Skip to content

[Snyk] Upgrade flexsearch from 0.7.43 to 0.8.105 #153

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
josecelano wants to merge 1 commit into
base: develop
Choose a base branch
from
Open

[Snyk] Upgrade flexsearch from 0.7.43 to 0.8.105 #153

josecelano wants to merge 1 commit into from

Conversation

@josecelano
Copy link
Member

@josecelano josecelano commented Apr 11, 2025

snyk-top-banner

Snyk has created this PR to upgrade flexsearch from 0.7.43 to 0.8.105.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

  • The recommended version is 4 versions ahead of your current version.

  • The recommended version was released 23 days ago.

Release notes
Package name: flexsearch
  • 0.8.105 - 2025-03-19
  • 0.8.103 - 2025-03-17
  • 0.8.1 - 2025-03-17
    • Resolver Support for Documents
    • Asynchronous Runtime Balancer, new option priority
    • Export/Import Worker Indexes + Document Worker, new extern config options export and import
    • Improved interoperability of the different build packages, including source folder
    • Support custom filter function for encoder (stop-word filter)
  • 0.8.0 - 2025-03-17
    • Persistent indexes support for: IndexedDB (Browser), Redis, SQLite, Postgres, MongoDB, Clickhouse
    • Enhanced language customization via the new Encoder class
    • Result Highlighting
    • Query performance achieve results up to 4.5 times faster compared to the previous generation v0.7.x by also improving the quality of results
    • Enhanced support for larger indexes or larger result sets
    • Improved offset and limit processing achieve up to 100 times faster traversal performance through large datasets
    • Support for larger In-Memory index with extended key size (the defaults maximum keystore limit is: 2^24)
    • Greatly enhanced performance of the whole text encoding pipeline
    • Improved indexing of numeric content (Triplets)
    • Intermediate result sets and Resolver
    • Basic Resolver: and, or, xor, not, limit, offset, boost, resolve
    • Improved charset collection
    • New charset preset soundex which further reduces memory consumption by also increasing "fuzziness"
    • Performance gain when polling tasks to the index by using "Event-Loop-Caches"
    • Up to 100 times faster deletion/replacement when not using the additional "fastupdate" register
    • Regex Pre-Compilation (transforms hundreds of regex rules into just a few)
    • Extended support for multiple tags (DocumentIndex)
    • Custom Fields ("Virtual Fields")
    • Custom Filter
    • Custom Score Function
    • Added French language preset (stop-word filter, stemmer)
    • Enhanced Worker Support
    • Export / Import index in chunks
    • Improved Build System + Bundler (Supported: CommonJS, ESM, Global Namespace), also the import of language packs are now supported for Node.js
    • Full covering index.d.ts type definitions
    • Fast-Boot Serialization optimized for Server-Side-Rendering (PHP, Python, Ruby, Rust, Java, Go, Node.js, ...)
  • 0.7.43 - 2024-01-10
from flexsearch GitHub release notes

Important

  • Check the changes in this PR to ensure they won't cause issues with your project.
  • This PR was automatically created by Snyk using the credentials of a real user.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

@snyk-bot
fix: upgrade flexsearch from 0.7.43 to 0.8.105
26aff6e 
Snyk has created this PR to upgrade flexsearch from 0.7.43 to 0.8.105.

See this package in npm:
flexsearch

See this project in Snyk:
https://app.snyk.io/org/josecelano/project/2e0ba13c-7992-4050-8237-1bcee5839d90?utm_source=github&utm_medium=referral&page=upgrade-pr
@josecelano josecelano mentioned this pull request Dec 21, 2025
Merged
josecelano added a commit that referenced this pull request Dec 21, 2025
@josecelano
Merge #160: chore: update dependencies and fix Svelte 5 reactivity wa…
d78a5ab 
…rnings

4170be6 chore: update generated blog metadata (Jose Celano)
f958b4b fix: move ignores to separate config object in eslint (Jose Celano)
cf5b576 style: fix prettier formatting issues (Jose Celano)
a2eef1c chore: suppress intentional Toc.svelte warning in build output (Jose Celano)
b214c48 fix: add prerender flag to api endpoint (Jose Celano)
2d8a073 fix: resolve Svelte 5 reactivity warnings (Jose Celano)
337f6ec chore: update dependencies (Jose Celano)

Pull request description:

  ## Summary

  This PR updates npm dependencies and resolves Svelte 5 reactivity warnings across the codebase.

  ## Changes

  ### Dependency Updates
  - Updated 171 packages via `npm update`
  - Major updates include esbuild, Babel packages, and various @sveltejs packages
  - Security: 36 vulnerabilities remain (primarily in vite-plugin-imagemin dependency chain)

  ### Svelte 5 Reactivity Fixes
  Fixed 41 reactivity warnings by properly using `$derived()` rune for prop-dependent computed values:
  - Updated 9 component files (Button, Cards, RelatedCard, TagCard, BlogPostCard, BlogPreview, CodeBlock, RelatedPostCard, molecule TagCard)
  - Updated 21 blog post pages
  - Refactored blog list page filtering to use reactive patterns
  - Updated contributor layout

  **Note:** One intentional warning remains in Toc.svelte where the selector is intentionally captured at initialization time for the @melt-ui/svelte library.

  ## Testing

  - ✅ `npm run check` passes (0 errors, 1 documented warning)
  - ✅ `npm run dev` runs with clean output
  - ⚠️ Pre-existing build error with /api route (unrelated to these changes)

  ## Additional Notes

  See open Snyk PRs (#154, #153, #149, #148, #97) for additional dependency updates that require manual package.json modifications.

ACKs for top commit:
  josecelano:
    ACK 4170be6

Tree-SHA512: 196a544297e140a680e5bb84fdea5c5fcc62a5a994870be50a3eb30844f4c29025a040d852b9e3de56e15da698345a144ce70a1ec7b1382bb096a01db5c71b2e
@josecelano josecelano mentioned this pull request Dec 21, 2025
Open
9 tasks
@josecelano
Copy link
Member Author

josecelano commented Dec 21, 2025

This PR is being kept open for reference, but the actual work to update flexsearch will be tracked in issue #161.

⚠️ Note: This is a major version update (0.7 → 0.8) with breaking changes that require code modifications and testing of the search functionality.

See #161 for detailed implementation plan and checklist.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@josecelano @snyk-bot