search

2lambda123 / snyk-cli

Other
0 stars 0 forks source link

chore(deps): bump the npm_and_yarn group across 16 directories with 19 updates #9

Closed dependabot[bot] closed 2 months ago

dependabot[bot] commented 2 months ago

Bumps the npm_and_yarn group with 1 update in the /test/acceptance/workspaces/npm-package directory: debug. Bumps the npm_and_yarn group with 1 update in the /test/acceptance/workspaces/npm-package-missing-dep directory: debug. Bumps the npm_and_yarn group with 1 update in the /test/acceptance/workspaces/npm-package-policy directory: marked. Bumps the npm_and_yarn group with 4 updates in the /test/acceptance/workspaces/npm-package-shrinkwrap directory: debug, acorn, ajv and rewire. Bumps the npm_and_yarn group with 2 updates in the /test/acceptance/workspaces/npm-package-with-dist-tag-subdependency directory: follow-redirects and cdktf-cli. Bumps the npm_and_yarn group with 1 update in the /test/acceptance/workspaces/npm-package-with-overrides directory: ip. Bumps the npm_and_yarn group with 2 updates in the /test/acceptance/workspaces/yarn-app directory: marked and moment. Bumps the npm_and_yarn group with 1 update in the /test/acceptance/workspaces/yarn-lock-v2-vuln directory: lodash. Bumps the npm_and_yarn group with 6 updates in the /test/acceptance/workspaces/yarn-out-of-sync directory:

Package From To
debug 3.2.5 3.2.7
ms 2.1.1 2.1.3
js-yaml 3.12.0 3.14.1
lodash 4.17.11 4.17.21
minimatch 3.0.4 3.1.2
semver 5.5.1 5.7.2

Bumps the npm_and_yarn group with 1 update in the /test/acceptance/workspaces/yarn-package directory: debug. Bumps the npm_and_yarn group with 1 update in the /test/acceptance/workspaces/yarn-v2 directory: lodash. Bumps the npm_and_yarn group with 5 updates in the /test/acceptance/workspaces/yarn-workspace-out-of-sync directory:

Package From To
debug 4.1.1 4.3.1
lodash 4.17.15 4.17.21
minimatch 3.0.4 3.1.2
node-fetch 2.6.0 2.6.7
y18n 3.2.1 3.2.2

Bumps the npm_and_yarn group with 5 updates in the /test/acceptance/workspaces/yarn-workspaces directory:

Package From To
lodash 4.17.15 4.17.21
minimatch 3.0.4 3.1.2
node-fetch 2.6.0 2.6.7
y18n 3.2.1 3.2.2
node-uuid 1.3.0 1.4.8

Bumps the npm_and_yarn group with 3 updates in the /test/acceptance/workspaces/yarn-workspaces-v2 directory: minimatch, node-fetch and node-uuid. Bumps the npm_and_yarn group with 2 updates in the /test/acceptance/workspaces/yarn-workspaces-v2-resolutions directory: node-fetch and node-uuid. Bumps the npm_and_yarn group with 2 updates in the /ts-binary-wrapper directory: semver and @babel/traverse.

Updates debug from 2.2.0 to 2.6.9

Release notes

Sourced from debug's releases.

2.6.9

Patches

  • Remove ReDoS regexp in %o formatter: #504

Credits

Huge thanks to @​zhuangya for their help!

release 2.6.7

No release notes provided.

release 2.6.6

No release notes provided.

release 2.6.5

No release notes provided.

release 2.6.4

No release notes provided.

release 2.6.3

No release notes provided.

release 2.6.2

No release notes provided.

release 2.6.1

No release notes provided.

release 2.6.0

No release notes provided.

release 2.5.2

No release notes provided.

release 2.5.1

No release notes provided.

release 2.4.5

No release notes provided.

release 2.4.4

No release notes provided.

release 2.4.3

No release notes provided.

release 2.4.2

No release notes provided.

... (truncated)

Changelog

Sourced from debug's changelog.

2.6.9 / 2017-09-22

  • remove ReDoS regexp in %o formatter (#504)

2.6.8 / 2017-05-18

2.6.7 / 2017-05-16

2.6.5 / 2017-04-27

2.6.4 / 2017-04-20

2.6.3 / 2017-03-13

2.6.2 / 2017-03-10

2.6.1 / 2017-02-10

  • Fix: Module's export default syntax fix for IE8 Expected identifier error
  • Fix: Whitelist DEBUG_FD for values 1 and 2 only (#415, @​pi0)

... (truncated)

Commits


Updates ms from 0.7.1 to 2.0.0

Release notes

Sourced from ms's releases.

2.1.3

Patches

  • Rename zeit to vercel: #151
  • Bump eslint from 4.12.1 to 4.18.2: #122
  • Add prettier as a dev dependency: #135 #153
  • Use GitHub Actions CI: #154

Credits

Huge thanks to @​getsnoopy for helping!

2.1.2

Patches

  • Fixed negative decimals less than -10 don't work: #111
  • Support error in case of Infinity: #116
  • Update regexp for 10-.5 is invalid input: #117
  • Update chat badge: #119

Credits

Huge thanks to @​yuler and @​7ma7X for helping!

Commits
Maintainer changes

This version was pushed to npm by styfle, a new releaser for ms since your current version.


Updates debug from 2.2.0 to 2.6.9

Release notes

Sourced from debug's releases.

2.6.9

Patches

  • Remove ReDoS regexp in %o formatter: #504

Credits

Huge thanks to @​zhuangya for their help!

release 2.6.7

No release notes provided.

release 2.6.6

No release notes provided.

release 2.6.5

No release notes provided.

release 2.6.4

No release notes provided.

release 2.6.3

No release notes provided.

release 2.6.2

No release notes provided.

release 2.6.1

No release notes provided.

release 2.6.0

No release notes provided.

release 2.5.2

No release notes provided.

release 2.5.1

No release notes provided.

release 2.4.5

No release notes provided.

release 2.4.4

No release notes provided.

release 2.4.3

No release notes provided.

release 2.4.2

No release notes provided.

... (truncated)

Changelog

Sourced from debug's changelog.

2.6.9 / 2017-09-22

  • remove ReDoS regexp in %o formatter (#504)

2.6.8 / 2017-05-18

2.6.7 / 2017-05-16

2.6.5 / 2017-04-27

2.6.4 / 2017-04-20

2.6.3 / 2017-03-13

2.6.2 / 2017-03-10

2.6.1 / 2017-02-10

  • Fix: Module's export default syntax fix for IE8 Expected identifier error
  • Fix: Whitelist DEBUG_FD for values 1 and 2 only (#415, @​pi0)

... (truncated)

Commits


Updates marked from 0.3.6 to 4.0.10

Release notes

Sourced from marked's releases.

v4.0.10

4.0.10 (2022-01-13)

Bug Fixes

  • security: fix redos vulnerabilities (8f80657)

v4.0.9

4.0.9 (2022-01-06)

Bug Fixes

v4.0.8

4.0.8 (2021-12-19)

Bug Fixes

v4.0.7

4.0.7 (2021-12-09)

Bug Fixes

v4.0.6

4.0.6 (2021-12-02)

Bug Fixes

v4.0.5

4.0.5 (2021-11-25)

Bug Fixes

  • table after paragraph without blank line (#2298) (5714212)

v4.0.4

4.0.4 (2021-11-19)

... (truncated)

Commits
  • ae01170 chore(release): 4.0.10 [skip ci]
  • fceda57 🗜️ build [skip ci]
  • 8f80657 fix(security): fix redos vulnerabilities
  • c4a3ccd Merge pull request from GHSA-rrrm-qjm4-v8hf
  • d7212a6 chore(deps-dev): Bump jasmine from 4.0.0 to 4.0.1 (#2352)
  • 5a84db5 chore(deps-dev): Bump rollup from 2.62.0 to 2.63.0 (#2350)
  • 2bc67a5 chore(deps-dev): Bump markdown-it from 12.3.0 to 12.3.2 (#2351)
  • 98996b8 chore(deps-dev): Bump @​babel/preset-env from 7.16.5 to 7.16.7 (#2353)
  • ebc2c95 chore(deps-dev): Bump highlight.js from 11.3.1 to 11.4.0 (#2354)
  • e5171a9 chore(release): 4.0.9 [skip ci]
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by tonybrix, a new releaser for marked since your current version.


Updates debug from 3.1.0 to 3.2.7

Release notes

Sourced from debug's releases.

2.6.9

Patches

  • Remove ReDoS regexp in %o formatter: #504

Credits

Huge thanks to @​zhuangya for their help!

release 2.6.7

No release notes provided.

release 2.6.6

No release notes provided.

release 2.6.5

No release notes provided.

release 2.6.4

No release notes provided.

release 2.6.3

No release notes provided.

release 2.6.2

No release notes provided.

release 2.6.1

No release notes provided.

release 2.6.0

No release notes provided.

release 2.5.2

No release notes provided.

release 2.5.1

No release notes provided.

release 2.4.5

No release notes provided.

release 2.4.4

No release notes provided.

release 2.4.3

No release notes provided.

release 2.4.2

No release notes provided.

... (truncated)

Changelog

Sourced from debug's changelog.

2.6.9 / 2017-09-22

  • remove ReDoS regexp in %o formatter (#504)

2.6.8 / 2017-05-18

2.6.7 / 2017-05-16

2.6.5 / 2017-04-27

2.6.4 / 2017-04-20

2.6.3 / 2017-03-13

2.6.2 / 2017-03-10

2.6.1 / 2017-02-10

  • Fix: Module's export default syntax fix for IE8 Expected identifier error
  • Fix: Whitelist DEBUG_FD for values 1 and 2 only (#415, @​pi0)

... (truncated)

Commits


Updates ms from 2.0.0 to 2.1.1

Release notes

Sourced from ms's releases.

2.1.3

Patches

  • Rename zeit to vercel: #151
  • Bump eslint from 4.12.1 to 4.18.2: #122
  • Add prettier as a dev dependency: #135 #153
  • Use GitHub Actions CI: #154

Credits

Huge thanks to @​getsnoopy for helping!

2.1.2

Patches

  • Fixed negative decimals less than -10 don't work: #111
  • Support error in case of Infinity: #116
  • Update regexp for 10-.5 is invalid input: #117
  • Update chat badge: #119

Credits

Huge thanks to @​yuler and @​7ma7X for helping!

Commits
Maintainer changes

This version was pushed to npm by styfle, a new releaser for ms since your current version.


Updates acorn from 5.7.1 to 5.7.4

Commits
  • 6370e90 Mark version 5.7.4
  • fbc15b1 More rigorously check surrogate pairs in regexp validator
  • 910e62b Mark version 5.7.3
  • 3442a80 Make generate-identifier-regex capable of rewriting src/identifier.js
  • 22b22f3 Raise specific errors for unterminated template literals
  • 1461c7c Fix a lint error
  • 0c12f63 Fix tokenizing of regexps after .of
  • 832c308 Fix 404 url
  • 95ca55c Mark version 5.7.2
  • bba80ab Remove another fixed test from the 262 whitelist
  • Additional commits viewable in compare view


Updates ajv from 5.5.2 to 6.12.6

Release notes

Sourced from ajv's releases.

v6.12.6

Fix performance issue of "url" format.

v6.12.5

Fix uri scheme validation (@​ChALkeR). Fix boolean schemas with strictKeywords option (#1270)

v6.12.4

Fix: coercion of one-item arrays to scalar that should fail validation (failing example).

v6.12.3

Pass schema object to processCode function Option for strictNumbers (@​issacgerges, #1128) Fixed vulnerability related to untrusted schemas (CVE-2020-15366)

v6.12.2

Removed post-install script

v6.12.1

Docs and dependency updates

v6.12.0

Improved hostname validation (@​sambauers, #1143) Option keywords to add custom keywords (@​franciscomorais, #1137) Types fixes (@​boenrobot, @​MattiAstedrone) Docs:

v6.11.0

Time formats support two digit and colon-less variants of timezone offset (#1061 , @​cjpillsbury) Docs: RegExp related security considerations Tests: Disabled failing typescript test

v6.10.2

Fix: the unknown keywords were ignored with the option strictKeywords: true (instead of failing compilation) in some sub-schemas (e.g. anyOf), when the sub-schema didn't have known keywords.

v6.10.1

Fix types Fix addSchema (#1001) Update dependencies

v6.10.0

Option strictDefaults to report ignored defaults (#957, @​not-an-aardvark) Option strictKeywords to report unknown keywords (#781)

v6.9.0

OpenAPI keyword nullable can be any boolean (and not only true). Custom keyword definition changes:

  • dependencies option in to require the presence of keywords in the same schema.

... (truncated)

Commits
  • fe59143 6.12.6
  • d580d3e Merge pull request #1298 from ajv-validator/fix-url
  • fd36389 fix: regular expression for "url" format
  • 490e34c docs: link to v7-beta branch
  • 9cd93a1 docs: note about v7 in readme
  • 877d286 Merge pull request #1262 from b4h0-c4t/refactor-opt-object-type
  • f1c8e45 6.12.5
  • 764035e Merge branch 'ChALkeR-chalker/fix-comma'
  • 3798160 Merge branch 'chalker/fix-comma' of git://github.com/ChALkeR/ajv into ChALkeR...
  • a3c7eba Merge branch 'refactor-opt-object-type' of github.com:b4h0-c4t/ajv into refac...
  • Additional commits viewable in compare view


Updates rewire from 4.0.1 to 7.0.0

Release notes

Sourced from rewire's releases.

v7.0.0

v6.0.0

  • Breaking: Remove Node v8 support. We had to do this because one of our dependencies had security issues and the version with the fix dropped Node v8 as well.
  • Update dependencies #193
  • Fix Modifying globals within module leaks to global with Node >=10 #167
  • Fixed import errors on modules with shebang declarations #179

v5.0.0

  • Breaking: Remove Node v6 support. We had to do this because one of our dependencies had security issues and the version with the fix dropped Node v6 as well.
  • Update dependencies #159 #172 #154 #166
Changelog

Sourced from rewire's changelog.

7.0.0

6.0.0

  • Breaking: Remove Node v8 support. We had to do this because one of our dependencies had security issues and the version with the fix dropped Node v8 as well.
  • Update dependencies #193
  • Fix Modifying globals within module leaks to global with Node >=10 #167
  • Fixed import errors on modules with shebang declarations #179

5.0.0

  • Breaking: Remove Node v6 support. We had to do this because one of our dependencies had security issues and the version with the fix dropped Node v6 as well.
  • Update dependencies #159 #172 #154 #166
Commits
  • ff62cfc v7.0.0
  • e0ea17d Remove CoffeeScript support
  • a183ba7 Add TypeScript support
  • 2d7729f Merge remote-tracking branch 'origin/master' into pulls/ts-support
  • 092e554 Also drop official Node 16 support
  • f32ef51 Update package-lock.json
  • 6deb9bd Update ESLint and drop official Node 10.x, 12.x, 14.x support
  • c9b536f NEW Add support for .ts files
  • f5c655a Add test case for re-assigning consts
  • 9e7f846 v6.0.0
  • Additional commits viewable in compare view


Updates ansi-regex from 2.1.1 to 5.0.1

Release notes

Sourced from ansi-regex's releases.

v5.0.1

Fixes (backport of 6.0.1 to v5)

This is a backport of the minor ReDos vulnerability in ansi-regex@<6.0.1, as requested in #38.

  • Fix ReDoS in certain cases (#37) You are only really affected if you run the regex on untrusted user input in a server context, which it's very unlikely anyone is doing, since this regex is mainly used in command-line tools.

CVE-2021-3807

https://github.com/chalk/ansi-regex/compare/v5.0.0..v5.0.1

Thank you @​yetingli for the patch and reproduction case!

v5.0.0

Breaking

  • Require Node.js 8 166a0d5

Enhancements

  • Add TypeScript definition (#32) e77ea17

https://github.com/chalk/ansi-regex/compare/v4.1.0...v5.0.0

v4.1.0

  • Support more escape code like links (#29) 96200bb

https://github.com/chalk/ansi-regex/compare/v4.0.0...v4.1.0

Commits


Updates js-yaml from 3.12.0 to 4.1.0

Changelog

Sourced from js-yaml's changelog.

[3.14.1] - 2020-12-07

Security

  • Fix possible code execution in (already unsafe) .load() (in &anchor).

[3.14.0] - 2020-05-22

Changed

  • Support safe/loadAll(input, options) variant of call.
  • CI: drop outdated nodejs versions.
  • Dev deps bump.

Fixed

  • Quote = in plain scalars #519.
  • Check the node type for !<?> tag in case user manually specifies it.
  • Verify that there are no null-bytes in input.
  • Fix wrong quote position when writing condensed flow, #526.

[3.13.1] - 2019-04-05

Security

  • Fix possible code execution in (already unsafe) .load(), #480.

[3.13.0] - 2019-03-20

Security

  • Security fix: safeLoad() can hang when arrays with nested refs used as key. Now throws exception for nested arrays. #475.

[3.12.2] - 2019-02-26

Fixed

  • Fix noArrayIndent option for root level, #468.

[3.12.1] - 2019-01-05

Added

  • Added noArrayIndent option, #432.
Commits
  • 37caaad 3.14.1 released
  • 094c0f7 dist rebuild
  • 9586ebe Avoid calling hasOwnProperty of user-controlled objects
  • 34e5072 3.14.0 released
  • 7b25c83 Browser files rebuild
  • 6f73473 Dev deps bump
  • 0c29349 Travis-CI: drop old nodejs versions
  • 10be97e fix(loader): Add support for safe/loadAll(input, options)
  • d6983dd Fix issue #526: wrong quote position writing condensed flow (#527)
  • 93fbf7d fix issue 526 (wrong quote position writing condensed flow)
  • Additional commits viewable in compare view


Updates minimatch from 3.0.4 to 3.1.2

Commits


Updates follow-redirects from 1.15.4 to 1.15.6

Commits
  • 35a517c Release version 1.15.6 of the npm package.
  • c4f847f Drop Proxy-Authorization across hosts.
  • 8526b4a Use GitHub for disclosure.
  • b1677ce Release version 1.15.5 of the npm package.
  • d8914f7 Preserve fragment in responseUrl.
  • See full diff in compare view


Updates cdktf-cli from 0.20.3 to 0.20.7

Release notes

Sourced from cdktf-cli's releases.

v0.20.7

fix

  • fix(provider-generator): refactor logic to determine if a block is optional or required #3580

chore

  • chore(deps): pin trusted workflows based on HashiCorp TSCCR #3583
  • chore: Upgrade dependencies for cli #3588
  • chore: Upgrade dependencies for cli #3574
  • chore: Upgrade dependencies for util #3573
  • chore: Upgrade dependencies for lib #3572

v0.20.6

fix

  • fix(cli): sanitize type arrays #3578
  • fix(lib): Correctly render string tokens that contain plain objects #3545
  • fix: hcl rendering nested maps #3536
  • fix(docs): Italics broken #3490

chore

  • chore: fix typo #3553
  • chore: add separate workflow for JSII upgrades #3552
  • chore(deps): pin trusted workflows based on HashiCorp TSCCR #3549
  • chore: Upgrade dependencies for util #3548
  • chore: Upgrade dependencies for util #3543
  • chore(deps): pin trust... _Description has been truncated_
cr-gpt[bot] commented 2 months ago

Seems you are using me but didn't get OPENAI_API_KEY seted in Variables/Secrets for this repo. you could follow readme for more information

performance-testing-bot[bot] commented 2 months ago

Unable to locate .performanceTestingBot config file

secure-code-warrior-for-github[bot] commented 2 months ago

Micro-Learning Topic: Regular expression denial of service (Detected by phrase)

Matched on "regular expression denial of service"

What is this? (2min video)

Denial of Service (DoS) attacks caused by Regular Expression which causes the system to hang or cause them to work very slowly when attacker sends a well-crafted input(exponentially related to input size).Denial of service attacks significantly degrade the service quality experienced by legitimate users. These attacks introduce large response delays, excessive losses, and service interruptions, resulting in direct impact on availability.

