New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix(deps): update dependency mime to v4 #2710
base: master
Are you sure you want to change the base?
Conversation
918cefa
to
252909a
Compare
66e8e40
to
acae240
Compare
ba6484c
to
1417157
Compare
e4a74d8
to
8ce0574
Compare
2bb5b40
to
507a8a2
Compare
507a8a2
to
b8bc595
Compare
7d14b49
to
c2345f4
Compare
eeaafd5
to
0163ab3
Compare
b795a2a
to
4a5905c
Compare
72a0276
to
c918a52
Compare
🚨 Potential security issues detected. Learn more about Socket for GitHub ↗︎ To accept the risk, merge this PR and you will not be notified again.
Next stepsWhat is an install script?Install scripts are run when the package is installed. The majority of malware in npm is hidden in install scripts. Packages should not be running non-essential scripts during install and there are often solutions to problems people solve with install scripts that can be run at publish time instead. What is a typosquat?Package name is similar to other popular packages and may not be the package you want. Use care when consuming similarly named packages and ensure that you did not intend to consume a different package. Malicious packages often publish using similar names as existing popular packages. Take a deeper look at the dependencyTake a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support [AT] socket [DOT] dev. Remove the packageIf you happen to install a dependency that Socket reports as Known Malware you should immediately remove it and select a different dependency. For other alert types, you may may wish to investigate alternative packages or consider if there are other ways to mitigate the specific risk posed by the dependency. Mark a package as acceptable riskTo ignore an alert, reply with a comment starting with
|
6c84b26
to
3ae3663
Compare
3ae3663
to
461d2bd
Compare
461d2bd
to
0c8c965
Compare
New and removed dependencies detected. Learn more about Socket for GitHub ↗︎
🚮 Removed packages: npm/[email protected] |
0de75dd
to
dcd96e5
Compare
dcd96e5
to
05dd999
Compare
7831f2f
to
c5d12bd
Compare
c5d12bd
to
485a60d
Compare
485a60d
to
39498b3
Compare
39498b3
to
f883eb9
Compare
This PR contains the following updates:
^3.0.0
->^4.0.3
Release Notes
broofa/mime (mime)
v4.0.3
Compare Source
v4.0.2
Compare Source
v4.0.1
Compare Source
v4.0.0
Compare Source
Configuration
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Mend Renovate. View repository job log here.