Bump the npm_and_yarn group across 2 directories with 24 updates #979

dependabot · 2024-07-14T23:42:32Z

Bumps the npm_and_yarn group with 19 updates in the / directory:

Package	From	To
@grpc/grpc-js	`1.10.6`	`1.10.9`
axios	`1.6.8`	`1.7.0`
quill	`1.3.7`	`2.0.0`
socket.io	`4.5.1`	`4.6.2`
postcss	`8.4.38`	`8.4.39`
vite	`5.1.4`	`5.1.7`
@adobe/css-tools	`4.2.0`	`4.4.0`
@sideway/formula	`3.0.0`	`3.0.1`
braces	`3.0.2`	`3.0.3`
ejs	`3.1.8`	`3.1.10`
get-func-name	`2.0.0`	`2.0.2`
http-cache-semantics	`4.1.0`	`4.1.1`
loader-utils	`1.4.0`	`1.4.2`
semver	`5.7.1`	`5.7.2`
tar	`6.1.15`	`6.2.1`
terser	`5.14.1`	`5.31.2`
webpack-dev-middleware	`5.3.3`	`5.3.4`
word-wrap	`1.2.3`	`1.2.5`
ws	`6.2.2`	`6.2.3`

Bumps the npm_and_yarn group with 8 updates in the /apps/docs directory:

Package	From	To
express	`4.18.2`	`4.19.2`
postcss	`8.4.27`	`8.4.39`
@babel/traverse	`7.22.8`	`7.24.8`
braces	`3.0.2`	`3.0.3`
follow-redirects	`1.15.2`	`1.15.6`
terser	`5.19.2`	`5.31.2`
webpack-dev-middleware	`5.3.3`	`5.3.4`
ws	`7.5.9`	`7.5.10`

Updates @grpc/grpc-js from 1.10.6 to 1.10.9

Release notes

Sourced from @grpc/grpc-js's releases.

@grpc/grpc-js 1.10.9

Avoid buffering significantly more than grpc.max_receive_message_size per received message.

@grpc/grpc-js 1.10.8

Fix a bug that caused channels with unix: targets to not reconnect after the channel goes idle (#2750)

@grpc/grpc-js 1.10.7

Improve reporting of HTTP error codes (#2723)

Update dependency on @grpc/proto-loader to the latest version (#2732)

Commits

674f4e3 Merge pull request from GHSA-7v5v-9h63-cj86
7ecaa2d grpc-js: Bump to 1.10.9
e64d816 grpc-js: Avoid buffering significantly more than max_receive_message_size per...
45e5fe5 Merge pull request #2750 from murgatroid99/grpc-js_idle_uds_fix
87a3541 grpc-js: Fix UDS channels not reconnecting after going idle
3105791 Merge pull request #2740 from sergiitk/backport-1.10-psm-interop-common-prod-...
fec135a Merge pull request #2729 from sergiitk/psm-interop-common-prod-tests
76fe802 Merge pull request #2739 from murgatroid99/backport-1.10-grpc-js_linkify-it_fix
d5edf49 Merge pull request #2735 from murgatroid99/grpc-js_linkify-it_fix
23c05fc Merge pull request #2732 from murgatroid99/grpc-js_proto-loader_update
Additional commits viewable in compare view

Updates axios from 1.6.8 to 1.7.0

Release notes

Sourced from axios's releases.

Release v1.7.0

Release notes:

Features

adapter: add fetch adapter; (#6371) (a3ff99b)

Bug Fixes

core/axios: handle un-writable error stack (#6362) (81e0455)

Contributors to this release

Dmitriy Mozgovoy

Jay

Alexandre ABRIOUX

Release v1.7.0-beta.2

Release notes:

Bug Fixes

fetch: capitalize HTTP method names; (#6395) (ad3174a)

fetch: fix & optimize progress capturing for cases when the request data has a nullish value or zero data length (#6400) (95a3e8e)

fetch: fix headers getting from a stream response; (#6401) (870e0a7)

Contributors to this release

Dmitriy Mozgovoy

Release v1.7.0-beta.1

Release notes:

Bug Fixes

core/axios: handle un-writable error stack (#6362) (81e0455)

fetch: fix cases when ReadableStream or Response.body are not available; (#6377) (d1d359d)

fetch: treat fetch-related TypeError as an AxiosError.ERR_NETWORK error; (#6380) (bb5f9a5)

Contributors to this release

Alexandre ABRIOUX

Dmitriy Mozgovoy

Install
npm i axios@next
Release v1.7.0-beta.0

Release notes:

Features

... (truncated)

Changelog

Sourced from axios's changelog.

1.7.0 (2024-05-19)

Features

adapter: add fetch adapter; (#6371) (a3ff99b)

Bug Fixes

core/axios: handle un-writable error stack (#6362) (81e0455)

Contributors to this release

Dmitriy Mozgovoy

Jay

Alexandre ABRIOUX

1.7.0-beta.2 (2024-05-19)

Bug Fixes

fetch: capitalize HTTP method names; (#6395) (ad3174a)

fetch: fix & optimize progress capturing for cases when the request data has a nullish value or zero data length (#6400) (95a3e8e)

fetch: fix headers getting from a stream response; (#6401) (870e0a7)

Contributors to this release

Dmitriy Mozgovoy

1.7.0-beta.1 (2024-05-07)

Bug Fixes

core/axios: handle un-writable error stack (#6362) (81e0455)

fetch: fix cases when ReadableStream or Response.body are not available; (#6377) (d1d359d)

fetch: treat fetch-related TypeError as an AxiosError.ERR_NETWORK error; (#6380) (bb5f9a5)

Contributors to this release

Alexandre ABRIOUX

Dmitriy Mozgovoy

1.7.0-beta.0 (2024-04-28)

Features

adapter: add fetch adapter; (#6371) (a3ff99b)

... (truncated)

Commits

3041c61 [Release] v1.7.0 (#6408)
18b13cb chore(docs): add fetch adapter docs; (#6407)
e62099b fix(fetch): fixed a possible memory leak in the AbortController for the strea...
b49aa8e chore(release): v1.7.0-beta.2 (#6403)
d57f03a chore(ci): bump create-pull-request version to fix a bug; (#6405)
097b0d1 chore(ci): add tag resolution for npm releases based on package version; (#6404)
870e0a7 fix(fetch): fix headers getting from a stream response; (#6401)
95a3e8e fix(fetch): fix & optimize progress capturing for cases when the request data...
ad3174a fix(fetch): capitalize HTTP method names; (#6395)
b9f4848 chore(release): v1.7.0-beta.1 (#6383)
Additional commits viewable in compare view

Updates quill from 1.3.7 to 2.0.0

Release notes

Sourced from quill's releases.

Version 2.0.0

We are thrilled to announce the release of Quill 2.0! Please check out the announcement post.

Major Improvements

Quill is now a valid ESM package for better ecosystem (e.g. bundlers) and tree-shaking support

Nested Quill support #3590

Improved IME and spell corrector support #3807

Semantic cleanups for TEXT_CHANGE event #3778

History: Record selection in history module #3823

Auto detect scrolling container #3840

Clipboard: Improve support for pasting from Google Docs and Microsoft Word

Performance Improvements

Quill 2.0 includes many performance optimizations, the most important of which is the improved rendering speed for large content.

Improve inserting performance #3815

Avoid fetching selections when possible #3538

No need to setContents when container is empty #3539

Code Modernization

Migrated to TypeScript

Provided official TypeScript declarations

Migrated to Vitest for unit testing

Migrated to Playwright for E2E testing

Migrated website to Gatsby

All Changes

Improve keyboard docs by @thomsbg in quilljs/quill#2057

Fixed a very very minor typo on line 102. :) by @parthdesai93 in quilljs/quill#2073

fix typo by @fengyuanchen in quilljs/quill#2087

Invalid } on line 171 in api/contents.md by @parthdesai93 in quilljs/quill#2108

Corrected delta displayed in video code block in Medium clone guide by @MicahLyle in quilljs/quill#2122

Correct typo by @bflatmajor in quilljs/quill#2143

Fix unmatched braces by @bflatmajor in quilljs/quill#2145

Fix typo: Draft -> Quill by @1c7 in quilljs/quill#2219

Update formats.md by @vojtechsebo in quilljs/quill#2223

Use DOMParser to safely parse html without script execution by @RyanV in quilljs/quill#2226

bypass uploader if clipboardData has rich text by @RyanV in quilljs/quill#2227

fix sauce labs + travis for PRs by @jhchen in quilljs/quill#2250

Generate more accurate deltas from typing by @dgreensp in quilljs/quill#2252

Prevent code-token attribute in deltas by @dgreensp in quilljs/quill#2259

Prevent icon-picker from triggering unnecessary layout reflow by @leandrogaspar in quilljs/quill#2269

fix insert text before block embed by @lixiaoyan in quilljs/quill#2278

Emit single change when typing enter on empty list line by @jbbakst in quilljs/quill#2279

Fix invalid URL on the documentation by @sisidovski in quilljs/quill#2301

Use new quill-delta from SHA by @dgreensp in quilljs/quill#2311

... (truncated)

Changelog

Sourced from quill's changelog.

v2.0.0 (2024-04-17)

We are thrilled to announce the release of Quill 2.0! Please check out the announcement post.

Major Improvements

Quill is now a valid ESM package for better ecosystem (e.g. bundlers) and tree-shaking support

Nested Quill support #3590

Improved IME and spell corrector support #3807

Semantic cleanups for TEXT_CHANGE event #3778

History: Record selection in history module #3823

Auto detect scrolling container #3840

Clipboard: Improve support for pasting from Google Docs and Microsoft Word

Performance Improvements

Quill 2.0 includes many performance optimizations, the most important of which is the improved rendering speed for large content.

Improve inserting performance #3815

Avoid fetching selections when possible #3538

No need to setContents when container is empty #3539

Code Modernization

Migrated to TypeScript

Provided official TypeScript declarations

Migrated to Vitest for unit testing

Migrated to Playwright for E2E testing

Migrated website to Gatsby

All changes

v2.0.0-rc.5 (2024-04-04)

Clipboard Add support for Quill v1 list attributes

Fix overload declarations for quill.formatText() and other methods

Expose Bounds type for getBounds()

Expose Range type

Allow ref for insertBefore to be null

All changes

v2.0.0-rc.4 (2024-03-24)

Include source maps for Parchment

Clipboard Support pasting links copied from iOS share sheets

Fix config parsing where undefined values were kept

Expose types for Quill options

Remove empty .css.js files generated by bundlers

... (truncated)

Commits

a6638e9 2.0.0
828d177 Use stable version of Parchment
0b383a4 2.0.0-rc.5
20f02f5 Allow ref for insertBefore to be null
1021587 Expose Range type
91a7346 Expose Bounds type for getBounds()
d5ac335 Add support for v1 list attributes (#4082)
aa26ff3 Fix function overloads for formatText (#4086)
bbbae91 2.0.0-rc.4
41bd1fc Remove empty .css.js files generated by bundlers (#4076)
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by luin, a new releaser for quill since your current version.

Updates socket.io from 4.5.1 to 4.6.2

Release notes

Sourced from socket.io's releases.

4.6.2

Bug Fixes

exports: move types condition to the top (#4698) (3d44aae)

Links

Diff: socketio/socket.io@4.6.1...4.6.2

Client release: 4.6.2

engine.io@~6.4.2 (diff)

ws@~8.11.0 (no change)

4.6.1

Bug Fixes

properly handle manually created dynamic namespaces (0d0a7a2)

types: fix nodenext module resolution compatibility (#4625) (d0b22c6)

Links

Diff: socketio/socket.io@4.6.0...4.6.1

Client release: 4.6.1

engine.io@~6.4.1 (diff)

ws@~8.11.0 (no change)

4.6.0

Bug Fixes

add timeout method to remote socket (#4558) (0c0eb00)

typings: properly type emits with timeout (f3ada7d)

Features

Promise-based acknowledgements

This commit adds some syntactic sugar around acknowledgements:

emitWithAck()
try {
  const responses = await io.timeout(1000).emitWithAck("some-event");
  console.log(responses); // one response per client
} catch (e) {
  // some clients did not acknowledge the event in the given delay
}
io.on("connection", async (socket) => {
// without timeout
</tr></table>

... (truncated)

Changelog

Sourced from socket.io's changelog.

4.6.2 (2023-05-31)

Bug Fixes

exports: move types condition to the top (#4698) (3d44aae)

Dependencies

engine.io@~6.4.0 (no change)

ws@~8.11.0 (no change)

4.6.1 (2023-02-20)

Bug Fixes

properly handle manually created dynamic namespaces (0d0a7a2)

types: fix nodenext module resolution compatibility (#4625) (d0b22c6)

Dependencies

engine.io@~6.4.0 (no change)

ws@~8.11.0 (no change)

4.6.0 (2023-02-07)

Bug Fixes

add timeout method to remote socket (#4558) (0c0eb00)

typings: properly type emits with timeout (f3ada7d)

Features

Promise-based acknowledgements

This commit adds some syntactic sugar around acknowledgements:

emitWithAck()
try {
</tr></table> 

... (truncated)

Commits

faf914c chore(release): 4.6.2
15af22f refactor: add a noop handler for the error event
d365894 chore: bump socket.io-parser to version 4.2.3
12b0de4 chore: bump engine.io to version 6.4.2
3d44aae fix(exports): move types condition to the top (#4698)
cbf0362 docs(examples): bump dependencies for the private messaging example
59280da docs(examples): update examples to docker compose v2
50a4d37 docs(changelog): add version of transitive dependencies
6458b2b docs(example): basic WebSocket-only client
b56da8a docs(examples): upgrade to React 18
Additional commits viewable in compare view

Updates postcss from 8.4.38 to 8.4.39

Release notes

Sourced from postcss's releases.

8.4.39

Fixed CssSyntaxError types (by @romainmenke).

Changelog

Sourced from postcss's changelog.

8.4.39

Fixed CssSyntaxError types (by @romainmenke).

Commits

e0efb16 Release 8.4.39 version
48304c5 Update dependencies
155ac57 Merge pull request #1947 from romainmenke/fix-css-syntax-error-type--reliable...
1b9b466 fix CssSyntaxError type declaration
3f4d96e Update dependencies
b952be7 Update CI actions
b512b29 Typo
f9a9868 Move to pnpm 9 and Node.js 22
79052c2 Merge pull request #1940 from Xvezda/patch-1
0eedad4 Update changed urls
Additional commits viewable in compare view

Updates vite from 5.1.4 to 5.1.7

Changelog

Sourced from vite's changelog.

5.1.7 (2024-03-24)

fix: fs.deny with globs with directories (#16250) (5a056dd), closes #16250

5.1.6 (2024-03-11)

chore(deps): update all non-major dependencies (#16131) (a862ecb), closes #16131

fix: check for publicDir before checking if it is a parent directory (#16046) (b6fb323), closes #16046

fix: escape single quote when relative base is used (#16060) (8f74ce4), closes #16060

fix: handle function property extension in namespace import (#16113) (f699194), closes #16113

fix: server middleware mode resolve (#16122) (8403546), closes #16122

fix(esbuild): update tsconfck to fix bug that could cause a deadlock (#16124) (fd9de04), closes #16124

fix(worker): hide "The emitted file overwrites" warning if the content is same (#16094) (60dfa9e), closes #16094

fix(worker): throw error when circular worker import is detected and support self referencing worker (eef9da1), closes #16103

style(utils): remove null check (#16112) (0d2df52), closes #16112

refactor(runtime): share more code between runtime and main bundle (#16063) (93be84e), closes #16063

5.1.5 (2024-03-04)

fix: __vite__mapDeps code injection (#15732) (aff54e1), closes #15732

fix: analysing build chunk without dependencies (#15469) (bd52283), closes #15469

fix: import with query with imports field (#16085) (ab823ab), closes #16085

fix: normalize literal-only entry pattern (#16010) (1dccc37), closes #16010

fix: optimizeDeps.entries with literal-only pattern(s) (#15853) (49300b3), closes #15853

fix: output correct error for empty import specifier (#16055) (a9112eb), closes #16055

fix: upgrade esbuild to 0.20.x (#16062) (899d9b1), closes #16062

fix(runtime): runtime HMR affects only imported files (#15898) (57463fc), closes #15898

fix(scanner): respect experimentalDecorators: true (#15206) (4144781), closes #15206

revert: "fix: upgrade esbuild to 0.20.x" (#16072) (11cceea), closes #16072

refactor: share code with vite runtime (#15907) (b20d542), closes #15907

refactor(runtime): use functions from pathe (#16061) (aac2ef7), closes #16061

chore(deps): update all non-major dependencies (#16028) (7cfe80d), closes #16028

Commits

e710c2f release: v5.1.7
5a056dd fix: fs.deny with globs with directories (#16250)
6f7466e release: v5.1.6
a862ecb chore(deps): update all non-major dependencies (#16131)
8403546 fix: server middleware mode resolve (#16122)
b6fb323 fix: check for publicDir before checking if it is a parent directory (#16046)
fd9de04 fix(esbuild): update tsconfck to fix bug that could cause a deadlock (#16124)
f699194 fix: handle function property extension in namespace import (#16113)
0d2df52 style(utils): remove null check (#16112)
eef9da1 fix(worker): throw error when circular worker import is detected and support ...
Additional commits viewable in compare view

Updates @adobe/css-tools from 4.2.0 to 4.4.0

Changelog

Sourced from @adobe/css-tools's changelog.

4.4.0 / 2024-06-05

add support for @starting-style #319

4.3.3 / 2024-01-24

Update export property #271

4.3.2 / 2023-11-28

Fix redos vulnerability with specific crafted css string - CVE-2023-48631

Fix Problem parsing with :is() and nested :nth-child() #211

4.3.1 / 2023-03-14

Fix redos vulnerability with specific crafted css string - CVE-2023-26364

4.3.0 / 2023-03-07

Update build tools

Update exports path and files

Commits

See full diff in compare view

Updates @sideway/formula from 3.0.0 to 3.0.1

Commits

5b44c1b 3.0.1
9fbc20a chore: better number regex
41ae98e Cleanup
c59f35e Move to Sideway
See full diff in compare view

Maintainer changes

This version was pushed to npm by marsup, a new releaser for @sideway/formula since your current version.

Updates braces from 3.0.2 to 3.0.3

Commits

74b2db2 3.0.3
88f1429 update eslint. lint, fix unit tests.
415d660 Snyk js braces 6838727 (#40)
190510f fix tests, skip 1 test in test/braces.expand
716eb9f readme bump
a5851e5 Merge pull request #37 from coderaiser/fix/vulnerability
2092bd1 feature: braces: add maxSymbols (https://github.com/micromatch/braces/issues/...
9f5b4cf fix: vulnerability (https://security.snyk.io/vuln/SNYK-JS-BRACES-6838727)
98414f9 remove funding file
665ab5d update keepEscaping doc (#27)
Additional commits viewable in compare view

Updates ejs from 3.1.8 to 3.1.10

Release notes

Sourced from ejs's releases.

v3.1.10

Version 3.1.10

v3.1.9

Version 3.1.9

Commits

d3f807d Version 3.1.10
9ee26dd Mocha TDD
e469741 Basic pollution protection
715e950 Merge pull request #756 from Jeffrey-mu/main
cabe314 Include advanced usage examples
29b076c Added header
11503c7 Merge branch 'main' of github.com:mde/ejs into main
7690404 Added security banner to README
f47d7ae Update SECURITY.md
828cea1 Update SECURITY.md
Additional commits viewable in compare view

Updates engine.io from 6.2.1 to 6.4.2

Release notes

Sourced from engine.io's releases.

6.4.2

⚠️ This release contains an important security fix ⚠️

A malicious client could send a specially crafted HTTP request, triggering an uncaught exception and killing the Node.js process:
TypeError: Cannot read properties of undefined (reading 'handlesUpgrades')
  at Server.onWebSocket (build/server.js:515:67)
Please upgrade as soon as possible.

Bug Fixes

include error handling for Express middlewares (#674) (9395782)

prevent crash when provided with an invalid query param (fc480b4)

typings: make clientsCount public (#675) (bd6d471)

uws: prevent crash when using with middlewares (8b22162)

Credits

Huge thanks to @tyilo and @cieldeville for helping!

Links

Diff: socketio/engine.io@6.4.1...6.4.2

Client release: -

ws version: ~8.11.0 (no change)

6.4.1

This release contains 6e78489, which exports the BaseServer class in order to restore the compatibility with the nodenext module resolution strategy of TypeScript.

Reference: https://www.typescriptlang.org/tsconfig/#moduleResolution

Related: socketio/socket.io#4621

Links

Diff: socketio/engine.io@6.4.0...6.4.1

Client release: -

ws version: ~8.11.0 (no change)

6.4.0

Features

add support for Express middlewares (24786e7)

This commit implements middlewares at the Engine.IO level, because Socket.IO middlewares are meant for namespace authorization and are not executed during a classic HTTP request/response cycle.

... (truncated)

Changelog

Sourced from engine.io's changelog.

6.4.2 (2023-05-02)

⚠️ This release contains an important security fix ⚠️

A malicious client could send a specially crafted HTTP request, triggering an uncaught exception and killing the Node.js process:
TypeError: Cannot read properties of undefined (reading 'handlesUpgrades')
  at Server.onWebSocket (build/server.js:515:67)
Please upgrade as soon as possible.

Bug Fixes

include error handling for Express middlewares (#674) (9395782)

prevent crash when provided with an invalid query param (fc480b4)

typings: make clientsCount public (#675) (bd6d471)

uws: prevent crash when using with middlewares (8b22162)

Credits

Huge thanks to @tyilo and @cieldeville for helping!

Dependencies

ws@~8.11.0 (no change)

6.4.1 (2023-02-20)

This release contains 6e78489, which exports the BaseServer class in order to restore the compatibility with the nodenext module resolution strategy of TypeScript.

Reference: https://www.typescriptlang.org/tsconfig/#moduleResolution

Related: socketio/socket.io#4621

Dependencies

ws@~8.11.0 (no change)

6.4.0 (2023-02-06)

... (truncated)

Commits

95e2153 chore(release): 6.4.2
fc480b4 fix: prevent crash when provided with an invalid query param
0141951 refactor(types): ensure compatibility with Express middlewares
8b22162 fix(uws): prevent crash when using with middlewares
9395782 fix: include error handling for Express middlewares (#674)
911d0e3 refactor: return HTTP 400 upon invalid request overlap
bd6d471 fix(typings): make clientsCount public (#675)
7033c0e chore(release): 6.4.1
6e78489 refactor: export BaseServer class (#669)
535b068 docs: add upgrade event in the documentation
Additional commits viewable in compare view

Updates follow-redirects from 1.15.1 to 1.15.6

Commits

35a517c Release version 1.15.6 of the npm package.
c4f847f Drop Proxy-Authorization across hosts.
8526b4a Use GitHub for disclosure.
b1677ce Release version 1.15.5 of the npm package.
d8914f7 Preserve fragment in responseUrl.
6585820 Release version 1.15.4 of the npm package.
7a6567e Disallow bracketed hostnames.
05629af Prefer native URL instead of deprecated url.parse.

Bumps the npm_and_yarn group with 19 updates in the / directory: | Package | From | To | | --- | --- | --- | | [@grpc/grpc-js](https://github.com/grpc/grpc-node) | `1.10.6` | `1.10.9` | | [axios](https://github.com/axios/axios) | `1.6.8` | `1.7.0` | | [quill](https://github.com/quilljs/quill/tree/HEAD/packages/quill) | `1.3.7` | `2.0.0` | | [socket.io](https://github.com/socketio/socket.io) | `4.5.1` | `4.6.2` | | [postcss](https://github.com/postcss/postcss) | `8.4.38` | `8.4.39` | | [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) | `5.1.4` | `5.1.7` | | [@adobe/css-tools](https://github.com/adobe/css-tools) | `4.2.0` | `4.4.0` | | [@sideway/formula](https://github.com/sideway/formula) | `3.0.0` | `3.0.1` | | [braces](https://github.com/micromatch/braces) | `3.0.2` | `3.0.3` | | [ejs](https://github.com/mde/ejs) | `3.1.8` | `3.1.10` | | [get-func-name](https://github.com/chaijs/get-func-name) | `2.0.0` | `2.0.2` | | [http-cache-semantics](https://github.com/kornelski/http-cache-semantics) | `4.1.0` | `4.1.1` | | [loader-utils](https://github.com/webpack/loader-utils) | `1.4.0` | `1.4.2` | | [semver](https://github.com/npm/node-semver) | `5.7.1` | `5.7.2` | | [tar](https://github.com/isaacs/node-tar) | `6.1.15` | `6.2.1` | | [terser](https://github.com/terser/terser) | `5.14.1` | `5.31.2` | | [webpack-dev-middleware](https://github.com/webpack/webpack-dev-middleware) | `5.3.3` | `5.3.4` | | [word-wrap](https://github.com/jonschlinkert/word-wrap) | `1.2.3` | `1.2.5` | | [ws](https://github.com/websockets/ws) | `6.2.2` | `6.2.3` | Bumps the npm_and_yarn group with 8 updates in the /apps/docs directory: | Package | From | To | | --- | --- | --- | | [express](https://github.com/expressjs/express) | `4.18.2` | `4.19.2` | | [postcss](https://github.com/postcss/postcss) | `8.4.27` | `8.4.39` | | [@babel/traverse](https://github.com/babel/babel/tree/HEAD/packages/babel-traverse) | `7.22.8` | `7.24.8` | | [braces](https://github.com/micromatch/braces) | `3.0.2` | `3.0.3` | | [follow-redirects](https://github.com/follow-redirects/follow-redirects) | `1.15.2` | `1.15.6` | | [terser](https://github.com/terser/terser) | `5.19.2` | `5.31.2` | | [webpack-dev-middleware](https://github.com/webpack/webpack-dev-middleware) | `5.3.3` | `5.3.4` | | [ws](https://github.com/websockets/ws) | `7.5.9` | `7.5.10` | Updates `@grpc/grpc-js` from 1.10.6 to 1.10.9 - [Release notes](https://github.com/grpc/grpc-node/releases) - [Commits](https://github.com/grpc/grpc-node/compare/@grpc/[email protected]...@grpc/[email protected]) Updates `axios` from 1.6.8 to 1.7.0 - [Release notes](https://github.com/axios/axios/releases) - [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md) - [Commits](axios/axios@v1.6.8...v1.7.0) Updates `quill` from 1.3.7 to 2.0.0 - [Release notes](https://github.com/quilljs/quill/releases) - [Changelog](https://github.com/slab/quill/blob/main/CHANGELOG.md) - [Commits](https://github.com/quilljs/quill/commits/v2.0.0/packages/quill) Updates `socket.io` from 4.5.1 to 4.6.2 - [Release notes](https://github.com/socketio/socket.io/releases) - [Changelog](https://github.com/socketio/socket.io/blob/4.6.2/CHANGELOG.md) - [Commits](socketio/socket.io@4.5.1...4.6.2) Updates `postcss` from 8.4.38 to 8.4.39 - [Release notes](https://github.com/postcss/postcss/releases) - [Changelog](https://github.com/postcss/postcss/blob/main/CHANGELOG.md) - [Commits](postcss/postcss@8.4.38...8.4.39) Updates `vite` from 5.1.4 to 5.1.7 - [Release notes](https://github.com/vitejs/vite/releases) - [Changelog](https://github.com/vitejs/vite/blob/v5.1.7/packages/vite/CHANGELOG.md) - [Commits](https://github.com/vitejs/vite/commits/v5.1.7/packages/vite) Updates `@adobe/css-tools` from 4.2.0 to 4.4.0 - [Changelog](https://github.com/adobe/css-tools/blob/main/History.md) - [Commits](https://github.com/adobe/css-tools/commits) Updates `@sideway/formula` from 3.0.0 to 3.0.1 - [Commits](hapijs/formula@v3.0.0...v3.0.1) Updates `braces` from 3.0.2 to 3.0.3 - [Changelog](https://github.com/micromatch/braces/blob/master/CHANGELOG.md) - [Commits](micromatch/braces@3.0.2...3.0.3) Updates `ejs` from 3.1.8 to 3.1.10 - [Release notes](https://github.com/mde/ejs/releases) - [Commits](mde/ejs@v3.1.8...v3.1.10) Updates `engine.io` from 6.2.1 to 6.4.2 - [Release notes](https://github.com/socketio/engine.io/releases) - [Changelog](https://github.com/socketio/engine.io/blob/6.4.2/CHANGELOG.md) - [Commits](socketio/engine.io@6.2.1...6.4.2) Updates `follow-redirects` from 1.15.1 to 1.15.6 - [Release notes](https://github.com/follow-redirects/follow-redirects/releases) - [Commits](follow-redirects/follow-redirects@v1.15.2...v1.15.6) Updates `get-func-name` from 2.0.0 to 2.0.2 - [Release notes](https://github.com/chaijs/get-func-name/releases) - [Commits](https://github.com/chaijs/get-func-name/commits/v2.0.2) Updates `http-cache-semantics` from 4.1.0 to 4.1.1 - [Commits](kornelski/http-cache-semantics@v4.1.0...v4.1.1) Updates `loader-utils` from 1.4.0 to 1.4.2 - [Release notes](https://github.com/webpack/loader-utils/releases) - [Changelog](https://github.com/webpack/loader-utils/blob/v1.4.2/CHANGELOG.md) - [Commits](webpack/loader-utils@v1.4.0...v1.4.2) Updates `semver` from 5.7.1 to 5.7.2 - [Release notes](https://github.com/npm/node-semver/releases) - [Changelog](https://github.com/npm/node-semver/blob/v5.7.2/CHANGELOG.md) - [Commits](npm/node-semver@v5.7.1...v5.7.2) Updates `socket.io-parser` from 4.0.4 to 4.2.4 - [Release notes](https://github.com/socketio/socket.io-parser/releases) - [Changelog](https://github.com/socketio/socket.io-parser/blob/4.2.4/CHANGELOG.md) - [Commits](socketio/socket.io-parser@4.0.4...4.2.4) Updates `tar` from 6.1.15 to 6.2.1 - [Release notes](https://github.com/isaacs/node-tar/releases) - [Changelog](https://github.com/isaacs/node-tar/blob/main/CHANGELOG.md) - [Commits](isaacs/node-tar@v6.1.15...v6.2.1) Updates `terser` from 5.14.1 to 5.31.2 - [Changelog](https://github.com/terser/terser/blob/master/CHANGELOG.md) - [Commits](terser/terser@v5.14.1...v5.31.2) Updates `webpack-dev-middleware` from 5.3.3 to 5.3.4 - [Release notes](https://github.com/webpack/webpack-dev-middleware/releases) - [Changelog](https://github.com/webpack/webpack-dev-middleware/blob/v5.3.4/CHANGELOG.md) - [Commits](webpack/webpack-dev-middleware@v5.3.3...v5.3.4) Updates `word-wrap` from 1.2.3 to 1.2.5 - [Release notes](https://github.com/jonschlinkert/word-wrap/releases) - [Commits](jonschlinkert/word-wrap@1.2.3...1.2.5) Updates `ws` from 6.2.2 to 6.2.3 - [Release notes](https://github.com/websockets/ws/releases) - [Commits](websockets/ws@6.2.2...6.2.3) Updates `express` from 4.18.2 to 4.19.2 - [Release notes](https://github.com/expressjs/express/releases) - [Changelog](https://github.com/expressjs/express/blob/master/History.md) - [Commits](expressjs/express@4.18.2...4.19.2) Updates `postcss` from 8.4.27 to 8.4.39 - [Release notes](https://github.com/postcss/postcss/releases) - [Changelog](https://github.com/postcss/postcss/blob/main/CHANGELOG.md) - [Commits](postcss/postcss@8.4.38...8.4.39) Updates `@babel/traverse` from 7.22.8 to 7.24.8 - [Release notes](https://github.com/babel/babel/releases) - [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md) - [Commits](https://github.com/babel/babel/commits/v7.24.8/packages/babel-traverse) Updates `braces` from 3.0.2 to 3.0.3 - [Changelog](https://github.com/micromatch/braces/blob/master/CHANGELOG.md) - [Commits](micromatch/braces@3.0.2...3.0.3) Updates `follow-redirects` from 1.15.2 to 1.15.6 - [Release notes](https://github.com/follow-redirects/follow-redirects/releases) - [Commits](follow-redirects/follow-redirects@v1.15.2...v1.15.6) Updates `terser` from 5.19.2 to 5.31.2 - [Changelog](https://github.com/terser/terser/blob/master/CHANGELOG.md) - [Commits](terser/terser@v5.14.1...v5.31.2) Updates `webpack-dev-middleware` from 5.3.3 to 5.3.4 - [Release notes](https://github.com/webpack/webpack-dev-middleware/releases) - [Changelog](https://github.com/webpack/webpack-dev-middleware/blob/v5.3.4/CHANGELOG.md) - [Commits](webpack/webpack-dev-middleware@v5.3.3...v5.3.4) Updates `ws` from 7.5.9 to 7.5.10 - [Release notes](https://github.com/websockets/ws/releases) - [Commits](websockets/ws@6.2.2...6.2.3) --- updated-dependencies: - dependency-name: "@grpc/grpc-js" dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: axios dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: quill dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: socket.io dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: postcss dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: vite dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: "@adobe/css-tools" dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: "@sideway/formula" dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: braces dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: ejs dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: engine.io dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: follow-redirects dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: get-func-name dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: http-cache-semantics dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: loader-utils dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: semver dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: socket.io-parser dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: tar dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: terser dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: webpack-dev-middleware dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: word-wrap dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: ws dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: express dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: postcss dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: "@babel/traverse" dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: braces dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: follow-redirects dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: terser dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: webpack-dev-middleware dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: ws dependency-type: indirect dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <[email protected]>

socket-security · 2024-07-14T23:43:41Z

New and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package	New capabilities	Transitives	Size	Publisher
npm/@babel/[email protected]	Transitive: environment	`+5`	98.6 kB	nicolo-ribaudo
npm/@babel/[email protected]	environment, filesystem, unsafe	`+3`	950 kB	nicolo-ribaudo
npm/@babel/[email protected]	None	`+1`	524 kB	nicolo-ribaudo
npm/@babel/[email protected]	None	`0`	13.5 kB	nicolo-ribaudo
npm/@babel/[email protected]	None	`+5`	246 kB	nicolo-ribaudo
npm/@babel/[email protected]	None	`+1`	31 kB	nicolo-ribaudo
npm/@babel/[email protected]	unsafe	`+1`	216 kB	nicolo-ribaudo
npm/@babel/[email protected]	None	`+1`	14 kB	nicolo-ribaudo
npm/@babel/[email protected]	None	`+1`	38.6 kB	nicolo-ribaudo
npm/@babel/[email protected]	None	`0`	31.8 kB	nicolo-ribaudo
npm/@babel/[email protected]	None	`+1`	36.9 kB	nicolo-ribaudo
npm/@babel/[email protected]	None	`0`	585 kB	nicolo-ribaudo
npm/@babel/[email protected]	None	`+4`	66.7 kB	nicolo-ribaudo
npm/@babel/[email protected]	None	`0`	1.89 MB	nicolo-ribaudo
npm/@babel/plugin-bugfix-safari-id-destructuring-collision-in-function-expression@7.23.3	None	`0`	7.83 kB	nicolo-ribaudo
npm/@babel/[email protected]	None	`+1`	16.7 kB	nicolo-ribaudo
npm/@babel/[email protected]	None	`0`	3.48 kB	nicolo-ribaudo
npm/@babel/[email protected]	None	`0`	3.71 kB	nicolo-ribaudo
npm/@babel/[email protected]	None	`0`	5.19 kB	nicolo-ribaudo
npm/@babel/[email protected]	None	`0`	4.21 kB	nicolo-ribaudo
npm/@babel/[email protected]	None	`0`	6.94 kB	nicolo-ribaudo
npm/@babel/[email protected]	None	`0`	5.62 kB	nicolo-ribaudo
npm/@babel/[email protected]	None	`+1`	23 kB	nicolo-ribaudo
npm/@babel/[email protected]	None	`0`	8.04 kB	nicolo-ribaudo
npm/@babel/[email protected]	None	`0`	6.62 kB	nicolo-ribaudo
npm/@babel/[email protected]	None	`0`	88.5 kB	nicolo-ribaudo
npm/@babel/[email protected]	None	`0`	4.94 kB	nicolo-ribaudo
npm/@babel/[email protected]	None	`+1`	12.9 kB	nicolo-ribaudo
npm/@babel/[email protected]	None	`+4`	146 kB	nicolo-ribaudo
npm/@babel/[email protected]	None	`0`	22.8 kB	nicolo-ribaudo
npm/@babel/[email protected]	None	`0`	82 kB	nicolo-ribaudo
npm/@babel/[email protected]	None	`+2`	35.2 kB	nicolo-ribaudo
npm/@babel/[email protected]	None	`0`	9.18 kB	nicolo-ribaudo
npm/@babel/[email protected]	None	`+1`	8.69 kB	nicolo-ribaudo
npm/@babel/[email protected]	None	`0`	5.02 kB	nicolo-ribaudo
npm/@babel/[email protected]	None	`+1`	10.7 kB	nicolo-ribaudo
npm/@babel/[email protected]	None	`+1`	50.7 kB	nicolo-ribaudo
npm/@babel/[email protected]	None	`0`	6.27 kB	nicolo-ribaudo
npm/@babel/[email protected]	None	`+1`	8.44 kB	nicolo-ribaudo
npm/@babel/[email protected]	None	`0`	4.7 kB	nicolo-ribaudo
npm/@babel/[email protected]	None	`+1`	11.3 kB	nicolo-ribaudo
npm/@babel/[email protected]	None	`0`	5.01 kB	nicolo-ribaudo
npm/@babel/[email protected]	None	`0`	21 kB	nicolo-ribaudo
npm/@babel/[email protected]	None	`+1`	56.5 kB	nicolo-ribaudo
npm/@babel/[email protected]	None	`+1`	72.8 kB	nicolo-ribaudo
npm/@babel/[email protected]	None	`0`	25.7 kB	nicolo-ribaudo
npm/@babel/[email protected]	None	`0`	10.3 kB	nicolo-ribaudo
npm/@babel/[email protected]	None	`+1`	11.7 kB	nicolo-ribaudo
npm/@babel/[email protected]	None	`+1`	8.16 kB	nicolo-ribaudo
npm/@babel/[email protected]	None	`+1`	73.2 kB	nicolo-ribaudo
npm/@babel/[email protected]	None	`0`	9.3 kB	nicolo-ribaudo
npm/@babel/[email protected]	None	`+1`	7.38 kB	nicolo-ribaudo
npm/@babel/[email protected]	None	`+2`	46.4 kB	nicolo-ribaudo
npm/@babel/[email protected]	None	`0`	65 kB	nicolo-ribaudo
npm/@babel/[email protected]	None	`0`	4.76 kB	nicolo-ribaudo
npm/@babel/[email protected]	None	`+2`	26.8 kB	nicolo-ribaudo
npm/@babel/[email protected]	None	`0`	4.79 kB	nicolo-ribaudo
npm/@babel/[email protected]	None	`0`	12.5 kB	nicolo-ribaudo
npm/@babel/[email protected]	None	`+1`	84 kB	nicolo-ribaudo
npm/@babel/[email protected]	None	`+1`	12.4 kB	nicolo-ribaudo
npm/@babel/[email protected]	None	`0`	6.57 kB	nicolo-ribaudo
npm/@babel/[email protected]	None	`0`	4.35 kB	nicolo-ribaudo
npm/@babel/[email protected]	None	`0`	7.18 kB	nicolo-ribaudo
npm/@babel/[email protected]	None	`+1`	27.2 kB	nicolo-ribaudo
npm/@babel/[email protected]	None	`0`	4.71 kB	nicolo-ribaudo
npm/@babel/[email protected]	None	`0`	15.9 kB	nicolo-ribaudo
npm/@babel/[email protected]	None	`0`	10.6 kB	nicolo-ribaudo
npm/@babel/[email protected]	None	`+1`	136 kB	nicolo-ribaudo
npm/@babel/[email protected]	None	`0`	14 kB	nicolo-ribaudo
npm/@babel/[email protected]	None	`+1`	9.09 kB	nicolo-ribaudo
npm/@babel/[email protected]	None	`+1`	8.02 kB	nicolo-ribaudo
npm/@babel/[email protected]	None	`+1`	8.76 kB	nicolo-ribaudo
npm/@babel/[email protected]	environment	`+20`	914 kB	nicolo-ribaudo
npm/@babel/[email protected]	None	`+1`	89.2 kB	nicolo-ribaudo
npm/@babel/[email protected]	None	`+1`	15.3 kB	nicolo-ribaudo
npm/@babel/[email protected]	None	`0`	21.6 kB	nicolo-ribaudo
npm/@babel/[email protected]	None	`0`	246 kB	nicolo-ribaudo
npm/@babel/[email protected]	None	`0`	69.2 kB	nicolo-ribaudo
npm/@babel/[email protected]	Transitive: environment	`+21`	6.07 MB	nicolo-ribaudo
npm/@babel/[email protected]	environment	`0`	2.41 MB	nicolo-ribaudo
npm/@docusaurus/[email protected]	Transitive: environment, eval, filesystem, network, shell, unsafe	`+248`	23.9 MB	slorber
npm/@docusaurus/[email protected]	None	`+7`	1.68 MB	slorber
npm/@docusaurus/[email protected]	environment Transitive: eval, filesystem	`+52`	3.67 MB	slorber
npm/@docusaurus/[email protected]	environment Transitive: eval, filesystem, unsafe	`+150`	12.2 MB	slorber
npm/@docusaurus/[email protected]	filesystem Transitive: environment, eval	`+155`	14.2 MB	slorber
npm/@docusaurus/[email protected]	None	`0`	2.13 kB	slorber
npm/@docusaurus/[email protected]	Transitive: filesystem, shell	`+12`	2.42 MB	slorber
npm/@jridgewell/[email protected]	None	`0`	79.2 kB	jridgewell
npm/@jridgewell/[email protected]	None	`+2`	259 kB	jridgewell
npm/@mdx-js/[email protected]	None	`+5`	1.62 MB	wooorm
npm/@nodelib/[email protected]	filesystem	`0`	11.8 kB	mrmlnc
npm/@types/[email protected]	None	`+4`	3.89 MB	types
npm/@types/[email protected]	None	`+4`	3.85 MB	types
npm/@types/[email protected]	None	`0`	5.76 kB	types
npm/@types/[email protected]	None	`0`	32.2 kB	types
npm/@types/[email protected]	None	`0`	29.4 kB	types
npm/@types/[email protected]	None	`0`	4 kB	types
npm/@types/[email protected]	None	`+5`	1.61 MB	types
npm/@types/[email protected]	None	`+5`	1.63 MB	types
npm/@types/[email protected]	None	`+2`	3.83 MB	types
npm/@types/[email protected]	None	`0`	6.28 kB	types
npm/@webassemblyjs/[email protected]	None	`+5`	341 kB	xtuc
npm/@webassemblyjs/[email protected]	None	`+7`	329 kB	xtuc
npm/[email protected]	None	`+3`	268 kB	dougwilson
npm/[email protected]	None	`0`	531 kB	marijn
npm/[email protected]	environment, filesystem, shell	`0`	13 kB	fengmk2
npm/[email protected]	None	`0`	72.9 kB	esp
npm/[email protected]	Transitive: network	`+14`	516 kB	shortcuts
npm/[email protected]	environment	`+2`	212 kB	ai
npm/[email protected]	None	`0`	81.3 kB	nicolo-ribaudo
npm/[email protected]	None	`+1`	883 kB	nicolo-ribaudo
npm/[email protected]	None	`0`	9.46 kB	nicolo-ribaudo
npm/[email protected]	None	`+1`	61.4 kB	jonschlinkert
npm/[email protected]	None	`+1`	39.9 kB	ljharb
npm/[email protected]	None	`0`	1.94 MB	caniuse-lite
npm/[email protected]	environment, filesystem	`+4`	265 kB	paulmillr
npm/[email protected]	environment, filesystem, network	`+1`	1.3 MB	jakub.pawlowicz
npm/[email protected]	None	`0`	6.79 kB	lukeed
npm/[email protected]	None	`0`	6.69 kB	dfcreative
npm/[email protected]	None	`0`	10.5 kB	dougwilson
npm/[email protected]	None	`+1`	1.55 MB	lahmatiy
npm/[email protected]	None	`0`	66 kB	feedic
npm/[email protected]	Transitive: filesystem	`+36`	898 kB	ludovicofischer
npm/[email protected]	filesystem, shell	`0`	23.7 kB	lovell
npm/[email protected]	None	`+1`	36.2 kB	wooorm
npm/[email protected]	None	`0`	11.4 kB	feedic
npm/[email protected]	None	`0`	75.3 kB	feedic
npm/[email protected]	network	`+1`	191 kB	feedic
npm/[email protected]	None	`0`	266 kB	kilianvalkhof
npm/[email protected]	None	`0`	6.23 kB	mafintosh
npm/[email protected]	None	`0`	413 kB	feedic
npm/[email protected]	None	`0`	3.66 kB	dougwilson
npm/[email protected]	None	`0`	13 kB	esp
npm/[email protected]	None	`0`	5.07 kB	mafintosh
npm/[email protected]	filesystem	`+3`	184 kB	mrmlnc
npm/[email protected]	None	`0`	86.2 kB	infusion
npm/[email protected]	eval	`+4`	95 kB	ljharb
npm/[email protected]	filesystem Transitive: environment	`+3`	75.9 kB	isaacs
npm/[email protected]	filesystem	`+3`	35.8 kB	sindresorhus
npm/[email protected]	environment, filesystem	`0`	32.5 kB	isaacs
npm/[email protected]	None	`0`	10 kB	evilebottnawi
npm/[email protected]	None	`0`	51.2 kB	kael
npm/[email protected]	None	`+2`	15.1 kB	sindresorhus
npm/[email protected]	None	`0`	3.96 kB	isaacs
npm/[email protected]	filesystem	`0`	3.01 kB	sindresorhus
npm/[email protected]	None	`+1`	19.8 kB	phated
npm/[email protected]	environment, filesystem, unsafe	`0`	1.91 MB	pi0
npm/[email protected]	None	`0`	10.4 kB	isaacs
npm/[email protected]	environment	`0`	5.81 kB	zertosh
npm/[email protected]	None	`+1`	26.6 kB	wooorm
npm/[email protected]	filesystem Transitive: unsafe	`+1`	205 kB	streamich
npm/[email protected]	None	`0`	8.9 kB	zensh
npm/[email protected]	None	`0`	35.4 kB	wooorm
npm/[email protected]	None	`0`	38.8 kB	wooorm
npm/[email protected]	None	`0`	55.9 kB	jonschlinkert
npm/[email protected]	None	`+1`	183 kB	dougwilson
npm/[email protected]	filesystem	`0`	4.5 kB	mafintosh
npm/[email protected]	None	`0`	34 kB	chicoxyzzy
npm/[email protected]	None	`0`	9.22 kB	jonschlinkert
npm/[email protected]	None	`0`	19.1 kB	indutny
npm/[email protected]	None	`0`	4.05 kB	isaacs
npm/[email protected]	environment, filesystem, shell	`+2`	54.5 kB	sindresorhus
npm/[email protected]	None	`0`	10.3 kB	dougwilson
npm/[email protected]	None	`0`	90 kB	mrmlnc
npm/[email protected]	None	`+1`	203 kB	evilebottnawi
npm/[email protected]	None	`0`	27.2 kB	evilebottnawi
npm/[email protected]	environment, filesystem	`+2`	228 kB	ai

View full report↗︎

socket-security · 2024-07-14T23:43:44Z

🚨 Potential security issues detected. Learn more about Socket for GitHub ↗︎

To accept the risk, merge this PR and you will not be notified again.

Alert	Package	Note	Source	CI
Install scripts	npm/[email protected]	Install script: postinstall Source: `node -e "try{require('./postinstall')}catch(e){}"`	`apps/docs/package.json`	🚫

View full report↗︎

Next steps

What is an install script?

Install scripts are run when the package is installed. The majority of malware in npm is hidden in install scripts.

Packages should not be running non-essential scripts during install and there are often solutions to problems people solve with install scripts that can be run at publish time instead.

Take a deeper look at the dependency

Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support [AT] socket [DOT] dev.

Remove the package

If you happen to install a dependency that Socket reports as Known Malware you should immediately remove it and select a different dependency. For other alert types, you may may wish to investigate alternative packages or consider if there are other ways to mitigate the specific risk posed by the dependency.

Mark a package as acceptable risk

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of ecosystem/package-name@version specifiers. e.g. @SocketSecurity ignore npm/[email protected] or ignore all packages with @SocketSecurity ignore-all

@SocketSecurity ignore npm/[email protected]

paustint · 2024-11-03T23:53:47Z

@dependabot rebase

dependabot · 2024-11-04T00:33:37Z

Looks like these dependencies are updatable in another way, so this is no longer needed.

dependabot bot added the dependencies Pull requests that update a dependency file label Jul 14, 2024

dependabot bot mentioned this pull request Jul 14, 2024

Bump the npm_and_yarn group across 2 directories with 24 updates #974

Closed

dependabot bot closed this Nov 4, 2024

dependabot bot deleted the dependabot/npm_and_yarn/npm_and_yarn-8ae125fa86 branch November 4, 2024 00:33

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump the npm_and_yarn group across 2 directories with 24 updates #979

Bump the npm_and_yarn group across 2 directories with 24 updates #979

dependabot bot commented on behalf of github Jul 14, 2024 •

edited

Loading

socket-security bot commented Jul 14, 2024

socket-security bot commented Jul 14, 2024

paustint commented Nov 3, 2024

dependabot bot commented on behalf of github Nov 4, 2024

Bump the npm_and_yarn group across 2 directories with 24 updates #979

Bump the npm_and_yarn group across 2 directories with 24 updates #979

Conversation

dependabot bot commented on behalf of github Jul 14, 2024 • edited Loading

@​grpc/grpc-js 1.10.9

@​grpc/grpc-js 1.10.8

@​grpc/grpc-js 1.10.7

Release v1.7.0

Release notes:

Features

Bug Fixes

Contributors to this release

Release v1.7.0-beta.2

Release notes:

Bug Fixes

Contributors to this release

Release v1.7.0-beta.1

Release notes:

Bug Fixes

Contributors to this release

Install

Release v1.7.0-beta.0

Release notes:

Features

1.7.0 (2024-05-19)

Features

Bug Fixes

Contributors to this release

1.7.0-beta.2 (2024-05-19)

Bug Fixes

Contributors to this release

1.7.0-beta.1 (2024-05-07)

Bug Fixes

Contributors to this release

1.7.0-beta.0 (2024-04-28)

Features

Version 2.0.0

Major Improvements

Performance Improvements

Code Modernization

All Changes

v2.0.0 (2024-04-17)

Major Improvements

Performance Improvements

Code Modernization

v2.0.0-rc.5 (2024-04-04)

v2.0.0-rc.4 (2024-03-24)

4.6.2

Bug Fixes

Links

4.6.1

Bug Fixes

Links

4.6.0

Bug Fixes

Features

Promise-based acknowledgements

4.6.2 (2023-05-31)

Bug Fixes

Dependencies

4.6.1 (2023-02-20)

Bug Fixes

Dependencies

4.6.0 (2023-02-07)

Bug Fixes

Features

Promise-based acknowledgements

8.4.39

8.4.39

5.1.7 (2024-03-24)

5.1.6 (2024-03-11)

5.1.5 (2024-03-04)

4.4.0 / 2024-06-05

4.3.3 / 2024-01-24

4.3.2 / 2023-11-28

4.3.1 / 2023-03-14

4.3.0 / 2023-03-07

v3.1.10

v3.1.9

6.4.2

dependabot bot commented on behalf of github Jul 14, 2024 •

edited

Loading

`@grpc/grpc-js` 1.10.9

`@grpc/grpc-js` 1.10.8

`@grpc/grpc-js` 1.10.7