[Snyk] Upgrade algoliasearch from 4.24.0 to 5.19.0 #60

Sec32fun32 · 2025-02-03T01:04:45Z

Snyk has created this PR to upgrade algoliasearch from 4.24.0 to 5.19.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

⚠️ Warning: This PR contains major version upgrade(s), and may be a breaking change.

The recommended version is 170 versions ahead of your current version.
The recommended version was released a month ago.

Release notes

Package name: algoliasearch

5.19.0 - 2025-01-07
Co-authored-by: algolia-bot [email protected]
Co-authored-by: Clément Vannicatte [email protected]
5.18.0 - 2024-12-18
New version released!

What's Changed
- 966fe05ae6 chore(deps): dependencies 2024-12-16 (#4235) by @ algolia-bot
- 0481473fe0 chore: trigger auto close pr (#4250) by @ shortcuts
- d6f48a40ce feat(javascript): add worker build (#4249) by @ shortcuts
- 679a8cdb60 fix(specs): endpoint level timeout for ingestion (#4251) by @ shortcuts
- 448aad70ee feat(specs): update composition specs according to upcoming API changes (#4234) by @ e-krebs
Full Changelog: 5.17.1...5.18.0

→ Browse the Algolia documentation
5.17.1 - 2024-12-12
New version released!

What's Changed
- cd59f445e fix(specs): enable watcher for push (#4229) by @ shortcuts
- baf7d6f4d fix(specs): add ignoreConjugations to AlternativesAsExact (#4230) by @ shortcuts
Full Changelog: 5.17.0...5.17.1

→ Browse the Algolia documentation
5.17.0 - 2024-12-11
Co-authored-by: algolia-bot [email protected]
Co-authored-by: Clément Vannicatte [email protected]
5.16.0 - 2024-12-09
Co-authored-by: algolia-bot [email protected]
Co-authored-by: Clément Vannicatte [email protected]
5.15.0 - 2024-11-19
New version released!

What's Changed
- 0787a3d2a chore(scripts): change dist folder and bump (#4113) by @ millotp
- f246995a7 chore(deps): dependencies 2024-11-18 (#4109) by @ algolia-bot
- ff954678e fix(playground): add formatter for python (#4125) by @ millotp
- da4169e1b fix(specs): do not cache searchCompositionRules (#4127) by @ e-krebs
- 08669e2b3 feat(specs): default authMode to WithinHeaders for Composition Client (#4129) by @ e-krebs
- f97e44ce0 fix(cts): add tests for HTML error (#4097) by @ millotp
Full Changelog: 5.14.1...5.15.0

→ Browse the Algolia documentation
5.14.2 - 2024-11-15
5.14.1 - 2024-11-15
New version released!

What's Changed
- b97a88beb fix(javascript): add support for private package publish (#4106) by @ shortcuts
- 36d583e35 fix(specs): make the searchParams compatible with v4 (#4108) by @ millotp
- 996ba5036 fix(specs): remove private beta endpoint from recommend (#4110) by @ shortcuts
Full Changelog: 5.14.0...5.14.1

→ Browse the Algolia documentation
5.14.0 - 2024-11-14
Co-authored-by: algolia-bot [email protected]
Co-authored-by: Clément Vannicatte [email protected]
5.13.0 - 2024-11-06
New version released!

What's Changed
- f598e77b1 fix(javascript): allow import from dist (#4060) by @ shortcuts
- 801241e12 fix(specs): add secrets payload for updates (#4061) by @ shortcuts
- 625421783 fix(clients): update browse iterator (#4058) by @ Fluf22
- ff2d23c14 chore(deps): dependencies 2024-11-04 (#4065) by @ algolia-bot
- bf9173f47 feat(scripts): compute eligibility dates (#4064) by @ shortcuts
- a38ceecc8 feat(specs): add composition API (#4056) by @ e-krebs
Full Changelog: 5.12.0...5.13.0

