Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Snyk] Upgrade: , add-to-calendar-button-react, chart.js, dompurify, framer-motion, highlight.js, path-to-regexp, react-day-picker, react-icons, react-router, react-router-dom, react-spinners, styled-components #899

Closed
wants to merge 1 commit into from

Conversation

kabir0x23
Copy link
Member

snyk-top-banner

Snyk has created this PR to upgrade multiple dependencies.

👯 The following dependencies are linked and will therefore be updated together.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

⚠️ Warning: This PR contains major version upgrade(s), and may be a breaking change.

Name Versions Released on

@reduxjs/toolkit
from 2.2.4 to 2.2.7 | 3 versions ahead of your current version | a month ago
on 2024-07-27
add-to-calendar-button-react
from 2.6.14 to 2.6.18 | 4 versions ahead of your current version | 3 months ago
on 2024-06-18
chart.js
from 4.4.2 to 4.4.3 | 1 version ahead of your current version | 4 months ago
on 2024-05-17
dompurify
from 3.1.3 to 3.1.6 | 3 versions ahead of your current version | 2 months ago
on 2024-07-05
framer-motion
from 11.2.10 to 11.3.28 | 63 versions ahead of your current version | 23 days ago
on 2024-08-15
highlight.js
from 11.9.0 to 11.10.0 | 1 version ahead of your current version | 2 months ago
on 2024-07-06
path-to-regexp
from 6.2.2 to 7.1.0 | 2 versions ahead of your current version
⚠️ This is a major version upgrade, and may be a breaking change | 2 months ago
on 2024-07-13
react-day-picker
from 8.10.1 to 9.0.8 | 20 versions ahead of your current version
⚠️ This is a major version upgrade, and may be a breaking change | a month ago
on 2024-08-07
react-icons
from 5.2.1 to 5.3.0 | 1 version ahead of your current version | 25 days ago
on 2024-08-13
react-router
from 6.23.1 to 6.26.1 | 13 versions ahead of your current version | 23 days ago
on 2024-08-15
react-router-dom
from 6.23.1 to 6.26.1 | 13 versions ahead of your current version | 23 days ago
on 2024-08-15
react-spinners
from 0.13.8 to 0.14.1 | 2 versions ahead of your current version | 2 months ago
on 2024-06-26
styled-components
from 6.1.11 to 6.1.12 | 1 version ahead of your current version | 2 months ago
on 2024-07-17

Release notes
Package name: @reduxjs/toolkit
  • 2.2.7 - 2024-07-27

    This bugfix release fixes issues with "TS type portability" errors, improves build artifact tree shaking behavior, and exports some additional TS types.

    Changelog

    TS Type Portability

    We've had a slew of issues reported around "TS type portability" errors, such as:

    The error messages are typically along the lines of:

    Type error: The inferred type of 'configureStore' cannot be named without a reference to '@ reduxjs/toolkit/node_modules/redux'. This is likely not portable. A type annotation is necessary.

    @ aryaemami59 did some deep investigation and concluded these were due to a mixture of using interface instead of type in most places, not pre-bundling our TS typedefs, and not exporting some of the unique symbols we use internally.

    Arya put together a highly detailed writeup and set of fixes in #4467: Fix: TypeScript Type Portability Issues, and that appears to resolve all of those issues we've seen. Thank you!

    Other Changes

    Arya also did significant work to improve RTK's treeshaking, tweaking internal definitions to let bundlers better separate out unused code.

    We've exported additional types like UpdateDefinitions and RetryOptions, per request.

    listenerMiddleware.withTypes() methods now allow passing in an ExtraArgument generic.

    What's Changed

    Full Changelog: v2.2.6...v2.2.7

  • 2.2.6 - 2024-06-29

    This bugfix release:

    • Brings internal useIsomorphicLayoutEffect usage in line with React Redux in React Native environments
    • Exports FetchBaseQueryArgs type
    • Fixes an issue in recent createEntityAdapter sorting perf improvements that could (in specific cases) cause Immer to throw an error

    What's Changed

    Full Changelog: v2.2.5...v2.2.6

  • 2.2.5 - 2024-05-16
  • 2.2.4 - 2024-05-09
from @reduxjs/toolkit GitHub release notes
Package name: add-to-calendar-button-react
  • 2.6.18 - 2024-06-18
    • fix
  • 2.6.17 - 2024-06-18

    bump

  • 2.6.16 - 2024-06-01

    new common class for all host elements to optimize styling via ::parts

  • 2.6.15 - 2024-05-15
    • Workaround to make all-day events with Yahoo work again.
    • Demo page optimization.
  • 2.6.14 - 2024-04-30
    • optimizing default font
    • fixing date button allday issue
from add-to-calendar-button-react GitHub release notes
Package name: chart.js from chart.js GitHub release notes
Package name: dompurify
  • 3.1.6 - 2024-07-05
    • Fixed an issue with the execution logic of attribute hooks to prevent bypasses, thanks @ kevin-mizu
    • Fixed an issue with element removal leading to uncaught errors through DOM Clobbering, thanks @ realansgar
    • Fixed a minor problem with the bower file pointing to the wrong dist path
    • Fixed several minor typos in docs, comments and comment blocks, thanks @ Rotzbua
    • Updated several development dependencies
  • 3.1.5 - 2024-05-31
    • Fixed a minor issue with the dist paths in bower.js, thanks @ HakumenNC
    • Fixed a minor issue with sanitizing HTML coming from copy&paste Word content, thanks @ kakao-bishop-cho
  • 3.1.4 - 2024-05-20
    • Fixed an issue with the recently implemented isNaN checks, thanks @ tulach
    • Added several new popover attributes to allow-list, thanks @ Gigabyte5671
    • Fixed the tests and adjusted the test runner to cover all branches
  • 3.1.3 - 2024-05-11
    • Fixed several mXSS variations found by and thanks to @ kevin-mizu & @ Ry0taK
    • Added better configurability for comment scrubbing default behavior
    • Added better hardening against Prototype Pollution attacks, thanks @ kevin-mizu
    • Added better handling and readability of the nodeType property, thanks @ ssi02014
    • Fixed some smaller issues in README and other documentation
from dompurify GitHub release notes
Package name: framer-motion
  • 11.3.28 - 2024-08-15

    v11.3.28

  • 11.3.28-alpha.1 - 2024-08-14

    v11.3.28-alpha.1

  • 11.3.28-alpha.0 - 2024-08-14

    v11.3.28-alpha.0

  • 11.3.27 - 2024-08-14

    v11.3.27

  • 11.3.26 - 2024-08-14

    v11.3.26

  • 11.3.25 - 2024-08-14

    v11.3.25

  • 11.3.25-alpha.12 - 2024-08-14

    v11.3.25-alpha.12

  • 11.3.25-alpha.11 - 2024-08-14

    v11.3.25-alpha.11

  • 11.3.25-alpha.10 - 2024-08-14

    v11.3.25-alpha.10

  • 11.3.25-alpha.9 - 2024-08-14

    v11.3.25-alpha.9

  • 11.3.25-alpha.8 - 2024-08-14
  • 11.3.25-alpha.7 - 2024-08-14
  • 11.3.25-alpha.6 - 2024-08-14
  • 11.3.25-alpha.5 - 2024-08-14
  • 11.3.25-alpha.4 - 2024-08-13
  • 11.3.25-alpha.3 - 2024-08-13
  • 11.3.25-alpha.2 - 2024-08-13
  • 11.3.25-alpha.1 - 2024-08-13
  • 11.3.25-alpha.0 - 2024-08-13
  • 11.3.24 - 2024-08-08
  • 11.3.24-alpha.2 - 2024-08-08
  • 11.3.24-alpha.1 - 2024-08-08
  • 11.3.23 - 2024-08-07
  • 11.3.23-alpha.10 - 2024-08-08
  • 11.3.23-alpha.9 - 2024-08-08
  • 11.3.23-alpha.8 - 2024-08-08
  • 11.3.23-alpha.7 - 2024-08-08
  • 11.3.23-alpha.6 - 2024-08-08
  • 11.3.23-alpha.5 - 2024-08-08
  • 11.3.23-alpha.4 - 2024-08-08
  • 11.3.23-alpha.3 - 2024-08-08
  • 11.3.23-alpha.2 - 2024-08-08
  • 11.3.23-alpha.1 - 2024-08-07
  • 11.3.23-alpha.0 - 2024-08-07
  • 11.3.22 - 2024-08-07
  • 11.3.21 - 2024-08-01
  • 11.3.20 - 2024-08-01
  • 11.3.19 - 2024-07-27
  • 11.3.18 - 2024-07-26
  • 11.3.18-alpha.0 - 2024-07-26
  • 11.3.17 - 2024-07-24
  • 11.3.16 - 2024-07-24
  • 11.3.15 - 2024-07-24
  • 11.3.14 - 2024-07-24
  • 11.3.13 - 2024-07-24
  • 11.3.12 - 2024-07-23
  • 11.3.11 - 2024-07-23
  • 11.3.10 - 2024-07-23
  • 11.3.9 - 2024-07-23
  • 11.3.8 - 2024-07-19
  • 11.3.7 - 2024-07-18
  • 11.3.6 - 2024-07-17
  • 11.3.5 - 2024-07-17
  • 11.3.4 - 2024-07-16
  • 11.3.3 - 2024-07-16
  • 11.3.2 - 2024-07-11
  • 11.3.1 - 2024-07-11
  • 11.3.0 - 2024-07-10
  • 11.3.0-alpha.0 - 2024-06-12
  • 11.2.14 - 2024-07-09
  • 11.2.13 - 2024-07-04
  • 11.2.12 - 2024-06-25
  • 11.2.11 - 2024-06-19
  • 11.2.10 - 2024-05-31
from framer-motion GitHub release notes
Package name: highlight.js
  • 11.10.0 - 2024-07-06

    Sorry for the wait, this one is a doozie, thanks to all the contributors who made it possible!


    CAVEATS / POTENTIALLY BREAKING CHANGES

    Important

    This version drops support for Node 16.x, which is no longer supported by Node.js.


    Core Grammars:

    • enh(typescript) add support for satisfies operator Kisaragi Hiu
    • enc(c) added more C23 keywords Melkor-1
    • enh(json) added jsonc as an alias BackupMiles
    • enh(gml) updated to latest language version (GML v2024.2) gnysek
    • enh(c) added more C23 keywords and preprcoessor directives Eisenwave
    • enh(js/ts) support namespaced tagged template strings Aral Balkan
    • enh(perl) fix false-positive variable match at end of string Josh Goebel
    • fix(cpp) not all kinds of number literals are highlighted correctly Lê Duy Quang
    • fix(css) fix overly greedy pseudo class matching Bradley Mackey
    • enh(arcade) updated to ArcGIS Arcade version 1.24 Kristian Ekenes
    • fix(typescript): params types Mohamed Ali
    • fix(rust) fix escaped double quotes in string Mohamed Ali
    • fix(rust) fix for r# raw identifier not being highlighted correctly. JaeBaek Lee
    • enh(rust) Adding union to be recognized as a keyword in Rust. JaeBaek Lee
    • fix(yaml) fix for yaml with keys having brackets highlighted incorrectly Aneesh Kulkarni
    • fix(csharp) add raw string highlighting for C# 11. Tara
    • fix(bash) fix # within token being detected as the start of a comment Felix Uhl
    • fix(python) fix or conflicts with string highlighting Mohamed Ali
    • enh(python) adds a scope to the self variable [Lee Falin][]
    • enh(delphi) allow digits to be omitted for hex and binary literals Jonah Jeleniewski
    • enh(delphi) add support for digit separators Jonah Jeleniewski
    • enh(delphi) add support for character strings with non-decimal numerics Jonah Jeleniewski
    • fix(javascript) incorrect function name highlighting CY Fung
    • fix(1c) fix escaped symbols "+-;():=,[]" literals Vitaly Barilko
    • fix(swift) correctly highlight generics and conformances in type definitions Bradley Mackey
    • enh(swift) add package keyword Bradley Mackey
    • fix(swift) ensure keyword attributes highlight correctly Bradley Mackey
    • fix(types) fix interface LanguageDetail > keywords Patrick Chiu
    • enh(java) add goto to be recognized as a keyword in Java Alvin Joy
    • enh(bash) add keyword sudo Alvin Joy
    • fix(haxe) captures new keyword without capturing it within variables/class names Cameron Taylor
    • fix(go) fix go number literals to accept _ separators, add hex p exponents Lisa Ugray
    • enh(markdown) add entity support David Schach TaraLei
    • enh(css) add justify-items and justify-self attributes Vasily Polovnyov
    • enh(css) add accent-color, appearance, color-scheme, rotate, scale and translate attributes Carl Räfting
    • fix(fortran) fixes parsing of keywords delimited by dots Julien Bloino
    • enh(css) add select, option, optgroup, picture and source to list of known tags Vasily Polovnyov
    • enh(css) add inset, inset-*, border-start-*-radius and border-end-*-radius attributes Vasily Polovnyov
    • enh(css) add text-decoration-skip-ink, text-decoration-thickness and text-underline-offset attributes Vasily Polovnyov

