Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Snyk] Upgrade @typespec/openapi3 from 0.56.0 to 0.57.0 #4

Merged
merged 1 commit into from
Jul 19, 2024

Conversation

abdulrahman305
Copy link
Owner

This PR was automatically created by Snyk using the credentials of a real user.


![snyk-top-banner](https://github.com/andygongea/OWASP-Benchmark/assets/818805/c518c423-16fe-447e-b67f-ad5a49b5d123)

Snyk has created this PR to upgrade @typespec/openapi3 from 0.56.0 to 0.57.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.


  • The recommended version is 6 versions ahead of your current version.

  • The recommended version was released on 21 days ago.

Issues fixed by the recommended upgrade:

Issue Score Exploit Maturity
high severity Uncontrolled resource consumption
SNYK-JS-BRACES-6838727
482 Proof of Concept
high severity Inefficient Regular Expression Complexity
SNYK-JS-MICROMATCH-6838728
482 No Known Exploit
Release notes
Package name: @typespec/openapi3
  • 0.57.0 - 2024-06-13

    @ typespec/compiler

    Bug Fixes

    • #3399 Preserve leading whitespace in fenced blocks in doc comments
    • #3566 [API] Do not run decorators on cloned type if the original type wasn't finished
    • #3522 Fix EINVAL error when running tsp code install
    • #3371 Numeric not handling trailing zeros and causing freeze(e.g. const a = 100.0)
    • #3451 Emitter framework: fix losing context when referencing circular types
    • #3517 Fix application of @ param doc tag on operation create with op is to override upstream doc
    • #3488 Add PickProperties type to dynamically select a subset of a model

    Bump dependencies

    • #3401 Update dependencies - May 2024

    Features

    • #3280 Support completion for Model with extended properties

      Example

      model Device {
      name: string;
      description: string;
      }

      model Phone extends Device {

      } | [name]
      | [description]

    • #3280 Support completion for object values and model expression properties.

      Example

      model User {
      name: string;
      age: int32;
      address: string;
      }

      const user: User = #{name: "Bob", ┆}
      | [age]
      | [address]

    • #3375 Allow @ to be escaped in doc comment with \

    • #3022 Add syntax for declaring values. See docs.

    Object and array values

    @ dummy(#{
      name: "John",
      age: 48,
      address: #{ city: "London" }
      aliases: #["Bob", "Frank"]
    })
    

    Scalar constructors

    scalar utcDateTime {
    init fromISO(value: string);
    }

    model DateRange {
    minDate: utcDateTime = utcDateTime.fromISO("2024-02-15T18:36:03Z");
    }

    • #3527 Add support for @ prop doc comment tag to describe model properties

    • #3422 Formatter: Indent or dedent multiline strings to the current indentation

    • #3460 Hide deprecated items from completion list

    • #3443 Support completion for keyword 'extends' and 'is'

      Example

      model Dog ┆ {}
      | [extends]
      | [is]

      scalar Addresss ┆
      | [extends]

      op jump ┆
      | [is]

      interface ResourceA ┆ {}
      | [extends]

      model Cat<T ┆> {}
      | [extends]

    • #3462 Linter all rulesets is automatically created if not explicitly provided

    • #3533 More logs and traces are added for diagnostic and troubleshooting in TypeSpec language server

    Deprecations

    • #3022 Using a tuple type as a value is deprecated. Tuple types in contexts where values are expected must be updated to be array values instead. A codefix is provided to automatically convert tuple types into array values.
    model Test {
    // Deprecated
    values: string[] = ["a", "b", "c"];

    // Correct
    values: string[] = #["a", "b", "c"];

    • #3022 Using a model type as a value is deprecated. Model types in contexts where values are expected must be updated to be object values instead. A codefix is provided to automatically convert model types into object values.
    model Test {
    // Deprecated
    user: {name: string} = {name: "System"};

    // Correct
    user: {name: string} = #{name: "System"};

    • #3022 Decorator API: Legacy marshalling logic

    With the introduction of values, the decorator marshalling behavior has changed in some cases. This behavior is opt-in by setting the valueMarshalling package flag to "new", but will be the default behavior in future versions. It is strongly recommended to adopt this new behavior as soon as possible.

    Example:

    extern dec multipleOf(target: numeric | Reflection.ModelProperty, value: valueof numeric);
    

    Will now emit a deprecated warning because value is of type valueof string which would marshall to Numeric under the new logic but as number previously.

    To opt-in you can add the following to your library js/ts files.

    export const $flags = definePackageFlags({
      decoratorArgMarshalling: "new",
    });

    @ typespec/http

    Bug Fixes

    • #3022 Update Flow Template to make use of the new array values

    Bump dependencies

    • #3401 Update dependencies - May 2024

    Features

    • #3342 Add new multipart handling. Using @ multipartBody with HttpPart<Type, Options>. See multipart docs for more information.

      op upload(@ header contentType: "multipart/mixed", @ multipartBody body: {
        name: HttpPart<string>;
        avatar: HttpPart<bytes>[];
      }): void;
      
    • #3462 Use new compiler automatic all ruleset instead of explicitly provided one

    @ typespec/versioning

    Bug Fixes

    • #3292 Add @ madeRequired decorator
    • #3022 Update to support new value types
    • #3409 Using @ removed on member types and @ added on containing type could result in errors
    • #3255 If a property were marked with @ added on a later version, the logic that said it was originally added on the first version was erroneously removed, resulting in incorrect projections.

    Bump dependencies

    • #3401 Update dependencies - May 2024

    @ typespec/rest

    Bug Fixes

    • #3022 Update types to support new values in TypeSpec

    Bump dependencies

    • #3401 Update dependencies - May 2024

    @ typespec/openapi

    Bump dependencies

    • #3401 Update dependencies - May 2024

    @ typespec/openapi3

    Bug Fixes

    • #3342 Add support for new multipart constructs in http library
    • #3574 Emit diagnostic when an invalid type is used as a property instead of crashing.

    Bump dependencies

    • #3401 Update dependencies - May 2024

    Features

    • #3022 Add support for new object and array values as default values (e.g. decimals: decimal[] = #[123, 456.7];)

    @ typespec/protobuf

    Bug Fixes

    • #3022 Update to support new value types
    • #3561 Corrected cross-package reference behavior in some buggy cases.

    Bump dependencies

    • #3401 Update dependencies - May 2024

    @ typespec/prettier-plugin-typespec

    Bump dependencies

    • #3401 Update dependencies - May 2024

    @ typespec/eslint-plugin

    Bump dependencies

    • #3401 Update dependencies - May 2024

    @ typespec/html-program-viewer

    Bump dependencies

    • #3401 Update dependencies - May 2024

    Features

    • #3022 Add support for values

    @ typespec/json-schema

    Bug Fixes

    • #3398 Fix decorators application for union variants
    • #3022 Update to support new value types
    • #3430 The emitted JSON Schema now doesn't make root schemas for TypeSpec types which do not have the @ jsonschema decorator or are contained in a namespace with that decorator. Instead, such schemas are put into the $defs of any root schema which references them, and are referenced using JSON Pointers.

    Bump dependencies

    • #3401 Update dependencies - May 2024

    Features

    @ typespec/internal-build-utils

    Bump dependencies

    • #3401 Update dependencies - May 2024

    typespec-vs

    Features

    typespec-vscode

    Bump dependencies

    • #3401 Update dependencies - May 2024

    Features

    • #3533 Enhance logging and trace
    1. Support "Developer: Set Log Level..." command to filter logs in TypeSpec output channel
    2. Add "typespecLanguageServer.trace.server" config for whether and how to send the traces from TypeSpec language server to client. (It still depends on client to decide whether to show these traces based on the configured Log Level.)
    3. More logs and traces are added for diagnostic and troubleshooting
    • #3385 Add 'TypeSpec: Show Output Channel' command in VSCode extension

    @ typespec/library-linter

    Bump dependencies

    • #3401 Update dependencies - May 2024
  • 0.57.0-dev.5 - 2024-06-13
  • 0.57.0-dev.4 - 2024-06-03
  • 0.57.0-dev.3 - 2024-05-20
  • 0.57.0-dev.1 - 2024-05-08
  • 0.57.0-dev.0 - 2024-05-08
  • 0.56.0 - 2024-05-08

    @ typespec/compiler

    Bug Fixes

    • #3170 --nostdlib flag will now work by only applying to optional standard library types
    • #3212 Fix: augmenting template model property could result in sending invalid argument to decorator
    • #3188 Fix: Do not crash when trying to access member of aliased expressions
    • #3185 Fix tsp init hanging when done due to unclosed connection
    • #3151 IDE: Fix completion of statement keywords
    • #3287 Templated interface extending another templated interface shouldn't run decorator on their operations
    • #3290 Model with an optional property should not satisfy a constraint with that property required. ({foo?: string} cannot be assigned to a constraint of {foo: string})
    • #3163 Fix: Model with spread indexer shouldn't validate explicit properties
    • #3227 Stop running decorators on partially instantiated operations(When interface is instantiated but not the operation)
    • #3180 Fix issue where directives were not parsed to the leaf node in multi-segment Namespace segments.
    • #3243 Fix calling tsp install on windows due to recent NodeJS breaking change to fix vulnerability.
    • #3216 Fix compiler crash when using an invalid is target in an interface operation template
    • #3246 Internals: Use node built-in fetch API that is now stable since node 18.13.0

    Bump dependencies

    • #3169 Update dependencies

    Features

    • #3035 getEncode returns the fully qualified enum member name if using a custom enum.
    • #3183 Show template parameters when hovering on an operation template
    • #3191 [API] Add new sourceModels property to model

    @ typespec/http

    Bug Fixes

    • #3196 Fix password flow defining authorizationUrl instead of tokenUrl
    • #3190 Fix @ path param mapping when spreading a record in operation parameters
    • #3218 Fix: @ path property shouldn't be applicableMetadata if the visibility contains Read

    Bump dependencies

    • #3169 Update dependencies

    Breaking Changes

    • #2945 Empty model after removing metadata and applying visibility always results in "void"
      This means the following case have changed from returning {} to no body

      op b1(): {};
      op b2(): {@ visibility("none") prop: string};
      op b3(): {@ added(Versions.v2) prop: string};
      

      Workaround: Use explicit @ body

      op b1(): {@ body _: {}};
      op b2(): {@ body _: {@ visibility("none") prop: string}};
      op b3(): {@ body _: {@ added(Versions.v2) prop: string}};
      
    • #2945 Implicit status code always 200 except if response is explicitly void

      op c1(): {@ header foo: string}; // status code 200 (used to be 204)
      

      Solution: Add explicit @ statusCode

      op c1(): {@ header foo: string, @ statusCode _: 204};
      op c1(): {@ header foo: string, ...NoContent}; // or spread common model
      
    • #2945 @ body means this is the body

      This change makes using @ body mean this is the exact body and everything underneath will be included, including metadata properties. If metadata properties are present on the body, a warning will be logged.

      op a1(): {@ body _: {@ header foo: string, other: string} };
                      ^ warning header in a body, it will not be included as a header.
      

      Use @ bodyRoot if you want to only change where to resolve the body from.

      op a1(): {@ bodyRoot _: {@ header foo: string, other: string} };
      
    • #2945 Properties are not automatically omitted if everything was removed from metadata or visibility

      op d1(): {headers: {@ header foo: string}}; // body will be {headers: {}}
      

      Solution: use @ bodyIgnore

      op d1(): {@ bodyIgnore headers: {@ header foo: string}}; // body will be {headers: {}}
      

    @ typespec/versioning

    Bug Fixes

    • #3264 Fix crash when @ service appears inside a versioned namespace

    Bump dependencies

    • #3169 Update dependencies

    @ typespec/rest

    Bump dependencies

    • #3169 Update dependencies

    Features

    • #2945 Add support for new @ bodyRoot and @ body distinction

    @ typespec/openapi

    Bump dependencies

    • #3169 Update dependencies

    @ typespec/openapi3

    Bug Fixes

    • #3218 Fix: @ path property should be included in unreachable models

    Bump dependencies

    • #3169 Update dependencies

    Features

    • #2945 Add support for new @ bodyRoot and @ body distinction

    @ typespec/protobuf

    Bump dependencies

    • #3169 Update dependencies

    @ typespec/prettier-plugin-typespec

    Bump dependencies

    • #3169 Update dependencies

    @ typespec/eslint-plugin

    Bump dependencies

    • #3169 Update dependencies

    @ typespec/html-program-viewer

    Bump dependencies

    • #3169 Update dependencies

    Features

    • #3191 Add sourceModels property to model view

    @ typespec/json-schema

    Bump dependencies

    • #3169 Update dependencies

    @ typespec/internal-build-utils

    Bump dependencies

    • #3169 Update dependencies

    typespec-vs

    No changes, version bump only.

    typespec-vscode

    Bump dependencies

    • #3169 Update dependencies

    @ typespec/library-linter

    Bump dependencies

    • #3169 Update dependencies
from @typespec/openapi3 GitHub release notes

Important

  • Check the changes in this PR to ensure they won't cause issues with your project.
  • This PR was automatically created by Snyk using the credentials of a real user.
  • Max score is 1000. Note that the real score may have changed since the PR was raised.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

Snyk has created this PR to upgrade @typespec/openapi3 from 0.56.0 to 0.57.0.

See this package in npm:
@typespec/openapi3

See this project in Snyk:
https://app.snyk.io/org/abdulrahman305/project/2d7e0832-afc9-498b-aaf9-735e1eddc8b5?utm_source=github&utm_medium=referral&page=upgrade-pr
Copy link

korbit-ai bot commented Jul 5, 2024

👋 I'm here to help you review your pull request. When you're ready for me to perform a review, you can comment anywhere on this pull request with this command: /korbit-review.

As a reminder, here are some helpful tips on how we can collaborate together:

  • To have me re-scan your pull request, simply re-invoke the /korbit-review command in a new comment.
  • You can interact with me by tagging @korbit-ai in any conversation in your pull requests.
  • On any comment I make on your code, please leave a 👍 if it is helpful and a 👎 if it is unhelpful. This will help me learn and improve as we work together
  • Lastly, to learn more, check out our Docs.

Copy link

codeautopilot bot commented Jul 5, 2024

Your organization has reached the subscribed usage limit. You can upgrade your account by purchasing a subscription at Stripe payment link

Disclaimer: This comment was entirely generated using AI. Be aware that the information provided may be incorrect.

Current plan usage: 103.59%

Have feedback or need help?
Discord
Documentation
[email protected]

Copy link

coderabbitai bot commented Jul 5, 2024

Important

Review skipped

Ignore keyword(s) in the title.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.


Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

Share
Tips

Chat

There are 3 ways to chat with CodeRabbit:

  • Review comments: Directly reply to a review comment made by CodeRabbit. Example:
    • I pushed a fix in commit <commit_id>.
    • Generate unit testing code for this file.
    • Open a follow-up GitHub issue for this discussion.
  • Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
    • @coderabbitai generate unit testing code for this file.
    • @coderabbitai modularize this function.
  • PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
    • @coderabbitai generate interesting stats about this repository and render them as a table.
    • @coderabbitai show all the console.log statements in this repository.
    • @coderabbitai read src/utils.ts and generate unit testing code.
    • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
    • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (invoked as PR comments)

  • @coderabbitai pause to pause the reviews on a PR.
  • @coderabbitai resume to resume the paused reviews.
  • @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
  • @coderabbitai full review to do a full review from scratch and review all the files again.
  • @coderabbitai summary to regenerate the summary of the PR.
  • @coderabbitai resolve resolve all the CodeRabbit review comments.
  • @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
  • @coderabbitai help to get help.

Additionally, you can add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.

CodeRabbit Configration File (.coderabbit.yaml)

  • You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
  • Please see the configuration documentation for more information.
  • If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

  • Visit our Documentation for detailed information on how to use CodeRabbit.
  • Join our Discord Community to get help, request features, and share feedback.
  • Follow us on X/Twitter for updates and announcements.

@abdulrahman305 abdulrahman305 merged commit 647d529 into main Jul 19, 2024
4 checks passed
@abdulrahman305 abdulrahman305 deleted the snyk-upgrade-05598646ca9461cfab053c607f936078 branch July 19, 2024 13:39
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants