Skip to content

Bump the npm_and_yarn group across 1 directory with 23 updates #17

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Bump the npm_and_yarn group across 1 directory with 23 updates #17

wants to merge 1 commit into from

Conversation

@dependabot
Copy link

@dependabot dependabot bot commented on behalf of github Sep 10, 2025

Bumps the npm_and_yarn group with 17 updates in the / directory:

Package From To
nuxt 2.12.1 3.16.0
vue-template-compiler 2.6.11 2.7.16
@babel/runtime 7.9.2 7.28.4
browserify-sign 4.0.4 4.2.3
cipher-base 1.0.4 1.0.6
cross-fetch 2.2.3 2.2.6
decode-uri-component 0.2.0 0.2.2
elliptic 6.5.2 6.6.1
eventsource 1.0.7 1.1.2
express 4.17.1 4.21.2
lodash 4.17.15 4.17.21
moment 2.24.0 2.30.1
pbkdf2 3.0.17 3.1.3
secp256k1 3.8.0 3.8.1
sha.js 2.4.11 2.4.12
thenify 3.3.0 3.3.1
url-parse 1.4.7 1.5.10

Updates nuxt from 2.12.1 to 3.16.0

Release notes

Sourced from nuxt's releases.

v3.16.0

👀 Highlights

There's a lot in this one!

⚡️ A New New Nuxt

Say hello to create-nuxt, a new tool for starting Nuxt projects (big thanks to @​devgar for donating the package name)!

It's a streamlined version of nuxi init - just a sixth of the size and bundled as a single file with all dependencies inlined, to get you going as fast as possible.

Starting a new project is as simple as:

npm create nuxt

screenshot of create nuxt app

Special thanks to @​cmang for the beautiful ASCII-art. ❤️

Want to learn more about where we're headed with the Nuxt CLI? Check out our roadmap here, including our plans for an interactive modules selector.

🚀 Unhead v2

We've upgraded to unhead v2, the engine behind Nuxt's <head> management. This major version removes deprecations and improves how context works:

  • For Nuxt 3 users, we're shipping a legacy compatibility build so nothing breaks
  • The context implementation is now more direct via Nuxt itself
// Nuxt now re-exports composables while properly resolving the context
export function useHead(input, options = {}) {
  const unhead = injectHead(options.nuxt)
  return head(input, { head: unhead, ...options })
}

If you're using Unhead directly in your app, keep in mind:

  1. Import from Nuxt's auto-imports or #app/composables/head instead of @unhead/vue
  2. Importing directly from @unhead/vue might lose async context

Don't worry though - we've maintained backward compatibility in Nuxt 3, so most users won't need to change anything!

If you've opted into compatibilityVersion: 4, check out our upgrade guide for additional changes.

🔧 Devtools v2 Upgrade

Nuxt Devtools has leveled up to v2 (#30889)!

... (truncated)

Commits
  • 7a37a98 v3.16.0
  • 0d13fe9 chore(deps): update all non-major dependencies (3.x) (#31264)
  • 2476cab fix(nuxt): strip query in x-nitro-prerender header
  • 2c68c92 chore(deps): update all non-major dependencies (3.x) (#31240)
  • bf454cb fix(nuxt): pass useFetch function name on server for warning (#31213)
  • b29c0e8 chore: ignore nitro/renderer templates
  • 7c427df fix(nuxt): fall back to wasm if oxc native bindings are missing (#31190)
  • 0ebaa51 fix(nuxt): apply ignore rules to nitro devStorage (#31233)
  • 2f833f4 fix(nuxt): preserve query/hash when calling navigateTo with replace (#31244)
  • 3cd4384 fix(nuxt): ensure head components are reactive (#31248)
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by danielroe, a new releaser for nuxt since your current version.


Updates vue-template-compiler from 2.6.11 to 2.7.16

Release notes

Sourced from vue-template-compiler's releases.

v2.7.16 "Swan Song"

This is the final release for Vue 2.

Vue 2 will reach End of Life on December 31st, 2023. For more details, please read this blog post.

Please refer to CHANGELOG.md for details.

v2.7.16-beta.2

Please refer to CHANGELOG.md for details.

v2.7.16-beta.1

Please refer to CHANGELOG.md for details.

v2.7.15

Please refer to CHANGELOG.md for details.

v2.7.14

Please refer to CHANGELOG.md for details.

v2.7.13

Please refer to CHANGELOG.md for details.

v2.7.12

Please refer to CHANGELOG.md for details.

v2.7.11

Please refer to CHANGELOG.md for details.

v2.7.10

Please refer to CHANGELOG.md for details.

v2.7.9

Please refer to CHANGELOG.md for details.

v2.7.8

Please refer to CHANGELOG.md for details.

v2.7.7

Please refer to CHANGELOG.md for details.

v2.7.6

Please refer to CHANGELOG.md for details.

v2.7.5

Please refer to CHANGELOG.md for details.

v2.7.4

Please refer to CHANGELOG.md for details.

v2.7.3

... (truncated)

Changelog

Sourced from vue-template-compiler's changelog.

2.7.16 Swan Song (2023-12-24)

Bug Fixes

  • lifecycle: ensure component effect scopes are disconnected (56ce7f8), closes #13134

2.7.16-beta.2 (2023-12-14)

Bug Fixes

2.7.16-beta.1 (2023-12-08)

Bug Fixes

2.7.15 (2023-10-23)

Bug Fixes

  • compiler-sfc: add semicolon after defineProps statement (#12879) (51fef2c)
  • compiler-sfc: fix macro usage in multi-variable declaration (#12873) (d27c128)
  • compiler-sfc: Optimize the value of emitIdentifier (#12851) (bb59751)
  • compiler-sfc: Resolve object expression parsing errors in v-on (#12862) (b8c8b3f)
  • lifecycle: scope might changed when call hook (#13070) (74ca5a1)

... (truncated)

Commits
  • 13f4e7d release: v2.7.16
  • 56ce7f8 fix(lifecycle): esnure component effect scopes are disconnected
  • 305e4ae release: v2.7.16-beta.2
  • 3e1037e chore: bump vitest to 1.0.4
  • db9c566 fix: account for nested render calls
  • 895669f fix(types): export more types for v3 alignment (jsx / component options)
  • 73bdf14 release: v2.7.16-beta.1
  • e0747f4 fix(keep-alive): fix memory leak without breaking transition tests
  • 2632249 fix(keep-alive): fix keep-alive memory leak
  • 3650c12 fix(types): provide types for built-in components
  • Additional commits viewable in compare view

Updates @babel/runtime from 7.9.2 to 7.28.4

Release notes

Sourced from @​babel/runtime's releases.

v7.28.4 (2025-09-05)

Thanks @​gwillen and @​mrginglymus for your first PRs!

🏠 Internal

Committers: 5

v7.28.3 (2025-08-14)

👓 Spec Compliance

  • babel-helper-create-class-features-plugin, babel-plugin-proposal-decorators, babel-plugin-transform-class-static-block, babel-preset-env

🐛 Bug Fix

💅 Polish

  • babel-plugin-transform-regenerator, babel-plugin-transform-runtime

📝 Documentation

🏠 Internal

🔬 Output optimization

  • babel-plugin-proposal-destructuring-private, babel-plugin-proposal-do-expressions

Committers: 5

... (truncated)

Changelog

Sourced from @​babel/runtime's changelog.

v7.28.4 (2025-09-05)

🏠 Internal

v7.28.3 (2025-08-14)

👓 Spec Compliance

  • babel-helper-create-class-features-plugin, babel-plugin-proposal-decorators, babel-plugin-transform-class-static-block, babel-preset-env

🐛 Bug Fix

💅 Polish

  • babel-plugin-transform-regenerator, babel-plugin-transform-runtime

📝 Documentation

🏠 Internal

🔬 Output optimization

  • babel-plugin-proposal-destructuring-private, babel-plugin-proposal-do-expressions

v7.28.2 (2025-07-24)

🐛 Bug Fix

  • babel-types
  • babel-helpers, babel-plugin-transform-async-generator-functions, babel-plugin-transform-regenerator, babel-preset-env, babel-runtime-corejs3

v7.28.1 (2025-07-12)

🐛 Bug Fix

  • babel-plugin-transform-async-generator-functions, babel-plugin-transform-regenerator

📝 Documentation

... (truncated)

Commits

Updates browserify-sign from 4.0.4 to 4.2.3

Changelog

Sourced from browserify-sign's changelog.

v4.2.3 - 2024-03-05

Commits

v4.2.2 - 2023-10-25

Fixed

Commits

  • Only apps should have lockfiles 09a8995
  • [eslint] switch to eslint 83fe463
  • [meta] add npmignore and auto-changelog 4418183
  • [meta] fix package.json indentation 9ac5a5e
  • [Tests] migrate from travis to github actions d845d85
  • [Fix] sign: throw on unsupported padding scheme 8767739
  • [Fix] properly check the upper bound for DSA signatures 85994cd
  • [Tests] handle openSSL not supporting a scheme f5f17c2
  • [Deps] update bn.js, browserify-rsa, elliptic, parse-asn1, readable-stream, safe-buffer a67d0eb
  • [Dev Deps] update nyc, standard, tape cc5350b
  • [Tests] always run coverage; downgrade nyc 75ce1d5
  • [meta] add safe-publish-latest dcf49ce
  • [Tests] add npm run posttest 75dd8fd
  • [Dev Deps] update tape 3aec038
  • [Tests] skip unsupported schemes 703c83e
  • [Tests] node < 6 lacks array includes 3aa43cf
  • [Dev Deps] fix eslint range 98d4e0d

v4.2.1 - 2020-08-04

Merged

v4.2.0 - 2020-05-18

Merged

... (truncated)

