[Snyk] Upgrade: , clsx, framer-motion, meilisearch, next, next-themes, openai, p-map, pinecone-client, quick-lru, react-spinners, unified, rehype-format, rehype-raw, rehype-stringify, remark-gfm, remark-parse, remark-rehype, remark-stringify

[WontonSam]

Snyk has created this PR to upgrade multiple dependencies.

👯‍♂ The following dependencies are linked and will therefore be updated together.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

⚠️ Warning: This PR contains major version upgrade(s), and may be a breaking change.

Name	Versions	Released on

@vercel/analytics
from 0.1.11 to 1.3.1 | 28 versions ahead of your current version
⚠️ This is a major version upgrade, and may be a breaking change | 4 months ago
on 2024-05-24
clsx
from 1.2.1 to 2.1.1 | 5 versions ahead of your current version
⚠️ This is a major version upgrade, and may be a breaking change | 5 months ago
on 2024-04-23
framer-motion
from 10.18.0 to 11.3.28 | 129 versions ahead of your current version
⚠️ This is a major version upgrade, and may be a breaking change | 25 days ago
on 2024-08-15
meilisearch
from 0.31.1 to 0.41.0 | 27 versions ahead of your current version | 2 months ago
on 2024-07-01
next
from 13.5.6 to 14.2.5 | 362 versions ahead of your current version
⚠️ This is a major version upgrade, and may be a breaking change | 2 months ago
on 2024-07-10
next-themes
from 0.2.1 to 0.3.0 | 2 versions ahead of your current version | 6 months ago
on 2024-03-13
openai
from 3.3.0 to 4.56.0 | 146 versions ahead of your current version
⚠️ This is a major version upgrade, and may be a breaking change | 24 days ago
on 2024-08-16
p-map
from 5.5.0 to 7.0.2 | 4 versions ahead of your current version
⚠️ This is a major version upgrade, and may be a breaking change | 5 months ago
on 2024-04-03
pinecone-client
from 1.1.2 to 2.0.0 | 2 versions ahead of your current version
⚠️ This is a major version upgrade, and may be a breaking change | a year ago
on 2023-10-23
quick-lru
from 6.1.2 to 7.0.0 | 1 version ahead of your current version
⚠️ This is a major version upgrade, and may be a breaking change | a year ago
on 2023-09-11
react-spinners
from 0.13.8 to 0.14.1 | 2 versions ahead of your current version | 2 months ago
on 2024-06-26
unified
from 10.1.2 to 11.0.5 | 6 versions ahead of your current version
⚠️ This is a major version upgrade, and may be a breaking change | 3 months ago
on 2024-06-19
rehype-format
from 4.0.1 to 5.0.0 | 1 version ahead of your current version
⚠️ This is a major version upgrade, and may be a breaking change | a year ago
on 2023-08-30
rehype-raw
from 6.1.1 to 7.0.0 | 1 version ahead of your current version
⚠️ This is a major version upgrade, and may be a breaking change | a year ago
on 2023-08-26
rehype-stringify
from 9.0.4 to 10.0.0 | 1 version ahead of your current version
⚠️ This is a major version upgrade, and may be a breaking change | a year ago
on 2023-08-26
remark-gfm
from 3.0.1 to 4.0.0 | 1 version ahead of your current version
⚠️ This is a major version upgrade, and may be a breaking change | a year ago
on 2023-09-18
remark-parse
from 10.0.2 to 11.0.0 | 1 version ahead of your current version
⚠️ This is a major version upgrade, and may be a breaking change | a year ago
on 2023-09-18
remark-rehype
from 10.1.0 to 11.1.0 | 2 versions ahead of your current version
⚠️ This is a major version upgrade, and may be a breaking change | 8 months ago
on 2024-01-11
remark-stringify
from 10.0.3 to 11.0.0 | 1 version ahead of your current version
⚠️ This is a major version upgrade, and may be a breaking change | a year ago
on 2023-09-18

Issues fixed by the recommended upgrade:

	Issue	Score	Exploit Maturity
	Cross-site Request Forgery (CSRF) SNYK-JS-AXIOS-6032459	676	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-AXIOS-6124857	676	Proof of Concept
	Server-Side Request Forgery (SSRF) SNYK-JS-NEXT-6828457	676	Proof of Concept

Release notes

Package name: @vercel/analytics

• 1.3.1 - 2024-05-24
  

  What's Changed

  • fix: nextjs parallel routes with catchall isn't supported by @ feugy in #141

  Full Changelog: 1.3.0...1.3.1

• 1.3.0 - 2024-05-23
  

  What's Changed

  • feat: include flags in custom events and page views by @ AndyBitz, @ tobiaslins, @ feugy in #140

  Full Changelog: 1.2.2...1.3.0

• 1.2.2 - 2024-02-20
  

  What's Changed

  • fix: export issue when testing with jest and ts-node by @ feugy in #134

  Full Changelog: 1.2.1...1.2.2

• 1.2.1 - 2024-02-19
  

  What's Changed

  • fix: incorrect package exports by @ feugy in #133

  New Contributors

  • @ feugy made their first contribution in #133

  Full Changelog: 1.2.0...1.2.1

• 1.2.0 - 2024-02-16
  

  What's Changed

  • Add route support by @ tobiaslins in #127

  Full Changelog: 1.1.4...1.2.0

• 1.2.0-beta.4 - 2024-02-01
  

  Improved route support for race conditions

• 1.2.0-beta.3 - 2024-01-26
  

  Improve route support in pages router

• 1.2.0-beta.2 - 2024-01-25
  

  Further improve route support and better testing

• 1.2.0-beta.1 - 2024-01-25
• 1.1.4 - 2024-02-15
  

  What's Changed

  • server/track: always consume the response body for a track request by @ MaxLeiter in #131

  New Contributors

  • @ MaxLeiter made their first contribution in #131

  Full Changelog: 1.1.3...1.1.4

• 1.1.3 - 2024-02-05
  

  What's Changed

  • Server events can now be sent when deployment protection is enabled by @ tobiaslins in #129

  Full Changelog: 1.1.2...1.1.3

• 1.1.2 - 2024-01-18
• 1.1.1 - 2023-10-12
• 1.1.0 - 2023-10-06
• 1.1.0-beta.9 - 2023-10-05
• 1.1.0-beta.8 - 2023-10-05
• 1.1.0-beta.7 - 2023-10-05
• 1.1.0-beta.6 - 2023-10-05
• 1.1.0-beta.5 - 2023-09-21
• 1.1.0-beta.4 - 2023-08-11
• 1.1.0-beta.3 - 2023-08-08
• 1.1.0-beta.2 - 2023-07-18
• 1.1.0-beta.1 - 2023-07-14
• 1.0.2 - 2023-08-10
• 1.0.1 - 2023-05-03
• 1.0.1-beta.1 - 2023-04-28
• 1.0.1-beta.0 - 2023-04-28
• 1.0.0 - 2023-04-19
• 0.1.11 - 2023-02-28

from @vercel/analytics GitHub release notes

Package name: clsx

• 2.1.1 - 2024-04-23
  

  Patches

  • (types) Include bigint in ClassValue type: (#96): 3d960ab
    Accommodates recent @ types/react changes to ReactNode.
    Thank you @ ViliamKopecky~!

  Chores

  • Add licenses.dev badge: 684509c
    This service recursively analyzes entire dependency graphs to ensure that a package (or your project) is using permissive licenses. For example, here's a results table for polka@next and a larger astro example.

  ---

  Full Changelog: v2.1.0...v2.1.1

• 2.1.0 - 2023-12-29
  

  Features

  • Add new clsx/lite submodule for string-only usage: 1a49142

    This is a 140b version of clsx that is ideal for Tailwind and/or React contexts, which typically follow this clsx usage pattern:

    clsx('foo bar', props.maybe && 'conditional classes', props.className);

    Important: This clsx/lite module ignores all non-string arguments and is therefore not a 1:1 replacement for clsx itself!

    import { clsx } from 'clsx';
    import { clsx as lite } from 'clsx/lite';

    // strings-only usage is identical
    clsx('foo', null, 'bar', true && 'baz'); //=> "foo bar baz"
    lite('foo', null, 'bar', true && 'baz'); //=> "foo bar baz"

    // clsx/lite ignores all non-strings
    clsx('foo', { a: true, b: false, c: true }); //=> "foo a c"
    lite('foo', { a: true, b: false, c: true }); //=> "foo"

  ---

  Full Changelog: v2.0.1...v2.1.0

• 2.0.1 - 2023-12-29
  

  Patches

  • (perf) Cache arguments.length & array.length for 6% performance gain (#26): deff09b
    Adds 5 bytes (+2%) for ~3% avg performance gain
    Thank you @ jalalazimi

  Chores

  • Update module size: bf64e71
  • Update benchmark results: 855eec2, 6e3b2b9,
  • Replace nyc with c8 in CI: 6e2468e
  • Update Node CI matrix: 308a238
  • Fix readme typos (#76, #82): 42354d3, 4c9a55d
    Thank you @ andipaetzold and @ acusti

  ---

  Full Changelog: v2.0.0...v2.0.1

• 2.0.0 - 2023-07-15
  

  Breaking

  • Add "exports" map for native ESM support (#57): 3ec8e9f, 0949868
    Also supports TypeScript's node16/nodenext module resolution
    Maintains CommonJS support (with fixed TS definitions)
    Thank you @ remcohaszing~!

  Chores

  • Add Tailwind Support section to README (#65, #68): 496db1d, 4a4eadd
    Thank you @ kevinlowe0x3F7 & @ kevinlowe0x3F7
  • Add tests for numbers & variadic number arguments: c520353
  • Update package module size: 03e1cf9

  ---

  Full Changelog: v1.2.1...v2.0.0

• 2.0.0-next.0 - 2023-07-15
  

  2.0.0-next.0

• 1.2.1 - 2022-07-06
  

  Patches

  • Ensure CommonJS and UMD entrypoints have the named clsx export too

  Chores

  • Build CJS & UMD files manually (#50): 3712966, 2114f5b

  ---

  Full Changelog: v1.2.0...v1.2.1

from clsx GitHub release notes

Package name: framer-motion

• 11.3.28 - 2024-08-15
  

  v11.3.28

• 11.3.28-alpha.1 - 2024-08-14
  

  v11.3.28-alpha.1

• 11.3.28-alpha.0 - 2024-08-14
  

  v11.3.28-alpha.0

• 11.3.27 - 2024-08-14
  

  v11.3.27

• 11.3.26 - 2024-08-14
  

  v11.3.26

• 11.3.25 - 2024-08-14
  

  v11.3.25

• 11.3.25-alpha.12 - 2024-08-14
  

  v11.3.25-alpha.12

• 11.3.25-alpha.11 - 2024-08-14
  

  v11.3.25-alpha.11

• 11.3.25-alpha.10 - 2024-08-14
  

  v11.3.25-alpha.10

• 11.3.25-alpha.9 - 2024-08-14
  

  v11.3.25-alpha.9

• 11.3.25-alpha.8 - 2024-08-14
• 11.3.25-alpha.7 - 2024-08-14
• 11.3.25-alpha.6 - 2024-08-14
• 11.3.25-alpha.5 - 2024-08-14
• 11.3.25-alpha.4 - 2024-08-13
• 11.3.25-alpha.3 - 2024-08-13
• 11.3.25-alpha.2 - 2024-08-13
• 11.3.25-alpha.1 - 2024-08-13
• 11.3.25-alpha.0 - 2024-08-13
• 11.3.24 - 2024-08-08
• 11.3.24-alpha.2 - 2024-08-08
• 11.3.24-alpha.1 - 2024-08-08
• 11.3.23 - 2024-08-07
• 11.3.23-alpha.10 - 2024-08-08
• 11.3.23-alpha.9 - 2024-08-08
• 11.3.23-alpha.8 - 2024-08-08
• 11.3.23-alpha.7 - 2024-08-08
• 11.3.23-alpha.6 - 2024-08-08
• 11.3.23-alpha.5 - 2024-08-08
• 11.3.23-alpha.4 - 2024-08-08
• 11.3.23-alpha.3 - 2024-08-08
• 11.3.23-alpha.2 - 2024-08-08
• 11.3.23-alpha.1 - 2024-08-07
• 11.3.23-alpha.0 - 2024-08-07
• 11.3.22 - 2024-08-07
• 11.3.21 - 2024-08-01
• 11.3.20 - 2024-08-01
• 11.3.19 - 2024-07-27
• 11.3.18 - 2024-07-26
• 11.3.18-alpha.0 - 2024-07-26
• 11.3.17 - 2024-07-24
• 11.3.16 - 2024-07-24
• 11.3.15 - 2024-07-24
• 11.3.14 - 2024-07-24
• 11.3.13 - 2024-07-24
• 11.3.12 - 2024-07-23
• 11.3.11 - 2024-07-23
• 11.3.10 - 2024-07-23
• 11.3.9 - 2024-07-23
• 11.3.8 - 2024-07-19
• 11.3.7 - 2024-07-18
• 11.3.6 - 2024-07-17
• 11.3.5 - 2024-07-17
• 11.3.4 - 2024-07-16
• 11.3.3 - 2024-07-16
• 11.3.2 - 2024-07-11
• 11.3.1 - 2024-07-11
• 11.3.0 - 2024-07-10
• 11.3.0-alpha.0 - 2024-06-12
• 11.2.14 - 2024-07-09
• 11.2.13 - 2024-07-04
• 11.2.12 - 2024-06-25
• 11.2.11 - 2024-06-19
• 11.2.10 - 2024-05-31
• 11.2.9 - 2024-05-29
• 11.2.8 - 2024-05-29
• 11.2.7 - 2024-05-29
• 11.2.7-alpha.0 - 2024-05-29
• 11.2.6 - 2024-05-22
• 11.2.5 - 2024-05-21
• 11.2.4 - 2024-05-16
• 11.2.4-alpha.1 - 2024-05-21
• 11.2.4-alpha.0 - 2024-05-16
• 11.2.3 - 2024-05-16
• 11.2.2 - 2024-05-15
• 11.2.1 - 2024-05-15
• 11.2.0 - 2024-05-14
• 11.2.0-alpha.0 - 2024-04-30
• 11.1.9 - 2024-05-07
• 11.1.8 - 2024-05-06
• 11.1.7 - 2024-04-19
• 11.1.6 - 2024-04-19
• 11.1.5 - 2024-04-18
• 11.1.4 - 2024-04-18
• 11.1.3 - 2024-04-17
• 11.1.2 - 2024-04-17
• 11.1.1 - 2024-04-16
• 11.1.0 - 2024-04-16
• 11.0.28 - 2024-04-11
• 11.0.27 - 2024-04-10
• 11.0.26 - 2024-04-10
• 11.0.25 - 2024-04-05
• 11.0.24 - 2024-03-29
• 11.0.23 - 2024-03-28
• 11.0.22 - 2024-03-26
• 11.0.21 - 2024-03-26
• 11.0.20 - 2024-03-21
• 11.0.19 - 2024-03-21
• 11.0.18 - 2024-03-20
• 11.0.17 - 2024-03-20
• 11.0.16 - 2024-03-20
• 11.0.15 - 2024-03-19
• 11.0.14 - 2024-03-15
• 11.0.13 - 2024-03-14
• 11.0.12 - 2024-03-12
• 11.0.11 - 2024-03-12
• 11.0.11-sync.5 - 2024-04-09
• 11.0.11-sync.4 - 2024-04-05
• 11.0.11-sync.3 - 2024-04-05
• 11.0.11-sync.2 - 2024-03-29
• 11.0.11-sync.1 - 2024-03-28
• 11.0.11-sync.0 - 2024-03-22
• 11.0.10 - 2024-03-12
• 11.0.9 - 2024-03-12
• 11.0.8 - 2024-02-29
• 11.0.7 - 2024-02-29
• 11.0.7-alpha.0 - 2024-02-28
• 11.0.6 - 2024-02-23
• 11.0.6-alpha.1 - 2024-02-22
• 11.0.6-alpha.0 - 2024-02-22
• 11.0.5 - 2024-02-13
• 11.0.4 - 2024-02-13
• 11.0.3 - 2024-01-24
• 11.0.2 - 2024-01-23
• 11.0.1 - 2024-01-23
• 11.0.0 - 2024-01-23
• 11.0.0-alpha.2 - 2024-01-19
• 11.0.0-alpha.1 - 2024-01-19
• 10.19.0-alpha.0 - 2024-01-12
• 10.18.0 - 2024-01-10

from framer-motion GitHub release notes

Package name: meilisearch

• 0.41.0 - 2024-07-01
  

  This version introduces features released on Meilisearch v1.9.0 🎉
  Check out the changelog of Meilisearch v1.9.0 for more information on the changes.

  🚀 Enhancements

  • Add frequency matching strategy (#1670) @ the-sinner

  client.index('movies').search('interstellar', { matchingStrategy: MatchingStrategies.FREQUENCY });

  • Add rankingScoreThreshold in search (#1669) @ the-sinner and in searchGet (#1673) @ mdubus

  client.index('movies').search('badman', { rankingScoreThreshold: 0.2 });
  client.index('movies').searchGet('badman', { rankingScoreThreshold: 0.2 });

  • feat: add attribute at search (#1676) @ mdubus

  client.index('movies').search('', { distinct: 'genre' });

  • feat: get similar documents (#1677) @ mdubus

  client.index('movies').searchSimilarDocuments({ id: 'target-document-id' });

  • feat: hybrid search changes (#1679) @ mdubus

  client.index('movies').getDocuments({ retrieveVectors: true });

  🔒 Security

  • build(deps): bump ws from 5.2.3 to 5.2.4 in /playgrounds/javascript (#1672)

  ⚙️ Maintenance/misc

  • Remove unneeded comments from config files (#1657) @ flevi29
  • Fix release version check script (#1681) @ curquiza

  Thanks again to @ brunoocasali, @ curquiza, @ flevi29, @ mdubus, and @ the-sinner! 🎉

• 0.40.0 - 2024-05-15
  

  💥 Breaking Changes

  • Fix the issue introduced in the v0.39 that affected vite apps #1652 @ brunoocasali
  • Now to use the generateTenantToken you should use it with await:
    before:

    const token = client.generateTenantToken(apiKeyUid, searchRules, {
        apiKey: apiKey,
        expiresAt: expiresAt,
      })

    after:

    const token = await client.generateTenantToken(apiKeyUid, searchRules, {
        apiKey: apiKey,
        expiresAt: expiresAt,
      })

  ⚙️ Maintenance/misc

  • Update readme links to the documentation (#1650) @ mdubus

  Thanks again to @ brunoocasali, @ mdubus! 🎉

• 0.39.0 - 2024-05-06
  

  🚀 Enhancements

  • feat: hybrid search improvements for v1.8.x (#1647) @ mdubus
  • Add null to Embedder type (#1646) @ amit-ksh
  • Add searchCutoffMs index setting (#1643, #1645) @ amit-ksh

    client.index('movies').getSearchCutoffMs()
    client.index('movies').updateSearchCutoffMs(150)
    client.index('movies').resetSearchCutoffMs()

  ⚠️ if you're using vite to build your front-end app, you must add this to your configuration (see more info here #1649)

  export default defineConfig({
    plugins: [vue()],
    build: {
      rollupOptions: {
        external: ['crypto'], // this is the important part
      },
    },
  })

  Otherwise, you'll face errors like Module "crypto" has been externalized for browser compatibility.

  ⚙️ Maintenance/misc

  • Update ESLint, Prettier, TypeScript and fix/improve their configuration files (#1616) @ flevi29
  • Fix code style after configuration changes (

[google-cla]

Thanks for your pull request! It looks like this may be your first contribution to a Google open source project. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA).

View this failed invocation of the CLA check for more information.

For the most up to date status, view the checks section at the bottom of the pull request.