jetstream icon indicating copy to clipboard operation
jetstream copied to clipboard

Published 20 hours ago verified publisher icon jetstreamapp

Bump the npm_and_yarn group across 2 directories with 24 updates

Open dependabot[bot] opened this issue 1 year ago • 2 comments

Bumps the npm_and_yarn group with 19 updates in the / directory:

Package From To
@grpc/grpc-js 1.10.6 1.10.9
axios 1.6.8 1.7.0
quill 1.3.7 2.0.0
socket.io 4.5.1 4.6.2
postcss 8.4.38 8.4.39
vite 5.1.4 5.1.7
@adobe/css-tools 4.2.0 4.4.0
@sideway/formula 3.0.0 3.0.1
braces 3.0.2 3.0.3
ejs 3.1.8 3.1.10
get-func-name 2.0.0 2.0.2
http-cache-semantics 4.1.0 4.1.1
loader-utils 1.4.0 1.4.2
semver 5.7.1 5.7.2
tar 6.1.15 6.2.1
terser 5.14.1 5.31.2
webpack-dev-middleware 5.3.3 5.3.4
word-wrap 1.2.3 1.2.5
ws 6.2.2 6.2.3

Bumps the npm_and_yarn group with 8 updates in the /apps/docs directory:

Package From To
express 4.18.2 4.19.2
postcss 8.4.27 8.4.39
@babel/traverse 7.22.8 7.24.8
braces 3.0.2 3.0.3
follow-redirects 1.15.2 1.15.6
terser 5.19.2 5.31.2
webpack-dev-middleware 5.3.3 5.3.4
ws 7.5.9 7.5.10

Updates @grpc/grpc-js from 1.10.6 to 1.10.9

Release notes

Sourced from @​grpc/grpc-js's releases.

@​grpc/grpc-js 1.10.9

  • Avoid buffering significantly more than grpc.max_receive_message_size per received message.

@​grpc/grpc-js 1.10.8

  • Fix a bug that caused channels with unix: targets to not reconnect after the channel goes idle (#2750)

@​grpc/grpc-js 1.10.7

  • Improve reporting of HTTP error codes (#2723)
  • Update dependency on @grpc/proto-loader to the latest version (#2732)
Commits
  • 674f4e3 Merge pull request from GHSA-7v5v-9h63-cj86
  • 7ecaa2d grpc-js: Bump to 1.10.9
  • e64d816 grpc-js: Avoid buffering significantly more than max_receive_message_size per...
  • 45e5fe5 Merge pull request #2750 from murgatroid99/grpc-js_idle_uds_fix
  • 87a3541 grpc-js: Fix UDS channels not reconnecting after going idle
  • 3105791 Merge pull request #2740 from sergiitk/backport-1.10-psm-interop-common-prod-...
  • fec135a Merge pull request #2729 from sergiitk/psm-interop-common-prod-tests
  • 76fe802 Merge pull request #2739 from murgatroid99/backport-1.10-grpc-js_linkify-it_fix
  • d5edf49 Merge pull request #2735 from murgatroid99/grpc-js_linkify-it_fix
  • 23c05fc Merge pull request #2732 from murgatroid99/grpc-js_proto-loader_update
  • Additional commits viewable in compare view

Updates axios from 1.6.8 to 1.7.0

Release notes

Sourced from axios's releases.

Release v1.7.0

Release notes:

Features

Bug Fixes

  • core/axios: handle un-writable error stack (#6362) (81e0455)

Contributors to this release

Release v1.7.0-beta.2

Release notes:

Bug Fixes

  • fetch: capitalize HTTP method names; (#6395) (ad3174a)
  • fetch: fix & optimize progress capturing for cases when the request data has a nullish value or zero data length (#6400) (95a3e8e)
  • fetch: fix headers getting from a stream response; (#6401) (870e0a7)

Contributors to this release

Release v1.7.0-beta.1

Release notes:

Bug Fixes

  • core/axios: handle un-writable error stack (#6362) (81e0455)
  • fetch: fix cases when ReadableStream or Response.body are not available; (#6377) (d1d359d)
  • fetch: treat fetch-related TypeError as an AxiosError.ERR_NETWORK error; (#6380) (bb5f9a5)

Contributors to this release

Install

npm i axios@next

Release v1.7.0-beta.0

Release notes:

Features

... (truncated)

Changelog

Sourced from axios's changelog.

