Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Snyk] Upgrade typedoc from 0.22.18 to 0.26.7 #5

Open
wants to merge 1 commit into
base: main
Choose a base branch
from

Conversation

ender700
Copy link
Owner

snyk-top-banner

Snyk has created this PR to upgrade typedoc from 0.22.18 to 0.26.7.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.


  • The recommended version is 82 versions ahead of your current version.

  • The recommended version was released on a month ago.

Issues fixed by the recommended upgrade:

Issue Score Exploit Maturity
critical severity Incomplete List of Disallowed Inputs
SNYK-JS-BABELTRAVERSE-5962462
786 Proof of Concept
high severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-ES5EXT-6095076
786 Proof of Concept
high severity Improper Control of Generation of Code ('Code Injection')
SNYK-JS-PUGCODEGEN-7086056
786 Proof of Concept
high severity Improper Handling of Exceptional Conditions
SNYK-JS-OCTOKITWEBHOOKS-6129527
786 No Known Exploit
high severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-SEMVER-3247795
786 Proof of Concept
high severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-SEMVER-3247795
786 Proof of Concept
high severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-SEMVER-3247795
786 Proof of Concept
high severity Improper Handling of Extra Parameters
SNYK-JS-FOLLOWREDIRECTS-6141137
786 Proof of Concept
high severity Uncaught Exception
SNYK-JS-SOCKETIO-7278048
786 No Known Exploit
medium severity Improper Control of Dynamically-Managed Code Resources
SNYK-JS-EJS-6689533
786 No Known Exploit
medium severity Information Exposure
SNYK-JS-FOLLOWREDIRECTS-6444610
786 Proof of Concept
low severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-WORDWRAP-3149973
786 Proof of Concept
Release notes
Package name: typedoc
  • 0.26.7 - 2024-09-09

    Features

    • Support TypeScript 5.6, #2699.
    • Added customJs option to include a script tag in generated HTML output, #2650.
    • Added markdownLinkExternal option to treat http[s]:// links in markdown documents and comments as external to be opened in a new tab, #2679.
    • Added navigation.excludeReferences option to prevent re-exports from appearing in the left hand navigation, #2685.
    • Added support for the @ abstract tag, #2692.

    Bug Fixes

    • Fixed an issue where links in packages mode would be resolved incorrectly, #2680.
    • @ link tags to symbols which are not included in the documentation will produce invalid link warnings again, #2681.
    • Fixed handling of @ param tags on comments attached to function callback parameters, #2683.
    • The alphabetical and alphabetical-ignoring-documents sort options now use localeCompare to sort, #2684.
    • Fixed incorrect placement of parameter default values in some signatures with a this parameter, #2698.

    Thanks!

  • 0.26.6 - 2024-08-18

    Features

    • Use of the @ extends block tag no longer produces warnings, #2659.
      This tag should only be used in JavaScript projects to specify the type parameters used when extending a parent class. It will not be rendered.
    • Added new navigation.compactFolders option to prevent TypeDoc from compacting folders, similar to the VSCode option. #2667.

    Bug Fixes

    • The suppressCommentWarningsInDeclarationFiles option now correctly ignores warnings in .d.cts and .d.mts files, #2647.
    • Restored re-exports in the page navigation menu, #2671.
    • JSON serialized projects will no longer contain reflection IDs for other projects created in the same run. Gerrit0/typedoc-plugin-zod#6.
    • In packages mode the reflection ID counter will no longer be reset when converting projects. This previously could result in links to files not working as expected.
  • 0.26.5 - 2024-07-21

    Features

    • TypeDoc now exposes array option defaults under OptionDefaults, #2640.

    Bug Fixes

    • Constructor parameters which share a name with a property on a parent class will no longer inherit the comment on the parent class, #2636.
    • Packages mode will now attempt to use the comment declared in the comment class for inherited members, #2622.
    • TypeDoc no longer crashes when @ document includes an empty file, #2638.
    • API: Event listeners added later with the same priority will be called later, #2643.

    Thanks!

  • 0.26.4 - 2024-07-10

    Bug Fixes

    • The page navigation sidebar no longer incorrectly includes re-exports if the same member is exported with multiple names #2625.
    • Page navigation now ensures the current page is visible when the page is first loaded, #2626.
    • If a relative linked image is referenced multiple times, TypeDoc will no longer sometimes produce invalid links to the image #2627.
    • @ link tags will now be validated in referenced markdown documents, #2629.
    • @ link tags are now resolved in project documents, #2629.
    • HTML/JSON output generated by TypeDoc now contains a trailing newline, #2632.
    • TypeDoc now correctly handles markdown documents with CRLF line endings, #2628.
    • @ hidden is now properly applied when placed in a function implementation comment, #2634.
    • Comments on re-exports are now rendered.

    Thanks!

  • 0.26.3 - 2024-06-28

    Features

    • "On This Page" navigation now includes the page groups in collapsible sections, #2616.

    Bug Fixes

    • mailto: links are no longer incorrectly recognized as relative paths, #2613.
    • Added @ since to the default list of recognized tags, #2614.
    • Relative paths to directories will no longer cause the directory to be copied into the media directory, #2617.
  • 0.26.2 - 2024-06-24

    Features

    • Added a --suppressCommentWarningsInDeclarationFiles option to disable warnings from
      parsing comments in declaration files, #2611.
    • Improved comment discovery to more closely match TypeScript's discovery when getting comments
      for members of interfaces/classes, #2084, #2545.

    Bug Fixes

    • The text non-highlighted language no longer causes warnings when rendering, #2610.
    • If a comment on a method is inherited from a parent class, and the child class does not
      use an @ param tag from the parent, TypeDoc will no longer warn about the @ param tag.
  • 0.26.1 - 2024-06-22

    Features

    • Improved Korean translation coverage, #2602.

    Bug Fixes

    • Added @ author to the default list of recognized tags, #2603.
    • Anchor links are no longer incorrectly checked for relative paths, #2604.
    • Fixed an issue where line numbers reported in error messages could be incorrect, #2605.
    • Fixed relative link detection for markdown links containing code in their label, #2606.
    • Fixed an issue with packages mode where TypeDoc would use (much) more memory than required, #2607.
    • TypeDoc will no longer crash when asked to render highlighted code for an unsupported language, #2609.
    • Fixed an issue where relatively-linked files would not be copied to the output directory in packages mode.
    • Fixed an issue where modifier tags were not applied to top level modules in packages mode.
    • Fixed an issue where excluded tags were not removed from top level modules in packages mode.
    • .jsonc configuration files are now properly read as JSONC, rather than being passed to require.

    Thanks!

  • 0.26.0 - 2024-06-22

    Breaking Changes

    • Drop support for Node 16.
    • Moved from marked to markdown-it for parsing as marked has moved to an async model which supporting would significantly complicate TypeDoc's rendering code.
      This means that any projects setting markedOptions needs to be updated to use markdownItOptions.
      Unlike marked@4, markdown-it pushes lots of functionality to plugins. To use plugins, a JavaScript config file must be used with the markdownItLoader option.
    • Updated Shiki from 0.14 to 1.x. This should mostly be a transparent update which adds another 23 supported languages and 13 supported themes.
      As Shiki adds additional languages, the time it takes to load the highlighter increases linearly. To avoid rendering taking longer than necessary,
      TypeDoc now only loads a few common languages. Additional languages can be loaded by setting the --highlightLanguages option.
    • Changed default of --excludePrivate to true.
    • Renamed --sitemapBaseUrl to --hostedBaseUrl to reflect that it can be used for more than just the sitemap.
    • Removed deprecated navigation.fullTree option.
    • Removed --media option, TypeDoc will now detect image links within your comments and markdown documents and automatically copy them to the site.
    • Removed --includes option, use the @ document tag instead.
    • Removed --stripYamlFrontmatter option, TypeDoc will always do this now.
    • Renamed the --htmlLang option to --lang.
    • Removed the --gaId option for Google Analytics integration and corresponding analytics theme member, #2600.
    • All function-likes may now have comments directly attached to them. This is a change from previous versions of TypeDoc where functions comments
      were always moved down to the signature level. This mostly worked, but caused problems with type aliases, so was partially changed in 0.25.13.
      This change was extended to apply not only to type aliases, but also other function-likes declared with variables and callable properties.
      As a part of this change, comments on the implementation signature of overloaded functions will now be added to the function reflection, and will
      not be inherited by signatures of that function, #2521.
    • API: TypeDoc now uses a typed event emitter to provide improved type safety, this found a bug where Converter.EVENT_CREATE_DECLARATION
      was emitted for ProjectReflection in some circumstances.
    • API: MapOptionDeclaration.mapError has been removed.
    • API: Deprecated BindOption decorator has been removed.
    • API: DeclarationReflection.indexSignature has been renamed to DeclarationReflection.indexSignatures.
      Note: This also affects JSON serialization. TypeDoc will support JSON output from 0.25 through at least 0.26.
    • API: JSONOutput.SignatureReflection.typeParameter has been renamed to typeParameters to match the JS API.
    • API: DefaultThemeRenderContext.iconsCache has been removed as it is no longer needed.
    • API: DefaultThemeRenderContext.hook must now be passed context if required by the hook.

    Features

    • Added support for TypeScript 5.5.
    • Added new --projectDocuments option to specify additional Markdown documents to be included in the generated site #247, #1870, #2288, #2565.
    • TypeDoc now has the architecture in place to support localization. No languages besides English
      are currently shipped in the package, but it is now possible to add support for additional languages, #2475.
    • Added support for a packageOptions object which specifies options that should be applied to each entry point when running with --entryPointStrategy packages, #2523.
    • --hostedBaseUrl will now be used to generate a <link rel="canonical"> element in the project root page, #2550.
    • Added support for documenting individual elements of a union type, #2585.
      Note: This feature is only available on type aliases directly containing unions.
    • TypeDoc will now log the number of errors/warnings errors encountered, if any, after a run, #2581.
    • New option, --customFooterHtml to add custom HTML to the generated page footer, #2559.
    • TypeDoc will now copy modifier tags to children if specified in the --cascadedModifierTags option, #2056.
    • TypeDoc will now warn if mutually exclusive modifier tags are specified for a comment (e.g. both @ alpha and @ beta), #2056.
    • Groups and categories can now be collapsed in the page body, #2330.
    • Added support for JSDoc @ hideconstructor tag.
      This tag should only be used to work around TypeScript#58653, prefer the more general @ hidden/@ ignore tag to hide members normally, #2577.
    • Added --useHostedBaseUrlForAbsoluteLinks option to use the --hostedBaseUrl option to produce absolute links to pages on a site, #940.
    • Tag headers now generate permalinks in the default theme, #2308.
    • TypeDoc now attempts to use the "most likely name" for a symbol if the symbol is not present in the documentation, #2574.
    • Fixed an issue where the "On This Page" section would include markdown if the page contained headings which contained markdown.
    • TypeDoc will now warn if a block tag is used which is not defined by the --blockTags option.
    • Added three new sort strategies documents-first, documents-last, and alphabetical-ignoring-documents to order markdown documents.
    • Added new --alwaysCreateEntryPointModule option. When set, TypeDoc will always create a Module for entry points, even if only one is provided.
      If --projectDocuments is used to add documents, this option defaults to true, otherwise, defaults to false.
    • Added new --highlightLanguages option to control what Shiki language packages are loaded.
    • TypeDoc will now render union elements on new lines if there are more than 3 items in the union.
    • TypeDoc will now only render the "Type Declaration" section if it will provide additional information not already presented in the page.
      This results in significantly smaller documentation pages in many cases where that section would just repeat what has already been presented in the rendered type.
    • Added comment.beforeTags and comment.afterTags hooks for plugin use.
      Combined with CommentTag.skipRendering this can be used to provide custom tag handling at render time.

    Bug Fixes

    • TypeDoc now supports objects with multiple index signatures, #2470.
    • Header anchor links in rendered markdown are now more consistent with headers generated by TypeDoc, #2546.
    • Types rendered in the Returns header are now properly colored, #2546.
    • Links added with the navigationLinks option are now moved into the pull out navigation on mobile displays, #2548.
    • @ license and @ import comments will be ignored at the top of files, #2552.
    • Fixed issue in documentation validation where constructor signatures where improperly considered not documented, #2553.
    • Keyboard focus is now visible on dropdowns and checkboxes in the default theme, #2556.
    • The color theme label in the default theme now has an accessible name, #2557.
    • Fixed issue where search results could not be navigated while Windows Narrator was on, #2563.
    • charset is now correctly cased in <meta> tag generated by the default theme, #2568.
    • Fixed very slow conversion on Windows where Msys git was used by typedoc to discover repository links, #2586.
    • Validation will now be run in watch mode, #2584.
    • Fixed an issue where custom themes which added dependencies in the <head> element could result in broken icons, #2589.
    • @ default and @ defaultValue blocks are now recognized as regular blocks if they include inline tags, #2601.
    • Navigation folders sharing a name will no longer be saved with a shared key to localStorage.
    • The --hideParameterTypesInTitle option no longer applies when rendering function types.
    • Broken @ link tags in readme files will now cause a warning when link validation is enabled.
    • Fixed externalSymbolLinkMappings option's support for meanings in declaration references.
    • Buttons to copy code now have the type=button attribute set to avoid being treated as submit buttons.
    • --hostedBaseUrl will now implicitly add a trailing slash to the generated URL.

    Thanks!

    Unreleased

  • 0.26.0-beta.5 - 2024-06-16
  • 0.26.0-beta.4 - 2024-06-16
  • 0.26.0-beta.3 - 2024-06-09
  • 0.26.0-beta.2 - 2024-06-01
  • 0.26.0-beta.1 - 2024-05-06
  • 0.26.0-beta.0 - 2024-05-04
  • 0.25.13 - 2024-04-07

    Features

    • Added gitRevision:short placeholder option to --sourceLinkTemplate option, #2529.
      Links generated by TypeDoc will now default to using the non-short git revision.
    • Moved "Generated by TypeDoc" footer into a <footer> tag, added footer.begin and footer.end
      render hooks for use by custom plugins, #2532.

    Bug Fixes

    • Fixed conversion of NoInfer missing type parameter reference, #2539.
    • Linking to a member on a page no longer incorrectly claims that
      "This member is normally hidden due to your filter settings" for every member.

    Thanks!

  • 0.25.12 - 2024-03-10

    Features

    • Added support for TypeScript 5.4, #2517.

    Bug Fixes

    • Updated page font to work around issues with Mac rendering, #2518.

    Thanks!

  • 0.25.11 - 2024-03-06
  • 0.25.10 - 2024-03-03
  • 0.25.9 - 2024-02-26
  • 0.25.8 - 2024-02-09
  • 0.25.7 - 2024-01-08
  • 0.25.6 - 2024-01-01
  • 0.25.5 - 2024-01-01
  • 0.25.4 - 2023-11-26
  • 0.25.3 - 2023-10-29
  • 0.25.2 - 2023-10-08
  • 0.25.1 - 2023-09-04
  • 0.25.0 - 2023-08-25
  • 0.24.8 - 2023-06-04
  • 0.24.7 - 2023-05-08
  • 0.24.6 - 2023-04-24
  • 0.24.5 - 2023-04-22
  • 0.24.4 - 2023-04-16
  • 0.24.3 - 2023-04-16
  • 0.24.2 - 2023-04-15
  • 0.24.1 - 2023-04-09
  • 0.24.0 - 2023-04-08
  • 0.24.0-beta.8 - 2023-04-03
  • 0.24.0-beta.7 - 2023-03-26
  • 0.24.0-beta.6 - 2023-03-25
  • 0.24.0-beta.5 - 2023-03-25
  • 0.24.0-beta.4 - 2023-03-25
  • 0.24.0-beta.3 - 2023-03-12
  • 0.24.0-beta.2 - 2023-03-06
  • 0.24.0-beta.1 - 2023-03-05
  • 0.23.28 - 2023-03-19
  • 0.23.27 - 2023-03-16
  • 0.23.26 - 2023-02-26
  • 0.23.25 - 2023-02-11
  • 0.23.24 - 2023-01-07
  • 0.23.23 - 2022-12-18
  • 0.23.22 - 2022-12-11
  • 0.23.21 - 2022-11-14
  • 0.23.20 - 2022-11-03
  • 0.23.19 - 2022-10-28
  • 0.23.18 - 2022-10-23
  • 0.23.17 - 2022-10-18
  • 0.23.16 - 2022-10-10
  • 0.23.15 - 2022-09-18
  • 0.23.14 - 2022-09-03
  • 0.23.13 - 2022-09-01
  • 0.23.12 - 2022-08-31
  • 0.23.11 - 2022-08-26
  • 0.23.10 - 2022-07-31
  • 0.23.9 - 2022-07-24
  • 0.23.8 - 2022-07-17
  • 0.23.7 - 2022-07-09
  • 0.23.6 - 2022-07-08
  • 0.23.5 - 2022-07-02
  • 0.23.4 - 2022-07-02
  • 0.23.3 - 2022-07-01
  • 0.23.2 - 2022-06-28
  • 0.23.1 - 2022-06-26
  • 0.23.0 - 2022-06-26
  • 0.23.0-beta.7 - 2022-06-25
  • 0.23.0-beta.6 - 2022-06-25
  • 0.23.0-beta.5 - 2022-06-20
  • 0.23.0-beta.4 - 2022-06-04
  • 0.23.0-beta.3 - 2022-06-03
  • 0.23.0-beta.2 - 2022-05-30
  • 0.23.0-beta.1 - 2022-04-19
  • 0.23.0-beta.0 - 2022-04-17
  • 0.22.18 - 2022-06-25
from typedoc GitHub release notes

Important

  • Check the changes in this PR to ensure they won't cause issues with your project.
  • This PR was automatically created by Snyk using the credentials of a real user.
  • Max score is 1000. Note that the real score may have changed since the PR was raised.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

[//]: # 'snyk:metadata:{"customTemplate":{"variablesUsed":[],"fieldsUsed":[]},"dependencies":[{"name":"typedoc","from":"0.22.18","to":"0.26.7"}],"env":"prod","hasFixes":true,"isBreakingChange":false,"isMajorUpgrade":false,"issuesToFix":[{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-BABELTRAVERSE-5962462","issue_id":"SNYK-JS-BABELTRAVERSE-5962462","priority_score":786,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"9.3","score":465},{"type":"scoreVersion","label":"v1","score":1}],"severity":"critical","title":"Incomplete List of Disallowed Inputs"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-ES5EXT-6095076","issue_id":"SNYK-JS-ES5EXT-6095076","priority_score":696,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-PUGCODEGEN-7086056","issue_id":"SNYK-JS-PUGCODEGEN-7086056","priority_score":696,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Improper Control of Generation of Code ('Code Injection')"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JS-OCTOKITWEBHOOKS-6129527","issue_id":"SNYK-JS-OCTOKITWEBHOOKS-6129527","priority_score":624,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"8.2","score":410},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Improper Handling of Exceptional Conditions"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-SEMVER-3247795","issue_id":"SNYK-JS-SEMVER-3247795","priority_score":696,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-SEMVER-3247795","issue_id":"SNYK-JS-SEMVER-3247795","priority_score":696,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-SEMVER-3247795","issue_id":"SNYK-JS-SEMVER-3247795","priority_score":696,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-FOLLOWREDIRECTS-6141137","issue_id":"SNYK-JS-FOLLOWREDIRECTS-6141137","priority_score":686,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.3","score":365},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Improper Handling of Extra Parameters"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JS-SOCKETIO-7278048","issue_id":"SNYK-JS-SOCKETIO-7278048","priority_score":649,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"8.7","score":435},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Uncaught Exception"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JS-EJS-6689533","issue_id":"SNYK-JS-EJS-6689533","priority_score":479,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.3","score":265},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Improper Control of Dynamically-Managed Code Resources"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-FOLLOWREDIRECTS-6444610","issue_id":"SNYK-JS-FOLLOWREDIRECTS-6444610","priority_score":646,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"6.5","score":325},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Information Exposure"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-WORDWRAP-3149973","issue_id":"SNYK-JS-WORDWRAP-3149973","priority_scor...

Snyk has created this PR to upgrade typedoc from 0.22.18 to 0.26.7.

See this package in npm:
typedoc

See this project in Snyk:
https://app.snyk.io/org/ender700/project/812d4b29-d3c7-474b-9ffb-16d0c13449a1?utm_source=github&utm_medium=referral&page=upgrade-pr
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants