[Snyk] Fix for 1 vulnerabilities

[ekmixon]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • site/package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: hexo

The new version differs by 250 commits.

• c749815 Hexo 6.0.0 (#4750)
• 5977928 chore: bump actions/stale from 3 to 4 (#4828)
• 8ac908a Cleanup dependabot (#4820)
• 11b145c Switch to picocolors (#4825)
• 3ed6fd9 fix(post): escape swig full tag with args (#4824)
• 902cd70 chore: bump sinon from 11.1.2 to 12.0.1 (#4810)
• 0c6380c refactor: native Array.flat() (#4806)
• ed0f239 perf(tag/helper): memoize (#4789)
• 2ec4f63 chore: bump eslint from 7.32.0 to 8.0.0 (#4799)
• 0f534b2 chore: bump hexo-log from 2.0.0 to 3.0.0 (#4794)
• 098cf0a perf(external_link): optimize regexp (#4790)
• 02cbfe3 fix(processor): remove race condition failsafe (#4791)
• 9edbc99 fix(#4780): empty tag name correction (#4786)
• b56ba65 refactor/perf: use nanocolors (#4788)
• b3bd7d4 chore: bump husky from 4.3.8 to 7.0.2 (#4763)
• 9c9b2a5 fix(#4780): curly brackets (#4784)
• a342422 perf: overall improvements (#4783)
• 6f702fc feat: load hexo plugin in the theme's package.json (#4771)
• a2ec6b2 feat(open_graph): different URLs for og:image and twitter:image (#4748)
• 0c979bf refactor(post): use state machine to escape swig tag (#4780)
• 67fc844 doc: add homebrew install (#4724)
• 6164db1 chore: bump sinon from 10.0.1 to 11.1.2 (#4747)
• c18d575 chore: bump mocha from 8.4.0 to 9.1.1 (#4765)
• bb61f15 chore: drop Node 10 (#4779)

See the full diff

Package name: hexo-server

The new version differs by 125 commits.

• 0ffb748 chore: bump version from 2.0.0 to 3.0.0 (Blaze + Polymer meteor/blaze#195)
• 2f6e4b8 chore(docs): update badges (Polymer 1.0 icon rendering issue while using blaze in Chrome meteor/blaze#194)
• 9d582d6 refactor: use the WHATWG URL API instead of `url.format` (Template.parentData() in event handlers can't access the parent data context in the same template meteor/blaze#193)
• b79c72b chore(deps): bump mime from 2.5.2 to 3.0.0 (IE11 crashes when Blaze updates <table> children while MutationObserver is active meteor/blaze#181)
• 00c2027 chore: drop nodejs 10.x (Bug in {{else}}. Does not fully evaluate expressions using helpers. meteor/blaze#192)
• 6db91dc chore(deps-dev): bump sinon from 11.1.2 to 12.0.1 (Template.currentData behaves differently in helpers and event handlers meteor/blaze#183)
• 04dd7d6 chore(deps-dev): bump eslint from 8.1.0 to 8.5.0 (Fold template-extension package into core packages meteor/blaze#190)
• 799dd34 chore(deps-dev): bump hexo from 5.4.0 to 6.0.0 (Feature Request: Allow extra template tag attributes and copy them to the template meteor/blaze#191)
• a253e04 chore(deps): bump open from 8.3.0 to 8.4.0 (TemplateInstance#data is only updated when Template.instance() is called meteor/blaze#179)
• bf2da7a Cleanup dependant config
• f33dc00 chore(deps-dev): bump mocha from 8.4.0 to 9.1.3 (How to sync template.autorun with DOM update? meteor/blaze#176)
• 207ae51 chore(deps-dev): bump eslint from 7.32.0 to 8.1.0 (Tracker.autorun inside template.autorun should make sure Template.instance() works meteor/blaze#178)
• 27efa8d chore(deps-dev): bump sinon from 10.0.1 to 11.1.2 (HTML files with <head> tags shuld be added to the server side target meteor/blaze#167)
• 7adcfca Switch to picocolors (Strange order of life-cycle callbacks in Blaze meteor/blaze#177)
• ecb1a5d chore(deps): bump open from 8.2.1 to 8.3.0 (Extra reactive call when helper is used both with #if and within an html attribute meteor/blaze#172)
• 01ef59c refactor: replace chalk with nanocolors (Un-rendering and re-rendering a large section of DOM can be expensive; add a way to keep the DOM around when it is not visible meteor/blaze#171)
• 6048415 feat: check if header has already been set (We need global template hooks meteor/blaze#49)
• 14f5592 chore(deps-dev): bump supertest from 5.0.0 to 6.1.3 (Need a way to stop reactive updates on a template meteor/blaze#147)
• c3294cf fix: send correct MIME for rss file (What do bad index means meteor/blaze#145)
• cc1ff81 chore(deps): bump open from 7.4.2 to 8.0.9 (Blaze messing up with inline style definition meteor/blaze#159)
• 5a786bd chore(deps-dev): bump sinon from 9.2.4 to 10.0.1 (Feature request: preserve form inputs across hot code reload meteor/blaze#154)
• 95ec110 Upgrade to GitHub-native Dependabot (Blaze re-rendering doesn't keep up with keystrokes meteor/blaze#157)
• 571d235 chore(deps-dev): bump supertest from 4.0.2 to 5.0.0 (Missing semi-colon when new style rule is added meteor/blaze#141)
• 5693469 Merge pull request Template.instance() is null in nested helpers. meteor/blaze#140 from curbengh/v2.0.0

See the full diff

Package name: showdown

The new version differs by 41 commits.

• 483e51f release 1.9.1
• 5cc3fcc update dev dependencies
• 1cd281f fix(openLinksInNewWindow): add rel="noopener noreferrer" to links
• 58208e5 update dependencies
• 8afa1ff release 1.9.0
• cc1b955 prep release
• a894a0e docs: add mention to makeMd() to reamde.md
• e4b0e69 feat(converter.makeMarkdown): add an HTML to MD converter
• 5c0d67e fix(italicsAndBold): Make italicsAndBold lazy (#608)
• afbaec9 docs(donations.md): update
• 0087148 docs(readme.md): update
• 69b816e docs(completeHTMLDocument): Change completeHTMLDocument comment (#610)
• a608114 docs(readme.md): update readme.md
• 9907c95 add md-page to people who use (#604)
• 3fe5e9a Update DONATIONS.md
• 012f8d6 Update DONATIONS.md
• 47428b7 Update README.md
• c96c3ef Update README.md
• dc70e68 docs(emoji): Change emoji comment (#611)
• 0c6f345 fix(italicsAndBold): Make italicsAndBold lazy (#608)
• e6aeb61 release 1.8.7
• 828c32f fix(gfm-codeblocks): leading space no longer breaks gfm codeblocks
• dfeb1e2 fix(mentions): allow for usernames with dot, underscore and dash
• 79ed024 test: add test for issue 585

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.

[pull-request-quantifier-deprecated]

This PR has 6 quantified lines of changes. In general, a change size of upto 200 lines is ideal for the best PR experience!

---

Quantification details

Label      : Extra Small
Size       : +3 -3
Percentile : 2.4%

Total files changed: 1

Change summary by file extension:
.json : +3 -3

Change counts above are quantified counts, based on the PullRequestQuantifier customizations.

Why proper sizing of changes matters

Optimal pull request sizes drive a better predictable PR flow as they strike a
balance between between PR complexity and PR review overhead. PRs within the
optimal size (typical small, or medium sized PRs) mean:

• Fast and predictable releases to production:
  • Optimal size changes are more likely to be reviewed faster with fewer
    iterations.
  • Similarity in low PR complexity drives similar review times.
• Review quality is likely higher as complexity is lower:
  • Bugs are more likely to be detected.
  • Code inconsistencies are more likely to be detetcted.
• Knowledge sharing is improved within the participants:
  • Small portions can be assimilated better.
• Better engineering practices are exercised:
  • Solving big problems by dividing them in well contained, smaller problems.
  • Exercising separation of concerns within the code changes.

What can I do to optimize my changes

• Use the PullRequestQuantifier to quantify your PR accurately
  • Create a context profile for your repo using the context generator
  • Exclude files that are not necessary to be reviewed or do not increase the review complexity. Example: Autogenerated code, docs, project IDE setting files, binaries, etc. Check out the Excluded section from your prquantifier.yaml context profile.
  • Understand your typical change complexity, drive towards the desired complexity by adjusting the label mapping in your prquantifier.yaml context profile.
  • Only use the labels that matter to you, see context specification to customize your prquantifier.yaml context profile.
• Change your engineering behaviors
  • For PRs that fall outside of the desired spectrum, review the details and check if:
    • Your PR could be split in smaller, self-contained PRs instead
    • Your PR only solves one particular issue. (For example, don't refactor and code new features in the same PR).

How to interpret the change counts in git diff output

• One line was added: +1 -0
• One line was deleted: +0 -1
• One line was modified: +1 -1 (git diff doesn't know about modified, it will
  interpret that line like one addition plus one deletion)
• Change percentiles: Change characteristics (addition, deletion, modification)
  of this PR in relation to all other PRs within the repository.

---

Was this comment helpful? 👍  :ok_hand:  :thumbsdown: (Email)
Customize PullRequestQuantifier for this repository.