Commits
  • bf2c3ec v4.2.3
  • 9247adf [patch] widen support to 0.12
  • f427270 [Deps] update `parse-asn1
  • 87f3a35 [Dev Deps] update aud, npmignore, tape
  • fb261ce [Deps] update elliptic
  • 4d0ee49 [patch] drop minimum node support to v1
  • 9e2bf12 [Deps] pin hash-base to ~3.0, due to a breaking change
  • 168e16f [Deps] pin elliptic due to a breaking change
  • 37a4758 [actions] remove redundant finisher
  • 4af5a90 v4.2.2
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by ljharb, a new releaser for browserify-sign since your current version.


Updates cipher-base from 1.0.4 to 1.0.6

Changelog

Sourced from cipher-base's changelog.

v1.0.6 - 2024-11-26

Commits

  • [Fix] io.js 3.0 - Node.js 5.3 typed array support b7ddd2a

v1.0.5 - 2024-11-17

Commits

  • [Tests] standard -> eslint, make test dir, etc ae02fd6
  • [Tests] migrate from travis to GHA 66387d7
  • [meta] fix package.json indentation 5c02918
  • [Fix] return valid values on multi-byte-wide TypedArray input 8fd1364
  • [meta] add auto-changelog 88dc806
  • [meta] add npmignore and safe-publish-latest 7a137d7
  • Only apps should have lockfiles 42528f2
  • [Deps] update inherits, safe-buffer 0e7a2d9
  • [meta] add missing engines.node f2dc13e
Commits
  • f5249f9 v1.0.6
  • b7ddd2a [Fix] io.js 3.0 - Node.js 5.3 typed array support
  • f03cebf v1.0.5
  • 88dc806 [meta] add auto-changelog
  • 7a137d7 [meta] add npmignore and safe-publish-latest
  • 5c02918 [meta] fix package.json indentation
  • 8fd1364 [Fix] return valid values on multi-byte-wide TypedArray input
  • 66387d7 [Tests] migrate from travis to GHA
  • f2dc13e [meta] add missing engines.node
  • 0e7a2d9 [Deps] update inherits, safe-buffer
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by ljharb, a new releaser for cipher-base since your current version.


Updates cookie from 0.3.1 to 0.4.0

Release notes

Sourced from cookie's releases.

0.4.0

  • Add SameSite=None support
Changelog

Sourced from cookie's changelog.

0.4.0 / 2019-05-15

  • Add SameSite=None support
Commits

Updates cross-fetch from 2.2.3 to 2.2.6

Commits

Updates decode-uri-component from 0.2.0 to 0.2.2

Release notes

Sourced from decode-uri-component's releases.

v0.2.2

  • Prevent overwriting previously decoded tokens 980e0bf

SamVerschueren/decode-uri-component@v0.2.1...v0.2.2

v0.2.1

  • Switch to GitHub workflows 76abc93
  • Fix issue where decode throws - fixes #6 746ca5d
  • Update license (#1) 486d7e2
  • Tidelift tasks a650457
  • Meta tweaks 66e1c28

SamVerschueren/decode-uri-component@v0.2.0...v0.2.1

Commits

Updates elliptic from 6.5.2 to 6.6.1

Commits

Updates eventsource from 1.0.7 to 1.1.2

Changelog

Sourced from eventsource's changelog.

1.1.2 (2022-06-08)

Features

  • Inline origin resolution, drops original dependency (#281 Espen Hovlandsdal)

1.1.1 (2022-05-11)

Bug Fixes

  • Do not include authorization and cookie headers on redirect to different origin (#273 Espen Hovlandsdal)

1.1.0 (2021-03-18)

Features

  • Improve performance for large messages across many chunks (#130 Trent Willis)
  • Add createConnection option for http or https requests (#120 Vasily Lavrov)
  • Support HTTP 302 redirects (#116 Ryan Bonte)

Bug Fixes

  • Prevent sequential errors from attempting multiple reconnections (#125 David Patty)
  • Add new to correct test (#111 Stéphane Alnet)
  • Fix reconnections attempts now happen more than once (#136 Icy Fish)
Commits

Updates express from 4.17.1 to 4.21.2

Release notes

Sourced from express's releases.

4.21.2

What's Changed

Full Changelog: expressjs/express@4.21.1...4.21.2

4.21.1

What's Changed

Full Changelog: expressjs/express@4.21.0...4.21.1

4.21.0

What's Changed

New Contributors

Full Changelog: expressjs/express@4.20.0...4.21.0

4.20.0

What's Changed

Important

  • IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity)
  • Remove link renderization in html while using res.redirect

Other Changes

... (truncated)

Changelog

Sourced from express's changelog.

4.21.2 / 2024-11-06

4.21.1 / 2024-10-08

4.21.0 / 2024-09-11

4.20.0 / 2024-09-10

  • deps: [email protected]
    • Remove link renderization in html while redirecting
  • deps: [email protected]
    • Remove link renderization in html while redirecting
  • deps: [email protected]
    • add depth option to customize the depth level in the parser
    • IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity)
  • Remove link renderization in html while using res.redirect
  • deps: [email protected]
    • Adds support for named matching groups in the routes using a regex
    • Adds backtracking protection to parameters without regexes defined
  • deps: encodeurl@~2.0.0
    • Removes encoding of \, |, and ^ to align better with URL spec
  • Deprecate passing options.maxAge and options.expires to res.clearCookie
    • Will be ignored in v5, clearCookie will set a cookie with an expires in the past to instruct clients to delete the cookie

4.19.2 / 2024-03-25

  • Improved fix for open redirect allow list bypass

4.19.1 / 2024-03-20

  • Allow passing non-strings to res.location with new encoding handling checks

... (truncated)

Commits

@dependabot
Bump the npm_and_yarn group across 1 directory with 23 updates
767acd6 
Bumps the npm_and_yarn group with 17 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [nuxt](https://github.com/nuxt/nuxt/tree/HEAD/packages/nuxt) | `2.12.1` | `3.16.0` |
| [vue-template-compiler](https://github.com/vuejs/vue) | `2.6.11` | `2.7.16` |
| [@babel/runtime](https://github.com/babel/babel/tree/HEAD/packages/babel-runtime) | `7.9.2` | `7.28.4` |
| [browserify-sign](https://github.com/crypto-browserify/browserify-sign) | `4.0.4` | `4.2.3` |
| [cipher-base](https://github.com/crypto-browserify/cipher-base) | `1.0.4` | `1.0.6` |
| [cross-fetch](https://github.com/lquixada/cross-fetch) | `2.2.3` | `2.2.6` |
| [decode-uri-component](https://github.com/SamVerschueren/decode-uri-component) | `0.2.0` | `0.2.2` |
| [elliptic](https://github.com/indutny/elliptic) | `6.5.2` | `6.6.1` |
| [eventsource](https://github.com/EventSource/eventsource) | `1.0.7` | `1.1.2` |
| [express](https://github.com/expressjs/express) | `4.17.1` | `4.21.2` |
| [lodash](https://github.com/lodash/lodash) | `4.17.15` | `4.17.21` |
| [moment](https://github.com/moment/moment) | `2.24.0` | `2.30.1` |
| [pbkdf2](https://github.com/crypto-browserify/pbkdf2) | `3.0.17` | `3.1.3` |
| [secp256k1](https://github.com/cryptocoinjs/secp256k1-node) | `3.8.0` | `3.8.1` |
| [sha.js](https://github.com/crypto-browserify/sha.js) | `2.4.11` | `2.4.12` |
| [thenify](https://github.com/thenables/thenify) | `3.3.0` | `3.3.1` |
| [url-parse](https://github.com/unshiftio/url-parse) | `1.4.7` | `1.5.10` |



Updates `nuxt` from 2.12.1 to 3.16.0
- [Release notes](https://github.com/nuxt/nuxt/releases)
- [Commits](https://github.com/nuxt/nuxt/commits/v3.16.0/packages/nuxt)

Updates `vue-template-compiler` from 2.6.11 to 2.7.16
- [Release notes](https://github.com/vuejs/vue/releases)
- [Changelog](https://github.com/vuejs/vue/blob/main/CHANGELOG.md)
- [Commits](vuejs/vue@v2.6.11...v2.7.16)

Updates `@babel/runtime` from 7.9.2 to 7.28.4
- [Release notes](https://github.com/babel/babel/releases)
- [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md)
- [Commits](https://github.com/babel/babel/commits/v7.28.4/packages/babel-runtime)

Updates `browserify-sign` from 4.0.4 to 4.2.3
- [Changelog](https://github.com/browserify/browserify-sign/blob/main/CHANGELOG.md)
- [Commits](browserify/browserify-sign@v4.0.4...v4.2.3)

Updates `cipher-base` from 1.0.4 to 1.0.6
- [Changelog](https://github.com/browserify/cipher-base/blob/master/CHANGELOG.md)
- [Commits](browserify/cipher-base@v1.0.4...v1.0.6)

Updates `cookie` from 0.3.1 to 0.4.0
- [Release notes](https://github.com/jshttp/cookie/releases)
- [Changelog](https://github.com/jshttp/cookie/blob/v0.4.0/HISTORY.md)
- [Commits](jshttp/cookie@v0.3.1...v0.4.0)

Updates `cross-fetch` from 2.2.3 to 2.2.6
- [Release notes](https://github.com/lquixada/cross-fetch/releases)
- [Changelog](https://github.com/lquixada/cross-fetch/blob/v4.x/CHANGELOG.md)
- [Commits](lquixada/cross-fetch@v2.2.3...v2.2.6)

Updates `decode-uri-component` from 0.2.0 to 0.2.2
- [Release notes](https://github.com/SamVerschueren/decode-uri-component/releases)
- [Commits](SamVerschueren/decode-uri-component@v0.2.0...v0.2.2)

Updates `elliptic` from 6.5.2 to 6.6.1
- [Commits](indutny/elliptic@v6.5.2...v6.6.1)

Updates `eventsource` from 1.0.7 to 1.1.2
- [Release notes](https://github.com/EventSource/eventsource/releases)
- [Changelog](https://github.com/EventSource/eventsource/blob/main/CHANGELOG.md)
- [Commits](EventSource/eventsource@v1.0.7...v1.1.2)

Updates `express` from 4.17.1 to 4.21.2
- [Release notes](https://github.com/expressjs/express/releases)
- [Changelog](https://github.com/expressjs/express/blob/4.21.2/History.md)
- [Commits](expressjs/express@4.17.1...4.21.2)

Updates `lodash` from 4.17.15 to 4.17.21
- [Release notes](https://github.com/lodash/lodash/releases)
- [Commits](lodash/lodash@4.17.15...4.17.21)

Updates `moment` from 2.24.0 to 2.30.1
- [Changelog](https://github.com/moment/moment/blob/develop/CHANGELOG.md)
- [Commits](moment/moment@2.24.0...2.30.1)

Updates `node-fetch` from 2.1.2 to 2.7.0
- [Release notes](https://github.com/node-fetch/node-fetch/releases)
- [Commits](node-fetch/node-fetch@v2.1.2...v2.7.0)

Updates `path-to-regexp` from 0.1.7 to 0.1.12
- [Release notes](https://github.com/pillarjs/path-to-regexp/releases)
- [Changelog](https://github.com/pillarjs/path-to-regexp/blob/master/History.md)
- [Commits](pillarjs/path-to-regexp@v0.1.7...v0.1.12)

Updates `pbkdf2` from 3.0.17 to 3.1.3
- [Changelog](https://github.com/browserify/pbkdf2/blob/master/CHANGELOG.md)
- [Commits](browserify/pbkdf2@v3.0.17...v3.1.3)

Updates `secp256k1` from 3.8.0 to 3.8.1
- [Release notes](https://github.com/cryptocoinjs/secp256k1-node/releases)
- [Commits](cryptocoinjs/secp256k1-node@v3.8.0...v3.8.1)

Updates `send` from 0.17.1 to 0.19.0
- [Release notes](https://github.com/pillarjs/send/releases)
- [Changelog](https://github.com/pillarjs/send/blob/master/HISTORY.md)
- [Commits](pillarjs/send@0.17.1...0.19.0)

Updates `serve-static` from 1.14.1 to 1.16.2
- [Release notes](https://github.com/expressjs/serve-static/releases)
- [Changelog](https://github.com/expressjs/serve-static/blob/v1.16.2/HISTORY.md)
- [Commits](expressjs/serve-static@v1.14.1...v1.16.2)

Updates `sha.js` from 2.4.11 to 2.4.12
- [Changelog](https://github.com/browserify/sha.js/blob/master/CHANGELOG.md)
- [Commits](browserify/sha.js@v2.4.11...v2.4.12)

Updates `thenify` from 3.3.0 to 3.3.1
- [Changelog](https://github.com/thenables/thenify/blob/master/History.md)
- [Commits](thenables/thenify@3.3.0...3.3.1)

Updates `url-parse` from 1.4.7 to 1.5.10
- [Commits](unshiftio/url-parse@1.4.7...1.5.10)

Updates `vue` from 2.6.11 to 3.5.21
- [Release notes](https://github.com/vuejs/core/releases)
- [Changelog](https://github.com/vuejs/core/blob/main/CHANGELOG.md)
- [Commits](https://github.com/vuejs/core/commits/v3.5.21)

---
updated-dependencies:
- dependency-name: nuxt
  dependency-version: 3.16.0
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: vue-template-compiler
  dependency-version: 2.7.16
  dependency-type: direct:development
  dependency-group: npm_and_yarn
- dependency-name: "@babel/runtime"
  dependency-version: 7.28.4
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: browserify-sign
  dependency-version: 4.2.3
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: cipher-base
  dependency-version: 1.0.6
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: cookie
  dependency-version: 0.4.0
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: cross-fetch
  dependency-version: 2.2.6
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: decode-uri-component
  dependency-version: 0.2.2
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: elliptic
  dependency-version: 6.6.1
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: eventsource
  dependency-version: 1.1.2
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: express
  dependency-version: 4.21.2
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: lodash
  dependency-version: 4.17.21
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: moment
  dependency-version: 2.30.1
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: node-fetch
  dependency-version: 2.7.0
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: path-to-regexp
  dependency-version: 0.1.12
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: pbkdf2
  dependency-version: 3.1.3
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: secp256k1
  dependency-version: 3.8.1
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: send
  dependency-version: 0.19.0
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: serve-static
  dependency-version: 1.16.2
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: sha.js
  dependency-version: 2.4.12
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: thenify
  dependency-version: 3.3.1
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: url-parse
  dependency-version: 1.5.10
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: vue
  dependency-version: 3.5.21
  dependency-type: indirect
  dependency-group: npm_and_yarn
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Sep 10, 2025
This was referenced Sep 10, 2025
Closed
Closed
Closed
Closed
Closed
@socket-security
Copy link

socket-security bot commented Sep 10, 2025

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security		 Vulnerability Quality Maintenance License
Added@​parcel/​watcher-linux-arm-musl@​2.5.11001003577100
Added@​parcel/​watcher-darwin-x64@​2.5.11001003578100
Added@​parcel/​watcher-darwin-arm64@​2.5.11001003578100
Added@​parcel/​watcher-win32-x64@​2.5.11001003578100
Added@​parcel/​watcher-win32-arm64@​2.5.11001003578100
Added@​parcel/​watcher-win32-ia32@​2.5.11001003578100
Added@​parcel/​watcher-linux-x64-glibc@​2.5.11001003578100
Added@​parcel/​watcher-linux-x64-musl@​2.5.11001003578100
Added@​parcel/​watcher-linux-arm64-glibc@​2.5.11001003578100
Added@​parcel/​watcher-linux-arm64-musl@​2.5.11001003578100
Added@​parcel/​watcher-linux-arm-glibc@​2.5.11001003578100
Added@​parcel/​watcher-android-arm64@​2.5.11001003578100
Added@​parcel/​watcher-freebsd-x64@​2.5.11001003578100
Added@​types/​parse-path@​7.1.01001003577100
Added@​esbuild/​freebsd-arm64@​0.25.91001003691100
Added@​esbuild/​freebsd-x64@​0.25.91001003691100
Added@​esbuild/​linux-arm64@​0.25.91001003691100
Added@​esbuild/​linux-arm@​0.25.91001003691100
Added@​esbuild/​linux-ppc64@​0.25.91001003691100
Added@​esbuild/​linux-s390x@​0.25.91001003691100
Added@​esbuild/​openbsd-arm64@​0.25.91001003691100
Added@​esbuild/​openbsd-x64@​0.25.91001003691100
Added@​esbuild/​win32-arm64@​0.25.91001003691100
Added@​esbuild/​win32-ia32@​0.25.91001003691100
Added@​esbuild/​win32-x64@​0.25.91001003691100
Added@​esbuild/​aix-ppc64@​0.25.91001003691100
Added@​esbuild/​android-arm64@​0.25.91001003691100
Added@​esbuild/​darwin-arm64@​0.25.91001003691100
Added@​esbuild/​darwin-x64@​0.25.91001003691100
Added@​esbuild/​linux-ia32@​0.25.91001003691100
Added@​esbuild/​linux-loong64@​0.25.91001003691100
Added@​esbuild/​linux-mips64el@​0.25.91001003691100
Added@​esbuild/​linux-riscv64@​0.25.91001003691100
See 481 more rows in the dashboard

View full report

@socket-security
Copy link

socket-security bot commented Sep 10, 2025

Caution

Review the following alerts detected in dependencies.

According to your organization's Security Policy, you must resolve all "Block" alerts before proceeding. It is recommended to resolve "Warn" alerts too. Learn more about Socket for GitHub.

Action Severity Alert  (click "▶" to expand/collapse)
Block Medium
@emnapi/[email protected] has Network access.

Module: globalThis["fetch"]

Location: Package overview

From: yarn.locknpm/@emnapi/[email protected]

ℹ Read more on: This package | This alert | What is network access?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at [email protected].

Suggestion: Packages should remove all network access that is functionally unnecessary. Consumers should audit network access to ensure legitimate use.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@emnapi/[email protected]. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Block Medium
@mapbox/[email protected] has Network access.

Module: globalThis["fetch"]

Location: Package overview

From: yarn.locknpm/@mapbox/[email protected]

ℹ Read more on: This package | This alert | What is network access?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at [email protected].

Suggestion: Packages should remove all network access that is functionally unnecessary. Consumers should audit network access to ensure legitimate use.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@mapbox/[email protected]. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Block Medium
@nuxt/[email protected] has Network access.

Module: globalThis["fetch"]

Location: Package overview

From: yarn.locknpm/@nuxt/[email protected]

ℹ Read more on: This package | This alert | What is network access?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at [email protected].

Suggestion: Packages should remove all network access that is functionally unnecessary. Consumers should audit network access to ensure legitimate use.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@nuxt/[email protected]. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Block Medium
@nuxt/[email protected] has Network access.

Module: globalThis["fetch"]

Location: Package overview

From: yarn.locknpm/@nuxt/[email protected]

ℹ Read more on: This package | This alert | What is network access?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at [email protected].

Suggestion: Packages should remove all network access that is functionally unnecessary. Consumers should audit network access to ensure legitimate use.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@nuxt/[email protected]. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Block Medium
@oxc-parser/[email protected] has Network access.

Module: globalThis["fetch"]

Location: Package overview

From: yarn.locknpm/@oxc-parser/[email protected]

ℹ Read more on: This package | This alert | What is network access?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at [email protected].

Suggestion: Packages should remove all network access that is functionally unnecessary. Consumers should audit network access to ensure legitimate use.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@oxc-parser/[email protected]. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Block Medium
@oxc-parser/[email protected] has Network access.

Module: globalThis["fetch"]

Location: Package overview

From: yarn.locknpm/@oxc-parser/[email protected]

ℹ Read more on: This package | This alert | What is network access?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at [email protected].

Suggestion: Packages should remove all network access that is functionally unnecessary. Consumers should audit network access to ensure legitimate use.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@oxc-parser/[email protected]. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Block Medium
@parcel/[email protected] has Shell access.

Module: child_process

Location: Package overview

From: yarn.locknpm/@parcel/[email protected]

ℹ Read more on: This package | This alert | What is shell access?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at [email protected].

Suggestion: Packages should avoid accessing the shell which can reduce portability, and make it easier for malicious shell access to be introduced.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@parcel/[email protected]. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Block Medium
@parcel/[email protected] has Native code.

Location: Package overview

From: yarn.locknpm/@parcel/[email protected]

ℹ Read more on: This package | This alert | Why is native code a concern?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at [email protected].

Suggestion: Verify that the inclusion of native code is expected and necessary for this package's functionality. If it is unnecessary or unexpected, consider using alternative packages without native code to mitigate potential risks.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@parcel/[email protected]. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Block Medium
@tybys/[email protected] has Network access.

Module: globalThis["fetch"]

Location: Package overview

From: yarn.locknpm/@tybys/[email protected]

ℹ Read more on: This package | This alert | What is network access?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at [email protected].

Suggestion: Packages should remove all network access that is functionally unnecessary. Consumers should audit network access to ensure legitimate use.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@tybys/[email protected]. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Block Medium
@vue/[email protected] has Network access.

Module: globalThis["fetch"]

Location: Package overview

From: yarn.locknpm/@vue/[email protected]

ℹ Read more on: This package | This alert | What is network access?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at [email protected].

Suggestion: Packages should remove all network access that is functionally unnecessary. Consumers should audit network access to ensure legitimate use.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@vue/[email protected]. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Block Medium
[email protected] has Network access.

Module: http

Location: Package overview

From: yarn.locknpm/[email protected]

ℹ Read more on: This package | This alert | What is network access?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at [email protected].

Suggestion: Packages should remove all network access that is functionally unnecessary. Consumers should audit network access to ensure legitimate use.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/[email protected]. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Block Medium
[email protected] has Network access.

Module: https

Location: Package overview

From: yarn.locknpm/[email protected]

ℹ Read more on: This package | This alert | What is network access?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at [email protected].

Suggestion: Packages should remove all network access that is functionally unnecessary. Consumers should audit network access to ensure legitimate use.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/[email protected]. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Block Medium
[email protected] has Network access.

Module: net

Location: Package overview

From: yarn.locknpm/[email protected]

ℹ Read more on: This package | This alert | What is network access?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at [email protected].

Suggestion: Packages should remove all network access that is functionally unnecessary. Consumers should audit network access to ensure legitimate use.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/[email protected]. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Block Medium
[email protected] has Network access.

Module: globalThis["fetch"]

Location: Package overview

From: yarn.locknpm/[email protected]

ℹ Read more on: This package | This alert | What is network access?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at [email protected].

Suggestion: Packages should remove all network access that is functionally unnecessary. Consumers should audit network access to ensure legitimate use.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/[email protected]. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Block Medium
[email protected] has Shell access.

Module: child_process

Location: Package overview

From: yarn.locknpm/[email protected]

ℹ Read more on: This package | This alert | What is shell access?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at [email protected].

Suggestion: Packages should avoid accessing the shell which can reduce portability, and make it easier for malicious shell access to be introduced.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/[email protected]. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Block Medium
[email protected] has Shell access.

Module: child_process

Location: Package overview

From: yarn.locknpm/[email protected]

ℹ Read more on: This package | This alert | What is shell access?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at [email protected].

Suggestion: Packages should avoid accessing the shell which can reduce portability, and make it easier for malicious shell access to be introduced.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/[email protected]. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Block Medium
[email protected] has Network access.

Module: globalThis["fetch"]

Location: Package overview

From: yarn.locknpm/[email protected]

ℹ Read more on: This package | This alert | What is network access?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at [email protected].

Suggestion: Packages should remove all network access that is functionally unnecessary. Consumers should audit network access to ensure legitimate use.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/[email protected]. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Block Medium
[email protected] has Shell access.

Module: child_process

Location: Package overview

From: yarn.locknpm/[email protected]

ℹ Read more on: This package | This alert | What is shell access?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at [email protected].

Suggestion: Packages should avoid accessing the shell which can reduce portability, and make it easier for malicious shell access to be introduced.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/[email protected]. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Block Medium
[email protected] has Network access.

Module: globalThis["fetch"]

Location: Package overview

From: yarn.locknpm/[email protected]

ℹ Read more on: This package | This alert | What is network access?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at [email protected].

Suggestion: Packages should remove all network access that is functionally unnecessary. Consumers should audit network access to ensure legitimate use.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/[email protected]. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Block Medium
[email protected] has Network access.

Module: https

Location: Package overview

From: yarn.locknpm/[email protected]

ℹ Read more on: This package | This alert | What is network access?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at [email protected].

Suggestion: Packages should remove all network access that is functionally unnecessary. Consumers should audit network access to ensure legitimate use.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/[email protected]. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Block Medium
[email protected] has Network access.

Module: globalThis["fetch"]

Location: Package overview

From: yarn.locknpm/[email protected]

ℹ Read more on: This package | This alert | What is network access?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at [email protected].

Suggestion: Packages should remove all network access that is functionally unnecessary. Consumers should audit network access to ensure legitimate use.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/[email protected]. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Block Medium
[email protected] has Shell access.

Module: child_process

Location: Package overview

From: yarn.locknpm/[email protected]

ℹ Read more on: This package | This alert | What is shell access?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at [email protected].

Suggestion: Packages should avoid accessing the shell which can reduce portability, and make it easier for malicious shell access to be introduced.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/[email protected]. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Block Medium
[email protected] has Network access.

Module: globalThis["fetch"]

Location: Package overview

From: yarn.locknpm/[email protected]

ℹ Read more on: This package | This alert | What is network access?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at [email protected].

Suggestion: Packages should remove all network access that is functionally unnecessary. Consumers should audit network access to ensure legitimate use.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/[email protected]. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Block Medium
[email protected] has Network access.

Module: https

Location: Package overview

From: yarn.locknpm/[email protected]

ℹ Read more on: This package | This alert | What is network access?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at [email protected].

Suggestion: Packages should remove all network access that is functionally unnecessary. Consumers should audit network access to ensure legitimate use.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/[email protected]. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Block Medium
[email protected] has Network access.

Module: http

Location: Package overview

From: yarn.locknpm/[email protected]

ℹ Read more on: This package | This alert | What is network access?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at [email protected].

Suggestion: Packages should remove all network access that is functionally unnecessary. Consumers should audit network access to ensure legitimate use.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/[email protected]. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Block Medium
[email protected] has Network access.

Module: tls

Location: Package overview

From: yarn.locknpm/[email protected]

ℹ Read more on: This package | This alert | What is network access?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at [email protected].

Suggestion: Packages should remove all network access that is functionally unnecessary. Consumers should audit network access to ensure legitimate use.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/[email protected]. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Block Medium
[email protected] has Network access.

Module: net

Location: Package overview

From: yarn.locknpm/[email protected]

ℹ Read more on: This package | This alert | What is network access?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at [email protected].

Suggestion: Packages should remove all network access that is functionally unnecessary. Consumers should audit network access to ensure legitimate use.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/[email protected]. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

See 53 more rows in the dashboard

View full report

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant