chore: updating lavamoat allow-scripts dependencies #734
Pull Request #734 Alerts: Success
Report | Status | Message |
---|---|---|
PR #734 Alerts | ✅ | No new dependency alerts |
Pull request alerts notify when new issues are detected between the diff of the pull request and it's target branch.
Details
👍 Dependency issues cleared. Learn more about Socket for GitHub ↗︎
This PR previously contained dependency changes with security issues that have been resolved, removed, or ignored.
Ignoring: npm/collect-v8-coverage@1.0.2
, npm/istanbul-lib-report@3.0.1
, npm/convert-source-map@1.9.0
, npm/make-dir@4.0.0
, npm/deepmerge@4.3.1
, npm/anymatch@3.1.3
, npm/fb-watchman@2.0.2
, npm/jest-pnp-resolver@1.2.3
, npm/@sinonjs/commons@1.8.6
, npm/word-wrap@1.2.5
, npm/has@1.0.4
, npm/json-buffer@3.0.1
, npm/function.prototype.name@1.1.6
, npm/detect-libc@1.0.3
, npm/supports-hyperlinks@2.3.0
, npm/spdx-correct@3.2.0
, npm/keyv@4.5.4
, npm/fast-diff@1.3.0
, npm/array.prototype.flat@1.3.2
, npm/eslint-import-resolver-node@0.3.9
, npm/jsesc@3.0.2
, npm/@joshwooding/vite-plugin-react-docgen-typescript@0.3.0
, npm/es-shim-unscopables@1.0.2
, npm/punycode@2.3.1
, npm/@types/istanbul-lib-coverage@2.0.6
, npm/@types/istanbul-reports@3.0.4
, npm/@types/istanbul-lib-report@3.0.3
, npm/@types/babel__template@7.4.4
, npm/@types/stack-utils@2.0.3
, npm/@types/yargs-parser@21.0.3
, npm/istanbul-lib-coverage@3.2.2
, npm/flat-cache@3.2.0
, npm/merge-descriptors@1.0.3
, npm/tsconfig-paths@3.15.0
, npm/@types/babel__generator@7.6.8
, npm/assertion-error@2.0.1
, npm/pathval@2.0.0
, npm/is-data-view@1.0.1
, npm/arraybuffer.prototype.slice@1.0.3
, npm/fastq@1.17.1
, npm/safe-regex-test@1.0.3
, npm/get-symbol-description@1.0.2
, npm/@jridgewell/resolve-uri@3.1.2
, npm/spdx-exceptions@2.5.0
, npm/http-proxy-agent@7.0.2
, npm/eslint-plugin-jest@27.9.0
, npm/is-negative-zero@2.0.3
, npm/has-proto@1.0.3
, npm/istanbul-reports@3.1.7
, npm/typed-array-buffer@1.0.2
, npm/typed-array-byte-offset@1.0.2
, npm/es-set-tostringtag@2.0.3
, npm/is-shared-array-buffer@1.0.3
, npm/typed-array-byte-length@1.0.1
, npm/flatted@3.3.1
, npm/@parcel/watcher@2.4.1
, npm/@parcel/watcher-android-arm64@2.4.1
, npm/@parcel/watcher-darwin-arm64@2.4.1
, npm/@parcel/watcher-darwin-x64@2.4.1
, npm/@parcel/watcher-freebsd-x64@2.4.1
, npm/@parcel/watcher-linux-arm-glibc@2.4.1
, npm/@parcel/watcher-linux-arm64-glibc@2.4.1
, npm/@parcel/watcher-linux-arm64-musl@2.4.1
, npm/@parcel/watcher-linux-x64-glibc@2.4.1
, npm/@parcel/watcher-linux-x64-musl@2.4.1
, npm/@parcel/watcher-win32-arm64@2.4.1
, npm/@parcel/watcher-win32-ia32@2.4.1
, npm/@parcel/watcher-win32-x64@2.4.1
, npm/@ampproject/remapping@2.3.0
, npm/data-view-buffer@1.0.1
, npm/data-view-byte-offset@1.0.0
, npm/data-view-byte-length@1.0.1
, npm/safe-array-concat@1.1.2
, npm/hasown@2.0.2
, npm/binary-extensions@2.3.0
, npm/es-object-atoms@1.0.0
, npm/string.prototype.trimend@1.0.8
, npm/string.prototype.trim@1.2.9
, npm/object.values@1.2.0
, npm/array-includes@3.1.8
, npm/string.prototype.trimstart@1.0.8
, npm/typed-array-length@1.0.6
, npm/@tsconfig/node10@1.0.11
, npm/encodeurl@2.0.0
, npm/es-abstract@1.23.3
, npm/agent-base@7.1.1
, npm/@humanwhocodes/object-schema@2.0.3
, npm/@npmcli/agent@2.2.2
, npm/@humanwhocodes/config-array@0.13.0
, npm/react-is@18.3.1
, npm/optionator@0.9.4
, npm/@npmcli/run-script@8.1.0
, npm/make-fetch-happen@13.0.1
, npm/globalthis@1.0.4
, npm/ssri@10.0.6
, npm/@npmcli/promise-spawn@7.0.2
, npm/cmd-shim@6.0.3
, npm/nopt@7.2.1
, npm/json-parse-even-better-errors@3.0.2
, npm/minipass-fetch@3.0.5
, npm/hosted-git-info@7.0.2
, npm/bin-links@4.0.4
, npm/validate-npm-package-name@5.0.1
, npm/@npmcli/fs@3.1.1
, npm/check-error@2.1.1
, npm/chai@5.1.1
, npm/path-scurry@1.11.1
, npm/@types/mdast@4.0.4
, npm/braces@3.0.3
, npm/fill-range@7.1.1
, npm/@types/babel__traverse@7.20.6
, npm/ini@4.1.3
, npm/minipass@7.1.2
, npm/mdast-util-from-markdown@2.0.1
, npm/recast@0.23.9
, npm/bundle-require@4.2.1
, npm/deep-eql@5.0.2
, npm/webpack-virtual-modules@0.6.2
, npm/@adobe/css-tools@4.4.0
, npm/lilconfig@3.1.2
, npm/@esbuild/aix-ppc64@0.21.5
, npm/@esbuild/android-arm64@0.21.5
, npm/@esbuild/android-x64@0.21.5
, npm/@esbuild/darwin-arm64@0.21.5
, npm/@esbuild/darwin-x64@0.21.5
, npm/@esbuild/freebsd-arm64@0.21.5
, npm/@esbuild/freebsd-x64@0.21.5
, npm/@esbuild/linux-arm@0.21.5
, npm/@esbuild/linux-arm64@0.21.5
, npm/@esbuild/linux-ia32@0.21.5
, npm/@esbuild/linux-mips64el@0.21.5
, npm/@esbuild/linux-ppc64@0.21.5
, npm/@esbuild/linux-riscv64@0.21.5
, npm/@esbuild/linux-s390x@0.21.5
, npm/@esbuild/linux-x64@0.21.5
, npm/@esbuild/netbsd-x64@0.21.5
, npm/@esbuild/openbsd-x64@0.21.5
, npm/@esbuild/sunos-x64@0.21.5
, npm/@esbuild/win32-arm64@0.21.5
, npm/@esbuild/win32-ia32@0.21.5
, npm/@esbuild/win32-x64@0.21.5
, npm/@esbuild/android-arm@0.21.5
, npm/@esbuild/linux-loong64@0.21.5
, npm/esbuild@0.21.5
, npm/unified@11.0.5
, npm/object-inspect@1.13.2
, npm/v8-to-istanbul@9.3.0
, npm/es-module-lexer@1.5.4
, npm/normalize-package-data@6.0.2
, npm/minimatch@9.0.5
, npm/https-proxy-agent@7.0.5
, npm/socks-proxy-agent@8.0.4
, npm/@storybook/csf@0.1.11
, npm/acorn@8.12.1
, npm/ws@8.18.0
, npm/micromark-extension-gfm-autolink-literal@2.1.0
, npm/micromark-extension-gfm-footnote@2.1.0
, npm/micromark-extension-gfm-strikethrough@2.1.0
, npm/micromark-extension-gfm-table@2.1.0
, npm/micromark-extension-gfm-task-list-item@2.1.0
, npm/esquery@1.6.0
, npm/glob@10.4.5
, npm/@npmcli/git@5.0.8
, npm/npm-pick-manifest@9.1.0
, npm/lru-cache@10.4.3
, npm/@jridgewell/sourcemap-codec@1.5.0
, npm/node-gyp@10.2.0
, npm/tinyrainbow@1.2.0
, npm/jackspeak@3.4.3
, npm/@lavamoat/aa@4.3.0
, npm/@lavamoat/preinstall-always-fail@2.1.0
, npm/cacache@18.0.4
, npm/node-addon-api@7.1.1
, npm/semver@7.6.3
, npm/eslint-plugin-promise@6.6.0
, npm/node-releases@2.0.18
, npm/import-local@3.2.0
, npm/immutable@4.3.7
, npm/@testing-library/dom@10.4.0
, npm/npm-package-arg@11.0.3
, npm/esbuild-register@3.6.0
, npm/magic-string@0.30.11
, npm/@vitest/expect@2.0.5
, npm/@vitest/pretty-format@2.0.5
, npm/@vitest/spy@2.0.5
, npm/@vitest/utils@2.0.5
, npm/qs@6.13.0
, npm/jsdoc-type-pratt-parser@4.1.0
, npm/@types/yargs@17.0.33
, npm/foreground-child@3.3.0
, npm/ignore@5.3.2
, npm/babel-preset-current-node-syntax@1.1.0
, npm/@types/unist@3.0.3
, npm/@esbuild/aix-ppc64@0.23.1
, npm/@esbuild/android-arm@0.23.1
, npm/@esbuild/android-arm64@0.23.1
, npm/@esbuild/android-x64@0.23.1
, npm/@esbuild/darwin-arm64@0.23.1
, npm/@esbuild/darwin-x64@0.23.1
, npm/@esbuild/freebsd-arm64@0.23.1
, npm/@esbuild/freebsd-x64@0.23.1
, npm/@esbuild/linux-arm@0.23.1
, npm/@esbuild/linux-arm64@0.23.1
, npm/@esbuild/linux-ia32@0.23.1
, npm/@esbuild/linux-loong64@0.23.1
, npm/@esbuild/linux-mips64el@0.23.1
, npm/@esbuild/linux-ppc64@0.23.1
, npm/@esbuild/linux-riscv64@0.23.1
, npm/@esbuild/linux-s390x@0.23.1
, npm/@esbuild/linux-x64@0.23.1
, npm/@esbuild/netbsd-x64@0.23.1
, npm/@esbuild/openbsd-arm64@0.23.1
, npm/@esbuild/openbsd-x64@0.23.1
, npm/@esbuild/sunos-x64@0.23.1
, npm/@esbuild/win32-arm64@0.23.1
, npm/@esbuild/win32-ia32@0.23.1
, npm/@esbuild/win32-x64@0.23.1
, npm/esbuild@0.23.1
, npm/markdown-to-jsx@7.5.0
, npm/mdast-util-gfm-autolink-literal@2.0.1
, npm/undici-types@6.19.8
, npm/spdx-license-ids@3.0.20
, npm/is-core-module@2.15.1
, npm/sort-package-json@2.10.1
, npm/micromatch@4.0.8
, npm/tslib@2.7.0
, npm/@testing-library/jest-dom@6.5.0
, npm/vfile@6.0.3
, npm/escalade@3.2.0
, npm/path-to-regexp@0.1.10
, npm/picocolors@1.1.0
, npm/yaml@2.5.1
, npm/@lavamoat/allow-scripts@3.2.1
, npm/filesize@10.1.6
, npm/debug@4.3.7
, npm/@chromatic-com/storybook@1.9.0
, npm/cjs-module-lexer@1.4.1
, npm/source-map-js@1.2.1
, npm/acorn-walk@8.3.4
, npm/tinyspy@3.0.2
, npm/ansi-regex@6.1.0
, npm/body-parser@1.20.3
, npm/send@0.19.0
, npm/unplugin@1.14.1
, npm/serve-static@1.16.2
, npm/finalhandler@1.3.1
, npm/@types/qs@6.9.16
, npm/postcss@8.4.47
, npm/@eslint-community/regexpp@4.11.1
, npm/@eslint/js@8.57.1
, npm/eslint@8.57.1
, npm/@types/prop-types@15.7.13
, npm/@npmcli/package-json@5.2.1
, npm/@types/estree@1.0.6
, npm/@storybook/icons@1.2.12
, npm/aria-query@5.3.2
, npm/rollup@3.29.5
, npm/chokidar@4.0.1
, npm/@rollup/pluginutils@5.1.2
, npm/browserslist@4.24.0
, npm/vite@5.4.8
, npm/@types/express-serve-static-core@4.19.6
, npm/package-json-from-dist@1.0.1
, npm/eslint-module-utils@2.12.0
, npm/update-browserslist-db@1.1.1
, npm/hast-util-to-string@3.0.1
, npm/@vitejs/plugin-react@4.3.2
, npm/@rollup/rollup-darwin-arm64@4.24.0
, npm/@rollup/rollup-android-arm64@4.24.0
, npm/@rollup/rollup-win32-arm64-msvc@4.24.0
, npm/@rollup/rollup-linux-arm64-gnu@4.24.0
, npm/@rollup/rollup-linux-arm64-musl@4.24.0
, npm/@rollup/rollup-android-arm-eabi@4.24.0
, npm/@rollup/rollup-linux-arm-gnueabihf@4.24.0
, npm/@rollup/rollup-linux-arm-musleabihf@4.24.0
, npm/@rollup/rollup-win32-ia32-msvc@4.24.0
, npm/@rollup/rollup-linux-riscv64-gnu@4.24.0
, npm/@rollup/rollup-linux-powerpc64le-gnu@4.24.0
, npm/@rollup/rollup-linux-s390x-gnu@4.24.0
, npm/@rollup/rollup-darwin-x64@4.24.0
, npm/@rollup/rollup-win32-x64-msvc@4.24.0
, npm/@rollup/rollup-linux-x64-gnu@4.24.0
, npm/@rollup/rollup-linux-x64-musl@4.24.0
, npm/rollup@4.24.0
, npm/@babel/code-frame@7.25.7
, npm/@babel/highlight@7.25.7
, npm/@babel/helper-validator-identifier@7.25.7
, npm/@babel/helper-plugin-utils@7.25.7
, npm/@babel/runtime@7.25.7
, npm/@babel/helper-compilation-targets@7.25.7
, npm/@babel/helper-string-parser@7.25.7
, npm/@babel/helper-validator-option@7.25.7
, npm/@babel/plugin-transform-react-display-name@7.25.7
, npm/@babel/plugin-syntax-import-attributes@7.25.7
, npm/@babel/plugin-syntax-typescript@7.25.7
, npm/@babel/generator@7.25.7
, npm/@babel/helper-module-imports@7.25.7
, npm/@babel/helper-module-transforms@7.25.7
, npm/@babel/helper-simple-access@7.25.7
, npm/@babel/helpers@7.25.7
, npm/@babel/plugin-syntax-jsx@7.25.7
, npm/@babel/template@7.25.7
, npm/@babel/traverse@7.25.7
, npm/@babel/plugin-transform-react-jsx@7.25.7
, npm/@babel/helper-annotate-as-pure@7.25.7
, npm/@babel/plugin-transform-react-jsx-development@7.25.7
, npm/@babel/plugin-transform-react-pure-annotations@7.25.7
, npm/@babel/plugin-transform-react-jsx-self@7.25.7
, npm/@babel/plugin-transform-react-jsx-source@7.25.7
, npm/@babel/preset-react@7.25.7
, npm/@types/react@18.3.11
, npm/@vitest/utils@2.1.2
, npm/@vitest/pretty-format@2.1.2
, npm/regexp.prototype.flags@1.5.3
, npm/@types/lodash@4.17.10
, npm/readdirp@4.0.2
, npm/@vue/compiler-core@3.5.11
, npm/@vue/shared@3.5.11
, npm/@vue/compiler-dom@3.5.11
, npm/@vue/compiler-sfc@3.5.11
, npm/@vue/compiler-ssr@3.5.11
, npm/cookie@0.7.1
, npm/caniuse-lite@1.0.30001667
, npm/@storybook/addon-actions@8.3.5
, npm/@storybook/addon-backgrounds@8.3.5
, npm/@storybook/addon-controls@8.3.5
, npm/@storybook/addon-docs@8.3.5
, npm/@storybook/addon-essentials@8.3.5
, npm/@storybook/addon-highlight@8.3.5
, npm/@storybook/addon-interactions@8.3.5
, npm/@storybook/addon-links@8.3.5
, npm/@storybook/addon-measure@8.3.5
, npm/@storybook/addon-outline@8.3.5
, npm/@storybook/addon-toolbars@8.3.5
, npm/@storybook/addon-viewport@8.3.5
, npm/@storybook/blocks@8.3.5
, npm/@storybook/components@8.3.5
, npm/@storybook/core@8.3.5
, npm/@storybook/csf-plugin@8.3.5
, npm/@storybook/instrumenter@8.3.5
, npm/@storybook/react-dom-shim@8.3.5
, npm/@storybook/test@8.3.5
, npm/@storybook/theming@8.3.5
, npm/storybook@8.3.5
, npm/@storybook/preview-api@8.3.5
, npm/@storybook/react@8.3.5
, npm/@storybook/manager-api@8.3.5
, npm/@storybook/builder-vite@8.3.5
, npm/@storybook/react-vite@8.3.5
, npm/synckit@0.9.2
, npm/loupe@3.1.2
, npm/@types/node@22.7.5
, npm/prettier-plugin-packagejson@2.5.3
, npm/express@4.21.1
, npm/chromatic@11.12.5
, npm/@babel/compat-data@7.25.8
, npm/@babel/core@7.25.8
, npm/@babel/parser@7.25.8
, npm/@babel/types@7.25.8
, npm/electron-to-chromium@1.5.36
, npm/sass@1.79.5
Next steps
Take a deeper look at the dependency
Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support [AT] socket [DOT] dev.
Remove the package
If you happen to install a dependency that Socket reports as Known Malware you should immediately remove it and select a different dependency. For other alert types, you may may wish to investigate alternative packages or consider if there are other ways to mitigate the specific risk posed by the dependency.
Mark a package as acceptable risk
To ignore an alert, reply with a comment starting with @SocketSecurity ignore
followed by a space separated list of ecosystem/package-name@version
specifiers. e.g. @SocketSecurity ignore npm/foo@1.0.0
or ignore all packages with @SocketSecurity ignore-all