Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Snyk] Upgrade: , lit-element, , , , , , , , , , , , , , , , chai, dom5, dot-prop-immutable, escodegen, espree, eslint, eslint-config-google, eslint-plugin-html, karma, karma-chrome-launcher, karma-coverage, karma-mocha, karma-sourcemap-loader, karma-webpack, mocha, puppeteer, redux, sinon, webpack, webpack-command #10

Open
wants to merge 1 commit into
base: main
Choose a base branch
from

Conversation

snyk-io[bot]
Copy link

@snyk-io snyk-io bot commented Sep 17, 2024

snyk-top-banner

Snyk has created this PR to upgrade multiple dependencies.

👯 The following dependencies are linked and will therefore be updated together.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

⚠️ Warning: This PR contains major version upgrade(s), and may be a breaking change.

Name Versions Released on

@chopsui/batch-iterator
from 0.1.0 to 0.3.6 | 9 versions ahead of your current version | a year ago
on 2023-06-27
lit-element
from 2.1.0 to 4.1.0 | 44 versions ahead of your current version
⚠️ This is a major version upgrade, and may be a breaking change | a month ago
on 2024-08-05
@chopsui/chops-button
from 0.1.11 to 0.3.6 | 9 versions ahead of your current version | a year ago
on 2023-06-27
@chopsui/chops-checkbox
from 0.1.11 to 0.3.6 | 9 versions ahead of your current version | a year ago
on 2023-06-27
@chopsui/chops-header
from 0.1.5 to 0.3.6 | 10 versions ahead of your current version | a year ago
on 2023-06-27
@chopsui/chops-input
from 0.1.11 to 0.3.6 | 9 versions ahead of your current version | a year ago
on 2023-06-27
@chopsui/chops-loading
from 0.1.11 to 0.3.6 | 9 versions ahead of your current version | a year ago
on 2023-06-27
@chopsui/chops-radio
from 0.1.11 to 0.3.6 | 9 versions ahead of your current version | a year ago
on 2023-06-27
@chopsui/chops-radio-group
from 0.1.11 to 0.3.6 | 9 versions ahead of your current version | a year ago
on 2023-06-27
@chopsui/chops-signin
from 0.1.5 to 0.3.6 | 10 versions ahead of your current version | a year ago
on 2023-06-27
@chopsui/chops-switch
from 0.1.11 to 0.3.6 | 9 versions ahead of your current version | a year ago
on 2023-06-27
@chopsui/chops-tab
from 0.1.11 to 0.3.6 | 9 versions ahead of your current version | a year ago
on 2023-06-27
@chopsui/chops-tab-bar
from 0.1.11 to 0.3.6 | 9 versions ahead of your current version | a year ago
on 2023-06-27
@chopsui/chops-textarea
from 0.1.11 to 0.3.6 | 9 versions ahead of your current version | a year ago
on 2023-06-27
@chopsui/result-channel
from 0.1.0 to 0.3.6 | 9 versions ahead of your current version | a year ago
on 2023-06-27
@chopsui/tsmon-client
from 0.0.1 to 1.0.1 | 2 versions ahead of your current version
⚠️ This is a major version upgrade, and may be a breaking change | 5 years ago
on 2019-06-04
@polymer/polymer
from 3.2.0 to 3.5.1 | 6 versions ahead of your current version | 2 years ago
on 2022-06-03
chai
from 4.2.0 to 5.1.1 | 23 versions ahead of your current version
⚠️ This is a major version upgrade, and may be a breaking change | 4 months ago
