payload icon indicating copy to clipboard operation
payload copied to clipboard

Published 20 hours ago verified publisher icon payloadcms

chore(templates): update lock files

Open r1tsuu opened this issue 1 year ago • 2 comments

Updates the lock file in templates that have it Removes the lock file in with-vercel-website

r1tsuu avatar Nov 24 '24 08:11 r1tsuu

New and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package New capabilities Transitives Size Publisher
npm/@apollo/[email protected] network Transitive: environment, eval +21 7.99 MB apollo-bot
npm/@faceless-ui/[email protected] None 0 36.3 kB jacobsfletch
npm/@faceless-ui/[email protected] Transitive: environment, eval +28 3.52 MB jacobsfletch
npm/@lexical/[email protected] environment +1 1.15 MB acywatson
npm/@lexical/[email protected] Transitive: environment, unsafe +25 9.55 MB acywatson
npm/@lexical/[email protected] environment +4 1.3 MB acywatson
npm/@lexical/[email protected] environment +3 1.53 MB acywatson
npm/@next/[email protected] filesystem Transitive: environment +11 225 kB vercel-release-bot
npm/@payloadcms/[email protected] environment, eval, filesystem, network 0 314 kB elliotpayload
npm/@payloadcms/[email protected] environment, filesystem, network Transitive: shell +110 11.4 MB elliotpayload
npm/@payloadcms/[email protected] Transitive: environment, eval, filesystem, network, shell, unsafe +319 232 MB elliotpayload
npm/@payloadcms/[email protected] Transitive: environment, eval, filesystem, network, shell, unsafe +354 242 MB elliotpayload
npm/@types/[email protected] None +1 2.13 MB types
npm/@types/[email protected] None 0 37.8 kB types
npm/@types/[email protected] None +2 1.69 MB types
npm/[email protected] unsafe Transitive: environment, eval, filesystem +179 16.4 MB vercel-release-bot
npm/[email protected] None 0 19.9 kB lydell
npm/[email protected] None +4 84.8 kB selaux
npm/[email protected] filesystem, unsafe Transitive: environment, eval, network +140 9.92 MB ljharb
npm/[email protected] Transitive: environment, filesystem, unsafe +3 11.4 MB jounqin
npm/[email protected] environment 0 118 kB react-bot
npm/[email protected] None 0 37.3 kB lydell
npm/[email protected] environment, filesystem Transitive: eval, shell, unsafe +98 10.7 MB eslintbot
npm/[email protected] None 0 1.34 MB i1g
npm/[email protected] environment, filesystem, network, shell, unsafe +13 90.5 MB vercel-release-bot
npm/[email protected] environment +3 4.63 MB react-bot
npm/[email protected] network 0 898 kB bluebill1049
npm/[email protected] filesystem, unsafe Transitive: environment +16 6.4 MB sassbot
npm/[email protected] Transitive: environment +3 2.52 MB ianstormtaylor
npm/[email protected] None 0 32.4 MB typescript-bot

🚮 Removed packages: npm/@next/[email protected], npm/@payloadcms/[email protected], npm/@payloadcms/[email protected], npm/@payloadcms/[email protected], npm/@payloadcms/[email protected], npm/@payloadcms/[email protected], npm/@payloadcms/[email protected], npm/@payloadcms/[email protected], npm/@payloadcms/[email protected], npm/@payloadcms/[email protected], npm/@payloadcms/[email protected], npm/@payloadcms/[email protected], npm/@payloadcms/[email protected], npm/@payloadcms/[email protected], npm/@radix-ui/[email protected], npm/@radix-ui/[email protected], npm/@radix-ui/[email protected], npm/@radix-ui/[email protected], npm/@tailwindcss/[email protected], npm/@types/[email protected], npm/@types/[email protected], npm/@types/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected]

View full report↗︎

socket-security[bot] avatar Nov 24 '24 08:11 socket-security[bot]

🚨 Potential security issues detected. Learn more about Socket for GitHub ↗︎

To accept the risk, merge this PR and you will not be notified again.

Alert Package NoteSourceCI
Protestware or potentially unwanted behavior npm/[email protected]
  • Note: The script attempts to run a local post-install script, which could potentially contain malicious code. The error handling suggests that it is designed to fail silently, which is a common tactic in malicious scripts.
 ⚠︎
Protestware or potentially unwanted behavior npm/[email protected]
  • Note: This package prints a protestware console message on install regarding Ukraine for users with Russian language locale
 ⚠︎

View full report↗︎

Next steps

What is protestware?

This package is a joke, parody, or includes undocumented or hidden behavior unrelated to its primary function.

Consider that consuming this package may come along with functionality unrelated to its primary purpose.

Take a deeper look at the dependency

Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support [AT] socket [DOT] dev.

Remove the package

If you happen to install a dependency that Socket reports as Known Malware you should immediately remove it and select a different dependency. For other alert types, you may may wish to investigate alternative packages or consider if there are other ways to mitigate the specific risk posed by the dependency.

Mark a package as acceptable risk

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of ecosystem/package-name@version specifiers. e.g. @SocketSecurity ignore npm/[email protected] or ignore all packages with @SocketSecurity ignore-all

socket-security[bot] avatar Nov 24 '24 08:11 socket-security[bot]

https://github.com/payloadcms/payload/pull/9508

r1tsuu avatar Nov 25 '24 14:11 r1tsuu