astro-shield icon indicating copy to clipboard operation
astro-shield copied to clipboard

Published 20 hours ago verified publisher icon kindspells

Sync Upstream

Open smithcoin opened this issue 7 months ago • 1 comments

bump dependencies, includes: #183 and #187

smithcoin avatar Apr 29 '25 04:04 smithcoin

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security		 Vulnerability Quality Maintenance License
Updatedastro-sst@​2.43.5 ⏵ 3.1.497 +210069 -3191 +3100
Updatedsst@​3.2.73 ⏵ 3.17.1395 +110069 +197 +3100
Updated@​vitest/​coverage-v8@​2.1.4 ⏵ 3.2.49910070 +198 -1100
Updatedvitest@​2.1.4 ⏵ 3.2.497100 +757799 +2100
Updatedrollup-plugin-esbuild@​6.1.1 ⏵ 6.2.19910010078100
Updated@​types/​node@​22.8.6 ⏵ 22.18.1100 +110080 +194 -1100
Updatedget-tsconfig@​4.8.1 ⏵ 4.10.1100 +110099 +180100
Updatedpublint@​0.2.12 ⏵ 0.3.1210010080 -1884100
Updated@​astrojs/​node@​8.3.4 ⏵ 9.4.3100100 +981 +197 +2100
Updatedvite@​5.4.10 ⏵ 7.1.598 +3100 +178199100
Updatedrollup-plugin-dts@​6.1.1 ⏵ 6.2.3100 +110099 +18470
Updatedsharp@​0.33.5 ⏵ 0.34.391100100 +182100
Updated@​astrojs/​starlight@​0.28.5 ⏵ 0.35.29910083 +194 -1100
Updatedastro@​4.16.8 ⏵ 5.13.797100 +258798100
Updatedtypescript@​5.6.3 ⏵ 5.9.2100 +110089 +1100100
Updated@​moonrepo/​cli@​1.29.3 ⏵ 1.40.2100 +10100100 +196100
Updatedrollup@​4.24.3 ⏵ 4.50.19710010099100
Updated@​biomejs/​biome@​1.9.4 ⏵ 2.2.4100 +710010099100

View full report

socket-security[bot] avatar Aug 18 '25 15:08 socket-security[bot]

[!WARNING] Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action Severity Alert  (click "▶" to expand/collapse)
Warn High
[email protected] has Obfuscated code.

Confidence: 0.96

Location: Package overview

From: pnpm-lock.yamlnpm/[email protected]npm/[email protected]

ℹ Read more on: This package | This alert | What is obfuscated code?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at [email protected].

Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/[email protected]. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
[email protected] has Obfuscated code.

Confidence: 0.94

Location: Package overview

From: pnpm-lock.yamlnpm/[email protected]npm/[email protected]

ℹ Read more on: This package | This alert | What is obfuscated code?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at [email protected].

Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/[email protected]. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report

socket-security[bot] avatar Sep 11 '25 20:09 socket-security[bot]