socket-security[bot]
commented
1 year ago New dependency changes detected. Learn more about Socket for GitHub āļø
š No new dependency issues detected in pull request
Bot Commands
To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of package-name@version specifiers. e.g. @SocketSecurity ignore foo@1.0.0 bar@* or ignore all packages with @SocketSecurity ignore-all
Pull request alert summary
| Issue | Status |
|---|---|
| Critical CVE | ā 0 issues |
| Install scripts | ā 0 issues |
| Native code | ā 0 issues |
| Bin script shell injection | ā 0 issues |
| Unresolved require | ā 0 issues |
| Invalid package.json | ā 0 issues |
| HTTP dependency | ā 0 issues |
| Git dependency | ā 0 issues |
| Potential typo squat | ā 0 issues |
| Known Malware | ā 0 issues |
| Telemetry | ā 0 issues |
| Protestware/Troll package | ā 0 issues |
| AI detected security risk | ā 0 issues |
š Modified Dependency Overview:
| ā¬ļø Updated Package | Version Diff | Added Capability Access | +/- Transitive Count |
Publisher |
|---|---|---|---|---|
| chai@4.3.7 | 4.3.4...4.3.7 | None | +2/-1 |
chai |
This PR contains the following updates:
4.3.4->4.3.7Release Notes
chaijs/chai
### [`v4.3.7`](https://togithub.com/chaijs/chai/releases/tag/v4.3.7) [Compare Source](https://togithub.com/chaijs/chai/compare/v4.3.6...v4.3.7) #### What's Changed - fix: deep-eql bump package to support symbols comparison by [@snewcomer](https://togithub.com/snewcomer) in [https://github.com/chaijs/chai/pull/1483](https://togithub.com/chaijs/chai/pull/1483) **Full Changelog**: https://github.com/chaijs/chai/compare/v4.3.6...v4.3.7 ### [`v4.3.6`](https://togithub.com/chaijs/chai/releases/tag/v4.3.6) [Compare Source](https://togithub.com/chaijs/chai/compare/v4.3.5...v4.3.6) Update loupe to 2.3.1 ### [`v4.3.5`](https://togithub.com/chaijs/chai/releases/tag/v4.3.5) [Compare Source](https://togithub.com/chaijs/chai/compare/v4.3.4...v4.3.5) - build chaijs [`fca5bb1`](https://togithub.com/chaijs/chai/commit/fca5bb1) - build(deps-dev): bump codecov from 3.1.0 to 3.7.1 ([#1446](https://togithub.com/chaijs/chai/issues/1446)) [`747eb4e`](https://togithub.com/chaijs/chai/commit/747eb4e) - fix package.json exports [`022c2fa`](https://togithub.com/chaijs/chai/commit/022c2fa) - fix: package.json - deprecation warning on exports field ([#1400](https://togithub.com/chaijs/chai/issues/1400)) [`5276af6`](https://togithub.com/chaijs/chai/commit/5276af6) - feat: use chaijs/loupe for inspection ([#1401](https://togithub.com/chaijs/chai/issues/1401)) ([#1407](https://togithub.com/chaijs/chai/issues/1407)) [`c8a4e00`](https://togithub.com/chaijs/chai/commit/c8a4e00)Configuration
š Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
š¦ Automerge: Disabled by config. Please merge this manually once you are satisfied.
ā» Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
š Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Mend Renovate. View repository job log here.