Fix/nuxt3 leaflet - Githubissues

iNeoO commented 3 weeks ago

# https://github.com/SocialGouv/vao/issues/228

socket-security[bot] commented 3 weeks ago

New and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package	New capabilities	Transitives	Size	Publisher
npm/@antfu/utils@0.7.8	None	`0`	108 kB	antfu
npm/@babel/helper-annotate-as-pure@7.24.7	None	`+1`	55.9 kB	nicolo-ribaudo
npm/@babel/helper-create-class-features-plugin@7.24.7	None	`0`	507 kB	nicolo-ribaudo
npm/@babel/helper-member-expression-to-functions@7.24.7	None	`+1`	111 kB	nicolo-ribaudo
npm/@babel/helper-optimise-call-expression@7.24.7	None	`+1`	58.5 kB	nicolo-ribaudo
npm/@babel/helper-replace-supers@7.24.7	None	`0`	98.6 kB	nicolo-ribaudo
npm/@babel/helper-skip-transparent-expression-wrappers@7.24.7	None	`+1`	62 kB	nicolo-ribaudo
npm/@babel/parser@7.24.5	None	`0`	1.89 MB	nicolo-ribaudo
npm/@babel/plugin-transform-typescript@7.24.7	None	`0`	201 kB	nicolo-ribaudo
npm/@babel/types@7.24.5	environment	`+2`	2.45 MB	nicolo-ribaudo
npm/@gouvminint/vue-dsfr@5.17.4	Transitive: environment	`+3`	1.91 MB	gouvminint
npm/@nuxt/devtools@1.3.1	environment, network Transitive: eval, filesystem, shell	`+53`	33.8 MB	antfu
npm/@nuxt/eslint-config@0.3.13	Transitive: environment, filesystem, unsafe	`+75`	17.1 MB	antfu
npm/@nuxt/kit@3.11.2	Transitive: environment, filesystem, network, unsafe	`+31`	3.14 MB	danielroe
npm/@nuxt/schema@3.11.2	Transitive: environment, filesystem, unsafe	`+11`	3.3 MB	danielroe
npm/@nuxtjs/leaflet@1.0.14	None	`+4`	4.19 MB	gugustinette
npm/@opentelemetry/api@1.8.0	None	`0`	1.21 MB	pichlermarc
npm/@opentelemetry/core@1.24.1	environment, unsafe	`0`	877 kB	pichlermarc
npm/@opentelemetry/resources@1.24.1	environment, filesystem, shell	`0`	557 kB	pichlermarc
npm/@opentelemetry/semantic-conventions@1.24.1	None	`0`	1.66 MB	pichlermarc
npm/@pinia/nuxt@0.5.1	None	`0`	8.69 kB	posva
npm/@rollup/plugin-replace@5.0.7	None	`0`	26.4 kB	shellscape
npm/@rollup/pluginutils@5.1.0	None	`0`	57.1 kB	shellscape
npm/@sentry/vue@7.117.0	Transitive: network	`+12`	11.3 MB	sentry-bot
npm/@socialgouv/dsfr-toaster-nuxt-module@1.2.1	Transitive: environment	`+4`	1.93 MB	socialgroovybot
npm/@stylistic/eslint-plugin-js@2.1.0	None	`+1`	598 kB	eslint-stylistic-bot
npm/@types/eslint@8.56.10	None	`0`	192 kB	types
npm/@types/estree@1.0.5	None	`0`	25.7 kB	types
npm/@typescript-eslint/types@7.10.0	None	`0`	156 kB	jameshenry
npm/@typescript-eslint/utils@7.10.0	Transitive: filesystem	`+10`	2.4 MB	jameshenry
npm/@unhead/dom@1.9.13	None	`+4`	703 kB	harlan_zw
npm/@vee-validate/i18n@4.13.1	network	`0`	131 kB	logaretm
npm/@vee-validate/rules@4.13.1	None	`0`	59.6 kB	logaretm
npm/@vue/babel-plugin-jsx@1.2.2	None	`+7`	182 kB	sxzz
npm/@vue/compiler-dom@3.4.27	environment, eval	`+1`	1.21 MB	yyx990803
npm/@vue/compiler-sfc@3.4.27	environment, eval, filesystem, unsafe	`+4`	3.18 MB	yyx990803
npm/@vue/devtools-core@7.2.1	network	`+2`	114 kB	webfansplz
npm/@vue/devtools-kit@7.2.1	None	`+4`	572 kB	webfansplz
npm/@vue/devtools-shared@7.2.1	None	`0`	30.2 kB	webfansplz
npm/@vue/devtools-ui@7.2.1	Transitive: environment	`+6`	2.32 MB	webfansplz
npm/@vue/shared@3.4.27	environment	`0`	80.6 kB	yyx990803
npm/@vueform/multiselect@2.6.7	None	`0`	859 kB	vueform
npm/@vueuse/core@10.9.0	environment, network	`+3`	1.92 MB	antfu
npm/acorn@8.11.3	None	`0`	531 kB	marijn
npm/agent-base@6.0.2	None	`0`	34.6 kB	tootallnate
npm/archiver-utils@5.0.2	Transitive: environment, filesystem, shell	`+27`	1.97 MB	ctalkington
npm/browserslist@4.23.0	environment, filesystem Transitive: shell	`+3`	402 kB	ai
npm/caniuse-lite@1.0.30001620	None	`0`	2.05 MB	caniuse-lite
npm/citty@0.1.6	Transitive: environment	`+1`	273 kB	pi0
npm/comment-parser@1.4.1	None	`0`	366 kB	yavorskiys
npm/confbox@0.1.7	None	`0`	269 kB	pi0
npm/cookie-es@1.1.0	None	`0`	33.5 kB	pi0
npm/crossws@0.2.4	None	`0`	356 kB	pi0
npm/debug@4.3.4	environment	`0`	42.4 kB	qix
npm/defu@6.1.4	None	`0`	19.6 kB	pi0
npm/entities@4.5.0	None	`0`	413 kB	feedic
npm/esbuild@0.21.5	environment, filesystem, network, shell	`+23`	226 MB	evanw
npm/eslint-config-prettier@9.1.0	None	`0`	20.8 kB	lydell
npm/fs-extra@11.2.0	Transitive: filesystem	`+2`	79.3 kB	ryanzim
npm/h3@1.11.1	Transitive: environment	`+7`	1.1 MB	pi0
npm/is-core-module@2.13.1	None	`0`	30.2 kB	ljharb
npm/is-docker@3.0.0	None	`0`	3.15 kB	sindresorhus
npm/jsdoc-type-pratt-parser@4.0.0	None	`0`	242 kB	jsdoc-type-pratt-parser
npm/knitwork@1.1.0	None	`0`	37.3 kB	pi0
npm/lint-staged@15.2.2	Transitive: environment, filesystem, shell	`+32`	1.12 MB	okonet
npm/magic-string@0.30.10	None	`0`	452 kB	antfu
npm/micromatch@4.0.5	None	`0`	55.9 kB	jonschlinkert
npm/minipass@7.1.1	None	`0`	285 kB	isaacs
npm/mlly@1.7.0	None	`0`	232 kB	pi0
npm/nanoid@3.3.7	None	`0`	24.4 kB	ai
npm/nth-check@2.1.1	None	`+1`	43.9 kB	feedic
npm/nuxt-security@1.4.3	None	`0`	72.4 kB	baroshem
npm/nuxt@3.12.1	Transitive: environment, eval, filesystem, network, shell, unsafe	`+282`	294 MB	danielroe
npm/ofetch@1.3.4	environment, network	`+1`	63.4 kB	pi0
npm/oh-vue-icons@1.0.0-rc3	None	`0`	45.9 MB	renovamen
npm/pathe@1.1.2	None	`0`	30.8 kB	pi0
npm/pinia@2.1.7	environment	`0`	379 kB	posva
npm/pkg-types@1.1.1	None	`0`	62.3 kB	pi0
npm/postcss-selector-parser@6.0.16	None	`0`	186 kB	evilebottnawi
npm/prettier@3.2.5	environment, filesystem, unsafe	`0`	8.39 MB	prettier-bot
npm/protocols@2.0.1	None	`0`	9.29 kB	ionicabizau
npm/radix3@1.1.2	None	`0`	31.6 kB	pi0
npm/redis-errors@1.2.0	None	`0`	8.85 kB	bridgear
npm/refa@0.12.1	None	`0`	1.14 MB	rundevelopment
npm/regexp-ast-analysis@0.7.1	None	`0`	271 kB	rundevelopment
npm/rfdc@1.3.1	None	`0`	25.2 kB	matteo.collina
npm/rollup@4.17.2	environment, filesystem	`0`	2.28 MB	lukastaegert
npm/sass-loader@14.2.1	environment	`0`	60.3 kB	evilebottnawi
npm/sass@1.77.5	filesystem, unsafe	`0`	5.22 MB	sassbot
npm/scule@1.3.0	None	`0`	29.6 kB	pi0
npm/source-map-js@1.2.0	None	`0`	140 kB	7rulnik
npm/tar@6.2.1	environment, filesystem	`0`	167 kB	isaacs
npm/typescript@5.4.5	None	`0`	32.4 MB	typescript-bot
npm/ufo@1.5.3	None	`0`	103 kB	pi0
npm/unplugin@1.10.1	filesystem	`0`	175 kB	antfu
npm/vee-validate@4.13.1	environment	`+1`	491 kB	logaretm
npm/vite@5.3.3	environment, eval, filesystem, network, shell, unsafe	`+5`	7.96 MB	vitebot
npm/vue-demi@0.14.7	filesystem	`0`	27.3 kB	antfu
npm/vue-matomo@4.2.0	None	`0`	21.2 kB	amazingdreams
npm/vue-router@4.3.3	environment	`0`	809 kB	posva
npm/vue@3.4.27	environment, eval	`0`	2.2 MB	yyx990803
npm/yaml@2.3.4	environment	`0`	661 kB	eemeli

View full report↗︎

socket-security[bot] commented 3 weeks ago

🚨 Potential security issues detected. Learn more about Socket for GitHub ↗︎

To accept the risk, merge this PR and you will not be notified again.

Alert	Package	Note	Source	CI
Install scripts	npm/vue-demi@0.14.7	Install script: postinstall Source: `node -e "try{require('./scripts/postinstall.js')}catch(e){}"`	Source	🚫
Install scripts	npm/esbuild@0.20.2	Install script: postinstall Source: `node install.js`	`packages/frontend-usagers/package.json`	🚫
Telemetry	npm/@nuxt/telemetry@2.5.4	Note: Can be disabled by setting the environment variable NUXT_TELEMETRY_DISABLED=1	`packages/frontend-usagers/package.json`	🚫
Install scripts	npm/esbuild@0.21.5	Install script: postinstall Source: `node install.js`	Source	🚫

View full report↗︎

Next steps

What is an install script?

Install scripts are run when the package is installed. The majority of malware in npm is hidden in install scripts.

Packages should not be running non-essential scripts during install and there are often solutions to problems people solve with install scripts that can be run at publish time instead.

What is telemetry?

This package contains telemetry which tracks how it is used.

Most telemetry comes with settings to disable it. Consider disabling telemetry if you do not want to be tracked.

Take a deeper look at the dependency

Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support [AT] socket [DOT] dev.

Remove the package

If you happen to install a dependency that Socket reports as Known Malware you should immediately remove it and select a different dependency. For other alert types, you may may wish to investigate alternative packages or consider if there are other ways to mitigate the specific risk posed by the dependency.

Mark a package as acceptable risk

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of ecosystem/package-name@version specifiers. e.g. @SocketSecurity ignore npm/foo@1.0.0 or ignore all packages with @SocketSecurity ignore-all

@SocketSecurity ignore npm/vue-demi@0.14.7
@SocketSecurity ignore npm/esbuild@0.20.2
@SocketSecurity ignore npm/@nuxt/telemetry@2.5.4
@SocketSecurity ignore npm/esbuild@0.21.5

github-actions[bot] commented 3 weeks ago

🎉 Deployment for commit 8ff8f9c41b362e20793a31db3397d968fd9a625e :

Ingresses

- 🚀 [https://api-vao-fix-nuxt3-leaflet-a28pxkgb.ovh.fabrique.social.gouv.fr/](https://api-vao-fix-nuxt3-leaflet-a28pxkgb.ovh.fabrique.social.gouv.fr/) - 🚀 [https://bo-vao-fix-nuxt3-leaflet-a28pxkgb.ovh.fabrique.social.gouv.fr/](https://bo-vao-fix-nuxt3-leaflet-a28pxkgb.ovh.fabrique.social.gouv.fr/) - 🚀 [https://maildev-vao-fix-nuxt3-leaflet-a28pxkgb.ovh.fabrique.social.gouv.fr/](https://maildev-vao-fix-nuxt3-leaflet-a28pxkgb.ovh.fabrique.social.gouv.fr/) - 🚀 [https://vao-fix-nuxt3-leaflet-a28pxkgb.ovh.fabrique.social.gouv.fr/](https://vao-fix-nuxt3-leaflet-a28pxkgb.ovh.fabrique.social.gouv.fr/)

Docker images

- 📦 docker pull harbor.fabrique.social.gouv.fr/vao/vao/backend:sha-8ff8f9c41b362e20793a31db3397d968fd9a625e - 📦 docker pull harbor.fabrique.social.gouv.fr/vao/vao/frontend-bo:sha-8ff8f9c41b362e20793a31db3397d968fd9a625e - 📦 docker pull harbor.fabrique.social.gouv.fr/vao/vao/frontend-usagers:sha-8ff8f9c41b362e20793a31db3397d968fd9a625e - 📦 docker pull maildev/maildev:2.1.0

Debug

- [📕 Loki logs for namespace vao-fix-nuxt3-leaflet-a28pxkgb](https://grafana-ovh.fabrique.social.gouv.fr/explore?orgId=1&left=%5B%22now-6h%22,%22now%22,%22Loki%22,%7B%22expr%22:%22%7Bnamespace%3D%5C%22vao-fix-nuxt3-leaflet-a28pxkgb%5C%22%7D%22%7D%5D) - [📈 Pods monitoring for namespace vao-fix-nuxt3-leaflet-a28pxkgb](https://grafana-ovh.fabrique.social.gouv.fr/d/a7df53d7-0696-4e00-821b-c56b66e5c20a/kubernetes-compute-resources-namespace-pods?orgId=1&refresh=10s&var-datasource=P5DCFC7561CCDE821&var-cluster=ovh-dev&var-namespace=vao-fix-nuxt3-leaflet-a28pxkgb) - [📈 Workloads monitoring for namespace vao-fix-nuxt3-leaflet-a28pxkgb](https://grafana-ovh.fabrique.social.gouv.fr/d/a164a7f0339f99e89cea5cb47e9be617V2/kubernetes-compute-resources-namespace-workloads?orgId=1&refresh=10s&var-datasource=eb239be0-0ac2-41d5-9e1a-061f951a07a3&var-cluster=ovh-dev&var-namespace=vao-fix-nuxt3-leaflet-a28pxkgb&var-type=deployment) - [🐘 CNPG pg](https://grafana-ovh.fabrique.social.gouv.fr/d/z7FCA4Nn1/cloudnativepg?orgId=1&refresh=30s&var-DS_PROMETHEUS=default&var-namespace=vao-fix-nuxt3-leaflet-a28pxkgb&var-cluster=pg&var-instances=All)

github-advanced-security[bot] commented 3 weeks ago

This pull request sets up GitHub code scanning for this repository. Once the scans have completed and the checks have passed, the analysis results for this pull request branch will appear on this overview. Once you merge this pull request, the 'Security' tab will show more code scanning analysis results (for example, for the default branch). Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results. For more information about GitHub code scanning, check out the documentation.