1.7.0 (2024-05-19)

Features

Bug Fixes

  • core/axios: handle un-writable error stack (#6362) (81e0455)

Contributors to this release

1.7.0-beta.2 (2024-05-19)

Bug Fixes

  • fetch: capitalize HTTP method names; (#6395) (ad3174a)
  • fetch: fix & optimize progress capturing for cases when the request data has a nullish value or zero data length (#6400) (95a3e8e)
  • fetch: fix headers getting from a stream response; (#6401) (870e0a7)

Contributors to this release

1.7.0-beta.1 (2024-05-07)

Bug Fixes

  • core/axios: handle un-writable error stack (#6362) (81e0455)
  • fetch: fix cases when ReadableStream or Response.body are not available; (#6377) (d1d359d)
  • fetch: treat fetch-related TypeError as an AxiosError.ERR_NETWORK error; (#6380) (bb5f9a5)

Contributors to this release

1.7.0-beta.0 (2024-04-28)

Features

... (truncated)

Commits
  • 3041c61 [Release] v1.7.0 (#6408)
  • 18b13cb chore(docs): add fetch adapter docs; (#6407)
  • e62099b fix(fetch): fixed a possible memory leak in the AbortController for the strea...
  • b49aa8e chore(release): v1.7.0-beta.2 (#6403)
  • d57f03a chore(ci): bump create-pull-request version to fix a bug; (#6405)
  • 097b0d1 chore(ci): add tag resolution for npm releases based on package version; (#6404)
  • 870e0a7 fix(fetch): fix headers getting from a stream response; (#6401)
  • 95a3e8e fix(fetch): fix & optimize progress capturing for cases when the request data...
  • ad3174a fix(fetch): capitalize HTTP method names; (#6395)
  • b9f4848 chore(release): v1.7.0-beta.1 (#6383)
  • Additional commits viewable in compare view

Updates quill from 1.3.7 to 2.0.0

Release notes

Sourced from quill's releases.

Version 2.0.0

We are thrilled to announce the release of Quill 2.0! Please check out the announcement post.

Major Improvements

  • Quill is now a valid ESM package for better ecosystem (e.g. bundlers) and tree-shaking support
  • Nested Quill support #3590
  • Improved IME and spell corrector support #3807
  • Semantic cleanups for TEXT_CHANGE event #3778
  • History: Record selection in history module #3823
  • Auto detect scrolling container #3840
  • Clipboard: Improve support for pasting from Google Docs and Microsoft Word

Performance Improvements

Quill 2.0 includes many performance optimizations, the most important of which is the improved rendering speed for large content.

  • Improve inserting performance #3815
  • Avoid fetching selections when possible #3538
  • No need to setContents when container is empty #3539

Code Modernization

  • Migrated to TypeScript
  • Provided official TypeScript declarations
  • Migrated to Vitest for unit testing
  • Migrated to Playwright for E2E testing
  • Migrated website to Gatsby

All Changes

... (truncated)

Changelog

Sourced from quill's changelog.

v2.0.0 (2024-04-17)

We are thrilled to announce the release of Quill 2.0! Please check out the announcement post.

Major Improvements

  • Quill is now a valid ESM package for better ecosystem (e.g. bundlers) and tree-shaking support
  • Nested Quill support #3590
  • Improved IME and spell corrector support #3807
  • Semantic cleanups for TEXT_CHANGE event #3778
  • History: Record selection in history module #3823
  • Auto detect scrolling container #3840
  • Clipboard: Improve support for pasting from Google Docs and Microsoft Word

Performance Improvements

Quill 2.0 includes many performance optimizations, the most important of which is the improved rendering speed for large content.

  • Improve inserting performance #3815
  • Avoid fetching selections when possible #3538
  • No need to setContents when container is empty #3539

Code Modernization

  • Migrated to TypeScript
  • Provided official TypeScript declarations
  • Migrated to Vitest for unit testing
  • Migrated to Playwright for E2E testing
  • Migrated website to Gatsby

All changes

v2.0.0-rc.5 (2024-04-04)

  • Clipboard Add support for Quill v1 list attributes
  • Fix overload declarations for quill.formatText() and other methods
  • Expose Bounds type for getBounds()
  • Expose Range type
  • Allow ref for insertBefore to be null

All changes

v2.0.0-rc.4 (2024-03-24)

  • Include source maps for Parchment
  • Clipboard Support pasting links copied from iOS share sheets
  • Fix config parsing where undefined values were kept
  • Expose types for Quill options
  • Remove empty .css.js files generated by bundlers

... (truncated)

Commits
Maintainer changes

This version was pushed to npm by luin, a new releaser for quill since your current version.


Updates socket.io from 4.5.1 to 4.6.2

Release notes

Sourced from socket.io's releases.

4.6.2

Bug Fixes

  • exports: move types condition to the top (#4698) (3d44aae)

Links

4.6.1

Bug Fixes

  • properly handle manually created dynamic namespaces (0d0a7a2)
  • types: fix nodenext module resolution compatibility (#4625) (d0b22c6)

Links

4.6.0

Bug Fixes

  • add timeout method to remote socket (#4558) (0c0eb00)
  • typings: properly type emits with timeout (f3ada7d)

Features

Promise-based acknowledgements

This commit adds some syntactic sugar around acknowledgements:

  • emitWithAck()
try {
  const responses = await io.timeout(1000).emitWithAck("some-event");
  console.log(responses); // one response per client
} catch (e) {
  // some clients did not acknowledge the event in the given delay
}

io.on("connection", async (socket) => {

// without timeout

</tr></table>

... (truncated)

Changelog

Sourced from socket.io's changelog.

4.6.2 (2023-05-31)

Bug Fixes

  • exports: move types condition to the top (#4698) (3d44aae)

Dependencies

4.6.1 (2023-02-20)

Bug Fixes

  • properly handle manually created dynamic namespaces (0d0a7a2)
  • types: fix nodenext module resolution compatibility (#4625) (d0b22c6)

Dependencies

4.6.0 (2023-02-07)

Bug Fixes

  • add timeout method to remote socket (#4558) (0c0eb00)
  • typings: properly type emits with timeout (f3ada7d)

Features

Promise-based acknowledgements

This commit adds some syntactic sugar around acknowledgements:

  • emitWithAck()
try {
</tr></table>

... (truncated)

Commits
  • faf914c chore(release): 4.6.2
  • 15af22f refactor: add a noop handler for the error event
  • d365894 chore: bump socket.io-parser to version 4.2.3
  • 12b0de4 chore: bump engine.io to version 6.4.2
  • 3d44aae fix(exports): move types condition to the top (#4698)
  • cbf0362 docs(examples): bump dependencies for the private messaging example
  • 59280da docs(examples): update examples to docker compose v2
  • 50a4d37 docs(changelog): add version of transitive dependencies
  • 6458b2b docs(example): basic WebSocket-only client
  • b56da8a docs(examples): upgrade to React 18
  • Additional commits viewable in compare view

Updates postcss from 8.4.38 to 8.4.39

Release notes

Sourced from postcss's releases.

8.4.39

Changelog

Sourced from postcss's changelog.

8.4.39

Commits

Updates vite from 5.1.4 to 5.1.7

Changelog

Sourced from vite's changelog.

5.1.7 (2024-03-24)

5.1.6 (2024-03-11)

  • chore(deps): update all non-major dependencies (#16131) (a862ecb), closes #16131
  • fix: check for publicDir before checking if it is a parent directory (#16046) (b6fb323), closes #16046
  • fix: escape single quote when relative base is used (#16060) (8f74ce4), closes #16060
  • fix: handle function property extension in namespace import (#16113) (f699194), closes #16113
  • fix: server middleware mode resolve (#16122) (8403546), closes #16122
  • fix(esbuild): update tsconfck to fix bug that could cause a deadlock (#16124) (fd9de04), closes #16124
  • fix(worker): hide "The emitted file overwrites" warning if the content is same (#16094) (60dfa9e), closes #16094
  • fix(worker): throw error when circular worker import is detected and support self referencing worker (eef9da1), closes #16103
  • style(utils): remove null check (#16112) (0d2df52), closes #16112
  • refactor(runtime): share more code between runtime and main bundle (#16063) (93be84e), closes #16063

5.1.5 (2024-03-04)

Commits
  • e710c2f release: v5.1.7
  • 5a056dd fix: fs.deny with globs with directories (#16250)
  • 6f7466e release: v5.1.6
  • a862ecb chore(deps): update all non-major dependencies (#16131)
  • 8403546 fix: server middleware mode resolve (#16122)
  • b6fb323 fix: check for publicDir before checking if it is a parent directory (#16046)
  • fd9de04 fix(esbuild): update tsconfck to fix bug that could cause a deadlock (#16124)
  • f699194 fix: handle function property extension in namespace import (#16113)
  • 0d2df52 style(utils): remove null check (#16112)
  • eef9da1 fix(worker): throw error when circular worker import is detected and support ...
  • Additional commits viewable in compare view

Updates @adobe/css-tools from 4.2.0 to 4.4.0

Changelog

Sourced from @​adobe/css-tools's changelog.

4.4.0 / 2024-06-05

4.3.3 / 2024-01-24

  • Update export property #271

4.3.2 / 2023-11-28

  • Fix redos vulnerability with specific crafted css string - CVE-2023-48631
  • Fix Problem parsing with :is() and nested :nth-child() #211

4.3.1 / 2023-03-14

  • Fix redos vulnerability with specific crafted css string - CVE-2023-26364

4.3.0 / 2023-03-07

  • Update build tools
  • Update exports path and files
Commits

Updates @sideway/formula from 3.0.0 to 3.0.1

Commits
Maintainer changes

This version was pushed to npm by marsup, a new releaser for @​sideway/formula since your current version.


Updates braces from 3.0.2 to 3.0.3

Commits

Updates ejs from 3.1.8 to 3.1.10

Release notes

Sourced from ejs's releases.

v3.1.10

Version 3.1.10

v3.1.9

Version 3.1.9

Commits

Updates engine.io from 6.2.1 to 6.4.2

Release notes

Sourced from engine.io's releases.

6.4.2

:warning: This release contains an important security fix :warning:

A malicious client could send a specially crafted HTTP request, triggering an uncaught exception and killing the Node.js process:

TypeError: Cannot read properties of undefined (reading 'handlesUpgrades')
  at Server.onWebSocket (build/server.js:515:67)

Please upgrade as soon as possible.

Bug Fixes

  • include error handling for Express middlewares (#674) (9395782)
  • prevent crash when provided with an invalid query param (fc480b4)
  • typings: make clientsCount public (#675) (bd6d471)
  • uws: prevent crash when using with middlewares (8b22162)

Credits

Huge thanks to @​tyilo and @​cieldeville for helping!

Links

6.4.1

This release contains 6e78489, which exports the BaseServer class in order to restore the compatibility with the nodenext module resolution strategy of TypeScript.

Reference: https://www.typescriptlang.org/tsconfig/#moduleResolution

Related: socketio/socket.io#4621

Links

6.4.0

Features

  • add support for Express middlewares (24786e7)

This commit implements middlewares at the Engine.IO level, because Socket.IO middlewares are meant for namespace authorization and are not executed during a classic HTTP request/response cycle.

... (truncated)

Changelog

Sourced from engine.io's changelog.

6.4.2 (2023-05-02)

:warning: This release contains an important security fix :warning:

A malicious client could send a specially crafted HTTP request, triggering an uncaught exception and killing the Node.js process:

TypeError: Cannot read properties of undefined (reading 'handlesUpgrades')
  at Server.onWebSocket (build/server.js:515:67)

Please upgrade as soon as possible.

Bug Fixes

  • include error handling for Express middlewares (#674) (9395782)
  • prevent crash when provided with an invalid query param (fc480b4)
  • typings: make clientsCount public (#675) (bd6d471)
  • uws: prevent crash when using with middlewares (8b22162)

Credits

Huge thanks to @​tyilo and @​cieldeville for helping!

Dependencies

6.4.1 (2023-02-20)

This release contains 6e78489, which exports the BaseServer class in order to restore the compatibility with the nodenext module resolution strategy of TypeScript.

Reference: https://www.typescriptlang.org/tsconfig/#moduleResolution

Related: socketio/socket.io#4621

Dependencies

6.4.0 (2023-02-06)

... (truncated)

Commits
  • 95e2153 chore(release): 6.4.2
  • fc480b4 fix: prevent crash when provided with an invalid query param
  • 0141951 refactor(types): ensure compatibility with Express middlewares
  • 8b22162 fix(uws): prevent crash when using with middlewares
  • 9395782 fix: include error handling for Express middlewares (#674)
  • 911d0e3 refactor: return HTTP 400 upon invalid request overlap
  • bd6d471 fix(typings): make clientsCount public (#675)
  • 7033c0e chore(release): 6.4.1
  • 6e78489 refactor: export BaseServer class (#669)
  • 535b068 docs: add upgrade event in the documentation
  • Additional commits viewable in compare view

Updates follow-redirects from 1.15.1 to 1.15.6

Commits

dependabot[bot] avatar Jul 14 '24 23:07 dependabot[bot]

New and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package New capabilities Transitives Size Publisher
npm/@babel/[email protected] Transitive: environment +5 98.6 kB nicolo-ribaudo
npm/@babel/[email protected] environment, filesystem, unsafe +3 950 kB nicolo-ribaudo
npm/@babel/[email protected] None +1 524 kB nicolo-ribaudo
npm/@babel/[email protected] None 0 13.5 kB nicolo-ribaudo
npm/@babel/[email protected] None +5 246 kB nicolo-ribaudo
npm/@babel/[email protected] None +1 31 kB nicolo-ribaudo
npm/@babel/[email protected] unsafe +1 216 kB nicolo-ribaudo
npm/@babel/[email protected] None +1 14 kB nicolo-ribaudo
npm/@babel/[email protected] None +1 38.6 kB nicolo-ribaudo
npm/@babel/[email protected] None 0 31.8 kB nicolo-ribaudo
npm/@babel/[email protected] None +1 36.9 kB nicolo-ribaudo
npm/@babel/[email protected] None 0 585 kB nicolo-ribaudo
npm/@babel/[email protected] None +4 66.7 kB nicolo-ribaudo
npm/@babel/[email protected] None 0 1.89 MB nicolo-ribaudo
npm/@babel/plugin-bugfix-safari-id-destructuring-collision-in-function-expression@7.23.3 None 0 7.83 kB nicolo-ribaudo
npm/@babel/[email protected] None +1 16.7 kB nicolo-ribaudo
npm/@babel/[email protected] None 0 3.48 kB nicolo-ribaudo
npm/@babel/[email protected] None 0 3.71 kB nicolo-ribaudo
npm/@babel/[email protected] None 0 5.19 kB nicolo-ribaudo
npm/@babel/[email protected] None 0 4.21 kB nicolo-ribaudo
npm/@babel/[email protected] None 0 6.94 kB nicolo-ribaudo
npm/@babel/[email protected] None 0 5.62 kB nicolo-ribaudo
npm/@babel/[email protected] None +1 23 kB nicolo-ribaudo
npm/@babel/[email protected] None 0 8.04 kB nicolo-ribaudo
npm/@babel/[email protected] None 0 6.62 kB nicolo-ribaudo
npm/@babel/[email protected] None 0 88.5 kB nicolo-ribaudo
npm/@babel/[email protected] None 0 4.94 kB nicolo-ribaudo
npm/@babel/[email protected] None +1 12.9 kB nicolo-ribaudo
npm/@babel/[email protected] None +4 146 kB nicolo-ribaudo
npm/@babel/[email protected] None 0 22.8 kB nicolo-ribaudo
npm/@babel/[email protected] None 0 82 kB nicolo-ribaudo
npm/@babel/[email protected] None +2 35.2 kB nicolo-ribaudo
npm/@babel/[email protected] None 0 9.18 kB nicolo-ribaudo
npm/@babel/[email protected] None +1 8.69 kB nicolo-ribaudo
npm/@babel/[email protected] None 0 5.02 kB nicolo-ribaudo
npm/@babel/[email protected] None +1 10.7 kB nicolo-ribaudo
npm/@babel/[email protected] None +1 50.7 kB nicolo-ribaudo
npm/@babel/[email protected] None 0 6.27 kB nicolo-ribaudo
npm/@babel/[email protected] None +1 8.44 kB nicolo-ribaudo
npm/@babel/[email protected] None 0 4.7 kB nicolo-ribaudo
npm/@babel/[email protected] None +1 11.3 kB nicolo-ribaudo
npm/@babel/[email protected] None 0 5.01 kB nicolo-ribaudo
npm/@babel/[email protected] None 0 21 kB nicolo-ribaudo
npm/@babel/[email protected] None +1 56.5 kB nicolo-ribaudo
npm/@babel/[email protected] None +1 72.8 kB nicolo-ribaudo
npm/@babel/[email protected] None 0 25.7 kB nicolo-ribaudo
npm/@babel/[email protected] None 0 10.3 kB nicolo-ribaudo
npm/@babel/[email protected] None +1 11.7 kB nicolo-ribaudo
npm/@babel/[email protected] None +1 8.16 kB nicolo-ribaudo
npm/@babel/[email protected] None +1 73.2 kB nicolo-ribaudo
npm/@babel/[email protected] None 0 9.3 kB nicolo-ribaudo
npm/@babel/[email protected] None +1 7.38 kB nicolo-ribaudo
npm/@babel/[email protected] None +2 46.4 kB nicolo-ribaudo
npm/@babel/[email protected] None 0 65 kB nicolo-ribaudo
npm/@babel/[email protected] None 0 4.76 kB nicolo-ribaudo
npm/@babel/[email protected] None +2 26.8 kB nicolo-ribaudo
npm/@babel/[email protected] None 0 4.79 kB nicolo-ribaudo
npm/@babel/[email protected] None 0 12.5 kB nicolo-ribaudo
npm/@babel/[email protected] None +1 84 kB nicolo-ribaudo
npm/@babel/[email protected] None +1 12.4 kB nicolo-ribaudo
npm/@babel/[email protected] None 0 6.57 kB nicolo-ribaudo
npm/@babel/[email protected] None 0 4.35 kB nicolo-ribaudo
npm/@babel/[email protected] None 0 7.18 kB nicolo-ribaudo
npm/@babel/[email protected] None +1 27.2 kB nicolo-ribaudo
npm/@babel/[email protected] None 0 4.71 kB nicolo-ribaudo
npm/@babel/[email protected] None 0 15.9 kB nicolo-ribaudo
npm/@babel/[email protected] None 0 10.6 kB nicolo-ribaudo
npm/@babel/[email protected] None +1 136 kB nicolo-ribaudo
npm/@babel/[email protected] None 0 14 kB nicolo-ribaudo
npm/@babel/[email protected] None +1 9.09 kB nicolo-ribaudo
npm/@babel/[email protected] None +1 8.02 kB nicolo-ribaudo
npm/@babel/[email protected] None +1 8.76 kB nicolo-ribaudo
npm/@babel/[email protected] environment +20 914 kB nicolo-ribaudo
npm/@babel/[email protected] None +1 89.2 kB nicolo-ribaudo
npm/@babel/[email protected] None +1 15.3 kB nicolo-ribaudo
npm/@babel/[email protected] None 0 21.6 kB nicolo-ribaudo
npm/@babel/[email protected] None 0 246 kB nicolo-ribaudo
npm/@babel/[email protected] None 0 69.2 kB nicolo-ribaudo
npm/@babel/[email protected] Transitive: environment +21 6.07 MB nicolo-ribaudo
npm/@babel/[email protected] environment 0 2.41 MB nicolo-ribaudo
npm/@docusaurus/[email protected] Transitive: environment, eval, filesystem, network, shell, unsafe +248 23.9 MB slorber
npm/@docusaurus/[email protected] None +7 1.68 MB slorber
npm/@docusaurus/[email protected] environment Transitive: eval, filesystem +52 3.67 MB slorber
npm/@docusaurus/[email protected] environment Transitive: eval, filesystem, unsafe +150 12.2 MB slorber
npm/@docusaurus/[email protected] filesystem Transitive: environment, eval +155 14.2 MB slorber
npm/@docusaurus/[email protected] None 0 2.13 kB slorber
npm/@docusaurus/[email protected] Transitive: filesystem, shell +12 2.42 MB slorber
npm/@jridgewell/[email protected] None 0 79.2 kB jridgewell
npm/@jridgewell/[email protected] None +2 259 kB jridgewell
npm/@mdx-js/[email protected] None +5 1.62 MB wooorm
npm/@nodelib/[email protected] filesystem 0 11.8 kB mrmlnc
npm/@types/[email protected] None +4 3.89 MB types
npm/@types/[email protected] None +4 3.85 MB types
npm/@types/[email protected] None 0 5.76 kB types
npm/@types/[email protected] None 0 32.2 kB types
npm/@types/[email protected] None 0 29.4 kB types
npm/@types/[email protected] None 0 4 kB types
npm/@types/[email protected] None +5 1.61 MB types
npm/@types/[email protected] None +5 1.63 MB types
npm/@types/[email protected] None +2 3.83 MB types
npm/@types/[email protected] None 0 6.28 kB types
npm/@webassemblyjs/[email protected] None +5 341 kB xtuc
npm/@webassemblyjs/[email protected] None +7 329 kB xtuc
npm/[email protected] None +3 268 kB dougwilson
npm/[email protected] None 0 531 kB marijn
npm/[email protected] environment, filesystem, shell 0 13 kB fengmk2
npm/[email protected] None 0 72.9 kB esp
npm/[email protected] Transitive: network +14 516 kB shortcuts
npm/[email protected] environment +2 212 kB ai
npm/[email protected] None 0 81.3 kB nicolo-ribaudo
npm/[email protected] None +1 883 kB nicolo-ribaudo
npm/[email protected] None 0 9.46 kB nicolo-ribaudo
npm/[email protected] None +1 61.4 kB jonschlinkert
npm/[email protected] None +1 39.9 kB ljharb
npm/[email protected] None 0 1.94 MB caniuse-lite
npm/[email protected] environment, filesystem +4 265 kB paulmillr
npm/[email protected] environment, filesystem, network +1 1.3 MB jakub.pawlowicz
npm/[email protected] None 0 6.79 kB lukeed
npm/[email protected] None 0 6.69 kB dfcreative
npm/[email protected] None 0 10.5 kB dougwilson
npm/[email protected] None +1 1.55 MB lahmatiy
npm/[email protected] None 0 66 kB feedic
npm/[email protected] Transitive: filesystem +36 898 kB ludovicofischer
npm/[email protected] filesystem, shell 0 23.7 kB lovell
npm/[email protected] None +1 36.2 kB wooorm
npm/[email protected] None 0 11.4 kB feedic
npm/[email protected] None 0 75.3 kB feedic
npm/[email protected] network +1 191 kB feedic
npm/[email protected] None 0 266 kB kilianvalkhof
npm/[email protected] None 0 6.23 kB mafintosh
npm/[email protected] None 0 413 kB feedic
npm/[email protected] None 0 3.66 kB dougwilson
npm/[email protected] None 0 13 kB esp
npm/[email protected] None 0 5.07 kB mafintosh
npm/[email protected] filesystem +3 184 kB mrmlnc
npm/[email protected] None 0 86.2 kB infusion
npm/[email protected] eval +4 95 kB ljharb
npm/[email protected] filesystem Transitive: environment +3 75.9 kB isaacs
npm/[email protected] filesystem +3 35.8 kB sindresorhus
npm/[email protected] environment, filesystem 0 32.5 kB isaacs
npm/[email protected] None 0 10 kB evilebottnawi
npm/[email protected] None 0 51.2 kB kael
npm/[email protected] None +2 15.1 kB sindresorhus
npm/[email protected] None 0 3.96 kB isaacs
npm/[email protected] filesystem 0 3.01 kB sindresorhus
npm/[email protected] None +1 19.8 kB phated
npm/[email protected] environment, filesystem, unsafe 0 1.91 MB pi0
npm/[email protected] None 0 10.4 kB isaacs
npm/[email protected] environment 0 5.81 kB zertosh
npm/[email protected] None +1 26.6 kB wooorm
npm/[email protected] filesystem Transitive: unsafe +1 205 kB streamich
npm/[email protected] None 0 8.9 kB zensh
npm/[email protected] None 0 35.4 kB wooorm
npm/[email protected] None 0 38.8 kB wooorm
npm/[email protected] None 0 55.9 kB jonschlinkert
npm/[email protected] None +1 183 kB dougwilson
npm/[email protected] filesystem 0 4.5 kB mafintosh
npm/[email protected] None 0 34 kB chicoxyzzy
npm/[email protected] None 0 9.22 kB jonschlinkert
npm/[email protected] None 0 19.1 kB indutny
npm/[email protected] None 0 4.05 kB isaacs
npm/[email protected] environment, filesystem, shell +2 54.5 kB sindresorhus
npm/[email protected] None 0 10.3 kB dougwilson
npm/[email protected] None 0 90 kB mrmlnc
npm/[email protected] None +1 203 kB evilebottnawi
npm/[email protected] None 0 27.2 kB evilebottnawi
npm/[email protected] environment, filesystem +2 228 kB ai

