search

MetaMask / template-snap-monorepo

Apache License 2.0
115 stars 88 forks source link

Bump Gatsby #154

Closed FrederikBolding closed 8 months ago

FrederikBolding commented 8 months ago

Bump Gatsby to the latest version, clearing out some Dependabot alerts.

socket-security[bot] commented 8 months ago

New and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package New capabilities Transitives Size Publisher
npm/@babel/eslint-parser@7.23.10 unsafe Transitive: environment, eval, filesystem, shell +150 21.2 MB nicolo-ribaudo
npm/@babel/helper-builder-binary-assignment-operator-visitor@7.22.15 Transitive: environment +4 2.51 MB nicolo-ribaudo
npm/@babel/helper-create-regexp-features-plugin@7.22.15 Transitive: environment, filesystem, shell, unsafe +61 11.1 MB nicolo-ribaudo
npm/@babel/plugin-bugfix-safari-id-destructuring-collision-in-function-expression@7.23.3 Transitive: environment, filesystem, shell, unsafe +51 10.2 MB nicolo-ribaudo
npm/@babel/plugin-bugfix-v8-spread-parameters-in-optional-chaining@7.23.3 Transitive: environment, filesystem, shell, unsafe +54 10.3 MB nicolo-ribaudo
npm/@babel/plugin-bugfix-v8-static-class-fields-redefine-readonly@7.23.7 Transitive: environment, filesystem, shell, unsafe +51 10.3 MB nicolo-ribaudo
npm/@babel/plugin-proposal-optional-chaining@7.21.0 Transitive: environment, filesystem, shell, unsafe +53 10.3 MB nicolo-ribaudo
npm/@babel/plugin-syntax-import-assertions@7.23.3 Transitive: environment, filesystem, shell, unsafe +51 10.2 MB nicolo-ribaudo
npm/@babel/plugin-syntax-import-attributes@7.23.3 Transitive: environment, filesystem, shell, unsafe +51 10.2 MB nicolo-ribaudo
npm/@babel/plugin-syntax-typescript@7.23.3 Transitive: environment, filesystem, shell, unsafe +51 10.2 MB nicolo-ribaudo
npm/@babel/plugin-transform-async-generator-functions@7.23.9 Transitive: environment, filesystem, shell, unsafe +55 10.3 MB nicolo-ribaudo
npm/@babel/plugin-transform-async-to-generator@7.23.3 Transitive: environment, filesystem, shell, unsafe +54 10.3 MB nicolo-ribaudo
npm/@babel/plugin-transform-class-properties@7.23.3 Transitive: environment, filesystem, shell, unsafe +57 10.7 MB nicolo-ribaudo
npm/@babel/plugin-transform-class-static-block@7.23.4 Transitive: environment, filesystem, shell, unsafe +58 10.7 MB nicolo-ribaudo
npm/@babel/plugin-transform-dotall-regex@7.23.3 Transitive: environment, filesystem, shell, unsafe +63 11.1 MB nicolo-ribaudo
npm/@babel/plugin-transform-duplicate-keys@7.23.3 Transitive: environment, filesystem, shell, unsafe +51 10.2 MB nicolo-ribaudo
npm/@babel/plugin-transform-dynamic-import@7.23.4 Transitive: environment, filesystem, shell, unsafe +52 10.2 MB nicolo-ribaudo
npm/@babel/plugin-transform-exponentiation-operator@7.23.3 Transitive: environment, filesystem, shell, unsafe +52 10.3 MB nicolo-ribaudo
npm/@babel/plugin-transform-export-namespace-from@7.23.4 Transitive: environment, filesystem, shell, unsafe +52 10.2 MB nicolo-ribaudo
npm/@babel/plugin-transform-json-strings@7.23.4 Transitive: environment, filesystem, shell, unsafe +52 10.2 MB nicolo-ribaudo
npm/@babel/plugin-transform-logical-assignment-operators@7.23.4 Transitive: environment, filesystem, shell, unsafe +52 10.2 MB nicolo-ribaudo
npm/@babel/plugin-transform-modules-amd@7.23.3 Transitive: environment, filesystem, shell, unsafe +51 10.3 MB nicolo-ribaudo
npm/@babel/plugin-transform-modules-systemjs@7.23.9 Transitive: environment, filesystem, shell, unsafe +51 10.3 MB nicolo-ribaudo
npm/@babel/plugin-transform-modules-umd@7.23.3 Transitive: environment, filesystem, shell, unsafe +51 10.3 MB nicolo-ribaudo
npm/@babel/plugin-transform-new-target@7.23.3 Transitive: environment, filesystem, shell, unsafe +51 10.2 MB nicolo-ribaudo
npm/@babel/plugin-transform-nullish-coalescing-operator@7.23.4 Transitive: environment, filesystem, shell, unsafe +52 10.2 MB nicolo-ribaudo
npm/@babel/plugin-transform-numeric-separator@7.23.4 Transitive: environment, filesystem, shell, unsafe +52 10.2 MB nicolo-ribaudo
npm/@babel/plugin-transform-optional-catch-binding@7.23.4 Transitive: environment, filesystem, shell, unsafe +52 10.2 MB nicolo-ribaudo
npm/@babel/plugin-transform-private-methods@7.23.3 Transitive: environment, filesystem, shell, unsafe +57 10.7 MB nicolo-ribaudo
npm/@babel/plugin-transform-private-property-in-object@7.23.4 Transitive: environment, filesystem, shell, unsafe +58 10.7 MB nicolo-ribaudo
npm/@babel/plugin-transform-react-jsx-development@7.22.5 Transitive: environment, filesystem, shell, unsafe +54 10.3 MB nicolo-ribaudo
npm/@babel/plugin-transform-react-pure-annotations@7.23.3 Transitive: environment, filesystem, shell, unsafe +52 10.2 MB nicolo-ribaudo
npm/@babel/plugin-transform-regenerator@7.23.3 Transitive: environment, filesystem, shell, unsafe +54 10.7 MB nicolo-ribaudo
npm/@babel/plugin-transform-reserved-words@7.23.3 Transitive: environment, filesystem, shell, unsafe +51 10.2 MB nicolo-ribaudo
npm/@babel/plugin-transform-sticky-regex@7.23.3 Transitive: environment, filesystem, shell, unsafe +51 10.2 MB nicolo-ribaudo
npm/@babel/plugin-transform-typeof-symbol@7.23.3 Transitive: environment, filesystem, shell, unsafe +51 10.2 MB nicolo-ribaudo
npm/@babel/plugin-transform-typescript@7.23.6 Transitive: environment, filesystem, shell, unsafe +58 10.8 MB nicolo-ribaudo
npm/@babel/plugin-transform-unicode-escapes@7.23.3 Transitive: environment, filesystem, shell, unsafe +51 10.2 MB nicolo-ribaudo
npm/@babel/plugin-transform-unicode-property-regex@7.23.3 Transitive: environment, filesystem, shell, unsafe +63 11.1 MB nicolo-ribaudo
npm/@babel/plugin-transform-unicode-regex@7.23.3 Transitive: environment, filesystem, shell, unsafe +63 11.1 MB nicolo-ribaudo
npm/@babel/plugin-transform-unicode-sets-regex@7.23.3 Transitive: environment, filesystem, shell, unsafe +63 11.1 MB nicolo-ribaudo
npm/@babel/preset-react@7.23.3 Transitive: environment, filesystem, shell, unsafe +57 10.4 MB nicolo-ribaudo
npm/@babel/preset-typescript@7.23.3 Transitive: environment, filesystem, shell, unsafe +61 10.9 MB nicolo-ribaudo
npm/@builder.io/partytown@0.7.6 None 0 386 kB adamdbradley
npm/@gatsbyjs/parcel-namer-relative-to-cwd@2.13.1 Transitive: environment, eval, filesystem, network, shell, unsafe +181 82.9 MB pieh
npm/@gatsbyjs/reach-router@2.0.1 environment +9 5.19 MB pieh
npm/@graphql-codegen/add@3.2.3 Transitive: unsafe +31 4.01 MB dotansimha
npm/@graphql-codegen/core@2.6.8 Transitive: unsafe +34 4.24 MB dotansimha
npm/@graphql-codegen/typescript-operations@2.5.13 Transitive: environment, eval, filesystem, network, shell, unsafe +197 23.2 MB dotansimha
npm/@graphql-tools/code-file-loader@7.3.23 filesystem, unsafe Transitive: environment, shell +82 12.8 MB ardatan
npm/@graphql-tools/graphql-tag-pluck@7.5.2 Transitive: environment, filesystem, shell, unsafe +55 12.1 MB ardatan
npm/@graphql-tools/load@7.8.14 unsafe +8 2.13 MB ardatan
npm/@parcel/bundler-default@2.8.3 Transitive: environment, eval, filesystem, network, shell, unsafe +109 77 MB devongovett
npm/@parcel/cache@2.8.3 Transitive: environment, eval, filesystem, network, shell, unsafe +107 76.9 MB devongovett
npm/@parcel/compressor-raw@2.8.3 Transitive: environment, eval, filesystem, network, shell, unsafe +109 76.9 MB devongovett
npm/@parcel/diagnostic@2.8.3 Transitive: environment +5 683 kB devongovett
npm/@parcel/fs-search@2.8.3 environment, filesystem 0 2.73 MB devongovett
npm/@parcel/fs@2.8.3 environment, filesystem Transitive: eval, network, shell, unsafe +107 76.9 MB devongovett
npm/@parcel/hash@2.8.3 environment, filesystem +1 2.88 MB devongovett
npm/@parcel/logger@2.8.3 Transitive: environment +6 697 kB devongovett
npm/@parcel/namer-default@2.8.3 Transitive: environment, eval, filesystem, network, shell, unsafe +109 76.9 MB devongovett
npm/@parcel/optimizer-terser@2.8.3 Transitive: environment, eval, filesystem, network, shell, unsafe +121 81.1 MB devongovett
npm/@parcel/package-manager@2.8.3 environment, filesystem, shell, unsafe Transitive: eval, network +107 76.9 MB devongovett
npm/@parcel/packager-js@2.8.3 filesystem Transitive: environment, eval, network, shell, unsafe +111 77.2 MB devongovett
npm/@parcel/packager-raw@2.8.3 Transitive: environment, eval, filesystem, network, shell, unsafe +109 76.9 MB devongovett
npm/@parcel/plugin@2.8.3 Transitive: environment, eval, filesystem, network, shell, unsafe +108 76.9 MB devongovett
npm/@parcel/reporter-dev-server@2.8.3 environment, eval, filesystem, network, shell Transitive: unsafe +109 79.2 MB devongovett
npm/@parcel/resolver-default@2.8.3 Transitive: environment, eval, filesystem, network, shell, unsafe +111 77.2 MB devongovett
npm/@parcel/runtime-js@2.8.3 Transitive: environment, eval, filesystem, network, shell, unsafe +109 77 MB devongovett
npm/@parcel/transformer-js@2.8.3 environment, filesystem Transitive: eval, network, shell, unsafe +111 235 MB devongovett
npm/@parcel/transformer-json@2.8.3 Transitive: environment, eval, filesystem, network, shell, unsafe +109 76.9 MB devongovett
npm/@parcel/types@2.8.3 environment Transitive: eval, filesystem, network, shell, unsafe +107 76.9 MB devongovett
npm/@parcel/utils@2.8.3 Transitive: environment, filesystem, shell +19 14.8 MB devongovett
npm/@parcel/workers@2.8.3 environment, filesystem, shell, unsafe Transitive: eval, network +107 76.9 MB devongovett
npm/@pmmmwh/react-refresh-webpack-plugin@0.5.11 environment, filesystem Transitive: eval, network, shell, unsafe +94 17.1 MB pmmmwh
npm/@pnpm/config.env-replace@1.1.0 None 0 15.2 kB zkochan
npm/@pnpm/network.ca-file@1.0.2 Transitive: environment, filesystem +1 45.5 kB zkochan
npm/@pnpm/npm-conf@2.2.2 environment, filesystem Transitive: network +6 118 kB zkochan
npm/@sigmacomputing/babel-plugin-lodash@3.3.5 filesystem, unsafe Transitive: environment +17 4.08 MB pearce-sigma
npm/@types/http-proxy@1.17.14 None +1 14.4 kB types
npm/address@1.2.2 environment, filesystem, shell 0 13 kB fengmk2
npm/array.prototype.filter@1.0.3 Transitive: eval +61 3.32 MB ljharb
npm/array.prototype.findlastindex@1.2.4 Transitive: eval +61 3.33 MB ljharb
npm/autoprefixer@10.4.17 environment Transitive: filesystem, shell +12 2.79 MB ai
npm/axe-core@4.7.0 None 0 2.18 MB npmdeque
npm/babel-jsx-utils@1.1.0 None 0 37.7 kB ascorbic
npm/babel-loader@8.3.0 filesystem Transitive: environment, eval, network, shell, unsafe +125 23.2 MB nicolo-ribaudo
npm/babel-plugin-polyfill-corejs3@0.9.0 Transitive: environment, filesystem, shell, unsafe +60 11.6 MB nicolo-ribaudo
npm/babel-plugin-remove-graphql-queries@5.13.1 environment Transitive: eval, filesystem, network, shell, unsafe +1364 490 MB pieh
npm/babel-preset-gatsby@3.13.1 environment Transitive: eval, filesystem, network, shell, unsafe +192 22.9 MB pieh
npm/bare-fs@2.2.0 None +6 741 kB kasperisager, mafintosh
npm/bare-os@2.2.0 None 0 216 kB kasperisager
npm/bare-path@2.1.0 None +1 251 kB kasperisager
npm/clipboardy@4.0.0 environment Transitive: filesystem, shell +22 1.24 MB sindresorhus
npm/config-chain@1.1.13 environment, filesystem, network +2 29.1 kB isaacs
npm/create-gatsby@3.13.1 environment, filesystem, network, shell +2 822 kB pieh
npm/engine.io-client@6.5.3 Transitive: environment, filesystem, network, shell +6 999 kB darrachequesne
npm/engine.io-parser@5.2.2 None 0 46.5 kB darrachequesne
npm/engine.io@6.5.4 network Transitive: environment +16 735 kB darrachequesne
npm/es-array-method-boxes-properly@1.0.0 None 0 3.86 kB ljharb
npm/event-source-polyfill@1.0.31 network 0 58.1 kB yaffle
npm/form-data-encoder@2.1.4 None 0 37.6 kB octetstream
npm/fs-extra@11.2.0 Transitive: environment, filesystem +3 112 kB ryanzim
npm/gatsby-cli@5.13.2 environment, filesystem, shell, unsafe Transitive: eval, network +295 35.4 MB pieh
npm/gatsby-core-utils@4.13.1 environment, filesystem, shell, unsafe Transitive: eval, network +82 8.58 MB pieh
npm/gatsby-graphiql-explorer@3.13.1 None 0 2.73 MB pieh
npm/gatsby-legacy-polyfills@3.13.0 Transitive: environment, filesystem, shell +9 3.18 MB pieh
npm/gatsby-link@5.13.1 environment Transitive: eval, filesystem, network, shell, unsafe +123 18.3 MB pieh
npm/gatsby-page-utils@3.13.1 Transitive: environment, eval, filesystem, network, shell, unsafe +107 11.3 MB pieh
npm/gatsby-parcel-config@1.13.1 Transitive: environment, eval, filesystem, network, shell, unsafe +210 248 MB pieh
npm/gatsby-plugin-manifest@5.13.1 Transitive: environment, eval, filesystem, network, shell, unsafe +1365 490 MB pieh
npm/gatsby-plugin-page-creator@5.13.1 Transitive: environment, eval, filesystem, network, shell, unsafe +1364 490 MB pieh
npm/gatsby-plugin-styled-components@6.13.1 Transitive: environment, eval, filesystem, network, shell, unsafe +1378 494 MB pieh
npm/gatsby-plugin-typescript@5.13.1 Transitive: environment, eval, filesystem, network, shell, unsafe +1364 490 MB pieh
npm/gatsby-plugin-utils@4.13.1 Transitive: environment, eval, filesystem, network, shell, unsafe +1364 490 MB pieh
npm/gatsby-react-router-scroll@6.13.1 Transitive: environment +12 5.52 MB pieh
npm/gatsby-script@2.13.0 Transitive: environment +10 5.24 MB pieh
npm/gatsby-sharp@1.13.0 Transitive: environment, filesystem, network, shell +53 2.72 MB pieh
npm/gatsby-telemetry@4.13.1 environment, filesystem, network, shell Transitive: eval, unsafe +134 12.7 MB pieh
npm/gatsby-worker@2.13.1 environment, filesystem, shell Transitive: unsafe +56 10.7 MB pieh
npm/gatsby@5.13.3 environment, filesystem Transitive: eval, network, shell, unsafe +1364 490 MB pieh
npm/graphql-http@1.22.0 network +1 1.74 MB enisdenjo
npm/hash-wasm@4.11.0 None 0 1.77 MB daninet
npm/inline-style-parser@0.1.1 None 0 30.6 kB remarkablemark
npm/is-inside-container@1.0.0 None +1 6.63 kB sindresorhus
npm/is-wsl@3.1.0 environment +2 10.1 kB sindresorhus
npm/is64bit@2.0.0 None +1 10.4 kB sindresorhus
npm/latest-version@7.0.0 Transitive: environment, filesystem, network +38 1.05 MB sindresorhus
npm/linkfs@2.1.0 None 0 11.7 kB streamich
npm/object.groupby@1.0.2 Transitive: eval +62 3.34 MB ljharb
npm/package-json@8.1.1 Transitive: environment, filesystem, network +37 1.05 MB sindresorhus
npm/proto-list@1.2.4 None 0 4.86 kB isaacs
npm/registry-auth-token@5.0.2 environment Transitive: filesystem, network +7 133 kB rexxars
npm/registry-url@6.0.1 Transitive: environment, filesystem +5 99.6 kB sindresorhus
npm/sharp@0.32.6 environment, filesystem, shell Transitive: network +52 2.7 MB lovell
npm/socket.io-adapter@2.5.4 Transitive: environment, network +3 242 kB darrachequesne
npm/socket.io-client@4.7.1 Transitive: environment, filesystem, network, shell +8 2.31 MB darrachequesne
npm/socket.io@4.7.1 filesystem, network Transitive: environment +20 2.15 MB darrachequesne
npm/style-to-object@0.4.4 None +1 71.9 kB remarkablemark
npm/system-architecture@0.1.0 None 0 5.37 kB sindresorhus
npm/tar-fs@3.0.5 filesystem +12 818 kB mafintosh
npm/webpack-virtual-modules@0.5.0 environment 0 41.8 kB vicvlas
npm/ws@8.11.0 environment, network 0 135 kB lpinca
npm/xstate@4.38.3 None 0 794 kB xstate-release-bot

🚮 Removed packages: npm/@babel/eslint-parser@7.19.1, npm/@babel/helper-builder-binary-assignment-operator-visitor@7.22.10, npm/@babel/helper-create-regexp-features-plugin@7.22.9, npm/@babel/helper-define-polyfill-provider@0.4.3, npm/@babel/plugin-bugfix-safari-id-destructuring-collision-in-function-expression@7.22.15, npm/@babel/plugin-bugfix-v8-spread-parameters-in-optional-chaining@7.22.15, npm/@babel/plugin-proposal-optional-chaining@7.18.9, npm/@babel/plugin-syntax-import-assertions@7.22.5, npm/@babel/plugin-syntax-import-attributes@7.22.5, npm/@babel/plugin-syntax-typescript@7.22.5, npm/@babel/plugin-transform-async-generator-functions@7.23.2, npm/@babel/plugin-transform-async-to-generator@7.22.5, npm/@babel/plugin-transform-class-properties@7.22.5, npm/@babel/plugin-transform-class-static-block@7.22.11, npm/@babel/plugin-transform-dotall-regex@7.22.5, npm/@babel/plugin-transform-duplicate-keys@7.22.5, npm/@babel/plugin-transform-dynamic-import@7.22.11, npm/@babel/plugin-transform-exponentiation-operator@7.22.5, npm/@babel/plugin-transform-export-namespace-from@7.22.11, npm/@babel/plugin-transform-json-strings@7.22.11, npm/@babel/plugin-transform-logical-assignment-operators@7.22.11, npm/@babel/plugin-transform-modules-amd@7.23.0, npm/@babel/plugin-transform-modules-systemjs@7.23.0, npm/@babel/plugin-transform-modules-umd@7.22.5, npm/@babel/plugin-transform-new-target@7.22.5, npm/@babel/plugin-transform-nullish-coalescing-operator@7.22.11, npm/@babel/plugin-transform-numeric-separator@7.22.11, npm/@babel/plugin-transform-object-rest-spread@7.22.15, npm/@babel/plugin-transform-optional-catch-binding@7.22.11, npm/@babel/plugin-transform-private-methods@7.22.5, npm/@babel/plugin-transform-private-property-in-object@7.22.11, npm/@babel/plugin-transform-react-jsx-development@7.18.6, npm/@babel/plugin-transform-react-pure-annotations@7.18.6, npm/@babel/plugin-transform-regenerator@7.22.10, npm/@babel/plugin-transform-reserved-words@7.22.5, npm/@babel/plugin-transform-runtime@7.23.2, npm/@babel/plugin-transform-sticky-regex@7.22.5, npm/@babel/plugin-transform-typeof-symbol@7.22.5, npm/@babel/plugin-transform-typescript@7.22.15, npm/@babel/plugin-transform-unicode-escapes@7.22.10, npm/@babel/plugin-transform-unicode-property-regex@7.22.5, npm/@babel/plugin-transform-unicode-regex@7.22.5, npm/@babel/plugin-transform-unicode-sets-regex@7.22.5, npm/@babel/preset-env@7.23.2, npm/@babel/preset-react@7.18.6, npm/@babel/preset-typescript@7.23.2, npm/@babel/runtime-corejs3@7.19.4, npm/@builder.io/partytown@0.5.4, npm/@gatsbyjs/parcel-namer-relative-to-cwd@1.10.0, npm/@gatsbyjs/reach-router@1.3.9, npm/@graphql-codegen/add@3.2.1, npm/@graphql-codegen/core@2.6.2, npm/@graphql-codegen/schema-ast@2.5.1, npm/@graphql-codegen/typescript-operations@2.5.4, npm/@graphql-codegen/visitor-plugin-common@2.12.2, npm/@graphql-tools/code-file-loader@7.3.6, npm/@graphql-tools/graphql-tag-pluck@7.3.6, npm/@graphql-tools/load@7.7.7, npm/@parcel/bundler-default@2.6.2, npm/@parcel/cache@2.6.2, npm/@parcel/compressor-raw@2.6.2, npm/@parcel/diagnostic@2.6.2, npm/@parcel/fs-search@2.6.2, npm/@parcel/fs@2.6.2, npm/@parcel/hash@2.6.2, npm/@parcel/logger@2.6.2, npm/@parcel/namer-default@2.6.2, npm/@parcel/optimizer-terser@2.6.2, npm/@parcel/package-manager@2.6.2, npm/@parcel/packager-js@2.6.2, npm/@parcel/packager-raw@2.6.2, npm/@parcel/plugin@2.6.2, npm/@parcel/reporter-dev-server@2.6.2, npm/@parcel/resolver-default@2.6.2, npm/@parcel/runtime-js@2.6.2, npm/@parcel/transformer-js@2.6.2, npm/@parcel/transformer-json@2.6.2, npm/@parcel/types@2.6.2, npm/@parcel/utils@2.6.2, npm/@parcel/workers@2.6.2, npm/@pmmmwh/react-refresh-webpack-plugin@0.5.8, npm/@sideway/address@4.1.4, npm/@types/http-proxy@1.17.11, npm/@types/sharp@0.30.5, npm/address@1.1.2, npm/arch@2.2.0, npm/array.prototype.flatmap@1.3.0, npm/ast-types-flow@0.0.7, npm/async-cache@1.1.0, npm/autoprefixer@10.4.12, npm/axe-core@4.4.3, npm/axobject-query@2.2.0, npm/babel-loader@8.2.5, npm/babel-plugin-lodash@3.3.4, npm/babel-plugin-polyfill-corejs3@0.8.7, npm/babel-plugin-remove-graphql-queries@4.25.0, npm/babel-preset-gatsby@2.25.0, npm/clipboardy@2.3.0, npm/create-gatsby@2.25.0, npm/cssfilter@0.0.10, npm/duplexer3@0.1.5, npm/electron-to-chromium@1.4.571, npm/engine.io-client@6.2.3, npm/engine.io-parser@5.0.7, npm/engine.io@6.2.1, npm/escape-goat@2.1.1, npm/event-source-polyfill@1.0.25, npm/express-graphql@0.12.0, npm/fd@0.0.3, npm/foreach@2.0.5, npm/fs-extra@10.1.0, npm/gatsby-cli@4.25.0, npm/gatsby-core-utils@3.25.0, npm/gatsby-graphiql-explorer@2.25.0, npm/gatsby-legacy-polyfills@2.25.0, npm/gatsby-link@4.25.0, npm/gatsby-page-utils@2.25.0, npm/gatsby-parcel-config@0.16.0, npm/gatsby-plugin-manifest@4.24.0, npm/gatsby-plugin-page-creator@4.25.0, npm/gatsby-plugin-styled-components@5.24.0, npm/gatsby-plugin-typescript@4.25.0, npm/gatsby-plugin-utils@3.19.0, npm/gatsby-react-router-scroll@5.25.0, npm/gatsby-script@1.10.0, npm/gatsby-sharp@0.19.0, npm/gatsby-telemetry@3.25.0, npm/gatsby-worker@1.25.0, npm/gatsby@4.25.8, npm/global-dirs@3.0.1, npm/graphql-playground-html@1.6.30, npm/graphql-playground-middleware-express@1.7.23, npm/has-yarn@2.1.0, npm/import-lazy@2.1.0, npm/is-installed-globally@0.4.0, npm/is-npm@5.0.0, npm/is-yarn-global@0.3.0, npm/latest-version@5.1.0, npm/md5-file@5.0.0, npm/nice-try@1.0.5, npm/node-addon-api@5.1.0, npm/p-finally@1.0.0, npm/package-json@6.5.0, npm/prepend-http@2.0.0, npm/pupa@2.1.1, npm/react-lifecycles-compat@3.0.4, npm/registry-auth-token@4.2.2, npm/registry-url@5.1.0, npm/semver-diff@3.1.1, npm/sharp@0.30.7, npm/socket.io-adapter@2.4.0, npm/socket.io-client@4.5.4, npm/socket.io@4.5.4, npm/st@2.0.0, npm/strip-eof@1.0.0, npm/term-size@2.2.1, npm/to-readable-stream@1.0.0, npm/update-notifier@5.1.0, npm/url-parse-lax@3.0.0, npm/webpack-virtual-modules@0.3.2, npm/ws@8.2.3, npm/xss@1.0.14, npm/xstate@4.32.1

View full report↗︎

socket-security[bot] commented 8 months ago

🚨 Potential security issues detected. Learn more about Socket for GitHub ↗︎

To accept the risk, merge this PR and you will not be notified again.

Alert Package NoteSource
Native code npm/sharp@0.32.6
Network access npm/config-chain@1.1.13
New author npm/cacheable-lookup@7.0.0
New author npm/get-stream@8.0.1
New author npm/is64bit@2.0.0
Network access npm/graphql-http@1.22.0

View full report↗︎

Next steps

What's wrong with native code?

Contains native code which could be a vector to obscure malicious code, and generally decrease the likelihood of reproducible or reliable installs.

Ensure that native code bindings are expected. Consumers may consider pure JS and functionally similar alternatives to avoid the challenges and risks associated with native code bindings.

What is network access?

This module accesses the network.

Packages should remove all network access that is functionally unnecessary. Consumers should audit network access to ensure legitimate use.

What is new author?

A new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.

Scrutinize new collaborator additions to packages because they now have the ability to publish code into your dependency tree. Packages should avoid frequent or unnecessary additions or changes to publishing rights.

Take a deeper look at the dependency

Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support [AT] socket [DOT] dev.

Remove the package

If you happen to install a dependency that Socket reports as Known Malware you should immediately remove it and select a different dependency. For other alert types, you may may wish to investigate alternative packages or consider if there are other ways to mitigate the specific risk posed by the dependency.

Mark a package as acceptable risk

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of ecosystem/package-name@version specifiers. e.g. @SocketSecurity ignore npm/foo@1.0.0 or ignore all packages with @SocketSecurity ignore-all

  • @SocketSecurity ignore npm/sharp@0.32.6
  • @SocketSecurity ignore npm/config-chain@1.1.13
  • @SocketSecurity ignore npm/cacheable-lookup@7.0.0
  • @SocketSecurity ignore npm/get-stream@8.0.1
  • @SocketSecurity ignore npm/is64bit@2.0.0
  • @SocketSecurity ignore npm/graphql-http@1.22.0
FrederikBolding commented 8 months ago

@SocketSecurity ignore npm/sharp@0.32.6

Native code is expected.

@SocketSecurity ignore npm/cacheable-lookup@7.0.0 @SocketSecurity ignore npm/get-stream@8.0.1 @SocketSecurity ignore npm/is64bit@2.0.0

Trusted author.

@SocketSecurity ignore npm/config-chain@1.1.13 @SocketSecurity ignore npm/graphql-http@1.22.0

Network access is expected.