[Snyk] Upgrade @11ty/eleventy-plugin-rss from 1.2.0 to 2.0.2 #30
Conversation
Snyk has created this PR to upgrade @11ty/eleventy-plugin-rss from 1.2.0 to 2.0.2. See this package in npm: @11ty/eleventy-plugin-rss See this project in Snyk: https://app.snyk.io/org/sec32fun32/project/5340c06c-0ba4-4d5c-9420-83153fbcf8bc?utm_source=github&utm_medium=referral&page=upgrade-pr
|
🚨 Potential security issues detected. Learn more about Socket for GitHub ↗︎ To accept the risk, merge this PR and you will not be notified again.
Next stepsWhat is a CVE?Contains a high severity Common Vulnerability and Exposure (CVE). Remove or replace dependencies that include known high severity CVEs. Consumers can use dependency overrides or npm audit fix --force to remove vulnerable dependencies. What is a deprecated package?The maintainer of the package marked it as deprecated. This could indicate that a single version should not be used, or that the package is no longer maintained and any new vulnerabilities will not be fixed. Research the state of the package and determine if there are non-deprecated versions that can be used, or if it should be replaced with a new, supported solution. What are unpopular packages?This package is not very popular. Unpopular packages may have less maintenance and contain other problems. What is unstable ownership?A new collaborator has begun publishing package versions. Package stability and security risk may be elevated. Try to reduce the number of authors you depend on to reduce the risk to malicious actors gaining access to your supply chain. Packages should remove inactive collaborators with publishing rights from packages on npm. Take a deeper look at the dependencyTake a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support [AT] socket [DOT] dev. Remove the packageIf you happen to install a dependency that Socket reports as Known Malware you should immediately remove it and select a different dependency. For other alert types, you may may wish to investigate alternative packages or consider if there are other ways to mitigate the specific risk posed by the dependency. Mark a package as acceptable riskTo ignore an alert, reply with a comment starting with
|
|
Hi everyone, it looks like we lost track of this pull request. Please review and see what the next steps are. This pull request will auto-close in 7 days without an update. |
|
This pull request was auto-closed due to inactivity. While we wish we could keep working on every request, we unfortunately don't have the bandwidth to continue here and need to focus on other things. You can resubmit this pull request if you would like to continue working on it. |
Snyk has created this PR to upgrade @11ty/eleventy-plugin-rss from 1.2.0 to 2.0.2.
ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
The recommended version is 11 versions ahead of your current version.
The recommended version was released 6 months ago.
Release notes
Package name: @11ty/eleventy-plugin-rss
-
2.0.2 - 2024-07-12
- Compatibility with Eleventy core 3.0.0-alpha.15 or newer
- Fixes virtual feed plugin issue with
- Fixes issue with virtual feed plugin used inside of a plugin #52
-
2.0.1 - 2024-06-17
- Fix missing
- Contributors: @ jeanremy made their first contribution in #51
-
2.0.0 - 2024-06-12
- Compatible with Eleventy v3.0.0-alpha.13 or newer.
- Adds new Virtual Template method for easy Atom/RSS/JSON feed creation #47.
- Docs: https://www.11ty.dev/docs/plugins/rss/#virtual-template
- Build performance benefit reusing new HTML
- Refactor dateToRfc822 to use local timezone by @ fliptopbox in #45
- Removes incorrectly named
- JSON Feed
- 🥳 New contributors: @ uncenter and @ fliptopbox!
-
2.0.0-beta.8 - 2024-06-12
-
2.0.0-beta.7 - 2024-06-10
-
2.0.0-beta.6 - 2024-06-09
-
2.0.0-beta.5 - 2024-06-09
-
2.0.0-beta.4 - 2024-06-09
-
2.0.0-beta.3 - 2024-06-09
-
2.0.0-beta.2 - 2024-06-09
-
2.0.0-beta.1 - 2024-06-09
-
1.2.0 - 2022-06-15
from @11ty/eleventy-plugin-rss GitHub release notescollections.all#54Full Changelog: v2.0.1...v2.0.2
Full Milestone: https://github.com/11ty/eleventy-plugin-rss/milestone/8?closed=1
headfilter when using virtual templates by @ jeanremy (with assist from @ benjifs) #50 #51Milestone: https://github.com/11ty/eleventy-plugin-rss/milestone/7?closed=1
Full Changelog: v2.0.0...v2.0.1
We need your help!
11ty is now operating independently, with full time development and maintenance funded by our Open Collective supporters. We need your help to keep going! We have a goal of $6000 USD recurring monthly budget. Read more about this fundraising push or head directly to our Open Collective to start your recurring contribution!
<base>plugin filters #38rssLastUpdatedDateandrssDatefilters. UsegetNewestCollectionItemDate | dateToRfc3339anddateToRfc3339instead (respectively). #21authorsfix by @ uncenter in #41Milestone: https://github.com/11ty/eleventy-plugin-rss/milestone/3?closed=1
Full Changelog: v1.2.0...v2.0.0
We need your help!
11ty is now operating independently, with full time development and maintenance funded by our Open Collective supporters. We need your help to keep going! We have a goal of $6000 USD recurring monthly budget. Read more about this fundraising push or head directly to our Open Collective to start your recurring contribution!
No content.
No content.
No content.
No content.
No content.
No content.
No content.
Important
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.
For more information: