[Snyk] Upgrade @11ty/eleventy from 1.0.2 to 2.0.1

[rizwan-r-r]

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to upgrade @11ty/eleventy from 1.0.2 to 2.0.1.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

⚠️ Warning: This PR contains major version upgrade(s), and may be a breaking change.

• The recommended version is 45 versions ahead of your current version.

• The recommended version was released on a year ago.

Issues fixed by the recommended upgrade:

	Issue	Score	Exploit Maturity
	Cross-site Request Forgery (CSRF) SNYK-JS-AXIOS-6032459	676	Proof of Concept
	Improper Control of Generation of Code ('Code Injection') SNYK-JS-PUGCODEGEN-7086056	676	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-AXIOS-6124857	676	Proof of Concept
	Information Exposure SNYK-JS-LIQUIDJS-2952868	676	No Known Exploit

Release notes

Package name: @11ty/eleventy

• 2.0.1 - 2023-03-28
  

  Eleventy v2.0.1 is now available! You can try it out in your project now:

  npm install @ 11ty/eleventy@latest

  • Read more about project versus global installation.

  New to Eleventy?

  Eleventy is a flexible and production-ready site generator known for its zero-client JavaScript footprint, speedy sites, speedy builds, and full control over the output.

  • Build a blog from scratch in 6 minutes with Eleventy
  • Watch The State of Eleventy in Two Minutes
  • Read more about Eleventy’s project goals.

  Features and Fixes

  • Fixed: this.eleventy in JavaScript template functions #2790
  • Fixed: lodash security audits #2877
  • Fixed: pagination targets with object bracket notation #2851
  • Fixed: 11ty.js templates were too aggressively cached on watch/serve #2839 #2838
  • Fixed: Handlebars partials were too aggressively cached on watch/serve #2799
  • Fixed: Configuration reload fixes #2864 #2869 #2867
  • New: Serverless pagination now works with Arrays and Objects #2853 #2544 Learn more: https://www.11ty.dev/docs/plugins/serverless/#dynamic-slugs-to-subset-your-pagination
  • Typo fixes by @ deining in #2845

  Housekeeping

  • Full milestone/issue list: https://github.com/11ty/eleventy/milestone/43?closed=1
  • Full changelog: v2.0.0...v2.0.1

  Thank You Notes

  This project would not be possible without our lovely community. Thank you to everyone that built something with Eleventy (×684 authors on our web site!), wrote a blog post about Eleventy, contributed code, wrote a plugins, helped with documentation, asked questions, answered questions, braved The Leaderboards, participated on Discord, filed issues, attended (or organized!) a meetup, said a kind word on social media ❤️.

  • A huge thank you to Netlify, especially: @ biilmann, Chris Bach, Lauren Sell (alum), and Claire Knight, without whom this release would not have been possible.
  • 🏆 A special thanks to @ pdehaan for their tireless contributions on the Eleventy Issue tracker.
  • Yet more thanks to the all star Discord Moderators and Meetup Coordinators @ BenDMyers, @ clottman, @ dleatherman, @ darthmall, @ nachtfunke, @ siakaramalegos and @ 5t3ph.
  • All of our supporters on Open Collective ❤️
  • Contribute on Open Collective
  • How else can you contribute to Eleventy?

  Open Collective Supporters

  • Gold Sponsors: Sanity.io, Nordhealth, CloudCannon, Transloadit
  • Silver Sponsors: Unabridged Software, PQINA, Bejamas, Nathan Smith, Monarch Air Group, Getform.io, Mercury Jets, OCEG
  • Backers: Tyler Gaw, Ariel Salminen, Peter deHaan, Melanie Sumner, Ben Nash, Alejandro Rodríguez, Mat Marquis, Philip Borenstein, Jérôme Coupé, Nicolas Hoizey, Mike Aparicio, Ben Myers, Katie Sylor-Miller, Mark Buskbjerg, mortendk, Aaron Hans, Lauris Consulting, John Meyerhofer, Todd Libby, shawn j sandy, Luke Bonaccorsi, Higby, Jenn Schiffer, Dimitrios Grammatikogiannis, Devin Clark, Eric Bailey, Manuel Matuzovic, Tim Giles, Kyosuke Nakamura, Rob Sterlini, Horacio Gonzalez, Hans Gerwitz, Makoto Kawasaki, Josh Crain, Richard Hemmer, Nick Nisi, John SJ Anderson, Ryan Swaney, Alistair Shepherd, Ivo Herrmann, Flaki, Angelique Weger, John Hall, Scott McCracken, James Steinbach, Miriam Suzanne, Bentley Davis, Ara Abcarians, vince falconi, Martin Schneider, Stephanie Eckles, Frontend Weekly Tokyo, Dorin Vancea, Chris Burnell, Ximenav Vf., Rich Holman, Kasper Storgaard, Kevin Healy, Greg Gibson, Michelle Barker, Alesandro Ortiz, David A. Herron, Paul Robert Lloyd, Andrea Vaghi, Bryan Robinson, Ashur Cabrera, Raymond Camden, John Meguerian, Joe Lamyman, Dan Ryan, Sam, Brett Nelson, Paul Welsh, Ingo Steinke, Noel Forte, Melanie Richards, Marco Zehe, Wes Ruvalcaba, Luc Poupard, Entle Web Solutions, Ken Hawkins, Fershad Irani, Nikita Dubko, Aaron Gustafson, Chris, Christian Miles, Benjamin Geese, Marcus Relacion, Netin nopeustesti, Raphael Höser, Cthos, Sia Karamalegos, Jon Kuperman, Saneef Ansari, Michel van der Kroef, Flemming Meyer, Colin Fahrion, Dan Burzo, Dan Ott, Mobilemall.pk, Cheap VPS, David Darnes, Jon Roobottom, Dana Byerly, Oisín Quinn, Renkaatsopivasti, Windesol Sähkön Kilpailutus, Luke Mitchell, SignpostMarv, THE PADDING, Bob Monsour, Richmond Insulation, Patrick Byrne, zapscribbles, Frank Reding, quinnanya, Cory Birdsong, Aram ZS, Andy Stevenson, Robin Rendle, HelppoHinta.fi, Tanner Dolby, jpoehnelt, xdesro, Alex Zappa, Richmond Concrete, Alexander Wunschik, Tom, CelineDesign, Nic Chan, Duc Lam, Stephen Bell, Robert Haselbacher, Lene, Brett DeWoody, alistairtweedie, Meta Tier List, Iva Tech, Daniel Saunders, Josh Vickerson, Dan Urbanowicz, dan leatherman, Jens Grochtdreis, CBD Review, Eric Gallager, Softermii, Eric Carlisle, Claus Conrad, Anna E. Cook, David Luhr, Matt Obee, Kiekkotorni - Nikotiinipussit
• 2.0.1-beta.2 - 2023-03-28
  No content.
• 2.0.1-beta.1 - 2023-03-22
  No content.
• 2.0.1-alpha.3 - 2023-03-22
  No content.
• 2.0.1-alpha.2 - 2023-03-17
  No content.
• 2.0.1-alpha.1 - 2023-03-17
  No content.
• 2.0.0 - 2023-02-08
  

  🚨 The full release notes are available on The Eleventy Blog: Eleventy v2.0.0 or you can watch me talk about v2.0 on YouTube.

  Eleventy v2.0.0 is now available! You can try it out now:

  # Local project
  npm install @ 11ty/eleventy@latest

  # Global install
  npm install @ 11ty/eleventy@latest -g

  • Read more about local versus global installation.
  • Watch a short video about 2.0 on YouTube.

  New to Eleventy?

  Eleventy is a flexible and production-ready site generator known for its zero-client JavaScript footprint, speedy sites, speedy builds, and full control over the output. Watch The State of Eleventy in Two Minutes or read more about Eleventy’s project goals.

  The Big Features

  Smaller, More Secure

  • ✅ Dependencies decreased by 32.1%: 211 modules (311 in v1.0.2)
  • ✅ node_modules file weight decreased by 77.8%: 34.3 MB (155 MB in v1.0.2)
  • ✅ 30.5% faster npm install time

  Faster Builds

  • Improved build performance (tested on a sample 500 page site against v1.0.2) using:
    • Liquid: ✅ 18.18% faster
    • Nunjucks: ✅ 17.74% faster
    • Markdown (with Liquid): ✅ 17.95% faster
    • JavaScript (11ty.js): ✅ 8.33% faster
  • --incremental for incremental builds #108
    • Smarter incremental builds with support for layout dependencies, registered dependencies on custom templates, dependencies in pagination data or eleventyImport #975
  • --ignore-initial command line option to skip the first build (best paired with --incremental)
  • Use emulated passthrough copy to serve passthrough files directly without triggering a build (will still work with live reload) #2456

