Skip to content

[Snyk] Upgrade @sanity/desk-tool from 2.10.2 to 2.29.4 #20

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
snyk-bot wants to merge 1 commit into
base: development
Choose a base branch
from
Open

[Snyk] Upgrade @sanity/desk-tool from 2.10.2 to 2.29.4 #20

snyk-bot wants to merge 1 commit into from

Conversation

@snyk-bot
Copy link
Contributor

@snyk-bot snyk-bot commented Apr 26, 2022

Snyk has created this PR to upgrade @sanity/desk-tool from 2.10.2 to 2.29.4.

merge advice
ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

  • The recommended version is 195 versions ahead of your current version.
  • The recommended version was released 25 days ago, on 2022-04-01.

The recommended version fixes:

Severity Issue PriorityScore (*) Exploit Maturity
Information Exposure
SNYK-JS-SIMPLEGET-2361683		 547/1000
Why? Proof of Concept exploit, CVSS 8.8		 Proof of Concept
Regular Expression Denial of Service (ReDoS)
SNYK-JS-PRISMJS-1585202		 547/1000
Why? Proof of Concept exploit, CVSS 8.8		 Proof of Concept
Regular Expression Denial of Service (ReDoS)
SNYK-JS-PRISMJS-1314893		 547/1000
Why? Proof of Concept exploit, CVSS 8.8		 No Known Exploit
Prototype Pollution
SNYK-JS-IMMER-1019369		 547/1000
Why? Proof of Concept exploit, CVSS 8.8		 Proof of Concept
Regular Expression Denial of Service (ReDoS)
SNYK-JS-ANSIHTML-1296849		 547/1000
Why? Proof of Concept exploit, CVSS 8.8		 Proof of Concept
Cross-site Scripting (XSS)
SNYK-JS-PRISMJS-2404333		 547/1000
Why? Proof of Concept exploit, CVSS 8.8		 No Known Exploit
Regular Expression Denial of Service (ReDoS)
SNYK-JS-POSTCSS-1090595		 547/1000
Why? Proof of Concept exploit, CVSS 8.8		 Proof of Concept
Regular Expression Denial of Service (ReDoS)
SNYK-JS-PATHPARSE-1077067		 547/1000
Why? Proof of Concept exploit, CVSS 8.8		 Proof of Concept
Information Exposure
SNYK-JS-NANOID-2332193		 547/1000
Why? Proof of Concept exploit, CVSS 8.8		 Proof of Concept
Prototype Pollution
SNYK-JS-IMMER-1540542		 547/1000
Why? Proof of Concept exploit, CVSS 8.8		 Proof of Concept
Regular Expression Denial of Service (ReDoS)
SNYK-JS-POLISHED-1298071		 547/1000
Why? Proof of Concept exploit, CVSS 8.8		 No Known Exploit
Regular Expression Denial of Service (ReDoS)
SNYK-JS-POLISHED-1298071		 547/1000
Why? Proof of Concept exploit, CVSS 8.8		 No Known Exploit
Prototype Pollution
SNYK-JS-MINIMIST-2429795		 547/1000
Why? Proof of Concept exploit, CVSS 8.8		 No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Release notes
Package name: @sanity/desk-tool
  • 2.29.4 - 2022-04-01

    Upgrade the Command Line Interface (CLI) with:

    npm install --global @ sanity/cli

    Upgrade Sanity Studio with:

    sanity upgrade

    🐛 Notable bugfixes

    • Fixes regression in the previous release regarding pasting of HTML into the Portable Text Editor.
    • Fixes a rare bug with pasting plain text into the Portable Text editor where it sometimes would error and deny the paste.

