[Snyk] Upgrade: cheerio, mkdirp, slug, superagent

[WontonSam]

Snyk has created this PR to upgrade multiple dependencies.

👯 The following dependencies are linked and will therefore be updated together.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

⚠️ Warning: This PR contains major version upgrade(s), and may be a breaking change.

Name	Versions	Released on

cheerio
from 1.0.0-rc.3 to 1.0.0 | 10 versions ahead of your current version | a month ago
on 2024-08-09
mkdirp
from 0.5.1 to 3.0.1 | 20 versions ahead of your current version
⚠️ This is a major version upgrade, and may be a breaking change | a year ago
on 2023-04-24
slug
from 1.1.0 to 9.1.0 | 47 versions ahead of your current version
⚠️ This is a major version upgrade, and may be a breaking change | 4 months ago
on 2024-05-24
superagent
from 5.2.2 to 10.0.2 | 33 versions ahead of your current version
⚠️ This is a major version upgrade, and may be a breaking change | a month ago
on 2024-08-15

Issues fixed by the recommended upgrade:

	Issue	Score	Exploit Maturity
	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	159	Proof of Concept
	Code Injection SNYK-JS-LODASH-1040724	159	Proof of Concept
	Prototype Pollution SNYK-JS-LODASH-567746	159	Proof of Concept
	Prototype Pollution SNYK-JS-LODASH-608086	159	Proof of Concept
	Prototype Pollution SNYK-JS-LODASH-6139239	159	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-NTHCHECK-1586032	159	Proof of Concept
	Prototype Poisoning SNYK-JS-QS-3153490	159	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-COOKIEJAR-3149984	159	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	159	Proof of Concept
	Prototype Pollution SNYK-JS-MINIMIST-559764	159	Proof of Concept
	Regular Expression Denial of Service (ReDoS) npm:debug:20170905	159	Proof of Concept
	Prototype Pollution SNYK-JS-MINIMIST-2429795	159	Proof of Concept

Release notes

Package name: cheerio

• 1.0.0 - 2024-08-09
  

  Cheerio 1.0 is here! 🎉

  Announcement Blog Post

  Breaking Changes

  • The minimum NodeJS version is now 18.17 or higher #3959

  • Import paths were simplified. For example, use cheerio/slim instead of
    cheerio/lib/slim. #3970

  • The deprecated default Cheerio instance and static methods were removed. #3974

    Before, it was possible to write code like this:

    import cheerio, { html } from 'cheerio';

    html(cheerio('<test></test>')); // ~ '<test></test>' -- NO LONGER WORKS

    Make sure to always load documents first:

    import * as cheerio from 'cheerio';

    cheerio.load('<test></test>').html();

  • Node types previously re-exported by Cheerio must now be imported directly
    from (domhandler)(https://github.com/fb55/domhandler). #3969

  • htmlparser2 options now reside exclusively under the xml key (#2916):

    const $ = cheerio.load('<html>', {
      xml: {
        withStartIndices: true,
      },
    });

  New Features

  • Add functions to load buffers, streams & URLs in NodeJS by @ fb55 in #2857
  • Add extract method by @ fb55 in #2750

  Fixes

  • Allow imports of cheerio/utils by @ blixt in #2601
  • Allow empty string in data, and simplify by @ fb55 in #2818
  • Make closest be able to start from text nodes by @ Qualtagh in #2811
  • Fix potential github action smells by @ ceddy4395 in #3826

  Other

  • Cheerio has a new website, featuring updated API docs and guides! #2950

  Full Changelog: v1.0.0-rc.12...v1.0.0

• 1.0.0-rc.12 - 2022-06-26
  

  Bugfix release. Fixed issues:

  • Align prop undefined handling with jQuery by @ fb55 in #2557
  • Allow deep imports of cheerio/lib/utils by @ blixt in #2601

  New Contributors

  • @ blixt made their first contribution in #2601

  Full Changelog: v1.0.0-rc.11...v1.0.0-rc.12

• 1.0.0-rc.11 - 2022-05-20
  

  cheerio@1.0.0-rc.11 is hopefully the last RC before the 1.0.0 release of Cheerio. There are two APIs that will be added for the next major release: An exract method (#2523) and NodeJS specific loader methods (#2051). These are still in flux and I'd appreciate feedback on the proposals.

  A big thank you to everyone that contributed to this release! This includes code contributors, as well as the amazing financial support on GitHub Sponsors!

  Under the hood, a lot of work for this release went into updating parse5, cheerio's default HTML parser. Have a look at parse5's release notes to see what has changed there.

  Breaking

  • Cheerio is now a dual CommonJS and ESM module. That means that deep imports will now fail in newer versions of Node. #2508
  • script and style contents are added again in .text() #2509
    • To keep the old behavior, switch .text() to .prop('innerText')
  • The TypeScript types inherited from upstream dependencies have changed. #2503
    • Node types are now using tagged unions, which will make consumption a bit easier.

  Features

  • Relevant options are now forwarded to cheerio-select #2511
    • Custom pseudo classes can now be specified using the pseudos option.
  • For the .prop() method:
    • Add textContent and innerText props #2214
    • Users can now specify a baseURI option, which will lead to href and src props to be resolved as URLs. #2510
  • Added a slim export, which will always use htmlparser2 #1960

  Fixes

  • Have text turn passed values to strings #2047
  • Include undefined in the return type of get by @ glen-84 in #2392
  • Recognise comments as HTML #2504
  • Add missing undefined return value #2505
  • Export missing static methods #2506
  • Have style parsing add malformed fields to previous field #2521

  Refactor

  • Use domutils module directly #1928
  • Hand-roll isHTML #1935
  • Move initialization logic to load #1951
  • Only return elements in closest #2057
  • Remove unnecessary code, be more explicit #2279
  • Use stricter TS, ESLint configs #2507
  • Update exported values #2512

  Development Experience

  • Migrate husky to v6 by @ DavideViolante in #1934
  • Update CI by @ XhmikosR in #2149
  • Set permissions for GitHub actions by @ neilnaveen in #2453

  Docs

  • Update README "is not a web browser" section by @ mxschmitt in #2127

  New Contributors

  • @ DavideViolante made their first contribution in #1934
  • @ mxschmitt made their first contribution in #2127
  • @ glen-84 made their first contribution in #2392
  • @ neilnaveen made their first contribution in #2453

  Full Changelog: v1.0.0-rc.10...v1.0.0-rc.11

• 1.0.0-rc.10 - 2021-06-08
  

  Fixes:

  • .html(node) now moves passed nodes (#1923, fixes #940) 258b26b
  • Boolean attributes are no longer special in xmlMode (#1903, fixes #1805) b393e4a
  • Rename parser adapter files (#1873, fixes #1847) 8f55dd8
  • Make filter work on all collections (#1870, fixes #1867) fb8d31e
  • Bump cheerio-select (#1922, fixes https://www.npmjs.com/advisories/1754) 5cd2b9c

  Documentation:

  • Document how to define TS types for Plug-Ins (#1915, fixes #1778) 880fd2c
  • Remove obsolete Testing section e0c7cbb
  • Remove now-invalid require 5dfbd35

  Refactors:

  • Wrap shared behavior in traversing (#1909) 58e090a
  • Move is to traversing, optimize (#1908) 1c6fa3e
  • Change order of arguments of internal domEach (#1892) feda230
  • Have load export a function (#1869) c370f4e

  v1.0.0-rc.9...v1.0.0-rc.10

• 1.0.0-rc.9 - 2021-05-06
  

  Port to TypeScript

  Cheerio has been ported entirely to TypeScript (in #1816)! This eliminates a lot of edge-cases within Cheerio and will allow you to use Cheerio with confidence. This release also features a new documentation website based on TypeDoc, allowing you to quickly navigate all available methods: https://cheerio.js.org

  ---

  Breaking change: If you were using the function exported by Cheerio directly instead of first load()ing a document, you will now have to update the require to use the default export.

  - const cheerio = require("cheerio");
  + const cheerio = require("cheerio").default;

  cheerio('div', dom)

  Please note that this way of using Cheerio is deprecated and might be removed in a future version. Please consider updating your code to:

  const cheerio = require("cheerio");

  const $ = cheerio.load(dom)
  $('div')

  ---

  Note: Cheerio uses template literal types to determine return types. These are available starting with TypeScript 4.1, so you might have to bump your TypeScript version.

  For TypeScript types, Cheerio now implements the ArrayLike<T> interface. That means that Cheerio instances can contain objects of arbitrary types, but not all methods can be called on them.

  The TypeScript compiler will figure out what structures you are operating on:

  • When calling a loaded Cheerio instance with an HTML string like $('<div>'), it will product a Cheerio<Node> type.
    • Node is the base class for DOM elements and includes eg. comment and text nodes.
  • When calling Cheerio with a selector like $('.foo'), it will produce a Cheerio<Element>, as only Elements can be part of the result set.
    • Element is the class representing tags.
  • You can still use $('...').map() to map to arbitrary values, and will get a compiler error when trying to call method that are not supported.
    • Eg. $('.foo').map((i, el) => $(el).text()).attr('test') will no longer be possible, as .attr is not allowed to be called on a Cheerio<string>.

  ---

  This release does not contain other changes to functionality. Feedback is greatly appreciated; if you encounter a problem, please file an issue!

  v1.0.0-rc.6...v1.0.0-rc.9

• 1.0.0-rc.8 - 2021-05-06
  

  Second botched release. Please use v1.0.0-rc.9 instead.

• 1.0.0-rc.7 - 2021-05-06
  

  Published without a lib directory — please ignore.

• 1.0.0-rc.6 - 2021-04-08
  

  Breaking:

  • Fixed the ordering of the output of several methods, including prevAll, prevUntil and parentsUntil. The new order matches jQuery.

  This release contains three breaking changes inherited from dependencies.

  • Selectors (see css-select@4.0.0):
    • Several pseudo selectors are now stricter, in line with the HTML spec.
    • Some attributes are now case-insensitive based on the HTML spec.
  • DOM:
    • In XML mode, all elements will have type: 'tag'.

  New features:

  • Add .unwrap (#1651 by @ 5saviahv) 2037d83
  • Add .wrapAll (#1590 by @ 5saviahv) cd4a4d9
  • Support prop('innerHTML') (#1578 by @ fb55) c58258f
  • Expose the scriptingEnabled parse5 option (#1707 by @ 5saviahv) 7eb4cc4
    • By setting scriptingEnabled to false, it is now possible to parse the contents of <noscript> tags.

  Types:

  • Improve .load type (#1584 by @ f0x52) 6a90bda
  • Improve type for .get (#1759 by @ karlhorky) d706976
  • Add .wrapAll (#1740 by @ 5saviahv) b360762
  • Allow for of loops (#1704 by @ mcpiroman) 8fef5aa
  • Rename exported variable (#1682 by @ dominik-korsa) 897b37f
  • Fix AttrFunction arguments (#1669 by @ maxma241) 5f2e9c3

  Bug fixes:

  • Fix handling of undefined as value in .attr() (#1757 by @ 5saviahv) 98186e8
  • Fix filter for {prev,next}Until (#1728 by @ fb55) f2615d2
  • Fix parentsUntil filtering (#1708 by @ 5saviahv) bf899d5
  • Remove module caching dependency (#1691 by @ 5saviahv) a9d6a43
  • Filter text nodes in find function (#1680 by @ 5saviahv) 9b28b49
  • Fix .add modifying previous selections (#1656 by @ 5saviahv) 9f9b493
  • Stop parent() from throwing an error in some cases (#1637 by @ 5saviahv) 43592d6
  • Make it possible to .find siblings (#1583 by

[google-cla]

Thanks for your pull request! It looks like this may be your first contribution to a Google open source project. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA).

View this failed invocation of the CLA check for more information.

For the most up to date status, view the checks section at the bottom of the pull request.