Skip to content

[Snyk] Upgrade: , , axios, chart.js, cheerio, lucide-react, prisma, qrcode.react, react-resizable-panels #200

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 1 commit into from
Closed

[Snyk] Upgrade: , , axios, chart.js, cheerio, lucide-react, prisma, qrcode.react, react-resizable-panels #200

wants to merge 1 commit into from

Conversation

@vigneshshettyin
Copy link
Owner

@vigneshshettyin vigneshshettyin commented Sep 22, 2024

snyk-top-banner

Snyk has created this PR to upgrade multiple dependencies.

👯 The following dependencies are linked and will therefore be updated together.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

Name Versions Released on

@prisma/client
from 5.18.0 to 5.19.0 | 76 versions ahead of your current version | a month ago
on 2024-08-27
@sentry/nextjs
from 7.118.0 to 7.119.0 | 1 version ahead of your current version | a month ago
on 2024-08-14
axios
from 1.7.4 to 1.7.7 | 3 versions ahead of your current version | 22 days ago
on 2024-08-31
chart.js
from 4.4.3 to 4.4.4 | 1 version ahead of your current version | a month ago
on 2024-08-20
cheerio
from 1.0.0-rc.12 to 1.0.0 | 1 version ahead of your current version | a month ago
on 2024-08-09
lucide-react
from 0.416.0 to 0.437.0 | 19 versions ahead of your current version | 22 days ago
on 2024-08-31
prisma
from 5.18.0 to 5.19.0 | 75 versions ahead of your current version | a month ago
on 2024-08-27
qrcode.react
from 3.1.0 to 3.2.0 | 1 version ahead of your current version | 21 days ago
on 2024-09-01
react-resizable-panels
from 2.1.0 to 2.1.2 | 2 versions ahead of your current version | 24 days ago
on 2024-08-29

Release notes
Package name: @prisma/client
  • 5.19.0 - 2024-08-27

    Today, we are excited to share the 5.19.0 stable release 🎉

    🌟 Help us spread the word about Prisma by starring the repo or posting on X about the release. 🌟

    Highlights

    Introducing TypedSQL

    TypedSQL is a brand new way to interact with your database from Prisma Client. After enabling the typedSql Preview feature, you’re able to write SQL queries in a new sql subdirectory of your prisma directory. These queries are then checked by Prisma during using the new --sql flag of prisma generate and added to your client for use in your code.

    To get started with TypedSQL:

    1. Make sure that you have the latest version of prisma and @ prisma/client installed:

      npm install -D prisma@latest
npm install @ prisma/client@latest

    2. Enable the typedSql Preview feature in your Prisma Schema.

         generator client {
     provider = "prisma-client-js"
     previewFeatures = ["typedSql"]
   }

    3. Create a sql subdirectory of your prisma directory.

      mkdir -p prisma/sql

    4. You can now add .sql files to the sql directory! Each file can contain one sql query and the name must be a valid JS identifier. For this example, say you had the file getUsersWithPosts.sql with the following contents:

      SELECT u.id, u.name, COUNT(p.id) as "postCount"
FROM "User" u
LEFT JOIN "Post" p ON u.id = p."authorId"
GROUP BY u.id, u.name

    5. Import your SQL query into your code with the @ prisma/client/sql import:

      import { PrismaClient } from '@ prisma/client'
      import { getUsersWithPosts } from '@prisma/client/sql'

      const prisma = new PrismaClient()

      const usersWithPostCounts = await prisma.$queryRawTyped(getUsersWithPosts)
      console.log(usersWithPostCounts)

    There’s a lot more to talk about with TypedSQL. We think that the combination of the high-level Prisma Client API and the low-level TypedSQL will make for a great developer experience for all of our users.

    To learn more about behind the “why” of TypedSQL be sure to check out our announcement blog post.

    For docs, check out our new TypedSQL section.

    Bug fixes

    Driver adapters and D1

    A few issues with our driverAdapters Preview feature and Cloudflare D1 support were resolved via prisma/prisma-engines#4970 and #24922

    • Mathematic operations such as max, min, eq, etc in queries when using Cloudflare D1.
    • Resolved issues when comparing BigInt IDs when relationMode="prisma" was enabled and Cloudflare D1 was being used.

    Joins

    • #23742 fixes Prisma Client not supporting deeply nested some clauses when the relationJoins Preview feature was enabled.

    MongoDB

    The MongoDB driver for Rust (that our query engine users under the hood) had behavior that prioritized IPv4 connections over IPv6 connections. In IPv6-only environments, this could lead to significant "cold starts" where the query engine had to wait for IPv4 to fail before the driver would try IPv6.

    With help from the MongoDB team, this has been resolved. The driver will now try IPv4 and IPv6 connections in parallel and then move forward with the first response. This should prevent cold start issues that have been seen with MongoDB in Prisma Accelerate.

    Thank you to the MongoDB team!

    Join us

    Looking to make an impact on Prisma in a big way? We're now hiring engineers for the ORM team!

    • Senior Engineer (TypeScript): This person will be primarily working on the TypeScript side and evolving our Prisma client. Rust knowledge (or desire to learn Rust) is a plus.
    • Senior Engineer (Rust): This person will be focused on the prisma-engines Rust codebase. TypeScript knowledge (or, again, a desire to learn) is a plus.

    Credits

    Huge thanks to @ mcuelenaere, @ pagewang0, @ Druue, @ key-moon, @ Jolg42, @ pranayat, @ ospfranco, @ yubrot, @ skyzh for helping!

  • 5.19.0-integration-feat-typed-sql.26 - 2024-08-23
  • 5.19.0-integration-feat-typed-sql.25 - 2024-08-23
  • 5.19.0-integration-feat-typed-sql.24 - 2024-08-23
  • 5.19.0-integration-feat-typed-sql.23 - 2024-08-23
  • 5.19.0-integration-feat-typed-sql.22 - 2024-08-23
  • 5.19.0-integration-feat-typed-sql.21 - 2024-08-22
  • 5.19.0-integration-feat-typed-sql.20 - 2024-08-22
  • 5.19.0-integration-feat-typed-sql.19 - 2024-08-22
  • 5.19.0-integration-feat-typed-sql.18 - 2024-08-22
  • 5.19.0-integration-feat-typed-sql.17 - 2024-08-22
  • 5.19.0-integration-feat-typed-sql.16 - 2024-08-22
  • 5.19.0-integration-feat-typed-sql.15 - 2024-08-22
  • 5.19.0-integration-feat-typed-sql.14 - 2024-08-22
  • 5.19.0-integration-feat-typed-sql.13 - 2024-08-21
  • 5.19.0-integration-feat-typed-sql.12 - 2024-08-21
  • 5.19.0-integration-feat-typed-sql.11 - 2024-08-21
  • 5.19.0-integration-feat-typed-sql.10 - 2024-08-21
  • 5.19.0-integration-feat-typed-sql.9 - 2024-08-21
  • 5.19.0-integration-feat-typed-sql.8 - 2024-08-20
  • 5.19.0-integration-feat-typed-sql.7 - 2024-08-20
  • 5.19.0-integration-feat-typed-sql.6 - 2024-08-08
  • 5.19.0-integration-feat-typed-sql.5 - 2024-08-07
  • 5.19.0-integration-feat-typed-sql.4 - 2024-08-07
  • 5.19.0-integration-feat-typed-sql.3 - 2024-08-07
  • 5.19.0-integration-feat-typed-sql.2 - 2024-08-07
  • 5.19.0-integration-feat-typed-sql.1 - 2024-08-07
  • 5.19.0-integration-engines-5-19-0-9-integration-fix-planetscale-transactions-6b0a78a8af3fae4debef82ff443972dff0807722.2 - 2024-08-12
  • 5.19.0-integration-engines-5-19-0-9-integration-fix-planetscale-transactions-6b0a78a8af3fae4debef82ff443972dff0807722.1 - 2024-08-12
  • 5.19.0-integration-engines-5-19-0-32-integration-fix-planetscale-transactions-c83aea2de749622725d37b2125922e2b83ac349c.2 - 2024-08-26
  • 5.19.0-integration-engines-5-19-0-32-integration-fix-planetscale-transactions-c83aea2de749622725d37b2125922e2b83ac349c.1 - 2024-08-26
  • 5.19.0-integration-engines-5-19-0-3-integration-fix-d1-int64-3fe108cb35159b6838b9365ea06876b999e37136.2 - 2024-08-08
  • 5.19.0-integration-engines-5-19-0-3-integration-fix-d1-int64-3fe108cb35159b6838b9365ea06876b999e37136.1 - 2024-08-08
  • 5.19.0-integration-engines-5-19-0-29-integration-build-rs-version-34ac31986ed851ada6e3c142e76db8fdb839a8f0.2 - 2024-08-24
  • 5.19.0-integration-engines-5-19-0-29-integration-build-rs-version-34ac31986ed851ada6e3c142e76db8fdb839a8f0.1 - 2024-08-24
  • 5.19.0-integration-engines-5-19-0-28-integration-enum-mapped-values-ba87944c8b88a1e7b2255a110274d540df6bb831.2 - 2024-08-24
  • 5.19.0-integration-engines-5-19-0-28-integration-enum-mapped-values-ba87944c8b88a1e7b2255a110274d540df6bb831.1 - 2024-08-24
  • 5.19.0-integration-engines-5-19-0-25-feat-typed-sql-nullability-860858bb818708261f36cd05bc915e603aae5004.1 - 2024-08-20
  • 5.19.0-integration-engines-5-19-0-22-integration-mongodb-ipv6-fix-a6fed372778795b60d9899578c11319bc19597ac.2 - 2024-08-20
  • 5.19.0-integration-engines-5-19-0-22-integration-mongodb-ipv6-fix-a6fed372778795b60d9899578c11319bc19597ac.1 - 2024-08-20
  • 5.19.0-integration-engines-5-19-0-21-feat-typed-sql-nullability-e696c9149500a73fbefedf5b0edb3f085ff90515.1 - 2024-08-19
  • 5.19.0-integration-engines-5-19-0-20-integration-mongodb-ipv6-fix-52a7684de6884ddf5b7e91ac5f37254a02a69774.2 - 2024-08-15
  • 5.19.0-integration-engines-5-19-0-20-integration-mongodb-ipv6-fix-52a7684de6884ddf5b7e91ac5f37254a02a69774.1 - 2024-08-15
  • 5.19.0-integration-engines-5-19-0-2-integration-fix-d1-int64-e5ebd17c4a7f6a855bd0d3594e1c593542db3061.2 - 2024-08-07
  • 5.19.0-integration-engines-5-19-0-2-integration-fix-d1-int64-e5ebd17c4a7f6a855bd0d3594e1c593542db3061.1 - 2024-08-07
  • 5.19.0-integration-engines-5-19-0-18-feat-typed-sql-nullability-c4dc3c5083115b65abe4436e4ec6e1c8c2afbecd.1 - 2024-08-14
  • 5.19.0-integration-engines-5-19-0-17-feat-typed-sql-nullability-4b818550ffc9da4e66541525cca08569a58a78e2.1 - 2024-08-14
  • 5.19.0-integration-engines-5-19-0-16-feat-typed-sql-nullability-c79c3569f88658b971ff948a55aff64ff3a4e4bf.1 - 2024-08-14
  • 5.19.0-integration-engines-5-19-0-15-integration-fix-planetscale-transactions-cc0baab23c1961e4f06f2114b9cf252e99ac90f5.2 - 2024-08-14
  • 5.19.0-integration-engines-5-19-0-15-integration-fix-planetscale-transactions-cc0baab23c1961e4f06f2114b9cf252e99ac90f5.1 - 2024-08-14
  • 5.19.0-integration-engines-5-19-0-14-feat-typed-sql-nullability-29abebce25f4e6c26673d18598de307337325b86.1 - 2024-08-13
  • 5.19.0-integration-engines-5-19-0-13-feat-typed-sql-nullability-7d01fb5b13f6e0f51384fe689b7e9ace5a504565.1 - 2024-08-13
  • 5.19.0-integration-engines-5-19-0-11-integration-fix-planetscale-transactions-5154993b5b25464fff0c724fe47c547aa076c73a.2 - 2024-08-12
  • 5.19.0-integration-engines-5-19-0-11-integration-fix-planetscale-transactions-5154993b5b25464fff0c724fe47c547aa076c73a.1 - 2024-08-12
  • 5.19.0-integration-engines-5-19-0-10-integration-fix-planetscale-transactions-630e1df957c8431ec5989ee7188545730681ae49.2 - 2024-08-12
  • 5.19.0-integration-engines-5-19-0-10-integration-fix-planetscale-transactions-630e1df957c8431ec5989ee7188545730681ae49.1 - 2024-08-12
  • 5.19.0-integration-engines-5-19-0-1-integration-fix-d1-int64-61431bbd9716f47de3f303a09ece9b370da04142.2 - 2024-08-06
  • 5.19.0-integration-engines-5-19-0-1-integration-fix-d1-int64-61431bbd9716f47de3f303a09ece9b370da04142.1 - 2024-08-06
  • 5.19.0-dev.18 - 2024-08-26
  • 5.19.0-dev.17 - 2024-08-24
  • 5.19.0-dev.16 - 2024-08-23
  • 5.19.0-dev.15 - 2024-08-23
  • 5.19.0-dev.14 - 2024-08-23
  • 5.19.0-dev.13 - 2024-08-21
  • 5.19.0-dev.12 - 2024-08-20
  • 5.19.0-dev.11 - 2024-08-19
  • 5.19.0-dev.10 - 2024-08-16
  • 5.19.0-dev.9 - 2024-08-16
  • 5.19.0-dev.8 - 2024-08-13
  • 5.19.0-dev.7 - 2024-08-12
  • 5.19.0-dev.6 - 2024-08-12
  • 5.19.0-dev.5 - 2024-08-12
  • 5.19.0-dev.4 - 2024-08-12
  • 5.19.0-dev.3 - 2024-08-09
  • 5.19.0-dev.2 - 2024-08-09
  • 5.19.0-dev.1 - 2024-08-07
  • 5.18.0 - 2024-08-06

    🌟 Help us spread the word about Prisma by starring the repo or tweeting about the release. 🌟

    Highlights

    Native support for UUIDv7

    Previous to this release, the Prisma Schema function uuid() did not accept any arguments and created a UUIDv4 ID. While sufficient in many cases, UUIDv4 has a few drawbacks, namely that it is not temporally sortable.

    UUIDv7 attempts to resolve this issue, making it easy to temporally sort your database rows by ID!

    To support this, we’ve updated the uuid() function in Prisma Schema to accept an optional, integer argument. Right now, the only valid values are 4 and 7, with 4 being the default.

    model User {
    id String @id @default(uuid()) // defaults to 4
    name String
    }

    model User {
    id String @id @default(uuid(4)) // same as above, but explicit
    name String
    }

    model User {
    id String @id @default(uuid(7)) // will use UUIDv7 instead of UUIDv4
    name String
    }

    Bug squashing

    We’ve squashed a number of bugs this release, special thanks to everyone who helped us! A few select highlights are:

    Fixes and improvements

    Prisma

    Language tools (e.g. VS Code)

    Share your feedback about Prisma ORM

    We want to know how you like working with Prisma ORM in your projects! Please take our 2min survey and let us know what you like or where we can improve 🙏

    Credits

    Huge thanks to @ mcuelenaere, @ pagewang0, @ Druue, @ key-moon, @ Jolg42, @ pranayat, @ ospfranco, @ yubrot, @ skyzh, @ haaawk for helping!

from @prisma/client GitHub release notes
Package name: @sentry/nextjs
  • 7.119.0 - 2024-08-14
    • backport(tracing): Report dropped spans for transactions (#13343)

    Bundle size 📦

    Path Size
    @ sentry/browser (incl. Tracing, Replay, Feedback) - Webpack (gzipped) 80.96 KB
    @ sentry/browser (incl. Tracing, Replay) - Webpack (gzipped) 71.89 KB
    @ sentry/browser (incl. Tracing, Replay with Canvas) - Webpack (gzipped) 76.14 KB
    @ sentry/browser (incl. Tracing, Replay) - Webpack with treeshaking flags (gzipped) 65.52 KB
    @ sentry/browser (incl. Tracing) - Webpack (gzipped) 35.77 KB
    @ sentry/browser (incl. browserTracingIntegration) - Webpack (gzipped) 35.66 KB
    @ sentry/browser (incl. Feedback) - Webpack (gzipped) 31.71 KB
    @ sentry/browser (incl. sendFeedback) - Webpack (gzipped) 31.72 KB
    @ sentry/browser - Webpack (gzipped) 22.91 KB
    @ sentry/browser (incl. Tracing, Replay, Feedback) - ES6 CDN Bundle (gzipped) 79.17 KB
    @ sentry/browser (incl. Tracing, Replay) - ES6 CDN Bundle (gzipped) 70.49 KB
    @ sentry/browser (incl. Tracing) - ES6 CDN Bundle (gzipped) 36.17 KB
    @ sentry/browser - ES6 CDN Bundle (gzipped) 25.41 KB
    @ sentry/browser (incl. Tracing, Replay) - ES6 CDN Bundle (minified & uncompressed) 221.92 KB
    @ sentry/browser (incl. Tracing) - ES6 CDN Bundle (minified & uncompressed) 109.52 KB
    @ sentry/browser - ES6 CDN Bundle (minified & uncompressed) 76.24 KB
    @ sentry/browser (incl. Tracing) - ES5 CDN Bundle (gzipped) 39.45 KB
    @ sentry/react (incl. Tracing, Replay) - Webpack (gzipped) 72.4 KB
    @ sentry/react - Webpack (gzipped) 22.94 KB
    @ sentry/nextjs Client (incl. Tracing, Replay) - Webpack (gzipped) 90.16 KB
    @ sentry/nextjs Client - Webpack (gzipped) 54.27 KB
    @ sentry-internal/feedback - Webpack (gzipped) 17.34 KB
  • 7.118.0 - 2024-06-21
from @sentry/nextjs GitHub release notes
Package name: axios from axios GitHub release notes
Package name: chart.js from chart.js GitHub release notes
Package name: cheerio
  • 1.0.0 - 2024-08-09

    Cheerio 1.0 is here! 🎉

    Announcement Blog Post

    Breaking Changes

    • The minimum NodeJS version is now 18.17 or higher #3959

    • Import paths were simplified. For example, use cheerio/slim instead of
      cheerio/lib/slim. #3970

    • The deprecated default Cheerio instance and static methods were removed. #3974

      Before, it was possible to write code like this:

      import cheerio, { html } from 'cheerio';

      html(cheerio('<test></test>')); // ~ '<test></test>' -- NO LONGER WORKS

      Make sure to always load documents first:

      import * as cheerio from 'cheerio';

      cheerio.load('<test></test>').html();

    • Node types previously re-exported by Cheerio must now be imported directly
      from (domhandler)(https://github.com/fb55/domhandler). #3969

    • htmlparser2 options now reside exclusively under the xml key (#2916):

      const $ = cheerio.load('<html>', {
  xml: {
    withStartIndices: true,
  },
});

    New Features

    • Add functions to load buffers, streams & URLs in NodeJS by @ fb55 in #2857
    • Add extract method by @ fb55 in #2750

    Fixes

    Other

    Full Changelog: v1.0.0-rc.12...v1.0.0

  • 1.0.0-rc.12 - 2022-06-26

    Bugfix release. Fixed issues:

    • Align prop undefined handling with jQuery by

@snyk-bot
fix: upgrade multiple dependencies with Snyk
702ca42 
Snyk has created this PR to upgrade:
  - @prisma/client from 5.18.0 to 5.19.0.
    See this package in npm: https://www.npmjs.com/package/@prisma/client
  - @sentry/nextjs from 7.118.0 to 7.119.0.
    See this package in npm: https://www.npmjs.com/package/@sentry/nextjs
  - axios from 1.7.4 to 1.7.7.
    See this package in npm: https://www.npmjs.com/package/axios
  - chart.js from 4.4.3 to 4.4.4.
    See this package in npm: https://www.npmjs.com/package/chart.js
  - cheerio from 1.0.0-rc.12 to 1.0.0.
    See this package in npm: https://www.npmjs.com/package/cheerio
  - lucide-react from 0.416.0 to 0.437.0.
    See this package in npm: https://www.npmjs.com/package/lucide-react
  - prisma from 5.18.0 to 5.19.0.
    See this package in npm: https://www.npmjs.com/package/prisma
  - qrcode.react from 3.1.0 to 3.2.0.
    See this package in npm: https://www.npmjs.com/package/qrcode.react
  - react-resizable-panels from 2.1.0 to 2.1.2.
    See this package in npm: https://www.npmjs.com/package/react-resizable-panels

See this project in Snyk:
https://app.snyk.io/org/vigneshshettyin/project/f292640c-2272-4ab3-b7a3-dc7f2f3bba3e?utm_source=github&utm_medium=referral&page=upgrade-pr
@vercel
Copy link

vercel bot commented Sep 22, 2024
edited
Loading

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name Status Preview Comments Updated (UTC)
eat-my-url ❌ Failed (Inspect) Sep 22, 2024 10:28am

@VijeshVS VijeshVS closed this Oct 2, 2024
@vigneshshettyin vigneshshettyin deleted the snyk-upgrade-4bcbe03f76e815389924aeee083cc0a6 branch November 18, 2024 15:32
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@vigneshshettyin @VijeshVS @snyk-bot