    📓 Full changelog

    Author Message Commit
    Per-Kristian Nordnes fix(portable-text-editor): fix order of outer plugin stack f793cda
    Per-Kristian Nordnes fix(portable-text-editor): fix pasted plain text normalization issue 7e81046
    Per-Kristian Nordnes chore(dev): upgrade sanity-plugin-mux-input to 1.1.1 63e33b9
  • 2.29.3 - 2022-03-30

    Upgrade the Command Line Interface (CLI) with:

    npm install --global @ sanity/cli

    Upgrade Sanity Studio with:

    sanity upgrade

    ✨ Highlights

    Select organization with the CLI

    Allow selecting an organization to attach new projects to during sanity init.

    Other features

    • Update image input height based on image size.
    • Adds support for @ sanity/language-filter to fallback to a different language select implementation when the current one is not relevant. (thank you @ LiamMartens)

    🐛 Notable bugfixes

    • Improves how patches are sent to the server in the Portable Text editor, potentially fixing a very rare heisenbug where the latest change in the editor would not be persisted.
    • Fixes a regression in the Portable Text editor's custom paste handler support.
    • Fixes issues in the Portable Text editor when merging two paragraphs with text annotations in some circumstances.
    • Fixes an issue where the number input wasn't allowing for decimal numbers (when the input is active).
    • Fixes an issue with the changelog when filtering out entries without data to display.

    📓 Full changelog

    Author Message Commit
    Espen Hovlandsdal fix(types): use type-only imports, drop react dependency e01014a
    Espen Hovlandsdal chore(deps): upgrade react types ec97f05
    Per-Kristian Nordnes test(portable-text-editor): update refactored prop a4941ea
    Per-Kristian Nordnes refactor(portable-text-editor): change plugin callstack 304964b
    Knut Melvær refactor(import): improve error message on duplicate IDs d6d4351
    Liam Martens feat(language-filter): implement fallback component for language-filter (#3204) 75e75c5
    RitaDias fix(form-builder): fix the number input to accept decimal values when default (#3219) 31af95f
    Rune Botten chore: update license files (#3201) ecb0444
    Herman Wikner fix(default-layout): prevent changelog crash by filtering out entries without data to display b53b3e2
    Herman Wikner fix(default-layout): add missing link to changelog in github 517648e
    Per-Kristian Nordnes refactor(portable-text-editor): add API .delete mode + rename option value 205622f
    Per-Kristian Nordnes refactor(form-builder): update renamed option value for the PTE API 9858830
    Per-Kristian Nordnes fix(portable-text-editor): fix issue with merging blocks 33f3e4a
    Per-Kristian Nordnes fix(portable-text-editor): remove unused prop 13a1294
    Per-Kristian Nordnes refactor(portable-text-editor): export prop types for the PTE components d618119
    Per-Kristian Nordnes refactor(portable-text-editor): minor code enhancements cbca96c
    Per-Kristian Nordnes fix(portable-text-editor): remove orphaned markDefs when splitting block at start d8d0dbf
    RitaDias fix(form-builder) fix image resizing on initial load (#3196) bf66218
    radhe fix(core): emit reconnect on non-channel error in dataset copy job listener (#3167) d891474
    Per-Kristian Nordnes refactor(portable-text-editor): refactor mutation and patch handling b318626
    Espen Hovlandsdal feat(cli): allow selecting organization during project creation a114845
    Per-Kristian Nordnes fix(portable-text-editor): fix wrong type option sent to custom paste handler f746973
    Per-Kristian Nordnes fix(portable-text-editor): fix issues with insertion of data from custom paste handler 94a4e11
    Per-Kristian Nordnes test(example-studio): add updated config files 3212d3c
  • 2.29.2 - 2022-03-23

    Upgrade the Command Line Interface (CLI) with:

    npm install --global @ sanity/cli

    Upgrade Sanity Studio with:

    sanity upgrade

    🐛 Notable bugfixes

    • Fixes an issue where client configured with a token via part:@ sanity/base/configure-client would be reset.

    📓 Full changelog

    Author Message Commit
    Espen Hovlandsdal chore(deps): pin node-ipc to 9.2.0 e0d6a69
    Per-Kristian Nordnes fix(base): respect client already configured with token de12045
  • 2.29.1 - 2022-03-16

    Upgrade the Command Line Interface (CLI) with:

    npm install --global @ sanity/cli

    Upgrade Sanity Studio with:

    sanity upgrade

    🐛 Notable bugfixes

    • Fixes an issue with the v2.29.0 release that prevented the @ sanity/default-layout module from being installed

    📓 Full changelog

    Author Message Commit
    Per-Kristian Nordnes chore(default-layout): remove @ santy/base from devDeps as it's now a runtime dep 0ed8ab7
  • 2.29.0 - 2022-03-16

    Upgrade the Command Line Interface (CLI) with:

    npm install --global @ sanity/cli

    Upgrade Sanity Studio with:

    sanity upgrade

    ✨ Highlights

    New changelog dialog

    The Studio now has a new changelog dialog that features more in-depth information about the latest features and bugfixes.

    🐛 Notable bugfixes

    • Fixes an issue in array inputs where the input was disabled when dragging items within a Portable Text Editor

    📓 Full changelog

    Author Message Commit
    RitaDias fix(form-builder): fix hovering issue in PTE when within an array object (#3187) 59d458c
    Herman Wikner chore(default-layout): update dependencies 044416a
    Herman Wikner feat(default-layout): add update UI components 6b22ed6
    Herman Wikner feat(default-layout): add changelog to Navbar ce1a7bf
    Herman Wikner refactor(default-layout): remove studioStatus caad7d1
    Herman Wikner feat(base): add changelog typings to module-status 00e243d
    Herman Wikner chore(base): update dependencies cfbe491
  • 2.28.2 - 2022-03-10

    Upgrade Sanity Studio with:

    sanity upgrade

    🐛 Notable bugfixes

    • Fixes an issue where sanity exec would use an unauthenticated user session for the client

