Closed deathalt closed 8 months ago
Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.
Updated dependencies detected. Learn more about Socket for GitHub ↗︎
Packages | Version | New capabilities | Transitives | Size | Publisher |
---|---|---|---|---|---|
node-fetch | 2.6.9...2.6.7 | None | +0/-0 |
152 kB | endless |
glob | 7.2.0...7.1.2 | filesystem | +0/-0 |
55.5 kB | isaacs |
ws | 8.4.0...8.0.0 | None | +0/-0 |
125 kB | lpinca |
fast-querystring | 1.1.2...1.1.0 | None | +0/-0 |
780 kB | anonrig |
@opentelemetry/api | 1.2.0...1.0.2 | None | +0/-0 |
369 kB | dyladan |
@elastic/elasticsearch | 8.6.0...8.5.0 | None | +4/-4 |
3.88 MB | sethmlarson |
Tests failing, needs a deeper review
Closing as discussed on matrix, locking protobufjs to 7.2.5
protobufjs = 7.2.6 have broken backward compatibility
also make bun non root for extra security
avoid https://github.com/advisories/GHSA-h755-8qp9-cq85 CVE-2022-35177 for bun as well as for node