[Snyk] Upgrade liquidjs from 9.22.1 to 9.43.0 #5

NahNick · 2023-06-28T01:21:57Z

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to upgrade liquidjs from 9.22.1 to 9.43.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

The recommended version is 45 versions ahead of your current version.
The recommended version was released 7 months ago, on 2022-11-27.

The recommended version fixes:

Issue	PriorityScore (*)	Exploit Maturity
Prototype Pollution SNYK-JS-ASYNC-2441827	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-AXIOS-1579269	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
Command Injection SNYK-JS-FINDPROCESS-1090284	482/1000 Why? Proof of Concept exploit, CVSS 7.5	No Known Exploit
Denial of Service (DoS) SNYK-JS-JPEGJS-2859218	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-SIDEWAYFORMULA-3317169	482/1000 Why? Proof of Concept exploit, CVSS 7.5	No Known Exploit
Information Exposure SNYK-JS-FOLLOWREDIRECTS-2332181	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
Denial of Service (DoS) SNYK-JS-JSZIP-1251497	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
Arbitrary File Write via Archive Extraction (Zip Slip) SNYK-JS-JSZIP-3188562	482/1000 Why? Proof of Concept exploit, CVSS 7.5	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-PROMPTS-1729737	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
Information Exposure SNYK-JS-FOLLOWREDIRECTS-2396346	482/1000 Why? Proof of Concept exploit, CVSS 7.5	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: liquidjs

9.43.0 - 2022-11-27
9.43.0 (2022-11-27)

Features
- support timezone offset argument for date filter, #553 (7a71485)
9.42.1 - 2022-10-21
9.42.1 (2022-10-21)

Bug Fixes
- truncatewords should use at least one word, #537 (32f613f)
9.42.0 - 2022-08-27
9.42.0 (2022-08-27)

Features
- promise in expression & nested property, #533 #276 (bbf00f3)
9.41.0 - 2022-08-24
9.41.0 (2022-08-24)

Features
- use evalValue to parse & render expression, #527 (071368a)
9.40.0 - 2022-08-14
9.40.0 (2022-08-14)

Bug Fixes
- target ES6 for ESM bundles, fixes #526 (905a6dd)
Features
- export toValueSync & defaultOptions to evaluate expression, see #527 (e874b40)
9.39.2 - 2022-07-21
9.39.2 (2022-07-21)

Bug Fixes
- expression support Drop.valueOf, fixes #522 (4ad383d)
9.39.1 - 2022-07-14
9.39.1 (2022-07-14)

Bug Fixes
- throw ParseError instead of RenderError for invalid assign expression, closes #519 (c41a5d5)
9.39.0 - 2022-07-09
9.39.0 (2022-07-09)

Bug Fixes
- for tag not respecting Drop#valueOf(), fixes #515 (c3e51ca)
Features
- iteration protocols (a19feea)
9.38.0 - 2022-07-07
9.38.0 (2022-07-07)

Bug Fixes
- stack overflow on large number of templates, #513 (3dc4290)
Features
- inline comment tag (#514) (2f87708)
9.37.0 - 2022-04-21
9.37.0 (2022-04-21)

Bug Fixes
- support integer arithmetic for divided_by, closes #465 (e69a510)
Features
- automatic output escaping, closes #500 (f88490c)
9.36.2 - 2022-04-19
9.36.1 - 2022-04-17
9.36.0 - 2022-03-05
9.35.2 - 2022-03-02
9.35.1 - 2022-02-26
9.35.0 - 2022-02-23
9.34.1 - 2022-02-20
9.34.0 - 2022-01-28
9.33.1 - 2022-01-19
9.33.0 - 2022-01-19
9.32.1 - 2022-01-12
9.32.0 - 2022-01-02
9.31.0 - 2021-12-19
9.30.0 - 2021-12-18
9.29.0 - 2021-12-11
9.28.6 - 2021-12-07
9.28.5 - 2021-11-05
9.28.4 - 2021-10-31
9.28.3 - 2021-10-27
9.28.2 - 2021-10-16
9.28.1 - 2021-10-16
9.28.0 - 2021-10-06
9.27.1 - 2021-10-04
9.27.0 - 2021-10-03
9.26.0 - 2021-09-30
9.25.1 - 2021-06-20
9.25.0 - 2021-05-07
9.24.2 - 2021-05-04
9.24.1 - 2021-05-01
9.24.0 - 2021-05-01
9.23.4 - 2021-04-17
9.23.3 - 2021-03-21
9.23.2 - 2021-03-13
9.23.1 - 2021-02-19
9.23.0 - 2021-02-12
9.22.1 - 2021-02-05

from liquidjs GitHub release notes

Commit messages

Package name: liquidjs

907c4de chore(release): 9.43.0 [skip ci]
7a71485 feat: support timezone offset argument for date filter, Update https-cloning-errors.md github/docs#553
cd918cc chore(deps): bump minimatch from 3.0.4 to 3.1.2 in /docs
8061e55 docs: fix tags sidebar translation
33e97db docs: update .all-contributorsrc [skip ci]
9cfc8fd docs: update README.md [skip ci]
f62b210 docs: add echo and liquid tags Chinese translation (Incorrect type for labels parameter: "array of undefineds" github/docs#549)
bf6b5c7 chore(release): 9.42.1 [skip ci]
a58fe44 chore(deps): bump minimist and hexo-renderer-swig in /docs
99516cb chore(deps): bump semver-regex from 2.0.0 to 3.1.4
850ab0c chore(deps): bump ansi-regex from 3.0.0 to 3.0.1
33c7c8f docs: demo for using LiquidJS with webpack
32f613f fix: truncatewords should use at least one word, update github/docs#537
71a1dc6 docs: update README
375a19b chore: update funding.yml
4e17fdc docs: update README.md
01c2504 docs: update .all-contributorsrc [skip ci]
4a9b467 docs: update README.md [skip ci]
78f2120 Update intro-to-liquid.md
adfc27c chore(deps): bump moment-timezone from 0.5.28 to 0.5.37 in /docs
0075be9 chore(release): 9.42.0 [skip ci]
bbf00f3 feat: promise in expression & nested property, [DO NOT MERGE] Test github/docs#533 Update powershell example using Out-File. github/docs#276
0997530 chore(release): 9.41.0 [skip ci]
071368a feat: use evalValue to parse & render expression, Update all-contributors configuration to avoid merge conflicts github/docs#527

Compare

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

Snyk has created this PR to upgrade liquidjs from 9.22.1 to 9.43.0. See this package in npm: https://www.npmjs.com/package/liquidjs See this project in Snyk: https://app.snyk.io/org/nhoyas/project/0116fd0a-16bc-48e5-ae5d-b7434713efce?utm_source=github&utm_medium=referral&page=upgrade-pr

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[Snyk] Upgrade liquidjs from 9.22.1 to 9.43.0 #5

[Snyk] Upgrade liquidjs from 9.22.1 to 9.43.0 #5

NahNick commented Jun 28, 2023

9.43.0 (2022-11-27)

Features

9.42.1 (2022-10-21)

Bug Fixes

9.42.0 (2022-08-27)

Features

9.41.0 (2022-08-24)

Features

9.40.0 (2022-08-14)

Bug Fixes

Features

9.39.2 (2022-07-21)

Bug Fixes

9.39.1 (2022-07-14)

Bug Fixes

9.39.0 (2022-07-09)

Bug Fixes

Features

9.38.0 (2022-07-07)

Bug Fixes

Features

9.37.0 (2022-04-21)

Bug Fixes

Features

[Snyk] Upgrade liquidjs from 9.22.1 to 9.43.0 #5

Are you sure you want to change the base?

[Snyk] Upgrade liquidjs from 9.22.1 to 9.43.0 #5

Conversation

NahNick commented Jun 28, 2023

Snyk has created this PR to upgrade liquidjs from 9.22.1 to 9.43.0.

9.43.0 (2022-11-27)

Features

9.42.1 (2022-10-21)

Bug Fixes

9.42.0 (2022-08-27)

Features

9.41.0 (2022-08-24)

Features

9.40.0 (2022-08-14)

Bug Fixes

Features

9.39.2 (2022-07-21)

Bug Fixes

9.39.1 (2022-07-14)

Bug Fixes

9.39.0 (2022-07-09)

Bug Fixes

Features

9.38.0 (2022-07-07)

Bug Fixes

Features

9.37.0 (2022-04-21)

Bug Fixes

Features