[Snyk] Upgrade metalsmith from 2.3.0 to 2.4.1

[snyk-bot]

Snyk has created this PR to upgrade metalsmith from 2.3.0 to 2.4.1.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 2 versions ahead of your current version.
• The recommended version was released 24 days ago, on 2022-01-31.

Release notes

Package name: metalsmith

• 2.4.1 - 2022-01-31
  

  Fixed

  Bugfix: include index.js in package.json files

  Unfortunately release 2.4.0 missed the index.js file and was only usable by doing require('metalsmith/lib'). For this reason the release notes from 2.4.0 are re-included below:

  Added

  • #338 Added Metalsmith#match method. Plugins no longer need to require a matching library 705c4bb, f01c724
  • #358 Added TS-style JSdocs 828b17e
  • Use native fs.rm instead of rimraf when available (Node 14.4+) fcbb76e, 66e4376
  • #226 Allow passing a gray-matter options object to Metalsmith#frontmatter a6438d2
  • Modernized dev setup ef7b781
  • Added 8 new tests (match method, front-matter options, path & symbolic link handling)
  • Files object file paths are now guaranteed to be sorted aphabetically. 4eb1184
  • #211 Metalsmith#build now returns a promise which you can attach a then/catch to or await. The build callback model is still available. 6d5a42d

  Removed

  • #231 Dropped support for Node < 8 2db47f5, 75e6878
  • Dependencies:
    • has-generators: obsolete in supported Node versions 2db47f5
    • absolute replaced with native Node path.isAbsolute c05f9e2 (@ Zearin)
    • is replaced with own implementation 7eaac9e2, 54dba0c1 (@ Zearin)
    • recursive-readdir: replaced with own implementation 4eb1184

  Updated

  • Dependencies: 75e6878

    • chalk: 1.1.3 ▶︎ 3.0.0
    • gray-matter: 2.0.0 ▶︎ 4.0.3
    • stat-mode: 0.2.0 ▶︎ 1.0.0
    • rimraf: 2.2.8 ▶︎ 3.0.2
    • ware: 1.2.0 ▶︎ 1.3.0
    • commander (used in CLI): 2.15.1 ▶︎ 6.2.1
    • win-fork (used in CLI): replaced with cross-spawn:7.0.3

  • Updated CHANGELOG.md format to follow “Keep A Changelog” (#266) (@ Zearin)

  Fixed

  • #206 Metalsmith#ignore now only matches paths relative to Metalsmith#source (as it should). See linked issue for details 4eb1184
  • #226 Metalsmith will no longer 'swallow' errors on invalid front-matter, they will be passed to Metalsmith#build a6438d2
  • Fix test error on Windows #158 (@ moozzyk)
  • #281 Metalsmith now properly handles symbolic links (will throw an ENOENT error or they can be Metalsmith#ignore'd) 4eb1184
  • #178 Metalsmith#ignore now removes the matched files before they are statted for glob-based ignores (saving some perf & potential errors).
  • #295 Metalsmith now catches all FS errors and passes them to the build callback/ thenable appropriately.

  Security

  • Replace all occurences of new Buffer with Buffer.from

  npm audit vulnerability fixes

  • Development Dependencies:
    • coveralls: 2.11.6 ▶︎ 3.0.1 (#308) (@ Zearin)
      Fix 5 “Moderate” vulnerabilities
    • metalsmith-markdown: 0.2.1 ▶︎ 0.2.2 (#312) (@ Zearin)
      Fix 1 “Low” vulnerability
• 2.4.0 - 2022-01-31
  

  Unfortunately this release missed the index.js file and is only usable by doing require('metalsmith/lib'). This has quickly been fixed in 2.4.1 and the release notes ported to it

  Added

  • #338 Added Metalsmith#match method. Plugins no longer need to require a matching library 705c4bb, f01c724
  • #358 Added TS-style JSdocs 828b17e
  • Use native fs.rm instead of rimraf when available (Node 14.4+) fcbb76e, 66e4376
  • #226 Allow passing a gray-matter options object to Metalsmith#frontmatter a6438d2
  • Modernized dev setup ef7b781
  • Added 8 new tests (match method, front-matter options, path & symbolic link handling)
  • Files object file paths are now guaranteed to be sorted aphabetically. 4eb1184
  • #211 Metalsmith#build now returns a promise which you can attach a then/catch to or await. The build callback model is still available. 6d5a42d

  Removed

  • #231 Dropped support for Node < 8 2db47f5, 75e6878
  • Dependencies:
    • has-generators: obsolete in supported Node versions 2db47f5
    • absolute replaced with native Node path.isAbsolute c05f9e2 (@ Zearin)
    • is replaced with own implementation 7eaac9e2, 54dba0c1 (@ Zearin)
    • recursive-readdir: replaced with own implementation 4eb1184

  Updated

  • Dependencies: 75e6878

    • chalk: 1.1.3 ▶︎ 3.0.0
    • gray-matter: 2.0.0 ▶︎ 4.0.3
    • stat-mode: 0.2.0 ▶︎ 1.0.0
    • rimraf: 2.2.8 ▶︎ 3.0.2
    • ware: 1.2.0 ▶︎ 1.3.0
    • commander (used in CLI): 2.15.1 ▶︎ 6.2.1
    • win-fork (used in CLI): replaced with cross-spawn:7.0.3

  • Updated CHANGELOG.md format to follow “Keep A Changelog” (#266) (@ Zearin)

  Fixed

  • #206 Metalsmith#ignore now only matches paths relative to Metalsmith#source (as it should). See linked issue for details 4eb1184
  • #226 Metalsmith will no longer 'swallow' errors on invalid front-matter, they will be passed to Metalsmith#build a6438d2
  • Fix test error on Windows #158 (@ moozzyk)
  • #281 Metalsmith now properly handles symbolic links (will throw an ENOENT error or they can be Metalsmith#ignore'd) 4eb1184
  • #178 Metalsmith#ignore now removes the matched files before they are statted for glob-based ignores (saving some perf & potential errors).
  • #295 Metalsmith now catches all FS errors and passes them to the build callback/ thenable appropriately.

  Security

  • Replace all occurences of new Buffer with Buffer.from

  npm audit vulnerability fixes

  • Development Dependencies:
    • coveralls: 2.11.6 ▶︎ 3.0.1 (#308) (@ Zearin)
      Fix 5 “Moderate” vulnerabilities
    • metalsmith-markdown: 0.2.1 ▶︎ 0.2.2 (#312) (@ Zearin)
      Fix 1 “Low” vulnerability
• 2.3.0 - 2016-10-28
  

  Added

  • Add packaging metadata to build the metalsmith snap (#249)

  Updated

  • Update dependencies (#246)

  Removed

  • Remove unused dependencies

  Fixed

  • Fix error when reading a symbolic link to a dir (#229)

  Security

  • Upgrade dependency to include security fix (#258)

from metalsmith GitHub release notes

Commit messages

Package name: metalsmith

• 06fed35 Release 2.4.1
• c4d6b30 bugfix: include index.js, update changelog
• 82f4b06 Release 2.4.0
• 0aa6b4b chore: tweak jsdoc types, run prettier, finalize changelog
• 4511036 chore: prepare changelog for v2.4.0 [skip travis]
• 06e0572 chore: Add more complex test for ignore args
• 4eb1184 Fixes chore(deps): bump github/codeql-action from 2.21.9 to 2.22.3 #281: proper handling of symbolic links
• f01c724 Metalsmith#match: adapt signature, move match body to helpers, enhance tests (see [Snyk] Upgrade @types/node from 20.8.10 to 20.9.2 #338)
• 828b17e Fixes [Snyk] Upgrade shikiji from 0.7.3 to 0.7.4 #358: add better JSdocs. Fixes issue with match method & enhances path method
• cce1558 chore: lint bin/_metalsmith
• 5e290e1 Make match test not depend on native FS file order
• f39be80 chore: run eslint + prettier formatting [skip travis]
• ef7b781 chore: align dotfiles, add prettier, sort package.json, update ESlint [skip travis]
• 705c4bb feature/[Snyk] Upgrade @types/node from 20.8.10 to 20.9.2 #338 - add Metalsmith.match method candidate
• edc2eef chore: fix chmodded dir test
• a6438d2 Fixes [Snyk] Upgrade @metalsmith/markdown from 1.6.0 to 1.9.2 #226: allow gray-matter opts in frontmatter()
• 2960b6e chore: increase error handling test coverage
• b77301e [skip travis] Add Github meta-files
• acd9a4c chore: Update (modernize) README.md
• 4ca6e66 Updated README.md, .editorconfig
• 7e6da34 ci: optimize build efficiency
• 6d5a42d bugfix/[pull] main from nodejs:main #211 - gracefully handle build without callback
• 791598d bugfix: pass path without globstar to rm helper
• 19cd675 chore: move mocha config to package.json (mocha.opts deprecated)

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs