update critical dependencies (#66) (a73e0d9)
• 5.5.0 - 2019-03-13
  

  5.5.0 (2019-03-13)

  Features

  • add ticket-number question (#51) (a935f67), closes #50
• 5.4.0 - 2019-03-08
  

  5.4.0 (2019-03-08)

  Features

  • add option to skip any questions (#65) (4b569b8)
• 5.3.0 - 2018-11-15
• 5.2.0 - 2017-08-15

from cz-customizable GitHub release notes

Package name: eslint-plugin-import

• 2.29.1 - 2023-12-14
  

  Full Changelog: v2.29.0...v2.29.1

• 2.29.0 - 2023-10-23
  

  Full Changelog: v2.28.1...v2.29.0

• 2.28.1 - 2023-08-18
  

  Full Changelog: v2.28.0...v2.28.1

• 2.28.0 - 2023-07-28
• 2.27.5 - 2023-01-16
• 2.27.4 - 2023-01-12
• 2.27.3 - 2023-01-12
• 2.27.2 - 2023-01-12
• 2.27.1 - 2023-01-12
• 2.27.0 - 2023-01-11
• 2.26.0 - 2022-04-05
• 2.25.4 - 2022-01-02
• 2.25.3 - 2021-11-10
• 2.25.2 - 2021-10-12
• 2.25.1 - 2021-10-12
• 2.25.0 - 2021-10-12
• 2.24.2 - 2021-08-24
• 2.24.1 - 2021-08-19
• 2.24.0 - 2021-08-08
• 2.23.4 - 2021-05-29
• 2.23.3 - 2021-05-21
• 2.23.2 - 2021-05-15
• 2.23.1 - 2021-05-15
• 2.23.0 - 2021-05-14
• 2.22.1 - 2020-09-27
• 2.22.0 - 2020-06-27
• 2.21.2 - 2020-06-10
• 2.21.1 - 2020-06-08
• 2.21.0 - 2020-06-08
• 2.20.2 - 2020-03-29
• 2.20.1 - 2020-02-02
• 2.20.0 - 2020-01-11
• 2.19.1 - 2019-12-09
• 2.19.0 - 2019-12-09
• 2.18.2 - 2019-07-19
• 2.18.1 - 2019-07-19
• 2.18.0 - 2019-06-24
• 2.17.3 - 2019-05-24
• 2.17.2 - 2019-04-16
• 2.17.1 - 2019-04-13
• 2.17.0 - 2019-04-13
• 2.16.0 - 2019-01-29
• 2.15.0 - 2019-01-22
• 2.14.0 - 2018-08-13
• 2.13.0 - 2018-06-24
• 2.12.0 - 2018-05-17

from eslint-plugin-import GitHub release notes

Package name: typedoc

• 0.26.6 - 2024-08-18
  

  Features

  • Use of the @ extends block tag no longer produces warnings, #2659.
    This tag should only be used in JavaScript projects to specify the type parameters used when extending a parent class. It will not be rendered.
  • Added new navigation.compactFolders option to prevent TypeDoc from compacting folders, similar to the VSCode option. #2667.

  Bug Fixes

  • The suppressCommentWarningsInDeclarationFiles option now correctly ignores warnings in .d.cts and .d.mts files, #2647.
  • Restored re-exports in the page navigation menu, #2671.
  • JSON serialized projects will no longer contain reflection IDs for other projects created in the same run. Gerrit0/typedoc-plugin-zod#6.
  • In packages mode the reflection ID counter will no longer be reset when converting projects. This previously could result in links to files not working as expected.
• 0.26.5 - 2024-07-21
  

  Features

  • TypeDoc now exposes array option defaults under OptionDefaults, #2640.

  Bug Fixes

  • Constructor parameters which share a name with a property on a parent class will no longer inherit the comment on the parent class, #2636.
  • Packages mode will now attempt to use the comment declared in the comment class for inherited members, #2622.
  • TypeDoc no longer crashes when @ document includes an empty file, #2638.
  • API: Event listeners added later with the same priority will be called later, #2643.

  Thanks!

  • @ bladerunner2020
• 0.26.4 - 2024-07-10
  

  Bug Fixes

  • The page navigation sidebar no longer incorrectly includes re-exports if the same member is exported with multiple names #2625.
  • Page navigation now ensures the current page is visible when the page is first loaded, #2626.
  • If a relative linked image is referenced multiple times, TypeDoc will no longer sometimes produce invalid links to the image #2627.
  • @ link tags will now be validated in referenced markdown documents, #2629.
  • @ link tags are now resolved in project documents, #2629.
  • HTML/JSON output generated by TypeDoc now contains a trailing newline, #2632.
  • TypeDoc now correctly handles markdown documents with CRLF line endings, #2628.
  • @ hidden is now properly applied when placed in a function implementation comment, #2634.
  • Comments on re-exports are now rendered.

  Thanks!

  • @ bukowa
  • @ garrett-hopper
• 0.26.3 - 2024-06-28
  

  Features

  • "On This Page" navigation now includes the page groups in collapsible sections, #2616.

  Bug Fixes

  • mailto: links are no longer incorrectly recognized as relative paths, #2613.
  • Added @ since to the default list of recognized tags, #2614.
  • Relative paths to directories will no longer cause the directory to be copied into the media directory, #2617.
• 0.26.2 - 2024-06-24
  

  Features

  • Added a --suppressCommentWarningsInDeclarationFiles option to disable warnings from
    parsing comments in declaration files, #2611.
  • Improved comment discovery to more closely match TypeScript's discovery when getting comments
    for members of interfaces/classes, #2084, #2545.

  Bug Fixes

  • The text non-highlighted language no longer causes warnings when rendering, #2610.
  • If a comment on a method is inherited from a parent class, and the child class does not
    use an @ param tag from the parent, TypeDoc will no longer warn about the @ param tag.
• 0.26.1 - 2024-06-22
  

  Features

  • Improved Korean translation coverage, #2602.

  Bug Fixes

  • Added @ author to the default list of recognized tags, #2603.
  • Anchor links are no longer incorrectly checked for relative paths, #2604.
  • Fixed an issue where line numbers reported in error messages could be incorrect, #2605.
  • Fixed relative link detection for markdown links containing code in their label, #2606.
  • Fixed an issue with packages mode where TypeDoc would use (much) more memory than required, #2607.
  • TypeDoc will no longer crash when asked to render highlighted code for an unsupported language, #2609.
  • Fixed an issue where relatively-linked files would not be copied to the output directory in packages mode.
  • Fixed an issue where modifier tags were not applied to top level modules in packages mode.
  • Fixed an issue where excluded tags were not removed from top level modules in packages mode.
  • .jsonc configuration files are now properly read as JSONC, rather than being passed to require.

  Thanks!

  • @ KNU-K
• 0.26.0 - 2024-06-22
  

  Breaking Changes

  • Drop support for Node 16.
  • Moved from marked to markdown-it for parsing as marked has moved to an async model which supporting would significantly complicate TypeDoc's rendering code.
    This means that any projects setting markedOptions needs to be updated to use markdownItOptions.
    Unlike marked@4, markdown-it pushes lots of functionality to plugins. To use plugins, a JavaScript config file must be used with the markdownItLoader option.
  • Updated Shiki from 0.14 to 1.x. This should mostly be a transparent update which adds another 23 supported languages and 13 supported themes.
    As Shiki adds additional languages, the time it takes to load the highlighter increases linearly. To avoid rendering taking longer than necessary,
    TypeDoc now only loads a few common languages. Additional languages can be loaded by setting the --highlightLanguages option.
  • Changed default of --excludePrivate to true.
  • Renamed --sitemapBaseUrl to --hostedBaseUrl to reflect that it can be used for more than just the sitemap.
  • Removed deprecated navigation.fullTree option.
  • Removed --media option, TypeDoc will now detect image links within your comments and markdown documents and automatically copy them to the site.
  • Removed --includes option, use the @ document tag instead.
  • Removed --stripYamlFrontmatter option, TypeDoc will always do this now.
  • Renamed the --htmlLang option to --lang.
  • Removed the --gaId option for Google Analytics integration and corresponding analytics theme member, #2600.
  • All function-likes may now have comments directly attached to them. This is a change from previous versions of TypeDoc where functions comments
    were always moved down to the signature level. This mostly worked, but caused problems with type aliases, so was partially changed in 0.25.13.
    This change was extended to apply not only to type aliases, but also other function-likes declared with variables and callable properties.
    As a part of this change, comments on the implementation signature of overloaded functions will now be added to the function reflection, and will
    not be inherited by signatures of that function, #2521.
  • API: TypeDoc now uses a typed event emitter to provide improved type safety, this found a bug where Converter.EVENT_CREATE_DECLARATION
    was emitted for ProjectReflection in some circumstances.
  • API: MapOptionDeclaration.mapError has been removed.
  • API: Deprecated BindOption decorator has been removed.
  • API: DeclarationReflection.indexSignature has been renamed to DeclarationReflection.indexSignatures.
    Note: This also affects JSON serialization. TypeDoc will support JSON output from 0.25 through at least 0.26.
  • API: JSONOutput.SignatureReflection.typeParameter has been renamed to typeParameters to match the JS API.
  • API: DefaultThemeRenderContext.iconsCache has been removed as it is no longer needed.
  • API: DefaultThemeRenderContext.hook must now be passed context if required by the hook.

  Features

  • Added support for TypeScript 5.5.
  • Added new --projectDocuments option to specify additional Markdown documents to be included in the generated site #247, #1870, #2288, #2565.
  • TypeDoc now has the architecture in place to support localization. No languages besides English
    are currently shipped in the package, but it is now possible to add support for additional languages, #2475.
  • Added support for a packageOptions object which specifies options that should be applied to each entry point when running with --entryPointStrategy packages, #2523.
  • --hostedBaseUrl will now be used to generate a <link rel="canonical"> element in the project root page, #2550.
  • Added support for documenting individual elements of a union type, #2585.
    Note: This feature is only available on type aliases directly containing unions.
  • TypeDoc will now log the number of errors/warnings errors encountered, if any, after a run, #2581.
  • New option, --customFooterHtml to add custom HTML to the generated page footer, #2559.
  • TypeDoc will now copy modifier tags to children if specified in the --cascadedModifierTags option, #2056.
  • TypeDoc will now warn if mutually exclusive modifier tags are specified for a comment (e.g. both @ alpha and @ beta), #2056.
  • Groups and categories can now be collapsed in the page body, #2330.
  • Added support for JSDoc @ hideconstructor tag.
    This tag should only be used to work around TypeScript#58653, prefer the more general @ hidden/@ ignore tag to hide members normally, #2577.
  • Added --useHostedBaseUrlForAbsoluteLinks option to use the --hostedBaseUrl option to produce absolute links to pages on a site, #940.
  • Tag headers now generate permalinks in the default theme, #2308.
  • TypeDoc now attempts to use the "most likely name" for a symbol if the symbol is not present in the documentation, #2574.
  • Fixed an issue where the "On This Page" section would include markdown if the page contained headings which contained markdown.
  • TypeDoc will now warn if a block tag is used which is not defined by the --blockTags option.
  • Added three new sort strategies documents-first, documents-last, and alphabetical-ignoring-documents to order markdown documents.
  • Added new --alwaysCreateEntryPointModule option. When set, TypeDoc will always create a Module for entry points, even if only one is provided.
    If --projectDocuments is used to add documents, this option defaults to true, otherwise, defaults to false.
  • Added new --highlightLanguages option to control what Shiki language packages are loaded.
  • TypeDoc will now render union elements on new lines if there are more than 3 items in the union.
  • TypeDoc will now only render the "Type Declaration" section if it will provide additional information not already presented in the page.
    This results in significantly smaller documentation pages in many cases where that section would just repeat what has already been presented in the rendered type.
  • Added comment.beforeTags and comment.afterTags hooks for plugin use.
    Combined with CommentTag.skipRendering this can be used to provide custom tag handling at render time.

  Bug Fixes

  • TypeDoc now supports objects with multiple index signatures, #2470.
  • Header anchor links in rendered markdown are now more consistent with headers generated by TypeDoc, #2546.
  • Types rendered in the Returns header are now properly colored, #2546.
  • Links added with the navigationLinks option are now moved into the pull out navigation on mobile displays, #2548.
  • @ license and @ import comments will be ignored at the top of files, #2552.
  • Fixed issue in documentation validation where constructor signatures where improperly considered not documented, #2553.
  • Keyboard focus is now visible on dropdowns and checkboxes in the default theme, #2556.
  • The color theme label in the default theme now has an accessible name, #2557.
  • Fixed issue where search results could not be navigated while Windows Narrator was on, #2563.
  • charset is now correctly cased in <meta> tag generated by the default theme, #2568.
  • Fixed very slow conversion on Windows where Msys git was used by typedoc to discover repository links, #2586.
  • Validation will now be run in watch mode, #2584.
  • Fixed an issue where custom themes which added dependencies in the <head> element could result in broken icons, #2589.
  • @ default and @ defaultValue blocks are now recognized as regular blocks if they include inline tags, #2601.
  • Navigation folders sharing a name will no longer be saved with a shared key to localStorage.
  • The --hideParameterTypesInTitle option no longer applies when rendering function types.
  • Broken @ link tags in readme files will now cause a warning when link validation is enabled.
  • Fixed externalSymbolLinkMappings option's support for meanings in declaration references.
  • Buttons to copy code now have the type=button attribute set to avoid being treated as submit buttons.
  • --hostedBaseUrl will now implicitly add a trailing slash to the generated URL.

  Thanks!

  • @ Aryakoste
  • @ bladerunner2020
  • @ Dinnerbone
  • @ HarelM
  • @ kraenhansen
  • @ Nil2000
  • @ steve02081504
  • @ tristanzander

  Unreleased

• 0.26.0-beta.5 - 2024-06-16
• 0.26.0-beta.4 - 2024-06-16
• 0.26.0-beta.3 - 2024-06-09
• 0.26.0-beta.2 - 2024-06-01
• 0.26.0-beta.1 - 2024-05-06
• 0.26.0-beta.0 - 2024-05-04
• 0.25.13 - 2024-04-07
  

  Features

  • Added gitRevision:short placeholder option to --sourceLinkTemplate option,