[Snyk] Upgrade hexo from 3.7.1 to 6.3.0 #13

Woodpile37 · 2023-03-21T18:13:30Z

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to upgrade hexo from 3.7.1 to 6.3.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

Warning: This is a major version upgrade, and may be a breaking change.

The recommended version is 21 versions ahead of your current version.
The recommended version was released 6 months ago, on 2022-09-08.

The recommended version fixes:

Issue	PriorityScore (*)	Exploit Maturity
Access Restriction Bypass SNYK-JS-XMLHTTPREQUESTSSL-1255647	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Prototype Pollution SNYK-JS-Y18N-1021887	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Prototype Pollution SNYK-JS-Y18N-1021887	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Command Injection SNYK-JS-GLOBALMODULESPATH-3167973	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Prototype Override Protection Bypass npm:qs:20170213	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-REMARKABLE-174639	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Arbitrary File Read SNYK-JS-MACADDRESS-567156	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Arbitrary Command Injection npm:macaddress:20180511	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Cryptographic Issues SNYK-JS-ELLIPTIC-571484	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Denial of Service (DoS) SNYK-JS-ENGINEIO-1056749	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Denial of Service (DoS) SNYK-JS-ENGINEIO-3136336	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Prototype Pollution SNYK-JS-COPYPROPS-1082870	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Denial of Service (DoS) SNYK-JS-DECODEURICOMPONENT-3149970	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Prototype Pollution SNYK-JS-INI-1048974	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-ACORN-559469	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Prototype Pollution SNYK-JS-AJV-584908	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-AXIOS-1579269	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Prototype Pollution SNYK-JS-MIXINDEEP-450212	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Directory Traversal SNYK-JS-MOMENT-2440688	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-MOMENT-2944238	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Prototype Pollution SNYK-JS-LODASHMERGE-173732	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Prototype Pollution SNYK-JS-NUNJUCKS-1079083	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Prototype Pollution SNYK-JS-OBJECTPATH-1017036	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Prototype Poisoning SNYK-JS-QS-3153490	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Prototype Poisoning SNYK-JS-QS-3153490	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Prototype Pollution npm:extend:20180424	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Prototype Pollution npm:extend:20180424	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Prototype Pollution SNYK-JS-SETVALUE-450213	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Remote Code Execution (RCE) SNYK-JS-SHELLQUOTE-1766506	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Denial of Service (DoS) SNYK-JS-SOCKETIOPARSER-1056752	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Denial of Service (DoS) SNYK-JS-SOCKETIOPARSER-1056752	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Arbitrary Code Injection SNYK-JS-XMLHTTPREQUESTSSL-1082936	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Arbitrary File Overwrite SNYK-JS-TAR-1536528	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Arbitrary File Overwrite SNYK-JS-TAR-1536531	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Arbitrary File Write SNYK-JS-TAR-1579147	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Arbitrary File Write SNYK-JS-TAR-1579152	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Arbitrary File Write SNYK-JS-TAR-1579155	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Arbitrary File Overwrite SNYK-JS-TAR-174125	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-UAPARSERJS-1023599	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-UAPARSERJS-610226	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Cross-site Scripting (XSS) SNYK-JS-REMARKABLE-174641	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Prototype Pollution SNYK-JS-SETVALUE-1540541	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Prototype Pollution SNYK-JS-SETVALUE-450213	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Prototype Pollution SNYK-JS-SETVALUE-1540541	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Prototype Pollution SNYK-JS-LOADERUTILS-3043105	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-MARKDOWN-560793	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-MARKDOWN-597156	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-3050818	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Cross-site Scripting (XSS) SNYK-JS-BOOTSTRAP-173700	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Regular Expression Denial of Service (ReDoS) npm:ua-parser-js:20180227	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Cryptographic Issues SNYK-JS-ELLIPTIC-1064899	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Timing Attack SNYK-JS-ELLIPTIC-511941	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Information Exposure SNYK-JS-FOLLOWREDIRECTS-2332181	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Prototype Pollution SNYK-JS-DOTPROP-543489	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Open Redirect SNYK-JS-ECSTATIC-174543	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Prototype Pollution SNYK-JS-JQUERY-174006	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Cross-site Scripting (XSS) SNYK-JS-JQUERY-565129	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Mature
Cross-site Scripting (XSS) SNYK-JS-HEXO-1932976	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Prototype Pollution SNYK-JS-HIGHLIGHTJS-1045326	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Cross-site Scripting (XSS) SNYK-JS-JQUERY-567880	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Mature
Prototype Pollution SNYK-JS-JSON5-3182856	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Server-Side Request Forgery (SSRF) SNYK-JS-AXIOS-1038255	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Denial of Service (DoS) SNYK-JS-AXIOS-174505	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-HOSTEDGITINFO-1088355	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Denial of Service (DoS) SNYK-JS-HTTPPROXY-569139	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Prototype Pollution SNYK-JS-LODASHMERGE-173733	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Arbitrary Code Injection SNYK-JS-MORGAN-72579	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Prototype Pollution SNYK-JS-OBJECTPATH-1569453	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-PATHPARSE-1077067	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Denial of Service (DoS) npm:mem:20180117	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Regular Expression Denial of Service (ReDoS) npm:string:20170907	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Mature
Uninitialized Memory Exposure npm:atob:20180429	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Mature
Time of Check Time of Use (TOCTOU) npm:chownr:20180731	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Insecure Defaults SNYK-JS-SOCKETIO-1024859	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Arbitrary Code Execution SNYK-JS-SWIGTEMPLATES-3266806	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Prototype Pollution SNYK-JS-UNDEFSAFE-548940	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-WS-1296835	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-LOADERUTILS-3042992	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Regular Expression Denial of Service (ReDoS) npm:debug:20170905	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Regular Expression Denial of Service (ReDoS) npm:braces:20180219	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Arbitrary Command Injection npm:command-exists:20180512	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Mature
Improper Input Validation SNYK-JS-SOCKETIOPARSER-3091012	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Improper Input Validation SNYK-JS-SOCKETIOPARSER-3091012	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Arbitrary Code Injection SNYK-JS-UNDERSCORE-1080984	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-UAPARSERJS-1072471	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Prototype Pollution SNYK-JS-SETGETTER-1303099	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-LOADERUTILS-3105943	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Information Exposure SNYK-JS-FOLLOWREDIRECTS-2396346	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-TAR-1536758	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Validation Bypass SNYK-JS-KINDOF-537849	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: hexo

6.3.0 - 2022-09-08
New Features
- feat(tag/post_link): throw on post_link error by @ xbc5 in #4938
- feat(tag/include_code): robust for url compuation of view raw by @ stevenjoezhang in #4996
- feat(paginator): allow custom class name by @ renbaoshuo in #5001
- feat(helper/toc): more flexible class name by @ renbaoshuo in #5010
- feat(helper/tagcloud): show_count option (#5047) by @ renbaoshuo in #5048
- feat(tag/code): add language_attr option (hexojs/hexo-util#278) by @ renbaoshuo in #5017
- feat(helper/is): add is_home_first_page() helper by @ renbaoshuo in #5006
Improvements
- let post_link use original post title as title attribute by @ ppwwyyxx in #4973
Fixes
- fix(hexo/index): db.json file path in debug logging on Windows by @ stevenjoezhang in #4994
- fix(tag): show source file in unformatted error message by @ curbengh in #5031
- Don't use data-uri for og:image by @ KentarouTakeda in #5053
Refactors
- refactor(helper/open_graph): use whatwg url api by @ renbaoshuo in #5007
- chore(mail_to): use native URLSearchParams by @ renbaoshuo in #5002
Test
- test: replace nyc with c8 by @ stevenjoezhang in #5040
- chore(test/extend/tag): async function (#3328) by @ renbaoshuo in #5003
CI/CD
- chore: Set permissions for GitHub actions by @ neilnaveen in #4947
- chore: delete release-drafter by @ yoshinorin in #5044
- chore: improved benchmark result in github actions by @ renbaoshuo in #5013
Dependencies
- chore(deps): bump hexo-util and warehouse by @ yoshinorin in #5028
- chore(deps): bump hexo-log from 3.0.0 to 3.2.0 by @ yoshinorin in #5054
Misc
- Update license year by @ renbaoshuo in #5041
- chore: update issue template by @ yoshinorin in #5030
- chore: update .gitignore by @ yoshinorin in #4967
New Contributors
- @ xbc5 made their first contribution in #4938
- @ neilnaveen made their first contribution in #4947
- @ ppwwyyxx made their first contribution in #4973
Full Changelog: 6.2.0...6.3.0
6.2.0 - 2022-05-10
Read more
6.1.0 - 2022-03-11
Read more
6.0.0 - 2021-12-22
Read more
5.4.2 - 2022-04-07
Fixes
- fix(#4917): downgrade js-yaml from v4.x to v3.14.x by @ yoshinorin in #4932
Full Changelog: 5.4.1...5.4.2
5.4.1 - 2022-01-22
Fixes
- Fix js-yaml tags for v4.0.0+ (#4869) by @ marcofranssen in #4876
Full Changelog: 5.4.0...5.4.1
5.4.0 - 2021-02-21
Read more
5.3.0 - 2020-12-17
New features
- expose escape_html helper method for string manipulation to templates @ awwong1 [#4581]
- list_tags: span element & custom class for label @ noraj [#4578]
Fixes
- fix(load_plugins): ignore plugin whose name is started with "hexo-theme" @ stevenjoezhang [#4592]
- fix(codeblock): closing code fence may be followed only by spaces @ stevenjoezhang [#4574]
Refactor
- Replace process.mainModule with require.main @ stevenjoezhang [#4583]
Docs
- docs(badge): replace david-dm with more reliable shields.io @ curbengh [#4538]
5.2.0 - 2020-09-17
Read more
5.1.1 - 2020-08-23
Read more
5.1.0 - 2020-08-22
5.0.2 - 2020-08-10
5.0.1 - 2020-08-10
5.0.0 - 2020-07-29
4.2.1 - 2020-05-14
4.2.0 - 2019-12-22
4.1.1 - 2019-12-12
4.1.0 - 2019-12-09
4.0.0 - 2019-10-16
3.9.0 - 2019-06-16
3.8.0 - 2018-10-19
3.7.1 - 2018-04-10

from hexo GitHub release notes

Commit messages

Package name: hexo

4d42d9d release: 6.3.0 (#5043)
16e189f chore(deps): bump hexo-log from 3.0.0 to 3.2.0 (#5054)
06a8ebb fix(#5053): exclude data-uri image for og:image (#5053)
6deeb8d feat(tag/code): add `language_attr` option (feat(highlight): add languageAttr option hexojs/hexo-util#278) (#5017)
d9e5f2e feat(helper/tagcloud): show_count option (#5047) (#5048)
d95d297 chore: delete `release-drafter` (#5044)
354f1f1 Update license year (#5041)
e44b48c feat(tag/post_link): use original post title as title attribute (#4973)
a2fc8c0 test: replace nyc with c8 (#5040)
b48f095 fix(tag): show source file in unformatted error message (#5031)
bbf09ac chore: update issue template (#5030)
29884d8 chore(deps): bump hexo-util and warehouse (#5028)
8a08bb9 chore: improved benchmark result in github actions (#5013)
6c29971 feat(helper/toc): more flexible class name (#5010)
104b721 chore(test/extend/tag): async function (#3328) (#5003)
ccbed65 feat(helper/is): add `is_home_first_page()` helper (#5006)
3bd5f2b refactor(helper/open_graph): use whatwg url api (#5007)
24db105 refactor(mail_to): use native URLSearchParams (#5002)
8193550 feat(paginator): custom class name (#5001)
aa6c3c5 feat(tag/include_code): robust for url compuation of `view raw` (#4996)
d449acc chore: set permissions for GitHub actions (#4947)
ff5d85e fix(#4993): correct `db.json` path in debug logging (#4994)
e62f2a6 feat(tag/post_link): throw on post_link error (#4938)
afc4d7f chore: update .gitignore (#4967)

Compare

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

Snyk has created this PR to upgrade hexo from 3.7.1 to 6.3.0. See this package in npm: https://www.npmjs.com/package/hexo See this project in Snyk: https://app.snyk.io/org/jwood3794/project/d7409f16-9920-49b0-a27a-aa1697b27157?utm_source=github&utm_medium=referral&page=upgrade-pr

Woodpile37 merged commit 80bc7ca into master Mar 25, 2023

Woodpile37 deleted the snyk-upgrade-4ec14cb322efdadb28ba02ecc7b00d7d branch March 25, 2023 01:34

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[Snyk] Upgrade hexo from 3.7.1 to 6.3.0 #13

[Snyk] Upgrade hexo from 3.7.1 to 6.3.0 #13

Woodpile37 commented Mar 21, 2023

New Features

Improvements

Fixes

Refactors

Test

CI/CD

Dependencies

Misc

New Contributors

Fixes

Fixes

New features

Fixes

Refactor

Docs

[Snyk] Upgrade hexo from 3.7.1 to 6.3.0 #13

[Snyk] Upgrade hexo from 3.7.1 to 6.3.0 #13

Conversation

Woodpile37 commented Mar 21, 2023

Snyk has created this PR to upgrade hexo from 3.7.1 to 6.3.0.

New Features

Improvements

Fixes

Refactors

Test

CI/CD

Dependencies

Misc

New Contributors

Fixes

Fixes

New features

Fixes

Refactor

Docs