[Snyk] Upgrade gsap from 3.12.5 to 3.13.0 #61
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Snyk has created this PR to upgrade gsap from 3.12.5 to 3.13.0. See this package in npm: gsap See this project in Snyk: https://app.snyk.io/org/nerds-github/project/128fa64f-2492-4d35-adcb-b5c6f29c1150?utm_source=github&utm_medium=referral&page=upgrade-pr
Reviewer's GuideUpgrades the GSAP dependency from v3.12.5 to v3.13.0 by updating the version specifier and regenerating the lockfile to incorporate security fixes and new features. File-Level Changes
Tips and commandsInteracting with Sourcery
Customizing Your ExperienceAccess your dashboard to:
Getting Help
|
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Snyk has created this PR to upgrade gsap from 3.12.5 to 3.13.0.
ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
The recommended version is 3 versions ahead of your current version.
The recommended version was released 2 months ago.
Issues fixed by the recommended upgrade:
SNYK-JS-CROSSSPAWN-8303230
SNYK-JS-MICROMATCH-6838728
SNYK-JS-NANOID-8492085
SNYK-JS-BRACEEXPANSION-9789073
Release notes
Package name: gsap
-
3.13.0 - 2025-04-30
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
3.12.7 - 2025-01-15
-
-
-
3.12.6 - 2025-01-15
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
3.12.5 - 2024-01-18
-
-
-
-
-
-
-
-
-
-
-
-
-
-
from gsap GitHub release notesNEW: Thanks to Webflow, GSAP is now 100% FREE including ALL of the bonus plugins like SplitText, MorphSVG, and all the others that were exclusively available to Club GSAP members. That's right - the entire GSAP toolset is FREE, even for commercial use! 🤯 So now the public repository has all of the bonus plugins. You can read more about this on Webflow's blog: https://webflow.com/blog/gsap-becomes-free
NEW: SplitText was completely rewritten, 50% smaller and 14 new features. There were a few VERY uncommon breaking changes. See https://gsap.com/blog/3-13 for details.
NEW: you can animate a CSS value to something like "var(--my-variable)".
IMPROVED: if you set the "ignore" property of an Observer, it now ignores descendants of those elements too.
IMPROVED: modifiers plugin and endArray plugin will work even in headless environments (where there's no "window" defined). See https://gsap.com/community/forums/topic/44301-nodejs-gsap-modifiers/
IMPROVED: GSDevTools has the new GSAP branding.
FIXED: if you use Pixi.js version 8+ and attempted to animate more than one filter on an element, PixiPlugin could throw an error.
FIXED: if you try to Flip an element that's in the shadowRoot (like in a Web Component), it may not calculate the position correctly. See https://gsap.com/community/forums/topic/44135-gsap-web-components/
FIXED: drawSVG may appear to jump near the very end or start if the path is adequately short or uses very small numbers. See https://gsap.com/community/forums/topic/44072-drawsvg-on-mask-issue/
FIXED: if you Flip an element that has transforms applied only via a CSS rule (not via GSAP or inline), it may not interpret it correctly. See https://gsap.com/community/forums/topic/44321-bug-on-fixed-position-using-flip/
FIXED: if you change the timeScale of a timeline that has a cached duration value, it may incorrectly calculate the time. See https://gsap.com/community/forums/topic/44232-if-globaltimelinetimescale-is-set-immediately-after-timeline-played-the-start-of-the-animation-will-be-delayed/
FIXED: typo in the gsap.utils.mapRange() method. See #615
FIXED: a Flip.fit() with a duration set may immediately apply the extra props. See https://gsap.com/community/forums/topic/44398-flipfit-props-not-transitioning/
FIXED: regression in 3.12.6 that could cause a ScrollTrigger on an animation with immediateRender: false not to initialize with the correct value. See https://gsap.com/community/forums/topic/44387-initial-states-of-fromto-tweens-in-a-scrolltrigger/
FIXED: if the playhead of a repeated animation traveled from the very start all the way past the first iteration, its onStart wouldn't be called. See https://gsap.com/community/forums/topic/44466-onstart-not-called-when-on-low-fps/
FIXED: from() and fromTo() tweens inside a timeline that hasn't been rendered yet but gets reverted wouldn't have their initial (immediateRender) values reverted. This manifested in ScrollTriggered timelines that had from() tweens and invalidateOnRefresh: true not being rendered correctly. See https://gsap.com/community/forums/topic/44365-how-to-properly-clear-cached-tweens-after-resize/
FIXED: regression in 3.12.6 that set pointer-events: none on ScrollTrigger pin spacers which caused descendents to stop responding to clicks and other pointer events.
FIXED: regression in 3.12.6 that could throw an error if you don’t pass a vars/config object to Flip.fit().
IMPROVED: if you set immediateRender: true on a motionPath tween, it'll force the initial render to put that element on the path right away.
IMPROVED: ScrollTrigger.sort() uses a better default algorithm that prioritizes the vertical position of the trigger element instead of the calculated start position of the ScrollTrigger. See https://gsap.com/community/forums/topic/40584-scrolltriggerrefresh-doesnt-do-anything-after-pinned-sections-are-dynamically-loaded/
IMPROVED: TypeScript definition for MotionPathPlugin, like for allowing strings in the Array-based syntax, like [{x: "100vw"}] and function-based values for start/end. See https://gsap.com/community/forums/topic/40894-typescript-errors-for-start-and-end-fields-for-motionpath/ and #578
IMPROVED: you can pass true to ScrollTrigger.refresh(true) to have it do a "safe" refresh, meaning that if the page is in the middle of scrolling, it'll wait until it's done before doing the refresh. That way, it won't kill an in-progress momentum scroll. See https://gsap.com/community/forums/topic/40935-gsap-scrolltrigger-start-position-breaks-on-dom-changes/
IMPROVED: added pointer-events: none to pin spacer elements that ScrollTrigger creates which helps work around a Chrome browser bug.
IMPROVED: Expo ease was enhanced to eliminate the possible jump at the very end. See https://gsap.com/community/forums/topic/25331-weird-jump-at-end-of-tween-with-expoout-ease/
FIXED: if you set a zIndex on a Flip.fit(), it works now.
FIXED: reading transform-related properties on a position: fixed element that has no transforms applied could result in the element getting temporarily added to the DOM at the root which could cause iframe content to reload, like a Vimeo video. See https://gsap.com/community/forums/topic/39645-flip-with-iframe-causes-iframe-to-rerender/
FIXED: repeatRefresh may not actually refresh in a very rare condition (regression in 3.12.3).
FIXED: if you use special characters like >,<, &, etc. in a TextPlugin tween on an SVG element, those characters could get replaced with the HTML code (like > for >). See https://gsap.com/community/forums/topic/35550-handwritng-and-typewriter-animation-on-path-in-svg/
FIXED: if you gsap.registerPlugin(ScrollTrigger) in an SSR framework like Next.js, it could complain that a style attribute was added to the document.body. That's removed now.
FIXED: if you set a non-zero stagger value in gsap.defaults() (which is a very strange thing to do), it could throw an error when creating a gsap.quickTo().
FIXED: repeatRefresh is in the TypeScript definitions now for staggers. See #595
FIXED: on a motionPath tween, if you use an Array-based path with targets that have a "style" property but are NOT DOM nodes, and the properties have names that are transform-related like x, y, scaleX, scaleY, etc., it could throw errors. See https://gsap.com/community/forums/topic/40023-motionpath-plugin-problem/
FIXED: if you navigate back to a page that then reuses the same ScrollTrigger instance (like a React routing change), a timeline that has a scrubbed ScrollTrigger may not render the playhead at the right in-progress spot. See https://gsap.com/community/forums/topic/39982-scrolltrigger-breaks-when-navigating-back-usegsap-react-react-router/
FIXED: on an Observer, if you set passive: false that may be ignored unless preventDefault is true. This is fixed now.
FIXED: ScrollTriggers with a containerAnimation may not refresh their start/end values correctly if ScrollSmoother is used or ScrollTrigger.sort() is called. See https://gsap.com/community/forums/topic/37419-horizontal-scroll-resize/
FIXED: on a tween with repeatRefresh: true, it may skip the refreshing of values if the parent playhead lands beyond where the repeat spot is, but by less than 0.000001 seconds (exceedingly rare!).
FIXED: if you do a .from() animation of borderRadius using a unit of "rem", it may jump a bit at the very end of the tween. See https://gsap.com/community/forums/topic/40096-scroll-trigger-auto-scroll-back-and-animation-over-shoot/
FIXED: if you revert() a gsap.context() that has a ScrollTrigger with a scroller that's not the window, it could cause snapping to no longer function. This affects the @ gsap/react package's useGSAP() hook too. See https://gsap.com/community/forums/topic/40198-snapping-breaks-when-re-rendering-in-react/
FIXED: if you set once: true on the first ScrollTrigger (in terms of refreshPriority order) and it activates on page load (meaning its start is smaller than the page's current scroll position), it could throw an error. See https://gsap.com/community/forums/topic/40242-scrolltriggerbatch-bug-with-once-scrolltriggers/
FIXED: if you set a minimumMovement on a Draggable of type: "rotation", it would interpret it in degrees rather than pixels, and a minimumMovement of 0 would actually default to 2 (degrees).
FIXED: worked around an odd behavior in Firefox where the browser would fire pointermove events without the pointer moving at all which affected Observer's lockAxis behavior and it could prematurely fire an onDrag, etc.
FIXED: if you kill() a completed tween that has a ScrollTrigger, it may not also kill the ScrollTrigger. See https://gsap.com/community/forums/topic/40359-gsap-kill-doesnt-stop-scrolltrigger-onupdate-from-running/
FIXED: extremely rare edge case where a lazy-initted tween is initially set to render at a non-zero time but before that lazy tween renders lazily, a render is triggered at a time of 0, it could end up rendering at the wrong time (the lazy-initted one instead of the slightly later render).
FIXED: orientation changes didn't properly trigger a ScrollTrigger.refresh(), so the start/end values of ScrollTriggers could be inaccurate after an orientation change. See https://gsap.com/community/forums/topic/40713-scrolltriggers-are-positioned-wrong-after-orientation-change/
FIXED: an Observer may fire an onDrag() AFTER the onDragEnd() if debounce is true, but now it'll make sure it fires it BEFORE the onDragEnd(). Also, with debounce: false, an onDrag() could fire before the onDragStart(). See https://gsap.com/community/forums/topic/40909-observer-ondrag-firing-after-ondragend/
FIXED: in a very uncommon scenario, creating ScrollTriggers inside a DOMContentLoaded event might cause the start/end values to be miscalculated. See https://gsap.com/community/forums/topic/41267-scrolltrigger-breaks-on-refresh-when-using-domcontentloaded/
FIXED: MotionPathHelper.editPath() may throw an error if you add an anchor to a path that has MULTIPLE segments (more than one "M" command).
FIXED: if you apply a snap to a ScrollTrigger that has a non-scrubbing animation, and the start is at 0 or less, it might restart the animation after the snap duration elapses on page load.
FIXED: if you remove() an animation from a timeline that was NOT its parent, it could cause an error.
FIXED: if you call CustomEase.get() in an SSR environment before the window object is defined, it could throw an error. See https://gsap.com/community/forums/topic/42510-gsapregisterplugin-in-nodejs-server/
FIXED: some links in the TypeScript definitions file were incorrect since the gsap.com site launch.
FIXED: in very rare cases, a CustomEase might end at something like 0.999999999 instead of 1 progress-wise (so values wouldn't quite land at the destination). That's resolved now.
FIXED: if you clearProps on a target that contains individual transform component values applied in a CSS rule (like translate, rotate, or scale), it may not properly clear the transform. See https://gsap.com/community/forums/topic/43073-separate-transform-properties-like-rotate-and-scale-behave-differently-then-a-combined-transform/
FIXED: regression in Flip.fit() could cause the width/height of the initial state not to be factored in, but only if there was a non-zero duration.
FIXED: an Angular issue related to SVG elements that return an empty getBBox() which could cause an error due to the temporary reparenting and re-assigning the getBBox() method itself inside GSAP. See https://gsap.com/community/forums/topic/42859-gsap-321-override-of-the-svg-api-method-getbbox-removes-angular-dblclick-binding-from-dom-element/
FIXED: if you disable() and then change the scroll position and then enable() an Observer, on the next scroll it could factor in the pre-disabled scroll position in the calculations, thus firing an onDown() or onUp() (for example) incorrectly.
FIXED: if you restart() a zero-duration timeline that has an onComplete which already fired, it will fire that again after the restart(). See #604
FIXED: zero-duration tweens wouldn't resolve then() Promises. See #590
FIXED: TypeScript definition for getById() allows for undefined as a return type. See #589
FIXED: ScrollSmoother doesn't set overscroll-behavior: none on the HTML/BODY anymore due to a Safari bug that caused that to stop the page from scrolling at all. See https://gsap.com/community/forums/topic/43802-loading-maps-api-scrollsmoother-in-safari-173-breaks-mousewheel-scroll-for-the-page/
FIXED: PixiPlugin better accommodates the changes in Pixi.js version 7+, like fillColor and strokeColor. See #580
IMPROVED: ScrollTrigger's ignoreMobileResize is true by default now because a few versions back we switched to calculating the window height based on 100vh instead of window.innerHeight, so it really isn't necessary to force a .refresh() on mobile resize (address bar showing/hiding). This change improves performance on mobile devices because it skips the expensive refresh() when the address bar shows/hides.
IMPROVED: removed a DisplayObject check in PixiPlugin so that it's more compatible with the upcoming release of Pixi.js version 8. See #561
IMPROVED: the anticipatePin feature works when scrolling in either direction (previously it worked when scrolling forward only). See https://gsap.com/community/forums/topic/39521-anticipatepin-in-reverse/
FIXED: regression in 3.12.3 could cause a ScrollTrigger that has a numeric scrub value and a snap to prematurely jump to the final progress value when the snap finished rather than waiting for the scrub to finish. See https://gsap.com/community/forums/topic/39363-scrolltrigger-scrub-clip-path-flicker-when-scroll-back/ and #567
FIXED: regression in 3.12.3 could cause a tween with repeatRefresh: true AND a non-zero repeatDelay not to refresh. See https://codepen.io/GreenSock/pen/yLwLgNQ/db88d564d6308b9fcff7b65efb95febf?editors=1010
FIXED: if you set a ScrollSmoother's effects() in a delayed fashion (after two ticks elapse after page load), it may not calculate offsets properly. See https://gsap.com/community/forums/topic/39380-scroll-smoother-effects-targets-jump-on-effectstrue/
FIXED: regression in 3.12.3: if the playhead lands exactly on top of the yoyo position of a keyframed tween, it may render at the state before the animation started (just for 1 tick). See #558
FIXED: if you set invalidateOnRefresh: true on a ScrollTrigger that's attached to a .fromTo() tween, it may not render at the initial state on refresh(). See https://gsap.com/community/forums/topic/39386-svgdraw-window-resize-issues/
FIXED: if you create a gsap.matchMedia() inside a gsap.context() and then revert() that Context, it may not clear out non-matching media queries (they may fire again when matching). See https://gsap.com/community/forums/topic/39481-pin-spacer-is-double-the-height-it-should-be-after-window-resize/
FIXED: if the system clock changes backwards to an earlier time, it could cause animations to stop. See #568
FIXED: if a flexbox child is pinned by ScrollTrigger and pinSpacing is false, flex-basis is now set to the pixel height/width of the element to avoid common layout problems.
FIXED: missing TypeScript parameter for ScrollTrigger.clearScrollMemory(). See #571
FIXED: if you set a default stagger value via gsap.defaults(), it could cause an error in ScrollTrigger if you create one with a numeric scrub. See https://gsap.com/community/forums/topic/39600-scrolltrigger-numeric-scrub-throws-console-errors-in-gsap-core-cannot-read-properties-of-undefined-reading-totalprogress/
FIXED: if a motionPath tween had a start or end value that wraps around and would land precisely on an anchor point that is not at the very start or end of a path, it could render incorrectly. See https://gsap.com/community/forums/topic/39594-why-are-content-1-and-content-2-overlaped-also-what-is-the-best-way-to-add-a-timeline-to-a-main-tween-or-timeline/
Important
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.
For more information:
Summary by Sourcery
Upgrade GSAP dependency from 3.12.5 to 3.13.0 to address security vulnerabilities and adopt the latest improvements.
Bug Fixes:
Build: