Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Snyk] Upgrade: , , camelcase, , , prettier, rimraf, svgo #21

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

WontonSam
Copy link
Owner

snyk-top-banner

Snyk has created this PR to upgrade multiple dependencies.

👯 The following dependencies are linked and will therefore be updated together.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

⚠️ Warning: This PR contains major version upgrade(s), and may be a breaking change.

Name Versions Released on

@babel/core
from 7.21.4 to 7.25.2 | 33 versions ahead of your current version | 2 months ago
on 2024-07-30
@babel/plugin-transform-react-jsx
from 7.18.10 to 7.25.2 | 18 versions ahead of your current version | 2 months ago
on 2024-07-30
camelcase
from 6.3.0 to 8.0.0 | 3 versions ahead of your current version
⚠️ This is a major version upgrade, and may be a breaking change | a year ago
on 2023-08-09
@svgr/core
from 5.5.0 to 8.1.0 | 19 versions ahead of your current version
⚠️ This is a major version upgrade, and may be a breaking change | a year ago
on 2023-08-15
@vue/compiler-dom
from 3.2.37 to 3.4.38 | 92 versions ahead of your current version | a month ago
on 2024-08-15
prettier
from 2.8.7 to 3.3.3 | 30 versions ahead of your current version
⚠️ This is a major version upgrade, and may be a breaking change | 2 months ago
on 2024-07-13
rimraf
from 3.0.2 to 6.0.1 | 31 versions ahead of your current version
⚠️ This is a major version upgrade, and may be a breaking change | 2 months ago
on 2024-07-10
svgo
from 1.3.2 to 3.3.2 | 27 versions ahead of your current version
⚠️ This is a major version upgrade, and may be a breaking change | 4 months ago
on 2024-05-09

Issues fixed by the recommended upgrade:

Issue Score Exploit Maturity
critical severity Incomplete List of Disallowed Inputs
SNYK-JS-BABELTRAVERSE-5962462
235 Proof of Concept
high severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-NTHCHECK-1586032
235 Proof of Concept
high severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-SEMVER-3247795
235 Proof of Concept
medium severity Missing Release of Resource after Effective Lifetime
SNYK-JS-INFLIGHT-6095116
235 Proof of Concept
Release notes
Package name: @babel/core
  • 7.25.2 - 2024-07-30

    v7.25.2 (2024-07-30)

    🐛 Bug Fix

    • babel-core, babel-traverse

    Committers: 2

  • 7.24.9 - 2024-07-15

    v7.24.9 (2024-07-15)

    🐛 Bug Fix

    💅 Polish

    • babel-generator, babel-plugin-transform-optional-chaining

    🏠 Internal

    • babel-helper-module-transforms

    Committers: 5

  • 7.24.8 - 2024-07-11
  • 7.24.7 - 2024-06-05
  • 7.24.6 - 2024-05-24
  • 7.24.5 - 2024-04-29
  • 7.24.4 - 2024-04-03
  • 7.24.3 - 2024-03-20
  • 7.24.1 - 2024-03-19
  • 7.24.0 - 2024-02-28
  • 7.23.9 - 2024-01-25
  • 7.23.7 - 2023-12-29
  • 7.23.6 - 2023-12-11
  • 7.23.5 - 2023-11-29
  • 7.23.3 - 2023-11-09
  • 7.23.2 - 2023-10-12
  • 7.23.0 - 2023-09-25
  • 7.22.20 - 2023-09-16
  • 7.22.19 - 2023-09-14
  • 7.22.18 - 2023-09-14
  • 7.22.17 - 2023-09-08
  • 7.22.15 - 2023-09-04
  • 7.22.11 - 2023-08-24
  • 7.22.10 - 2023-08-07
  • 7.22.9 - 2023-07-12
  • 7.22.8 - 2023-07-06
  • 7.22.7 - 2023-07-06
  • 7.22.6 - 2023-07-04
  • 7.22.5 - 2023-06-08
  • 7.22.1 - 2023-05-26
  • 7.22.0 - 2023-05-26
  • 7.21.8 - 2023-05-02
  • 7.21.5 - 2023-04-28
  • 7.21.4 - 2023-03-31
from @babel/core GitHub release notes
Package name: @babel/plugin-transform-react-jsx
  • 7.25.2 - 2024-07-30

    v7.25.2 (2024-07-30)

