socket-security[bot]

Results 7499 comments of socket-security[bot]

build(deps-dev): bump @yao-pkg/pkg from 5.14.2 to 5.15.0

**🚨 Potential security issues detected.** Learn more about [Socket for GitHub ↗︎](https://socket.dev?utm_medium=gh) To accept the risk, merge this PR and you will not be notified again. Alert Package NoteSourceCI AI-detected...

build(deps-dev): bump sinon from 18.0.1 to 19.0.2

**New and removed dependencies detected.** Learn more about [Socket for GitHub ↗︎](https://socket.dev?utm_medium=gh) | Package | New capabilities | Transitives | Size | Publisher | |:--- |:--- |:--- |:--- |:--- |...

Bump typescript from 5.6.3 to 5.7.3

**Updated dependencies detected.** Learn more about [Socket for GitHub ↗︎](https://socket.dev?utm_medium=gh) | Package | New capabilities | Transitives | Size | Publisher | |:--- |:--- |:--- |:--- |:--- | | [npm/[email protected]](https://socket.dev/npm/package/typescript/overview/5.7.3)...

Update dependency node to v22

**Review the following changes in direct dependencies.** Learn more about [Socket for GitHub](https://socket.dev?utm_medium=gh). Diff Package Supply ChainSecurity Vulnerability Quality Maintenance License @​types/​node@​20.12.7 ⏵ 22.16.5 +1 +22 +5 [View full report](https://socket.dev/dashboard/org/Pandapip1/diff-scan/01eb7e9d-732b-41e1-b0fe-4b4a2cf18e99?tab=dependencies)

[plain-object] Prevent accidental static built-in classes (atomics, JSON, Math) to be passed

**Review the following changes in direct dependencies.** Learn more about [Socket for GitHub](https://socket.dev?utm_medium=gh). Diff Package Supply ChainSecurity Vulnerability Quality Maintenance License isarray@​2.0.5 is-unicode-supported@​0.1.0 hasown@​2.0.2 array-buffer-byte-length@​1.0.2 which-collection@​1.0.2 safer-buffer@​2.1.2 is-set@​2.0.3 is-weakmap@​2.0.2 is-map@​2.0.3...

[plain-object] Prevent accidental static built-in classes (atomics, JSON, Math) to be passed

> [!WARNING] > **Review the following alerts detected in dependencies.** > > According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about [Socket for...

chore(deps-dev): bump typescript from 5.7.3 to 5.8.3

**Review the following changes in direct dependencies.** Learn more about [Socket for GitHub](https://socket.dev?utm_medium=gh). Diff Package Supply ChainSecurity Vulnerability Quality Maintenance License typescript@​5.7.3 ⏵ 5.9.3 +1 +1 [View full report](https://socket.dev/dashboard/org/jfmengels/diff-scan/4764e651-04fe-45c0-9b89-4924a8e984cb?tab=dependencies)

fix(deps): update all dependencies

**Review the following changes in direct dependencies.** Learn more about [Socket for GitHub](https://socket.dev?utm_medium=gh). Diff Package Supply ChainSecurity Vulnerability Quality Maintenance License npm/​@​esbuild/​aix-ppc64@​0.25.5 ⏵ 0.25.8 npm/​@​esbuild/​android-arm64@​0.25.5 ⏵ 0.25.8 npm/​@​esbuild/​darwin-arm64@​0.25.5 ⏵ 0.25.8...

refactor: f2elint

**Review the following changes in direct dependencies.** Learn more about [Socket for GitHub](https://socket.dev?utm_medium=gh). Diff Package Supply ChainSecurity Vulnerability Quality Maintenance License @​size-limit/​preset-big-lib@​11.1.0 ⏵ 11.2.0 +7 -3 @​types/​react-helmet@​6.1.6 ⏵ 6.1.11 @​babel/​preset-react@​7.22.15...

refactor: f2elint

> [!WARNING] > **Review the following alerts detected in dependencies.** > > According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about [Socket for...