cadt-ui icon indicating copy to clipboard operation
cadt-ui copied to clipboard
verified publisher icon Chia-Network

Release 2.0.4

Open TheLastCicada opened this issue 1 year ago • 2 comments

TheLastCicada avatar Oct 10 '24 16:10 TheLastCicada

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security		 Vulnerability Quality Maintenance License
Updatedcommitlint@​19.4.0 ⏵ 19.6.11001004288100
Updatedhusky@​9.1.4 ⏵ 9.1.7100 +110059 +178100
Updatedreact-router-dom@​6.26.1 ⏵ 6.28.298 +110073 +199100
Updatedreact-intl@​6.6.8 ⏵ 7.1.5100 +11007391100
Updated@​types/​react-dom@​18.3.0 ⏵ 18.3.5100 +110074 +190100
Updateddayjs@​1.11.12 ⏵ 1.11.13100 +110010077100
Updated@​types/​react@​18.3.3 ⏵ 18.3.18100 +110077 +194 +2100
Updatedflowbite-typography@​1.0.3 ⏵ 1.0.592100100 +178100
Addedtailwind-scrollbar@​3.1.01001008080100
Updatedwait-on@​7.2.0 ⏵ 8.0.29910010080 -4100
Updated@​emotion/​styled@​11.13.0 ⏵ 11.14.0100 +11008086100
Updatedqrcode.react@​3.1.0 ⏵ 3.2.0100 +110099 +180100
Updatedpostcss@​8.4.41 ⏵ 8.5.199 +110081 +184100
Updatedsimplebar@​6.2.7 ⏵ 6.3.0100 +110010081100
Updatedsimplebar-react@​3.2.6 ⏵ 3.3.210010010081 -2100
Updatedvite@​5.4.1 ⏵ 5.4.1995 +1100 +2581 +199100
Updatedflowbite@​2.3.0 ⏵ 2.5.210010010082100
Updatedeslint-plugin-react-refresh@​0.4.9 ⏵ 0.4.18100 +110099 +183100
Updateddiff@​5.2.0 ⏵ 7.0.0100 +1100100 +183100
Updated@​emotion/​react@​11.13.0 ⏵ 11.14.099 +11008683100
Updatedreact-redux@​9.1.2 ⏵ 9.2.098 +110090 +183100
Updatedyup@​1.4.0 ⏵ 1.6.1100 +110010085100
Updatedconcurrently@​8.2.2 ⏵ 9.1.299 +1100100 +185100
Updated@​commitlint/​config-conventional@​19.2.2 ⏵ 19.6.010010010085100
Updatedtailwindcss@​3.4.10 ⏵ 3.4.1798 +110086 +198100
Updatedstyled-components@​6.1.12 ⏵ 6.1.149410010086100
Updatedexpress@​4.19.2 ⏵ 4.21.297100 +510086100
Updated@​tailwindcss/​forms@​0.5.7 ⏵ 0.5.10100100100 +188 -1100
Updated@​reduxjs/​toolkit@​2.2.7 ⏵ 2.5.196 +1100100 +188100
Updatedtypescript@​5.5.4 ⏵ 5.7.310010089 +1100100
Updated@​mui/​material@​5.16.7 ⏵ 5.16.1489 +110090 +199 +1100
Updatedlint-staged@​15.2.9 ⏵ 15.4.399100100 +191 +5100
See 4 more rows in the dashboard

View full report

socket-security[bot] avatar Oct 10 '24 16:10 socket-security[bot]

[!WARNING] Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action Severity Alert  (click "▶" to expand/collapse)
Warn High
[email protected] has a License Policy Violation.

License: CC-BY-4.0 (npm metadata)

License: CC-BY-4.0 (package/LICENSE)

License: CC-BY-4.0 (package/package.json)

From: package-lock.jsonnpm/[email protected]npm/[email protected]

ℹ Read more on: This package | This alert | What is a license policy violation?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at [email protected].

Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/[email protected]. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
[email protected] has a License Policy Violation.

License: MIT-Khronos-old (package/ThirdPartyNoticeText.txt)

License: CC-BY-4.0 (package/ThirdPartyNoticeText.txt)

From: package-lock.jsonnpm/[email protected]

ℹ Read more on: This package | This alert | What is a license policy violation?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at [email protected].

Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/[email protected]. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report

socket-security[bot] avatar Apr 10 '25 19:04 socket-security[bot]

This pull request sets up GitHub code scanning for this repository. Once the scans have completed and the checks have passed, the analysis results for this pull request branch will appear on this overview. Once you merge this pull request, the 'Security' tab will show more code scanning analysis results (for example, for the default branch). Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results. For more information about GitHub code scanning, check out the documentation.

github-advanced-security[bot] avatar Jun 04 '25 17:06 github-advanced-security[bot]