    New Grammars:

    • added 3rd party CODEOWNERS grammar to SUPPORTED_LANGUAGES nataliia-radina
    • added 3rd party Luau grammar to SUPPORTED_LANGUAGES Robloxian Demo
    • added 3rd party ReScript grammar to SUPPORTED_LANGUAGES Paul Tsnobiladzé
    • added 3rd party Zig grammar to SUPPORTED_LANGUAGES [Hyou BunKen][]
    • added 3rd party WGSL grammar to SUPPORTED_LANGUAGES Arman Uguray
    • added 3rd party Unison grammar to SUPPORTED_LANGUAGES Rúnar Bjarnason
    • added 3rd party Phix grammar to SUPPORTED_LANGUAGES PeteLomax
    • added 3rd party Mirth grammar to SUPPORTED_LANGUAGES Sierra
    • added 3rd party JSONata grammar to SUPPORTED_LANGUAGES Vlad Dimov

    Developer Tool:

    Themes:

    • Added 1c-light theme a like in the IDE 1C:Enterprise 8 (for 1c) Vitaly Barilko
  • 11.9.0 - 2023-10-09

    Version 11.9.0

    CAVEATS / POTENTIALLY BREAKING CHANGES

    • Drops support for Node 14.x, which is no longer supported by Node.js.
    • In the node build styles/*.css files now ship un-minified
      with minified counterparts as: styles/*.min.css mvorisek
      (this makes things consistent with our cdn builds)

    Parser:

    • (enh) prevent re-highlighting of an element [joshgoebel][]
    • (chore) Remove discontinued badges from README Bradley Mackey
    • (chore) Fix build size report Bradley Mackey

    New Grammars:

    • added 3rd party Iptables grammar to SUPPORTED_LANGUAGES Checconio
    • added 3rd party x86asmatt grammar to SUPPORTED_LANGUAGES gondow
    • added 3rd party riscv64 grammar to SUPPORTED_LANGUAGES aana-h2
    • added 3rd party Ballerina grammar to SUPPORTED_LANGUAGES Yasith Deelaka

    Core Grammars:

    • fix(rust) added negative-lookahead for callable keywords if while for [Omar Hussein][]
    • enh(armasm) added x0-x30 and w0-w30 ARMv8 registers Nicholas Thompson
    • enh(haxe) added final, is, macro keywords and $ identifiers Robert Borghese
    • enh(haxe) support numeric separators and suffixes Robert Borghese
    • fix(haxe) fixed metadata arguments and support non-colon syntax Robert Borghese
    • fix(haxe) differentiate abstract declaration from keyword Robert Borghese
    • fix(bash) do not delimit a string by an escaped apostrophe [hancar][]
    • enh(swift) support macro keyword Bradley Mackey
    • enh(swift) support parameter pack keywords Bradley Mackey
    • enh(swift) regex literal support Bradley Mackey
    • enh(swift) @ unchecked and @ Sendable support Bradley Mackey
    • enh(scala) add using directives support //> using foo bar [Jamie Thompson][]
    • fix(scala) fixed comments in constructor arguments not being properly highlighted Isaac Nonato
    • enh(swift) ownership modifiers support Bradley Mackey
    • enh(nsis) Add !assert compiler flag [idleberg][]
    • fix(haskell) do not treat double dashes inside infix operators as comments [Zlondrej][]
    • enh(rust) added eprintln! macro qoheniac
    • enh(leaf) update syntax to 4.0 Samuel Bishop
    • fix(reasonml) simplify syntax and align it with ocaml jchavarri
    • fix(swift) warn_unqualified_access is an attribute Bradley Mackey
    • enh(swift) macro attributes are highlighted as keywords Bradley Mackey
    • enh(stan) updated for version 2.33 (#3859) Brian Ward
    • fix(css) added '_' css variable detection Md Saad Akhtar
    • enh(groovy) add record and var as keywords Guillaume Laforge

    Developer Tool:

from highlight.js GitHub release notes
Package name: path-to-regexp
  • 7.1.0 - 2024-07-13

    Added

    • Adds a strict option to detect potential ReDOS issues

    Fixed

    • Fixes separator to default to suffix + prefix when not specified
    • Allows separator to be undefined in TokenData
      • This is only relevant if you are building TokenData manually, previously parse filled it in automatically

    Comments

    • I highly recommend enabling strict: true and I'm probably releasing a V8 with it enabled by default ASAP as a necessary security mitigation

    v7.0.0...v7.1.0

  • 7.0.0 - 2024-06-20

    Hi all! There's a few major breaking changes in this release so read carefully.

    Breaking changes:

    • The function returned by compile only accepts strings as values (i.e. no numbers, use String(value) before compiling a path)
      • For repeated values, when encode !== false, it must be an array of strings
    • Parameter names can contain all unicode identifier characters (defined as regex \p{XID_Continue}).
    • Modifiers (?, *, +) must be used after a param explicitly wrapped in {}
      • No more implied prefix of / or .
    • No support for arrays or regexes as inputs
    • The wildcard (standalone *) has been added back and matches Express.js expected behavior
    • Removed endsWith option
    • Renamed strict: true to trailing: false
    • Reserved ;, ,, !, and @ for future use-cases
    • Removed tokensToRegexp, tokensToFunction and regexpToFunction in favor of simplifying exports
    • Enable a "loose" mode by default, so / can be repeated multiple times in a matched path (i.e. /foo works like //foo, etc)
    • encode and decode no longer receive the token as the second parameter
    • Removed the ESM + CommonJS dual package in favor of only one CommonJS supported export
    • Minimum JS support for ES2020 (previous ES2015)
    • Encode defaults to encodeURIComponent and decode defaults to decodeURIComponent

    Added:

    • Adds encodePath to fix an issue around encode being used for both path and parameters (the path and parameter should be encoded slightly differently)
    • Adds loose as an option to support arbitrarily matching the delimiter in paths, e.g. foo/bar and foo///bar should work the same
    • Allow encode and decode to be set to false which skips all processing of the parameters input/output
    • All remaining methods support TokenData (exported, returned by parse) as input
      • This should be useful if you are programmatically building paths to match or want to avoid parsing multiple times

    Requests for feedback:

    • Requiring {} is an obvious drawback but I'm seeking feedback on whether it helps make path behavior clearer
      • Related: Removing / and . as implicit prefixes
    • Removing array and regex support is to reduce the overall package size for things many users don't need
    • Unicode IDs are added to align more closely with browser URLPattern behavior, which uses JS identifiers

    v6.2.2...v7.0.0

  • 6.2.2 - 2024-04-07

    No API changes. Documentation only release.

    Changed

    v6.2.1...v6.2.2

from path-to-regexp GitHub release notes
Package name: react-day-picker
  • 9.0.8 - 2024-08-07

    This release fixes a regression in v9.0.7 affecting range mode.

    What's Changed

    • fix: update the displayed month only if start/end month change by @ gpbl in #2358

    Full Changelog: v9.0.7...v9.0.8

  • 9.0.7 - 2024-08-04

    This release improves compatibility with v8 and fix an issue with the calendar navigation.

    What's Changed

    • fix: update calendar state when startMonth or endMonth change by @ gpbl in #2343
    • feat: allow partial locales, export defaultLocale by @ gpbl in #2348
    • feat: allow undefined as initially selected value, as it was in v8 by @ gpbl in #2341
    • docs: changed class name calendar to root in the examples by @ gpbl in #2347
    • docs: replaced deprecated props by @ josephmarkus in #2336*

    New Contributors

    Full Changelog: v9.0.6...v9.0.7

  • 9.0.6 - 2024-07-31

    This release addresses the failed import of the common-js module for some app builder and add new data- attributes to help the integration with Tailwind. Thanks for your feedback!

    What's Changed

    • fix(build): add package.json to dist/cjs module by @ gpbl in #2330
    • feat: add new data-attributes to the day cells by @ gpbl in #2331

    New Contributors

    Full Changelog: v9.0.5...v9.0.6

  • 9.0.5 - 2024-07-30

    This release improves the range mode behavior (see the updated docs) and address some styling issues.

    What's Changed

    • fix: improved range mode to work with min / required props by

Snyk has created this PR to upgrade:
  - @reduxjs/toolkit from 2.2.4 to 2.2.7.
    See this package in npm: https://www.npmjs.com/package/@reduxjs/toolkit
  - add-to-calendar-button-react from 2.6.14 to 2.6.18.
    See this package in npm: https://www.npmjs.com/package/add-to-calendar-button-react
  - chart.js from 4.4.2 to 4.4.3.
    See this package in npm: https://www.npmjs.com/package/chart.js
  - dompurify from 3.1.3 to 3.1.6.
    See this package in npm: https://www.npmjs.com/package/dompurify
  - framer-motion from 11.2.10 to 11.3.28.
    See this package in npm: https://www.npmjs.com/package/framer-motion
  - highlight.js from 11.9.0 to 11.10.0.
    See this package in npm: https://www.npmjs.com/package/highlight.js
  - path-to-regexp from 6.2.2 to 7.1.0.
    See this package in npm: https://www.npmjs.com/package/path-to-regexp
  - react-day-picker from 8.10.1 to 9.0.8.
    See this package in npm: https://www.npmjs.com/package/react-day-picker
  - react-icons from 5.2.1 to 5.3.0.
    See this package in npm: https://www.npmjs.com/package/react-icons
  - react-router from 6.23.1 to 6.26.1.
    See this package in npm: https://www.npmjs.com/package/react-router
  - react-router-dom from 6.23.1 to 6.26.1.
    See this package in npm: https://www.npmjs.com/package/react-router-dom
  - react-spinners from 0.13.8 to 0.14.1.
    See this package in npm: https://www.npmjs.com/package/react-spinners
  - styled-components from 6.1.11 to 6.1.12.
    See this package in npm: https://www.npmjs.com/package/styled-components

See this project in Snyk:
https://app.snyk.io/org/kabir0x23/project/56a100f1-3b8e-4637-93f9-fe3df450cb41?utm_source=github&utm_medium=referral&page=upgrade-pr
Copy link

@github-actions github-actions bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It's great having you contribute to this project

🌟 Welcome to the community 🌟

  • If you would like to continue contributing to open source and would like to do it with an awesome inclusive community.
  • You should join our Discord chat and our GitHub Organisation.
  • We help and encourage each other to contribute to open source little and often 😄.
  • Any questions let us know.

@kabir0x23 kabir0x23 deleted the branch dev October 8, 2024 06:12
@kabir0x23 kabir0x23 closed this Oct 8, 2024
@kabir0x23 kabir0x23 deleted the snyk-upgrade-07458ba242a347ba0b9b54c153ca969a branch October 10, 2024 13:16
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants