Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Snyk] Upgrade: , d3, rollup-plugin-node-resolve, rollup-plugin-typescript2 #484

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

NOUIY
Copy link
Owner

@NOUIY NOUIY commented Sep 9, 2024

snyk-top-banner

Snyk has created this PR to upgrade multiple dependencies.

👯 The following dependencies are linked and will therefore be updated together.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

Name Versions Released on

@types/d3
from 5.7.2 to 5.16.7 | 16 versions ahead of your current version | 10 months ago
on 2023-11-07
d3
from 5.7.0 to 5.16.0 | 23 versions ahead of your current version | 4 years ago
on 2020-04-20
rollup-plugin-node-resolve
from 4.0.0 to 4.2.4 | 7 versions ahead of your current version | 5 years ago
on 2019-05-11
rollup-plugin-typescript2
from 0.20.1 to 0.36.0 | 30 versions ahead of your current version | a year ago
on 2023-09-27

Issues fixed by the recommended upgrade:

Issue Score Exploit Maturity
high severity Uncontrolled resource consumption
SNYK-JS-BRACES-6838727
696 Proof of Concept
high severity Denial of Service (DoS)
SNYK-JS-DECODEURICOMPONENT-3149970
696 Proof of Concept
high severity Inefficient Regular Expression Complexity
SNYK-JS-MICROMATCH-6838728
696 No Known Exploit
high severity Prototype Pollution
SNYK-JS-UNSETVALUE-2400660
696 No Known Exploit
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-PATHPARSE-1077067
696 Proof of Concept
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-PATHPARSE-1077067
696 Proof of Concept
low severity Validation Bypass
SNYK-JS-KINDOF-537849
696 Proof of Concept
Release notes
Package name: @types/d3
  • 5.16.7 - 2023-11-07
  • 5.16.6 - 2023-10-18
  • 5.16.5 - 2023-09-22
  • 5.16.4 - 2020-11-04
  • 5.16.3 - 2020-10-05
  • 5.16.2 - 2020-10-01
  • 5.16.1 - 2020-10-01
  • 5.16.0 - 2020-10-01
  • 5.9.5 - 2020-09-30
  • 5.9.4 - 2020-09-30
  • 5.9.3 - 2020-09-30
  • 5.9.2 - 2020-09-30
  • 5.9.1 - 2020-09-30
  • 5.9.0 - 2020-09-29
  • 5.7.4 - 2020-09-29
  • 5.7.3 - 2020-09-29
  • 5.7.2 - 2019-04-03
from @types/d3 GitHub release notes
Package name: d3
  • 5.16.0 - 2020-04-20
  • 5.15.1 - 2020-04-01
  • 5.15.0 - 2019-12-29
  • 5.14.2 - 2019-11-20
  • 5.14.1 - 2019-11-17
  • 5.14.0 - 2019-11-17
  • 5.13.1 - 2019-11-16
  • 5.13.0 - 2019-11-16
  • 5.12.0 - 2019-09-07
  • 5.11.0 - 2019-08-21
  • 5.10.1 - 2019-08-21
  • 5.10.0 - 2019-08-19
  • 5.9.7 - 2019-06-28
  • 5.9.6 - 2019-06-28
  • 5.9.5 - 2019-06-27
  • 5.9.4 - 2019-06-26
  • 5.9.3 - 2019-06-26
  • 5.9.2 - 2019-03-14
  • 5.9.1 - 2019-02-10
  • 5.9.0 - 2019-02-07
  • 5.8.2 - 2019-02-05
  • 5.8.1 - 2019-02-04
  • 5.8.0 - 2019-01-28
  • 5.7.0 - 2018-08-24
from d3 GitHub release notes
Package name: rollup-plugin-node-resolve from rollup-plugin-node-resolve GitHub release notes
Package name: rollup-plugin-typescript2
  • 0.36.0 - 2023-09-27

    Features/bugfixes

    • support newer moduleResolution kinds, update build to TS 5.x by @ ezolenko in #453
    • fix: hardcode declaration extension check by @ agilgur5 in #456

    Internal (testing, refactors)

    Full Changelog: 0.35.0...0.36.0

  • 0.35.0 - 2023-06-23

    Features

    Bugfixes

    Full Changelog: 0.34.1...0.35.0

  • 0.34.1 - 2022-10-03

    Bugfixes

    • fix: don't error out while catching a buildStart error by @ agilgur5 in #422
      • This fixes an initialization regression in 0.34.0 where users saw TypeError: Cannot read property 'done' of undefined instead of their actual initialization error, such as a tsconfig issue (such as with #421)
    • fix: add compatibility checks w/ semver by @ agilgur5 in #424
      • 0.34.0 introduced a type-only fix that relied on Rollup 2.60.0+ and would (accidentally) error out on older versions of Rollup. This fix handles it gracefully with a clear warning message instead and skips that check when using an older version of Rollup (i.e. partly backward-compatible).
      • This also adds an error if peerDependencies minimum versions have not been met
    • fix: don't resolve filtered files by @ agilgur5 in #428
      • This fixes a regression from 0.33.0 that could cause rpt2 to (accidentally) resolve files that should have been filtered out by the plugin include/exclude (such as with #427)

    Internal (testing, refactors)

    • clean(deps): remove unused @ types/resolve by @ agilgur5 in #423
    • test: increase no-errors integration timeout to 20s by @ agilgur5 in #425

    Full Changelog: 0.34.0...0.34.1

  • 0.34.0 - 2022-09-12

    Bugfixes

    • fix: handle all type-only imports by piping TS imports by @ agilgur5 in #406
      • If you have ever had issues with some files not being type-checked or not generating declarations, this should conclusively fix all such issues. This type of issue used to occur if you had a type-only / interface-only / emit-less file, i.e. a file with only TS types and interfaces that would produce no JS.
      • NOTE: This requires Rollup version 2.60.0+ as it requires the use of this.load
        • 0.34.0 will (accidentally) error out on older versions of Rollup. 0.34.1 patched this to instead give a warning and skip this check on older versions of Rollup.
    More Fixes ...
    • fix(dx): remove extra quote in emitDeclarationOnly log statement by @ agilgur5 in #412

    Docs

    • docs: add a simple CHANGELOG.md that references GH releases by @ agilgur5 in #419
      • i.e. it references this page

    Internal (testing, refactors)

    More Internal ...
    • refactor(test): heavily simplify the context helper by @ agilgur5 in #404
    • refactor: combine check-tsconfig with parse-tsconfig by @ agilgur5 in #413
    • clean: remove ConsoleContext entirely by using buildStart by @ agilgur5 in #414
    • refactor(cache): simplify creating / using the cache var by @ agilgur5 in #415
    • refactor: consolidate diagnostics funcs into single file by @ agilgur5 in #415

    Full Changelog: 0.33.0.1...0.34.0

  • 0.33.0 - 2022-08-19
    • similar to the other safety checks in clean, this won't be hit during normal usage
  • 0.32.1 - 2022-06-06

    Bugfixes

    • deps: upgrade @ rollup/plugin-commonjs to v22 to fix try/catch requires by @ agilgur5 in #340
      • This fixes a regression in 0.32.0 that caused users with certain environments to experience ReferenceError: window is not defined when importing rpt2. See #339

    Full Changelog: 0.32.0...0.32.1

  • 0.32.0 - 2022-06-01

    Features

    Bugfixes

    • fix: normalize paths in get-options-overrides by @ agilgur5 in #331
    • fix: add realpath to host to properly resolve monorepos / symlinks by @ agilgur5 in #332
    • fix: use .d.ts instead of .vue.d.ts for Vue declarations by @ agilgur5 in #336
      • EDIT: Per #224 (comment), this issue and fix seem to have been made erroneously, as the Vue team now mandates .vue.d.ts. As such, this has been reverted in 0.33.0
    • fix: don't attempt to change declarationMap sources when no output by @ agilgur5 in #334
    • fix: force noEmitOnError: false by @ agilgur5 in #338

    Dependencies

    • updating dependencies by @ ezolenko in f84afe9, 0df5362, 5a3e58b, and 08d2f5b
      • EDIT: 08d2f5b caused a regression in certain environments per #339. If you're experiencing ReferenceError: window is not defined, please upgrade to 0.32.1, which should fix this issue.
    • deps: remove unneeded @ types/colors package by @ agilgur5 in #319
    • deps: use normalizePath from @ rollup/pluginutils by @ agilgur5 in #320
    • deps: upgrade tslib to ^2.4.0, remove @ yarn-tool/resolve-package by @ agilgur5 in #326

    Docs

    • fix(docs): _.merge doesn't concat arrays by @ agilgur5 in #314
    • docs: clarify the TS option's defaults by @ agilgur5 in #316
    • docs: split off a CONTRIBUTING.md and improve formatting, grammar, links by @ agilgur5 in #313
    More Docs ...

    GitHub

    • fix(github): improve formatting of issue template spoilers by @ agilgur5 in #311

    Internal (testing, refactors)

    More Internal ...
    • clean: remove partial.ts as this is built into TS by @ agilgur5 in #322
    • optim(ci): use npm ci for install and cache npm by @ agilgur5 in #323
    • ci: add a lint check to ensure all PRs pass lint too by @ agilgur5 in #327
    • refactor: prefer native methods to lodash where possible by @ agilgur5 in #328
    • refactor: invert some conditionals for better readability by @ agilgur5 in #335
    • refactor: sort all top-level imports by @ agilgur5 in #337

    Full Changelog: 0.31.2...0.32.0

  • 0.31.2 - 2022-02-01

    What's Changed

    • chore: should not lock deps version by @ bluelovers in #293
    • Add trace method to the LanguageServiceHost to enable usage with traceResolution by @ Andarist in #296

    Full Changelog: 0.31.1...0.31.2

  • 0.31.1 - 2021-11-23

    Fix for #291

    Full Changelog: 0.31.0...0.31.1

  • 0.31.0 - 2021-11-17
  • 0.30.0 - 2021-02-18
  • 0.29.0 - 2020-10-30
  • 0.28.0 - 2020-10-16
  • 0.27.3 - 2020-09-25
  • 0.27.2 - 2020-08-07
  • 0.27.1 - 2020-05-12
  • 0.27.0 - 2020-03-27
  • 0.26.0 - 2020-02-12
  • 0.25.3 - 2019-12-03
  • 0.25.2 - 2019-11-05
  • 0.24.3 - 2019-09-26
  • 0.24.2 - 2019-09-12
  • 0.24.1 - 2019-09-09
  • 0.24.0 - 2019-08-28
  • 0.23.0 - 2019-08-23
  • 0.22.1 - 2019-07-26
  • 0.22.0 - 2019-07-11
  • 0.21.2 - 2019-06-17
  • 0.21.1 - 2019-05-17
  • 0.21.0 - 2019-04-23
  • 0.20.1 - 2019-03-13
from rollup-plugin-typescript2 GitHub release notes

Important

  • Check the changes in this PR to ensure they won't cause issues with your project.
  • This PR was automatically created by Snyk using the credentials of a real user.
  • Max score is 1000. Note that the real score may have changed since the PR was raised.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

Snyk has created this PR to upgrade:
  - @types/d3 from 5.7.2 to 5.16.7.
    See this package in npm: https://www.npmjs.com/package/@types/d3
  - d3 from 5.7.0 to 5.16.0.
    See this package in npm: https://www.npmjs.com/package/d3
  - rollup-plugin-node-resolve from 4.0.0 to 4.2.4.
    See this package in npm: https://www.npmjs.com/package/rollup-plugin-node-resolve
  - rollup-plugin-typescript2 from 0.20.1 to 0.36.0.
    See this package in npm: https://www.npmjs.com/package/rollup-plugin-typescript2

See this project in Snyk:
https://app.snyk.io/org/nexuscompute/project/31abe49f-2773-4b5e-bd6a-66d18ae75d25?utm_source=github&utm_medium=referral&page=upgrade-pr
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants