Closed github-actions[bot] closed 1 week ago
New and removed dependencies detected. Learn more about Socket for GitHub ↗︎
🚮 Removed packages: npm/@eslint-community/eslint-utils@4.4.0, npm/@eslint-community/regexpp@4.10.0, npm/@rollup/plugin-terser@0.4.4, npm/@types/node@20.11.24, npm/@typescript-eslint/eslint-plugin@6.21.0, npm/@typescript-eslint/parser@6.21.0, npm/acorn@8.11.2, npm/call-bind@1.0.5, npm/define-data-property@1.1.1, npm/define-properties@1.2.1, npm/eslint-config-prettier@9.1.0, npm/eslint-plugin-import@2.29.1, npm/eslint-plugin-n@16.6.2, npm/eslint-plugin-node@11.1.0, npm/eslint-plugin-promise@6.1.1, npm/eslint-plugin-security@2.1.1, npm/eslint-visitor-keys@3.4.3, npm/eslint@8.57.0, npm/espree@9.6.1, npm/estraverse@5.3.0, npm/fast-deep-equal@3.1.3, npm/get-intrinsic@1.2.2
🚨 Potential security issues detected. Learn more about Socket for GitHub ↗︎
To accept the risk, merge this PR and you will not be notified again.
Alert | Package | Note | Source |
---|---|---|---|
Install scripts | npm/svelte-preprocess@4.10.7 |
| |
Install scripts | npm/@swc/core@1.3.14 |
| |
Install scripts | npm/@sveltejs/kit@1.0.0-next.532 |
|
Install scripts are run when the package is installed. The majority of malware in npm is hidden in install scripts.
Packages should not be running non-essential scripts during install and there are often solutions to problems people solve with install scripts that can be run at publish time instead.
Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support [AT] socket [DOT] dev.
If you happen to install a dependency that Socket reports as Known Malware you should immediately remove it and select a different dependency. For other alert types, you may may wish to investigate alternative packages or consider if there are other ways to mitigate the specific risk posed by the dependency.
To ignore an alert, reply with a comment starting with @SocketSecurity ignore
followed by a space separated list of ecosystem/package-name@version
specifiers. e.g. @SocketSecurity ignore npm/foo@1.0.0
or ignore all packages with @SocketSecurity ignore-all
@SocketSecurity ignore npm/svelte-preprocess@4.10.7
@SocketSecurity ignore npm/@swc/core@1.3.14
@SocketSecurity ignore npm/@sveltejs/kit@1.0.0-next.532
Version Updates
Merging this PR will release new versions of the following packages based on your change files.
@tauri-apps/api
[2.0.0-beta.12]
New Features
ec0e092ec
(#9770) AddmonitorFromPoint
function inwindow
module to get the monitor from a given point.tauri-utils
[2.0.0-beta.16]
Bug Fixes
be95d8d37
(#9782) Fixes theToTokens
implementation forCapability
.tauri-bundler
[2.0.1-beta.14]
Enhancements
781d74799
(#9840) Reduced the compression level for rpm bundles from 9 (max) to 6. This has almost no effect on file size but should reduce build time by roughly 25%.Bug Fixes
d0d974fa5
(#9833) Fix NSIS installer deep links registration.Dependencies
Upgraded to
tauri-utils@2.0.0-beta.16
tauri-runtime
[2.0.0-beta.17]
Dependencies
tauri-utils@2.0.0-beta.16
tauri-runtime-wry
[2.0.0-beta.17]
Security fixes
d950ac123
Only process IPC commands from the main frame.Dependencies
Upgraded to
tauri-utils@2.0.0-beta.16
Upgraded to
tauri-runtime@2.0.0-beta.17
tauri-codegen
[2.0.0-beta.16]
Dependencies
tauri-utils@2.0.0-beta.16
tauri-macros
[2.0.0-beta.16]
Dependencies
tauri-utils@2.0.0-beta.16
tauri-codegen@2.0.0-beta.16
tauri-plugin
[2.0.0-beta.16]
Dependencies
tauri-utils@2.0.0-beta.16
tauri-build
[2.0.0-beta.16]
Dependencies
tauri-utils@2.0.0-beta.16
tauri-codegen@2.0.0-beta.16
tauri
[2.0.0-beta.20]
New Features
ae6b13dfc
(#9789) Addapp-region: drag
to HTML elements withdata-tauri-drag-region
on Windows, only WebView2 123+, which should fix dragging using touch.ec0e092ec
(#9770) AddApp/AppHandle/Window/Webview/WebviewWindow::monitor_from_point(x, y)
getter to get the monitor from a given point.Enhancements
5d20530c9
(#9842) AddedAppHandle::set_activation_policy
for macOS.Bug Fixes
0b690f242
(#9845) Exporttauri::UriSchemeResponder
.Security fixes
d950ac123
Only process IPC commands from the main frame.Dependencies
Upgraded to
tauri-utils@2.0.0-beta.16
Upgraded to
tauri-runtime-wry@2.0.0-beta.17
Upgraded to
tauri-runtime@2.0.0-beta.17
Upgraded to
tauri-macros@2.0.0-beta.16
Upgraded to
tauri-build@2.0.0-beta.16
@tauri-apps/cli
[2.0.0-beta.18]
Bug Fixes
beda18bce
(#9855) Fixed an issue that causedtauri add
to fail for multiple rust-only and platform-specific plugins.4a33bc6a6
(#9553) Fixespnpm
detection when initializing and running a mobile project.Dependencies
Upgraded to
tauri-cli@2.0.0-beta.18
tauri-cli
[2.0.0-beta.18]
Bug Fixes
beda18bce
(#9855) Fixed an issue that causedtauri add
to fail for multiple rust-only and platform-specific plugins.4a33bc6a6
(#9553) Fixespnpm
detection when initializing and running a mobile project.Dependencies
Upgraded to
tauri-bundler@2.0.1-beta.14
Upgraded to
tauri-utils@2.0.0-beta.16