profile
viewpoint
Jake Champion JakeChampion @Financial-Times London http://jakechampion.name

github/fetch 25102

A window.fetch JavaScript polyfill.

alexwilson/enable-github-automerge-action 11

Speed up your workflows by automatically enabling Auto-Merge in your Github pull-requests, so you can release when ready.

Financial-Times/scroll-tracker 1

JS module for scroll tracking

JakeChampion/accessible-autocomplete 1

An autocomplete component, built to be accessible.

cwhite92/Plymouth-Entrepreneurs-Society 0

Networking website for the Plymouth Entrepreneurs Society

cwhite92/Weather-App 0

Android weather application built for the SOFT233 module.

Financial-Times/origami-usage 0

Display usage metrics about Origami components on Financial Times Group websites

issue commentfastly/js-compute-runtime

Throw error exit code for failed compilation

@williamoverton I've now confirmed this bug and found the fix for it 👍

The bug lies within the JavaScript package which unfortunately looks to not be open source. The package creates a child-process for js-compute-runtime but doesn't reflect the exit code of the child process onto the parent process.

The fix for this would be to capture the child-process result object on line 53 of @fastly/js-compute/js-compute-runtime-cli.js and apply the status as the process.exitCode, the diff below shows the change required.

-spawnSync(binaryPath, process.argv.slice(2), {
+const result = spawnSync(binaryPath, process.argv.slice(2), {
  stdio: "inherit",
});
-
+process.exitCode = result.status;
console.log(" ");
williamoverton

comment created time in 2 days

Pull request review commentFinancial-Times/polyfill-library

fix(android): incorrect versions for many features

 notes = [ ] repo = "https://github.com/w3c/IntersectionObserver"  [browsers]-edge = "15"-edge_mob = "15"+android = "<51"+bb = "*"+chrome = "< 51"+edge = "< 16"+edge_mob = "< 16"+firefox = "< 55"+firefox_mob = "< 55"+ie = "*"+ie_mob = "*"+ios_saf = "*"+op_mini = "*"+op_mob = "< 46"+opera = "< 45"+safari = "< 12.1"+samsung_mob = "< 7"

This is not required. This polyfill is specifically for edge 15 as it shipped a native intersection observer implementation but had a buggy intersection observer entry implementation

cdaringe

comment created time in 3 days

PullRequestReviewEvent

Pull request review commentFinancial-Times/polyfill-library

fix(android): incorrect versions for many features

 firefox = "< 55" firefox_mob = "< 55" ie = "*" ie_mob = "*"-ios_saf = "*"+ios_saf = "< 12.2"

We serve this to all versions because ios sometimes disables the feature, could you change this back to *

cdaringe

comment created time in 3 days

PullRequestReviewEvent

issue commentFinancial-Times/polyfill-library

String.prototype.trim incorrect safari version range

Hi, this is due to the fact the version of unicode used in ecmascript was updated and changed what was defined as whitespace - that whitespace definition is used in string.prototypr.trim, which meant older browsers had a spec non compliant implementation, which is why we polyfill those versions.

This is the commit which updated the spec https://github.com/tc39/ecma262/pull/300

cdaringe

comment created time in 3 days

issue commenttc39/proposal-set-methods

Question: Should Set.prototype.isSubsetOf accepts string literals?

For the implementation in SpiderMonkey I've gone with what is currently written in the spec proposal

I'll update the implementation with whatever is decided in this issue 👍

JakeChampion

comment created time in 6 days

startedphoboslab/qoi

started time in 7 days

startedegoist/dum

started time in 7 days

issue commentfastly/js-compute-runtime

Throw error exit code for failed compilation

@williamoverton - do you know what version of js-compute-runtime this error occurred on?

I tried to replicate this but unfortunately could not, the exit code I have is 255

❯ js-compute-runtime --skip-pkg src/index.js index.wasm
Exception while evaluating JS: (new ReferenceError("spaghetti is not defined", "<stdin>", 1))
  @<stdin>:1:1

Error: failed to initialize JS

Caused by:
    0: the `wizer.initialize` function trapped
    1: Exited with i32 exit status 1
       wasm backtrace:
           0: 0x3d61d5 - <unknown>!<wasm function 6078>
           1: 0x3d7d0c - <unknown>!<wasm function 6088>
           2: 0x402ec - <unknown>!<wasm function 263>
           3: 0x3ffb2 - <unknown>!<wasm function 261>
           4: 0x407a7 - <unknown>!<wasm function 266>

Wizer failed with status: exit status: 1
❯ echo $?
255
williamoverton

comment created time in 8 days

issue commentFinancial-Times/polyfill-library

Problems with Reflect.getPrototypeOf polyfill

Hi can you please post the full user agent for the browser you saw the issue with and also the full polfill.io URL or full polyfill list given to polyfill-library - with that information we should hopefully be able to help

TomazicM

comment created time in 8 days

Pull request review commentFinancial-Times/o-ads

Fixes dart-sass divisor deprecation warning

 $ad-max-responsive-width: 1440px; 	&:before { 		content: 'Advertisement'; 		padding: $padding 0 ($padding - 5px);-		margin-top: $padding / 2;+		margin-top: math.div($padding, 2);

This won't work for anyone using either libsass, node-sass or dart-sass versions older version 1.33.0

If we want to support those sass compilers then we will need to do something a bit more involved, similar to this solution

aendrew

comment created time in 10 days

PullRequestReviewEvent

delete branch Financial-Times/js-features-analyser

delete branch : snyk-upgrade-65a99cbd70b6594e0b24d6fe5a0dedcf

delete time in 10 days

PR closed Financial-Times/js-features-analyser

[Snyk] Upgrade @babel/core from 7.13.14 to 7.16.0 cli

<h3>Snyk has created this PR to upgrade @babel/core from 7.13.14 to 7.16.0.</h3>

:information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project. <hr/>

  • The recommended version is 13 versions ahead of your current version.
  • The recommended version was released a month ago, on 2021-10-29.

The recommended version fixes:

Severity Issue PriorityScore (*) Exploit Maturity
<img src="https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png" width="20" height="20" title="high severity"/> Command Injection<br/> SNYK-JS-LODASH-1040724 467/1000 <br/> Why? Proof of Concept exploit, CVSS 7.2 Proof of Concept
<img src="https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/m.png" width="20" height="20" title="medium severity"/> Regular Expression Denial of Service (ReDoS)<br/> SNYK-JS-LODASH-1018905 467/1000 <br/> Why? Proof of Concept exploit, CVSS 7.2 Proof of Concept
<img src="https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/m.png" width="20" height="20" title="medium severity"/> Regular Expression Denial of Service (ReDoS)<br/> SNYK-JS-BROWSERSLIST-1090194 467/1000 <br/> Why? Proof of Concept exploit, CVSS 7.2 Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

<details> <summary><b>Release notes</b></summary> <br/> <details> <summary>Package name: <b>@babel/core</b></summary> <ul> <li> <b>7.16.0</b> - <a href="https://snyk.io/redirect/github/babel/babel/releases/tag/v7.16.0">2021-10-29</a></br><h2>v7.16.0 (2021-10-30)</h2> <h4><g-emoji class="g-emoji" alias="eyeglasses" fallback-src="https://github.githubassets.com/images/icons/emoji/unicode/1f453.png">👓</g-emoji> Spec Compliance</h4> <ul> <li><code>babel-helpers</code>, <code>babel-plugin-proposal-async-generator-functions</code>, <code>babel-runtime-corejs2</code>, <code>babel-runtime-corejs3</code>, <code>babel-runtime</code> <ul> <li><a href="https://snyk.io/redirect/github/babel/babel/pull/13824" data-hovercard-type="pull_request" data-hovercard-url="/babel/babel/pull/13824/hovercard">#13824</a> Await promises from sync iterators with <code>for-await</code> (<a href="https://snyk.io/redirect/github/nicolo-ribaudo">@ nicolo-ribaudo</a>)</li> </ul> </li> </ul> <h4><g-emoji class="g-emoji" alias="rocket" fallback-src="https://github.githubassets.com/images/icons/emoji/unicode/1f680.png">🚀</g-emoji> New Feature</h4> <ul> <li><code>babel-generator</code>, <code>babel-parser</code>, <code>babel-plugin-transform-typescript</code>, <code>babel-types</code> <ul> <li><a href="https://snyk.io/redirect/github/babel/babel/pull/13802" data-hovercard-type="pull_request" data-hovercard-url="/babel/babel/pull/13802/hovercard">#13802</a> Support TypeScript 4.5 type-only import/export specifiers (<a href="https://snyk.io/redirect/github/sosukesuzuki">@ sosukesuzuki</a>)</li> </ul> </li> <li><code>babel-parser</code> <ul> <li><a href="https://snyk.io/redirect/github/babel/babel/pull/13887" data-hovercard-type="pull_request" data-hovercard-url="/babel/babel/pull/13887/hovercard">#13887</a> feat: support <code>startColumn</code> option (<a href="https://snyk.io/redirect/github/JLHwung">@ JLHwung</a>)</li> </ul> </li> <li><code>babel-helper-fixtures</code>, <code>babel-helper-transform-fixture-test-runner</code>, <code>babel-parser</code>, <code>babel-plugin-syntax-typescript</code>, <code>babel-preset-typescript</code> <ul> <li><a href="https://snyk.io/redirect/github/babel/babel/pull/13838" data-hovercard-type="pull_request" data-hovercard-url="/babel/babel/pull/13838/hovercard">#13838</a> Handle <code>.mts</code> and <code>.cts</code> files in <code>@ babel/preset-typescript</code> (<a href="https://snyk.io/redirect/github/nicolo-ribaudo">@ nicolo-ribaudo</a>)</li> </ul> </li> <li>Other <ul> <li><a href="https://snyk.io/redirect/github/babel/babel/pull/13782" data-hovercard-type="pull_request" data-hovercard-url="/babel/babel/pull/13782/hovercard">#13782</a> Add ESLint 8 support to <code>@ babel/eslint-parser</code> (<a href="https://snyk.io/redirect/github/nicolo-ribaudo">@ nicolo-ribaudo</a>)</li> </ul> </li> <li><code>babel-generator</code>, <code>babel-parser</code>, <code>babel-plugin-proposal-pipeline-operator</code>, <code>babel-plugin-syntax-pipeline-operator</code> <ul> <li><a href="https://snyk.io/redirect/github/babel/babel/pull/13749" data-hovercard-type="pull_request" data-hovercard-url="/babel/babel/pull/13749/hovercard">#13749</a> Caret topic (pipe operator) (<a href="https://snyk.io/redirect/github/js-choi">@ js-choi</a>)</li> </ul> </li> <li><code>babel-compat-data</code>, <code>babel-generator</code>, <code>babel-parser</code>, <code>babel-preset-env</code>, <code>babel-types</code> <ul> <li><a href="https://snyk.io/redirect/github/babel/babel/pull/13713" data-hovercard-type="pull_request" data-hovercard-url="/babel/babel/pull/13713/hovercard">#13713</a> Enable class static blocks by default (<a href="https://snyk.io/redirect/github/sosukesuzuki">@ sosukesuzuki</a>)</li> </ul> </li> <li><code>babel-helper-skip-transparent-expression-wrappers</code>, <code>babel-plugin-proposal-optional-chaining</code> <ul> <li><a href="https://snyk.io/redirect/github/babel/babel/pull/13687" data-hovercard-type="pull_request" data-hovercard-url="/babel/babel/pull/13687/hovercard">#13687</a> add <code>skipTransparentExprWrapperNodes</code> helper (<a href="https://snyk.io/redirect/github/lightmare">@ lightmare</a>)</li> </ul> </li> <li><code>babel-traverse</code>, <code>babel-types</code> <ul> <li><a href="https://snyk.io/redirect/github/babel/babel/pull/13666" data-hovercard-type="pull_request" data-hovercard-url="/babel/babel/pull/13666/hovercard">#13666</a> Add aliases for Standardized, TypeScript, and Flow (<a href="https://snyk.io/redirect/github/jridgewell">@ jridgewell</a>)</li> </ul> </li> </ul> <h4><g-emoji class="g-emoji" alias="bug" fallback-src="https://github.githubassets.com/images/icons/emoji/unicode/1f41b.png">🐛</g-emoji> Bug Fix</h4> <ul> <li><code>babel-parser</code>, <code>babel-plugin-transform-typescript</code> <ul> <li><a href="https://snyk.io/redirect/github/babel/babel/pull/13876" data-hovercard-type="pull_request" data-hovercard-url="/babel/babel/pull/13876/hovercard">#13876</a> [ts] Support private methods overloads (<a href="https://snyk.io/redirect/github/nicolo-ribaudo">@ nicolo-ribaudo</a>)</li> </ul> </li> <li><code>babel-plugin-transform-typescript</code> <ul> <li><a href="https://snyk.io/redirect/github/babel/babel/pull/13865" data-hovercard-type="pull_request" data-hovercard-url="/babel/babel/pull/13865/hovercard">#13865</a> fix: allow enum member without initializer after non-literal member (<a href="https://snyk.io/redirect/github/lightmare">@ lightmare</a>)</li> </ul> </li> <li><code>babel-core</code>, <code>babel-helper-create-class-features-plugin</code>, <code>babel-plugin-transform-typescript</code> <ul> <li><a href="https://snyk.io/redirect/github/babel/babel/pull/13854" data-hovercard-type="pull_request" data-hovercard-url="/babel/babel/pull/13854/hovercard">#13854</a> Don't transform <code>declare class</code> in plugin-proposal-class-properties (<a href="https://snyk.io/redirect/github/forivall">@ forivall</a>)</li> </ul> </li> <li><code>babel-compat-data</code>, <code>babel-plugin-bugfix-safari-id-destructuring-collision-in-function-expression</code>, <code>babel-plugin-bugfix-v8-spread-parameters-in-optional-chaining</code>, <code>babel-plugin-transform-react-constant-elements</code>, <code>babel-preset-env</code>, <code>babel-traverse</code> <ul> <li><a href="https://snyk.io/redirect/github/babel/babel/pull/13842" data-hovercard-type="pull_request" data-hovercard-url="/babel/babel/pull/13842/hovercard">#13842</a> Implement @ babel/plugin-bugfix-safari-id-destructuring-collision-in-function-expression (<a href="https://snyk.io/redirect/github/JLHwung">@ JLHwung</a>)</li> </ul> </li> <li><code>babel-plugin-proposal-async-generator-functions</code>, <code>babel-traverse</code> <ul> <li><a href="https://snyk.io/redirect/github/babel/babel/pull/13813" data-hovercard-type="pull_request" data-hovercard-url="/babel/babel/pull/13813/hovercard">#13813</a> Restore traversal context after enter / traverse (<a href="https://snyk.io/redirect/github/JLHwung">@ JLHwung</a>)</li> </ul> </li> <li><code>babel-traverse</code>, <code>babel-types</code> <ul> <li><a href="https://snyk.io/redirect/github/babel/babel/pull/13832" data-hovercard-type="pull_request" data-hovercard-url="/babel/babel/pull/13832/hovercard">#13832</a> Mark static block as FunctionParent (<a href="https://snyk.io/redirect/github/JLHwung">@ JLHwung</a>)</li> </ul> </li> <li><code>babel-generator</code> <ul> <li><a href="https://snyk.io/redirect/github/babel/babel/pull/13825" data-hovercard-type="pull_request" data-hovercard-url="/babel/babel/pull/13825/hovercard">#13825</a> Fix missing inner comments in function expressions (<a href="https://snyk.io/redirect/github/overlookmotel">@ overlookmotel</a>)</li> </ul> </li> </ul> <h4><g-emoji class="g-emoji" alias="house" fallback-src="https://github.githubassets.com/images/icons/emoji/unicode/1f3e0.png">🏠</g-emoji> Internal</h4> <ul> <li><em>Every package</em> <ul> <li><a href="https://snyk.io/redirect/github/babel/babel/pull/13772" data-hovercard-type="pull_request" data-hovercard-url="/babel/babel/pull/13772/hovercard">#13772</a> Use <code>workspace:^</code> to specify <code>@ babel/</code> dependencies (<a href="https://snyk.io/redirect/github/nicolo-ribaudo">@ nicolo-ribaudo</a>)</li> </ul> </li> <li>Other <ul> <li><a href="https://snyk.io/redirect/github/babel/babel/pull/13856" data-hovercard-type="pull_request" data-hovercard-url="/babel/babel/pull/13856/hovercard">#13856</a> Update to Yarn 3.1 (<a href="https://snyk.io/redirect/github/nicolo-ribaudo">@ nicolo-ribaudo</a>)</li> <li><a href="https://snyk.io/redirect/github/babel/babel/pull/13867" data-hovercard-type="pull_request" data-hovercard-url="/babel/babel/pull/13867/hovercard">#13867</a> Test on Node.js 17 (<a href="https://snyk.io/redirect/github/nicolo-ribaudo">@ nicolo-ribaudo</a>)</li> </ul> </li> <li><code>babel-helper-fixtures</code>, <code>babel-plugin-proposal-class-properties</code>, <code>babel-plugin-transform-runtime</code>, <code>babel-preset-react</code> <ul> <li><a href="https://snyk.io/redirect/github/babel/babel/pull/13858" data-hovercard-type="pull_request" data-hovercard-url="/babel/babel/pull/13858/hovercard">#13858</a> Force loading plugins/presets from the monorepo in tests (<a href="https://snyk.io/redirect/github/nicolo-ribaudo">@ nicolo-ribaudo</a>)</li> </ul> </li> <li><code>babel-types</code> <ul> <li><a href="https://snyk.io/redirect/github/babel/babel/pull/13844" data-hovercard-type="pull_request" data-hovercard-url="/babel/babel/pull/13844/hovercard">#13844</a> [ts] precise return type on <code>createTypeAnnotationBasedOnTypeof</code> (babel-types) (<a href="https://snyk.io/redirect/github/lightmare">@ lightmare</a>)</li> </ul> </li> <li><code>babel-helpers</code> <ul> <li><a href="https://snyk.io/redirect/github/babel/babel/pull/13841" data-hovercard-type="pull_request" data-hovercard-url="/babel/babel/pull/13841/hovercard">#13841</a> minor: remove ineffectual helper names filter (<a href="https://snyk.io/redirect/github/lightmare">@ lightmare</a>)</li> </ul> </li> <li><code>babel-core</code>, <code>babel-plugin-transform-react-jsx-development</code>, <code>babel-plugin-transform-react-jsx</code>, <code>babel-types</code> <ul> <li><a href="https://snyk.io/redirect/github/babel/babel/pull/13820" data-hovercard-type="pull_request" data-hovercard-url="/babel/babel/pull/13820/hovercard">#13820</a> Improve transform-react-jsx typings (<a href="https://snyk.io/redirect/github/JLHwung">@ JLHwung</a>)</li> </ul> </li> </ul> <h4><g-emoji class="g-emoji" alias="running_woman" fallback-src="https://github.githubassets.com/images/icons/emoji/unicode/1f3c3-2640.png">🏃‍♀️</g-emoji> Performance</h4> <ul> <li><code>babel-types</code> <ul> <li><a href="https://snyk.io/redirect/github/babel/babel/pull/13843" data-hovercard-type="pull_request" data-hovercard-url="/babel/babel/pull/13843/hovercard">#13843</a> Simplify (transpiled) babel-types builder wrappers (<a href="https://snyk.io/redirect/github/lightmare">@ lightmare</a>)</li> </ul> </li> </ul> <h4>Committers: 9</h4> <ul> <li>Babel Bot (<a href="https://snyk.io/redirect/github/babel-bot">@ babel-bot</a>)</li> <li>Emily Marigold Klassen (<a href="https://snyk.io/redirect/github/forivall">@ forivall</a>)</li> <li>Huáng Jùnliàng (<a href="https://snyk.io/redirect/github/JLHwung">@ JLHwung</a>)</li> <li>J. S. Choi (<a href="https://snyk.io/redirect/github/js-choi">@ js-choi</a>)</li> <li>Justin Ridgewell (<a href="https://snyk.io/redirect/github/jridgewell">@ jridgewell</a>)</li> <li>Mickey Rose (<a href="https://snyk.io/redirect/github/lightmare">@ lightmare</a>)</li> <li>Nicolò Ribaudo (<a href="https://snyk.io/redirect/github/nicolo-ribaudo">@ nicolo-ribaudo</a>)</li> <li>Sosuke Suzuki (<a href="https://snyk.io/redirect/github/sosukesuzuki">@ sosukesuzuki</a>)</li> <li><a href="https://snyk.io/redirect/github/overlookmotel">@ overlookmotel</a></li> </ul> </li> <li> <b>7.15.8</b> - <a href="https://snyk.io/redirect/github/babel/babel/releases/tag/v7.15.8">2021-10-06</a></br><h2>v7.15.8 (2021-10-06)</h2> <p>Thanks <a class="user-mention" data-hovercard-type="user" data-hovercard-url="/users/julienw/hovercard" data-octo-click="hovercard-link-click" data-octo-dimensions="link_type:self" href="https://snyk.io/redirect/github/julienw">@ julienw</a>, <a class="user-mention" data-hovercard-type="user" data-hovercard-url="/users/NotWearingPants/hovercard" data-octo-click="hovercard-link-click" data-octo-dimensions="link_type:self" href="https://snyk.io/redirect/github/NotWearingPants">@ NotWearingPants</a> and <a class="user-mention" data-hovercard-type="user" data-hovercard-url="/users/shoonia/hovercard" data-octo-click="hovercard-link-click" data-octo-dimensions="link_type:self" href="https://snyk.io/redirect/github/shoonia">@ shoonia</a> for your first PRs!</p> <h4><g-emoji class="g-emoji" alias="eyeglasses" fallback-src="https://github.githubassets.com/images/icons/emoji/unicode/1f453.png">👓</g-emoji> Spec Compliance</h4> <ul> <li><code>babel-helper-module-transforms</code>, <code>babel-plugin-transform-modules-amd</code>, <code>babel-plugin-transform-modules-commonjs</code>, <code>babel-plugin-transform-modules-umd</code> <ul> <li><a href="https://snyk.io/redirect/github/babel/babel/pull/13788" data-hovercard-type="pull_request" data-hovercard-url="/babel/babel/pull/13788/hovercard">#13788</a> Sort module export names (<a href="https://snyk.io/redirect/github/JLHwung">@ JLHwung</a>)</li> </ul> </li> <li><code>babel-parser</code> <ul> <li><a href="https://snyk.io/redirect/github/babel/babel/pull/13769" data-hovercard-type="pull_request" data-hovercard-url="/babel/babel/pull/13769/hovercard">#13769</a> Tokenize keywords-like identifier as new tokens (<a href="https://snyk.io/redirect/github/JLHwung">@ JLHwung</a>)</li> </ul> </li> </ul> <h4><g-emoji class="g-emoji" alias="bug" fallback-src="https://github.githubassets.com/images/icons/emoji/unicode/1f41b.png">🐛</g-emoji> Bug Fix</h4> <ul> <li><code>babel-generator</code> <ul> <li><a href="https://snyk.io/redirect/github/babel/babel/pull/13821" data-hovercard-type="pull_request" data-hovercard-url="/babel/babel/pull/13821/hovercard">#13821</a> Fix missing inner comments in class expressions (<a href="https://snyk.io/redirect/github/overlookmotel">@ overlookmotel</a>)</li> </ul> </li> <li><code>babel-generator</code>, <code>babel-parser</code>, <code>babel-plugin-proposal-pipeline-operator</code> <ul> <li><a href="https://snyk.io/redirect/github/babel/babel/pull/13803" data-hovercard-type="pull_request" data-hovercard-url="/babel/babel/pull/13803/hovercard">#13803</a> Collect comments around parentheses in expressions (<a href="https://snyk.io/redirect/github/nicolo-ribaudo">@ nicolo-ribaudo</a>)</li> </ul> </li> <li><code>babel-plugin-transform-typescript</code> <ul> <li><a href="https://snyk.io/redirect/github/babel/babel/pull/13800" data-hovercard-type="pull_request" data-hovercard-url="/babel/babel/pull/13800/hovercard">#13800</a> fix: remove imported types from export (<a href="https://snyk.io/redirect/github/JLHwung">@ JLHwung</a>)</li> </ul> </li> </ul> <h4><g-emoji class="g-emoji" alias="nail_care" fallback-src="https://github.githubassets.com/images/icons/emoji/unicode/1f485.png">💅</g-emoji> Polish</h4> <ul> <li><code>babel-core</code> <ul> <li><a href="https://snyk.io/redirect/github/babel/babel/pull/13814" data-hovercard-type="pull_request" data-hovercard-url="/babel/babel/pull/13814/hovercard">#13814</a> Improve debug logging for IgnoreList (<a href="https://snyk.io/redirect/github/paleite">@ paleite</a>)</li> </ul> </li> <li><code>babel-node</code> <ul> <li><a href="https://snyk.io/redirect/github/babel/babel/pull/13784" data-hovercard-type="pull_request" data-hovercard-url="/babel/babel/pull/13784/hovercard">#13784</a> [@ babel/node] Forward the signal SIGTERM as well (<a href="https://snyk.io/redirect/github/julienw">@ julienw</a>)</li> </ul> </li> </ul> <h4><g-emoji class="g-emoji" alias="house" fallback-src="https://github.githubassets.com/images/icons/emoji/unicode/1f3e0.png">🏠</g-emoji> Internal</h4> <ul> <li><a href="https://snyk.io/redirect/github/babel/babel/pull/13808" data-hovercard-type="pull_request" data-hovercard-url="/babel/babel/pull/13808/hovercard">#13808</a> Update parser plugins for TypeScript tests (<a href="https://snyk.io/redirect/github/sosukesuzuki">@ sosukesuzuki</a>)</li> <li><a href="https://snyk.io/redirect/github/babel/babel/pull/13795" data-hovercard-type="pull_request" data-hovercard-url="/babel/babel/pull/13795/hovercard">#13795</a> Fix Gulpfile path separator issue on Windows (<a href="https://snyk.io/redirect/github/NotWearingPants">@ NotWearingPants</a>)</li> </ul> <h4><g-emoji class="g-emoji" alias="running_woman" fallback-src="https://github.githubassets.com/images/icons/emoji/unicode/1f3c3-2640.png">🏃‍♀️</g-emoji> Performance</h4> <ul> <li><code>babel-code-frame</code> <ul> <li><a href="https://snyk.io/redirect/github/babel/babel/pull/13812" data-hovercard-type="pull_request" data-hovercard-url="/babel/babel/pull/13812/hovercard">#13812</a> Optimization of string splitting (<a href="https://snyk.io/redirect/github/shoonia">@ shoonia</a>)</li> </ul> </li> </ul> <h4>Committers: 10</h4> <ul> <li>Alexander Zaytsev (<a href="https://snyk.io/redirect/github/shoonia">@ shoonia</a>)</li> <li>Babel Bot (<a href="https://snyk.io/redirect/github/babel-bot">@ babel-bot</a>)</li> <li>Hirotaka Tagawa / wafuwafu13 (<a href="https://snyk.io/redirect/github/wafuwafu13">@ wafuwafu13</a>)</li> <li>Huáng Jùnliàng (<a href="https://snyk.io/redirect/github/JLHwung">@ JLHwung</a>)</li> <li>Julien Wajsberg (<a href="https://snyk.io/redirect/github/julienw">@ julienw</a>)</li> <li>Nicolò Ribaudo (<a href="https://snyk.io/redirect/github/nicolo-ribaudo">@ nicolo-ribaudo</a>)</li> <li>Patrick Eriksson (<a href="https://snyk.io/redirect/github/paleite">@ paleite</a>)</li> <li>Sosuke Suzuki (<a href="https://snyk.io/redirect/github/sosukesuzuki">@ sosukesuzuki</a>)</li> <li><a href="https://snyk.io/redirect/github/NotWearingPants">@ NotWearingPants</a></li> <li><a href="https://snyk.io/redirect/github/overlookmotel">@ overlookmotel</a></li> </ul> </li> <li> <b>7.15.5</b> - <a href="https://snyk.io/redirect/github/babel/babel/releases/tag/v7.15.5">2021-09-04</a></br><h2>v7.15.5 (2021-09-04)</h2> <h4><g-emoji class="g-emoji" alias="eyeglasses" fallback-src="https://github.githubassets.com/images/icons/emoji/unicode/1f453.png">👓</g-emoji> Spec Compliance</h4> <ul> <li><code>babel-parser</code> <ul> <li><a href="https://snyk.io/redirect/github/babel/babel/pull/13727" data-hovercard-type="pull_request" data-hovercard-url="/babel/babel/pull/13727/hovercard">#13727</a> Disallow <code>#a in #b in c</code> and similar expressions (<a href="https://snyk.io/redirect/github/nicolo-ribaudo">@ nicolo-ribaudo</a>)</li> </ul> </li> </ul> <h4><g-emoji class="g-emoji" alias="leftwards_arrow_with_hook" fallback-src="https://github.githubassets.com/images/icons/emoji/unicode/21a9.png">↩️</g-emoji> Revert</h4> <ul> <li><code>babel-core</code> <ul> <li><a href="https://snyk.io/redirect/github/babel/babel/pull/13732" data-hovercard-type="pull_request" data-hovercard-url="/babel/babel/pull/13732/hovercard">#13732</a> Revert "fix: non breaking align options naming" (<a href="https://snyk.io/redirect/github/fedeci">@ fedeci</a>)</li> </ul> </li> </ul> <h4>Committers: 3</h4> <ul> <li>Babel Bot (<a href="https://snyk.io/redirect/github/babel-bot">@ babel-bot</a>)</li> <li>Federico Ciardi (<a href="https://snyk.io/redirect/github/fedeci">@ fedeci</a>)</li> <li>Nicolò Ribaudo (<a href="https://snyk.io/redirect/github/nicolo-ribaudo">@ nicolo-ribaudo</a>)</li> </ul> </li> <li> <b>7.15.4</b> - <a href="https://snyk.io/redirect/github/babel/babel/releases/tag/v7.15.4">2021-09-02</a></br><a href="https://snyk.io/redirect/github/babel/babel/releases/tag/v7.15.4"> Read more </a> </li> <li> <b>7.15.0</b> - 2021-08-04 </li> <li> <b>7.14.8</b> - 2021-07-20 </li> <li> <b>7.14.6</b> - 2021-06-14 </li> <li> <b>7.14.5</b> - 2021-06-09 </li> <li> <b>7.14.3</b> - 2021-05-17 </li> <li> <b>7.14.2</b> - 2021-05-12 </li> <li> <b>7.14.0</b> - 2021-04-29 </li> <li> <b>7.13.16</b> - 2021-04-20 </li> <li> <b>7.13.15</b> - 2021-04-08 </li> <li> <b>7.13.14</b> - 2021-03-29 </li> </ul> from <a href="https://snyk.io/redirect/github/babel/babel/releases">@babel/core GitHub release notes</a> </details> </details> <hr/>

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information: <img src="https://api.segment.io/v1/pixel/track?data=eyJ3cml0ZUtleSI6InJyWmxZcEdHY2RyTHZsb0lYd0dUcVg4WkFRTnNCOUEwIiwiYW5vbnltb3VzSWQiOiJlNGU1ZWJiMi0yODExLTQ1Y2MtOWJhNi0xZGM2MGQ3ZWZlNmYiLCJldmVudCI6IlBSIHZpZXdlZCIsInByb3BlcnRpZXMiOnsicHJJZCI6ImU0ZTVlYmIyLTI4MTEtNDVjYy05YmE2LTFkYzYwZDdlZmU2ZiJ9fQ==" width="0" height="0"/><img src="https://app.snyk.io/badges/merge-advice/?package_manager=npm&package_name=@babel/core&from_version=7.13.14&to_version=7.16.0&pr_id=e4e5ebb2-2811-45cc-9ba6-1dc60d7efe6f&visibility=false&has_feature_flag=false" width="0" height="0"/>

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

<!--- (snyk:metadata:{"prId":"e4e5ebb2-2811-45cc-9ba6-1dc60d7efe6f","prPublicId":"e4e5ebb2-2811-45cc-9ba6-1dc60d7efe6f","dependencies":[{"name":"@babel/core","from":"7.13.14","to":"7.16.0"}],"packageManager":"npm","type":"auto","projectUrl":"https://app.snyk.io/org/internal-products/project/ad5c6143-8766-40f9-a764-7045195a04db?utm_source=github&utm_medium=referral&page=upgrade-pr","projectPublicId":"ad5c6143-8766-40f9-a764-7045195a04db","env":"prod","prType":"upgrade","vulns":["SNYK-JS-LODASH-1040724","SNYK-JS-LODASH-1018905","SNYK-JS-BROWSERSLIST-1090194"],"issuesToFix":[{"issueId":"SNYK-JS-LODASH-1040724","severity":"high","title":"Command Injection","exploitMaturity":"proof-of-concept","priorityScore":467,"priorityScoreFactors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"cvssScore","label":"7.2","score":360}]},{"issueId":"SNYK-JS-LODASH-1018905","severity":"medium","title":"Regular Expression Denial of Service (ReDoS)","exploitMaturity":"proof-of-concept","priorityScore":372,"priorityScoreFactors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"cvssScore","label":"5.3","score":265}]},{"issueId":"SNYK-JS-BROWSERSLIST-1090194","severity":"medium","title":"Regular Expression Denial of Service (ReDoS)","exploitMaturity":"proof-of-concept","priorityScore":372,"priorityScoreFactors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"cvssScore","label":"5.3","score":265}]}],"upgrade":["SNYK-JS-LODASH-1040724","SNYK-JS-LODASH-1018905","SNYK-JS-BROWSERSLIST-1090194"],"upgradeInfo":{"versionsDiff":13,"publishedDate":"2021-10-29T23:47:58.487Z"},"templateVariants":["merge-advice-badge-shown","priorityScore"],"hasFixes":true,"isMajorUpgrade":false,"isBreakingChange":false,"priorityScoreList":[467,372,372]}) --->

+402 -1988

0 comment

2 changed files

snyk-bot

pr closed time in 10 days

delete branch Financial-Times/js-features-analyser

delete branch : snyk-upgrade-80afafc84bc318156c7e3a9256cd576c

delete time in 10 days

push eventFinancial-Times/js-features-analyser

snyk-bot

commit sha 4e9fa76ad5ca5ba1ef0c86e0b7d0000e83170224

fix: upgrade yargs from 15.3.0 to 15.4.1 Snyk has created this PR to upgrade yargs from 15.3.0 to 15.4.1. See this package in npm: https://www.npmjs.com/package/yargs See this project in Snyk: https://app.snyk.io/org/internal-products/project/ad5c6143-8766-40f9-a764-7045195a04db?utm_source=github&utm_medium=referral&page=upgrade-pr

view details

push time in 10 days

PR merged Financial-Times/js-features-analyser

[Snyk] Upgrade yargs from 15.3.0 to 15.4.1 cli

<h3>Snyk has created this PR to upgrade yargs from 15.3.0 to 15.4.1.</h3>

merge advice :information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project. <hr/>

  • The recommended version is 7 versions ahead of your current version.
  • The recommended version was released a year ago, on 2020-07-10.

<details> <summary><b>Release notes</b></summary> <br/> <details> <summary>Package name: <b>yargs</b></summary> <ul> <li> <b>15.4.1</b> - 2020-07-10 </li> <li> <b>15.4.0</b> - 2020-07-02 </li> <li> <b>15.4.0-beta.1</b> - 2020-07-01 </li> <li> <b>15.4.0-beta.0</b> - 2020-05-15 </li> <li> <b>15.3.2-beta.0</b> - 2020-04-17 </li> <li> <b>15.3.1</b> - 2020-03-16 </li> <li> <b>15.3.1-beta.0</b> - 2020-03-12 </li> <li> <b>15.3.0</b> - 2020-03-08 </li> </ul> from <a href="https://snyk.io/redirect/github/yargs/yargs/releases">yargs GitHub release notes</a> </details> </details> <hr/>

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information: <img src="https://api.segment.io/v1/pixel/track?data=eyJ3cml0ZUtleSI6InJyWmxZcEdHY2RyTHZsb0lYd0dUcVg4WkFRTnNCOUEwIiwiYW5vbnltb3VzSWQiOiI2NTc5ODRjMS1iOTJiLTRmOTYtYmI5MC0yZWQ5ZTc0MWExMjIiLCJldmVudCI6IlBSIHZpZXdlZCIsInByb3BlcnRpZXMiOnsicHJJZCI6IjY1Nzk4NGMxLWI5MmItNGY5Ni1iYjkwLTJlZDllNzQxYTEyMiJ9fQ==" width="0" height="0"/>

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

<!--- (snyk:metadata:{"prId":"657984c1-b92b-4f96-bb90-2ed9e741a122","prPublicId":"657984c1-b92b-4f96-bb90-2ed9e741a122","dependencies":[{"name":"yargs","from":"15.3.0","to":"15.4.1"}],"packageManager":"npm","type":"auto","projectUrl":"https://app.snyk.io/org/internal-products/project/ad5c6143-8766-40f9-a764-7045195a04db?utm_source=github&utm_medium=referral&page=upgrade-pr","projectPublicId":"ad5c6143-8766-40f9-a764-7045195a04db","env":"prod","prType":"upgrade","vulns":[],"issuesToFix":[],"upgrade":[],"upgradeInfo":{"versionsDiff":7,"publishedDate":"2020-07-10T22:42:08.187Z"},"templateVariants":["merge-advice-badge-shown"],"hasFixes":false,"isMajorUpgrade":false,"isBreakingChange":false,"priorityScoreList":[]}) --->

+10 -198

0 comment

2 changed files

snyk-bot

pr closed time in 10 days

push eventFinancial-Times/origami

chee

commit sha eeb1cae6e7f0379e647f2b41240b1f294997d528

feat: allow npm 8 in engines config For our purposes, npm 7 and 8 are the same

view details

Jake Champion

commit sha 87a962a8f9c293895868803cb6a1d35ca17f91c4

backstage: update lockfile

view details

Jake Champion

commit sha 984ef0a29c058ed2d3d5c7f392f1aa52f0e7e10c

fix: only create the sassDestination and jsDestination fields when demoBuild.sass and demoBuild.js are not undefined

view details

Fox

commit sha bf9bc05e229683de74de11ee1ea8e1fcf435e34b

chore: release main

view details

Jake Champion

commit sha 8481b5648e12252db6ee143c57e85b5e9d3dbe4a

backstage: add tests for o-no

view details

Jake Champion

commit sha 789a9069c307e26b2ec0b280bd740b179aa7d14a

backstage: add tests for o-no

view details

Jake Champion

commit sha 97c9130344cc598090a9f652654b9636b7a3309c

backstage: add tests for o-no

view details

Jake Champion

commit sha c916124d8cd366e76704f25ce07ffea11679eb93

fix: make o-no support the * range and support exact versions

view details

Jake Champion

commit sha 03108c853a6366f3439bea986ea9fb9cd05ccfaf

fix: make o-no support the * range and support exact versions

view details

Jake Champion

commit sha 9203707265f25bbc518b08fdc8de2c4c32c1567c

fix: set max version of o-normalise to one which does exist on bower and npm the 3.x.x versions were only meant for npm and have been removed from bower

view details

Jake Champion

commit sha f79e477843a1701e43e1e94668fdfd9a359f0045

fix: log out the currently installed version of the origami dependency

view details

Jake Champion

commit sha 1b90bf0f50d77a1830bb3879de7e93ce0f50d619

backstage: update tests and assertions

view details

Jake Champion

commit sha fefe70d20087c834ae13e6c4468a7fc3a71cc319

backstage: switch to single quotes, just for fun

view details

Jake Champion

commit sha 92d7cb1ffc9bead32f567ad8cc27746aaa185455

backstage: remove semi

view details

Jake Champion

commit sha b2bccbe23d6f13293a153609caabc3625fbd4f86

remove the sneaky console.log that was added when I was working on this code Co-authored-by: Lee Moody <notlee@users.noreply.github.com>

view details

Jake Champion

commit sha 6b1666d26e26468f48b674ea3188cf9f8f2808b3

backstage: update package-lock.json

view details

circle-auto-deploy

commit sha 293e652ff2d848ebaa380c4979981b34d3d386ee

backstage: extract log and polyfillURL helpers from obt

view details

circle-auto-deploy

commit sha 71a995e9b6a068bffccb28023e31cccd95658346

backstage: extract demo-build from obt

view details

circle-auto-deploy

commit sha 9f90b52d6324a6fb4437c1eccca4c2597a527c5e

backstage: extract demo-build from obt

view details

circle-auto-deploy

commit sha 2b1d211a48df7b4d13e0578c03a502de3dbd3a8a

backstage: extract demo-build from obt

view details

push time in 11 days

delete branch Financial-Times/polyfill-useragent-normaliser

delete branch : snyk-upgrade-e6799937388e03073d457abdba7716de

delete time in 11 days

PR closed Financial-Times/polyfill-useragent-normaliser

[Snyk] Upgrade semver from 7.3.2 to 7.3.5 cli

<h3>Snyk has created this PR to upgrade semver from 7.3.2 to 7.3.5.</h3>

merge advice :information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project. <hr/>

  • The recommended version is 3 versions ahead of your current version.
  • The recommended version was released 8 months ago, on 2021-03-23.

<details> <summary><b>Release notes</b></summary> <br/> <details> <summary>Package name: <b>semver</b></summary> <ul> <li> <b>7.3.5</b> - <a href="https://snyk.io/redirect/github/npm/node-semver/releases/tag/v7.3.5">2021-03-23</a></br><p>7.3.5</p> </li> <li> <b>7.3.4</b> - <a href="https://snyk.io/redirect/github/npm/node-semver/releases/tag/v7.3.4">2020-12-01</a></br><p>7.3.4</p> </li> <li> <b>7.3.3</b> - <a href="https://snyk.io/redirect/github/npm/node-semver/releases/tag/v7.3.3">2020-12-01</a></br><p>7.3.3</p> </li> <li> <b>7.3.2</b> - <a href="https://snyk.io/redirect/github/npm/node-semver/releases/tag/v7.3.2">2020-04-14</a></br><p>7.3.2</p> </li> </ul> from <a href="https://snyk.io/redirect/github/npm/node-semver/releases">semver GitHub release notes</a> </details> </details>

<details> <summary><b>Commit messages</b></summary> </br> <details> <summary>Package name: <b>semver</b></summary> <ul> <li><a href="https://snyk.io/redirect/github/npm/node-semver/commit/e79ac3a450e8bb504e78b8159e3efc70895699b8">e79ac3a</a> 7.3.5</li> <li><a href="https://snyk.io/redirect/github/npm/node-semver/commit/0ce87d6aa69da11f1958d489181db9c9988d07a7">0ce87d6</a> Correctly handle prereleases/ANY ranges in subset</li> <li><a href="https://snyk.io/redirect/github/npm/node-semver/commit/15ed20833cb5377ba3a219f6a86b5deabd806f20">15ed208</a> fix(subset): check any as superset</li> <li><a href="https://snyk.io/redirect/github/npm/node-semver/commit/093b40f8a7cb67946527b739fe8f8974c888e2a0">093b40f</a> 7.3.4</li> <li><a href="https://snyk.io/redirect/github/npm/node-semver/commit/93ff028e62e411f26349626bda4859e7b05ec608">93ff028</a> use modern lru-cache, not legacy</li> <li><a href="https://snyk.io/redirect/github/npm/node-semver/commit/984a8d5f2d403f90ca95c201e9ba061ac96ca3fc">984a8d5</a> 7.3.3</li> <li><a href="https://snyk.io/redirect/github/npm/node-semver/commit/703ec39f86ee0c96de416f74190d2dd3ed262689">703ec39</a> Add lru-cache dep</li> <li><a href="https://snyk.io/redirect/github/npm/node-semver/commit/2d01126ecabcf62dcbd1065704e0a468a8c66b6e">2d01126</a> MinVersion failing for '^2.16.2 ^2.16' alike range</li> <li><a href="https://snyk.io/redirect/github/npm/node-semver/commit/a7acc5d4333ac021c40edf4c0e8dbf3e92765e6a">a7acc5d</a> spelling: satisfies</li> <li><a href="https://snyk.io/redirect/github/npm/node-semver/commit/e6f7919566dffe824ee86ca89ab33cfc8a80bde9">e6f7919</a> spelling: intersection</li> <li><a href="https://snyk.io/redirect/github/npm/node-semver/commit/e08d9167937e09e8e6fe23aacaf17f892a1d69e1">e08d916</a> Memoize range parsing</li> <li><a href="https://snyk.io/redirect/github/npm/node-semver/commit/60880700d6cee8450e37f5ac31430d84587620f5">6088070</a> add a test for the coverage map</li> <li><a href="https://snyk.io/redirect/github/npm/node-semver/commit/bcab95a966413b978dc1e7bdbcb8f495b63303cd">bcab95a</a> Reduce unnecessary Comparators in Range set</li> <li><a href="https://snyk.io/redirect/github/npm/node-semver/commit/226e6dc8eca111964ad95881020ee7d7b2b833a2">226e6dc</a> Fixed variable names and comments</li> </ul>

<a href="https://snyk.io/redirect/github/npm/node-semver/compare/ce978f9a58b71d22a7c303432c9a5135510e01be...e79ac3a450e8bb504e78b8159e3efc70895699b8">Compare</a> </details> </details> <hr/>

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information: <img src="https://api.segment.io/v1/pixel/track?data=eyJ3cml0ZUtleSI6InJyWmxZcEdHY2RyTHZsb0lYd0dUcVg4WkFRTnNCOUEwIiwiYW5vbnltb3VzSWQiOiI5OWM4ZWY0ZS00NWQxLTQxN2QtYWMyNC1iZjM5Yjc1NWQ5NTEiLCJldmVudCI6IlBSIHZpZXdlZCIsInByb3BlcnRpZXMiOnsicHJJZCI6Ijk5YzhlZjRlLTQ1ZDEtNDE3ZC1hYzI0LWJmMzliNzU1ZDk1MSJ9fQ==" width="0" height="0"/>

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

<!--- (snyk:metadata:{"prId":"99c8ef4e-45d1-417d-ac24-bf39b755d951","prPublicId":"99c8ef4e-45d1-417d-ac24-bf39b755d951","dependencies":[{"name":"semver","from":"7.3.2","to":"7.3.5"}],"packageManager":"npm","type":"auto","projectUrl":"https://app.snyk.io/org/internal-products/project/02eea73b-defa-43ae-b744-612fb1aa047f?utm_source=github&utm_medium=referral&page=upgrade-pr","projectPublicId":"02eea73b-defa-43ae-b744-612fb1aa047f","env":"prod","prType":"upgrade","vulns":[],"issuesToFix":[],"upgrade":[],"upgradeInfo":{"versionsDiff":3,"publishedDate":"2021-03-23T01:37:52.803Z"},"templateVariants":["merge-advice-badge-shown"],"hasFixes":false,"isMajorUpgrade":false,"isBreakingChange":false,"priorityScoreList":[]}) --->

+43 -8

0 comment

2 changed files

snyk-bot

pr closed time in 11 days

push eventFinancial-Times/polyfill-library

snyk-bot

commit sha b633532f7e362584ef605dede48fbbe8932e959c

fix: upgrade graceful-fs from 4.2.4 to 4.2.8 Snyk has created this PR to upgrade graceful-fs from 4.2.4 to 4.2.8. See this package in npm: https://www.npmjs.com/package/graceful-fs See this project in Snyk: https://app.snyk.io/org/internal-products/project/3756614e-b2ba-4708-bf17-201c780c1194?utm_source=github&utm_medium=referral&page=upgrade-pr

view details

push time in 11 days

delete branch Financial-Times/polyfill-library

delete branch : snyk-upgrade-8e671928d0532d445e2d9e0dc1b22860

delete time in 11 days

PR merged Financial-Times/polyfill-library

[Snyk] Upgrade graceful-fs from 4.2.4 to 4.2.8 library

<h3>Snyk has created this PR to upgrade graceful-fs from 4.2.4 to 4.2.8.</h3>

merge advice :information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project. <hr/>

  • The recommended version is 4 versions ahead of your current version.
  • The recommended version was released 4 months ago, on 2021-08-05.

<details> <summary><b>Release notes</b></summary> <br/> <details> <summary>Package name: <b>graceful-fs</b></summary> <ul> <li> <b>4.2.8</b> - <a href="https://snyk.io/redirect/github/isaacs/node-graceful-fs/releases/tag/v4.2.8">2021-08-05</a></br><p>4.2.8</p> </li> <li> <b>4.2.7</b> - <a href="https://snyk.io/redirect/github/isaacs/node-graceful-fs/releases/tag/v4.2.7">2021-08-05</a></br><p>4.2.7</p> </li> <li> <b>4.2.6</b> - <a href="https://snyk.io/redirect/github/isaacs/node-graceful-fs/releases/tag/v4.2.6">2021-02-09</a></br><p>4.2.6</p> </li> <li> <b>4.2.5</b> - <a href="https://snyk.io/redirect/github/isaacs/node-graceful-fs/releases/tag/v4.2.5">2021-02-05</a></br><p>4.2.5</p> </li> <li> <b>4.2.4</b> - <a href="https://snyk.io/redirect/github/isaacs/node-graceful-fs/releases/tag/v4.2.4">2020-04-28</a></br><p>4.2.4</p> </li> </ul> from <a href="https://snyk.io/redirect/github/isaacs/node-graceful-fs/releases">graceful-fs GitHub release notes</a> </details> </details>

<details> <summary><b>Commit messages</b></summary> </br> <details> <summary>Package name: <b>graceful-fs</b></summary> <ul> <li><a href="https://snyk.io/redirect/github/isaacs/node-graceful-fs/commit/9ec3413c8eb1c073c42262bf5a2a8cdf556f68a7">9ec3413</a> 4.2.8</li> <li><a href="https://snyk.io/redirect/github/isaacs/node-graceful-fs/commit/569a726eca49685aeeb4e3325a32ae326186a0c7">569a726</a> fix: start retrying immediately, stop after 60 seconds</li> <li><a href="https://snyk.io/redirect/github/isaacs/node-graceful-fs/commit/00474f6055cec06a6c5131250cfceca259220b33">00474f6</a> 4.2.7</li> <li><a href="https://snyk.io/redirect/github/isaacs/node-graceful-fs/commit/e4ee5d6b4c3bd193d78499261e273c811f36b312">e4ee5d6</a> fix: start retrying immediately, stop after 10 attempts</li> <li><a href="https://snyk.io/redirect/github/isaacs/node-graceful-fs/commit/e9a394b34664bbd65566f310e2ec2d888e4f00ff">e9a394b</a> chore: refactor readdir to be consistent</li> <li><a href="https://snyk.io/redirect/github/isaacs/node-graceful-fs/commit/16f8da2f15e79288f12ab5acef87e94f99c1fe01">16f8da2</a> Fix copyFile wrapper when retry hits EMFILE again</li> <li><a href="https://snyk.io/redirect/github/isaacs/node-graceful-fs/commit/89dc1330dcd8fa218c5dff92a97d8792b7da6b12">89dc133</a> Clarify README.md regarding sync methods (#207)</li> <li><a href="https://snyk.io/redirect/github/isaacs/node-graceful-fs/commit/24f88fd7f37829d34ba5df5edfd7fe20df55d74a">24f88fd</a> 4.2.6</li> <li><a href="https://snyk.io/redirect/github/isaacs/node-graceful-fs/commit/f762c746c0e13d84db68af5b0d4e711aaa5bee74">f762c74</a> fix: TypeError when loading graceful-fs from worker threads</li> <li><a href="https://snyk.io/redirect/github/isaacs/node-graceful-fs/commit/195c9347dbc6029892fc6efc6efd14b2f49ed816">195c934</a> fix: copyFile with flags</li> <li><a href="https://snyk.io/redirect/github/isaacs/node-graceful-fs/commit/feedd03814a6fd4dbf3387c092fddde61dbab2bc">feedd03</a> run tests in color mode</li> <li><a href="https://snyk.io/redirect/github/isaacs/node-graceful-fs/commit/f110c5dea38b8ebdd89d27172b631b101ffb3348">f110c5d</a> 4.2.5</li> <li><a href="https://snyk.io/redirect/github/isaacs/node-graceful-fs/commit/c55c1b8cb32510f92bd33d7c833364ecd3964dea">c55c1b8</a> Avoid hitting proto</li> <li><a href="https://snyk.io/redirect/github/isaacs/node-graceful-fs/commit/7b855703c8ff978791b6c0509ef5da806898b0a7">7b85570</a> Copy over process.chdir.disabled if set</li> <li><a href="https://snyk.io/redirect/github/isaacs/node-graceful-fs/commit/b2aba81462bb5eb56072034df0d9ca5b5cf38dbb">b2aba81</a> Support copyFile</li> <li><a href="https://snyk.io/redirect/github/isaacs/node-graceful-fs/commit/ab03583bbbaf1f1f7280a9bd8630aab55511154c">ab03583</a> s/travis/GitHub Actions/</li> <li><a href="https://snyk.io/redirect/github/isaacs/node-graceful-fs/commit/5844b5508efc45480aa277ea51c0073f5d63577d">5844b55</a> run tests with coverage</li> </ul>

<a href="https://snyk.io/redirect/github/isaacs/node-graceful-fs/compare/5a29f6c50ccdb412cb198b06ee248e65f365145b...9ec3413c8eb1c073c42262bf5a2a8cdf556f68a7">Compare</a> </details> </details> <hr/>

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information: <img src="https://api.segment.io/v1/pixel/track?data=eyJ3cml0ZUtleSI6InJyWmxZcEdHY2RyTHZsb0lYd0dUcVg4WkFRTnNCOUEwIiwiYW5vbnltb3VzSWQiOiJjNmY5MDYxZC1iZTY5LTQ5ZjctYTU2OS1lYjk0ZWUwMGRiYWMiLCJldmVudCI6IlBSIHZpZXdlZCIsInByb3BlcnRpZXMiOnsicHJJZCI6ImM2ZjkwNjFkLWJlNjktNDlmNy1hNTY5LWViOTRlZTAwZGJhYyJ9fQ==" width="0" height="0"/>

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

<!--- (snyk:metadata:{"prId":"c6f9061d-be69-49f7-a569-eb94ee00dbac","prPublicId":"c6f9061d-be69-49f7-a569-eb94ee00dbac","dependencies":[{"name":"graceful-fs","from":"4.2.4","to":"4.2.8"}],"packageManager":"npm","type":"auto","projectUrl":"https://app.snyk.io/org/internal-products/project/3756614e-b2ba-4708-bf17-201c780c1194?utm_source=github&utm_medium=referral&page=upgrade-pr","projectPublicId":"3756614e-b2ba-4708-bf17-201c780c1194","env":"prod","prType":"upgrade","vulns":[],"issuesToFix":[],"upgrade":[],"upgradeInfo":{"versionsDiff":4,"publishedDate":"2021-08-05T20:06:04.291Z"},"templateVariants":["merge-advice-badge-shown"],"hasFixes":false,"isMajorUpgrade":false,"isBreakingChange":false,"priorityScoreList":[]}) --->

+4 -4

0 comment

2 changed files

snyk-bot

pr closed time in 11 days

delete branch Financial-Times/polyfill-library

delete branch : snyk-upgrade-0662c9fc8dda1f7687e5f7df815c9d58

delete time in 11 days

push eventFinancial-Times/polyfill-library

snyk-bot

commit sha 59a4d1ccacede7f2cb379878e4d462fd0c33a7cd

fix: upgrade mnemonist from 0.38.0 to 0.38.5 Snyk has created this PR to upgrade mnemonist from 0.38.0 to 0.38.5. See this package in npm: https://www.npmjs.com/package/mnemonist See this project in Snyk: https://app.snyk.io/org/internal-products/project/3756614e-b2ba-4708-bf17-201c780c1194?utm_source=github&utm_medium=referral&page=upgrade-pr

view details

push time in 11 days

PR merged Financial-Times/polyfill-library

[Snyk] Upgrade mnemonist from 0.38.0 to 0.38.5 library

<h3>Snyk has created this PR to upgrade mnemonist from 0.38.0 to 0.38.5.</h3>

merge advice :information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project. <hr/>

  • The recommended version is 5 versions ahead of your current version.
  • The recommended version was released a month ago, on 2021-10-27.

<details> <summary><b>Release notes</b></summary> <br/> <details> <summary>Package name: <b>mnemonist</b></summary> <ul> <li> <b>0.38.5</b> - <a href="https://snyk.io/redirect/github/Yomguithereal/mnemonist/releases/tag/0.38.5">2021-10-27</a></br><ul> <li>Upgrading <code>obliterator</code>.</li> <li>Improving performance of iterator methods across the library.</li> </ul> </li> <li> <b>0.38.4</b> - <a href="https://snyk.io/redirect/github/Yomguithereal/mnemonist/releases/tag/0.38.4">2021-09-25</a></br><ul> <li>Fixing <code>KDTree</code> typings (<a class="user-mention" data-hovercard-type="user" data-hovercard-url="/users/clhuang/hovercard" data-octo-click="hovercard-link-click" data-octo-dimensions="link_type:self" href="https://snyk.io/redirect/github/clhuang">@ clhuang</a>).</li> </ul> </li> <li> <b>0.38.3</b> - <a href="https://snyk.io/redirect/github/Yomguithereal/mnemonist/releases/tag/0.38.3">2021-03-01</a></br><ul> <li>Refactoring <code>VPTree</code> memory layout.</li> <li>Fixing <code>VPTree.nearestNeighbors</code> edge case.</li> <li>Various <code>VPTree</code> optimizations.</li> </ul> </li> <li> <b>0.38.2</b> - <a href="https://snyk.io/redirect/github/Yomguithereal/mnemonist/releases/tag/0.38.2">2021-02-28</a></br><ul> <li>Fixing <code>Heap.replace</code> & <code>Heap.pusphpop</code> types (<a class="user-mention" data-hovercard-type="user" data-hovercard-url="/users/wholenews/hovercard" data-octo-click="hovercard-link-click" data-octo-dimensions="link_type:self" href="https://snyk.io/redirect/github/wholenews">@ wholenews</a>).</li> </ul> </li> <li> <b>0.38.1</b> - <a href="https://snyk.io/redirect/github/Yomguithereal/mnemonist/releases/tag/0.38.1">2020-12-05</a></br><ul> <li>Fixing <code>SparseQueueSet</code> deopt.</li> </ul> </li> <li> <b>0.38.0</b> - <a href="https://snyk.io/redirect/github/Yomguithereal/mnemonist/releases/tag/0.38.0">2020-06-25</a></br><ul> <li>Adding <code>TrieMap.update</code> (<a class="user-mention" data-hovercard-type="user" data-hovercard-url="/users/wholenews/hovercard" data-octo-click="hovercard-link-click" data-octo-dimensions="link_type:self" href="https://snyk.io/redirect/github/wholenews">@ wholenews</a>).</li> </ul> </li> </ul> from <a href="https://snyk.io/redirect/github/yomguithereal/mnemonist/releases">mnemonist GitHub release notes</a> </details> </details>

<details> <summary><b>Commit messages</b></summary> </br> <details> <summary>Package name: <b>mnemonist</b></summary> <ul> <li><a href="https://snyk.io/redirect/github/Yomguithereal/mnemonist/commit/5b7ce072296ea6655a9404b32da3850e498a3100">5b7ce07</a> Bump 0.38.5</li> <li><a href="https://snyk.io/redirect/github/Yomguithereal/mnemonist/commit/49b96b0752f78ccc33d440511007b533618f0427">49b96b0</a> Upgrading obliterator</li> <li><a href="https://snyk.io/redirect/github/Yomguithereal/mnemonist/commit/39dc1842be31c00de68c79a1f4017fc45681cf1d">39dc184</a> Bump 0.38.4</li> <li><a href="https://snyk.io/redirect/github/Yomguithereal/mnemonist/commit/9e38e1c803b0a6ebeaa9971a8ba23dbc22aa9f2c">9e38e1c</a> fix kd-tree types</li> <li><a href="https://snyk.io/redirect/github/Yomguithereal/mnemonist/commit/9cca46958cb6a37cd73d1e30f0ce265797786e2c">9cca469</a> test(TypedArrays): add tests for getPointerArray</li> <li><a href="https://snyk.io/redirect/github/Yomguithereal/mnemonist/commit/66e494d66fd5120de9b13090cbca0a11f800ab75">66e494d</a> fix(PointerArray): throw error if array size > 4294967295</li> <li><a href="https://snyk.io/redirect/github/Yomguithereal/mnemonist/commit/f97e33186b013abe279d5e6aa8ca7f05b24db654">f97e331</a> fix(LRU): throw error if capacity is not a finite positive integer</li> <li><a href="https://snyk.io/redirect/github/Yomguithereal/mnemonist/commit/825538adaf1daee4b9ce3f6c073956ed4211ea1e">825538a</a> Adding prepublishOnly</li> <li><a href="https://snyk.io/redirect/github/Yomguithereal/mnemonist/commit/caeab455996f2d274c01f4c182f3f75f66b5e67e">caeab45</a> chore(benchmark): replace deepEqual with deepStrictEqual</li> <li><a href="https://snyk.io/redirect/github/Yomguithereal/mnemonist/commit/53a36c1c6ac2211cf9ab58c6b899885dad8a7a5d">53a36c1</a> chore(test): replace deepEqual with deepStrictEqual</li> <li><a href="https://snyk.io/redirect/github/Yomguithereal/mnemonist/commit/1bca486d22a0e31417e89aa86bf64cc92699cb0f">1bca486</a> Adding assign-vs-spread bench</li> <li><a href="https://snyk.io/redirect/github/Yomguithereal/mnemonist/commit/4a86fbe420f03923c2562378bf4f3bb25cb011af">4a86fbe</a> Bump 0.38.3</li> <li><a href="https://snyk.io/redirect/github/Yomguithereal/mnemonist/commit/a2d2c3a682f8a8560be59255f8062427f88186fc">a2d2c3a</a> Note</li> <li><a href="https://snyk.io/redirect/github/Yomguithereal/mnemonist/commit/d351c92206382a431cb40dfe327aef8e612b0bbb">d351c92</a> Adding VPTree.D</li> <li><a href="https://snyk.io/redirect/github/Yomguithereal/mnemonist/commit/7386f04b9e5eb73d77d270bc85cb507c8ee033fb">7386f04</a> Adding medium-scale VPTree random test</li> <li><a href="https://snyk.io/redirect/github/Yomguithereal/mnemonist/commit/1cf0c299eabfd039a06612551be16f1391edb670">1cf0c29</a> More robust unit tests</li> <li><a href="https://snyk.io/redirect/github/Yomguithereal/mnemonist/commit/005ea63d2916eb753ae17f5c8c63cfb97c825c28">005ea63</a> Stack flattening</li> <li><a href="https://snyk.io/redirect/github/Yomguithereal/mnemonist/commit/7ceee835bf29e6b9e3dbc262dc80df75ea19b603">7ceee83</a> Adjusting VPTree unit tests</li> <li><a href="https://snyk.io/redirect/github/Yomguithereal/mnemonist/commit/2f578d76da4dffe331003121db2ef2d9b4060227">2f578d7</a> Reverting change about VPTree comparator</li> <li><a href="https://snyk.io/redirect/github/Yomguithereal/mnemonist/commit/66fb7824795c986112fb89773cb894273d7e9072">66fb782</a> Add notes</li> <li><a href="https://snyk.io/redirect/github/Yomguithereal/mnemonist/commit/32966b1a8b8b5e0b3ce226fe61ac577a96c14bd8">32966b1</a> Reversing</li> <li><a href="https://snyk.io/redirect/github/Yomguithereal/mnemonist/commit/c63a1e5b29dd7b44e44ac284e205862701f5bb14">c63a1e5</a> Just need to inverse left/right</li> <li><a href="https://snyk.io/redirect/github/Yomguithereal/mnemonist/commit/3dd3fdf4ac0a8dbea7339845754df260fb4e23c8">3dd3fdf</a> Drafting new binary tree construction</li> <li><a href="https://snyk.io/redirect/github/Yomguithereal/mnemonist/commit/39c066ebf0eba3104b64c7303ad74087e19fca92">39c066e</a> Amending notes</li> </ul>

<a href="https://snyk.io/redirect/github/Yomguithereal/mnemonist/compare/d2fc46292d0c73ac592938225de57532132a3c8f...5b7ce072296ea6655a9404b32da3850e498a3100">Compare</a> </details> </details> <hr/>

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information: <img src="https://api.segment.io/v1/pixel/track?data=eyJ3cml0ZUtleSI6InJyWmxZcEdHY2RyTHZsb0lYd0dUcVg4WkFRTnNCOUEwIiwiYW5vbnltb3VzSWQiOiI4ZmNkZTY1YS1kZjE0LTRmMDEtYjRmNS05MmU1NmNlZmE5NzUiLCJldmVudCI6IlBSIHZpZXdlZCIsInByb3BlcnRpZXMiOnsicHJJZCI6IjhmY2RlNjVhLWRmMTQtNGYwMS1iNGY1LTkyZTU2Y2VmYTk3NSJ9fQ==" width="0" height="0"/>

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

<!--- (snyk:metadata:{"prId":"8fcde65a-df14-4f01-b4f5-92e56cefa975","prPublicId":"8fcde65a-df14-4f01-b4f5-92e56cefa975","dependencies":[{"name":"mnemonist","from":"0.38.0","to":"0.38.5"}],"packageManager":"npm","type":"auto","projectUrl":"https://app.snyk.io/org/internal-products/project/3756614e-b2ba-4708-bf17-201c780c1194?utm_source=github&utm_medium=referral&page=upgrade-pr","projectPublicId":"3756614e-b2ba-4708-bf17-201c780c1194","env":"prod","prType":"upgrade","vulns":[],"issuesToFix":[],"upgrade":[],"upgradeInfo":{"versionsDiff":5,"publishedDate":"2021-10-27T20:41:28.541Z"},"templateVariants":["merge-advice-badge-shown"],"hasFixes":false,"isMajorUpgrade":false,"isBreakingChange":false,"priorityScoreList":[]}) --->

+8 -8

1 comment

2 changed files

snyk-bot

pr closed time in 11 days

issue openedtc39/proposal-set-methods

Question: Should Set.prototype.isSubsetOf accepts string literals?

The other proposed methods accept string literals as their argument, and strings work because they are iterable

Step 3 of Set.prototype.isSubsetOf stops string literals from working: If Type(iterable) is not Object, throw a TypeError exception.

If string literals should be accepted then I think we can remove this step entirely and rely on Step 2 of AddEntryFromIterable to handle the situation when a non-iterable value has been supplied as the argument to Set.prototype.isSubsetOf

created time in 11 days

issue closedtc39/proposal-set-methods

Question: Should Set.prototype.isSubsetOf accept any iterable?

The argument to Set.prototype.isSubsetOf is named iterable but currently the steps only allow for a Set or Set-like object to work correctly.

For example executing (new Set([1])).isSubsetOf([2]) -- the important part being the array passed into isSubsetOf:

  • Set.prototype.isSubsetOf Steps 1 to 5 are followed
  • Set.prototype.isSubsetOf Step 6 (If IsCallable(hasCheck) is false,) will evaluate to true and we will enter Step 6.a
  • Set.prototype.isSubsetOf Step 6.a is followed
  • Set.prototype.isSubsetOf Step 6.b (Perform ? AddEntryFromIterable(otherSet, iterable, %SetProto_add%). calls AddEntryFromIterable
  • AddEntryFromIterable Steps 1 - 3.a are followed
  • AddEntryFromIterable Step 3.b. (Let status be Call(adder, target, « nextValue »).) calls %SetProto_add%
  • Set.prototype.add Step 1 is followed
  • Set.prototype.add Step 2 (2. Perform ? RequireInternalSlot(S, [[SetData]]).) calls RequireInternalSlot
  • RequireInternalSlot Step 1 is followed
  • RequireInternalSlot Step 2 (2. If O does not have an internalSlot internal slot, throw a TypeError exception.) will throw a TypeError because S is the array we passed in at the beginning of this

I guess this question could be written as, what should the below code evaluate to?

const set = new Set([1, 2, 3]);
const result = set.isSubsetOf([1, 2, 3, 4]);
console.log(result);

Should that result in a TypeError being thrown or with result being a boolean?

closed time in 11 days

JakeChampion

issue commenttc39/proposal-set-methods

Question: Should Set.prototype.isSubsetOf accept any iterable?

Yes you're right, this looks like a potential bug in the SpiderMonkey patch and not a bug in the spec 👍

JakeChampion

comment created time in 11 days

more