Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore(deps): update all non-major dependencies #352

Merged
merged 4 commits into from May 16, 2023

chore: upgrade eslint rules

3014559
Select commit
Failed to load commit list.
Merged

chore(deps): update all non-major dependencies #352

chore: upgrade eslint rules
3014559
Select commit
Failed to load commit list.
Socket Security / Socket Security: Pull Request Alerts failed May 16, 2023 in 1m 45s

Pull Request #352 Alerts: Complete with warnings

Report Status Message
PR #352 Alerts ⚠️ Found 1 project alert

Pull request alerts notify when new issues are detected between the diff of the pull request and it's target branch.

Details

New dependency changes detected. Learn more about Socket for GitHub ↗︎

🚨 Potential security issues found in this pull request. To accept the risk, merge this PR and you will not be notified again.

Bot Commands

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of package-name@version specifiers. e.g. @SocketSecurity ignore [email protected] bar@* or ignore all packages with @SocketSecurity ignore-all

📜 Install scripts

Install scripts are run when the package is installed. The majority of malware in npm is hidden in install scripts.

Packages should not be running non-essential scripts during install and there are often solutions to problems people solve with install scripts that can be run at publish time instead.

Package Script field Source
[email protected] (added) postinstall package.json, pnpm-lock.yaml
Pull request alert summary
Issue Status
Install scripts ⚠️ 1 issue
Native code ✅ 0 issues
Bin script shell injection ✅ 0 issues
Unresolved require ✅ 0 issues
Invalid package.json ✅ 0 issues
HTTP dependency ✅ 0 issues
Git dependency ✅ 0 issues
Potential typo squat ✅ 0 issues
Known Malware ✅ 0 issues
Telemetry ✅ 0 issues
Protestware/Troll package ✅ 0 issues

📊 Modified Dependency Overview:

➕ Added Package Capability Access +/- Transitive Count Publisher
[email protected] network, filesystem, shell, environment +0 turbobot
@types/[email protected] None +0 types
⬆️ Updated Package Version Diff Added Capability Access +/- Transitive Count Publisher
[email protected] 0.17.18...0.17.19 None +0/-0 evanw
[email protected] 0.51.12...0.51.13 None +52/-50 antfu
@unocss/[email protected] 0.51.12...0.51.13 None +0/-0 antfu
[email protected] 3.21.6...3.21.8 None +0/-0 lukastaegert

🚮 Removed packages: @volar/[email protected]

View more details on Socket Security