    🐛 Bug Fix

    • babel-core, babel-traverse

    Committers: 2

  • 7.24.7 - 2024-06-05
  • 7.24.6 - 2024-05-24
  • 7.23.4 - 2023-11-20
  • 7.22.15 - 2023-09-04
  • 7.22.5 - 2023-06-08
  • 7.22.3 - 2023-05-27
  • 7.22.0 - 2023-05-26
  • 7.21.5 - 2023-04-28
  • 7.21.4-esm.4 - 2023-04-04
  • 7.21.4-esm.3 - 2023-04-04
  • 7.21.4-esm.2 - 2023-04-04
  • 7.21.4-esm.1 - 2023-04-04
  • 7.21.4-esm - 2023-04-04
  • 7.21.0 - 2023-02-20
  • 7.20.13 - 2023-01-21
  • 7.20.7 - 2022-12-22
  • 7.19.0 - 2022-09-05
  • 7.18.10 - 2022-08-01
from @babel/plugin-transform-react-jsx GitHub release notes
Package name: camelcase from camelcase GitHub release notes
Package name: @svgr/core
  • 8.1.0 - 2023-08-15

    Bug Fixes

    • cli: fix default dimensions, prettier & svgo (571d5c8)
    • config: prefer cli config over rc config (#845) (8b97248)
    • react-native: fix duplicate import (#894) (e612b6a)

    Features

    • esm: add support for svgo.config.cjs (#879) (ae91e2e)
  • 8.0.0 - 2023-05-09

    Bug Fixes

    • parseObject error causes website broken (05f2946)

    Features

    • types: change SVGProps from import to import type (#853) (095f021)
    • add snake_case filename option (#857) (428b0c7)
    • make index template more flexible (#861) (003009c)

    BREAKING CHANGES

    • index template now receives an array of objects containing both the created
      component path (path) and the original SVG path (originalPath)
  • 7.0.0 - 2023-03-24

    Features

    BREAKING CHANGES

    • plugin-jsx is no longer included by default in core
    • svgr now requires Node.js v14+
  • 6.5.1 - 2022-10-27
    No content.
  • 6.5.0 - 2022-10-14

    Bug Fixes

    Features

    • babel-preset: fix 'role' attribute on svg element for react native (#787) (35d85e0)
  • 6.4.0 - 2022-10-01

    Bug Fixes

    • deps: add babel-preset to core dependencies (#782) (464ec5f)

    Features

    • a11y: add attribute role="img" to the svg element (#750) (8b9edc4)
    • support spaces in file names (#779) (6ee639a)
  • 6.3.1 - 2022-07-22

    Bug Fixes

  • 6.3.0 - 2022-07-18

    Bug Fixes

    Features

    • add descProp option (#729) (a0637d4)
    • cli: output file name when error happen to handling a file (#702) (0ec1fbd)
  • 6.2.1 - 2022-01-30

    Bug Fixes

  • 6.2.0 - 2022-01-10
  • 6.1.2 - 2021-12-12
  • 6.1.1 - 2021-12-04
  • 6.1.0 - 2021-12-01
  • 6.0.0 - 2021-11-28
  • 6.0.0-alpha.4 - 2021-11-13
  • 6.0.0-alpha.3 - 2021-11-12
  • 6.0.0-alpha.2 - 2021-11-01
  • 6.0.0-alpha.1 - 2021-10-31
  • 6.0.0-alpha.0 - 2021-09-24
  • 5.5.0 - 2020-11-15
from @svgr/core GitHub release notes
Package name: @vue/compiler-dom
  • 3.4.38 - 2024-08-15

    For stable releases, please refer to CHANGELOG.md for details.
    For pre-releases, please refer to CHANGELOG.md of the minor branch.

  • 3.4.37 - 2024-08-08

    For stable releases, please refer to CHANGELOG.md for details.
    For pre-releases, please refer to CHANGELOG.md of the minor branch.

  • 3.4.36 - 2024-08-06

    For stable releases, please refer to CHANGELOG.md for details.
    For pre-releases, please refer to CHANGELOG.md of the minor branch.

  • 3.4.35 - 2024-07-31

    For stable releases, please refer to CHANGELOG.md for details.
    For pre-releases, please refer to CHANGELOG.md of the minor branch.

  • 3.4.34 - 2024-07-24

    For stable releases, please refer to CHANGELOG.md for details.
    For pre-releases, please refer to CHANGELOG.md of the minor branch.

  • 3.4.33 - 2024-07-19
  • 3.4.32 - 2024-07-17
  • 3.4.31 - 2024-06-28
  • 3.4.30 - 2024-06-22
  • 3.4.29 - 2024-06-14
  • 3.4.28 - 2024-06-14
  • 3.4.27 - 2024-05-06
  • 3.4.26 - 2024-04-29
  • 3.4.25 - 2024-04-24
  • 3.4.24 - 2024-04-22
  • 3.4.23 - 2024-04-16
  • 3.4.22 - 2024-04-15
  • 3.4.21 - 2024-02-28
  • 3.4.20 - 2024-02-26
  • 3.4.19 - 2024-02-13
  • 3.4.18 - 2024-02-09
  • 3.4.17 - 2024-02-09
  • 3.4.16 - 2024-02-08
  • 3.4.15 - 2024-01-18
  • 3.4.14 - 2024-01-15
  • 3.4.13 - 2024-01-13
  • 3.4.12 - 2024-01-13
  • 3.4.11 - 2024-01-12
  • 3.4.10 - 2024-01-11
  • 3.4.9 - 2024-01-11
  • 3.4.8 - 2024-01-10
  • 3.4.7 - 2024-01-09
  • 3.4.6 - 2024-01-08
  • 3.4.5 - 2024-01-04
  • 3.4.4 - 2024-01-03
  • 3.4.3 - 2023-12-30
  • 3.4.2 - 2023-12-30
  • 3.4.1 - 2023-12-30
  • 3.4.0 - 2023-12-29
  • 3.4.0-rc.3 - 2023-12-27
  • 3.4.0-rc.2 - 2023-12-26
  • 3.4.0-rc.1 - 2023-12-25
  • 3.4.0-beta.4 - 2023-12-19
  • 3.4.0-beta.3 - 2023-12-16
  • 3.4.0-beta.2 - 2023-12-14
  • 3.4.0-beta.1 - 2023-12-13
  • 3.4.0-alpha.4 - 2023-12-04
  • 3.4.0-alpha.3 - 2023-11-28
  • 3.4.0-alpha.2 - 2023-11-27
  • 3.4.0-alpha.1 - 2023-10-28
  • 3.3.13 - 2023-12-19
  • 3.3.12 - 2023-12-16
  • 3.3.11 - 2023-12-08
  • 3.3.10 - 2023-12-04
  • 3.3.9 - 2023-11-25
  • 3.3.8 - 2023-11-06
  • 3.3.7 - 2023-10-24
  • 3.3.6 - 2023-10-20
  • 3.3.5 - 2023-10-20
  • 3.3.4 - 2023-05-18
  • 3.3.3 - 2023-05-18
  • 3.3.2 - 2023-05-12
  • 3.3.1 - 2023-05-11
  • 3.3.0 - 2023-05-11
  • 3.3.0-beta.5 - 2023-05-08
  • 3.3.0-beta.4 - 2023-05-05
  • 3.3.0-beta.3 - 2023-05-01
  • 3.3.0-beta.2 - 2023-04-25
  • 3.3.0-beta.1 - 2023-04-21
  • 3.3.0-alpha.13 - 2023-04-20
  • 3.3.0-alpha.12 - 2023-04-18
  • 3.3.0-alpha.11 - 2023-04-17
  • 3.3.0-alpha.10 - 2023-04-17
  • 3.3.0-alpha.9 - 2023-04-08
  • 3.3.0-alpha.8 - 2023-04-04
  • 3.3.0-alpha.7 - 2023-04-03
  • 3.3.0-alpha.6 - 2023-03-30
  • 3.3.0-alpha.5 - 2023-03-26
  • 3.3.0-alpha.4 - 2023-02-06
  • 3.3.0-alpha.3 - 2023-02-06
  • 3.3.0-alpha.2 - 2023-02-05
  • 3.3.0-alpha.1 - 2023-02-05
  • 3.2.47 - 2023-02-02
  • 3.2.46 - 2023-02-02
  • 3.2.45 - 2022-11-11
  • 3.2.44 - 2022-11-09
  • 3.2.43 - 2022-11-09
  • 3.2.42 - 2022-11-09
  • 3.2.41 - 2022-10-14
  • 3.2.40 - 2022-09-28
  • 3.2.39 - 2022-09-08
  • 3.2.38 - 2022-08-30
  • 3.2.37 - 2022-06-06
from @vue/compiler-dom GitHub release notes
Package name: prettier
  • 3.3.3 - 2024-07-13

    🔗 Changelog

  • 3.3.2 - 2024-06-11

    🔗 Changelog

  • 3.3.1 - 2024-06-05

    🔗 Changelog

  • 3.3.0 - 2024-06-01

    diff

    🔗 Release note

  • 3.2.5 - 2024-02-04

    🔗 Changelog

  • 3.2.4 - 2024-01-17
    • Fix .eslintrc.json format #15947

    🔗 Changelog

  • 3.2.3 - 2024-01-17
    • Format tsconfig.json file with jsonc parser #15927

    🔗 Changelog

  • 3.2.2 - 2024-01-14

    🔗 Changelog

  • 3.2.1 - 2024-01-12
  • 3.2.0 - 2024-01-12
  • 3.1.1 - 2023-12-10
  • 3.1.0 - 2023-11-13
  • 3.0.3 - 2023-08-29
  • 3.0.2 - 2023-08-15
  • 3.0.1 - 2023-08-03
  • 3.0.0 - 2023-07-05
  • 3.0.0-alpha.9-for-vscode - 2023-04-23
  • 3.0.0-alpha.8-for-vscode - 2023-04-23
  • 3.0.0-alpha.7-for-vscode - 2023-04-23
  • 3.0.0-alpha.12 - 2023-05-26
  • 3.0.0-alpha.11 - 2023-04-25
  • 3.0.0-alpha.10 - 2023-04-23
  • 3.0.0-alpha.6 - 2023-03-02
  • 3.0.0-alpha.5 - 2023-03-01
  • 3.0.0-alpha.4 - 2022-10-26
  • 3.0.0-alpha.3 - 2022-10-20
  • 3.0.0-alpha.2 - 2022-10-13
  • 3.0.0-alpha.1 - 2022-10-08
  • 3.0.0-alpha.0 - 2022-08-17
  • 2.8.8 - 2023-04-23
  • 2.8.7 - 2023-03-24
from prettier GitHub release notes
Package name: rimraf
  • 6.0.1 - 2024-07-10

    6.0.1

  • 6.0.0 - 2024-07-08

    6.0.0

  • 5.0.10 - 2024-07-31
  • 5.0.9 - 2024-07-08

    5.0.9

  • 5.0.8 - 2024-07-06

    v5.0.8

  • 5.0.7 - 2024-05-12

    5.0.7

  • 5.0.6 - 2024-05-10

    5.0.6

  • 5.0.5 - 2023-09-27

    5.0.5

  • 5.0.4 - 2023-09-25

    5.0.4

  • 5.0.3 - 2023-09-25

    5.0.3

  • 5.0.2 - 2023-09-25

    5.0.2

  • 5.0.1 - 2023-05-17
  • 5.0.0 - 2023-04-09
  • 4.4.1 - 2023-03-22
  • 4.4.0 - 2023-03-08
  • 4.3.1 - 2023-03-06
  • 4.3.0 - 2023-03-04
  • 4.2.0 - 2023-03-03
  • 4.1.4 - 2023-03-02
  • 4.1.3 - 2023-03-01
  • 4.1.2 - 2023-01-24
  • 4.1.1 - 2023-01-17
  • 4.1.0 - 2023-01-17
  • 4.0.7 - 2023-01-15
  • 4.0.6 - 2023-01-15
  • 4.0.5 - 2023-01-14
  • 4.0.4 - 2023-01-13
  • 4.0.3 - 2023-01-13
  • 4.0.2 - 2023-01-13
  • 4.0.1 - 2023-01-13
  • 4.0.0 - 2023-01-13
  • 3.0.2 - 2020-02-09
from rimraf GitHub release notes
Package name: svgo
  • 3.3.2 - 2024-05-09

    Notice

    An update on what happened with v3.3.0 and v3.3.1. While we have retained CJS support, the migration to ESM has changed the acceptable ways to import SVGO, in ways that users depended on before. This effectively made SVGO v3 a breaking change.

    Rather than resolve or workaround these differences, we've opted to release SVGO v3.3.2, which is effectively a revert to v3.2.0, and deprecate versions v3.3.0 and v3.3.1. We'll then proceed to work on releasing v4 which will document the breaking changes, and feature further breaking changes that were slated for v4, like disabling removeViewBox by default.

    Before the v4.0.0 release, I'll put more focus on testing and use release candidates, just to make the release go smoothly! 👍🏽

    Sorry for the headache, and thanks for your patience.

  • 3.3.1 - 2024-05-08

    Notice

    SVGO v3.3.0, which was meant to migrate to ESM without breaking CJS support, unfortunately broke CJS projects. There was a mistake with exports, so the loadConfig function wasn't available in the CJS bundle and lead to issues for many users.

    Thanks to everyone who raised the issue, and to @ nuintun who submitted a pull request to resolve it so quickly.

    I apologize for letting that breaking change through, and will aim to do better. Namely, by adding more tests to cover our exports, and any other public interface in general for each distribution of SVGO, so this doesn't happen again.

    SVGO v3.3.1 should resolve the issue for CJS projects, but if you encounter anything else, do let us know by opening an issue on GitHub.

  • 3.3.0 - 2024-05-08

    Deprecated

    This release introduced breaking changes, which have been reverted in v3.3.2. The bug fixes will be reintroduced in v4.0.0.

    What's Changed

    ESM

    SVGO is now a dual package, serving for both Common JS and ESM usage. We believe there shouldn't be any problems, especially as SVGO as largely stateless, but feel free to open an issue if you encounter problems with this.

    To be explicit, this is not a breaking change, and SVGO should continue to work in Common JS projects!

    Thanks to @ jdufresne for doing the bulk of the work.

    Default Behavior

    • convertColors, now converts all references to colors excluding references to IDs to lowercase. This can be disabled by setting convertCase to false.

    Bug Fixes

    • cleanupIds, treat both URI encoded and non-URI encoded IDs as the same. By @ liuweifeng in #1982
    • collapseGroups, check styles as well as attributes. By @ johnkenny54 in #1952
    • collapseGroups, move attributes atomically. By @ johnkenny54 in #1930
    • convertPathData, fix q control point when item is removed. By @ KTibow in #1927
    • convertPathData, preserve vertex for markers only paths. By @ SethFalco in #1967
    • mergePaths, don't merge paths if attributes/styles depend on the node's bounding box. By @ johnkenny54 in #1964
    • moveElemsAttrsToGroups, no longer moves the transforms if group has the filter attribute. By @ johnkenny54 in #1933
    • prefixIds, fixed issue where some IDs were not prefixed when style tag contained XML comments. By @ john-neptune in #1942
    • removeHiddenElems, don't remove node if child element has a referenced ID. By @ johnkenny54 in #1925
    • removeHiddenElems, treat path[opacity=0] as a non-rendering node. By @ johnkenny54 in #1948
    • removeUselessDefs, don't remove node if child element has an ID. By @ johnkenny54 in #1923
    • When stringifying path data, include a space before numbers represented in scientific notation. By @ johnkenny54 in #1961
    • No longer crashes when the output (-o argument) ends with a trailing slash to a location that didn't exist. By @ SethFalco in #1954

    SVG Optimization

    • convertColors, introduce parameter to convert colors to common casing (lowercase/uppercase). By @ JayLeininger in #1692
    • removeDeprecatedAttrs, new plugin that is disabled by default to remove SVG attributes that are deprecated. By @ jdufresne in #1869

    Metrics

    Before and after using vectors from various sources, with the default preset of each respective version:

    SVG Original v3.2.0 v3.3.0 Delta
    Arch Linux Logo 9.529 KiB 4.115 KiB 4.097 KiB ⬇️ 0.018 KiB
    Blobs 50.45 KiB 42.623 KiB 42.609 KiB ⬇️ 0.014 KiB
    Isometric Madness 869.034 KiB 540.582 KiB 540.073 KiB ⬇️ 0.509 KiB
    tldr-pages Banner 2.071 KiB 1.07 KiB 1.07 KiB
    Wikipedia Logo 161.551 KiB 111.668 KiB 111.668 KiB

    Before and after of the browser bundle of each respective version:

    v3.2.0 v3.3.0 Delta
    svgo.browser.js 910.9 kB 753.0 kB ⬇️ 157.9 kB
  • 3.2.0 - 2024-01-02

    What's Changed

    Bug Fixes

    SVG Optimization

    • convertPathData, improves closing paths and how we determine if to use absolute or relative commands. By @ KTibow in #1867
    • convertPathData, round arc or convert to lines based on the sagitta, can be disabled by setting smartArcRounding to false. By @ KTibow in #1873
    • convertPathData, convert cubic Bézier curves to quadratic Bézier curves where possible, can be disabled by setting convertToQ to false. By @ KTibow in #1889

    Performance

    Metrics

    Before and after using vectors from various sources, with the default preset of each respective version:

    SVG Original v3.1.0 v3.2.0 Delta
    Arch Linux Logo 9.529 KiB 4.162 KiB 4.115 KiB ⬇️ 0.047 KiB
    Blobs 50.45 KiB 42.949 KiB 42.623 KiB ⬇️ 0.326 KiB
    Isometric Madness 869.034 KiB 550.153 KiB 540.582 KiB ⬇️ 9.571 KiB
    tldr-pages Banner 2.071 KiB 1.07 KiB 1.07 KiB
    Wikipedia Logo 161.551 KiB 116 KiB 111.668 KiB ⬇️ 4.332 KiB

    Before and after of the browser bundle of each respective version:

    v3.1.0 v3.2.0 Delta
    svgo.browser.js 660.9 kB 910.9 kB ⬆️ 250 kB
  • 3.1.0 - 2023-12-11

    What's Changed

    Bug Fixes

Snyk has created this PR to upgrade:
  - @babel/core from 7.21.4 to 7.25.2.
    See this package in npm: https://www.npmjs.com/package/@babel/core
  - @babel/plugin-transform-react-jsx from 7.18.10 to 7.25.2.
    See this package in npm: https://www.npmjs.com/package/@babel/plugin-transform-react-jsx
  - camelcase from 6.3.0 to 8.0.0.
    See this package in npm: https://www.npmjs.com/package/camelcase
  - @svgr/core from 5.5.0 to 8.1.0.
    See this package in npm: https://www.npmjs.com/package/@svgr/core
  - @vue/compiler-dom from 3.2.37 to 3.4.38.
    See this package in npm: https://www.npmjs.com/package/@vue/compiler-dom
  - prettier from 2.8.7 to 3.3.3.
    See this package in npm: https://www.npmjs.com/package/prettier
  - rimraf from 3.0.2 to 6.0.1.
    See this package in npm: https://www.npmjs.com/package/rimraf
  - svgo from 1.3.2 to 3.3.2.
    See this package in npm: https://www.npmjs.com/package/svgo

See this project in Snyk:
https://app.snyk.io/org/cachiman/project/aa4fcef0-e944-41f6-8cc4-3f8c13ce7f4e?utm_source=github&utm_medium=referral&page=upgrade-pr
Copy link

google-cla bot commented Sep 20, 2024

Thanks for your pull request! It looks like this may be your first contribution to a Google open source project. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA).

View this failed invocation of the CLA check for more information.

For the most up to date status, view the checks section at the bottom of the pull request.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
2 participants