Skip to content

chore(deps): update all non-major dependencies#1903

Open
renovate[bot] wants to merge 1 commit into
mainfrom
renovate/all-minor-patch
Open

chore(deps): update all non-major dependencies#1903
renovate[bot] wants to merge 1 commit into
mainfrom
renovate/all-minor-patch

Conversation

@renovate
Copy link
Copy Markdown
Contributor

@renovate renovate Bot commented Oct 27, 2021
edited
Loading

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package Change Age Confidence Type Update
@docus/app ^1.1.3^1.3.5 age confidence dependencies minor
@​docus/github ^1.0.4^1.2.6 age confidence dependencies minor
@docus/theme ^1.1.5^1.2.2 age confidence dependencies minor
@nuxt/types (source) ^2.15.8^2.18.1 age confidence devDependencies minor
@nuxtjs/recaptcha ^1.0.4^1.1.2 age confidence dependencies minor
@popperjs/core ^2.10.2^2.11.8 age confidence dependencies minor
@types/crawler (source) ^1.2.2^1.2.7 age confidence devDependencies patch
crawler ^1.3.0^1.5.0 age confidence devDependencies minor
date-fns ^2.28.0^2.30.0 age confidence dependencies minor
eslint (source) ^8.29.0^8.57.1 age confidence devDependencies minor
eslint-config-prettier ^9.1.0^9.1.2 age confidence devDependencies patch
eslint-plugin-prettier ^5.1.3^5.5.5 age confidence devDependencies minor
fuse.js (source) ^6.4.6^6.6.2 age confidence devDependencies minor
husky ^8.0.2^8.0.3 age confidence devDependencies patch
lint-staged ^13.1.0^13.3.0 age confidence devDependencies minor
millify ^4.0.0^4.0.1 age confidence devDependencies patch
node (source) v16.13.016.20.2 age confidence minor
ohmyfetch ^0.4.15^0.4.21 age confidence devDependencies patch
prettier (source) ^3.2.5^3.8.3 age confidence devDependencies minor
ts-loader 8.3.08.4.0 age confidence devDependencies minor
ufo ^1.0.1^1.6.4 age confidence devDependencies minor
uuid ^9.0.0^9.0.1 age confidence devDependencies patch
vue-plausible ^1.3.1^1.3.2 age confidence devDependencies patch
vue-plausible ^1.3.1^1.3.2 age confidence dependencies patch
vue-router (source) ^3.5.3^3.6.5 age confidence resolutions minor

Release Notes

docusgen/docus (@​docus/app)

v1.3.5

Compare Source

v1.3.4

Compare Source

v1.3.3

Compare Source

v1.3.2

Compare Source

v1.3.1

Compare Source

v1.3.0

Compare Source

v1.2.8

Compare Source

v1.2.7

Compare Source

v1.2.6

Compare Source

v1.2.5

Compare Source

v1.2.4

Compare Source

v1.2.3

Compare Source

v1.2.2

Compare Source

v1.2.1

Compare Source

docusgen/theme (@​docus/theme)

v1.2.2

Compare Source

v1.2.1

Compare Source

v1.2.0

Compare Source

v1.1.9

Compare Source

v1.1.8

Compare Source

v1.1.7

Compare Source

nuxt/nuxt (@​nuxt/types)

v2.18.1

Compare Source

👉 Changelog

compare changes

🩹 Fixes
  • webpack: Depend on earlier version of mkdirp (f67056b9e)
❤️ Contributors

v2.18.0

Compare Source

👉 Changelog

compare changes

🚀 Enhancements
🩹 Fixes
  • vue-app: Don't throw if we can't read sessionStorage (#​27662)
  • config: Add back md4 monkey-patch for wider ecosystem (#​27865)
🏡 Chore
❤️ Contributors

v2.17.4

Compare Source

👉 Changelog

compare changes

🩹 Fixes
  • types: Bump serve-static types to v1.15.7 (1c44c376d)
  • generator: Use maintained html-minifier-terser (#​26914)
  • vue-app: Prevent double page mount (#​10874)
  • core: Don't skip loading runtime modules if one is improperly resolved (#​10193)
  • vue-app: Prevent error page mounting twice (#​27484)
🏡 Chore
✅ Tests
  • Properly close page in e2e tests (1700aa131)
  • Wait for navigation in redirect test (e74715606)
  • Don't register promise in external nav (#​27468)
🤖 CI
❤️ Contributors

v2.17.3

Compare Source

2.17.3 is the next patch release for the 2.x branch.

👉 Changelog

compare changes

💅 Refactors
🏡 Chore
  • Fix invalid package files with npm pkg fix (4d0474c4b)
✅ Tests
  • Skip lib check with vue-tsc test (90ffd8170)
🤖 CI
  • Split type check into separate test (40f1f301e)
❤️ Contributors

v2.17.2

Compare Source

👉 Changelog

compare changes

🩹 Fixes
  • types: Prevent overwriting vue types in template (#​22802)
  • types: Don't pin webpack types to exact version (#​23531)
  • Remove md4 patch now that webpack has it in core (#​23703)
🤖 CI
  • Add script to update changelog for 2.x releases (#​23031)
  • Revert to codecov-action v3 (e66e44803)
  • Remove node version from matrix (#​23706)
  • Use node 18 for ci jobs (#​23701)
❤️ Contributors

v2.17.1

Compare Source

2.17.1 is the next patch release for Nuxt 2.

👉 Changelog

compare changes

🩹 Fixes
  • webpack: Downgrade dev-middleware to fix peer dep issue (#​21626)
  • webpack: Pin webpack-dev-middleware to 5.0.0 (#​21804)
❤️ Contributors

v2.17.0

Compare Source

2.17.0 is the next minor release for Nuxt 2.

✨ Highlights

Nuxt 2.17 comes with a few new features, including better support for new Vue 2.7 types, and supporting passing postcss config as a function.

It also includes support for Node 20+ and a fix for a dependency issue with the Babel preset that affected new installs.

👉 Changelog

compare changes

🚀 Enhancements
  • types: Support nuxt types for defineComponent (#​19789)
  • csp: Support generating nonce for scripts and links in ssr (#​9621)
  • webpack: Support passing function as postcssOptions (#​19495)
🔥 Performance
  • config: Avoid recursive md4 patching (7fab95252)
🩹 Fixes
  • Relax node engines upper constraint (010b539ed)
  • utils: Respect patterns within paths when sorting routes (#​20669)
  • vue-app: Skip page render early on error or navigation (#​20719)
  • babel-preset-app: Add explicit dep on used babel plugin (#​21488)
🏡 Chore
  • Reenable publishing 🙈 (4ce8b118e)
  • Exclude yaml exception vulnerability (build-time dep) (c8ed87a26)
  • Bump jest dependencies (#​20506)
  • Remove resolved advisories (98cd35665)
  • Skip publishing node_modules folder (8799cfacc)
  • Remove obsolete useWorkspaces option (27e450119)
✅ Tests
  • Add catchall path to route generation test (71c359516)
  • Update windows snapshot (4ec274ae2)
  • Update jest snapshots to remove escaped quotes (f93411c7c)
🤖 CI
❤️ Contributors

v2.16.3

Compare Source

2.16.3 is a patch release with bug fixes.

👉 Changelog

compare changes

🩹 Fixes
  • types: Add return type for error() (#​19044)
  • types: Bring types from less into namespace (#​19738)
  • types: Sync vue type augmentations with Vue 2.7 (#​19526)
  • config: Move preset to inner postcssOptions (#​19518)
  • webpack: Add node-fetch-native to externals list (#​19755)
🏡 Chore
  • Release all packages with latest tag except nuxt (4e9dcddcb)
  • examples: Use 2.x version of nuxt instead of latest (#​19737)
  • Lint package files (6ca842e36)
❤️ Contributors

v2.16.2

Compare Source

2.16.2 is a patch release with bug fixes.

✨ Highlights

The main change in this patch release is that we now patch the crypto node built-in during build to allow Nuxt 2 to be used on Node versions greater than Node 16, which should ease the pressure users feel after Node 16 reaches its own EOL this year.

