chore(deps): update all non-major dependencies #352
Pull Request #352 Alerts: Complete with warnings
Report | Status | Message |
---|---|---|
PR #352 Alerts | Found 1 project alert |
Pull request alerts notify when new issues are detected between the diff of the pull request and it's target branch.
Details
New dependency changes detected. Learn more about Socket for GitHub ↗︎
🚨 Potential security issues found in this pull request. To accept the risk, merge this PR and you will not be notified again.
Bot Commands
To ignore an alert, reply with a comment starting with @SocketSecurity ignore
followed by a space separated list of package-name@version
specifiers. e.g. @SocketSecurity ignore [email protected] bar@*
or ignore all packages with @SocketSecurity ignore-all
@SocketSecurity ignore [email protected]
📜 Install scripts
Install scripts are run when the package is installed. The majority of malware in npm is hidden in install scripts.
Packages should not be running non-essential scripts during install and there are often solutions to problems people solve with install scripts that can be run at publish time instead.
Package | Script field | Source |
---|---|---|
[email protected] (added) | postinstall |
package.json , pnpm-lock.yaml |
Pull request alert summary
Issue | Status |
---|---|
Install scripts | |
Native code | ✅ 0 issues |
Bin script shell injection | ✅ 0 issues |
Unresolved require | ✅ 0 issues |
Invalid package.json | ✅ 0 issues |
HTTP dependency | ✅ 0 issues |
Git dependency | ✅ 0 issues |
Potential typo squat | ✅ 0 issues |
Known Malware | ✅ 0 issues |
Telemetry | ✅ 0 issues |
Protestware/Troll package | ✅ 0 issues |
📊 Modified Dependency Overview:
➕ Added Package | Capability Access | +/- Transitive Count |
Publisher |
---|---|---|---|
[email protected] | network, filesystem, shell, environment | +0 |
turbobot |
@types/[email protected] | None | +0 |
types |
⬆️ Updated Package | Version Diff | Added Capability Access | +/- Transitive Count |
Publisher |
---|---|---|---|---|
[email protected] | 0.17.18...0.17.19 | None | +0/-0 |
evanw |
[email protected] | 0.51.12...0.51.13 | None | +52/-50 |
antfu |
@unocss/[email protected] | 0.51.12...0.51.13 | None | +0/-0 |
antfu |
[email protected] | 3.21.6...3.21.8 | None | +0/-0 |
lukastaegert |
🚮 Removed packages: @volar/[email protected]