Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Snyk] Upgrade: , asciinema-player, dayjs, eslint-plugin-jsx-a11y, eslint-plugin-react, react-bootstrap, react-icons, react-router-dom, spdx-license-ids #33

Open
wants to merge 1 commit into
base: main
Choose a base branch
from

Conversation

patooworld
Copy link
Owner

snyk-top-banner

Snyk has created this PR to upgrade multiple dependencies.

👯 The following dependencies are linked and will therefore be updated together.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

Name Versions Released on

@types/node
from 16.18.96 to 16.18.105 | 9 versions ahead of your current version | a month ago
on 2024-08-09
asciinema-player
from 3.7.1 to 3.8.0 | 8 versions ahead of your current version | 3 months ago
on 2024-06-15
dayjs
from 1.11.11 to 1.11.13 | 2 versions ahead of your current version | 23 days ago
on 2024-08-20
eslint-plugin-jsx-a11y
from 6.8.0 to 6.9.0 | 1 version ahead of your current version | 3 months ago
on 2024-06-20
eslint-plugin-react
from 7.34.1 to 7.35.0 | 4 versions ahead of your current version | 2 months ago
on 2024-07-20
react-bootstrap
from 2.10.2 to 2.10.4 | 2 versions ahead of your current version | 2 months ago
on 2024-06-30
react-icons
from 4.3.1 to 4.12.0 | 12 versions ahead of your current version | 10 months ago
on 2023-11-14
react-router-dom
from 6.23.0 to 6.26.1 | 16 versions ahead of your current version | a month ago
on 2024-08-15
spdx-license-ids
from 3.0.17 to 3.0.20 | 3 versions ahead of your current version | 23 days ago
on 2024-08-20

Issues fixed by the recommended upgrade:

Issue Score Exploit Maturity
high severity Uncontrolled resource consumption
SNYK-JS-BRACES-6838727
169 Proof of Concept
high severity Inefficient Regular Expression Complexity
SNYK-JS-MICROMATCH-6838728
169 No Known Exploit
Release notes
Package name: @types/node
  • 16.18.105 - 2024-08-09
  • 16.18.104 - 2024-07-23
  • 16.18.103 - 2024-07-18
  • 16.18.102 - 2024-07-16
  • 16.18.101 - 2024-06-20
  • 16.18.100 - 2024-06-19
  • 16.18.99 - 2024-06-17
  • 16.18.98 - 2024-06-03
  • 16.18.97 - 2024-05-06
  • 16.18.96 - 2024-04-09
from @types/node GitHub release notes
Package name: asciinema-player
  • 3.8.0 - 2024-06-15

    Notable changes:

    • added support for colons in SGR color sequences - fixes (asciinema/avt#9, #154, #231)
    • added support for auto/<theme-name> specification for theme option (see below)
    • added help overlay, triggered by "?" key
    • improved adaptive buffering algorithm in the websocket driver
    • improved rendering of block drawing characters
    • made text of the time display and marker tooltips bigger
    • made the control bar and markers use terminal theme's foreground and background colors
    • added tooltip for the fullscreen button
    • added "type": "module" to package.json to fix import error with some bundlers (thanks @ MaddyGuthridge)
    • fixed player element focus behavior when clicking on a marker dot or the playback toggle button

    https://www.npmjs.com/package/asciinema-player/v/3.8.0


    Recordings made with asciinema CLI 3.0 or later may embed original terminal theme, which is used by the player when available.

    Before this release the only way to let the player use the embedded theme automatically was not specifying the theme option when initializing the player. When the theme option was not used, the player favored the embedded theme, falling back to asciinema theme. There was no way to specify "use the original theme when available, fall back to monokai".

    This release adds the ability to specify the above wish as { theme: "auto/monokai" }. You can use any built-in theme, e.g. { theme: "auto/dracula" }, and the player will use Dracula theme if the original theme was not captured at the time of recording.

    To always use a specific theme regardless of the presence of the original theme in a recording file, use { theme: "<theme-name>" }, e.g. { theme: "dracula" }.

    Default value of the theme option (when one not specified) is now auto/asciinema.

  • 3.7.2-rc.7 - 2024-06-07
    No content.
  • 3.7.2-rc.6 - 2024-06-02
    No content.
  • 3.7.2-rc.5 - 2024-06-01
    No content.
  • 3.7.2-rc.4 - 2024-05-30
    No content.
  • 3.7.2-rc.3 - 2024-04-27
    No content.
  • 3.7.2-rc.2 - 2024-04-24
    No content.
  • 3.7.2-rc.1 - 2024-04-04
    No content.
  • 3.7.1 - 2024-03-24

    Notable changes:

    • greatly improved rendering (position, alignment, accuracy) of ascii drawing, block elements, braille patterns and Powerline triangle symbols
    • fixed alignment of double-width chars (such as CJK, emoji)
    • new adaptive algorithm for buffering in live (websocket) driver, ensuring smooth playback on high-latency or high-jitter network connections
    • minor rendering performance improvement via UI updates batching
    • improved visibility of play button's drop shadow for themes with light background
    • code refactorings and cleanup

    https://www.npmjs.com/package/asciinema-player/v/3.7.1

    Demo showing the improved rendering in general:

    asciicast

    Screenshots showing the fixes to the character alignment and positioning:

    image

    image

    image

    image

from asciinema-player GitHub release notes
Package name: dayjs from dayjs GitHub release notes
Package name: eslint-plugin-jsx-a11y
  • 6.9.0 - 2024-06-20

    Added

    • add support for Flat Config 6b5f096
    • no-noninteractive-element-to-interactive-role: allow menuitemradio and menuitemcheckbox on <li> c0733f9

    Fixed

    • img-redundant-alt: fixed multibyte character support #969
    • Revert "[Fix] isNonInteractiveElement: Upgrade aria-query to 5.3.0 and axobject-query to 3.2.1" 75d5dd7
    • ensure summary remains non-interactive 6a048da

    Changed

    • [meta] fix changelog links #960
    • [Robustness] use safe-regex-test 4c7e781
    • [actions] update actions/checkout 51a1ca7
    • [Deps] pin aria-query and axobject-query, add ls-engines test to CI 32fd82c
    • [Deps] remove @ babel/runtime 0a98ad8
    • [Deps] unpin axe-core b3559cf
    • [Deps] move object.entries to dev deps 1be7b70

    Full Changelog: v6.8.0...v6.9.0

  • 6.8.0 - 2023-11-01

    Full Changelog: v6.7.1...v6.8.0

from eslint-plugin-jsx-a11y GitHub release notes
Package name: eslint-plugin-react from eslint-plugin-react GitHub release notes
Package name: react-bootstrap from react-bootstrap GitHub release notes
Package name: react-icons

Snyk has created this PR to upgrade:
  - @types/node from 16.18.96 to 16.18.105.
    See this package in npm: https://www.npmjs.com/package/@types/node
  - asciinema-player from 3.7.1 to 3.8.0.
    See this package in npm: https://www.npmjs.com/package/asciinema-player
  - dayjs from 1.11.11 to 1.11.13.
    See this package in npm: https://www.npmjs.com/package/dayjs
  - eslint-plugin-jsx-a11y from 6.8.0 to 6.9.0.
    See this package in npm: https://www.npmjs.com/package/eslint-plugin-jsx-a11y
  - eslint-plugin-react from 7.34.1 to 7.35.0.
    See this package in npm: https://www.npmjs.com/package/eslint-plugin-react
  - react-bootstrap from 2.10.2 to 2.10.4.
    See this package in npm: https://www.npmjs.com/package/react-bootstrap
  - react-icons from 4.3.1 to 4.12.0.
    See this package in npm: https://www.npmjs.com/package/react-icons
  - react-router-dom from 6.23.0 to 6.26.1.
    See this package in npm: https://www.npmjs.com/package/react-router-dom
  - spdx-license-ids from 3.0.17 to 3.0.20.
    See this package in npm: https://www.npmjs.com/package/spdx-license-ids

See this project in Snyk:
https://app.snyk.io/org/patooworld/project/b68e2b89-2bcc-460b-95b0-0ea2b62ce916?utm_source=github&utm_medium=referral&page=upgrade-pr
Copy link

vercel bot commented Sep 12, 2024

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name Status Preview Comments Updated (UTC)
app ❌ Failed (Inspect) Sep 12, 2024 5:15pm
app-78uw ❌ Failed (Inspect) Sep 12, 2024 5:15pm
scoopinstaller-github-io ❌ Failed (Inspect) Sep 12, 2024 5:15pm

Copy link

cr-gpt bot commented Sep 12, 2024

Seems you are using me but didn't get OPENAI_API_KEY seted in Variables/Secrets for this repo. you could follow readme for more information

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants