[Snyk] Upgrade metalsmith from 2.3.0 to 2.6.0 #5
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR was automatically created by Snyk using the credentials of a real user.
Snyk has created this PR to upgrade metalsmith from 2.3.0 to 2.6.0.
ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
The recommended version fixes:
SNYK-JS-ANSIREGEX-1583908
Why? Proof of Concept exploit, Has a fix available, CVSS 7.5
(*) Note that the real score may have changed since the PR was raised.
Release notes
Package name: metalsmith
Added
58d22a3
2d84fbe
9661ddc
45a4afe
424e6ec
chokidar
9d40674
lodash.clonedeepwith
e12537f
Removed
80d8508
rimraf
: replaced with native Node.js methodsae05945
cross-spawn
:baee1de
Updated
24fcffb
4929bc2
commander
: 6.2.1 -> 10.0.124fcffb
0810728
Fixed
60e173a
excerpt
property2bfe800
acb363e
Full Changelog: v2.5.1...v2.6.0
774a164
debug
: 4.3.3 ▶︎ 4.3.4Fixed
Important note to metalsmith-watch users:
Although 2.5.0 is a semver-minor release, it breaks compatibility with metalsmith-watch, which relies on the Metalsmith < 2.4.x private method signature using the outdated unyield package. See issue #374 for more details.
Added
Metalsmith#env
method. Supports passingDEBUG
andDEBUG_LOG
amongst others. SetsCLI: true
when run from the metalsmith CLI.b42df8c
,446c676
,33d936b
,4c483a3
Metalsmith#debug
method for creating plugin debuggersMetalsmith#read
,Metalsmith#readFile
,Metalsmith#write
,Metalsmith#writeFile
,Metalsmith#run
andMetalsmith#process
) to dual callback-/ promise-based methods16a91c5
,faf6ab6
,6cb6229
3a11a24
Removed
0a53007
thunkify
: replaced with promise-based implementationfaf6ab6
unyield
replaced with promise-based implementationfaf6ab6
co-fs-extra
: replaced with native Node.js methodsfaf6ab6
chalk
: not necessary for the few colors used by Metalsmith CLI1dae1cb
clone
: see #247a871af6
Updated
README.md
0da0c4d
Metalsmith#metadata
no longer clones the object passed to it, overwriting the previous metadata, but merges it into existing metadata.Fixed
metalsmith.directory()
5d75539
Updated
774a164
micromatch
: 4.0.4 ▶︎ 4.0.5Fixed
metalsmith.match
file cache in repeat runs without re-read, see metalsmith/layouts#183a727309
Updated
af9dec0
chalk
: 3.0.0 ▶︎ 4.1.2Fixed
ebf82f4
Fixed
Bugfix: include index.js in package.json files
Unfortunately release 2.4.0 missed the index.js file and was only usable by doing require('metalsmith/lib'). For this reason the release notes from 2.4.0 are re-included below:
Added
Metalsmith#match
method. Plugins no longer need to require a matching library705c4bb
,f01c724
828b17e
fs.rm
instead ofrimraf
when available (Node 14.4+)fcbb76e
,66e4376
Metalsmith#frontmatter
a6438d2
ef7b781
4eb1184
Metalsmith#build
now returns a promise which you can attach athen/catch
to orawait
. The build callback model is still available.6d5a42d
Removed
2db47f5
,75e6878
has-generators
: obsolete in supported Node versions2db47f5
absolute
replaced with native Nodepath.isAbsolute
c05f9e2
(@ Zearin)is
replaced with own implementation7eaac9e2
,54dba0c1
(@ Zearin)recursive-readdir
: replaced with own implementation4eb1184
Updated
Dependencies:
75e6878
chalk
: 1.1.3 ▶︎ 3.0.0gray-matter
: 2.0.0 ▶︎ 4.0.3stat-mode
: 0.2.0 ▶︎ 1.0.0rimraf
: 2.2.8 ▶︎ 3.0.2ware
: 1.2.0 ▶︎ 1.3.0commander
(used in CLI): 2.15.1 ▶︎ 6.2.1win-fork
(used in CLI): replaced withcross-spawn
:7.0.3Updated
CHANGELOG.md
format to follow “Keep A Changelog” (#266) (@ Zearin)Fixed
Metalsmith#ignore
now only matches paths relative toMetalsmith#source
(as it should). See linked issue for details4eb1184
Metalsmith#build
a6438d2
Metalsmith#ignore
'd)4eb1184
Metalsmith#ignore
now removes the matched files before they arestatted
for glob-based ignores (saving some perf & potential errors).Security
new Buffer
withBuffer.from
npm audit
vulnerability fixescoveralls
: 2.11.6 ▶︎ 3.0.1 (#308) (@ Zearin)Fix 5 “Moderate” vulnerabilities
metalsmith-markdown
: 0.2.1 ▶︎ 0.2.2 (#312) (@ Zearin)Fix 1 “Low” vulnerability
Read more
Added
Updated
Removed
Fixed
Security
Commit messages
Package name: metalsmith
Compare
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.
For more information:
🧐 View latest project report
🛠 Adjust upgrade PR settings
🔕 Ignore this dependency or unsubscribe from future upgrade PRs