Warning
This should not be taken for an endorsement of continuing to run with Webpack 4, which is out of date and has a number of dependencies with issues. I expect that number to continue to grow, and we will not be able to resolve all of them. I would strongly urge migrating to Nuxt 3 if possible and the team will do our best to make this possible over the course of the year ❤️

👉 Changelog

compare changes

🚀 Enhancements
  • types: Add basic types for Nuxt interface (#​9772)
🩹 Fixes
  • vue-renderer: Insert charset before title (#​18998)
  • types: Remove non-existent properties from context (#​19021)
  • Add minimum node 14.18 version constraint (#​19112)
  • config: Upgrade md4 -> md5 on node > 16 (#​19108)
  • vue-app: Handle promise rejection from asyncData (#​18585)
🏡 Chore
❤️ Contributors

v2.16.1

Compare Source

Nuxt 2.16.1 is a patch release with a couple of small bugfixes to last week's 2.16.0 release.

v2.16.0...v2.16.1

🩹 Fixes
  • deps: Downgrade @types packages depending on webpack 5 (#​18827)
  • config: Let webpack merge postcss plugins (#​18839)
  • types: Import Location from vue-router (#​18908)
🏡 Chore
  • Tag 2.x releases appropriately (aba93e9)
  • Revert node types to v16 (3d034a3)
  • Remove stub type definitions (daed62a)
❤️ Contributors

v2.16.0

Compare Source

Nuxt 2.16.0 is the first minor release since Feb 15, 2021. The focus is mostly on releasing the latest fixes and enhancements that have been present in nuxt-edge for some time.

✨ Highlights

⚠️ Breaking changes

  • In this PR we only support Node 14+. This is mostly an issue for dependencies, which we need to keep updated for security reasons. Going forward until its own EOL, Nuxt 2 will only officially support Node versions that have not reached their EOL.

  • New postcss options format. See #​9671 for full details.

  • Dependency upgrades. A number of dependencies have dropped support for earlier node versions. dotenv has changed how it parses .env files in a number of edge cases. glob now requires / instead of \ on windows machines. There may also be other changes that affect your usage, so please do upgrade with care.

  • Vue 2.7 upgrade. Although you can use Vue 2.7 with any release of Nuxt 2, 2.16.0 for the first time includes it as a dependency, which means that you may well encounter some issues associated with upgrading Vue 2.6 -> Vue 2.7.

    This may be a good time to consider using the composition API utilities provided by https://github.com/nuxt/bridge instead, which mirror Nuxt 3's more precisely than @nuxtjs/composition-api. (You can opt-in to just these utilities by disabling the other bridge modules individually.)

Changelog

compare changes

🚀 Enhancements
  • config: Support nuxtrc in dist directory (#​9280)
  • generator: Add ignoreEnv generate option during ensureBuild(cmd) (#​8955)
  • server: Allow disabling serve-static middleware (#​9365)
  • types: Add asyncData return types to component instance type (#​9239)
  • vue-app: context.beforeSerialize method (#​9332)
  • vue-app: Pass store to createRouter (#​9629)
  • Default to core-js version 3 (#​9987)
  • webpack: ⚠️ Update postcss to v8 (#​9671)
🩹 Fixes
  • vue-app: Respect scroll-margin-top when navigating with hash (#​9187)
  • webpack: Use javascript/auto for js rule (#​9180)
  • server: Unregister error event listener (#​9245)
  • babel-preset-app: Respect explicit options.targets for modern preset (#​9337)
  • types: Add nuxt.config alias type (#​9424)
  • vue-app: Check whether route exists within nuxt app before replacing (#​9431)
  • vue-renderer: Decode route path for payload.js (#​9494)
  • vue-app: Don't normalise route path if it's valid (#​9460)
  • vue-app: Redirect to external url replaces current history entry (#​9500)
  • utils: trailingSlash causes error with dynamic nuxt-child routes (#​9505)
  • types: Add onNuxtLoaded and onNuxtReady types (#​9510)
  • vue-app: Re-register components construtor in HMR (#​9539)
  • types: Add typing for build.stats options (#​9555)
  • babel: Loose option for babel private-property-in-object (#​9631)
  • vue-app: Serialize route meta to allow functions (#​9634)
  • vue-app: null check for $root access (#​9150)
  • generator: Allow passing builder to getGenerator (#​9574)
  • generator: Throw an error when Builder is missing (#​9663)
  • vue-app: Use correct $config for finding basePath (#​9706)
  • vue-renderer: Ensure custom build indicator preserves some whitespace (#​9705)
  • 'npm run test' fails because the last command lacks 'yarn' (#​9761)
  • generator: Decode path with ufo (#​9739)
  • cli: Ensure nuxt instance is closed when skipping build (3e9d7e3)
  • Nuxt-child-key in web-types.json (#​9792)
  • types: Return type of $fetch (#​9854)
  • deps: Update ua-parser-js to 1.x (#​9979)
  • deps: Update ya-parser-js to latest 0.7.x (#​9979)
  • vue-app: Call ssrContext.unsetMutationObserver only if it exists (#​10132)
  • webpack: Allow files with .cjs extension to be transpiled (#​10340)
  • vue-app: Preview mode fetch (#​10489)
  • webpack: Resolve .wasm extension with lower priority (#​10676)
  • vue-app: Clear hide timeout when calling clear() (#​10086)
📦 Build
🌊 Types
  • Add prefetchPayloads to router options (#​9715)
🏡 Chore
  • release: V2.15.6 (a53fd32)
  • pkg: Build for es2019 target (#​9328)
  • types: Add types for new false option for render.static (#​9372)
  • Update error tests (d4e5998)
  • test: Revert jest and babel-jest to 26 (#​9377)
  • Ignore audit 1754,1755 (39f7859)
  • Fix vetur extension syntax for GitPod (#​9572)
  • Ignore globby > 12 upgrade as needs native esm (e0968a3)
  • Update rollup plugins (5614399)
  • Fix code formatting (17bbb21)
  • utils: Improve stripWhitespace utility (#​9668)
  • Update license year to present (#​9682)
  • Add separate file with security disclosure info (#​9738)
  • Update logo (#​9796)
  • doc: Fix link to contribution guide (#​9815)
  • test: Fix external redirect link (#​9816)
  • Update funding.yml (1f85137)
  • Update lockfile (7614360)
  • Update audit list (6f73c36)
  • Update lockfile and audit (1878b26)
  • Update issue template with nuxt 3 (#​9948)
  • Enable blank issues (54542c1)
  • radme: Fix browserstack and saucelabs icons (#​10068)
  • Update dependencies (#​10510)
  • Update repo (773d292)
  • Ignore vue and vuex major updates (bafc814)
  • Update README.md (#​10831)
  • Update pull request template (0db7e7b)
  • Update issue templates (f36fb9c)
  • Rename 2.x bug template (ba966cf)
  • Move nuxt 2 report to bottom (ce7b1a9)
  • Bump ua-parser-js version (1cedad5)
  • Bump test/dev dependencies (#​18672)
  • Upgrade unjs dependencies (#​18670)
  • Use named export from defu (#​18679)
✅ Tests
🤖 CI
⚠️ Breaking Changes
  • webpack: ⚠️ Update postcss to v8 (#​9671)
❤️ Contributors
nuxt-community/recaptcha-module (@​nuxtjs/recaptcha)

v1.1.2

Compare Source

Bug Fixes
  • types: add missing optional properties to ReCaptchaOptions interface (#​121) (9370bd2)

v1.1.1

Compare Source

Bug Fixes
  • check enterprise mode instead of version (4a8bc52)

v1.1.0

Compare Source

Features

1.0.4 (2021-03-21)

Bug Fixes

1.0.3 (2021-03-16)

Bug Fixes

1.0.2 (2021-03-11)

Bug Fixes

1.0.1 (2021-02-17)

Bug Fixes
popperjs/popper-core (@​popperjs/core)

v2.11.8: @​popperjs/core v2.11.8

Compare Source

v2.11.7: @​popperjs/core@2.11.7

Compare Source

Bug Fixes

  • fix: Use correct window to get the devicePixelRatio #​2229

v2.11.6

Compare Source

Bug Fixes

v2.11.5

Compare Source

Bug Fixes

  • fix(types): Constrain Modifier Options to same type as Options in ModifierArguments #​1598

v2.11.4

Compare Source

Fixes

  • Fixed an issue with the postinstall script

v2.11.3

Compare Source

Bug Fixes

  • Fixes a placement issue that is caused when the starting offset parent element is inside shadow DOM. (#​1535)

  • Positioning using strategy fixed when inside a containing block (#​1579)

v2.11.2: @​popperjs/core@v2.11.2

Compare Source

v2.11.1: @​popperjs/core@v2.11.2

Compare Source

Note: 2.11.1 has a wrong dependency in its package.json, 2.11.2 was released to fix it

Bug Fixes

  • Round computed offsets after all the modifiers math is executed (#​1418)

  • Fix regression with detection of clipping boundaries (#​1478)

v2.11.0

Compare Source

New Features

  • Allow SVG elements as boundary (#​1405)

Bug Fixes

  • fix(computeStyles): adaptive option with fixed strategy on mobile (#​1398)

  • fix(getClippingRect): check position of clipping parent (#​1399)

  • fix(computeStyles): subpixel misalignment with round function (#​1400)

  • fix(preventOverflow): altAxis + tether (#​1401)

  • fix: handle scaled parent elements (#​1402)

  • Exposes OffsetsFunction type (#​1411)

bda-research/node-crawler (crawler)

v1.5.0

Compare Source

v1.4.0

Compare Source

date-fns/date-fns (date-fns)

v2.30.0

Compare Source

Kudos to @​kossnocorp and @​Andarist for working on the release.

Changes
  • Fixed increased build size after enabling compatibility with older browsers in the previous release. This was done by adding @​babel/runtime as a dependency. See more details.

v2.29.3

Compare Source

This release is prepared by our own @​leshakoss.

Fixed

v2.29.2

Compare Source

This release is brought to you by @​nopears, @​vadimpopa and @​leshakoss.

Fixed

v2.29.1

Compare Source

Thanks to @​fturmel for working on the release.

Fixed

v2.29.0

Compare Source

On this release worked @​tan75, @​kossnocorp, @​nopears, @​Balastrong, @​cpapazoglou, @​dovca, @​aliasgar55, @​tomchentw, @​JuanM04, @​alexandresaura, @​fturmel, @​aezell, @​andersravn, @​TiagoPortfolio, @​SukkaW, @​Zebreus, @​aviskarkc10, @​maic66, @​a-korzun, @​Mejans, @​davidspiess, @​alexgul1, @​matroskin062, @​undecaf, @​mprovenc, @​jooola and @​leshakoss.

Added
Fixed

Note

PR body was truncated to here.

Configuration

📅 Schedule: (UTC)

  • Branch creation
    • At any time (no schedule defined)
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate Bot added the dependencies Pull requests that update a dependency file label Oct 27, 2021
@netlify
Copy link
Copy Markdown

netlify Bot commented Oct 27, 2021
edited
Loading

Deploy Preview for nuxt failed. Why did it fail? →

Name Link
🔨 Latest commit f4320b6
🔍 Latest deploy log https://app.netlify.com/projects/nuxt/deploys/6a033295d8089e0008a58e7d

@renovate renovate Bot force-pushed the renovate/all-minor-patch branch 5 times, most recently from af7aa1c to 4f73a33 Compare November 10, 2021 13:26
@renovate renovate Bot force-pushed the renovate/all-minor-patch branch 4 times, most recently from 0c0f86b to 0628dd7 Compare November 23, 2021 00:04
@renovate renovate Bot force-pushed the renovate/all-minor-patch branch 4 times, most recently from 85168db to 83135e0 Compare December 1, 2021 16:32
@renovate renovate Bot force-pushed the renovate/all-minor-patch branch from 83135e0 to f56e8fa Compare December 4, 2021 15:18
@renovate renovate Bot force-pushed the renovate/all-minor-patch branch 3 times, most recently from 0013d4b to 50b6b7f Compare December 17, 2021 10:25
@renovate renovate Bot force-pushed the renovate/all-minor-patch branch 7 times, most recently from 3c78cd8 to 24e21e2 Compare December 28, 2021 15:29
@renovate renovate Bot force-pushed the renovate/all-minor-patch branch 3 times, most recently from 3a53035 to 8da4c87 Compare January 10, 2022 23:50
@renovate renovate Bot force-pushed the renovate/all-minor-patch branch from 8da4c87 to e1e3e5c Compare January 18, 2022 17:22
@renovate renovate Bot force-pushed the renovate/all-minor-patch branch 3 times, most recently from 84dc8e3 to 85fc41c Compare March 18, 2022 14:57
@renovate renovate Bot force-pushed the renovate/all-minor-patch branch 2 times, most recently from 1808a12 to f0a1031 Compare March 31, 2022 20:00
@renovate renovate Bot force-pushed the renovate/all-minor-patch branch 2 times, most recently from 1b3571e to 2965c97 Compare April 5, 2022 13:21
@renovate renovate Bot force-pushed the renovate/all-minor-patch branch 2 times, most recently from 854e5cf to b58edf6 Compare April 20, 2022 20:09
@renovate renovate Bot force-pushed the renovate/all-minor-patch branch 5 times, most recently from 853834f to fa710eb Compare May 3, 2022 02:34
@renovate renovate Bot force-pushed the renovate/all-minor-patch branch 7 times, most recently from e2bbd42 to ab17d3c Compare May 11, 2022 22:56
@renovate renovate Bot force-pushed the renovate/all-minor-patch branch 3 times, most recently from 90c0f57 to 0d68fa3 Compare May 21, 2022 11:39
@renovate renovate Bot force-pushed the renovate/all-minor-patch branch 3 times, most recently from 8fd5fa4 to 250a4ff Compare May 30, 2022 12:14
@socket-security
Copy link
Copy Markdown

socket-security Bot commented Apr 29, 2026
edited
Loading

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security		 Vulnerability Quality Maintenance License
Updatedohmyfetch@​0.4.15 ⏵ 0.4.2186 +3100100 +150100
Updatedeslint@​8.29.0 ⏵ 8.57.189100100 +150100
Updateduuid@​9.0.0 ⏵ 9.0.110010010050100
Updated@​docus/​theme@​1.1.6 ⏵ 1.2.273 -110067 -283 -2100
Updated@​types/​crawler@​1.2.2 ⏵ 1.2.776 +310070 +280 +4100
Updated@​docus/​app@​1.1.3 ⏵ 1.3.5721007084100
Updated@​docus/​github@​1.0.4 ⏵ 1.2.672 +310094 +1885 +3100
Updatedeslint-config-prettier@​9.1.0 ⏵ 9.1.21001007287100
Updated@​nuxt/​types@​2.15.8 ⏵ 2.18.199 +110074 +285100
Updatedvue-plausible@​1.3.1 ⏵ 1.3.279 +5100100 +180 +4100
Updatedhusky@​8.0.2 ⏵ 8.0.3100 +110079 +180100
Updateddate-fns@​2.28.0 ⏵ 2.30.098 +1010094 +180100
Updatedmillify@​4.0.0 ⏵ 4.0.11001009180100
Updated@​popperjs/​core@​2.10.2 ⏵ 2.11.899 +210010082100
Updatedcrawler@​1.3.0 ⏵ 1.5.08310010086100
Updated@​nuxtjs/​recaptcha@​1.0.4 ⏵ 1.1.293100100 +185 +2100
Updatedufo@​1.0.1 ⏵ 1.6.499100100 +186100
Updatedeslint-plugin-prettier@​5.1.3 ⏵ 5.5.599 +110010090100
Updatedfuse.js@​6.4.6 ⏵ 6.6.299 +1210090 +593 +3100
Updatedprettier@​2.3.2 ⏵ 3.8.390 +71009795100
Updatedlint-staged@​13.1.0 ⏵ 13.3.099 +1100100 +197 +1100

View full report

@socket-security
Copy link
Copy Markdown

socket-security Bot commented Apr 29, 2026
edited
Loading

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action Severity Alert  (click "▶" to expand/collapse)
Warn Critical
Critical CVE: Prototype Pollution in npm minimist

CVE: GHSA-xvch-5gv4-984h Prototype Pollution in minimist (CRITICAL)

Affected versions: >= 1.0.0 < 1.2.6; < 0.2.4

Patched version: 1.2.6

From: ?npm/@docus/app@1.3.5npm/@docus/social-image@1.0.3npm/@docus/twitter@1.0.4npm/minimist@1.2.5

ℹ Read more on: This package | This alert | What is a critical CVE?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Remove or replace dependencies that include known critical CVEs. Consumers can use dependency overrides or npm audit fix --force to remove vulnerable dependencies.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/minimist@1.2.5. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
Obfuscated code: npm clipboardy is 90.0% likely obfuscated

Confidence: 0.90

Location: Package overview

From: ?npm/@docus/app@1.3.5npm/@docus/twitter@1.0.4npm/clipboardy@2.3.0

ℹ Read more on: This package | This alert | What is obfuscated code?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/clipboardy@2.3.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
Obfuscated code: npm node-forge is 90.0% likely obfuscated

Confidence: 0.90

Location: Package overview

From: ?npm/@docus/app@1.3.5npm/node-forge@1.4.0

ℹ Read more on: This package | This alert | What is obfuscated code?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/node-forge@1.4.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants