Candidate server components

[socket-security[bot]]

No dependency changes detected. Learn more about Socket for GitHub ↗︎

👍 No dependency changes detected in pull request

[pierreavizou]

🚨 Potential security issues detected. Learn more about Socket for GitHub ↗︎

To accept the risk, merge this PR and you will not be notified again. Alert Package Note Source CI Install scripts npm/sharp@0.33.4

* **Install script:** [install](https://socket.dev/npm/package/sharp/overview/0.33.4)

* **Source:** `node install/check`

* [`packages/reva-candidate/package-lock.json`](https://github.com/SocialGouv/reva/pull/777/files#diff-1ec462534bf9daaeb4e756a55ae51a990a3be6aa17b0f1369a3693c9b5793d7b)

* [`packages/reva-candidate/package.json`](https://github.com/SocialGouv/reva/pull/777/files#diff-8fdf3fdc7b0f9c5603f94975ca09aef9a07b9248e9c60db5e03ff6d8b0f32b3e)

🚫 Telemetry npm/next@14.2.4

* **Note:** Can be disabled by setting the environment variable NEXT_TELEMETRY_DISABLED=1 . See https://nextjs.org/telemetry for more information

* [`packages/reva-candidate/package-lock.json`](https://github.com/SocialGouv/reva/pull/777/files#diff-1ec462534bf9daaeb4e756a55ae51a990a3be6aa17b0f1369a3693c9b5793d7b)

* [`packages/reva-candidate/package.json`](https://github.com/SocialGouv/reva/pull/777/files#diff-8fdf3fdc7b0f9c5603f94975ca09aef9a07b9248e9c60db5e03ff6d8b0f32b3e)

🚫

View full report↗︎

Next steps

What is an install script? What is telemetry? Take a deeper look at the dependency Remove the package Mark a package as acceptable risk

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of ecosystem/package-name@version specifiers. e.g. @SocketSecurity ignore npm/foo@1.0.0 or ignore all packages with @SocketSecurity ignore-all

* `@SocketSecurity ignore npm/sharp@0.33.4`

* `@SocketSecurity ignore npm/next@14.2.4`

@SocketSecurity ignore-all

[pierreavizou]

New and removed dependencies detected. Learn more about Socket for GitHub ↗︎ Package New capabilities Transitives Size Publisher npm/@codegouvfr/react-dsfr@1.9.22 Transitive: environment, filesystem +2 80.9 MB garronej npm/@graphql-codegen/client-preset@4.2.5 Transitive: environment, eval, filesystem, network, shell, unsafe +206 25.3 MB dotansimha npm/@tanstack/react-query@5.49.2 environment +1 3.11 MB tannerlinsley npm/@types/node@20.14.9 None +1 2.16 MB types npm/@types/react-dom@18.3.0 None 0 37.8 kB types npm/@types/react@18.3.3 None +2 1.69 MB types npm/@types/uuid@10.0.0 None 0 7.82 kB types npm/@typescript-eslint/eslint-plugin@7.16.0 Transitive: environment, filesystem +45 9.62 MB jameshenry npm/@urql/exchange-auth@2.2.0 environment Transitive: network +3 1.51 MB jdecroock npm/autoprefixer@10.4.19 environment Transitive: filesystem, shell +10 2.82 MB ai npm/classnames@2.5.1 None 0 23.6 kB jedwatson npm/cookies-next@4.2.1 None +2 62.7 kB andreizanik npm/date-fns@3.6.0 None 0 22.2 MB kossnocorp npm/eslint-config-next@14.2.4 unsafe Transitive: environment, eval, filesystem, shell +208 21.3 MB vercel-release-bot npm/eslint-config-prettier@9.1.0 None 0 20.8 kB lydell npm/eslint@8.57.0 environment, filesystem Transitive: eval, shell, unsafe +98 10.8 MB eslintbot npm/graphql-request@7.1.0 Transitive: environment, filesystem, shell +14 4.58 MB jasonkuhrt npm/graphql@16.9.0 environment 0 1.36 MB benjie npm/keycloak-js@24.0.5 eval, network +2 402 kB keycloak.bot npm/next@14.2.4 environment, filesystem, network, shell, unsafe +23 1.2 GB vercel-release-bot npm/postcss-url@10.1.3 Transitive: filesystem +9 544 kB sergcen npm/postcss@8.4.39 environment, filesystem +3 368 kB ai npm/prettier@3.3.2 environment, filesystem, unsafe 0 8.25 MB prettier-bot npm/react-dom@18.3.1 environment +3 4.63 MB react-bot npm/react@18.3.1 environment +2 339 kB react-bot npm/sharp@0.33.4 environment Transitive: eval, filesystem, shell +28 181 MB lovell npm/tailwindcss@3.4.4 environment, filesystem Transitive: network, shell, unsafe +100 14.5 MB adamwathan npm/typescript@5.2.2 None 0 40.6 MB typescript-bot npm/urql@4.1.0 environment Transitive: network +3 1.72 MB jdecroock npm/uuid@10.0.0 None 0 168 kB broofa npm/zustand@4.5.4 environment +1 363 kB daishi

🚮 Removed packages: npm/@dillonkearns/elm-graphql@4.3.1, npm/@fastify/cors@8.5.0, npm/@fastify/http-proxy@9.3.0, npm/@fastify/multipart@8.1.0, npm/@fastify/static@6.12.0, npm/@gouvfr/dsfr@1.11.2, npm/@graphql-codegen/client-preset@4.3.0, npm/@graphql-tools/load-files@7.0.0, npm/@graphql-tools/resolvers-composition@7.0.0, npm/@headlessui/react@1.7.11, npm/@keycloak/keycloak-admin-client@24.0.2, npm/@pmmmwh/react-refresh-webpack-plugin@0.5.10, npm/@prisma/client@5.8.1, npm/@sentry/react@7.55.1, npm/@svgr/webpack@5.5.0, npm/@tailwindcss/forms@0.4.1, npm/@tailwindcss/typography@0.5.2, npm/@testing-library/jest-dom@5.16.5, npm/@testing-library/react@11.2.7, npm/@testing-library/user-event@12.8.3, npm/@types/apollo-upload-client@18.0.0, npm/@types/cron@2.4.0, npm/@types/crypto-js@4.2.2, npm/@types/debug@4.1.12, npm/@types/jest@29.5.11, npm/@types/jsonwebtoken@9.0.5, npm/@types/lodash@4.14.202, npm/@types/mjml@4.7.4, npm/@types/node@20.11.6, npm/@types/react-dom@18.0.11, npm/@types/react-helmet@6.1.6, npm/@types/react@18.0.28, npm/@types/ssh2-sftp-client@9.0.3, npm/@types/uuid@9.0.7, npm/@xstate/inspect@0.7.1, npm/@xstate/react@3.2.1, npm/apollo-upload-client@18.0.1, npm/autoprefixer@10.4.13, npm/babel-jest@27.5.1, npm/babel-loader@8.3.0, npm/babel-plugin-named-asset-import@0.3.8, npm/babel-preset-react-app@10.0.1, npm/basic-ftp@5.0.4, npm/bfj@7.0.2, npm/browserslist@4.22.1, npm/camelcase@6.3.0, npm/case-sensitive-paths-webpack-plugin@2.4.0

View full report↗︎

@SocketSecurity ignore-all

[pierreavizou]

New and removed dependencies detected. Learn more about Socket for GitHub ↗︎ Package New capabilities Transitives Size Publisher npm/@codegouvfr/react-dsfr@1.9.22 Transitive: environment, filesystem +2 80.9 MB garronej npm/@graphql-codegen/client-preset@4.2.5 Transitive: environment, eval, filesystem, network, shell, unsafe +206 25.3 MB dotansimha npm/@tanstack/react-query@5.49.2 environment +1 3.11 MB tannerlinsley npm/@types/node@20.14.9 None +1 2.16 MB types npm/@types/react-dom@18.3.0 None 0 37.8 kB types npm/@types/react@18.3.3 None +2 1.69 MB types npm/@types/uuid@10.0.0 None 0 7.82 kB types npm/@typescript-eslint/eslint-plugin@7.16.0 Transitive: environment, filesystem +45 9.62 MB jameshenry npm/@urql/exchange-auth@2.2.0 environment Transitive: network +3 1.51 MB jdecroock npm/autoprefixer@10.4.19 environment Transitive: filesystem, shell +10 2.82 MB ai npm/classnames@2.5.1 None 0 23.6 kB jedwatson npm/cookies-next@4.2.1 None +2 62.7 kB andreizanik npm/date-fns@3.6.0 None 0 22.2 MB kossnocorp npm/eslint-config-next@14.2.4 unsafe Transitive: environment, eval, filesystem, shell +208 21.3 MB vercel-release-bot npm/eslint-config-prettier@9.1.0 None 0 20.8 kB lydell npm/eslint@8.57.0 environment, filesystem Transitive: eval, shell, unsafe +98 10.8 MB eslintbot npm/graphql-request@7.1.0 Transitive: environment, filesystem, shell +14 4.58 MB jasonkuhrt npm/graphql@16.9.0 environment 0 1.36 MB benjie npm/keycloak-js@24.0.5 eval, network +2 402 kB keycloak.bot npm/next@14.2.4 environment, filesystem, network, shell, unsafe +23 1.2 GB vercel-release-bot npm/postcss-url@10.1.3 Transitive: filesystem +9 544 kB sergcen npm/postcss@8.4.39 environment, filesystem +3 368 kB ai npm/prettier@3.3.2 environment, filesystem, unsafe 0 8.25 MB prettier-bot npm/react-dom@18.3.1 environment +3 4.63 MB react-bot npm/react@18.3.1 environment +2 339 kB react-bot npm/sharp@0.33.4 environment Transitive: eval, filesystem, shell +28 181 MB lovell npm/tailwindcss@3.4.4 environment, filesystem Transitive: network, shell, unsafe +100 14.5 MB adamwathan npm/typescript@5.2.2 None 0 40.6 MB typescript-bot npm/urql@4.1.0 environment Transitive: network +3 1.72 MB jdecroock npm/uuid@10.0.0 None 0 168 kB broofa npm/zustand@4.5.4 environment +1 363 kB daishi

🚮 Removed packages: npm/@dillonkearns/elm-graphql@4.3.1, npm/@fastify/cors@8.5.0, npm/@fastify/http-proxy@9.3.0, npm/@fastify/multipart@8.1.0, npm/@fastify/static@6.12.0, npm/@gouvfr/dsfr@1.11.2, npm/@graphql-codegen/client-preset@4.3.0, npm/@graphql-tools/load-files@7.0.0, npm/@graphql-tools/resolvers-composition@7.0.0, npm/@headlessui/react@1.7.11, npm/@keycloak/keycloak-admin-client@24.0.2, npm/@pmmmwh/react-refresh-webpack-plugin@0.5.10, npm/@prisma/client@5.8.1, npm/@sentry/react@7.55.1, npm/@svgr/webpack@5.5.0, npm/@tailwindcss/forms@0.4.1, npm/@tailwindcss/typography@0.5.2, npm/@testing-library/jest-dom@5.16.5, npm/@testing-library/react@11.2.7, npm/@testing-library/user-event@12.8.3, npm/@types/apollo-upload-client@18.0.0, npm/@types/cron@2.4.0, npm/@types/crypto-js@4.2.2, npm/@types/debug@4.1.12, npm/@types/jest@29.5.11, npm/@types/jsonwebtoken@9.0.5, npm/@types/lodash@4.14.202, npm/@types/mjml@4.7.4, npm/@types/node@20.11.6, npm/@types/react-dom@18.0.11, npm/@types/react-helmet@6.1.6, npm/@types/react@18.0.28, npm/@types/ssh2-sftp-client@9.0.3, npm/@types/uuid@9.0.7, npm/@xstate/inspect@0.7.1, npm/@xstate/react@3.2.1, npm/apollo-upload-client@18.0.1, npm/autoprefixer@10.4.13, npm/babel-jest@27.5.1, npm/babel-loader@8.3.0, npm/babel-plugin-named-asset-import@0.3.8, npm/babel-preset-react-app@10.0.1, npm/basic-ftp@5.0.4, npm/bfj@7.0.2, npm/browserslist@4.22.1, npm/camelcase@6.3.0, npm/case-sensitive-paths-webpack-plugin@2.4.0

View full report↗︎

@SocketSecurity ignore-all