[Snyk] Upgrade tocbot from 4.29.0 to 4.30.0 #97
Closed
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Snyk has created this PR to upgrade tocbot from 4.29.0 to 4.30.0. See this package in npm: https://www.npmjs.com/package/tocbot See this project in Snyk: https://app.snyk.io/org/josecelano/project/2e0ba13c-7992-4050-8237-1bcee5839d90?utm_source=github&utm_medium=referral&page=upgrade-pr
da2ce7
pushed a commit
to da2ce7/torrust-website
that referenced
this pull request
Nov 21, 2024
bc219e5 Update AboutTorrust.svelte (Graeme Byrne) 0e2013c change index naming and misc (MacBook air) Pull request description: * [Update Website with "Index" and "GUI" naming torrust#97](torrust/torrust-website#97) * Move `HowToContribute` above `RecentPosts` as the user's attention should be on how they can contribute first rather than blog posts. * Add Blog to `Footer` so it is consistent with `Header` * Run `npm audit fix` to automatically fix the reported vulnerabilities in by updating the dependencies to versions that do not have the identified security issues. ACKs for top commit: josecelano: ACK bc219e5 Tree-SHA512: 1f79d6f1a1339dd5e610e4c0d587efc53035fa0182226cbd6385527e73a2b00c67dc0f9f25a8c82d534ea7a088558bcce6e404a8c8182f45dd9674469989248a
josecelano
added a commit
that referenced
this pull request
Dec 21, 2025
…rnings 4170be6 chore: update generated blog metadata (Jose Celano) f958b4b fix: move ignores to separate config object in eslint (Jose Celano) cf5b576 style: fix prettier formatting issues (Jose Celano) a2eef1c chore: suppress intentional Toc.svelte warning in build output (Jose Celano) b214c48 fix: add prerender flag to api endpoint (Jose Celano) 2d8a073 fix: resolve Svelte 5 reactivity warnings (Jose Celano) 337f6ec chore: update dependencies (Jose Celano) Pull request description: ## Summary This PR updates npm dependencies and resolves Svelte 5 reactivity warnings across the codebase. ## Changes ### Dependency Updates - Updated 171 packages via `npm update` - Major updates include esbuild, Babel packages, and various @sveltejs packages - Security: 36 vulnerabilities remain (primarily in vite-plugin-imagemin dependency chain) ### Svelte 5 Reactivity Fixes Fixed 41 reactivity warnings by properly using `$derived()` rune for prop-dependent computed values: - Updated 9 component files (Button, Cards, RelatedCard, TagCard, BlogPostCard, BlogPreview, CodeBlock, RelatedPostCard, molecule TagCard) - Updated 21 blog post pages - Refactored blog list page filtering to use reactive patterns - Updated contributor layout **Note:** One intentional warning remains in Toc.svelte where the selector is intentionally captured at initialization time for the @melt-ui/svelte library. ## Testing - ✅ `npm run check` passes (0 errors, 1 documented warning) - ✅ `npm run dev` runs with clean output -⚠️ Pre-existing build error with /api route (unrelated to these changes) ## Additional Notes See open Snyk PRs (#154, #153, #149, #148, #97) for additional dependency updates that require manual package.json modifications. ACKs for top commit: josecelano: ACK 4170be6 Tree-SHA512: 196a544297e140a680e5bb84fdea5c5fcc62a5a994870be50a3eb30844f4c29025a040d852b9e3de56e15da698345a144ce70a1ec7b1382bb096a01db5c71b2e
Member
Author
|
Closing this PR as The project currently uses |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Snyk has created this PR to upgrade tocbot from 4.29.0 to 4.30.0.
ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
Release notes
Package name: tocbot
-
4.30.0 - 2024-09-27
- c7677b6: Scroll sync helper (#356) (Tim Scanlin) #356
- 49f70e2: update built files (Tim Scanlin)
- 865be00: 4.30.0 (Tim Scanlin)
-
4.29.0 - 2024-08-09
- 6e944f6: fix use for cjs (#353) (Tim Scanlin) #353
- 370ca49: 4.29.0 (Tim Scanlin)
from tocbot GitHub release notesCommits
Commits
Commit messages
Package name: tocbot
Compare
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.
For more information:
🧐 View latest project report
🛠 Adjust upgrade PR settings
🔕 Ignore this dependency or unsubscribe from future upgrade PRs