→ Browse the Algolia documentation
5.12.0 - 2024-10-30
5.11.0 - 2024-10-29
5.10.2 - 2024-10-23
5.10.1 - 2024-10-22
5.10.0 - 2024-10-21
5.10.0-beta.1 - 2024-10-22
5.9.1 - 2024-10-18
5.9.0 - 2024-10-17
5.8.1 - 2024-10-10
5.8.0 - 2024-10-08
5.7.0 - 2024-10-01
5.6.1 - 2024-09-25
5.6.0 - 2024-09-24
5.5.3 - 2024-09-20
5.5.2 - 2024-09-19
5.5.1 - 2024-09-18
5.5.0 - 2024-09-18
5.4.3 - 2024-09-17
5.4.1 - 2024-09-12
5.4.0 - 2024-09-10
5.3.2 - 2024-09-09
5.3.1 - 2024-09-09
5.3.0 - 2024-09-06
5.2.5 - 2024-09-03
5.2.4 - 2024-09-02
5.2.4-beta.6 - 2024-09-03
5.2.4-beta.5 - 2024-09-03
5.2.4-beta.4 - 2024-09-03
5.2.4-beta.3 - 2024-09-03
5.2.4-beta.2 - 2024-09-02
5.2.4-beta.1 - 2024-09-02
5.2.3 - 2024-08-29
5.2.2 - 2024-08-29
5.2.1 - 2024-08-28
5.1.1 - 2024-08-21
5.1.0 - 2024-08-20
5.0.2 - 2024-08-19
5.0.0 - 2024-08-14
5.0.0-beta.17 - 2024-08-09
5.0.0-beta.16 - 2024-08-08
5.0.0-beta.15 - 2024-08-08
5.0.0-beta.14 - 2024-08-06
5.0.0-beta.13 - 2024-08-01
5.0.0-beta.12 - 2024-07-26
5.0.0-beta.11 - 2024-07-19
5.0.0-beta.10 - 2024-07-12
5.0.0-beta.9 - 2024-07-08
5.0.0-beta.8 - 2024-07-01
5.0.0-beta.7 - 2024-06-27
5.0.0-beta.6 - 2024-06-26
5.0.0-beta.5 - 2024-06-24
5.0.0-beta.4 - 2024-06-13
5.0.0-beta.3 - 2024-06-11
5.0.0-beta.2 - 2024-05-17
5.0.0-beta.1 - 2024-04-23
5.0.0-alpha.112 - 2024-04-16
5.0.0-alpha.111 - 2024-04-09
5.0.0-alpha.110 - 2024-04-03
5.0.0-alpha.109 - 2024-03-25
5.0.0-alpha.108 - 2024-03-19
5.0.0-alpha.107 - 2024-03-13
5.0.0-alpha.106 - 2024-03-05
5.0.0-alpha.105 - 2024-03-04
5.0.0-alpha.104 - 2024-02-29
5.0.0-alpha.103 - 2024-02-27
5.0.0-alpha.102 - 2024-02-20
5.0.0-alpha.101 - 2024-02-20
5.0.0-alpha.100 - 2024-02-02
5.0.0-alpha.99 - 2024-01-29
5.0.0-alpha.98 - 2024-01-23
5.0.0-alpha.97 - 2024-01-16
5.0.0-alpha.91 - 2023-11-13
5.0.0-alpha.90 - 2023-11-09
5.0.0-alpha.89 - 2023-11-07
5.0.0-alpha.88 - 2023-10-18
5.0.0-alpha.87 - 2023-10-12
5.0.0-alpha.86 - 2023-10-11
5.0.0-alpha.85 - 2023-09-28
5.0.0-alpha.84 - 2023-09-20
5.0.0-alpha.83 - 2023-09-18
5.0.0-alpha.82 - 2023-09-14
5.0.0-alpha.81 - 2023-09-07
5.0.0-alpha.80 - 2023-08-29
5.0.0-alpha.79 - 2023-08-21
5.0.0-alpha.78 - 2023-08-16
5.0.0-alpha.77 - 2023-08-07
5.0.0-alpha.76 - 2023-08-01
5.0.0-alpha.75 - 2023-07-25
5.0.0-alpha.73 - 2023-06-27
5.0.0-alpha.72 - 2023-06-21
5.0.0-alpha.71 - 2023-06-20
5.0.0-alpha.70 - 2023-06-16
5.0.0-alpha.69 - 2023-06-15
5.0.0-alpha.68 - 2023-06-15
5.0.0-alpha.67 - 2023-06-05
5.0.0-alpha.66 - 2023-05-31
5.0.0-alpha.65 - 2023-05-25
5.0.0-alpha.64 - 2023-05-23
5.0.0-alpha.63 - 2023-05-16
5.0.0-alpha.61 - 2023-05-09
5.0.0-alpha.60 - 2023-05-02
5.0.0-alpha.59 - 2023-04-20
5.0.0-alpha.58 - 2023-04-18
5.0.0-alpha.57 - 2023-04-12
5.0.0-alpha.56 - 2023-04-06
5.0.0-alpha.55 - 2023-04-03
5.0.0-alpha.54 - 2023-03-24
5.0.0-alpha.53 - 2023-03-14
5.0.0-alpha.52 - 2023-03-08
5.0.0-alpha.51 - 2023-03-02
5.0.0-alpha.50 - 2023-02-28
5.0.0-alpha.49 - 2023-02-27
5.0.0-alpha.48 - 2023-02-22
5.0.0-alpha.47 - 2023-02-15
5.0.0-alpha.46 - 2023-02-14
5.0.0-alpha.45 - 2023-02-13
5.0.0-alpha.44 - 2023-02-10
5.0.0-alpha.43 - 2023-02-09
5.0.0-alpha.42 - 2023-02-06
5.0.0-alpha.41 - 2023-02-03
5.0.0-alpha.40 - 2023-02-03
5.0.0-alpha.39 - 2023-01-31
5.0.0-alpha.38 - 2023-01-30
5.0.0-alpha.37 - 2023-01-26
5.0.0-alpha.36 - 2023-01-20
5.0.0-alpha.35 - 2023-01-17
5.0.0-alpha.34 - 2023-01-17
5.0.0-alpha.33 - 2023-01-17
5.0.0-alpha.32 - 2023-01-16
5.0.0-alpha.31 - 2023-01-04
5.0.0-alpha.30 - 2022-12-28
5.0.0-alpha.29 - 2022-12-23
5.0.0-alpha.28 - 2022-12-15
5.0.0-alpha.27 - 2022-11-03
5.0.0-alpha.26 - 2022-10-12
5.0.0-alpha.25 - 2022-10-11
5.0.0-alpha.24 - 2022-10-03
5.0.0-alpha.23 - 2022-10-03
5.0.0-alpha.22 - 2022-09-23
5.0.0-alpha.21 - 2022-09-20
5.0.0-alpha.20 - 2022-09-15
5.0.0-alpha.19 - 2022-09-14
5.0.0-alpha.18 - 2022-09-12
5.0.0-alpha.17 - 2022-09-08
5.0.0-alpha.16 - 2022-09-01
5.0.0-alpha.15 - 2022-09-01
5.0.0-alpha.14 - 2022-08-31
5.0.0-alpha.13 - 2022-08-26
5.0.0-alpha.12 - 2022-08-25
5.0.0-alpha.11 - 2022-08-23
5.0.0-alpha.10 - 2022-08-12
5.0.0-alpha.9 - 2022-08-11
5.0.0-alpha.8 - 2022-08-10
5.0.0-alpha.7 - 2022-08-09
5.0.0-alpha.6 - 2022-08-08
5.0.0-alpha.5 - 2022-08-04
5.0.0-alpha.4 - 2022-08-03
5.0.0-alpha.3 - 2022-07-28
5.0.0-alpha.2 - 2022-07-27
5.0.0-alpha.1 - 2022-07-25
4.24.0 - 2024-06-25

from algoliasearch GitHub release notes

Important

Warning: This PR contains a major version upgrade, and may be a breaking change.
Check the changes in this PR to ensure they won't cause issues with your project.
This PR was automatically created by Snyk using the credentials of a real user.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

📜 Customise PR templates

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

Snyk has created this PR to upgrade algoliasearch from 4.24.0 to 5.19.0. See this package in npm: algoliasearch See this project in Snyk: https://app.snyk.io/org/sec32fun32/project/5340c06c-0ba4-4d5c-9420-83153fbcf8bc?utm_source=github&utm_medium=referral&page=upgrade-pr

socket-security · 2025-02-03T01:05:27Z

New, updated, and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package	New capabilities	Transitives	Size	Publisher
npm/@arethetypeswrong/[email protected]	Transitive: environment, filesystem, network, shell, unsafe	`+47`	31.5 MB	andrewbranch
npm/@eslint-community/[email protected]	None	`0`	43 kB	eslint-community-bot
npm/[email protected] 🔁 npm/[email protected]	Transitive: network	`+13`	11.4 MB	bobylito, haroenv, iam4x, ...7 more
npm/[email protected]	filesystem Transitive: environment	`+14`	3.23 MB	gajus
npm/[email protected]	filesystem Transitive: environment, unsafe	`+11`	2.07 MB	weiran.zsd
npm/[email protected]	Transitive: environment, filesystem, shell, unsafe	`+58`	6.09 MB	sindresorhus
npm/[email protected]	Transitive: environment, filesystem	`+13`	6.3 MB	hcatlin, nex3, sassbot
npm/[email protected]	None	`0`	9.52 kB	ota-meshi
npm/[email protected]	None	`0`	6.55 kB	kristerkari
npm/[email protected]	None	`0`	19.1 kB	ybiquitous
npm/[email protected]	environment, filesystem	`+35`	2.21 MB	ybiquitous
npm/[email protected]	Transitive: environment	`+6`	92.1 kB	munter
npm/[email protected]	None	`0`	22.7 MB	typescript-bot

View full report↗︎

socket-security · 2025-02-03T01:05:28Z

🚨 Potential security issues detected. Learn more about Socket for GitHub ↗︎

To accept the risk, merge this PR and you will not be notified again.

Alert	Package	Note	Source	CI
Deprecated	npm/[email protected]	Reason: request has been deprecated, see https://github.com/Request’s Past, Present and Future request/request#3142	`docs/package.json`	⚠︎
Deprecated	npm/[email protected]	Reason: Use your platform's native performance.now() and performance.timeOrigin.	`docs/package.json`	⚠︎
High CVE	npm/[email protected]	CVE: GHSA-44c6-4v22-4mhx semver-regex Regular Expression Denial of Service (ReDOS) (HIGH) Affected versions: < 3.1.3 Patched version: 3.1.3	`docs/package.json`	⚠︎
Unpopular package	npm/[email protected]	Location: Package overview	`docs/package.json`	⚠︎

View full report↗︎

Next steps

What is a deprecated package?

The maintainer of the package marked it as deprecated. This could indicate that a single version should not be used, or that the package is no longer maintained and any new vulnerabilities will not be fixed.

Research the state of the package and determine if there are non-deprecated versions that can be used, or if it should be replaced with a new, supported solution.

What is a CVE?

Contains a high severity Common Vulnerability and Exposure (CVE).

Remove or replace dependencies that include known high severity CVEs. Consumers can use dependency overrides or npm audit fix --force to remove vulnerable dependencies.

What are unpopular packages?

This package is not very popular.

Unpopular packages may have less maintenance and contain other problems.

Take a deeper look at the dependency

Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support [AT] socket [DOT] dev.

Remove the package

If you happen to install a dependency that Socket reports as Known Malware you should immediately remove it and select a different dependency. For other alert types, you may may wish to investigate alternative packages or consider if there are other ways to mitigate the specific risk posed by the dependency.

Mark a package as acceptable risk

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of ecosystem/package-name@version specifiers. e.g. @SocketSecurity ignore npm/[email protected] or ignore all packages with @SocketSecurity ignore-all

@SocketSecurity ignore npm/[email protected]
@SocketSecurity ignore npm/[email protected]
@SocketSecurity ignore npm/[email protected]
@SocketSecurity ignore npm/[email protected]

github-actions · 2025-02-13T22:37:19Z

Hi everyone, it looks like we lost track of this pull request. Please review and see what the next steps are. This pull request will auto-close in 7 days without an update.

github-actions bot added the Stale label Feb 13, 2025

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[Snyk] Upgrade algoliasearch from 4.24.0 to 5.19.0 #60

[Snyk] Upgrade algoliasearch from 4.24.0 to 5.19.0 #60

Sec32fun32 commented Feb 3, 2025

New version released!

What's Changed

New version released!

What's Changed

New version released!

What's Changed

New version released!

What's Changed

New version released!

What's Changed

socket-security bot commented Feb 3, 2025

socket-security bot commented Feb 3, 2025

github-actions bot commented Feb 13, 2025

[Snyk] Upgrade algoliasearch from 4.24.0 to 5.19.0 #60

Are you sure you want to change the base?

[Snyk] Upgrade algoliasearch from 4.24.0 to 5.19.0 #60

Conversation

Sec32fun32 commented Feb 3, 2025

Snyk has created this PR to upgrade algoliasearch from 4.24.0 to 5.19.0.

New version released!

What's Changed

New version released!

What's Changed

New version released!

What's Changed

New version released!

What's Changed

New version released!

What's Changed

socket-security bot commented Feb 3, 2025

socket-security bot commented Feb 3, 2025

Next steps

github-actions bot commented Feb 13, 2025