MetaMask
Bump @fortawesome/fontawesome-svg-core from 1.2.19 to 1.2.36
Bumps @fortawesome/fontawesome-svg-core from 1.2.19 to 1.2.36.
Commits
- See full diff in compare view
You can trigger a rebase of this PR by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot mergewill merge this PR after your CI passes on it@dependabot squash and mergewill squash and merge this PR after your CI passes on it@dependabot cancel mergewill cancel a previously requested merge and block automerging@dependabot reopenwill reopen this PR if it is closed@dependabot closewill close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "Published by a pub.dev verified publisher"){kind=small}
New dependency changes detected. Learn more about Socket for GitHub ↗︎
🚨 Potential security issues found in this pull request. To accept the risk, merge this PR and you will not be notified again.
Bot Commands
To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of package-name@version specifiers. e.g. @SocketSecurity ignore [email protected] bar@* or ignore all packages with @SocketSecurity ignore-all
@SocketSecurity ignore @fortawesome/[email protected]@SocketSecurity ignore @fortawesome/[email protected]
📜 Install scripts
Install scripts are run when the package is installed. The majority of malware in npm is hidden in install scripts.
Packages should not be running non-essential scripts during install and there are often solutions to problems people solve with install scripts that can be run at publish time instead.
| Package | Script field | Source |
|---|---|---|
| @fortawesome/[email protected] (upgraded) | postinstall |
package.json via @fortawesome/[email protected], @fortawesome/[email protected], @fortawesome/[email protected] |
| @fortawesome/[email protected] (upgraded) | postinstall |
package.json via @fortawesome/[email protected] |
🤔 AI warning
AI has found some unusual behaviors which could indicate a security risk
An AI system found a low-risk anomaly in this package. It may still be fine to use, but you should check that it is safe before proceeding.
| Package | Location | Source |
|---|---|---|
| @fortawesome/[email protected] (upgraded) | package.json | package.json via @fortawesome/[email protected] |
Pull request alert summary
📊 Modified Dependency Overview:
| ⬆️ Updated Package | Version Diff | Added Capability Access | +/- Transitive Count |
Publisher |
|---|---|---|---|---|
| @fortawesome/[email protected] | 1.2.19...1.2.36 | None | +1/-1 |
robmadole |
![socket-security[bot] avatar](https://avatars.githubusercontent.com/in/156372?v=4 "Published by a pub.dev verified publisher"){kind=small}