on 2024-05-09
dom5
from 1.3.6 to 3.0.1 | 7 versions ahead of your current version
⚠️ This is a major version upgrade, and may be a breaking change | 6 years ago
on 2018-06-28
dot-prop-immutable
from 1.5.0 to 2.1.1 | 4 versions ahead of your current version
⚠️ This is a major version upgrade, and may be a breaking change | 3 years ago
on 2021-07-17
escodegen
from 1.11.0 to 2.1.0 | 10 versions ahead of your current version
⚠️ This is a major version upgrade, and may be a breaking change | a year ago
on 2023-06-29
espree
from 3.5.4 to 10.1.0 | 39 versions ahead of your current version
⚠️ This is a major version upgrade, and may be a breaking change | 3 months ago
on 2024-06-17
eslint
from 4.19.1 to 9.9.1 | 176 versions ahead of your current version
⚠️ This is a major version upgrade, and may be a breaking change | 25 days ago
on 2024-08-23
eslint-config-google
from 0.6.0 to 0.14.0 | 11 versions ahead of your current version | 5 years ago
on 2019-09-02
eslint-plugin-html
from 4.0.5 to 8.1.1 | 21 versions ahead of your current version
⚠️ This is a major version upgrade, and may be a breaking change | 5 months ago
on 2024-04-22
karma
from 4.1.0 to 6.4.4 | 55 versions ahead of your current version
⚠️ This is a major version upgrade, and may be a breaking change | 2 months ago
on 2024-07-29
karma-chrome-launcher
from 2.2.0 to 3.2.0 | 4 versions ahead of your current version
⚠️ This is a major version upgrade, and may be a breaking change | a year ago
on 2023-04-20
karma-coverage
from 1.1.2 to 2.2.1 | 8 versions ahead of your current version
⚠️ This is a major version upgrade, and may be a breaking change | a year ago
on 2023-06-23
karma-mocha
from 1.3.0 to 2.0.1 | 2 versions ahead of your current version
⚠️ This is a major version upgrade, and may be a breaking change | 4 years ago
on 2020-04-29
karma-sourcemap-loader
from 0.3.7 to 0.4.0 | 2 versions ahead of your current version | 2 years ago
on 2023-02-05
karma-webpack
from 4.0.0-rc.6 to 5.0.1 | 12 versions ahead of your current version
⚠️ This is a major version upgrade, and may be a breaking change | 8 months ago
on 2024-02-01
mocha
from 5.2.0 to 10.7.3 | 58 versions ahead of your current version
⚠️ This is a major version upgrade, and may be a breaking change | a month ago
on 2024-08-09
puppeteer
from 1.15.0 to 23.2.0 | 263 versions ahead of your current version
⚠️ This is a major version upgrade, and may be a breaking change | 22 days ago
on 2024-08-26
redux
from 4.0.1 to 5.0.1 | 23 versions ahead of your current version
⚠️ This is a major version upgrade, and may be a breaking change | 9 months ago
on 2023-12-23
sinon
from 7.3.2 to 18.0.0 | 52 versions ahead of your current version
⚠️ This is a major version upgrade, and may be a breaking change | 4 months ago
on 2024-05-15
webpack
from 4.23.1 to 5.94.0 | 299 versions ahead of your current version
⚠️ This is a major version upgrade, and may be a breaking change | a month ago
on 2024-08-22
webpack-command
from 0.4.1 to 0.5.1 | 3 versions ahead of your current version | 3 years ago
on 2021-04-01

Issues fixed by the recommended upgrade:

Issue Score Exploit Maturity
high severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-ACORN-559469
115 No Known Exploit
high severity Prototype Pollution
SNYK-JS-ASYNC-2441827
115 Proof of Concept
high severity Uncontrolled resource consumption
SNYK-JS-BRACES-6838727
115 Proof of Concept
high severity Prototype Pollution
SNYK-JS-LODASH-450202
115 Proof of Concept
high severity Prototype Pollution
SNYK-JS-LODASH-567746
115 Proof of Concept
high severity Denial of Service (DoS)
SNYK-JS-ENGINEIO-3136336
115 No Known Exploit
high severity Improper Verification of Cryptographic Signature
SNYK-JS-BROWSERIFYSIGN-6037026
115 No Known Exploit
high severity Denial of Service (DoS)
SNYK-JS-DECODEURICOMPONENT-3149970
115 Proof of Concept
high severity Improper Input Validation
SNYK-JS-FOLLOWREDIRECTS-6141137
115 Proof of Concept
high severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-GETFUNCNAME-5923417
115 Proof of Concept
medium severity Uncontrolled Resource Consumption ('Resource Exhaustion')
SNYK-JS-TAR-6476909
115 Proof of Concept
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-UGLIFYJS-1727251
115 No Known Exploit
critical severity Incomplete List of Disallowed Inputs
SNYK-JS-BABELTRAVERSE-5962462
115 Proof of Concept
high severity Prototype Pollution
SNYK-JS-HANDLEBARS-469063
115 No Known Exploit
high severity Denial of Service (DoS)
SNYK-JS-HANDLEBARS-480388
115 No Known Exploit
high severity Remote Code Execution (RCE)
SNYK-JS-HANDLEBARS-1056767
115 Proof of Concept
high severity Arbitrary Code Execution
SNYK-JS-HANDLEBARS-534478
115 Proof of Concept
high severity Cryptographic Issues
SNYK-JS-ELLIPTIC-571484
115 Proof of Concept
high severity Denial of Service (DoS)
SNYK-JS-ENGINEIO-1056749
115 Proof of Concept
high severity Prototype Pollution
SNYK-JS-LODASH-608086
115 Proof of Concept
high severity Prototype Pollution
SNYK-JS-LODASH-6139239
115 Proof of Concept
high severity Code Injection
SNYK-JS-LODASH-1040724
115 Proof of Concept
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-WS-1296835
115 Proof of Concept
medium severity Prototype Pollution
SNYK-JS-MINIMIST-559764
115 Proof of Concept
medium severity Insecure Defaults
SNYK-JS-SOCKETIO-1024859
115 Proof of Concept
medium severity Prototype Pollution
SNYK-JS-DOTPROP-543489
115 Proof of Concept
medium severity Cryptographic Issues
SNYK-JS-ELLIPTIC-1064899
115 No Known Exploit
medium severity Information Exposure
SNYK-JS-FOLLOWREDIRECTS-2332181
115 Proof of Concept
medium severity Information Exposure
SNYK-JS-FOLLOWREDIRECTS-6444610
115 Proof of Concept
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-GLOBPARENT-1016905
115 Proof of Concept
medium severity Prototype Pollution
SNYK-JS-HANDLEBARS-1279029
115 Proof of Concept
medium severity Prototype Pollution
SNYK-JS-HANDLEBARS-567742
115 Proof of Concept
medium severity Denial of Service (DoS)
SNYK-JS-HTTPPROXY-569139
115 Proof of Concept
medium severity Man-in-the-Middle (MitM)
SNYK-JS-HTTPSPROXYAGENT-469131
115 Proof of Concept
medium severity Timing Attack
SNYK-JS-ELLIPTIC-511941
115 No Known Exploit
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-LODASH-1018905
115 Proof of Concept
medium severity Information Exposure
SNYK-JS-LOG4JS-2348757
115 No Known Exploit
low severity Prototype Pollution
SNYK-JS-MINIMIST-2429795
115 Proof of Concept
low severity Information Exposure
SNYK-JS-FOLLOWREDIRECTS-2396346
115 No Known Exploit
critical severity Prototype Pollution
SNYK-JS-HANDLEBARS-534988
115 No Known Exploit
critical severity Improper Verification of Cryptographic Signature
SNYK-JS-ELLIPTIC-7577916
115 Proof of Concept
critical severity Improper Verification of Cryptographic Signature
SNYK-JS-ELLIPTIC-7577917
115 Proof of Concept
critical severity Improper Verification of Cryptographic Signature
SNYK-JS-ELLIPTIC-7577918
115 Proof of Concept
high severity Inefficient Regular Expression Complexity
SNYK-JS-MICROMATCH-6838728
115 No Known Exploit
high severity Prototype Pollution
SNYK-JS-MIXINDEEP-450212
115 Proof of Concept
high severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-MOCHA-2863123
115 No Known Exploit
high severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-MOCHA-561476
115 No Known Exploit
high severity Prototype Pollution
SNYK-JS-INI-1048974
115 Proof of Concept
high severity Code Injection
SNYK-JS-LODASH-1040724
115 Proof of Concept
high severity Prototype Pollution
SNYK-JS-UNSETVALUE-2400660
115 No Known Exploit
high severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-USERAGENT-174737
115 No Known Exploit
high severity Path Traversal
SNYK-JS-WEBPACKDEVMIDDLEWARE-6476555
115 Proof of Concept
high severity Denial of Service (DoS)
SNYK-JS-WS-7266574
115 Proof of Concept
high severity Cross-site Scripting (XSS)
SNYK-JS-SERIALIZEJAVASCRIPT-536840
115 No Known Exploit
high severity Arbitrary Code Injection
SNYK-JS-SERIALIZEJAVASCRIPT-570062
115 Proof of Concept
high severity Cross-site Scripting (XSS)
SNYK-JS-SERIALIZEJAVASCRIPT-6056521
115 No Known Exploit
high severity Prototype Pollution
SNYK-JS-SETVALUE-1540541
115 Proof of Concept
high severity Prototype Pollution
SNYK-JS-SETVALUE-450213
115 Proof of Concept
high severity Prototype Pollution
SNYK-JS-SETVALUE-1540541
115 Proof of Concept
high severity Prototype Pollution
SNYK-JS-SETVALUE-450213
115 Proof of Concept
high severity Denial of Service (DoS)
SNYK-JS-WS-7266574
115 Proof of Concept
high severity Arbitrary Code Injection
SNYK-JS-XMLHTTPREQUESTSSL-1082936
115 Proof of Concept
high severity Access Restriction Bypass
SNYK-JS-XMLHTTPREQUESTSSL-1255647
115 Proof of Concept
high severity Prototype Pollution
SNYK-JS-Y18N-1021887
115 Proof of Concept
high severity Denial of Service (DoS)
SNYK-JS-SOCKETIOPARSER-1056752
115 Proof of Concept
high severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-SSRI-1246392
115 Proof of Concept
high severity Arbitrary File Overwrite
SNYK-JS-TAR-1536528
115 No Known Exploit
high severity Arbitrary File Overwrite
SNYK-JS-TAR-1536531
115 No Known Exploit
high severity Arbitrary File Write
SNYK-JS-TAR-1579147
115 No Known Exploit
high severity Arbitrary File Write
SNYK-JS-TAR-1579152
115 No Known Exploit
high severity Arbitrary File Write
SNYK-JS-TAR-1579155
115 No Known Exploit
medium severity Prototype Pollution
SNYK-JS-MINIMIST-559764
115 Proof of Concept
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-PATHTOREGEXP-7925106
115 Proof of Concept
medium severity Prototype Pollution
SNYK-JS-PATHVAL-596926
115 Proof of Concept
medium severity Cross-site Scripting (XSS)
SNYK-JS-KARMA-2395349
115 Proof of Concept
medium severity Open Redirect
SNYK-JS-KARMA-2396325
115 No Known Exploit
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-LODASH-1018905
115 Proof of Concept
medium severity Cross-site Scripting (XSS)
SNYK-JS-WEBPACK-7840298
115 Proof of Concept
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-WS-1296835
115 Proof of Concept
medium severity Cross-site Scripting (XSS)
SNYK-JS-SERIALIZEJAVASCRIPT-6147607
115 Proof of Concept
low severity Prototype Pollution
SNYK-JS-MINIMIST-2429795
115 Proof of Concept
low severity Validation Bypass
SNYK-JS-KINDOF-537849
115 Proof of Concept
low severity Regular Expression Denial of Service (ReDoS)
npm:debug:20170905
115 Proof of Concept
low severity Regular Expression Denial of Service (ReDoS)
npm:debug:20170905
115 Proof of Concept
critical severity Improper Input Validation
SNYK-JS-SOCKETIOPARSER-3091012
115 No Known Exploit
low severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-TAR-1536758
115 No Known Exploit
Release notes
Package name: lit-element
  • 4.1.0 - 2024-08-05
  • 4.0.6 - 2024-06-04
  • 4.0.5 - 2024-04-15
  • 4.0.4 - 2024-01-31
  • 4.0.3 - 2024-01-09
  • 4.0.2 - 2023-11-16
  • 4.0.1 - 2023-10-28
  • 4.0.0 - 2023-10-10
  • 4.0.0-pre.1 - 2023-09-29
  • 4.0.0-pre.0 - 2023-04-27
  • 3.3.3 - 2023-08-02
  • 3.3.2 - 2023-04-26
  • 3.3.1 - 2023-04-03
  • 3.3.0 - 2023-03-22
  • 3.2.3-next.1 - 2022-07-25
  • 3.2.3-next.0 - 2022-07-25
  • 3.2.2 - 2022-07-22
  • 3.2.1 - 2022-06-29
  • 3.2.0 - 2022-02-18
  • 3.1.2 - 2022-01-25
  • 3.1.1 - 2022-01-06
  • 3.1.0 - 2022-01-05
  • 3.0.2 - 2021-11-09
  • 3.0.1 - 2021-10-07
  • 3.0.0 - 2021-09-21
  • 3.0.0-rc.4 - 2021-09-03
  • 3.0.0-rc.3 - 2021-08-19
  • 3.0.0-rc.2 - 2021-05-07
  • 3.0.0-rc.1 - 2021-04-21
  • 3.0.0-pre.4 - 2021-03-31
  • 3.0.0-pre.3 - 2021-02-12
  • 3.0.0-pre.2 - 2020-12-17
  • 3.0.0-pre.1 - 2020-09-22
  • 2.5.1 - 2021-05-06
  • 2.5.0 - 2021-04-30
  • 2.4.0 - 2020-08-19
  • 2.4.0-pre.3 - 2020-08-14
  • 2.4.0-pre.2 - 2020-08-14
  • 2.4.0-pre.1 - 2020-08-13
  • 2.3.1 - 2020-03-20
  • 2.3.0 - 2020-03-18
  • 2.3.0-pre.1 - 2020-03-17
  • 2.2.1 - 2019-07-24
  • 2.2.0 - 2019-06-11
  • 2.1.0 - 2019-03-21
from lit-element GitHub release notes
Package name: @polymer/polymer
  • 3.5.1 - 2022-06-03

    3.5.1

  • 3.5.0 - 2022-05-18

    3.5.0

  • 3.4.1 - 2020-04-30
    • [ci skip] bump to 3.4.1 (commit)

    • Add type for DomApiNative's setAttribute method. (commit)

    • Remove gen-typescript-declarations; manually add LegacyElementMixin's setAttribute type. (commit)

    • Remove "DO NOT EDIT" warning comments. (commit)

    • Track TypeScript declarations. (commit)

    • Update Closure types for overridden setAttribute in LegacyElementMixin. (commit)

    • Add method / parameter descriptions. (commit)

    • Fix TypeScript breakages by specifying types for overridden setAttribute and getAttribute. (commit)

    • Add complete commit list for v3.4.0 (commit)

    • Fix a couple more compiler warnings (commit)

    • Typos and other minor changes. (commit)

    • Add a note about a bug fix for chunking. (commit)

    • Add useAdoptedStyleSheetsWithBuiltCSS section. (commit)

    • Add setters to settings titles. (commit)

    • Add a note about orderedComputed and cycles. (commit)

    • Add example of overriding suppressTemplateNotifications via notify-dom-change. (commit)

    • Add a section about automatic use of constructable stylesheets. (commit)

    • Add "Other new features" section for reuseChunkedInstances and LegacyElementMixin's built-in disable-upgrade support. (commit)

    • Added notes for fastDomIf, removeNestedTemplates, suppressNestedTemplates, and suppressTemplateNotifications. (commit)

    • Started on release notes for legacyUndefined, legacyWarnings, orderedComputed. (...) (commit)

    • Remove unused externs. (commit)

    v3.4.0...v3.4.1

  • 3.4.0 - 2020-04-27

    New global settings

    This update to Polymer includes some new global settings:

    • legacyUndefined / setLegacyUndefined

      What does it do? This setting reverts how computed properties handle undefined values to the Polymer 1 behavior: when enabled, computed properties will only be recomputed if none of their dependencies are undefined.

      Components can override the global setting by setting their _overrideLegacyUndefined property to true. This is useful for reenabling the default behavior as you migrate individual components:

      import {PolymerElement, html} from '@ polymer/polymer/polymer-element.js';
      class MigratedElement extends PolymerElement { /* ... */ }
      // All MigratedElement instances will use the default behavior.
      MigratedElement.prototype._overrideLegacyUndefined = true;
      customElements.define('migrated-element', SomeElement);

      Should I use it? This setting should only be used for migrating legacy codebases that depend on this behavior and is otherwise not recommended.

    • legacyWarnings / setLegacyWarnings

      What does it do? This setting causes Polymer to warn if a component's template contains bindings to properties that are not listed in that element's properties block. For example:

      import {PolymerElement, html} from '@ polymer/polymer/polymer-element.js';
      class SomeElement extends PolymerElement {
        static get template() {
          return html`<span>[[someProperty]] is used here</span>`;
        }
        static get properties() {
          return { /* but `someProperty` is not declared here */ };
        }
      }
      customElements.define('some-element', SomeElement);

      Only properties explicitly declared in the properties block are associated with an attribute and update when that attribute changes. Enabling this setting will show you where you might have forgotten to declare properties.

      Should I use it? Consider using this feature during development but don't enable it in production.

    • orderedComputed / setOrderedComputed

      What does it do? This setting causes Polymer to topologically sort each component's computed properties graph when the class is initialized and uses that order whenever computed properties are run.

      For example:

      import {PolymerElement, html} from '@ polymer/polymer/polymer-element.js';
      class SomeElement extends PolymerElement {
        static get properties() {
          return {
            a: {type: Number, value: 0},
            b: {type: Number, computed: 'computeB(a)'},
            c: {type: Number, computed: 'computeC(a, b)'},
          };
        }
        computeB(a) {
          console.log('Computing b...');
          return a + 1;
        }
        computeC(a, b) {
          console.log('Computing c...');
          return (a + b) * 2;
        }
      }
      customElements.define('some-element', SomeElement);

      When a changes, Polymer's default behavior does not specify the order in which its dependents will run. Given that both b and c depend directly on a, one of two possible orders could occur: [computeB, computeC] or [computeC, computeB].

      • In the first case - [computeB, computeC] - computeB is run with the new value of a and produces a new value for b. Then, computeC is run with both the new values of a and b to produce c.

