Closed legobeat closed 1 year ago
New dependency changes detected. Learn more about Socket for GitHub ↗︎
👍 No new dependency issues detected in pull request
To ignore an alert, reply with a comment starting with @SocketSecurity ignore
followed by a space separated list of package-name@version
specifiers. e.g. @SocketSecurity ignore foo@1.0.0 bar@*
or ignore all packages with @SocketSecurity ignore-all
Ignoring: bufferutil@4.0.5
, ganache@7.3.1
, utf-8-validate@5.0.7
Issue | Status |
---|---|
Install scripts | ✅ 0 issues |
Native code | ✅ 0 issues |
Bin script shell injection | ✅ 0 issues |
Unresolved require | ✅ 0 issues |
Invalid package.json | ✅ 0 issues |
HTTP dependency | ✅ 0 issues |
Git dependency | ✅ 0 issues |
Potential typo squat | ✅ 0 issues |
Known Malware | ✅ 0 issues |
Telemetry | ✅ 0 issues |
Protestware/Troll package | ✅ 0 issues |
📊 Modified Dependency Overview:
➕ Added Package | Capability Access | +/- Transitive Count |
Publisher |
---|---|---|---|
ganache@7.3.1 | network, filesystem, shell, environment | +4 |
truffle-cicd |
⬆️ Updated Package | Version Diff | Added Capability Access | +/- Transitive Count |
Publisher |
---|---|---|---|---|
ethjs@0.4.0 | 0.3.9...0.4.0 | None | +1/-2 |
silentcicero |
🚮 Removed packages: ganache-cli@6.12.2
@SocketSecurity ignore bufferutil@4.0.5 ganache@7.8.0 utf-8-validate@5.0.7
@SocketSecurity ignore ganache@7.3.1
ethjs
andethjs-*
versions to align with most recent used inmetamask-extension
ganache-cli
toganache
ganache@7.3.2
breaks nodejs v12 support through a dependency, pinned at7.3.1
until v12 support has been dropped in this package.bn.js
to4.12.0
instead of pinned4.11.6
ethjs-abi
from0.2.0
to0.2.1