Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(deps): update dependency mime to v4 #2710

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

fix(deps): update dependency mime to v4 #2710

wants to merge 1 commit into from
+1 −1

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Nov 30, 2023
edited

Mend Renovate

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
mime ^3.0.0 -> ^4.0.3 age adoption passing confidence

Release Notes

broofa/mime (mime)

v4.0.3

Compare Source

v4.0.2

Compare Source

v4.0.1

Compare Source

v4.0.0

Compare Source

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate. View repository job log here.

@renovate renovate bot force-pushed the renovate_mime-4.x branch 3 times, most recently from 918cefa to 252909a Compare December 7, 2023 11:03
@renovate renovate bot force-pushed the renovate_mime-4.x branch 10 times, most recently from 66e8e40 to acae240 Compare December 18, 2023 18:26
@renovate renovate bot force-pushed the renovate_mime-4.x branch 4 times, most recently from ba6484c to 1417157 Compare December 30, 2023 23:06
@renovate renovate bot force-pushed the renovate_mime-4.x branch 2 times, most recently from e4a74d8 to 8ce0574 Compare January 5, 2024 12:18
@renovate renovate bot force-pushed the renovate_mime-4.x branch 6 times, most recently from 2bb5b40 to 507a8a2 Compare January 16, 2024 15:51
@renovate renovate bot force-pushed the renovate_mime-4.x branch 3 times, most recently from 7d14b49 to c2345f4 Compare January 26, 2024 23:33
@renovate renovate bot force-pushed the renovate_mime-4.x branch 4 times, most recently from eeaafd5 to 0163ab3 Compare February 4, 2024 23:42
@renovate renovate bot force-pushed the renovate_mime-4.x branch 2 times, most recently from b795a2a to 4a5905c Compare February 16, 2024 04:22
@renovate renovate bot force-pushed the renovate_mime-4.x branch 2 times, most recently from 72a0276 to c918a52 Compare March 4, 2024 18:56
@socket-security Socket Security
Copy link

socket-security bot commented Mar 4, 2024
edited

🚨 Potential security issues detected. Learn more about Socket for GitHub ↗︎

To accept the risk, merge this PR and you will not be notified again.

Alert Package NoteSource
Install scripts npm/[email protected]
  • Install script: postinstall
  • Source: node scripts/install.js || nodejs scripts/install.js
Potential typo squat npm/[email protected]
Install scripts npm/[email protected]
  • Install script: install
  • Source: node scripts/build-browser-scripts

View full report↗︎

Next steps

What is an install script?

Install scripts are run when the package is installed. The majority of malware in npm is hidden in install scripts.

Packages should not be running non-essential scripts during install and there are often solutions to problems people solve with install scripts that can be run at publish time instead.

What is a typosquat?

Package name is similar to other popular packages and may not be the package you want.

Use care when consuming similarly named packages and ensure that you did not intend to consume a different package. Malicious packages often publish using similar names as existing popular packages.

Take a deeper look at the dependency

Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support [AT] socket [DOT] dev.

Remove the package

If you happen to install a dependency that Socket reports as Known Malware you should immediately remove it and select a different dependency. For other alert types, you may may wish to investigate alternative packages or consider if there are other ways to mitigate the specific risk posed by the dependency.

Mark a package as acceptable risk

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of ecosystem/package-name@version specifiers. e.g. @SocketSecurity ignore npm/[email protected] or ignore all packages with @SocketSecurity ignore-all

@renovate renovate bot force-pushed the renovate_mime-4.x branch 2 times, most recently from 6c84b26 to 3ae3663 Compare March 4, 2024 19:23
@socket-security Socket Security
Copy link

socket-security bot commented Mar 20, 2024
edited

New and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package New capabilities Transitives Size Publisher

🚮 Removed packages: npm/[email protected]

View full report↗︎

@renovate renovate bot force-pushed the renovate_mime-4.x branch 7 times, most recently from 0de75dd to dcd96e5 Compare March 26, 2024 23:06
@renovate renovate bot force-pushed the renovate_mime-4.x branch 3 times, most recently from 7831f2f to c5d12bd Compare April 26, 2024 14:48
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
dependencies
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
0 participants