Closed revolunet closed 1 year ago
Please consider investigating the findings and remediating the incidents. Failure to do so may lead to compromising the associated services or software components.
🦉 GitGuardian detects secrets in your source code to help developers and security teams secure the modern development process. You are seeing this because you or someone else with access to this repository has authorized GitGuardian to scan your pull request.
Our GitHub checks need improvements? Share your feedbacks!
New dependency changes detected. Learn more about Socket for GitHub ↗︎
👍 No new dependency issues detected in pull request
To ignore an alert, reply with a comment starting with @SocketSecurity ignore
followed by a space separated list of package-name@version
specifiers. e.g. @SocketSecurity ignore foo@1.0.0 bar@*
or ignore all packages with @SocketSecurity ignore-all
Ignoring: es5-ext@0.10.62
Issue | Status |
---|---|
Install scripts | ✅ 0 issues |
Native code | ✅ 0 issues |
Bin script shell injection | ✅ 0 issues |
Unresolved require | ✅ 0 issues |
Invalid package.json | ✅ 0 issues |
HTTP dependency | ✅ 0 issues |
Git dependency | ✅ 0 issues |
Potential typo squat | ✅ 0 issues |
Known Malware | ✅ 0 issues |
Telemetry | ✅ 0 issues |
Protestware/Troll package | ✅ 0 issues |
📊 Modified Dependency Overview:
➕ Added Package | Capability Access | +/- Transitive Count |
Publisher |
---|---|---|---|
jest-watch-typeahead@0.6.5 | None | +68 |
simenb |
⬆️ Updated Package | Version Diff | Added Capability Access | +/- Transitive Count |
Publisher |
---|---|---|---|---|
@socialgouv/kosko-charts@9.19.2 | 9.15.0...9.19.2 | environment | +20/-24 |
socialgroovybot |
@socialgouv/aes-gcm-rsa-oaep@1.1.4 | 1.1.2...1.1.4 | None | +4/-4 |
socialgroovybot |
react-feather@2.0.10 | 2.0.9...2.0.10 | None | +0/-0 |
carmelo |
react-copy-to-clipboard@5.1.0 | 5.0.4...5.1.0 | None | +2/-2 |
nkbt |
react-hook-form@7.43.9 | 7.12.2...7.43.9 | None | +0/-0 |
bluebill1049 |
🚮 Removed packages: typescript@4.3.5
@SocketSecurity ignore es5-ext@0.10.62
Patch and project coverage have no change.
Comparison is base (
b13f46f
) 84.37% compared to head (e86b50c
) 84.37%.
:exclamation: Your organization is not using the GitHub App Integration. As a result you may experience degraded service beginning May 15th. Please install the Github App Integration for your organization. Read more.
:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Do you have feedback about the report comment? Let us know in this issue.
:tada: This PR is included in version 1.15.1 :tada:
The release is available on:
v1.15.1
Your semantic-release bot :package::rocket:
Use
yaml-js
to parse pasted string and handle multiline variables correclyadd tests