    📓 Full changelog

    Author Message Commit
    Espen Hovlandsdal fix(base): return empty auth token stream in non-browser env e70dde0
  • 2.28.1 - 2022-03-09
    Read more
  • 2.28.0 - 2022-03-08
    Read more
  • 2.27.4-x-dataset-refs.32 - 2022-03-07
  • 2.27.4-x-dataset-refs.29 - 2022-03-04
  • 2.27.4-x-dataset-refs.27 - 2022-03-04
  • 2.27.3 - 2022-03-03
  • 2.27.3-cookieless-auth.34 - 2022-03-01
  • 2.27.2 - 2022-03-01
  • 2.27.2-update-on-cookieless.34 - 2022-03-01
  • 2.27.1 - 2022-02-22
  • 2.27.1-x-dataset-refs.34 - 2022-02-23
  • 2.27.1-x-dataset-refs.30 - 2022-02-18
  • 2.27.1-updated-polyfil-client.18 - 2022-02-15
  • 2.27.1-updated-client-w-polyfill-2.18 - 2022-02-16
  • 2.27.1-updated-client-w-polyfill-1.18 - 2022-02-16
  • 2.27.1-updated-client-w-polyfill.18 - 2022-02-16
  • 2.27.1-token-login.29 - 2022-02-18
  • 2.27.1-token-login.28 - 2022-02-18
  • 2.27.1-token-login.20 - 2022-02-16
  • 2.27.1-token-login.19 - 2022-02-16
  • 2.27.1-new-cookieless.18 - 2022-02-16
  • 2.27.1-learna-test.2 - 2022-02-16
  • 2.27.1-eventsource-for-client.17 - 2022-02-15
  • 2.27.1-event-source-tag.17 - 2022-02-15
  • 2.27.1-event-source-polyfill.1 - 2022-02-10
  • 2.27.1-event-source-monorepo.17 - 2022-02-16
  • 2.27.1-cookieless-test.19 - 2022-02-16
  • 2.27.1-cookieless-tag.19 - 2022-02-16
  • 2.27.1-cookieless-t-test.20 - 2022-02-16
  • 2.27.1-client-update.18 - 2022-02-16
  • 2.27.0 - 2022-02-08
  • 2.26.1-purple-unicorn.560 - 2022-03-25
  • 2.26.0 - 2022-02-01
  • 2.25.5-next.6 - 2022-01-31
  • 2.25.4 - 2022-01-27
  • 2.25.3 - 2022-01-26
  • 2.25.2 - 2022-01-26
  • 2.25.1 - 2022-01-26
  • 2.25.1-feature-image-file-input-refactor.150 - 2022-01-24
  • 2.25.0 - 2022-01-19
  • 2.24.3-pte.128 - 2022-01-18
  • 2.24.3-new-image-file-input.118 - 2022-01-18
  • 2.24.1 - 2022-01-15
  • 2.24.1-pte.127 - 2022-01-14
  • 2.24.1-pte.115 - 2022-01-13
  • 2.24.1-pte.113 - 2022-01-13
  • 2.24.1-fix-graphql-deploy.6 - 2022-01-17
  • 2.24.0 - 2022-01-11
  • 2.23.5-next.19 - 2022-01-07
  • 2.23.5-fix-search-issue.1 - 2022-01-07
  • 2.23.4 - 2022-01-06
  • 2.23.4-pte.107 - 2022-01-05
  • 2.23.4-pte.102 - 2022-01-05
  • 2.23.4-pte.101 - 2022-01-05
  • 2.23.4-pte.99 - 2022-01-05
  • 2.23.4-pte.96 - 2022-01-05
  • 2.23.4-pte.95 - 2022-01-05
  • 2.23.3 - 2022-01-04
  • 2.23.3-next.35 - 2021-12-22
  • 2.23.3-next.34 - 2021-12-22
  • 2.23.3-next.4 - 2021-12-22
  • 2.23.3-field-groups.29 - 2021-12-22
  • 2.23.3-canary.84 - 2021-12-22
  • 2.23.3-canary.59 - 2021-12-20
  • 2.23.2 - 2021-12-17
  • 2.23.2-next.3 - 2021-12-16
  • 2.23.2-canary.28 - 2021-12-15
  • 2.23.1 - 2021-12-14
  • 2.23.1-next.10 - 2021-12-13
  • 2.23.0 - 2021-12-08
  • 2.22.6-next.121 - 2021-12-08
  • 2.22.6-next.104 - 2021-12-07
  • 2.22.6-next.102 - 2021-12-07
  • 2.22.6-field-groups.141 - 2021-12-08
  • 2.22.6-field-groups.125 - 2021-12-07
  • 2.22.6-field-groups.103 - 2021-12-07
  • 2.22.5 - 2021-12-06
  • 2.22.5-reference-updates.85 - 2021-12-03
  • 2.22.4-reference-updates.58 - 2021-11-30
  • 2.22.3 - 2021-11-30
  • 2.22.3-reference-updates.90 - 2021-11-26
  • 2.22.3-reference-updates.79 - 2021-11-25
  • 2.22.3-reference-updates.73 - 2021-11-25
  • 2.22.3-reference-updates.54 - 2021-11-23
  • 2.22.3-next.5 - 2021-11-25
  • 2.22.2 - 2021-11-18
  • 2.22.1 - 2021-11-16
  • 2.22.0 - 2021-11-16
  • 2.21.12-shopify.7 - 2021-11-12
  • 2.21.12-shopify.6 - 2021-11-10
  • 2.21.12-purple-unicorn.1418 - 2022-03-29
  • 2.21.12-purple-unicorn.1417 - 2022-03-29
  • 2.21.12-purple-unicorn.1365 - 2022-03-25
  • 2.21.12-purple-unicorn.1364 - 2022-03-25
  • 2.21.12-purple-unicorn.1349 - 2022-03-22
  • 2.21.12-purple-unicorn.1305 - 2022-03-21
  • 2.21.12-purple-unicorn.1302 - 2022-03-21
  • 2.21.12-purple-unicorn.1300 - 2022-03-21
  • 2.21.11-reference-updates.62 - 2021-11-10
  • 2.21.10 - 2021-11-09
  • 2.21.10-shopify.5 - 2021-11-08
  • 2.21.10-shopify.4 - 2021-11-05
  • 2.21.10-pte-sanity-ui.285 - 2021-11-04
  • 2.21.9 - 2021-11-02
  • 2.21.9-pte-sanity-ui.235 - 2021-11-02
  • 2.21.8-reference-updates.30 - 2021-10-29
  • 2.21.8-reference-updates.28 - 2021-10-27
  • 2.21.8-reference-updates.27 - 2021-10-27
  • 2.21.8-reference-updates.26 - 2021-10-27
  • 2.21.8-reference-updates.21 - 2021-10-27
  • 2.21.8-canary.4 - 2021-10-27
  • 2.21.7 - 2021-10-26
  • 2.21.6 - 2021-10-21
  • 2.21.5 - 2021-10-19
  • 2.21.5-fix-annotation-remove-bug.7 - 2021-10-19
  • 2.21.4 - 2021-10-15
  • 2.21.3 - 2021-10-14
  • 2.21.2 - 2021-10-08
  • 2.21.1 - 2021-10-07
  • 2.21.1-canary.2 - 2021-10-07
  • 2.21.0 - 2021-10-06
  • 2.20.1-canary.190 - 2021-10-05
  • 2.20.1-canary.151 - 2021-09-29
  • 2.20.1-canary.150 - 2021-09-28
  • 2.20.1-canary.148 - 2021-09-28
  • 2.20.1-canary.146 - 2021-09-28
  • 2.20.1-canary.143 - 2021-09-27
  • 2.20.1-canary.140 - 2021-09-27
  • 2.20.1-canary.122 - 2021-09-23
  • 2.20.1-canary.121 - 2021-09-23
  • 2.20.1-canary.117 - 2021-09-22
  • 2.20.1-canary.114 - 2021-09-22
  • 2.20.1-canary.113 - 2021-09-22
  • 2.20.0 - 2021-09-20
  • 2.19.4 - 2021-09-17
  • 2.19.3 - 2021-09-16
  • 2.19.1-canary.1 - 2021-09-13
  • 2.19.0 - 2021-09-13
  • 2.18.1-pane-components.148 - 2021-09-10
  • 2.18.1-pane-components.147 - 2021-09-10
  • 2.18.1-pane-components.134 - 2021-09-10
  • 2.18.1-pane-components.126 - 2021-09-09
  • 2.18.1-pane-components.125 - 2021-09-09
  • 2.18.1-pane-components.121 - 2021-09-09
  • 2.18.1-canary.9 - 2021-09-07
  • 2.18.0 - 2021-09-07
  • 2.17.3-styled-peer-dep.18 - 2021-09-04
  • 2.17.3-canary.0 - 2021-09-03
  • 2.17.2 - 2021-08-31
  • 2.17.1 - 2021-08-27
  • 2.17.0 - 2021-08-25
  • 2.16.1 - 2021-08-24
  • 2.16.0 - 2021-08-24
  • 2.15.3-pt-search.20 - 2021-08-23
  • 2.15.3-pt-search.19 - 2021-08-23
  • 2.15.3-conditional-fields.39 - 2021-08-24
  • 2.15.2 - 2021-08-19
  • 2.15.2-fix-sparkline.9 - 2021-08-19
  • 2.15.2-conditional-fields.22 - 2021-08-18
  • 2.15.1 - 2021-08-18
  • 2.15.1-canary.4 - 2021-08-18
  • 2.15.0 - 2021-08-17
  • 2.14.1-conditional-fields.64 - 2021-08-13
  • 2.14.1-canary.36 - 2021-08-11
  • 2.14.1-canary.4 - 2021-08-11
  • 2.14.0 - 2021-08-11
  • 2.13.2-ts-improvements.64 - 2021-08-10
  • 2.13.2-conditional-fields.29 - 2021-08-03
  • 2.13.2-canary.13 - 2021-07-29