🚮 Removed packages: npm/@babel/[email protected], npm/@babel/[email protected], npm/@babel/[email protected], npm/@babel/[email protected], npm/@babel/[email protected], npm/@babel/[email protected], npm/@babel/[email protected], npm/@babel/[email protected], npm/@babel/[email protected], npm/@babel/[email protected], npm/@babel/[email protected], npm/@babel/[email protected], npm/@babel/[email protected], npm/@contentful/[email protected], npm/@emotion/[email protected], npm/@emotion/[email protected], npm/@emotion/[email protected], npm/@fullhuman/[email protected], npm/@grpc/[email protected], npm/@headlessui/[email protected], npm/@heroicons/[email protected], npm/@jetstreamapp/[email protected], npm/@jridgewell/[email protected], npm/@jridgewell/[email protected], npm/@mdx-js/[email protected], npm/@monaco-editor/[email protected], npm/@nx/[email protected], npm/@nx/[email protected], npm/@nx/[email protected], npm/@nx/[email protected], npm/@nx/[email protected], npm/@nx/[email protected], npm/@nx/[email protected], npm/@nx/[email protected], npm/@nx/[email protected], npm/@nx/[email protected], npm/@nx/[email protected], npm/@nx/[email protected], npm/@nx/[email protected], npm/@nx/[email protected], npm/@nx/[email protected], npm/@nx/[email protected], npm/@nx/[email protected], npm/@opentelemetry/[email protected], npm/@opentelemetry/[email protected], npm/@opentelemetry/[email protected], npm/@opentelemetry/[email protected], npm/@playwright/[email protected], npm/@pmmmwh/[email protected], npm/@popperjs/[email protected], npm/@prisma/[email protected], npm/@react-aria/[email protected], npm/@react-aria/[email protected], npm/@react-aria/[email protected], npm/@release-it/[email protected], npm/@release-it/[email protected], npm/@salesforce-ux/[email protected], npm/@storybook/[email protected], npm/@storybook/[email protected], npm/@storybook/[email protected], npm/@storybook/[email protected], npm/@storybook/[email protected], npm/@svgr/[email protected], npm/@swc-node/[email protected], npm/@swc/[email protected], npm/@swc/[email protected], npm/@swc/[email protected], npm/@tailwindcss/[email protected], npm/@tailwindcss/[email protected], npm/@tailwindcss/[email protected], npm/@tanstack/[email protected], npm/@testing-library/[email protected], npm/@testing-library/[email protected], npm/@testing-library/[email protected], npm/@tippyjs/[email protected], npm/@types/[email protected], npm/@types/[email protected], npm/@types/[email protected], npm/@types/[email protected], npm/@types/[email protected], npm/@types/[email protected], npm/@types/[email protected], npm/@types/[email protected], npm/@types/[email protected], npm/@types/[email protected], npm/@types/[email protected], npm/@types/[email protected], npm/@types/[email protected], npm/@types/[email protected], npm/@types/[email protected], npm/@types/[email protected], npm/@types/[email protected], npm/@types/[email protected], npm/@types/[email protected], npm/@types/[email protected], npm/@types/[email protected], npm/@types/[email protected], npm/@types/[email protected], npm/@types/[email protected], npm/@types/[email protected], npm/@types/[email protected], npm/@types/[email protected], npm/@types/[email protected], npm/@types/[email protected], npm/@types/[email protected], npm/@typescript-eslint/[email protected], npm/@typescript-eslint/[email protected], npm/@vitejs/[email protected], npm/@vitest/[email protected], npm/@vitest/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected]

View full report↗︎

socket-security[bot] avatar Jul 14 '24 23:07 socket-security[bot]

🚨 Potential security issues detected. Learn more about Socket for GitHub ↗︎

To accept the risk, merge this PR and you will not be notified again.

Alert Package NoteSourceCI
Install scripts npm/[email protected]
  • Install script: postinstall
  • Source: node -e "try{require('./postinstall')}catch(e){}"
 🚫

View full report↗︎

Next steps

What is an install script?

Install scripts are run when the package is installed. The majority of malware in npm is hidden in install scripts.

Packages should not be running non-essential scripts during install and there are often solutions to problems people solve with install scripts that can be run at publish time instead.

Take a deeper look at the dependency

Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support [AT] socket [DOT] dev.

Remove the package

If you happen to install a dependency that Socket reports as Known Malware you should immediately remove it and select a different dependency. For other alert types, you may may wish to investigate alternative packages or consider if there are other ways to mitigate the specific risk posed by the dependency.

Mark a package as acceptable risk

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of ecosystem/package-name@version specifiers. e.g. @SocketSecurity ignore npm/[email protected] or ignore all packages with @SocketSecurity ignore-all

socket-security[bot] avatar Jul 14 '24 23:07 socket-security[bot]

@dependabot rebase

paustint avatar Nov 03 '24 23:11 paustint

Looks like these dependencies are updatable in another way, so this is no longer needed.

dependabot[bot] avatar Nov 04 '24 00:11 dependabot[bot]