[Snyk] Upgrade liquidjs from 9.22.1 to 9.43.0

[jydmyk]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to upgrade liquidjs from 9.22.1 to 9.43.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 45 versions ahead of your current version.
• The recommended version was released 6 months ago, on 2022-11-27.

Release notes

Package name: liquidjs

• 9.43.0 - 2022-11-27
  

  9.43.0 (2022-11-27)

  Features

  • support timezone offset argument for date filter, #553 (7a71485)
• 9.42.1 - 2022-10-21
  

  9.42.1 (2022-10-21)

  Bug Fixes

  • truncatewords should use at least one word, #537 (32f613f)
• 9.42.0 - 2022-08-27
  

  9.42.0 (2022-08-27)

  Features

  • promise in expression & nested property, #533 #276 (bbf00f3)
• 9.41.0 - 2022-08-24
  

  9.41.0 (2022-08-24)

  Features

  • use evalValue to parse & render expression, #527 (071368a)
• 9.40.0 - 2022-08-14
  

  9.40.0 (2022-08-14)

  Bug Fixes

  • target ES6 for ESM bundles, fixes #526 (905a6dd)

  Features

  • export toValueSync & defaultOptions to evaluate expression, see #527 (e874b40)
• 9.39.2 - 2022-07-21
  

  9.39.2 (2022-07-21)

  Bug Fixes

  • expression support Drop.valueOf, fixes #522 (4ad383d)
• 9.39.1 - 2022-07-14
  

  9.39.1 (2022-07-14)

  Bug Fixes

  • throw ParseError instead of RenderError for invalid assign expression, closes #519 (c41a5d5)
• 9.39.0 - 2022-07-09
  

  9.39.0 (2022-07-09)

  Bug Fixes

  • for tag not respecting Drop#valueOf(), fixes #515 (c3e51ca)

  Features

  • iteration protocols (a19feea)
• 9.38.0 - 2022-07-07
  

  9.38.0 (2022-07-07)

  Bug Fixes

  • stack overflow on large number of templates, #513 (3dc4290)

  Features

  • inline comment tag (#514) (2f87708)
• 9.37.0 - 2022-04-21
  

  9.37.0 (2022-04-21)

  Bug Fixes

  • support integer arithmetic for divided_by, closes #465 (e69a510)

  Features

  • automatic output escaping, closes #500 (f88490c)
• 9.36.2 - 2022-04-19
• 9.36.1 - 2022-04-17
• 9.36.0 - 2022-03-05
• 9.35.2 - 2022-03-02
• 9.35.1 - 2022-02-26
• 9.35.0 - 2022-02-23
• 9.34.1 - 2022-02-20
• 9.34.0 - 2022-01-28
• 9.33.1 - 2022-01-19
• 9.33.0 - 2022-01-19
• 9.32.1 - 2022-01-12
• 9.32.0 - 2022-01-02
• 9.31.0 - 2021-12-19
• 9.30.0 - 2021-12-18
• 9.29.0 - 2021-12-11
• 9.28.6 - 2021-12-07
• 9.28.5 - 2021-11-05
• 9.28.4 - 2021-10-31
• 9.28.3 - 2021-10-27
• 9.28.2 - 2021-10-16
• 9.28.1 - 2021-10-16
• 9.28.0 - 2021-10-06
• 9.27.1 - 2021-10-04
• 9.27.0 - 2021-10-03
• 9.26.0 - 2021-09-30
• 9.25.1 - 2021-06-20
• 9.25.0 - 2021-05-07
• 9.24.2 - 2021-05-04
• 9.24.1 - 2021-05-01
• 9.24.0 - 2021-05-01
• 9.23.4 - 2021-04-17
• 9.23.3 - 2021-03-21
• 9.23.2 - 2021-03-13
• 9.23.1 - 2021-02-19
• 9.23.0 - 2021-02-12
• 9.22.1 - 2021-02-05

from liquidjs GitHub release notes

Commit messages

Package name: liquidjs

• 907c4de chore(release): 9.43.0 [skip ci]
• 7a71485 feat: support timezone offset argument for date filter, Update https-cloning-errors.md github/docs#553
• cd918cc chore(deps): bump minimatch from 3.0.4 to 3.1.2 in /docs
• 8061e55 docs: fix tags sidebar translation
• 33e97db docs: update .all-contributorsrc [skip ci]
• 9cfc8fd docs: update README.md [skip ci]
• f62b210 docs: add echo and liquid tags Chinese translation (Incorrect type for labels parameter: "array of undefineds" github/docs#549)
• bf6b5c7 chore(release): 9.42.1 [skip ci]
• a58fe44 chore(deps): bump minimist and hexo-renderer-swig in /docs
• 99516cb chore(deps): bump semver-regex from 2.0.0 to 3.1.4
• 850ab0c chore(deps): bump ansi-regex from 3.0.0 to 3.0.1
• 33c7c8f docs: demo for using LiquidJS with webpack
• 32f613f fix: truncatewords should use at least one word, update github/docs#537
• 71a1dc6 docs: update README
• 375a19b chore: update funding.yml
• 4e17fdc docs: update README.md
• 01c2504 docs: update .all-contributorsrc [skip ci]
• 4a9b467 docs: update README.md [skip ci]
• 78f2120 Update intro-to-liquid.md
• adfc27c chore(deps): bump moment-timezone from 0.5.28 to 0.5.37 in /docs
• 0075be9 chore(release): 9.42.0 [skip ci]
• bbf00f3 feat: promise in expression & nested property, [DO NOT MERGE] Test github/docs#533 Update powershell example using Out-File. github/docs#276
• 0997530 chore(release): 9.41.0 [skip ci]
• 071368a feat: use evalValue to parse & render expression, Update all-contributors configuration to avoid merge conflicts github/docs#527

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

[socket-security]

New dependency changes detected. Learn more about Socket for GitHub ↗︎

---

🚨 Potential security issues found in this pull request. To accept the risk, merge this PR and you will not be notified again.

Bot Commands

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of package-name@version specifiers. e.g. @SocketSecurity ignore [email protected] bar@* or ignore all packages with @SocketSecurity ignore-all

• @SocketSecurity ignore [email protected]
• @SocketSecurity ignore [email protected]

📜 Install scripts

Install scripts are run when the package is installed. The majority of malware in npm is hidden in install scripts.

Packages should not be running non-essential scripts during install and there are often solutions to problems people solve with install scripts that can be run at publish time instead.

Package	Script field	Source
[email protected] (upgraded)	postinstall	package.json via [email protected]

🧌 Protestware/Troll package

This package is a joke, parody, or includes undocumented or hidden behavior unrelated to its primary function.

Package	Note	Source
[email protected] (upgraded)	This package prints a protestware console message regarding Ukraine for users with Russian language locale	package.json via @primer/[email protected], [email protected]

Pull request alert summary

Issue	Status
Install scripts	⚠️ 1 issue
Native code	✅ 0 issues
Bin script shell injection	✅ 0 issues
Unresolved require	✅ 0 issues
Invalid package.json	✅ 0 issues
HTTP dependency	✅ 0 issues
Git dependency	✅ 0 issues
Potential typo squat	✅ 0 issues
Known Malware	✅ 0 issues
Telemetry	✅ 0 issues
Protestware/Troll package	⚠️ 1 issue

---

📊 Modified Dependency Overview:

➕ Added Package	Capability Access	+/- Transitive Count	Publisher
[email protected]	None	+4	node-fetch-bot
[email protected]	None	+1	sindresorhus
[email protected]	None	+0	dcousens

⬆️ Updated Package	Version Diff	Added Capability Access	+/- Transitive Count	Publisher
[email protected]	1.1.0...1.4.0	network	+35/-28	zeke
[email protected]	10.2.0...10.2.3	None	+58/-121	zeit-bot
[email protected]	1.4.0...1.12.0	None	+0/-0	mihaivalentin
[email protected]	3.14.0...3.14.1	None	+0/-0	vitaly
[email protected]	3.12.0...3.13.0	None	+2/-2	bobby-brennan
[email protected]	1.0.2...1.0.3	None	+3/-1	cschleiden
[email protected]	2.21.3...2.30.0	None	+2/-0	kossnocorp
[email protected]	1.2.1...1.5.0	None	+0/-1	wooorm
[email protected]	8.3.0...8.3.2	None	+0/-0	ctavan
[email protected]	4.2.1...4.3.1	None	+0/-0	xjamundx
[email protected]	2.0.0...2.0.2	None	+2/-0	brandonocasey
[email protected]	9.0.2...9.0.3	None	+12/-65	evilebottnawi
[email protected]	2.5.2...2.6.0	None	+0/-0	broofa
[email protected]	2.4.0...2.4.2	None	+37/-25	joseluisbolos
[email protected]	4.2.1...4.3.8	None	+19/-19	typicode
[email protected]	7.1.6...7.2.3	None	+2/-3	isaacs
[email protected]	4.2.4...4.9.5	None	+0/-0	typescript-bot
[email protected]	2.0.1...2.2.0	None	+0/-0	addaleax
@primer/[email protected]	28.0.1...28.5.0	None	+41/-35	primer-css
[email protected]	7.0.2...7.0.3	None	+0/-1	kentcdodds
[email protected]	4.8.8...4.16.3	environment	+0/-0	david
[email protected]	2.2.0...2.2.2	None	+0/-0	hilleer
[email protected]	1.2.0...1.2.2	None	+8/-8	almaclaine
[email protected]	4.2.0...4.2.3	None	+23/-21	s0ph1e
[email protected]	1.12.0...1.15.5	environment	+20/-27	bahmutov
[email protected]	4.1.0...4.1.2	None	+0/-2	sindresorhus
[email protected]	2.2.6...2.4.0	None	+0/-0	mihneadb
[email protected]	2.0.4...2.0.22	network	+10/-41	remy
[email protected]	3.0.2...3.0.5	None	+0/-0	boblauer
[email protected]	1.9.1...1.10.0	None	+0/-1	dougwilson
[email protected]	1.4.5...1.4.6	None	+1/-0	dougwilson
[email protected]	2.22.1...2.27.5	None	+103/-94	ljharb
[email protected]	3.1.2...3.1.5	None	+14/-13	bholloway
[email protected]	1.0.2...1.1.3	None	+0/-0	mattphillips
@types/[email protected]	17.0.4...17.0.60	None	+3/-3	types
[email protected]	2.1.1...2.4.0	None	+0/-0	samclarke
[email protected]	1.2.1...1.4.0	None	+0/-0	mdevils
[email protected]	2.0.1...2.1.0	None	+0/-0	blakeembrey
[email protected]	5.1.3...5.5.1	None	+0/-0	nfriedly
[email protected]	4.17.1...4.18.2	network	+29/-17	dougwilson
[email protected]	8.2.0...8.5.2	None	+2/-2	bdeitte
[email protected]	5.0.0...5.0.2	None	+0/-1	timoxley
[email protected]	6.0.3...6.4.1	None	+35/-83	evilebottnawi
[email protected]	4.0.2...4.0.3	None	+1/-1	rmassaioli
[email protected]	2.3.3...2.3.5	None	+2/-3	trysound
@babel/[email protected]	7.12.13...7.18.6	shell	+47/-24	nicolo-ribaudo
[email protected]	9.22.1...9.43.0	None	+0/-0	harttle
@types/[email protected]	17.0.3...17.0.20	None	+4/-4	types
[email protected]	2.610.0...2.1390.0	eval, environment	+18/-6	aws-sdk-bot
@babel/[email protected]	7.11.0...7.22.4	shell	+51/-29	nicolo-ribaudo
[email protected]	13.0.4...13.3.1	None	+1/-1	nockbot
[email protected]	8.1.0...8.3.0	shell	+48/-88	nicolo-ribaudo
[email protected]	1.4.1...1.6.2	None	+7/-54	evilebottnawi
[email protected]	5.3.0...5.3.11	None	+31/-23	probablyup
[email protected]	1.0.0-rc.3...1.0.0-rc.12	network	+12/-4	feedic
@babel/[email protected]	7.12.13...7.21.5	shell	+41/-23	nicolo-ribaudo
[email protected]	7.13.0...7.32.0	eval	+42/-46	eslintbot
[email protected]	16.0.1...16.0.3	None	+106/-97	linusu
@graphql-inspector/[email protected]	2.3.0...2.9.0	None	+3/-2	kamilkisiela
@babel/[email protected]	7.12.13...7.22.3	shell	+47/-29	nicolo-ribaudo
@actions/[email protected]	1.2.6...1.10.0	environment	+2/-0	thboop
[email protected]	6.2.0...6.2.1	None	+0/-0	abetomo
[email protected]	3.21.2...3.23.3	None	+2/-2	evanhahn
[email protected]	4.6.0...4.10.0	environment	+16/-71	evilebottnawi
[email protected]	4.1.0...4.3.0	environment	+11/-54	evilebottnawi
[email protected]	3.2.0...3.2.4	None	+0/-0	hargasinski
@babel/[email protected]	7.12.13...7.22.1	shell	+39/-21	nicolo-ribaudo
[email protected]	2.13.6...2.16.2	None	+65/-68	justinbeckwith
[email protected]	1.12.0...1.13.3	None	+31/-23	probablyup
[email protected]	2.1.2...2.8.8	environment	+0/-0	prettier-bot
@babel/[email protected]	7.12.13...7.20.11	shell	+41/-23	nicolo-ribaudo
@babel/[email protected]	7.12.13...7.22.4	shell	+132/-88	nicolo-ribaudo
[email protected]	0.16.1...0.16.13	None	+53/-46	alisowski
[email protected]	17.0.1...17.0.2	None	+2/-2	gaearon
@babel/[email protected]	7.12.13...7.22.3	shell	+43/-25	nicolo-ribaudo
[email protected]	3.1.1...3.1.2	None	+1/-1	leibale
[email protected]	1.2.1...1.3.0	None	+6/-56	evilebottnawi
[email protected]	17.0.1...17.0.2	None	+0/-0	gaearon
[email protected]	14.6.0...14.7.0	None	+0/-0	i1g
[email protected]	1.26.3...1.62.1	filesystem	+4/-7	sassbot
@types/[email protected]	4.14.168...4.14.195	None	+0/-0	types
[email protected]	8.2.0...8.6.0	None	+0/-0	motdotla
@babel/[email protected]	7.11.2...7.22.3	None	+1/-1	nicolo-ribaudo
@graphql-tools/[email protected]	6.2.5...6.2.8	None	+26/-23	ardatan
@primer/[email protected]	16.2.0...16.3.0	None	+1/-2	primer-css

🚮 Removed packages: [email protected], [email protected], [email protected], [email protected]