  • 2.13.2-canary.9 - 2021-07-29
  • 2.13.2-canary.7 - 2021-07-27
  • 2.13.1 - 2021-07-20
  • 2.13.0 - 2021-07-15
  • 2.12.3-rc.0 - 2021-07-15
  • 2.12.3-doc-inspect-fix.12 - 2021-07-07
  • 2.12.3-custom-webpack.2 - 2021-06-25
  • 2.12.2 - 2021-06-23
  • 2.12.1 - 2021-06-22
  • 2.12.0 - 2021-06-21
  • 2.11.3-canary.6 - 2021-06-18
  • 2.11.3-block-tools-var-fix.4 - 2021-06-17
  • 2.11.2 - 2021-06-15
  • 2.11.1 - 2021-06-12
  • 2.11.0 - 2021-06-11
  • 2.10.6-roles-aware-studio.38 - 2021-06-02
  • 2.10.5 - 2021-05-24
  • 2.10.5-depcheck-canary.5 - 2021-05-21
  • 2.10.4 - 2021-05-17
  • 2.10.3 - 2021-05-17
  • 2.10.2 - 2021-05-03
from @sanity/desk-tool GitHub release notes
Commit messages
Package name: @sanity/desk-tool
  • 8edf344 v2.29.4
  • 9dfa82a chore(dev): upgrade sanity-plugin-mux-input to 1.1.1
  • 4706e08 fix(portable-text-editor): fix pasted plain text normalization issue
  • 4fca56a fix(portable-text-editor): fix order of outer plugin stack
  • 01422a8 v2.29.3
  • 3212d3c test(example-studio): add updated config files
  • 94a4e11 fix(portable-text-editor): fix issues with insertion of data from custom paste handler
  • f746973 fix(portable-text-editor): fix wrong type option sent to custom paste handler
  • a114845 feat(cli): allow selecting organization during project creation
  • b318626 refactor(portable-text-editor): refactor mutation and patch handling
  • d891474 fix(core): emit reconnect on non-channel error in dataset copy job listener (#3167)
  • bf66218 fix(form-builder) fix image resizing on initial load (#3196)
  • d8d0dbf fix(portable-text-editor): remove orphaned markDefs when splitting block at start
  • cbca96c refactor(portable-text-editor): minor code enhancements
  • d618119 refactor(portable-text-editor): export prop types for the PTE components
  • 13a1294 fix(portable-text-editor): remove unused prop
  • 33f3e4a fix(portable-text-editor): fix issue with merging blocks
  • 9858830 refactor(form-builder): update renamed option value for the PTE API
  • 205622f refactor(portable-text-editor): add API .delete mode + rename option value
  • 517648e fix(default-layout): add missing link to changelog in github
  • b53b3e2 fix(default-layout): prevent changelog crash by filtering out entries without data to display
  • ecb0444 chore: update license files (#3201)
  • 31af95f fix(form-builder): fix the number input to accept decimal values when default (#3219)
  • 75e75c5 feat(language-filter): implement fallback component for language-filter (#3204)

Compare

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

@vercel
Copy link

vercel bot commented Apr 26, 2022
edited
Loading

This pull request is being automatically deployed with Vercel (learn more).
To see the status of your deployment, click below or on the icon next to each commit.

🔍 Inspect: https://vercel.com/shericodes/designo-gatsby-sanity/49ZE2zAoaM4x6eAPLm49AATEKNHB
✅ Preview: https://designo-gatsby-sanity-git-snyk-upgrade-ad97c4-3d9ad7-shericodes.vercel.app

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@snyk-bot