  Plugins

  • Support for WebC, the new single file format for web components
  • Eleventy Edge will render Eleventy templates in an Edge Function for dynamic content (bundled with Eleventy)
  • Eleventy Dev Server replaces Browsersync, adds support for DOM-diffing live reloads. #1305 (bundled with Eleventy)
  • Render Plugin will render any template syntax inside other files (bundled with Eleventy)
  • Internationalization (i18n) Plugin makes it easy to create localized sites (bundled with Eleventy)
  • HTML <base> Plugin makes it easy to deploy your site to any folder path without changing any content (works great with the path prefix feature) (bundled with Eleventy)
  • Support for the Vite plugin

  And more…

  • Support for aliasing to an existing template language #2248
    • This unlocks TypeScript or JSX in Eleventy when you use esbuild-register and alias 11ty.ts or 11ty.tsx to 11ty.js.
  • Event arguments unlock new plugin abilities: dir (input/output/includes/data/layouts locations),
    outputMode (where the templates are going: fs, json, ndjson), runMode (build, watch, or serve), or results for the processed Eleventy output.
  • Memory usage improvements to Pagination

  Breaking Changes

  ⚠️ Rather than review this list, it’d be faster to use the eleventy-upgrade-helper plugin, which runs a suite of tests to see whether or not you need to worry about these breaking changes in your project: https://github.com/11ty/eleventy-upgrade-help

  • Bump minimum Node version to Node 14+ #2336
  • Disable indented code blocks in Markdown by default #2438
  • Both .git and nested node_modules folders are ignored by default (previously we ignored node_modules/**, now **/node_modules/**) #2436
  • Dates will now be stripped from the parent directory for page.fileSlug when the file name is index.*. e.g. YYYY-MM-DD-myslug/index.md has a page.fileSlug of myslug when previously it was YYYY-MM-DD-myslug #1947 #2111
  • Dots in global data file names should be preserved in key name for data cascade #1242 #1912
  • Removes deprecated in v1.0 (and undocumented) renderData feature (use Computed Data instead) #2356
  • Removes pre-processing global JSON data files with a template language #2728
  • Removes --passthroughall command line flag #2682
  • Major dependency bumps:
    • liquidjs from v9 to v10 Release notes #2678
    • luxon from v2 to v3 Release notes
    • markdown-it from v12 to v13 Release notes

  The Small Features

  • Adds support for configuration default file names eleventy.config.js and eleventy.config.cjs in addition to .eleventy.js #1029
  • addShortcode is now async-friendly #2726
  • addFilter is now async-friendly #2536 (also adds an addAsyncFilter API method)
  • File watching:
    • Eleventy Dev Server includes a watch option to trigger live reloads on file changes outside of your Eleventy build. Works great when you’re using a bundler in parallel!
    • Decoupled ignore APIs for template processing (eleventyConfig.ignores) and file watching (eleventyConfig.watchIgnores) #893
  • Access advanced recursive-copy options in passthrough file copy #1686
    • Unlocks passthrough copy with symlinks #530
  • log filter supports chaining #2467
  • Adds new git Created date option #2468
  • Adds options for read and encoding to custom data formats
    • This unlocks using binary files (like images) to populate the Data Cascade

  Even Smaller Features

  • Adds eleventy.env.runMode to global data. #2770
  • setDataFileSuffixes API method to customize Template and Directory data file suffixes (or opt-out of the Template and Directory Data Files feature) #2681
  • Serverless option singleTemplateScope: false simplifies using collections in serverless mode. #2736
  • A variety of bug fixes for --serve issues that required server restarts.
  • Data Consistency:
    • this.page and this.eleventy are now available on Shortcodes, 🆕 Filters, 🆕 Linters, and 🆕 Transforms
    • page and content on Collection entries
  • Adds getCollectionItemIndex universal filter #2676
  • Throw error on circular layout dependencies #2076
  • Plugins can now reference eleventyConfig.pathPrefix #2526
  • generatePageOnEmptyData to generate an empty results page with an empty paginated data set #1698 #756 #731 #2208
  • Creating an empty JSON data file no longer throws an error #2299

  Housekeeping

  • Full issue list: https://github.com/11ty/eleventy/milestone/38?closed=1
  • Full changelog: v1.0.2...v2.0.0

  Thank You Notes

  This project would not be possible without our lovely community. Thank you to everyone that built something with Eleventy (×684 authors on our web site!), wrote a blog post about Eleventy, contributed code, wrote a plugins, helped with documentation, asked questions, answered questions, braved The Leaderboards, participated on Discord, filed issues, attended (or organized!) a meetup, said a kind word on social media ❤️.

  • A huge thank you to Netlify, especially: @ biilmann, Chris Bach, Lauren Sell (alum), and Claire Knight, without whom this release would not have been possible.
  • 🏆 A special thanks to @ pdehaan for their tireless contributions on the Eleventy Issue tracker.
  • Yet more thanks to the all star Discord Moderators and Meetup Coordinators @ BenDMyers, @ clottman, @ dleatherman, @ darthmall, @ nachtfunke, @ siakaramalegos and @ 5t3ph.
  • All of our supporters on Open Collective ❤️
  • Contribute on Open Collective
  • How else can you contribute to Eleventy?

  Pull Requests From

  @ AleksandrHovhannisyan 🆕, @ amareshsm ×2 🆕, @ binyamin, @ DamianOsipiuk 🆕, @ epelc ×2 🆕, @ j-f1 🆕, @ Jaza 🆕, @ kentaroi 🆕, @ kev4ev 🆕, @ LeoSchae 🆕, @ milahu ×3, @ nasivuela 🆕, @ NickColley 🆕, @ NotWoods, @ Obayanju 🆕, @ Snapstromegon ×16 (wow! 🤯), @ TheDocTrier 🆕, @ thinkverse 🆕, @ TigersWay 🆕, @ wes-goulet 🆕, @ mrmartineau 🆕, @ danburzo 🆕

  Read more from the Community

  • New Features and Upgrade Considerations for Eleventy v2.0.0 by @ 5t3ph

  Open Collective Supporters

  • Gold Sponsors: Sanity.io, Nordhealth, CloudCannon, Transloadit
  • Silver Sponsors: Unabridged Software, PQINA, Bejamas, Nathan Smith, Monarch Air Group, Getform.io, Mercury Jets, and OCEG
  • Backers: Tyler Gaw, Ariel Salminen, Peter deHaan, Melanie Sumner, Ben Nash, Alejandro Rodríguez, Mat Marquis, Philip Borenstein, Jérôme Coupé, Nicolas Hoizey, Mike Aparicio, Ben Myers, Katie Sylor-Miller, Mark Buskbjerg, mortendk, Aaron Hans, Lauris Consulting, John Meyerhofer, Todd Libby, Luke Bonaccorsi, shawn j sandy, Jenn Schiffer, Dimitrios Grammatikogiannis, Devin Clark, Eric Bailey, Manuel Matuzovic, Higby, Tim Giles, Kyosuke Nakamura, Horacio Gonzalez, Hans Gerwitz, Makoto Kawasaki, Rob Sterlini, Josh Crain, Nick Nisi, John SJ Anderson, Ryan Swaney, Richard Hemmer, Alistair Shepherd, Flaki, Angelique Weger, John Hall, Scott McCracken, James Steinbach, Miriam Suzanne, Ivo Herrmann, Bentley Davis, vince falconi, Martin Schneider, Stephanie Eckles, Frontend Weekly Tokyo, Chris Burnell, Ximenav Vf., Rich Holman, Kasper Storgaard, Kevin Healy, Dorin Vancea, Greg Gibson, Hidde, Michelle Barker, Alesandro Ortiz, David A. Herron, Paul Robert Lloyd, Andrea Vaghi, Bryan Robinson, Ashur Cabrera, Raymond Camden, John Meguerian, Joe Lamyman, Ara Abcarians, Dan Ryan, Sam, Brett Nelson, Paul Welsh, Ingo Steinke, Melanie Richards, Noel Forte, Marco Zehe, Wes Ruvalcaba, Luc Poupard, Entle Web Solutions, Ken Hawkins, Fershad Irani, Nikita Dubko, Aaron Gustafson, Chris, Christian Miles, Benjamin Geese, Marcus Relacion, Netin nopeustesti, Sia Karamalegos, Raphael Höser, Cthos, Saneef Ansari, Flemming Meyer, Colin Fahrion, Dan Burzo, Jon Kuperman, Michel van der Kroef, Dan Ott, Mobilemall.pk, Cheap VPS, David Darnes, Jon Roobottom, Dana Byerly, Oisín Quinn, Renkaatsopivasti, Windesol Sähkön Kilpailutus, Luke Mitchell, SignpostMarv, THE PADDING, Bob Monsour, Patrick Byrne, zapscribbles, quinnanya, Richmond Insulation, Cory Birdsong, Aram ZS, Frank Reding, Andy Stevenson, HelppoHinta.fi, Robin Rendle, Tanner Dolby, jpoehnelt, Richmond Concrete, Andrew Weisbeck, CelineDesign, Nic Chan, Duc Lam, Alex Zappa, Stephen Bell, xdesro, Alexander Wunschik, alistairtweedie, Tom, Robert Haselbacher, Lene, Brett DeWoody, Meta Tier List, Iva Tech, kylepfeeley, Daniel Saunders, Dan Urbanowicz, dan leatherman, Josh Vickerson, Viewality Media, Aviator Game, Softermii, Eric Carlisle, Claus Conrad, Eric Gallager, Matt Obee, CBD Review
• 2.0.0-canary.35 - 2023-01-30
  No content.
• 2.0.0-canary.34 - 2023-01-26
  No content.
• 2.0.0-canary.33 - 2023-01-18
• 2.0.0-canary.32 - 2023-01-18
• 2.0.0-canary.31 - 2023-01-17
• 2.0.0-canary.30 - 2023-01-13
• 2.0.0-canary.29 - 2023-01-10
• 2.0.0-canary.28 - 2023-01-10
• 2.0.0-canary.27 - 2023-01-09
• 2.0.0-canary.26 - 2023-01-09
• 2.0.0-canary.25 - 2023-01-06
• 2.0.0-canary.24 - 2023-01-05
• 2.0.0-canary.23 - 2022-12-22
• 2.0.0-canary.22 - 2022-12-22
• 2.0.0-canary.21 - 2022-12-21
• 2.0.0-canary.20 - 2022-12-16
• 2.0.0-canary.19 - 2022-12-16
• 2.0.0-canary.18 - 2022-11-19
• 2.0.0-canary.17 - 2022-11-17
• 2.0.0-canary.16 - 2022-09-23
• 2.0.0-canary.15 - 2022-08-19
• 2.0.0-canary.14 - 2022-07-27
• 2.0.0-canary.13 - 2022-07-15
• 2.0.0-canary.12 - 2022-06-27
• 2.0.0-canary.11 - 2022-05-13
• 2.0.0-canary.10 - 2022-05-12
• 2.0.0-canary.9 - 2022-05-06
• 2.0.0-canary.8 - 2022-04-20
• 2.0.0-canary.7 - 2022-04-20
• 2.0.0-canary.6 - 2022-04-19
• 2.0.0-canary.5 - 2022-04-15
• 2.0.0-canary.4 - 2022-03-17
• 2.0.0-canary.3 - 2022-03-10
• 2.0.0-canary.2 - 2022-03-09
• 2.0.0-canary.1 - 2022-03-08
• 2.0.0-beta.3 - 2023-01-30
  

  What's Changed

  • Fixes serverlessFilePath is not defined (2.0.0-beta.2) #2782 by @ mrmartineau in #2783

  New Contributors

  • @ mrmartineau made their first contribution in #2783

  Full Changelog: v2.0.0-beta.2...v2.0.0-beta.3

• 2.0.0-beta.2 - 2023-01-26
• 2.0.0-beta.1 - 2023-01-18
• 1.0.2 - 2022-08-16

from @11ty/eleventy GitHub release notes

---

Important

• Warning: This PR contains a major version upgrade, and may be a breaking change.
• Check the changes in this PR to ensure they won't cause issues with your project.
• This PR was automatically created by Snyk using the credentials of a real user.
• Max score is 1000. Note that the real score may have changed since the PR was raised.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

• 🧐 View latest project report
• 📜 [Customise PR templates](https://do...

[socket-security]

New and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package	New capabilities	Transitives	Size	Publisher
npm/@11ty/[email protected]	environment, filesystem, unsafe Transitive: eval, network, shell	+194	25.6 MB	zachleat

🚮 Removed packages: npm/@11ty/[email protected]

View full report↗︎

[rizwan-r-r]

❌ Deploy Preview for lucky-pavlova-6423b3 failed. Why did it fail? →

Name	Link
🔨 Latest commit	0b70c2a
🔍 Latest deploy log	https://app.netlify.com/sites/lucky-pavlova-6423b3/deploys/66759c87ca3a530008b5ab29