Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Snyk] Upgrade @sentry/react from 7.16.0 to 8.30.0 #909

Open
wants to merge 1 commit into
base: main
Choose a base branch
from

Conversation

q1blue
Copy link
Collaborator

@q1blue q1blue commented Oct 1, 2024

snyk-top-banner

Snyk has created this PR to upgrade @sentry/react from 7.16.0 to 8.30.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.


⚠️ Warning: This PR contains major version upgrade(s), and may be a breaking change.

  • The recommended version is 205 versions ahead of your current version.

  • The recommended version was released on 21 days ago.

Release notes
Package name: @sentry/react
  • 8.30.0 - 2024-09-10

    Important Changes

    • feat(node): Add kafkajs integration (#13528)

    This release adds a new integration that instruments kafkajs library with spans and traces. This integration is
    automatically enabled by default, but can be included with the Sentry.kafkaIntegration() import.

    Sentry.init({
      integrations: [Sentry.kafkaIntegration()],
    });

    Other Changes

    • feat(core): Allow adding measurements without global client (#13612)
    • feat(deps): Bump @ opentelemetry/instrumentation-undici from 0.5.0 to 0.6.0 (#13622)
    • feat(deps): Bump @ sentry/cli from 2.33.0 to 2.35.0 (#13624)
    • feat(node): Use @ opentelemetry/instrumentation-undici for fetch tracing (#13485)
    • feat(nuxt): Add server config to root folder (#13583)
    • feat(otel): Upgrade @ opentelemetry/semantic-conventions to 1.26.0 (#13631)
    • fix(browser): check supportedEntryTypes before caling the function (#13541)
    • fix(browser): Ensure Standalone CLS span timestamps are correct (#13649)
    • fix(nextjs): Widen removal of 404 transactions (#13628)
    • fix(node): Remove ambiguity and race conditions when matching local variables to exceptions (#13501)
    • fix(node): Update OpenTelemetry instrumentation package for solidstart and opentelemetry (#13640)
    • fix(node): Update OpenTelemetry instrumentation package for solidstart and opentelemetry (#13642)
    • fix(vue): Ensure Vue trackComponents list matches components with or without <> (#13543)
    • ref(profiling): Conditionally shim cjs globals (#13267)

    Work in this release was contributed by @ Zen-cronic and @ odanado. Thank you for your contributions!

  • 8.29.0 - 2024-09-09

    Important Changes

    • Beta releases of official Solid and SolidStart Sentry SDKs

    This release marks the beta releases of the @ sentry/solid and @ sentry/solidstart Sentry SDKs. For details on how to
    use them, check out the
    Sentry Solid SDK README and the
    Sentry SolidStart SDK README
    respectively. Please reach out on GitHub if you have
    any feedback or concerns.

    • feat(node): Option to only wrap instrumented modules (#13139)

    Adds the SDK option to only wrap ES modules with import-in-the-middle that specifically need to be instrumented.

    import * as Sentry from '@ sentry/node';

    Sentry.init({
    dsn: 'PUBLIC_DSN',
    registerEsmLoaderHooks: { onlyIncludeInstrumentedModules: true },
    });

    • feat(node): Update OpenTelemetry packages to instrumentation v0.53.0 (#13587)

    All internal OpenTelemetry instrumentation was updated to their latest version. This adds support for Mongoose v7 and v8
    and fixes various bugs related to ESM mode.

    Other Changes

    • feat(nextjs): Emit warning when using turbopack (#13566)
    • feat(nextjs): Future-proof Next.js config options overriding (#13586)
    • feat(node): Add generic-pool integration (#13465)
    • feat(nuxt): Upload sourcemaps generated by Nitro (#13382)
    • feat(solidstart): Add browserTracingIntegration by default (#13561)
    • feat(solidstart): Add sentrySolidStartVite plugin to simplify source maps upload (#13493)
    • feat(vue): Only start UI spans if parent is available (#13568)
    • fix(cloudflare): Guard context.waitUntil call in request handler (#13549)
    • fix(gatsby): Fix assets path for sourcemaps upload (#13592)
    • fix(nextjs): Use posix paths for sourcemap uploads (#13603)
    • fix(node-fetch): Use stringified origin url (#13581)
    • fix(node): Replace dashes in generic-pool span origins with underscores (#13579)
    • fix(replay): Fix types in WebVitalData (#13573)
    • fix(replay): Improve replay web vital types (#13602)
    • fix(utils): Keep logger on carrier (#13570)

    Work in this release was contributed by @ Zen-cronic. Thank you for your contribution!

