Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Upgrade: markdown-it-deflist, markdown-it-table-of-contents, mathjax, mathjax-full, zustand #33

Open
wants to merge 1 commit into
base: develop
Choose a base branch
from
Open

[Snyk] Upgrade: markdown-it-deflist, markdown-it-table-of-contents, mathjax, mathjax-full, zustand #33

wants to merge 1 commit into from

Conversation

X-oss-byte
Copy link
Owner

snyk-top-banner

Snyk has created this PR to upgrade multiple dependencies.

👯‍♂ The following dependencies are linked and will therefore be updated together.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

Name Versions Released on

markdown-it-deflist
from 2.0.3 to 2.1.0 | 1 version ahead of your current version | 4 years ago
on 2020-09-10
markdown-it-table-of-contents
from 0.4.4 to 0.6.0 | 4 versions ahead of your current version | 3 years ago
on 2021-11-12
mathjax
from 3.0.1 to 3.2.2 | 10 versions ahead of your current version | 2 years ago
on 2022-06-08
mathjax-full
from 3.0.1 to 3.2.2 | 12 versions ahead of your current version | 2 years ago
on 2022-06-08
zustand
from 4.3.9 to 4.5.5 | 14 versions ahead of your current version | a month ago
on 2024-08-15

Release notes
Package name: markdown-it-deflist from markdown-it-deflist GitHub release notes
Package name: markdown-it-table-of-contents
  • 0.6.0 - 2021-11-12

    The TOC generator was rewritten, because the old on-the-fly generator couldn't deal with unexpected order of headings and double-indentations. It is now a three-step process:

    1. Gather all headings in a list.
    2. Turn that list into a nested tree.
    3. Generate HTML code based on the nested tree.

    Although all tests pass, this release could introduce some breaking changes for you, if you relied on the old way of doing things. Check the test cases to get a better understanding how this plugin handles various cases.

    • Added: Support for markdown-it-attrs (fixes #54)
    • Changed: Respects unexpected nesting order (fixes #55)
    • Changed: Uses anchor targets from existing id attributes (for example, set by markdown-it-attrs or markdown-it-anchor)
    • Changed: Now nests list correctly if there is a jump (for example: h2, h2, h4 -> h4 is now double-indented)
    • Removed: unused tests
  • 0.5.2 - 2021-01-27

    Better handling of content "other than text" in headers. I.e links.

  • 0.5.1 - 2020-11-23
    • Exposes link to formatting function
    • Adheres to platform EOL in tests
    • Security patch
  • 0.5.0 - 2020-11-21
    • Code updated to use ES5 syntax for easier in-browser use
    • Updates the existing format option to render markdown by default
    • Removes support for forceFullToc option (potentially BREAKING)

    For background see #41

  • 0.4.4 - 2019-04-11

    Adds an optional function for transforming the links created in the TOC.

from markdown-it-table-of-contents GitHub release notes
Package name: mathjax
  • 3.2.2 - 2022-06-08

    This is a hot-fix release that resolves three issues introduced in v3.2.1. See the release notes for details.

  • 3.2.1 - 2022-05-19

    This is a bug fix release that resolves more than 40 issues, and includes significant updates to the speech-rule engine that handles MathJax's assistive technology. See the release notes for details.

  • 3.2.0 - 2021-06-17

    This is a feature release that includes a new lazy-typesetting extension, nine new TeX extensions, a port of the v2 MML3 extension, new Hindi support in the expression explorer, along with several other improvements, and a number of bug fixes. See the release notes for details.

  • 3.1.4 - 2021-04-23

    This is a hot fix release to fix two problems with the recent 3.1.3 version. See the release notes for details.

  • 3.1.3 - 2021-04-22

    This is a bug fix release that resolves more than 70 issues, and updates a number of modules on which MathJax relies. See the release notes for details.

  • 3.1.2 - 2020-09-12
  • 3.1.1 - 2020-09-12
  • 3.1.0 - 2020-08-25
  • 3.0.5 - 2020-04-10
  • 3.0.4 - 2020-04-08
  • 3.0.1 - 2020-02-07
from mathjax GitHub release notes
Package name: mathjax-full
  • 3.2.2 - 2022-06-08

    This is a hot-fix release to correct three issues in the recent 3.2.1 release. These are listed below:

    • Prevent lazy typesetting from re-typeset expressions unnecessarily, which can cause duplicate-label error messages in the output, and degrade performance. (mathjax/MathJax#2873)

    • Improve method for obtaining the <math> element from mml3 conversion, allowing it to work better in an XHTML setting. (mathjax/MathJax#2879)

    • Make version.ts use a constant and create the file during the build process rather than dynamically determining the version. This allows easier packaging of MathJax into other applications. (#824)

  • 3.2.1 - 2022-05-19

    This is mostly a bug-fix release, resolving various display and input bugs and other issues. See the individual bugs linked below for more details, and the 3.2.1 milestone for the pull requests involved in this release.

    New Features in this Release

    Speech-Rule Engine

    MathJax now integrates version 4 of Speech Rule Engine (SRE). (#800)

    • SRE v4 is a full port to ES6 using TypeScript providing transpiled JavaScript for easier integration into third party projects via its npm package.
    • Uses webpack as the primary bundler to offer a single bundle file for both node and browser.
    • Major rewrite of rule handling and provision of locales.
      • Smaller locale files and memory footprint in the index structure.
      • Hierarchical locale setup that allows inheritance within rule sets.
      • Uses ES6 promises to handle locale loading and engine setup.
    • A number of new locales for Swedish, Norwegian (Bokmal and Nynorks), Danish (MathSpeak only), and Catalan (MathSpeak only)
    • Locale files are now served with a .json extension. (mathjax/MathJax#2403)

    For more details and a full list of all changes and additions see the SRE release notes.

    MathJax makes use of SRE v4 new features in the following ways:

    • Source integration
      • Integrates SRE directly via importing the relevant library files into its code and webpacks them into its components and bundles.
      • Replaces the timeout-driven SRE loading promise with SRE's new native promises.
      • The sre.ts module now imports and exports exclusively API methods necessary for SRE's use in MathJax
      • A new mathmaps.ts module provides a map for directly integrating and bundling locales (see more below).
    • Components integration
      • The sre component under components/src/sre now simply handles copying the locale files in the mathmaps directory.
      • The a11y/sre component under components/src/sre contains a configuration file sre_config.js that sets up the basic SRE configuration for MathJax, especially the correct path to the mathmaps folder (online or in the npm distribution).
      • Components can webpack SRE's locale files into bundles. See the components/src/tex-chtml-full-speech component as an example.
    • MathJax Configuration
      • The sre path in MathJax is now used exclusively for pointing to a directory containing the locale files.

    Most of these changes are internal and should remain unnoticeable. However, there are a couple of points to note when using SRE via MathJax:

    • Previously, MathJax would load SRE as a single library file, but now webpacks its source files, which, as a side-effect, closes several convenient loopholes you could have exploited in the past:
      • OLD: SRE's functionality was available to a developer as if running SRE standalone. That is, in both node and browser, all of SRE's API methods where available in the SRE namespace, and additionally, the full functionality was reachable in the browser through the sre namespace.
        NEW: Now only the explicitly exported API methods are available to import via the a11y/sre component.
        * OLD: You could easily change the version of SRE MathJax would use by:
        1. In the browser, pointing to an alternative copy of sre_browser.js using the sre path in the MathJax configuration, and
        2. In node, replacing the speech-rule-engine package with a different version in the node_modules folder.
          NEW: This is no longer possible.
    • The sreReady method is still exported but deprecated. In the future, you should use the corresponding method in the API bundle Sre.sreReady().
    • By default SRE comes without rules (or locales) preloaded, and pulls those in only when necessary. That is, it loads the relevant .json files via XML-HTTP-request in the browser, or via file loading in the node module. However, it is now possible to pre-bundle (some) locales directly into a custom distribution using webpack, which is particularly useful if you want to run MathJax offline while still using the full power of is assistive technology extension. See the tex-chtml-full-speech component as an example.

    Output Improvements

    • Properly handle border and padding CSS in CHTML and SVG output. (#799)

    Lazy Typesetting

    • Have lazy typesetter typeset all remaining math before printing. (#777)
    • Have lazy typesetting specify a (configurable) distance around the viewport for triggering typesetting. (#777)
    • Allow containers to be marked so that they are always typeset by the lazy typesetter. (#777)

    Bugs Addressed in this Release

    Output Bug Fixes

    • Update svg output to properly handle token elements with multiple child nodes. (mathjax/MathJax#2836)

    • Include CSS to reset border-collapse in CHTML output. (mathjax/MathJax#2861)

    • Prevent CHTML adaptive CSS from adding character CSS multiple times. (#796)

    • Make sure all character data is included when adaptiveCSS is false. (mathjax/MathJax#2724)

    • Place super- and subscripts properly around \vcenter elements. (#787)

    • Add a minimum height for accented characters. (mathjax/MathJax#2766)

    • Take relative scaling into account for CHTML output of non-MathJax fonts. (mathjax/MathJax#2818)

    • Fix placement of surd when root extends above the top of the root. (mathjax/MathJax#2764)

    • Fix problem with msubsup when subscript is blank (mathjax/MathJax#2765)

    TeX Input Fixes

    MathML Input Fixes

    • Fix problems with verification and repair of malformed mtables. (#779)

    • Add support for mglyph use of fontfamily/index. (mathjax/MathJax#2298)

    • Trim MathML string before parsing it. (mathjax/MathJax#2805)

    • Only process MJX-TeXAtom classes on mrow elements. (mathjax/MathJax#2822)

    • Move mml3 filter to an mmlFilter so that forceReparse isn't needed. (mathjax/MathJax#2718)

    • Make U+2061 through U+2064 have TeX class NONE so they don't affect spacing. (#806)

    Miscenaleous

    • Handle documents better when created by parsing in XHTML. (mathjax/MathJax#2788)

    • Add version numbers to component files and check them when loaded. (#738)

    • Fix problem where some menu settings weren't sticky (mathjax/MathJax#2786)

    • Add a linkedom adaptor (mathjax/MathJax#2833)

    • Refactor usage of all-packages to reduce redundant code in components. (#784)

    • Make variables local in legacy AsciiMath code. (mathjax/MathJax#2748)

    • Make safe extension properly handle scriptlevel of 0. (mathjax/MathJax#2745)

    • Update webpack files for empheq and cases. (mathjax/MathJax#2762)

    • Update build tools to work with extensions better. (#737)

    • Add defaultPageReady() to MathJaxObject interface. (#746)

  • 3.2.0 - 2021-06-17
  • 3.1.4 - 2021-04-23
  • 3.1.3 - 2021-04-22
  • 3.1.2 - 2020-09-12
  • 3.1.1 - 2020-09-12
  • 3.1.0 - 2020-08-25
  • 3.0.5 - 2020-04-10
  • 3.0.4 - 2020-04-08
  • 3.0.3 - 2020-04-08
  • 3.0.2 - 2020-04-08
  • 3.0.1 - 2020-02-07
from mathjax-full GitHub release notes
Package name: zustand from zustand GitHub release notes

Important

  • Check the changes in this PR to ensure they won't cause issues with your project.
  • This PR was automatically created by Snyk using the credentials of a real user.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

@snyk-bot
fix: upgrade multiple dependencies with Snyk
2c3c2e0 
Snyk has created this PR to upgrade:
  - markdown-it-deflist from 2.0.3 to 2.1.0.
    See this package in npm: https://www.npmjs.com/package/markdown-it-deflist
  - markdown-it-table-of-contents from 0.4.4 to 0.6.0.
    See this package in npm: https://www.npmjs.com/package/markdown-it-table-of-contents
  - mathjax from 3.0.1 to 3.2.2.
    See this package in npm: https://www.npmjs.com/package/mathjax
  - mathjax-full from 3.0.1 to 3.2.2.
    See this package in npm: https://www.npmjs.com/package/mathjax-full
  - zustand from 4.3.9 to 4.5.5.
    See this package in npm: https://www.npmjs.com/package/zustand

See this project in Snyk:
https://app.snyk.io/org/sammytezzy/project/966f2c8d-e98f-4366-9980-1b3b4b9e9513?utm_source=github&utm_medium=referral&page=upgrade-pr
@stackblitz StackBlitz
Copy link

stackblitz bot commented Sep 10, 2024

Review PR in StackBlitz Codeflow Run & review this pull request in StackBlitz Codeflow.

@changeset-bot changeset-bot
Copy link

changeset-bot bot commented Sep 10, 2024

⚠️ No Changeset found

Latest commit: 2c3c2e0

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

sourcery-ai[bot]
sourcery-ai bot reviewed Sep 10, 2024
View reviewed changes
Copy link

@sourcery-ai sourcery-ai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We have skipped reviewing this pull request. Here's why:

  • It seems to have been created by a bot ('[Snyk]' found in title). We assume it knows what it's doing!
  • We don't review packaging changes - Let us know if you'd like us to change this.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sourcery-ai Sourcery AI sourcery-ai left review comments

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
2 participants
@X-oss-byte @snyk-bot