Closed dependabot[bot] closed 2 months ago
New and removed dependencies detected. Learn more about Socket for GitHub ↗︎
Package | New capabilities | Transitives | Size | Publisher |
---|---|---|---|---|
npm/@eslint-community/regexpp@4.11.0 | None | 0 |
446 kB | eslint-community-bot |
npm/acorn@8.12.1 | None | 0 |
538 kB | marijn |
npm/babel-plugin-istanbul@7.0.0 | environment, filesystem, shell Transitive: unsafe | +12 |
633 kB | oss-bot |
npm/chai-as-promised@8.0.0 | None | 0 |
27.9 kB | chaijs |
npm/chai-http@5.0.0 | network Transitive: environment, filesystem | +21 |
1.02 MB | chaijs |
npm/chai@5.1.1 | None | +5 |
620 kB | chaijs |
npm/check-error@2.1.1 | None | 0 |
11.4 kB | chaijs |
npm/eslint@9.7.0 | environment Transitive: filesystem, unsafe | +32 |
4.77 MB | eslintbot |
npm/node-polyfill-webpack-plugin@4.0.0 | network, unsafe Transitive: environment, eval | +46 |
2.79 MB | richienb |
npm/nyc@17.0.0 | environment, filesystem, unsafe Transitive: shell | +60 |
1.59 MB | bcoe |
npm/qs@6.12.3 | None | 0 |
249 kB | ljharb |
npm/sinon@18.0.0 | Transitive: environment, eval | +9 |
7.6 MB | fatso83 |
🚮 Removed packages: npm/@eslint-community/regexpp@4.10.1, npm/acorn@8.12.0, npm/babel-plugin-istanbul@6.1.1, npm/chai-as-promised@7.1.2, npm/chai-http@4.4.0, npm/node-polyfill-webpack-plugin@3.0.0, npm/nyc@15.1.0, npm/qs@6.12.1, npm/sinon@17.0.2
🚨 Potential security issues detected. Learn more about Socket for GitHub ↗︎
To accept the risk, merge this PR and you will not be notified again.
Alert | Package | Note | Source | CI |
---|---|---|---|---|
Mixed license | npm/chai-as-promised@8.0.0 |
| 🚫 |
(Experimental) Package contains multiple licenses.
A new version of the package should be published that includes a single license. Consumers may seek clarification from the package author. Ensure that the license details are consistent across the LICENSE file, package.json license field and license details mentioned in the README.
Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support [AT] socket [DOT] dev.
If you happen to install a dependency that Socket reports as Known Malware you should immediately remove it and select a different dependency. For other alert types, you may may wish to investigate alternative packages or consider if there are other ways to mitigate the specific risk posed by the dependency.
To ignore an alert, reply with a comment starting with @SocketSecurity ignore
followed by a space separated list of ecosystem/package-name@version
specifiers. e.g. @SocketSecurity ignore npm/foo@1.0.0
or ignore all packages with @SocketSecurity ignore-all
@SocketSecurity ignore npm/chai-as-promised@8.0.0
This pull request was built based on a group rule. Closing it will not ignore any of these versions in future pull requests.
To ignore these dependencies, configure ignore rules in dependabot.yml
Bumps the major group with 8 updates in the / directory:
6.1.1
7.0.0
4.4.1
5.1.1
7.1.2
8.0.0
4.4.0
5.0.0
8.57.0
9.7.0
3.0.0
4.0.0
15.1.0
17.0.0
17.0.2
18.0.0
Updates
babel-plugin-istanbul
from 6.1.1 to 7.0.0Release notes
Sourced from babel-plugin-istanbul's releases.
Changelog
Sourced from babel-plugin-istanbul's changelog.
Commits
37bb294
chore: release 7.0.0 (#297)46bee63
docs: readme: fixed example:fileName
->filename
(#269)643e080
fix!: updateistanbul-lib-instrument
to v6 (#292)8e76919
fix: container is falsy error with block scoping transform (#291)Updates
chai
from 4.4.1 to 5.1.1Release notes
Sourced from chai's releases.
... (truncated)
Commits
37263c0
fix: support some virtual contexts intoThrow
(#1609)91e58ed
Correct Mocha import instructions (#1611)61159d1
build(deps-dev): bump ip from 1.1.8 to 1.1.9 (#1608)8475d2a
Set up ESLint for JSDoc comments (#1605)936c0ca
5.1.02cf92f5
Fix publish script (#1602)1ba37b5
Set support in same members (#1583)f224339
Assert interface fix (#1601)d504573
Implementiterable
assertion (#1592)640d932
Convert comments in "legal comments" format to jsdoc (#1598)Updates
chai-as-promised
from 7.1.2 to 8.0.0Release notes
Sourced from chai-as-promised's releases.
Commits
4c6e8b0
chore: relicense as MIT (#299)0bf21dd
fix: update repo in package.json (#296)c9a4b22
chore: allow publishing prereleases (#295)7e2b1a9
fix: raise a nicer error when non-object errors are matched (#294)4b6fa17
feat: move to ESM-only (#287)0335b67
chore: add prettier (#286)93ba7d0
feat: upgrade dev toolchain (#285)bb8ebec
Migrate CI to GitHub Actions (#283)Updates
chai-http
from 4.4.0 to 5.0.0Release notes
Sourced from chai-http's releases.
... (truncated)
Commits
3d1c5d1
feat: add publish workflows (#329)bd11864
style: add prettier and eslint (#328)e5fddbb
move to ESM (Chai 5) (#310)62f521c
Fix #326 - readme: add how to import chai 5 and use chaiHttp 4 (#327)e30a5b8
chore: update build pipeline to use v4 of github actions (#325)9e11cd8
debug release5a1fa20
bump node version2e9229f
try release 5.0.07d8b1d2
add comments to node versions0c4ad14
[TASK] Updated npm-packages for releasing at raised node version to l… (#323)Updates
eslint
from 8.57.0 to 9.7.0Release notes
Sourced from eslint's releases.
... (truncated)
Changelog
Sourced from eslint's changelog.
... (truncated)
Commits
05ab812
9.7.01917cd3
Build: changelog update for 9.7.0793b718
chore: upgrade@eslint/js
@9
.7.0 (#18680)7ed6f9a
chore: package.json update for@eslint/js
release14e9f81
fix: destructuring in catch clause inno-unused-vars
(#18636)7bcda76
refactor: Add type references (#18652)51bf57c
chore: add tech sponsors through actions (#18624)9f416db
docs: Add Powered by Algolia label to the search. (#18633)6320732
refactor: don't useparent
property inNodeEventGenerator
(#18653)7bd9839
feat: add support for es2025 duplicate named capturing groups (#18630)Updates
node-polyfill-webpack-plugin
from 3.0.0 to 4.0.0Release notes
Sourced from node-polyfill-webpack-plugin's releases.
Commits
fc4e0a9
4.0.04d26fb0
Update dependenciesd1c923c
Meta tweak010fc94
Addfs
null fallback (#45)08f793b
Stop polyfillingconsole
, 'domain',process
, and internalstream
module...Updates
nyc
from 15.1.0 to 17.0.0Release notes
Sourced from nyc's releases.
Changelog
Sourced from nyc's changelog.
Commits
fee2821
chore(main): release nyc 17.0.0 (#1558)10daacc
build: explicitly point to config files8120112
test: remove dependency on "true" which is not on all windows sytemsf6e5aba
chore(main): release 16.0.0 (#1554)b6ed598
fix(deps): address security alerts in deps (#1555)dda8e44
build: migrate to main branch (#1553)9ef340e
build: move tests over to latest tapjs (#1552)ab7c53b
chore: Remove package-lock.json91ae8b8
chore(deps-dev): bump standard-version from 8.0.0 to 8.0.1a6336e1
chore(deps): bump lodash from 4.17.15 to 4.17.19Updates
sinon
from 17.0.2 to 18.0.0Changelog
Sourced from sinon's changelog.
Commits
adea6a1
18.0.06324be4
Use Nise 6 with legacyRoutes flag enabled4cbd712
Bump nokogiri from 1.16.2 to 1.16.5 (#2598)c618edc
fix #2594: remove needless sandbox creationDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase
.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show