Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Snyk] Upgrade: , i18next, markdown-to-jsx #706

Closed
wants to merge 1 commit into from

Conversation

will0684
Copy link
Member

snyk-top-banner

Snyk has created this PR to upgrade multiple dependencies.

👯‍♂ The following dependencies are linked and will therefore be updated together.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

Name Versions Released on

@tanstack/react-query
from 5.51.23 to 5.51.24 | 1 version ahead of your current version | 22 days ago
on 2024-08-19
i18next
from 23.13.0 to 23.14.0 | 1 version ahead of your current version | 22 days ago
on 2024-08-19
markdown-to-jsx
from 7.4.7 to 7.5.0 | 1 version ahead of your current version | 23 days ago
on 2024-08-18

Release notes
Package name: @tanstack/react-query from @tanstack/react-query GitHub release notes
Package name: i18next
  • 23.14.0 - 2024-08-19
    • If backend errors with retry flag, set internal state to 0, so reloadingResources should work 147
  • 23.13.0 - 2024-08-16
    • Cache output of getRule to optimize performance 2226
from i18next GitHub release notes
Package name: markdown-to-jsx
  • 7.5.0 - 2024-08-18

    Minor Changes

    • 62a16f3: Allow modifying HTML attribute sanitization when options.sanitizer is passed by the composer.

      By default a lightweight URL sanitizer function is provided to avoid common attack vectors that might be placed into the href of an anchor tag, for example. The sanitizer receives the input, the HTML tag being targeted, and the attribute name. The original function is available as a library export called sanitizer.

      This can be overridden and replaced with a custom sanitizer if desired via options.sanitizer:

      foo', {
      sanitizer: (value, tag, attribute) => value,
      })">
      // sanitizer in this situation would receive:
      // ('javascript:alert("foo")', 'a', 'href')

      <Markdown options={{ sanitizer: (value, tag, attribute) => value }}>
      {[foo](javascript:alert("foo"))}
      </Markdown>

      // or

      compiler('foo', {
      sanitizer: (value, tag, attribute) => value,
      })

    Patch Changes

    • 553a175: Replace RuleType enum with an object
  • 7.4.7 - 2024-04-13

    Patch Changes

    • 7603248: Fix parsing isolation of individual table cells.
    • f9328cc: Improved block html detection regex to handle certain edge cases that cause extreme slowness. Thank you @ devbrains-com for the basis for this fix 🤝
from markdown-to-jsx GitHub release notes

Important

  • Check the changes in this PR to ensure they won't cause issues with your project.
  • This PR was automatically created by Snyk using the credentials of a real user.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

Snyk has created this PR to upgrade:
  - @tanstack/react-query from 5.51.23 to 5.51.24.
    See this package in npm: https://www.npmjs.com/package/@tanstack/react-query
  - i18next from 23.13.0 to 23.14.0.
    See this package in npm: https://www.npmjs.com/package/i18next
  - markdown-to-jsx from 7.4.7 to 7.5.0.
    See this package in npm: https://www.npmjs.com/package/markdown-to-jsx

See this project in Snyk:
https://app.snyk.io/org/p0nder0sa/project/07a6ccc2-f67f-412b-96dd-48a12d46c46a?utm_source=github&utm_medium=referral&page=upgrade-pr
@gregory-j-baker gregory-j-baker deleted the snyk-upgrade-9e7186ac20cd1e3ee688f5eb5ddb92c3 branch September 23, 2024 10:53
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants