[Snyk] Upgrade: , ,

[TheJ-Erk400]

Snyk has created this PR to upgrade multiple dependencies.

👯‍♂ The following dependencies are linked and will therefore be updated together.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

Name	Versions	Released on

@slidev/cli
from 0.35.4 to 0.49.26 | 159 versions ahead of your current version | 21 days ago
on 2024-08-16
@slidev/theme-default
from 0.21.2 to 0.25.0 | 3 versions ahead of your current version | 7 months ago
on 2024-02-02
@slidev/theme-seriph
from 0.21.3 to 0.25.0 | 3 versions ahead of your current version | 7 months ago
on 2024-02-02

Issues fixed by the recommended upgrade:

	Issue	Score	Exploit Maturity
	Cross-site Request Forgery (CSRF) SNYK-JS-AXIOS-6032459	489	Proof of Concept
	Path Equivalence SNYK-JS-VITE-5664718	489	Proof of Concept
	Access Control Bypass SNYK-JS-VITE-6182924	489	Proof of Concept
	Infinite loop SNYK-JS-MARKDOWNIT-6483324	489	Proof of Concept
	Inefficient Regular Expression Complexity SNYK-JS-MICROMATCH-6838728	489	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-UNDICI-3323845	489	Proof of Concept
	Uncontrolled resource consumption SNYK-JS-BRACES-6838727	489	Proof of Concept
	Improper Input Validation SNYK-JS-FOLLOWREDIRECTS-6141137	489	Proof of Concept
	Incomplete List of Disallowed Inputs SNYK-JS-KATEX-6483834	489	No Known Exploit
	Unchecked Input for Loop Condition SNYK-JS-KATEX-6483835	489	No Known Exploit
	Unchecked Input for Loop Condition SNYK-JS-KATEX-6483836	489	No Known Exploit
	Prototype Pollution SNYK-JS-ANTFUUTILS-5660605	489	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-AXIOS-6124857	489	Proof of Concept
	Improper Access Control SNYK-JS-VITE-6531286	489	Proof of Concept
	Improper Input Validation SNYK-JS-POSTCSS-5926692	489	No Known Exploit
	CRLF Injection SNYK-JS-UNDICI-3323844	489	Proof of Concept
	Cross-site Scripting (XSS) SNYK-JS-BRAINTREESANITIZEURL-3330766	489	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-D3COLOR-1076592	489	Proof of Concept
	Template Injection SNYK-JS-DOMPURIFY-6474511	489	Proof of Concept
	Information Exposure SNYK-JS-FOLLOWREDIRECTS-6444610	489	Proof of Concept
	Improper Encoding or Escaping of Output SNYK-JS-KATEX-6483831	489	No Known Exploit
	Improper Access Control SNYK-JS-UNDICI-6564963	489	No Known Exploit
	Improper Authorization SNYK-JS-UNDICI-6564964	489	No Known Exploit
	Information Exposure SNYK-JS-UNDICI-5962466	489	No Known Exploit
	Permissive Cross-domain Policy with Untrusted Domains SNYK-JS-UNDICI-6252336	489	No Known Exploit

Release notes

Package name: @slidev/cli

• 0.49.26 - 2024-08-16
  

     🐞 Bug Fixes

  • Should call createDataUtils correctly  -  by @ KermanX (9f492)

      View changes on GitHub

• 0.49.25 - 2024-08-15
  

     🚀 Features

  • Warn and ignore custom index.html with doctype declaration  -  by @ KermanX in #1793 (d72f0)
  • Add CLI option to allow transparent pngs  -  by @ flwst, autofix-ci[bot] and @ KermanX in #1797 (85322)
  • Upgrade vueuse  -  by @ antfu (9a1e8)

     🐞 Bug Fixes

  • Display slide import errors in client  -  by @ AlbertBrand and @ KermanX in #1816 (c83e6)
  • V-drag functionality  -  by @ KermanX in #1814 (e64ff)
  • monaco-diff: Should disable useInlineViewWhenSpaceIsLimited  -  by @ KermanX in #1807 (323b9)

      View changes on GitHub

• 0.49.24 - 2024-08-06
  

     🐞 Bug Fixes

  • vscode: Textmate grammar  -  by @ KermanX in #1798 (625ae)

      View changes on GitHub

• 0.49.23 - 2024-07-30
  

     🐞 Bug Fixes

  • Avoid trailing slash in resolved theme or addon path  -  by @ KermanX (787de)
  • Shuold cache Shiki setup result  -  by @ KermanX in #1788 (c0a0e)
  • Code snippets HMR  -  by @ KermanX in #1789 (d054c)

      View changes on GitHub

• 0.49.22 - 2024-07-25
  

     🐞 Bug Fixes

  • Remove usage of Array.prototype.toReversed  -  by @ KermanX (cd7f9)

      View changes on GitHub

• 0.49.21 - 2024-07-23
  

     🐞 Bug Fixes

  • Should not pass entry files to MarkdownIt  -  by @ KermanX in #1773 (9bb90)

      View changes on GitHub

• 0.49.20 - 2024-07-21
  

     🐞 Bug Fixes

  • vscode: Hover message, formatting and highlighting  -  by @ KermanX in #1771 (d8e3a)

      View changes on GitHub

• 0.49.19 - 2024-07-20
  

     🚀 Features

  • vscode: Support schema for frontmatters  -  by @ antfu (3567a)

      View changes on GitHub

• 0.49.18 - 2024-07-20
  

     🚀 Features

  • Allow to customize markdown transformers  -  by @ KermanX and autofix-ci[bot] in #1767 (6293e)
  • vscode: Add Slidev language server  -  by @ johnsoncodehk, @ KermanX, autofix-ci[bot] and @ antfu in #1743 (73f5b)

      View changes on GitHub

• 0.49.17 - 2024-07-18
  

     ✨ Highlights

  • Visit our brand new docs at https://sli.dev! It has a huge improvement in readability.
  • Relative path inside slides content like ![alt](./assets/img.png) is now supported.

     🚀 Features

  • Support relative import inside slides  -  by @ KermanX in #1744 (42d56)
  • Allow Mermaid setup function to be async  -  by @ KermanX in #1741 (82af1)

     🐞 Bug Fixes

  • Non-arrow drag controls  -  by @ KermanX in #1740 (29576)
  • Code block regex  -  by @ KermanX in #1755 (4982e)
  • Hmr experience  -  by @ KermanX and autofix-ci[bot] in #1708 (d7f41)

      View changes on GitHub

• 0.49.16 - 2024-07-05
• 0.49.15 - 2024-07-05
• 0.49.13 - 2024-06-30
• 0.49.12 - 2024-06-25
• 0.49.11 - 2024-06-19
• 0.49.10 - 2024-06-07
• 0.49.9 - 2024-06-01
• 0.49.8 - 2024-05-31
• 0.49.7 - 2024-05-31
• 0.49.6 - 2024-05-31
• 0.49.5 - 2024-05-29
• 0.49.4 - 2024-05-25
• 0.49.3 - 2024-05-17
• 0.49.2 - 2024-05-10
• 0.49.1 - 2024-05-10
• 0.49.0 - 2024-05-10
• 0.49.0-beta.6 - 2024-05-02
• 0.49.0-beta.5 - 2024-05-02
• 0.49.0-beta.4 - 2024-04-17
• 0.49.0-beta.3 - 2024-04-15
• 0.49.0-beta.2 - 2024-04-12
• 0.49.0-beta.1 - 2024-04-10
• 0.48.9 - 2024-04-10
• 0.48.8 - 2024-03-29
• 0.48.7 - 2024-03-22
• 0.48.6 - 2024-03-22
• 0.48.5 - 2024-03-22
• 0.48.4 - 2024-03-21
• 0.48.3 - 2024-03-15
• 0.48.2 - 2024-03-13
• 0.48.1 - 2024-03-10
• 0.48.0 - 2024-03-10
• 0.48.0-beta.26 - 2024-03-09
• 0.48.0-beta.25 - 2024-03-09
• 0.48.0-beta.24 - 2024-03-08
• 0.48.0-beta.23 - 2024-03-08
• 0.48.0-beta.22 - 2024-03-05
• 0.48.0-beta.21 - 2024-03-03
• 0.48.0-beta.20 - 2024-03-02
• 0.48.0-beta.19 - 2024-02-27
• 0.48.0-beta.18 - 2024-02-27
• 0.48.0-beta.17 - 2024-02-27
• 0.48.0-beta.16 - 2024-02-27
• 0.48.0-beta.15 - 2024-02-27
• 0.48.0-beta.14 - 2024-02-26
• 0.48.0-beta.13 - 2024-02-26
• 0.48.0-beta.12 - 2024-02-25
• 0.48.0-beta.11 - 2024-02-25
• 0.48.0-beta.10 - 2024-02-24
• 0.48.0-beta.9 - 2024-02-24
• 0.48.0-beta.8 - 2024-02-24
• 0.48.0-beta.7 - 2024-02-24
• 0.48.0-beta.6 - 2024-02-22
• 0.48.0-beta.5 - 2024-02-21
• 0.48.0-beta.4 - 2024-02-21
• 0.48.0-beta.3 - 2024-02-19
• 0.48.0-beta.2 - 2024-02-16
• 0.48.0-beta.1 - 2024-02-14
• 0.48.0-beta.0 - 2024-02-13
• 0.47.5 - 2024-02-12
• 0.47.4 - 2024-02-06
• 0.47.3 - 2024-02-04
• 0.47.2 - 2024-02-03
• 0.47.1 - 2024-02-02
• 0.47.0 - 2024-02-02
• 0.46.3 - 2024-01-22
• 0.46.2 - 2024-01-17
• 0.46.1 - 2023-12-16
• 0.46.0 - 2023-12-13
• 0.45.0 - 2023-12-04
• 0.44.0 - 2023-11-16
• 0.43.15 - 2023-11-09
• 0.43.14 - 2023-11-08
• 0.43.13 - 2023-11-02
• 0.43.12 - 2023-10-28
• 0.43.11 - 2023-10-27
• 0.43.10 - 2023-10-27
• 0.43.9 - 2023-10-27
• 0.43.8 - 2023-10-26
• 0.43.7 - 2023-10-08
• 0.43.6 - 2023-09-27
• 0.43.5 - 2023-09-19
• 0.43.4 - 2023-09-17
• 0.43.3 - 2023-09-14
• 0.43.2 - 2023-09-12
• 0.43.1 - 2023-09-07
• 0.43.0 - 2023-09-05
• 0.43.0-beta.7 - 2023-09-03
• 0.43.0-beta.6 - 2023-09-03
• 0.43.0-beta.5 - 2023-09-03
• 0.43.0-beta.4 - 2023-09-02
• 0.43.0-beta.3 - 2023-08-31
• 0.43.0-beta.2 - 2023-08-31
• 0.43.0-beta.1 - 2023-08-31
• 0.43.0-beta.0 - 2023-08-31
• 0.42.11 - 2023-08-26
• 0.42.10 - 2023-08-26
• 0.42.9 - 2023-08-21
• 0.42.8 - 2023-08-15
• 0.42.7 - 2023-08-06
• 0.42.6 - 2023-08-02
• 0.42.5 - 2023-06-18
• 0.42.4 - 2023-06-04
• 0.42.3 - 2023-05-31
• 0.42.2 - 2023-05-31
• 0.42.1 - 2023-05-30
• 0.42.0 - 2023-05-26
• 0.41.1 - 2023-05-20
• 0.41.0 - 2023-05-17
• 0.40.16 - 2023-04-29
• 0.40.14 - 2023-04-20
• 0.40.13 - 2023-04-18
• 0.40.12 - 2023-04-18
• 0.40.11 - 2023-04-18
• 0.40.10 - 2023-04-11
• 0.40.9 - 2023-04-09
• 0.40.7 - 2023-04-09
• 0.40.6 - 2023-04-03
• 0.40.5 - 2023-03-23
• 0.40.4 - 2023-03-23
• 0.40.3 - 2023-02-13
• 0.40.2 - 2023-02-04
• 0.40.1 - 2023-02-04
• 0.40.0 - 2023-02-03
• 0.39.0 - 2023-01-29
• 0.38.8 - 2023-01-28
• 0.38.7 - 2023-01-27
• 0.38.5 - 2023-01-25
• 0.38.4 - 2023-01-20
• 0.38.3 - 2023-01-10
• 0.38.2 - 2022-12-20
• 0.38.1 - 2022-12-16
• 0.38.0 - 2022-12-12
• 0.37.1 - 2022-11-25
• 0.37.0 - 2022-11-23
• 0.36.11 - 2022-11-09
• 0.36.10 - 2022-10-28
• 0.36.9 - 2022-10-26
• 0.36.8 - 2022-10-24
• 0.36.7 - 2022-10-16
• 0.36.6 - 2022-10-09
• 0.36.5 - 2022-09-14
• 0.36.4 - 2022-09-12
• 0.36.3 - 2022-09-12
• 0.36.2 - 2022-09-12
• 0.36.1 - 2022-09-12
• 0.36.0 - 2022-09-12
• 0.35.6 - 2022-09-03
• 0.35.5 - 2022-08-15
• 0.35.4 - 2022-08-03

from @slidev/cli GitHub release notes

Package name: @slidev/theme-default

• 0.25.0 - 2024-02-02
  

  chore: release @ slidev/theme-shibainu v0.25.0

• 0.24.0 - 2024-02-02
  

  chore: release @ slidev/theme-shibainu v0.24.0

• 0.22.1 - 2024-02-02
• 0.21.2 - 2022-03-05

from @slidev/theme-default GitHub release notes

Package name: @slidev/theme-seriph

• 0.25.0 - 2024-02-02
  

  chore: release @ slidev/theme-shibainu v0.25.0

• 0.24.0 - 2024-02-02
  

  chore: release @ slidev/theme-shibainu v0.24.0

• 0.23.0 - 2024-02-02
  

  chore: release @ slidev/theme-seriph v0.23.0

• 0.21.3 - 2022-07-19

from @slidev/theme-seriph GitHub release notes

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• This PR was automatically created by Snyk using the credentials of a real user.
• Max score is 1000. Note that the real score may have changed since the PR was raised.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

• 🧐 View latest project report
• 📜 Customise PR templates
• 🛠 Adjust upgrade PR settings
• 🔕 Ignore this dependency or unsubscribe from future upgrade PRs

[stackblitz]

Run & review this pull request in StackBlitz Codeflow.

[socket-security]

New and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package	New capabilities	Transitives	Size	Publisher
npm/@slidev/cli@0.49.26	environment, filesystem Transitive: eval, network, shell, unsafe	+705	830 MB	antfu
npm/@slidev/theme-default@0.25.0	None	+3	80.9 kB	antfu
npm/@slidev/theme-seriph@0.25.0	None	+2	64.6 kB	antfu

🚮 Removed packages: npm/@slidev/cli@0.35.4), npm/@slidev/theme-default@0.21.2), npm/@slidev/theme-seriph@0.21.3)

View full report↗︎

[socket-security]

Report is too large to display inline.
View full report↗︎

Next steps

Mark a package as acceptable risk

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of ecosystem/package-name@version specifiers. e.g. @SocketSecurity ignore npm/foo@1.0.0 or ignore all packages with @SocketSecurity ignore-all

• @SocketSecurity ignore npm/has-flag@3.0.0
• @SocketSecurity ignore npm/mkdirp@1.0.4
• @SocketSecurity ignore npm/isarray@1.0.0
• @SocketSecurity ignore npm/chalk@2.4.2
• @SocketSecurity ignore npm/escape-string-regexp@1.0.5
• @SocketSecurity ignore npm/supports-color@5.5.0
• @SocketSecurity ignore npm/inherits@2.0.4
• @SocketSecurity ignore npm/convert-source-map@2.0.0
• @SocketSecurity ignore npm/setimmediate@1.0.5
• @SocketSecurity ignore npm/anymatch@3.1.3
• @SocketSecurity ignore npm/readable-stream@2.3.8
• @SocketSecurity ignore npm/process-nextick-args@2.0.1
• @SocketSecurity ignore npm/string_decoder@1.1.1
• @SocketSecurity ignore npm/resolve-alpn@1.2.1
• @SocketSecurity ignore npm/json-buffer@3.0.1
• @SocketSecurity ignore npm/yargs@17.7.2
• @SocketSecurity ignore npm/lie@3.3.0
• @SocketSecurity ignore npm/chownr@2.0.0
• @SocketSecurity ignore npm/fs-minipass@2.1.0
• @SocketSecurity ignore npm/keyv@4.5.4
• @SocketSecurity ignore npm/domutils@3.1.0
• @SocketSecurity ignore npm/he@1.2.0
• @SocketSecurity ignore npm/lodash-es@4.17.21
• @SocketSecurity ignore npm/proxy-from-env@1.1.0
• @SocketSecurity ignore npm/sade@1.8.1
• @SocketSecurity ignore npm/svg-tags@1.0.0
• @SocketSecurity ignore npm/https@1.0.0
• @SocketSecurity ignore npm/cacheable-lookup@7.0.0
• @SocketSecurity ignore npm/de-indent@1.0.2
• @SocketSecurity ignore npm/consola@3.2.3
• @SocketSecurity ignore npm/get-stream@8.0.1
• @SocketSecurity ignore npm/hash-sum@2.0.0
• @SocketSecurity ignore npm/layout-base@1.0.2
• @SocketSecurity ignore npm/path-type@5.0.0
• @SocketSecurity ignore npm/pptxgenjs@3.12.0
• @SocketSecurity ignore npm/dns-socket@4.2.2
• @SocketSecurity ignore npm/global-directory@4.0.1
• @SocketSecurity ignore npm/http2-wrapper@2.2.1
• @SocketSecurity ignore npm/untun@0.1.3
• @SocketSecurity ignore npm/bundle-name@4.1.0
• @SocketSecurity ignore npm/image-size@1.1.1
• @SocketSecurity ignore npm/web-worker@1.3.0
• @SocketSecurity ignore npm/get-port-please@3.1.2
• @SocketSecurity ignore npm/floating-vue@5.2.2
• @SocketSecurity ignore npm/diff@5.2.0
• @SocketSecurity ignore npm/dotenv@16.4.5
• @SocketSecurity ignore npm/open@10.1.0
• @SocketSecurity ignore npm/ofetch@1.3.4
• @SocketSecurity ignore npm/node-fetch-native@1.6.4
• @SocketSecurity ignore npm/giget@1.2.3