Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

chore(deps): update dependency @mdx-js/react to v3 #8

Open
wants to merge 1 commit into
base: main
Choose a base branch
from

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Sep 29, 2023

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
@mdx-js/react (source) 1.6.22 -> 3.0.1 age adoption passing confidence

Release Notes

mdx-js/mdx (@​mdx-js/react)

v3.0.1

Compare Source

Fix
Types
Site

Full Changelog: mdx-js/mdx@3.0.0...3.0.1

v3.0.0

Compare Source

(see https://mdxjs.com/migrating/v3/ on how to migrate)

Change
Change (unlikely to affect you)
  • c961af8 Remove useDynamicImport option
  • 9cb26fd @mdx-js/register: remove package
  • 0d1558a @mdx-js/esbuild: remove experimental allowDangerousRemoteMdx
  • 0f62bce @mdx-js/node-loader: remove fixRuntimeWithoutExportMap
  • 4f92422 @mdx-js/preact: remove deprecated MDXContext, withMDXComponents
  • a362bb4 @mdx-js/react: remove deprecated MDXContext, withMDXComponents
Add
Misc
Docs
Site

Full Changelog: mdx-js/mdx@2.3.0...3.0.0

v2.3.0

Compare Source

Add
Fix
Community
Misc

Full Changelog: mdx-js/mdx@2.2.1...2.3.0

v2.2.1

Compare Source

  • e293eaf Remove assert/strict for Node 14

Full Changelog: mdx-js/mdx@2.2.0...2.2.1

v2.2.0

Compare Source

Features
Patches
  • 3e0ab23 Fix @mdx-js/node-loader from patching all runtimes
Docs

Full Changelog: mdx-js/mdx@2.1.5...2.2.0

v2.1.5

Compare Source

  • 90fa493 Fix bug with (injected) custom elements and layouts

Full Changelog: mdx-js/mdx@2.1.4...2.1.5

v2.1.4

Compare Source

Patches
Docs

Full Changelog: mdx-js/mdx@2.1.3...2.1.4

v2.1.3

Compare Source

Core
Docs
Internal stuff that slightly improve stuff
  • 529b96a Replace astring with estree-util-to-js
  • 7d8dc11 Add id field to esbuild messages
  • 7f37b95 Update @types/estree-jsx

Full Changelog: mdx-js/mdx@2.1.2...2.1.3

v2.1.2

Compare Source

Core
Docs

Full Changelog: mdx-js/mdx@2.1.1...2.1.2

v2.1.1

Compare Source

Full Changelog: mdx-js/mdx@2.1.0...2.1.1

v2.1.0

Compare Source

Core
Site
Docs

New Contributors: Thanks @​VitorLuizC, @​homumado, @​bensmithett, @​stefanprobst, @​jbesomi, @​dawidjaniga, @​zfben

Full Changelog: mdx-js/mdx@2.0.0...2.1.0

v2.0.0

Compare Source

Welcome to MDX 2! See the of the website for everything:

Changelog since last RC
@mdx-js/mdx
@mdx-js/react
@mdx-js/loader
@mdx-js/esbuild
remark-mdx

New Contributors

Thanks @​redallen, @​lonyele, @​PaulieScanlon, @​pd4d10, @​Gowee, @​mskelton, @​ihupoo, @​remcohaszing, @​loreanvictor, @​ChrisChinchilla, @​glitteringkatie, @​mvasilkov, @​jablko, @​michaeloliverx, @​yordis, @​rodrez, @​imballinst, @​gaearon.

Full Changelog: mdx-js/mdx@v1.6.3...2.0.0


Configuration

📅 Schedule: Branch creation - "before 4am on Monday" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.


  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate bot requested a review from sullivanpj as a code owner September 29, 2023 22:30
@renovate renovate bot force-pushed the renovate/major-mdx-monorepo branch from f7bee40 to 4c93859 Compare October 9, 2023 02:24
@renovate renovate bot changed the title chore(deps): update dependency @mdx-js/react to v2 chore(deps): update dependency @mdx-js/react to v3 Nov 6, 2023
@renovate renovate bot force-pushed the renovate/major-mdx-monorepo branch from 4c93859 to c4e47a9 Compare November 6, 2023 03:06
Copy link

sonarcloud bot commented Nov 6, 2023

Kudos, SonarCloud Quality Gate passed!    Quality Gate passed

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 0 Code Smells

No Coverage information No Coverage information
0.0% 0.0% Duplication

@renovate renovate bot force-pushed the renovate/major-mdx-monorepo branch from c4e47a9 to 023f0cd Compare March 4, 2024 02:56
Copy link

sonarcloud bot commented Mar 4, 2024

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
No data about Coverage
0.0% Duplication on New Code

See analysis details on SonarCloud

Copy link

New and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package New capabilities Transitives Size Publisher
npm/@mdx-js/react@3.0.1 None 0 14.6 kB wooorm
npm/@opentelemetry/sdk-trace-node@1.17.0 Transitive: unsafe +6 2.45 MB pichlermarc
npm/@opentelemetry/semantic-conventions@1.17.0 None 0 595 kB pichlermarc

🚮 Removed packages: npm/@angular-devkit/architect@0.1602.5, npm/@angular-devkit/core@16.2.5, npm/@angular-devkit/schematics@16.2.5

View full report↗︎

Copy link

🚨 Potential security issues detected. Learn more about Socket for GitHub ↗︎

To accept the risk, merge this PR and you will not be notified again.

Alert Package NoteSource
Native code npm/@parcel/watcher@2.0.4

View full report↗︎

Next steps

What's wrong with native code?

Contains native code which could be a vector to obscure malicious code, and generally decrease the likelihood of reproducible or reliable installs.

Ensure that native code bindings are expected. Consumers may consider pure JS and functionally similar alternatives to avoid the challenges and risks associated with native code bindings.

Take a deeper look at the dependency

Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support [AT] socket [DOT] dev.

Remove the package

If you happen to install a dependency that Socket reports as Known Malware you should immediately remove it and select a different dependency. For other alert types, you may may wish to investigate alternative packages or consider if there are other ways to mitigate the specific risk posed by the dependency.

Mark a package as acceptable risk

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of ecosystem/package-name@version specifiers. e.g. @SocketSecurity ignore npm/foo@1.0.0 or ignore all packages with @SocketSecurity ignore-all

  • @SocketSecurity ignore npm/@parcel/watcher@2.0.4

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

0 participants