[Snyk] Upgrade solid-js from 1.3.17 to 1.9.6

[sumansaurabh]

User description

Snyk has created this PR to upgrade solid-js from 1.3.17 to 1.9.6.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 109 versions ahead of your current version.

• The recommended version was released a month ago.

Issues fixed by the recommended upgrade:

	Issue	Score	Exploit Maturity
	Cross-site Scripting (XSS) SNYK-JS-SOLIDJS-8743940	576	Proof of Concept

Release notes

Package name: solid-js

• 1.9.6 - 2025-05-01
  No content.
• 1.9.5 - 2025-02-21
  No content.
• 1.9.4 - 2025-01-07
  No content.
• 1.9.3 - 2024-10-22
  No content.
• 1.9.2 - 2024-10-07
• 1.9.1 - 2024-09-25
• 1.9.0 - 2024-09-24
• 1.8.23 - 2024-09-23
• 1.8.22 - 2024-08-27
• 1.8.21 - 2024-08-13
• 1.8.20 - 2024-08-08
• 1.8.19 - 2024-07-24
• 1.8.18 - 2024-06-28
• 1.8.17 - 2024-04-22
• 1.8.16 - 2024-03-19
• 1.8.15 - 2024-02-14
• 1.8.14 - 2024-02-05
• 1.8.13 - 2024-02-05
• 1.8.12 - 2024-01-23
• 1.8.11 - 2024-01-12
• 1.8.10 - 2024-01-09
• 1.8.9 - 2024-01-08
• 1.8.8 - 2024-01-03
• 1.8.7 - 2023-12-01
• 1.8.6 - 2023-11-22
• 1.8.5 - 2023-10-30
• 1.8.4 - 2023-10-26
• 1.8.3 - 2023-10-18
• 1.8.2 - 2023-10-18
• 1.8.1 - 2023-10-10
• 1.8.0 - 2023-10-09
• 1.8.0-beta.2 - 2023-10-09
• 1.8.0-beta.1 - 2023-10-04
• 1.8.0-beta.0 - 2023-09-28
• 1.7.12 - 2023-09-18
• 1.7.11 - 2023-08-10
• 1.7.10 - 2023-08-09
• 1.7.9 - 2023-08-04
• 1.7.8 - 2023-07-11
• 1.7.7 - 2023-06-26
• 1.7.6 - 2023-05-31
• 1.7.5 - 2023-05-06
• 1.7.4 - 2023-05-01
• 1.7.3 - 2023-04-07
• 1.7.2 - 2023-04-04
• 1.7.1 - 2023-04-02
• 1.7.0 - 2023-03-30
• 1.7.0-beta.5 - 2023-03-27
• 1.7.0-beta.4 - 2023-03-23
• 1.7.0-beta.3 - 2023-03-21
• 1.7.0-beta.2 - 2023-03-20
• 1.7.0-beta.1 - 2023-03-17
• 1.7.0-beta.0 - 2023-02-17
• 1.6.16 - 2023-03-27
• 1.6.15 - 2023-03-16
• 1.6.14 - 2023-03-11
• 1.6.13 - 2023-03-09
• 1.6.12 - 2023-03-06
• 1.6.11 - 2023-02-14
• 1.6.10 - 2023-01-31
• 1.6.9 - 2023-01-13
• 1.6.8 - 2023-01-05
• 1.6.7 - 2023-01-04
• 1.6.6 - 2022-12-21
• 1.6.5 - 2022-12-13
• 1.6.4 - 2022-12-09
• 1.6.3 - 2022-12-07
• 1.6.2 - 2022-11-11
• 1.6.1 - 2022-10-30
• 1.6.0 - 2022-10-20
• 1.6.0-beta.4 - 2022-10-19
• 1.6.0-beta.3 - 2022-10-18
• 1.6.0-beta.2 - 2022-10-17
• 1.6.0-beta.1 - 2022-10-17
• 1.6.0-beta.0 - 2022-10-16
• 1.5.9 - 2022-10-17
• 1.5.8 - 2022-10-17
• 1.5.7 - 2022-09-29
• 1.5.6 - 2022-09-22
• 1.5.5 - 2022-09-15
• 1.5.4 - 2022-09-02
• 1.5.3 - 2022-08-31
• 1.5.2 - 2022-08-29
• 1.5.1 - 2022-08-26
• 1.5.0 - 2022-08-26
• 1.5.0-beta.7 - 2022-08-25
• 1.5.0-beta.6 - 2022-08-24
• 1.5.0-beta.5 - 2022-08-19
• 1.5.0-beta.4 - 2022-08-15
• 1.5.0-beta.3 - 2022-08-09
• 1.5.0-beta.2 - 2022-08-02
• 1.5.0-beta.1 - 2022-07-21
• 1.5.0-beta.0 - 2022-07-17
• 1.4.8 - 2022-07-24
• 1.4.7 - 2022-07-07
• 1.4.6 - 2022-07-03
• 1.4.5 - 2022-06-28
• 1.4.4 - 2022-06-10
• 1.4.3 - 2022-05-26
• 1.4.2 - 2022-05-19
• 1.4.1 - 2022-05-14
• 1.4.0 - 2022-05-12
• 1.4.0-beta.6 - 2022-05-11
• 1.4.0-beta.5 - 2022-05-09
• 1.4.0-beta.4 - 2022-05-09
• 1.4.0-beta.3 - 2022-05-08
• 1.4.0-beta.2 - 2022-05-07
• 1.4.0-beta.1 - 2022-05-03
• 1.4.0-beta.0 - 2022-05-02
• 1.3.17 - 2022-04-25

from solid-js GitHub release notes

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• This PR was automatically created by Snyk using the credentials of a real user.
• Max score is 1000. Note that the real score may have changed since the PR was raised.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

• 🧐 View latest project report
• 📜 Customise PR templates
• 🛠 Adjust upgrade PR settings
• 🔕 Ignore this dependency or unsubscribe from future upgrade PRs

---

Description

• Upgraded solid-js from version 1.3.17 to 1.9.6 to address vulnerabilities and improve performance.
• Added new dependencies csstype and seroval to support the upgraded version.
• Updated package files to reflect the new dependency versions and their integrity.

---

Changes walkthrough 📝

Relevant files

Dependencies

package-lock.json Upgrade `solid-js` dependency to version 1.9.6                      frameworks/hello-world-solidjs/webview-ui/package-lock.json Upgraded solid-js from version 1.3.17 to 1.9.6. Added new dependencies: csstype and seroval with their respective versions. Updated integrity hashes for the new version of solid-js. +61/-7    package.json Update `solid-js` version in package.json                                frameworks/hello-world-solidjs/webview-ui/package.json Updated solid-js dependency version from 1.3.13 to 1.9.6. +1/-1

---

💡 Penify usage:
Comment /help on the PR to get a list of all available Penify tools and their descriptions

[penify-dev]

PR Review 🔍

⏱️ Estimated effort to review [1-5]	2, because the changes are primarily version upgrades in the package-lock and package.json files, which are straightforward to review.
🧪 Relevant tests	No
⚡ Possible issues	No
🔒 Security concerns	No

[penify-dev]

PR Code Suggestions ✨

Category	Suggestion	Score
Security	Check the integrity hashes of new packages for security Review the integrity hashes of the new packages to ensure they have not been tampered with. frameworks/hello-world-solidjs/webview-ui/package-lock.json [366] -"integrity": "sha512-RbcPH1n5cfwKrru7v7+zrZvjLurgHhGyso3HTyGtRivGWgYjbOmGuivCQaORNELjNONoK35nj28EoWul9sb1zQ==" +"integrity": "sha512-RbcPH1n5cfwKrru7v7+zrZvjLurgHhGyso3HTyGtRivGWgYjbOmGuivCQaORNELjNONoK35nj28EoWul9sb1zQ== // Review integrity Suggestion importance[1-10]: 8 Why: This suggestion is crucial for security, as it emphasizes the importance of verifying integrity hashes to prevent tampering.	8
	Ensure new dependencies do not introduce vulnerabilities Validate that the new dependencies added do not introduce vulnerabilities or conflicts. frameworks/hello-world-solidjs/webview-ui/package-lock.json [363] -"node_modules/seroval": { +"node_modules/seroval": { // Validate for vulnerabilities Suggestion importance[1-10]: 5 Why: The suggestion is valid but lacks specificity regarding how to validate for vulnerabilities, making it less actionable.	5
Breaking changes	Review breaking changes in the updated version of the library Consider checking for any breaking changes in solid-js from version 1.3.17 to 1.9.6 that might affect your application. frameworks/hello-world-solidjs/webview-ui/package-lock.json [12] -"solid-js": "^1.9.6" +"solid-js": "^1.9.6" // Check for breaking changes Suggestion importance[1-10]: 7 Why: This suggestion is relevant as it addresses potential breaking changes, but it lacks a specific recommendation on how to check for those changes.	7
Compatibility	Verify compatibility of the new version with existing dependencies Ensure that the version of solid-js is compatible with other dependencies to avoid potential conflicts. frameworks/hello-world-solidjs/webview-ui/package-lock.json [12] -"solid-js": "^1.9.6" +"solid-js": "^1.9.6" // Ensure compatibility with other dependencies Suggestion importance[1-10]: 6 Why: While ensuring compatibility is important, the suggestion does not provide a specific action to take and is somewhat vague.	6