Try a challenge in Secure Code Warrior

Micro-Learning Topic: Denial of service (Detected by phrase)

Matched on "denial of service"

The Denial of Service (DoS) attack is focused on making a resource (site, application, server) unavailable for the purpose it was designed. There are many ways to make a service unavailable for legitimate users by manipulating network packets, programming, logical, or resources handling vulnerabilities, among others. Source: https://www.owasp.org/index.php/Denial_of_Service

Try a challenge in Secure Code Warrior

code-companion-ai[bot] commented 2 months ago

Processing PR updates...

codesyncapp[bot] commented 2 months ago

Check out the playback for this Pull Request here.

git-greetings[bot] commented 2 months ago

Thanks @dependabot[bot] for opening this PR!

For COLLABORATOR only :

coderabbitai[bot] commented 2 months ago

[!IMPORTANT]

Auto Review Skipped

Bot user detected.

To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

Share - [X](https://twitter.com/intent/tweet?text=I%20just%20used%20%40coderabbitai%20for%20my%20code%20review%2C%20and%20it%27s%20fantastic%21%20It%27s%20free%20for%20OSS%20and%20offers%20a%20free%20trial%20for%20the%20proprietary%20code.%20Check%20it%20out%3A&url=https%3A//coderabbit.ai) - [Mastodon](https://mastodon.social/share?text=I%20just%20used%20%40coderabbitai%20for%20my%20code%20review%2C%20and%20it%27s%20fantastic%21%20It%27s%20free%20for%20OSS%20and%20offers%20a%20free%20trial%20for%20the%20proprietary%20code.%20Check%20it%20out%3A%20https%3A%2F%2Fcoderabbit.ai) - [Reddit](https://www.reddit.com/submit?title=Great%20tool%20for%20code%20review%20-%20CodeRabbit&text=I%20just%20used%20CodeRabbit%20for%20my%20code%20review%2C%20and%20it%27s%20fantastic%21%20It%27s%20free%20for%20OSS%20and%20offers%20a%20free%20trial%20for%20proprietary%20code.%20Check%20it%20out%3A%20https%3A//coderabbit.ai) - [LinkedIn](https://www.linkedin.com/sharing/share-offsite/?url=https%3A%2F%2Fcoderabbit.ai&mini=true&title=Great%20tool%20for%20code%20review%20-%20CodeRabbit&summary=I%20just%20used%20CodeRabbit%20for%20my%20code%20review%2C%20and%20it%27s%20fantastic%21%20It%27s%20free%20for%20OSS%20and%20offers%20a%20free%20trial%20for%20proprietary%20code)
Tips ### Chat There are 3 ways to chat with [CodeRabbit](https://coderabbit.ai): - Review comments: Directly reply to a review comment made by CodeRabbit. Example: - `I pushed a fix in commit .` - `Generate unit testing code for this file.` - `Open a follow-up GitHub issue for this discussion.` - Files and specific lines of code (under the "Files changed" tab): Tag `@coderabbitai` in a new review comment at the desired location with your query. Examples: - `@coderabbitai generate unit testing code for this file.` - `@coderabbitai modularize this function.` - PR comments: Tag `@coderabbitai` in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples: - `@coderabbitai generate interesting stats about this repository and render them as a table.` - `@coderabbitai show all the console.log statements in this repository.` - `@coderabbitai read src/utils.ts and generate unit testing code.` - `@coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.` Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments. ### CodeRabbit Commands (invoked as PR comments) - `@coderabbitai pause` to pause the reviews on a PR. - `@coderabbitai resume` to resume the paused reviews. - `@coderabbitai review` to trigger a review. This is useful when automatic reviews are disabled for the repository. - `@coderabbitai resolve` resolve all the CodeRabbit review comments. - `@coderabbitai help` to get help. Additionally, you can add `@coderabbitai ignore` anywhere in the PR description to prevent this PR from being reviewed. ### CodeRabbit Configration File (`.coderabbit.yaml`) - You can programmatically configure CodeRabbit by adding a `.coderabbit.yaml` file to the root of your repository. - Please see the [configuration documentation](https://docs.coderabbit.ai/guides/configure-coderabbit) for more information. - If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: `# yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json` ### Documentation and Community - Visit our [Documentation](https://coderabbit.ai/docs) for detailed information on how to use CodeRabbit. - Join our [Discord Community](https://discord.com/invite/GsXnASn26c) to get help, request features, and share feedback. - Follow us on [X/Twitter](https://twitter.com/coderabbitai) for updates and announcements.
git-greetings[bot] commented 2 months ago
PR Details of @dependabot[bot] in snyk-cli : OPEN CLOSED TOTAL
2 6 8
socket-security[bot] commented 2 months ago

New and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package New capabilities Transitives Size Publisher
npm/@google-cloud/common@2.0.3 environment 0 107 kB google-wombot
npm/@google-cloud/debug-agent@4.0.1 environment, filesystem, unsafe 0 431 kB google-wombot
npm/@google-cloud/profiler@2.0.2 environment, eval, filesystem Transitive: network +3 1.39 MB google-wombot
npm/@google-cloud/projectify@1.0.1 None 0 27.4 kB google-wombot
npm/@google-cloud/promisify@1.0.2 None 0 32.6 kB google-wombot
npm/@google-cloud/trace-agent@4.0.1 environment 0 320 kB google-wombot
npm/@grpc/proto-loader@0.1.0 filesystem Transitive: network +3 3.84 MB murgatroid99
npm/@opencensus/core@0.0.14 environment, unsafe 0 380 kB mayurkale22
npm/@opencensus/propagation-stackdriver@0.0.14 None 0 31.1 kB mayurkale22
npm/@protobufjs/aspromise@1.1.2 None 0 9.05 kB dcode
npm/@protobufjs/base64@1.1.2 None 0 9.22 kB dcode
npm/@protobufjs/codegen@2.0.4 None 0 9.14 kB dcode
npm/@protobufjs/eventemitter@1.1.0 None 0 7.75 kB dcode
npm/@protobufjs/fetch@1.1.0 network 0 8.76 kB dcode
npm/@protobufjs/float@1.0.2 None 0 27 kB dcode
npm/@protobufjs/inquire@1.1.0 None 0 4.29 kB dcode
npm/@protobufjs/path@1.1.2 None 0 7.77 kB dcode
npm/@protobufjs/pool@1.1.0 None 0 6.25 kB dcode
npm/@protobufjs/utf8@1.1.0 None 0 23.5 kB dcode
npm/@sindresorhus/is@0.17.1 None 0 42.8 kB sindresorhus
npm/@snyk/protect@1.780.0 environment, filesystem, network 0 45.9 kB snyk-admin
npm/@types/caseless@0.12.2 None 0 4 kB types
npm/@types/console-log-level@1.4.0 None 0 3.07 kB types
npm/@types/form-data@2.2.1 None 0 4.27 kB types
npm/@types/lodash@4.14.110 None 0 948 kB types
npm/@types/long@3.0.32 None 0 10.8 kB types
npm/@types/node@9.6.22 None 0 475 kB types
npm/@types/request@2.48.1 None 0 18.8 kB types
npm/@types/semver@6.0.1 None 0 11.5 kB types
npm/@types/tough-cookie@2.3.5 None 0 10.6 kB types
npm/abbrev@1.1.1 None 0 4.78 kB isaacs
npm/abort-controller@3.0.0 None 0 76.3 kB mysticatea
npm/acorn-jsx@3.0.1 None +1 563 kB rreverser
npm/acorn@6.2.0 None 0 1.1 MB marijn
npm/agent-base@4.2.1 network +1 353 kB tootallnate
npm/agent-base@4.3.0 network 0 37.5 kB tootallnate
npm/ajv-keywords@2.1.1 None 0 62.8 kB esp
npm/ajv@5.5.2 eval 0 2.09 MB esp
npm/ansi-escapes@3.1.0 None 0 7.81 kB sindresorhus
npm/ansi-escapes@3.2.0 None 0 8.29 kB sindresorhus
npm/ansi-regex@2.1.1 None 0 4.19 kB qix
npm/ansi-regex@3.0.1 None 0 4.05 kB qix
npm/ansi-styles@2.2.1 None 0 4.72 kB sindresorhus
npm/aproba@1.2.0 None 0 8.18 kB iarna
npm/are-we-there-yet@1.1.5 None 0 14.7 kB iarna
npm/argparse@1.0.10 environment, filesystem 0 116 kB vitaly
npm/array-includes@3.0.3 None 0 30.7 kB ljharb
npm/arrify@2.0.1 None 0 3.19 kB sindresorhus
npm/ascli@1.0.1 None 0 21.5 kB dcode
npm/async-listener@0.6.10 filesystem, network, shell +1 229 kB watson
npm/async@1.5.2 None 0 159 kB aearly
npm/babel-code-frame@6.26.0 Transitive: environment +1 19.4 kB hzoo
npm/balanced-match@1.0.0 None 0 6.7 kB juliangruber
npm/base64-js@1.3.0 None 0 13 kB feross
npm/bignumber.js@7.2.1 None 0 385 kB mikemcl
npm/bindings@1.5.0 environment, filesystem 0 11.2 kB tootallnate
npm/buffer-equal-constant-time@1.0.1 None 0 5.23 kB goinstant
npm/buffer-from@1.1.1 None 0 4.97 kB linusu
npm/builtin-modules@3.1.0 unsafe 0 4.11 kB sindresorhus
npm/bytebuffer@5.0.1 None +1 1.18 MB dcode
npm/caller-path@0.1.0 None 0 1.55 kB sindresorhus
npm/callsites@0.2.0 None 0 2.75 kB sindresorhus
npm/camelcase@2.1.1 None 0 3.89 kB sindresorhus
npm/camelcase@4.1.0 None 0 4.32 kB sindresorhus
npm/chalk@2.4.1 environment 0 26.9 kB sindresorhus
npm/chardet@0.4.2 filesystem 0 85.6 kB runk
npm/chownr@1.1.2 filesystem 0 4.92 kB isaacs
npm/circular-json@0.3.3 None 0 21 kB webreflection
npm/cli-cursor@2.1.0 None 0 3.15 kB sindresorhus
npm/cli-width@2.2.0 environment 0 5.27 kB knownasilya
npm/cliui@3.2.0 None 0 12.9 kB bcoe
npm/cliui@4.1.0 None 0 14.5 kB bcoe
npm/co@4.6.0 None 0 16 kB jongleberry
npm/code-point-at@1.1.0 None 0 2.99 kB sindresorhus
npm/coffeescript@2.4.1 environment, eval, filesystem, shell, unsafe 0 1.47 MB geoffreybooth
npm/colour@0.7.1 None 0 43.4 kB dcode
npm/concat-stream@1.6.2 None 0 9.56 kB mafintosh
npm/console-control-strings@1.1.0 None 0 12.7 kB iarna
npm/console-log-level@1.4.1 None 0 4.61 kB watson
npm/contains-path@0.1.0 None 0 5.1 kB jonschlinkert
npm/continuation-local-storage@3.2.1 None 0 103 kB othiym23
npm/core-util-is@1.0.2 None 0 23.2 kB isaacs
npm/cross-spawn@5.1.0 environment, filesystem, shell 0 16.7 kB satazor
npm/debug-log@1.0.1 environment 0 3.01 kB sindresorhus
npm/debug@3.2.6 environment 0 79.5 kB qix
npm/deep-is@0.1.3 None 0 8.22 kB thlorenz
npm/define-properties@1.1.3 None 0 23 kB ljharb
npm/deglob@2.1.1 filesystem 0 7.61 kB feross
npm/delay@4.3.0 None 0 9.29 kB sindresorhus
npm/delegates@1.0.0 None 0 7.46 kB tjholowaychuk
npm/detect-libc@1.0.3 environment, filesystem, shell 0 17.2 kB lovell
npm/doctrine@2.1.0 None 0 106 kB eslint
npm/duplexify@3.7.1 None 0 17.1 kB mafintosh
npm/ecdsa-sig-formatter@1.0.11 None 0 20.6 kB d2l-travis-deploy
npm/emitter-listener@1.1.2 None 0 12.7 kB othiym23
npm/end-of-stream@1.4.1 None 0 5.87 kB mafintosh
npm/ent@2.2.0 None 0 97.8 kB tootallnate
npm/error-ex@1.3.2 None 0 9.04 kB qix
npm/es-abstract@1.13.0 None 0 282 kB ljharb
npm/es-to-primitive@1.2.0 None 0 49.8 kB ljharb
npm/es6-promise@4.2.8 None 0 315 kB stefanpenner
npm/es6-promisify@5.0.0 None 0 7.76 kB digitaldesignlabs
npm/eslint-config-semistandard@12.0.1 None 0 7.1 kB flet
npm/eslint-config-standard-jsx@5.0.0 None 0 7.69 kB feross
npm/eslint-config-standard@11.0.0 None 0 14.2 kB feross
npm/eslint-import-resolver-node@0.3.2 Transitive: environment, filesystem, network +2 62.6 kB ljharb
npm/eslint-module-utils@2.4.0 None 0 19.7 kB ljharb
npm/eslint-plugin-import@2.8.0 filesystem +2 470 kB benmosher
npm/eslint-plugin-node@6.0.1 filesystem 0 167 kB mysticatea
npm/eslint-plugin-promise@3.6.0 None 0 29.8 kB xjamundx
npm/eslint-plugin-react@7.6.1 None 0 573 kB ljharb
npm/eslint-plugin-standard@3.0.1 None 0 78 kB feross
npm/eslint-scope@3.7.3 None 0 76.1 kB not-an-aardvark
npm/eslint-visitor-keys@1.0.0 None 0 22.5 kB eslint
npm/eslint@4.18.2 filesystem, unsafe +2 2.44 MB eslint
npm/espree@3.5.4 None +1 642 kB eslint
npm/esprima@3.1.3 None 0 295 kB ariya
npm/esprima@4.0.1 None 0 314 kB ariya
npm/esquery@1.0.1 None 0 95 kB michaelficarra
npm/esrecurse@4.2.1 None 0 13.5 kB michaelficarra
npm/estraverse@4.2.0 None 0 33 kB nzakas
npm/esutils@2.0.2 None 0 49.3 kB michaelficarra
npm/event-target-shim@5.0.1 None 0 189 kB mysticatea
npm/execa@0.7.0 environment, shell 0 18.3 kB sindresorhus
npm/extend@3.0.2 None 0 23.5 kB ljharb
npm/external-editor@2.2.0 environment, filesystem, shell 0 20.5 kB mrkmg
npm/fast-deep-equal@1.1.0 None 0 5.25 kB esp
npm/fast-json-parse@1.0.3 None 0 6.91 kB matteo.collina
npm/fast-json-stable-stringify@2.0.0 None 0 16.1 kB esp
npm/fast-levenshtein@2.0.6 None 0 9.44 kB hiddentao
npm/fast-redact@1.2.0 eval, unsafe 0 56.7 kB matteo.collina
npm/fast-safe-stringify@2.0.6 None 0 26.6 kB matteo.collina
npm/fast-text-encoding@1.0.0 None 0 23.2 kB samthor
npm/figures@2.0.0 None 0 8.89 kB sindresorhus
npm/file-entry-cache@2.0.0 filesystem 0 18.3 kB royriojas
npm/file-uri-to-path@1.0.0 None 0 8.07 kB tootallnate
npm/find-root@1.1.0 filesystem 0 5.27 kB jsdnxx
npm/find-up@2.1.0 None 0 4.8 kB sindresorhus
npm/findit2@2.2.3 filesystem 0 14.8 kB superjoe
npm/flat-cache@1.3.4 None 0 27.6 kB royriojas
npm/flatstr@1.0.8 eval 0 12.8 kB davidmarkclements
npm/fs-minipass@1.2.6 filesystem 0 13.1 kB isaacs
npm/function-bind@1.1.1 None 0 25.2 kB ljharb
npm/functional-red-black-tree@1.0.1 None 0 43.5 kB mikolalysenko
npm/gauge@2.7.4 None 0 48.3 kB iarna
npm/gaxios@2.0.1 environment, network 0 48.8 kB justinbeckwith
npm/gcp-metadata@2.0.1 None 0 35.2 kB google-wombot
npm/get-caller-file@1.0.3 None 0 2.48 kB stefanpenner
npm/get-stdin@6.0.0 None 0 3.5 kB sindresorhus
npm/get-stream@3.0.0 None 0 7.88 kB sindresorhus
npm/glob@7.1.4 filesystem 0 56 kB isaacs
npm/globals@11.12.0 None 0 39.8 kB sindresorhus
npm/google-auth-library@4.2.5 environment, filesystem, shell 0 215 kB google-wombot
npm/google-p12-pem@2.0.1 filesystem 0 18.4 kB google-wombot
npm/graceful-fs@4.2.0 environment, filesystem 0 26.2 kB isaacs
npm/grpc@1.22.2 environment, filesystem, network, shell 0 22.8 MB murgatroid99
npm/gtoken@3.0.2 filesystem 0 26.4 kB google-wombot
npm/has-ansi@2.0.0 None 0 3.1 kB sindresorhus
npm/has-symbols@1.0.0 None 0 14 kB ljharb
npm/has-unicode@2.0.1 environment 0 3.44 kB iarna
npm/has@1.0.3 None 0 2.77 kB ljharb
npm/hex2dec@1.1.2 None 0 17.8 kB donmccurdy
npm/hosted-git-info@2.7.1 None 0 19.6 kB iarna
npm/https-proxy-agent@2.2.2 network 0 16.1 kB tootallnate
npm/ignore-walk@3.0.1 filesystem 0 10.8 kB isaacs
npm/ignore@3.3.10 None 0 21.7 kB kael
npm/imurmurhash@0.1.4 None 0 11.9 kB jensyt
npm/ini@1.3.5 None 0 8.93 kB isaacs
npm/inquirer@3.3.0 None +2 78.4 kB sboudrias
npm/invert-kv@1.0.0 None 0 1.3 kB sindresorhus
npm/is-arrayish@0.2.1 None 0 4.05 kB qix
npm/is-callable@1.1.4 None 0 30.6 kB ljharb
npm/is-date-object@1.0.1 None 0 15 kB ljharb
npm/is-fullwidth-code-point@1.0.0 None 0 4.25 kB sindresorhus
npm/is-promise@2.1.0 None 0 2.61 kB forbeslindesay
npm/is-regex@1.0.4 None 0 21.1 kB ljharb
npm/is-resolvable@1.1.0 None 0 4.21 kB shinnn
npm/is-stream@1.1.0 None 0 3.23 kB sindresorhus
npm/is-symbol@1.0.2 None 0 23.3 kB ljharb
npm/is@3.3.0 None 0 57.5 kB ljharb
npm/js-tokens@3.0.2 None 0 13.5 kB lydell
npm/js-yaml@3.13.1 eval 0 283 kB vitaly
npm/json-bigint@0.3.0 None 0 35.5 kB sidorares
npm/json-parse-better-errors@1.0.2 None 0 6.7 kB zkat
npm/json-schema-traverse@0.3.1 None 0 16.8 kB esp
npm/json-stable-stringify-without-jsonify@1.0.1 None 0 14.2 kB samn
npm/jsx-ast-utils@2.2.1 None 0 185 kB jessebeach
npm/jwa@1.4.1 None 0 13.7 kB omsmith
npm/jws@3.2.2 None 0 17.7 kB omsmith
npm/lcid@1.0.0 None 0 6.43 kB sindresorhus
npm/levn@0.3.0 None 0 34 kB gkz
npm/load-json-file@2.0.0 None +1 9.23 kB sindresorhus
npm/locate-path@2.0.0 None 0 3.97 kB sindresorhus
npm/lodash.camelcase@4.3.0 None 0 21.9 kB jdalton
npm/lodash.clone@4.5.0 None 0 48.6 kB jdalton
npm/lodash.cond@4.5.2 None 0 65.5 kB jdalton
npm/lodash.pickby@4.6.0 None 0 67.5 kB jdalton
npm/lodash@4.17.14 None 0 1.4 MB jdalton
npm/log-driver@1.2.7 None 0 7.81 kB cainus
npm/lru-cache@5.1.1 None 0 15.7 kB isaacs
npm/mem@1.1.0 None 0 5.98 kB sindresorhus
npm/methods@1.1.2 network 0 5.29 kB dougwilson
npm/mime@2.4.4 None 0 74.9 kB broofa
npm/mimic-fn@1.2.0 None 0 3.06 kB sindresorhus
npm/minimatch@3.0.4 None 0 33.1 kB isaacs
npm/minimist@0.0.8 None 0 21.3 kB substack
npm/minipass@2.3.5 environment 0 14.4 kB isaacs
npm/minizlib@1.2.1 None 0 14.1 kB isaacs
npm/mkdirp@0.5.1 filesystem 0 21.2 kB substack
npm/module-details-from-path@1.0.3 None 0 4.47 kB watson
npm/mute-stream@0.0.7 None 0 75.6 kB isaacs
npm/nan@2.14.0 None 0 417 kB kkoopa
npm/natural-compare@1.4.0 None 0 5.65 kB megawac
npm/needle@2.4.0 filesystem, network 0 199 kB tomas
npm/node-fetch@2.6.0 network 0 156 kB bitinn
npm/node-forge@0.8.5 None 0 1.68 MB davidlehn
npm/node-pre-gyp@0.13.0 environment, filesystem 0 149 kB nicolasnoble
npm/node-uuid@1.3.0 None 0 31.7 kB broofa
npm/node-uuid@1.4.8 None 0 38.3 kB broofa
npm/nopt@4.0.1 environment 0 35.3 kB othiym23
npm/normalize-package-data@2.5.0 None 0 26.6 kB audrey.e
npm/npm-bundled@1.0.6 filesystem 0 9.33 kB isaacs
npm/npm-packlist@1.4.4 None 0 12.5 kB isaacs
npm/npm-run-path@2.0.2 environment 0 4.53 kB sindresorhus
npm/npmlog@4.1.2 None 0 17.4 kB iarna
npm/number-is-nan@1.0.1 None 0 2.35 kB sindresorhus
npm/object.assign@4.1.0 None 0 46.4 kB ljharb
npm/onetime@2.0.1 None 0 3.48 kB sindresorhus
npm/optionator@0.8.2 None 0 49.5 kB gkz
npm/optjs@3.2.2 None 0 2.16 kB dcode
npm/os-homedir@1.0.2 environment 0 3.15 kB sindresorhus
npm/os-locale@1.4.0 environment, shell 0 5.47 kB sindresorhus
npm/os-locale@2.1.0 environment 0 5.25 kB sindresorhus
npm/osenv@0.1.5 environment, shell 0 4.89 kB isaacs
npm/p-finally@1.0.0 None 0 3.11 kB sindresorhus
npm/p-limit@2.2.0 None 0 6.21 kB sindresorhus
npm/p-locate@2.0.0 None +2 11.8 kB sindresorhus
npm/parse-duration@0.1.1 None 0 2.77 kB jkroso
npm/parse-json@2.2.0 None 0 33.5 kB sindresorhus
npm/parse-ms@2.1.0 None 0 3.68 kB sindresorhus
npm/path-is-inside@1.0.2 None 0 3.32 kB domenic
npm/path-key@2.0.1 None 0 3.02 kB sindresorhus
npm/path-parse@1.0.6 None 0 9.03 kB jbgutierrez
npm/path-type@2.0.0 filesystem 0 3.4 kB sindresorhus
npm/pify@4.0.1 None 0 7.23 kB sindresorhus
npm/pino-std-serializers@2.2.1 None 0 19.4 kB matteo.collina
npm/pino@5.6.2 environment 0 232 kB matteo.collina
npm/pkg-conf@2.1.0 None +3 20.3 kB sindresorhus
npm/pkg-config@1.1.1 filesystem 0 7.77 kB ahmadnassri
npm/pkg-dir@2.0.0 None 0 3.5 kB sindresorhus
npm/pluralize@7.0.0 None 0 17 kB blakeembrey
npm/pprof@1.1.0 eval, filesystem Transitive: network +1 782 kB google-wombot
npm/prelude-ls@1.1.2 None 0 36 kB gkz
npm/pretty-ms@5.0.0 None 0 9.84 kB sindresorhus
npm/progress@2.0.3 None 0 15.5 kB turbopope
npm/prop-types@15.7.2 environment 0 97.7 kB ljharb
npm/protobufjs@6.8.8 filesystem, network +2 3.84 MB dcode
npm/pseudomap@1.0.2 environment 0 8.21 kB isaacs
npm/quick-format-unescaped@3.0.0 None 0 8.64 kB davidmarkclements
npm/react-is@16.8.6 environment 0 25.6 kB gaearon
npm/read-pkg-up@2.0.0 None 0 4.31 kB sindresorhus
npm/read-pkg@2.0.0 None 0 4.37 kB sindresorhus
npm/readable-stream@2.3.6 environment 0 88 kB matteo.collina
npm/require-in-the-middle@4.0.0 unsafe Transitive: environment +1 92.1 kB watson
npm/require-main-filename@1.0.1 None 0 4.14 kB bcoe
npm/require-uncached@1.0.3 None 0 3.53 kB sindresorhus
npm/resolve-from@1.0.1 unsafe 0 3.21 kB sindresorhus
npm/resolve@1.11.1 filesystem 0 141 kB ljharb
npm/restore-cursor@2.0.0 None 0 2.44 kB sindresorhus
npm/retry-request@4.1.1 None 0 12.4 kB stephenplusplus
npm/rimraf@2.6.3 filesystem 0 15.2 kB isaacs
npm/run-async@2.3.0 None 0 5.32 kB sboudrias
npm/run-parallel@1.1.9 None 0 6.12 kB feross
npm/rx-lite-aggregates@4.0.8 eval 0 92.6 kB mattpodwysocki
npm/rx-lite@4.0.8 None 0 459 kB mattpodwysocki
npm/sax@1.2.4 None 0 54.6 kB isaacs
npm/semistandard@12.0.1 None 0 458 kB flet
npm/semver@6.2.0 None 0 82.7 kB isaacs
npm/shebang-command@1.2.0 None 0 2.69 kB kevva
npm/shebang-regex@1.0.0 None 0 2.3 kB sindresorhus
npm/shimmer@1.2.1 None 0 24.7 kB othiym23
npm/signal-exit@3.0.2 None 0 9.43 kB isaacs
npm/simple-card-validator@1.1.0 None 0 13.7 kB boazjohn
npm/slice-ansi@1.0.0 None 0 5.04 kB sindresorhus
npm/snyk@1.778.0 None 0 40.1 MB snyk-admin
npm/sonic-boom@0.6.1 filesystem 0 17.9 kB matteo.collina
npm/source-map-support@0.5.12 filesystem, unsafe 0 82.5 kB linusu
npm/source-map@0.6.1 None 0 805 kB tromey
npm/spdx-correct@3.1.0 None 0 21.6 kB kemitchell
npm/spdx-exceptions@2.2.0 None 0 2.57 kB kemitchell
npm/spdx-expression-parse@3.0.0 None 0 11.9 kB kemitchell
npm/spdx-license-ids@3.0.5 None 0 8.03 kB shinnn
npm/split@1.0.1 None 0 12.3 kB dominictarr
npm/sprintf-js@1.0.3 None 0 34.8 kB alexei
npm/standard-engine@8.0.1 None 0 36.8 kB feross
npm/stream-shift@1.0.0 None 0 3.87 kB mafintosh
npm/string-width@1.0.2 None 0 4.02 kB sindresorhus
npm/strip-ansi@3.0.1 None 0 3.1 kB jbnicolai
npm/strip-bom@3.0.0 None 0 3 kB sindresorhus
npm/strip-eof@1.0.0 None 0 2.64 kB sindresorhus
npm/supports-color@2.0.0 None 0 3.75 kB sindresorhus
npm/table@4.0.2 None 0 110 kB gajus
npm/tap@11.1.3 environment, filesystem, shell, unsafe Transitive: eval, network +83 19.9 MB isaacs
npm/tar@4.4.10 environment, filesystem 0 150 kB isaacs
npm/teeny-request@4.0.0 environment, network 0 31.8 kB fhinkel
npm/text-table@0.2.0 None 0 11 kB substack
npm/throat@4.1.0 None 0 7.91 kB forbeslindesay
npm/through@2.3.8 None 0 12.5 kB dominictarr
npm/through2@3.0.1 None 0 17.4 kB rvagg
npm/type-check@0.3.2 None 0 20.9 kB gkz
npm/typedarray@0.0.6 None 0 26 kB substack
npm/uniq@1.0.1 None 0 4.32 kB mikolalysenko
npm/uuid@3.2.1 None 0 41.4 kB broofa
npm/validate-npm-package-license@3.0.4 None 0 16.6 kB kemitchell
npm/which@1.3.1 environment 0 9.42 kB isaacs
npm/wide-align@1.1.3 None 0 4.55 kB iarna
npm/window-size@0.1.4 None 0 5.19 kB jonschlinkert
npm/wordwrap@1.0.0 None 0 36.8 kB substack
npm/wrap-ansi@2.1.0 None 0 7.79 kB sindresorhus
npm/write@0.2.1 filesystem 0 6.94 kB jonschlinkert
npm/wsrun@3.6.6 environment, filesystem, shell 0 89 kB spion
npm/xtend@4.0.2 None 0 6.46 kB raynos
npm/y18n@3.2.1 filesystem 0 8.75 kB bcoe
npm/y18n@3.2.2 filesystem 0 9.01 kB oss-bot
npm/yallist@3.0.3 None 0 13.7 kB isaacs
npm/yargs-parser@8.1.0 environment 0 44.9 kB bcoe
npm/yargs@10.1.2 environment, filesystem 0 211 kB bcoe
npm/yargs@3.32.0 environment, filesystem 0 153 kB bcoe

🚮 Removed packages: npm/@octokit/rest@18.12.0, npm/@open-policy-agent/opa-wasm@1.6.0, npm/@pagerduty/pdjs@2.2.4, npm/@sentry/node@7.34.0, npm/@sindresorhus/is@4.0.1, npm/@slack/webhook@7.0.2, npm/@snyk/cli-interface@2.12.0, npm/@snyk/cloud-config-parser@1.14.5, npm/@snyk/code-client@4.23.5, npm/@snyk/dep-graph@2.8.1, npm/@snyk/docker-registry-v2-client@2.11.0, npm/@snyk/fix-pipenv-pipfile@0.7.1, npm/@snyk/fix-poetry@0.9.1, npm/@snyk/gemfile@1.2.0, npm/@snyk/snyk-cocoapods-plugin@2.5.3, npm/@snyk/snyk-hex-plugin@1.1.6, npm/@types/body-parser@1.19.1, npm/@types/cross-spawn@6.0.2, npm/cdktf-cli@0.20.3

View full report↗︎

socket-security[bot] commented 2 months ago

🚨 Potential security issues detected. Learn more about Socket for GitHub ↗︎

To accept the risk, merge this PR and you will not be notified again.

Alert Package NoteSource
Install scripts npm/protobufjs@6.8.8
  • Install script: postinstall
  • Source: node scripts/postinstall
Install scripts npm/grpc@1.22.2
  • Install script: install
  • Source: node-pre-gyp install --fallback-to-build --library=static_library
Install scripts npm/pprof@1.1.0
  • Install script: install
  • Source: node-pre-gyp install --fallback-to-build
Install scripts npm/protobufjs@6.8.6
  • Install script: postinstall
  • Source: node scripts/postinstall

View full report↗︎

Next steps

What is an install script?

Install scripts are run when the package is installed. The majority of malware in npm is hidden in install scripts.

Packages should not be running non-essential scripts during install and there are often solutions to problems people solve with install scripts that can be run at publish time instead.

Take a deeper look at the dependency

Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support [AT] socket [DOT] dev.

Remove the package

If you happen to install a dependency that Socket reports as Known Malware you should immediately remove it and select a different dependency. For other alert types, you may may wish to investigate alternative packages or consider if there are other ways to mitigate the specific risk posed by the dependency.

Mark a package as acceptable risk

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of ecosystem/package-name@version specifiers. e.g. @SocketSecurity ignore npm/foo@1.0.0 or ignore all packages with @SocketSecurity ignore-all

  • @SocketSecurity ignore npm/protobufjs@6.8.8
  • @SocketSecurity ignore npm/grpc@1.22.2
  • @SocketSecurity ignore npm/pprof@1.1.0
  • @SocketSecurity ignore npm/protobufjs@6.8.6