      • In the second case - [computeC, computeB] - computeC is run first with the new value of a and the current value of b to produce c. Then, computeB is run with the new value of a to produce b. If computeB changed the value of b then computeC will be run again, with the new values of both a and b to produce the final value of c.

      However, with orderedComputed enabled, the computed properties would have been previously sorted into [computeB, computeC], so updating a would cause them to run specifically in that order.

      If your component's computed property graph contains cycles, the order in which they are run when using orderedComputed is still undefined.

      Should I use it? The value of this setting depends on how your computed property functions are implemented. If they are pure and relatively inexpensive, you shouldn't need to enable this feature. If they have side effects that would make the order in which they are run important or are expensive enough that it would be a problem to run them multiple times for a property update, consider enabling it.

    • fastDomIf / setFastDomIf

      What does it do? This setting enables a different implementation of <dom-if> that uses its host element's template stamping facilities (provided as part of PolymerElement) rather than including its own. This setting can help with performance but comes with a few caveats:

      • First, fastDomIf requires that every <dom-if> is in the shadow root of a Polymer element: you can't use a <dom-if> directly in the main document or inside a shadow root of an element that doesn't extend PolymerElement.

      • Second, because the fastDomIf implementation of <dom-if> doesn't include its own template stamping features, it doesn't create its own scope for property effects. This means that any properties you were previously setting on the <dom-if> will no longer be applied within its template, only properties of the host element are available.

      Should I use it? This setting is recommended as long as your app doesn't use <dom-if> as described in the section above.

    • removeNestedTemplates / setRemoveNestedTemplates

      What does it do? This setting causes Polymer to remove the child <template> elements used by <dom-if> and <dom-repeat> from the their containing templates. This can improve the performance of cloning your component's template when new instances are created.

      Should I use it? This setting is generally recommended.

    • suppressTemplateNotifications / setSuppressTemplateNotifications

      What does it do? This setting causes <dom-if> and <dom-repeat> not to dispatch dom-change events when their rendered content is updated. If you're using lots of <dom-if> and <dom-repeat> but not listening for these events, this setting lets you disable them and their associated dispatch work.

      You can override the global setting for an individual <dom-if> or <dom-repeat> by setting its notify-dom-change boolean attribute:

      import {PolymerElement, html} from '@ polymer/polymer/polymer-element.js';
      class SomeElement extends PolymerElement {
        static get properties() {
          return {
            visible: {type: Boolean, value: false},
          };
        }
        static get template() {
          return html`
            <button on-click="_toggle">Toggle</button>
            <!-- Set notify-dom-change to enable dom-change events for this particular <dom-if>. -->
            <dom-if if="[[visible]]" notify-dom-change on-dom-change="_onDomChange">
              <template>
                Hello!
              </template>
            </dom-if>
          `;
        }
        _toggle() {
          this.visible = !this.visible;
        }
        _onDomChange(e) {
          console.log("Received 'dom-change' event.");
        }
      }
      customElements.define('some-element', SomeElement);

      Should I use it? This setting is generally recommended.

    • legacyNoObservedAttributes / setLegacyNoObservedAttributes

      What does it do? This setting causes LegacyElementMixin not to use the browser's built-in mechanism for informing elements of attribute changes (i.e. observedAttributes and attributeChangedCallback), which lets Polymer skip computing the list of attributes it tells the browser to observe. Instead, LegacyElementMixin simulates this behavior by overriding attribute APIs on the element and calling attributeChangedCallback itself.

      This setting has similar API restrictions to those of the custom elements polyfill. You should only use the element's setAttribute and removeAttribute methods to modify attributes: using (e.g.) the element's attributes property to modify its attributes is not supported with legacyNoObservedAttributes and won't properly trigger attributeChangedCallback or any property effects.

      Components can override the global setting by setting their _legacyForceObservedAttributes property to true. This property's effects occur at startup; it won't have any effect if modified at runtime and should be set in the class definition.

      Should I use it? This setting should only be used if startup time is significantly affected by Polymer's class initialization work - for example, if you have a large number of components being loaded but are only instantiating a small subset of them. Otherwise, this setting is not recommended.

    • useAdoptedStyleSheetsWithBuiltCSS / setUseAdoptedStyleSheetsWithBuiltCSS

      What does it do? If your application is uses pre-built Shady CSS styles and your browser supports constructable stylesheet objects, this setting will cause Polymer to extract all <style> elements from your components' templates, join them into a single stylesheet, and share this stylesheet with all instances of the component using their shadow roots' adoptedStyleSheets array. This setting may improve your components' memory usage and performance depending on how many instances you create and how large their style sheets are.

      Should I use it? Consider using this setting if your app already uses pre-built Shady CSS styles. Note that position-dependent CSS selectors (e.g. containing :nth-child()) may become unreliable for siblings of your components' styles as a result of runtime-detected browser support determining if styles are removed from your components' shadow roots.

    Other new features

    <dom-repeat>

    • reuseChunkedInstances

      What does it do? This boolean property causes <dom-repeat> to reuse template instances even when items is replaced with a new array, matching the Polymer 1 behavior.

      By default, a <dom-repeat> with chunking enabled (i.e. initialCount >= 0) will drop all previously rendered template instances and create new ones whenever the items array is replaced. With reuseChunkedInstances set, any previously rendered template instances will instead be repopulated with data from the new array before new instances are created.

      Should I use it? This flag is generally recommended and can improve rendering performance of chunked <dom-repeat> instances with live data.

    LegacyElementMixin

    • disable-upgrade

      What does it do? LegacyElementMixin now has built-in support for the disable-upgrade attribute (usually provided by DisableUpgradeMixin) that becomes active when the global legacyOptimizations setting is enabled, matching the Polymer 1 behavior.

      Should I use it? Consider using this setting if you are already using the legacyOptimizations setting and migrating older components that depend on disable-upgrade without explicit application of DisableUpgradeMixin.

    Bug fixes

    <dom-repeat>

    • Chunking behavior

      <dom-repeat> no longer resets the number of rendered instances to initialCount when modifying items with PolymerElement's array modification methods (splice, push, etc.). The number of rendered instances will only be reset to initialCount if the items array itself is replaced with a new array object.

      See #5631 for more information.

    All commits

    • [ci skip] bump to 3.4.0 (commit)

    • shareBuiltCSSWithAdoptedStyleSheets -> useAdoptedStyleSheetsWithBuiltCSS (commit)

    • formatting (commit)

    • Fix incorrect JSDoc param name. (commit)

    • Gate feature behind shareBuiltCSSWithAdoptedStyleSheets; update tests. (commit)

    • Add shareBuiltCSSWithAdoptedStyleSheets global setting (commit)

    • Add stalebot config (commit)

    • Annotate more return types as !defined (#5642) (commit)

    • Ensure any previously enqueued rAF is canceled when re-rendering. Also, use instances length instead of renderedItemCount since it will be undefined on first render. (commit)

    • Improve comment. (commit)

    • Remove obsolete tests. (commit)

    • Simplify by making limit a derived value from existing state. This centralizes the calculation of limit based on changes to other state variables. (commit)

    • Update Sauce config to drop Safari 9, add 12 & 13. Safari 9 is now very old, and has micro task ordering bugs issues that make testing flaky. (commit)

    • Remove accidental commit of test.only (commit)

    • When re-enabling, ensure __limit is at a good starting point and add a test for that. Also: * Ensure __itemsArrayChanged is cleared after every render. * Enqueue __continueChunkingAfterRaf before notifying renderedItemCount for safety (commit)

    • Remove accidental commit of suite.only (commit)

    • Ensure limit is reset when initialCount is disabled. Note that any falsey value for initialCount (including 0) is interpreted as "chunking disabled". This is consistent with 1.x logic, and follows from the logic of "starting chunking by rendering zero items" doesn't really make sense. (commit)

    • Updates from review. * Refactoring __render for readability * Removing __pool; this was never used in v2: since we reset the pool every update and items are only ever pushed at detach time and we only detach at the end of updates (as opposed to v1 which had more sophisticated splicing) (commit)

    • Store syncInfo on the dom-if, but null it in teardown. (same as invalidProps for non-fastDo...