  • 8.28.0 - 2024-09-03

    Important Changes

    • Beta release of official NestJS SDK

    This release contains the beta version of @ sentry/nestjs! For details on how to use it, check out the
    README. Any feedback/bug reports
    are greatly appreciated, please reach out on GitHub.

    • fix(browser): Remove faulty LCP, FCP and FP normalization logic (#13502)

    This release fixes a bug in the @ sentry/browser package and all SDKs depending on this package (e.g. @ sentry/react
    or @ sentry/nextjs) that caused the SDK to send incorrect web vital values for the LCP, FCP and FP vitals. The SDK
    previously incorrectly processed the original values as they were reported from the browser. When updating your SDK to
    this version, you might experience an increase in LCP, FCP and FP values, which potentially leads to a decrease in your
    performance score in the Web Vitals Insights module in Sentry. This is because the previously reported values were
    smaller than the actually measured values. We apologize for the inconvenience!

    Other Changes

    • feat(nestjs): Add SentryGlobalGraphQLFilter (#13545)
    • feat(nestjs): Automatic instrumentation of nestjs interceptors after route execution (#13264)
    • feat(nextjs): Add bundleSizeOptimizations to build options (#13323)
    • feat(nextjs): Stabilize captureRequestError (#13550)
    • feat(nuxt): Wrap config in nuxt context (#13457)
    • feat(profiling): Expose profiler as top level primitive (#13512)
    • feat(replay): Add layout shift to CLS replay data (#13386)
    • feat(replay): Upgrade rrweb packages to 2.26.0 (#13483)
    • fix(cdn): Do not mangle _metadata (#13426)
    • fix(cdn): Fix SDK source for CDN bundles (#13475)
    • fix(nestjs): Check arguments before instrumenting with @ Injectable (#13544)
    • fix(nestjs): Ensure exception and host are correctly passed on when using @ WithSentry (#13564)
    • fix(node): Suppress tracing for transport request execution rather than transport creation (#13491)
    • fix(replay): Consider more things as DOM mutations for dead clicks (#13518)
    • fix(vue): Correctly obtain component name (#13484)

    Work in this release was contributed by @ leopoldkristjansson, @ mhuggins and @ filips123. Thank you for your
    contributions!

  • 8.27.0 - 2024-08-27

    Important Changes

    • fix(nestjs): Exception filters in main app module are not being executed (#13278)

      With this release nestjs error monitoring is no longer automatically set up after adding the SentryModule to your
      application, which led to issues in certain scenarios. You will now have to either add the SentryGlobalFilter to
      your main module providers or decorate the catch() method in your existing global exception filters with the newly
      released @ WithSentry() decorator. See the docs for
      more details.

    Other Changes

    • feat: Add options for passing nonces to feedback integration (#13347)
    • feat: Add support for SENTRY_SPOTLIGHT env var in Node (#13325)
    • feat(deps): bump @ prisma/instrumentation from 5.17.0 to 5.18.0 (#13327)
    • feat(feedback): Improve error message for 403 errors (#13441)
    • fix(deno): Don't rely on Deno.permissions.querySync (#13378)
    • fix(replay): Ensure we publish replay CDN bundles (#13437)

    Work in this release was contributed by @ charpeni. Thank you for your contribution!

  • 8.26.0 - 2024-08-14

    Important Changes

    • feat(node): Add fsInstrumentation (#13291)

      This release adds fsIntegration, an integration that instruments the fs API to the Sentry Node SDK. The
      integration creates spans with naming patterns of fs.readFile, fs.unlink, and so on.

      This integration is not enabled by default and needs to be registered in your Sentry.init call. You can configure
      via options whether to include path arguments or error messages as span attributes when an fs call fails:

      Sentry.init({
        integrations: [
          Sentry.fsIntegration({
            recordFilePaths: true,
            recordErrorMessagesAsSpanAttributes: true,
          }),
        ],
      });

      WARNING: This integration may add significant overhead to your application. Especially in scenarios with a lot of
      file I/O, like for example when running a framework dev server, including this integration can massively slow down
      your application.

    Other Changes

    • feat(browser): Add spotlightBrowser integration (#13263)

    • feat(browser): Allow sentry in safari extension background page (#13209)

    • feat(browser): Send CLS as standalone span (experimental) (#13056)

    • feat(core): Add OpenTelemetry-specific getTraceData implementation (#13281)

    • feat(nextjs): Always add browserTracingIntegration (#13324)

    • feat(nextjs): Always transmit trace data to the client (#13337)

    • feat(nextjs): export SentryBuildOptions (#13296)

    • feat(nextjs): Update experimental_captureRequestError to reflect RequestInfo.path change in Next.js canary
      (#13344)

    • feat(nuxt): Always add tracing meta tags (#13273)

    • feat(nuxt): Set transaction name for server error (#13292)

    • feat(replay): Add a replay-specific logger (#13256)

    • feat(sveltekit): Add bundle size optimizations to plugin options (#13318)

    • feat(sveltekit): Always add browserTracingIntegration (#13322)

    • feat(tracing): Make long animation frames opt-out (#13255)

    • fix(astro): Correctly extract request data (#13315)

    • fix(astro): Only track access request headers in dynamic page requests (#13306)

    • fix(nuxt): Add import line for disabled autoImport (#13342)

    • fix(nuxt): Add vue to excludeEsmLoaderHooks array (#13346)

    • fix(opentelemetry): Do not overwrite http span name if kind is internal (#13282)

    • fix(remix): Ensure origin is correctly set for remix server spans (#13305)

    Work in this release was contributed by @ MonstraG, @ undead-voron and @ Zen-cronic. Thank you for your contributions!

  • 8.25.0 - 2024-08-09

    Important Changes

    • Alpha release of Official Solid Start SDK

    This release contains the alpha version of @ sentry/solidstart, our SDK for Solid Start!
    For details on how to use it, please see the README. Any feedback/bug reports are
    greatly appreciated, please reach out on GitHub.

    Other Changes

    • feat(astro): Add bundleSizeOptimizations vite options to integration (#13250)
    • feat(astro): Always add BrowserTracing (#13244)
    • feat(core): Add getTraceMetaTags function (#13201)
    • feat(nestjs): Automatic instrumentation of nestjs exception filters (#13230)
    • feat(node): Add useOperationNameForRootSpan tographqlIntegration (#13248)
    • feat(sveltekit): Add wrapServerRouteWithSentry wrapper (#13247)
    • fix(aws-serverless): Extract sentry trace data from handler context over event (#13266)
    • fix(browser): Initialize default integration if defaultIntegrations: undefined (#13261)
    • fix(utils): Streamline IP capturing on incoming requests (#13272)
  • 8.24.0 - 2024-08-06
  • 8.23.0 - 2024-08-05
  • 8.22.0 - 2024-08-01
  • 8.21.0 - 2024-07-31
  • 8.20.0 - 2024-07-24
  • 8.19.0 - 2024-07-19
  • 8.18.0 - 2024-07-16
  • 8.17.0 - 2024-07-10
  • 8.16.0 - 2024-07-09
  • 8.15.0 - 2024-07-05
  • 8.14.0 - 2024-07-04
  • 8.13.0 - 2024-06-27
  • 8.12.0 - 2024-06-25
  • 8.12.0-beta.0 - 2024-06-24
  • 8.11.0 - 2024-06-21
  • 8.10.0 - 2024-06-19
  • 8.9.2 - 2024-06-12
  • 8.9.1 - 2024-06-11
  • 8.9.0 - 2024-06-11
  • 8.8.0 - 2024-06-07
  • 8.7.0 - 2024-05-29
  • 8.6.0 - 2024-05-29
  • 8.5.0 - 2024-05-27
  • 8.4.0 - 2024-05-23
  • 8.3.0 - 2024-05-22
  • 8.2.1 - 2024-05-16
  • 8.2.0 - 2024-05-16
  • 8.1.0 - 2024-05-16
  • 8.0.0 - 2024-05-13
  • 8.0.0-rc.3 - 2024-05-10
  • 8.0.0-rc.2 - 2024-05-08
  • 8.0.0-rc.1 - 2024-05-07
  • 8.0.0-rc.0 - 2024-05-06
  • 8.0.0-beta.6 - 2024-05-03
  • 8.0.0-beta.5 - 2024-04-30
  • 8.0.0-beta.4 - 2024-04-24
  • 8.0.0-beta.3 - 2024-04-19
  • 8.0.0-beta.2 - 2024-04-17
  • 8.0.0-beta.1 - 2024-04-15
  • 8.0.0-alpha.9 - 2024-04-08
  • 8.0.0-alpha.8 - 2024-04-08
  • 8.0.0-alpha.7 - 2024-03-27
  • 8.0.0-alpha.5 - 2024-03-22
  • 8.0.0-alpha.4 - 2024-03-14
  • 8.0.0-alpha.3 - 2024-03-14
  • 8.0.0-alpha.2 - 2024-03-05
  • 7.119.0 - 2024-08-14
    • backport(tracing): Report dropped spans for transactions (#13343)

    Bundle size 📦

    Path Size
    @ sentry/browser (incl. Tracing, Replay, Feedback) - Webpack (gzipped) 80.96 KB
    @ sentry/browser (incl. Tracing, Replay) - Webpack (gzipped) 71.89 KB
    @ sentry/browser (incl. Tracing, Replay with Canvas) - Webpack (gzipped) 76.14 KB
    @ sentry/browser (incl. Tracing, Replay) - Webpack with treeshaking flags (gzipped) 65.52 KB
    @ sentry/browser (incl. Tracing) - Webpack (gzipped) 35.77 KB
    @ sentry/browser (incl. browserTracingIntegration) - Webpack (gzipped) 35.66 KB
    @ sentry/browser (incl. Feedback) - Webpack (gzipped) 31.71 KB
    @ sentry/browser (incl. sendFeedback) - Webpack (gzipped) 31.72 KB
    @ sentry/browser - Webpack (gzipped) 22.91 KB
    @ sentry/browser (incl. Tracing, Replay, Feedback) - ES6 CDN Bundle (gzipped) 79.17 KB
    @ sentry/browser (incl. Tracing, Replay) - ES6 CDN Bundle (gzipped) 70.49 KB
    @ sentry/browser (incl. Tracing) - ES6 CDN Bundle (gzipped) 36.17 KB
    @ sentry/browser - ES6 CDN Bundle (gzipped) 25.41 KB
    @ sentry/browser (incl. Tracing, Replay) - ES6 CDN Bundle (minified & uncompressed) 221.92 KB
    @ sentry/browser (incl. Tracing) - ES6 CDN Bundle (minified & uncompressed) 109.52 KB
    @ sentry/browser - ES6 CDN Bundle (minified & uncompressed) 76.24 KB
    @ sentry/browser (incl. Tracing) - ES5 CDN Bundle (gzipped) 39.45 KB
    @ sentry/react (incl. Tracing, Replay) - Webpack (gzipped) 72.4 KB
    @ sentry/react - Webpack (gzipped) 22.94 KB
    @ sentry/nextjs Client (incl. Tracing, Replay) - Webpack (gzipped) 90.16 KB
    @ sentry/nextjs Client - Webpack (gzipped) 54.27 KB
    @ sentry-internal/feedback - Webpack (gzipped) 17.34 KB
  • 7.118.0 - 2024-06-21
  • 7.117.0 - 2024-06-10
  • 7.116.0 - 2024-05-17
  • 7.115.0 - 2024-05-16
  • 7.114.0 - 2024-05-08
  • 7.113.0 - 2024-05-02
  • 7.112.2 - 2024-04-24
  • 7.112.1 - 2024-04-23
  • 7.112.0 - 2024-04-23
  • 7.111.0 - 2024-04-18
  • 7.110.1 - 2024-04-15
  • 7.110.0 - 2024-04-11
  • 7.109.0 - 2024-03-28
  • 7.108.0 - 2024-03-22
  • 7.107.0 - 2024-03-14
  • 7.106.1 - 2024-03-11
  • 7.106.0 - 2024-03-08
  • 7.105.0 - 2024-03-04
  • 7.104.0 - 2024-02-29
  • 7.103.0 - 2024-02-27
  • 7.102.1 - 2024-02-22
  • 7.102.0 - 2024-02-20
  • 7.101.1 - 2024-02-15
  • 7.101.0 - 2024-02-13
  • 7.100.1 - 2024-02-07
  • 7.100.0 - 2024-02-06
  • 7.99.0 - 2024-01-30
  • 7.98.0 - 2024-01-25
  • 7.97.0 - 2024-01-25
  • 7.95.0 - 2024-01-23
  • 7.94.1 - 2024-01-19
  • 7.93.0 - 2024-01-10
  • 7.92.0 - 2024-01-04
  • 7.91.0 - 2023-12-22
  • 7.90.0 - 2023-12-20
  • 7.89.0 - 2023-12-19
  • 7.88.0 - 2023-12-14
  • 7.87.0 - 2023-12-13
  • 7.86.0 - 2023-12-07
  • 7.85.0 - 2023-12-04
  • 7.84.0 - 2023-11-30
  • 7.83.0 - 2023-11-28
  • 7.82.0 - 2023-11-27
  • 7.81.1 - 2023-11-21
  • 7.81.0 - 2023-11-20
  • 7.80.2-alpha.1 - 2023-11-15
  • 7.80.2-alpha.0 - 2023-11-14
  • 7.80.1 - 2023-11-14
  • 7.80.0 - 2023-11-09
  • 7.79.0 - 2023-11-08
  • 7.78.0 - 2023-11-08
  • 7.77.0 - 2023-10-31
  • 7.76.0 - 2023-10-27
  • 7.75.1 - 2023-10-25
  • 7.75.0 - 2023-10-24
  • 7.74.2-alpha.1 - 2023-10-23
  • 7.74.2-alpha.0 - 2023-10-19
  • 7.74.1 - 2023-10-17
  • 7.74.0 - 2023-10-13
  • 7.73.0 - 2023-10-02
  • 7.72.0 - 2023-09-26
  • 7.71.0 - 2023-09-25
  • 7.70.0 - 2023-09-20
  • 7.70.0-beta.1 - 2023-09-15
  • 7.70.0-beta.0 - 2023-09-14
  • 7.69.0 - 2023-09-13
  • 7.68.0 - 2023-09-06
  • 7.67.0 - 2023-09-05
  • 7.67.0-beta.0 - 2023-08-31
  • 7.66.0 - 2023-08-30
  • 7.66.0-alpha.0 - 2023-08-29
  • 7.65.0 - 2023-08-28
  • 7.65.0-alpha.0 - 2023-08-16
  • 7.64.0 - 2023-08-14
  • 7.64.0-alpha.0 - 2023-08-11
  • 7.63.0 - 2023-08-10
  • 7.62.0 - 2023-08-09
  • 7.61.1 - 2023-08-04
  • 7.61.0 - 2023-07-31
  • 7.60.1 - 2023-07-26
  • 7.60.0 - 2023-07-21
  • 7.59.3 - 2023-07-19
  • 7.59.2 - 2023-07-18
  • 7.59.1 - 2023-07-18
  • 7.59.0-beta.1 - 2023-07-17
  • 7.59.0-beta.0 - 2023-07-13
  • 7.58.1 - 2023-07-13
  • 7.58.0 - 2023-07-12
  • 7.57.0 - 2023-06-28
  • 7.57.0-beta.0 - 2023-06-21
  • 7.56.0 - 2023-06-19
  • 7.55.2 - 2023-06-14
  • 7.55.1 - 2023-06-14
  • 7.55.0 - 2023-06-13
  • 7.54.0 - 2023-06-01
  • 7.53.1 - 2023-05-24
  • 7.53.0 - 2023-05-23
  • 7.52.1 - 2023-05-15
  • 7.52.0 - 2023-05-15
  • 7.51.2 - 2023-05-08
  • 7.51.1 - 2023-05-08
  • 7.51.0 - 2023-05-04
  • 7.50.0 - 2023-04-27
  • 7.49.0 - 2023-04-20
  • 7.48.0 - 2023-04-14
  • 7.47.0 - 2023-04-05
  • 7.46.0 - 2023-03-30
  • 7.45.0 - 2023-03-24
  • 7.44.2 - 2023-03-21
  • 7.44.1 - 2023-03-20
  • 7.44.0 - 2023-03-20
  • 7.43.0 - 2023-03-13
  • 7.42.0 - 2023-03-09
  • 7.41.0 - 2023-03-06
  • 7.40.0 - 2023-03-01
  • 7.39.0 - 2023-02-27
  • 7.38.0 - 2023-02-17
  • 7.37.2 - 2023-02-13
  • 7.37.1 - 2023-02-10
  • 7.37.0 - 2023-02-09
  • 7.36.0 - 2023-02-02
  • 7.35.0 - 2023-02-01
  • 7.34.0 - 2023-01-26
  • 7.34.0-beta.0 - 2023-01-25
  • 7.33.0 - 2023-01-24
  • 7.32.1 - 2023-01-23
  • 7.32.0 - 2023-01-23
  • 7.31.1 - 2023-01-17
  • 7.31.0 - 2023-01-16
  • 7.30.0 - 2023-01-10
  • 7.29.0 - 2023-01-04
  • 7.28.1 - 2022-12-22
  • 7.28.0 - 2022-12-20
  • 7.27.0 - 2022-12-16
  • ...

Snyk has created this PR to upgrade @sentry/react from 7.16.0 to 8.30.0.

See this package in npm:
@sentry/react

See this project in Snyk:
https://app.snyk.io/org/q1blue-rxw/project/5b430cad-b455-40c7-a7ff-af5a8804e8ca?utm_source=github&utm_medium=referral&page=upgrade-pr
Copy link

changeset-bot bot commented Oct 1, 2024

⚠️ No Changeset found

Latest commit: 740fefa

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

Copy link

New and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package New capabilities Transitives Size Publisher
npm/@djagger/[email protected] None +1 59.7 kB djagger
npm/@docusaurus/[email protected] Transitive: environment, eval, filesystem, network, shell, unsafe +324 32.8 MB slorber
npm/@docusaurus/[email protected] Transitive: filesystem, shell +16 2.23 MB slorber
npm/@docusaurus/[email protected] filesystem Transitive: environment, eval, shell, unsafe +215 20.9 MB slorber
npm/@docusaurus/[email protected] environment Transitive: eval, filesystem, shell, unsafe +213 20.5 MB slorber
npm/@docusaurus/[email protected] environment Transitive: eval, filesystem, network, shell, unsafe +270 25.6 MB slorber
npm/@docusaurus/[email protected] filesystem Transitive: environment, eval, network, shell, unsafe +287 27.2 MB slorber
npm/@emotion/[email protected] environment Transitive: filesystem, unsafe +68 13.7 MB emotion-release-bot
npm/@emotion/[email protected] environment +8 197 kB emotion-release-bot
npm/@emotion/[email protected] environment Transitive: filesystem, unsafe +65 13.2 MB emotion-release-bot
npm/@geo-maps/[email protected] None 0 1.06 MB simonepri
npm/@makotot/[email protected] environment 0 151 kB makotot
npm/@mdx-js/[email protected] None 0 15.5 kB johno
npm/@mui/[email protected] None +5 20 MB hbjorbj
npm/@mui/[email protected] environment +20 9.92 MB michaldudak
npm/@mui/[email protected] environment +22 18.1 MB michaldudak
npm/@mui/[email protected] environment +16 9.71 MB alexandrefauquette
npm/@primer/[email protected] None 0 1.22 MB primer-css
npm/@sentry/[email protected] Transitive: network +9 10.4 MB benvinegar, billyvg, evanpurkhiser, ...8 more
npm/@sentry/[email protected] None +4 2.83 MB sentry-bot
npm/@stackql/[email protected] environment 0 3.73 kB jeffreyaven
npm/@tidb-community/[email protected] None +1 148 kB hustkiwi
npm/@tsconfig/[email protected] None 0 2.69 kB typescript-deploys
npm/@types/[email protected] None 0 39.7 kB types
npm/@types/[email protected] None 0 8.75 kB types
npm/@types/[email protected] None 0 6.23 kB types
npm/@types/[email protected] None 0 113 kB types
npm/@types/[email protected] None +4 1.38 MB types
npm/@types/[email protected] None 0 17.1 kB types
npm/@typescript-eslint/[email protected] Transitive: environment, filesystem +28 5.13 MB jameshenry
npm/[email protected] None 0 49.1 MB nightwing
npm/[email protected] None +6 2.95 MB taoweng
npm/[email protected] None 0 279 kB eltonmesquita
npm/[email protected] environment, network +1 427 kB jasonsaayman
npm/[email protected] filesystem 0 27.2 kB umidbekk
npm/[email protected] None 0 21.1 MB chartjs-ci
npm/[email protected] None 0 92.4 kB chartjs-ci
npm/[email protected] None 0 5.67 kB lukeed
npm/[email protected] None 0 11.3 kB thekelvinliu
npm/[email protected] None 0 136 kB mbostock
npm/[email protected] None 0 6.87 MB leshakoss
npm/[email protected] None 0 30.1 kB tehshrike
npm/[email protected] None +1 87.6 kB atool
npm/[email protected] Transitive: eval +1 17.9 MB lang
npm/[email protected] environment, eval, network +1 41.6 MB 100pah
npm/[email protected] Transitive: environment, filesystem +20 1.77 MB mightyiam
npm/[email protected] filesystem, unsafe Transitive: environment, eval +33 3.21 MB ljharb
npm/[email protected] filesystem +10 1.35 MB weiran.zsd
npm/[email protected] None 0 67.1 kB eslint-community-bot
npm/[email protected] filesystem Transitive: environment, eval +30 3.09 MB ljharb
npm/[email protected] filesystem Transitive: environment, eval, shell, unsafe +52 8.84 MB eslintbot
npm/[email protected] None 0 14.4 kB julien-f
npm/[email protected] None 0 20 kB ianstormtaylor
npm/[email protected] None 0 3.87 MB icambron

🚮 Removed packages: npm/@fastify/[email protected], npm/@fastify/[email protected], npm/@fastify/[email protected], npm/@fastify/[email protected], npm/@fastify/[email protected], npm/@fastify/[email protected], npm/@fastify/[email protected], npm/@fastify/[email protected], npm/@fastify/[email protected], npm/@fastify/[email protected], npm/@fastify/[email protected], npm/@fastify/[email protected], npm/@fastify/[email protected], npm/@goparrot/[email protected], npm/@koa/[email protected], npm/@mgcrea/[email protected], npm/@octokit/[email protected], npm/@octokit/[email protected], npm/@octokit/[email protected], npm/@types/[email protected], npm/@types/[email protected], npm/@types/[email protected], npm/@types/[email protected], npm/@types/[email protected], npm/@types/[email protected], npm/@types/[email protected], npm/@types/[email protected], npm/@types/[email protected], npm/@types/[email protected], npm/@types/[email protected], npm/@types/[email protected], npm/@types/[email protected], npm/@types/[email protected], npm/@types/[email protected], npm/@types/[email protected], npm/@types/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected]

View full report↗︎

Copy link

🚨 Potential security issues detected. Learn more about Socket for GitHub ↗︎

To accept the risk, merge this PR and you will not be notified again.

Alert Package NoteSourceCI
Critical CVE npm/@babel/[email protected] ⚠︎

View full report↗︎

Next steps

What is a critical CVE?

Contains a Critical Common Vulnerability and Exposure (CVE).

Remove or replace dependencies that include known critical CVEs. Consumers can use dependency overrides or npm audit fix --force to remove vulnerable dependencies.

Take a deeper look at the dependency

Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support [AT] socket [DOT] dev.

Remove the package

If you happen to install a dependency that Socket reports as Known Malware you should immediately remove it and select a different dependency. For other alert types, you may may wish to investigate alternative packages or consider if there are other ways to mitigate the specific risk posed by the dependency.

Mark a package as acceptable risk

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of ecosystem/package-name@version specifiers. e.g. @SocketSecurity ignore npm/[email protected] or ignore all packages with @SocketSecurity ignore-all

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants