search

swc-project / swc-node

Faster ts-node without typecheck
MIT License
1.78k stars 75 forks source link

chore: upgrade dependencies #709

Closed Brooooooklyn closed 1 year ago

socket-security[bot] commented 1 year ago

New dependency changes detected. Learn more about Socket for GitHub ↗︎

🚨 Potential security issues found in this pull request. To accept the risk, merge this PR and you will not be notified again.

Bot Commands

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of package-name@version specifiers. e.g. @SocketSecurity ignore foo@1.0.0 bar@* or ignore all packages with @SocketSecurity ignore-all

  • @SocketSecurity ignore @swc/core@1.3.49
  • @SocketSecurity ignore esbuild@0.17.16
📜 Install scripts

Install scripts are run when the package is installed. The majority of malware in npm is hidden in install scripts.

Packages should not be running non-essential scripts during install and there are often solutions to problems people solve with install scripts that can be run at publish time instead.

Package Script field Source
@swc/core@1.3.49 (upgraded) postinstall pnpm-lock.yaml via @swc-node/core@1.10.2, @swc-node/jest@1.6.3, @swc-node/register@1.6.3, packages/core/package.json, pnpm-lock.yaml, packages/integrate/package.json via @swc-node/core@1.10.2, packages/integrate-module/package.json, pnpm-lock.yaml via @swc-node/register@1.6.3, packages/jest/package.json, pnpm-lock.yaml via @swc-node/core@1.10.2, @swc-node/register@1.6.3, packages/loader/package.json via @swc-node/core@1.10.2, @swc-node/register@1.6.3, packages/register/package.json, pnpm-lock.yaml via @swc-node/core@1.10.2
esbuild@0.17.16 (upgraded) postinstall package.json, pnpm-lock.yaml, packages/loader/package.json via
Pull request alert summary
Issue Status
Install scripts ⚠️ 2 issues
Native code ✅ 0 issues
Bin script shell injection ✅ 0 issues
Unresolved require ✅ 0 issues
Invalid package.json ✅ 0 issues
HTTP dependency ✅ 0 issues
Git dependency ✅ 0 issues
Potential typo squat ✅ 0 issues
Known Malware ✅ 0 issues
Telemetry ✅ 0 issues
Protestware/Troll package ✅ 0 issues

📊 Modified Dependency Overview:

➕ Added Package Capability Access +/- Transitive Count Publisher
eslint-config-prettier@8.8.0 None +9 lydell
eslint-plugin-prettier@4.2.1 None +11 jounqin
eslint-plugin-import@2.27.5 eval, filesystem, environment +73 ljharb
react-dom@18.2.0 environment +1 gnoff
@babel/plugin-transform-typescript@7.21.3 filesystem, shell, environment +7 nicolo-ribaudo
⬆️ Updated Package Version Diff Added Capability Access +/- Transitive Count Publisher
typescript@5.0.4 4.8.3...5.0.4 None +0/-0 typescript-bot
p-timeout@6.1.1 6.1.0...6.1.1 None +0/-0 sindresorhus
esbuild@0.17.16 0.17.6...0.17.16 None +0/-0 evanw
jest@29.5.0 29.4.1...29.5.0 network +162/-97 simenb
file-type@18.2.1 18.2.0...18.2.1 None +1/-1 sindresorhus
@types/react-dom@18.0.11 18.0.10...18.0.11 None +3/-3 types
eslint@8.38.0 8.33.0...8.38.0 None +8/-10 eslintbot
@types/jest@29.5.0 29.4.0...29.5.0 None +13/-30 types
sinon@15.0.3 15.0.1...15.0.3 None +9/-6 fatso83
@swc/core@1.3.49 1.3.35...1.3.49 environment +4/-0 kdy1
@types/react@18.0.34 18.0.27...18.0.34 None +2/-2 types
@swc/helpers@0.5.0 0.4.14...0.5.0 None +0/-0 kdy1

🚮 Removed packages: @babel/core@7.20.12, @types/lodash@4.14.191, @types/node@18.11.19, lint-staged@13.1.0, prettier@2.8.3, webpack@5.75.0