Snyk has created this PR to upgrade:
  - @chopsui/batch-iterator from 0.1.0 to 0.3.6.
    See this package in npm: https://www.npmjs.com/package/@chopsui/batch-iterator
  - lit-element from 2.1.0 to 4.1.0.
    See this package in npm: https://www.npmjs.com/package/lit-element
  - @chopsui/chops-button from 0.1.11 to 0.3.6.
    See this package in npm: https://www.npmjs.com/package/@chopsui/chops-button
  - @chopsui/chops-checkbox from 0.1.11 to 0.3.6.
    See this package in npm: https://www.npmjs.com/package/@chopsui/chops-checkbox
  - @chopsui/chops-header from 0.1.5 to 0.3.6.
    See this package in npm: https://www.npmjs.com/package/@chopsui/chops-header
  - @chopsui/chops-input from 0.1.11 to 0.3.6.
    See this package in npm: https://www.npmjs.com/package/@chopsui/chops-input
  - @chopsui/chops-loading from 0.1.11 to 0.3.6.
    See this package in npm: https://www.npmjs.com/package/@chopsui/chops-loading
  - @chopsui/chops-radio from 0.1.11 to 0.3.6.
    See this package in npm: https://www.npmjs.com/package/@chopsui/chops-radio
  - @chopsui/chops-radio-group from 0.1.11 to 0.3.6.
    See this package in npm: https://www.npmjs.com/package/@chopsui/chops-radio-group
  - @chopsui/chops-signin from 0.1.5 to 0.3.6.
    See this package in npm: https://www.npmjs.com/package/@chopsui/chops-signin
  - @chopsui/chops-switch from 0.1.11 to 0.3.6.
    See this package in npm: https://www.npmjs.com/package/@chopsui/chops-switch
  - @chopsui/chops-tab from 0.1.11 to 0.3.6.
    See this package in npm: https://www.npmjs.com/package/@chopsui/chops-tab
  - @chopsui/chops-tab-bar from 0.1.11 to 0.3.6.
    See this package in npm: https://www.npmjs.com/package/@chopsui/chops-tab-bar
  - @chopsui/chops-textarea from 0.1.11 to 0.3.6.
    See this package in npm: https://www.npmjs.com/package/@chopsui/chops-textarea
  - @chopsui/result-channel from 0.1.0 to 0.3.6.
    See this package in npm: https://www.npmjs.com/package/@chopsui/result-channel
  - @chopsui/tsmon-client from 0.0.1 to 1.0.1.
    See this package in npm: https://www.npmjs.com/package/@chopsui/tsmon-client
  - @polymer/polymer from 3.2.0 to 3.5.1.
    See this package in npm: https://www.npmjs.com/package/@polymer/polymer
  - chai from 4.2.0 to 5.1.1.
    See this package in npm: https://www.npmjs.com/package/chai
  - dom5 from 1.3.6 to 3.0.1.
    See this package in npm: https://www.npmjs.com/package/dom5
  - dot-prop-immutable from 1.5.0 to 2.1.1.
    See this package in npm: https://www.npmjs.com/package/dot-prop-immutable
  - escodegen from 1.11.0 to 2.1.0.
    See this package in npm: https://www.npmjs.com/package/escodegen
  - espree from 3.5.4 to 10.1.0.
    See this package in npm: https://www.npmjs.com/package/espree
  - eslint from 4.19.1 to 9.9.1.
    See this package in npm: https://www.npmjs.com/package/eslint
  - eslint-config-google from 0.6.0 to 0.14.0.
    See this package in npm: https://www.npmjs.com/package/eslint-config-google
  - eslint-plugin-html from 4.0.5 to 8.1.1.
    See this package in npm: https://www.npmjs.com/package/eslint-plugin-html
  - karma from 4.1.0 to 6.4.4.
    See this package in npm: https://www.npmjs.com/package/karma
  - karma-chrome-launcher from 2.2.0 to 3.2.0.
    See this package in npm: https://www.npmjs.com/package/karma-chrome-launcher
  - karma-coverage from 1.1.2 to 2.2.1.
    See this package in npm: https://www.npmjs.com/package/karma-coverage
  - karma-mocha from 1.3.0 to 2.0.1.
    See this package in npm: https://www.npmjs.com/package/karma-mocha
  - karma-sourcemap-loader from 0.3.7 to 0.4.0.
    See this package in npm: https://www.npmjs.com/package/karma-sourcemap-loader
  - karma-webpack from 4.0.0-rc.6 to 5.0.1.
    See this package in npm: https://www.npmjs.com/package/karma-webpack
  - mocha from 5.2.0 to 10.7.3.
    See this package in npm: https://www.npmjs.com/package/mocha
  - puppeteer from 1.15.0 to 23.2.0.
    See this package in npm: https://www.npmjs.com/package/puppeteer
  - redux from 4.0.1 to 5.0.1.
    See this package in npm: https://www.npmjs.com/package/redux
  - sinon from 7.3.2 to 18.0.0.
    See this package in npm: https://www.npmjs.com/package/sinon
  - webpack from 4.23.1 to 5.94.0.
    See this package in npm: https://www.npmjs.com/package/webpack
  - webpack-command from 0.4.1 to 0.5.1.
    See this package in npm: https://www.npmjs.com/package/webpack-command

See this project in Snyk:
https://app.snyk.io/org/graysonbarton/project/dd80b583-1146-44f6-a0ad-6d32d45dca19?utm_source=github-cloud-app&utm_medium=referral&page=upgrade-pr
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

0 participants