feat(release): ds8j - Githubissues

github-advanced-security[bot] commented 1 month ago

This pull request sets up GitHub code scanning for this repository. Once the scans have completed and the checks have passed, the analysis results for this pull request branch will appear on this overview. Once you merge this pull request, the 'Security' tab will show more code scanning analysis results (for example, for the default branch). Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results. For more information about GitHub code scanning, check out the documentation.

socket-security[bot] commented 1 month ago

New and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package	New capabilities	Transitives	Size	Publisher
npm/@antfu/utils@0.7.8	None	`0`	108 kB	antfu
npm/@babel/compat-data@7.24.7	None	`0`	65.6 kB	nicolo-ribaudo
npm/@babel/core@7.24.7	environment, filesystem, unsafe	`+9`	1.34 MB	nicolo-ribaudo
npm/@babel/generator@7.24.7	None	`+3`	625 kB	nicolo-ribaudo
npm/@babel/helper-annotate-as-pure@7.24.7	None	`0`	52.4 kB	nicolo-ribaudo
npm/@babel/helper-compilation-targets@7.24.7	None	`+1`	67.9 kB	nicolo-ribaudo
npm/@babel/helper-create-class-features-plugin@7.24.7	None	`0`	507 kB	nicolo-ribaudo
npm/@babel/helper-environment-visitor@7.24.7	None	`0`	6.72 kB	nicolo-ribaudo
npm/@babel/helper-function-name@7.24.7	None	`0`	21.7 kB	nicolo-ribaudo
npm/@babel/helper-hoist-variables@7.24.7	None	`0`	6.99 kB	nicolo-ribaudo
npm/@babel/helper-member-expression-to-functions@7.24.7	None	`0`	107 kB	nicolo-ribaudo
npm/@babel/helper-module-imports@7.24.7	None	`0`	63.7 kB	nicolo-ribaudo
npm/@babel/helper-module-transforms@7.24.7	None	`0`	158 kB	nicolo-ribaudo
npm/@babel/helper-optimise-call-expression@7.24.7	None	`0`	55 kB	nicolo-ribaudo
npm/@babel/helper-plugin-utils@7.24.7	None	`0`	127 kB	nicolo-ribaudo
npm/@babel/helper-replace-supers@7.24.7	None	`0`	98.6 kB	nicolo-ribaudo
npm/@babel/helper-simple-access@7.24.7	None	`0`	14.1 kB	nicolo-ribaudo
npm/@babel/helper-skip-transparent-expression-wrappers@7.24.7	None	`0`	58.5 kB	nicolo-ribaudo
npm/@babel/helper-split-export-declaration@7.24.7	None	`0`	10.8 kB	nicolo-ribaudo
npm/@babel/helper-string-parser@7.24.7	None	`0`	31.8 kB	nicolo-ribaudo
npm/@babel/helper-validator-option@7.24.7	None	`0`	11.8 kB	nicolo-ribaudo
npm/@babel/helpers@7.24.7	None	`0`	859 kB	nicolo-ribaudo
npm/@babel/parser@7.24.7	None	`0`	1.89 MB	nicolo-ribaudo
npm/@babel/plugin-syntax-typescript@7.24.7	None	`0`	72.8 kB	nicolo-ribaudo
npm/@babel/plugin-transform-typescript@7.24.7	None	`0`	201 kB	nicolo-ribaudo
npm/@babel/template@7.24.7	Transitive: environment	`+1`	74.6 kB	nicolo-ribaudo
npm/@babel/traverse@7.24.7	Transitive: environment	`+2`	680 kB	nicolo-ribaudo
npm/@babel/types@7.24.7	environment	`0`	2.41 MB	nicolo-ribaudo
npm/@gouvfr/dsfr@1.11.2	None	`0`	83.1 MB	keryans
npm/@gouvminint/vue-dsfr@5.17.4	Transitive: environment	`+2`	1.5 MB	gouvminint
npm/@npmcli/package-json@5.2.0	filesystem Transitive: environment, shell	`+28`	2.26 MB	npm-cli-ops
npm/@nuxt/eslint-config@0.3.6	Transitive: environment, filesystem, unsafe	`+60`	15.5 MB	antfu
npm/@nuxt/kit@3.11.2	Transitive: environment, filesystem, network, unsafe	`+16`	3.11 MB	danielroe
npm/@nuxt/schema@3.11.2	Transitive: environment	`+5`	1.29 MB	danielroe
npm/@pinia/nuxt@0.5.1	None	`0`	8.69 kB	posva
npm/@rollup/plugin-replace@5.0.7	None	`0`	26.4 kB	shellscape
npm/@rollup/pluginutils@5.1.0	None	`+1`	147 kB	shellscape
npm/@sentry/vue@7.117.0	Transitive: network	`+12`	11.3 MB	sentry-bot
npm/@sigstore/bundle@2.3.1	None	`0`	40.8 kB	bdehamer
npm/@sigstore/core@1.1.0	None	`0`	88.6 kB	bdehamer
npm/@sigstore/protobuf-specs@0.3.1	None	`0`	234 kB	bdehamer
npm/@socialgouv/dsfr-toaster-nuxt-module@1.2.1	Transitive: environment	`+3`	1.52 MB	socialgroovybot
npm/@stylistic/eslint-plugin-js@1.7.0	None	`+2`	583 kB	antfu
npm/@types/eslint@8.56.9	None	`0`	192 kB	types
npm/@types/estree@1.0.5	None	`0`	25.7 kB	types
npm/@typescript-eslint/types@7.6.0	None	`0`	156 kB	jameshenry
npm/@typescript-eslint/utils@7.6.0	Transitive: filesystem	`+6`	384 kB	jameshenry
npm/@unhead/dom@1.9.13	None	`+3`	178 kB	harlan_zw
npm/@vee-validate/i18n@4.13.1	network	`0`	131 kB	logaretm
npm/@vee-validate/rules@4.13.1	None	`0`	59.6 kB	logaretm
npm/@vue/babel-plugin-jsx@1.2.2	Transitive: environment	`+8`	205 kB	sxzz
npm/@vue/compiler-dom@3.4.21	environment, eval	`+2`	1.29 MB	yyx990803
npm/@vue/compiler-sfc@3.4.21	environment, eval, filesystem, unsafe	`+3`	3 MB	yyx990803
npm/@vue/devtools-api@6.6.1	None	`0`	33.3 kB	akryum
npm/@vue/devtools-core@7.1.3	network	`+2`	126 kB	webfansplz
npm/@vue/devtools-kit@7.1.3	None	`+3`	399 kB	webfansplz
npm/@vue/devtools-shared@7.2.1	None	`0`	30.2 kB	webfansplz
npm/@vue/reactivity@3.4.27	environment	`0`	228 kB	yyx990803
npm/@vue/runtime-core@3.4.27	environment	`0`	769 kB	yyx990803
npm/@vue/runtime-dom@3.4.27	environment	`+1`	2.3 MB	yyx990803
npm/@vue/server-renderer@3.4.27	environment, eval	`+3`	1.66 MB	yyx990803
npm/@vue/shared@3.4.27	environment	`0`	80.6 kB	yyx990803
npm/@vueform/multiselect@2.6.7	None	`0`	859 kB	vueform
npm/@vueuse/core@10.9.0	environment, network	`+3`	1.92 MB	antfu
npm/agent-base@6.0.2	None	`0`	34.6 kB	tootallnate
npm/archiver-utils@5.0.2	Transitive: environment, filesystem, shell	`+19`	1.25 MB	ctalkington
npm/citty@0.1.6	Transitive: environment	`+1`	273 kB	pi0
npm/console-control-strings@1.1.0	None	`0`	12.7 kB	iarna
npm/cookie-es@1.1.0	None	`0`	33.5 kB	pi0
npm/crossws@0.2.4	None	`0`	356 kB	pi0
npm/date-fns@3.6.0	None	`0`	22.2 MB	kossnocorp
npm/defu@6.1.4	None	`0`	19.6 kB	pi0
npm/domhandler@5.0.3	None	`+1`	86.7 kB	feedic
npm/entities@4.5.0	None	`0`	413 kB	feedic
npm/estree-walker@3.0.3	None	`0`	17.6 kB	rich_harris
npm/fast-fifo@1.3.2	None	`0`	5.07 kB	mafintosh
npm/fs-extra@11.2.0	Transitive: filesystem	`+1`	74.7 kB	ryanzim
npm/h3@1.11.1	None	`+3`	419 kB	pi0
npm/is-docker@3.0.0	None	`0`	3.15 kB	sindresorhus
npm/knitwork@1.1.0	None	`0`	37.3 kB	pi0
npm/magic-string@0.30.10	None	`0`	452 kB	antfu
npm/minipass@7.0.4	None	`0`	285 kB	isaacs
npm/minizlib@2.1.2	None	`0`	17.3 kB	isaacs
npm/mlly@1.6.1	None	`+2`	416 kB	pi0
npm/napi-wasm@1.1.0	None	`0`	86.2 kB	devongovett
npm/node-fetch-native@1.6.4	network	`0`	735 kB	pi0
npm/nth-check@2.1.1	None	`+1`	43.9 kB	feedic
npm/nuxt-security@1.4.3	Transitive: environment, network	`+13`	2.2 MB	baroshem
npm/nuxt@3.12.1	Transitive: environment, eval, filesystem, network, shell, unsafe	`+344`	505 MB	danielroe
npm/ofetch@1.3.4	environment, network	`+1`	63.4 kB	pi0
npm/oh-vue-icons@1.0.0-rc3	Transitive: filesystem	`+1`	45.9 MB	renovamen
npm/pathe@1.1.2	None	`0`	30.8 kB	pi0
npm/pinia@2.1.7	environment	`0`	379 kB	posva
npm/postcss-selector-parser@6.0.16	None	`+1`	203 kB	evilebottnawi
npm/postcss@8.4.38	environment, filesystem	`+1`	204 kB	ai

🚮 Removed packages: npm/@babel/core@7.24.4, npm/@babel/generator@7.24.4, npm/@babel/helper-plugin-utils@7.24.0, npm/@babel/parser@7.24.4, npm/@babel/template@7.24.0, npm/@babel/types@7.24.0, npm/@istanbuljs/schema@0.1.3, npm/@sentry/node@7.109.0, npm/@types/babel__traverse@7.20.5, npm/@types/istanbul-lib-coverage@2.0.6, npm/axios@1.6.8, npm/base64-js@1.3.1, npm/body-parser@1.20.2, npm/content-type@1.0.5, npm/cookie-parser@1.4.6, npm/cors@2.8.5, npm/dayjs@1.11.10, npm/db-migrate-pg@1.5.2, npm/db-migrate@0.11.14, npm/express@4.19.2, npm/helmet@7.1.0, npm/istanbul-lib-coverage@3.2.2, npm/jest@29.7.0, npm/knex@3.1.0, npm/nodemon@3.1.0, npm/onetime@5.1.2, npm/pg@8.11.5, npm/resolve@1.22.8, npm/source-map@0.6.1, npm/string-width@7.1.0, npm/strip-ansi@6.0.1, npm/strip-json-comments@3.1.1, npm/supports-color@5.5.0, npm/type-check@0.4.0, npm/which-typed-array@1.1.15, npm/yallist@3.1.1

View full report↗︎

socket-security[bot] commented 1 month ago

🚨 Potential security issues detected. Learn more about Socket for GitHub ↗︎

To accept the risk, merge this PR and you will not be notified again.

Alert	Package	Note	Source	CI
Install scripts	npm/vue-demi@0.12.5	Install script: postinstall Source: `node ./scripts/postinstall.js`	`packages/frontend-bo/package.json`	🚫
Install scripts	npm/esbuild@0.20.2	Install script: postinstall Source: `node install.js`	`packages/frontend-bo/package.json`	🚫
Telemetry	npm/@nuxt/telemetry@2.5.4	Note: Can be disabled by setting the environment variable NUXT_TELEMETRY_DISABLED=1	`packages/frontend-bo/package.json`	🚫
Install scripts	npm/esbuild@0.21.5	Install script: postinstall Source: `node install.js`	`packages/frontend-bo/package.json`	🚫

View full report↗︎

Next steps

What is an install script?

Install scripts are run when the package is installed. The majority of malware in npm is hidden in install scripts.

Packages should not be running non-essential scripts during install and there are often solutions to problems people solve with install scripts that can be run at publish time instead.

What is telemetry?

This package contains telemetry which tracks how it is used.

Most telemetry comes with settings to disable it. Consider disabling telemetry if you do not want to be tracked.

Take a deeper look at the dependency

Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support [AT] socket [DOT] dev.

Remove the package

If you happen to install a dependency that Socket reports as Known Malware you should immediately remove it and select a different dependency. For other alert types, you may may wish to investigate alternative packages or consider if there are other ways to mitigate the specific risk posed by the dependency.

Mark a package as acceptable risk

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of ecosystem/package-name@version specifiers. e.g. @SocketSecurity ignore npm/foo@1.0.0 or ignore all packages with @SocketSecurity ignore-all