Version Packages

[github-actions]

This PR was opened by the Changesets release GitHub action. When you're ready to do a release, you can merge this and the packages will be published to npm automatically. If you're not ready to do a release yet, that's fine, whenever you add more changesets to main, this PR will be updated.

Releases

@audius/sdk@15.1.0

Minor Changes

• 500dccb: Add artist coin solana connection flow

Patch Changes

• d0f653d: Fix duplicate Bearer header prefix

@audius/sdk-legacy@6.0.26

Patch Changes

• Updated dependencies [500dccb]
• Updated dependencies [d0f653d]
  • @audius/sdk@15.1.0

@audius/sp-actions@1.0.30

Patch Changes

• @audius/sdk-legacy@6.0.26

@audius/protocol-dashboard@0.1.16

Patch Changes

• Updated dependencies [500dccb]
• Updated dependencies [d0f653d]
  • @audius/sdk@15.1.0
  • @audius/sdk-legacy@6.0.26

[socket-security]

Caution

Review the following alerts detected in dependencies.

According to your organization's Security Policy, you must resolve all "Block" alerts before proceeding. Learn more about Socket for GitHub.

Action	Severity	Alert  (click "▶" to expand/collapse)
Block		Potential code anomaly (AI signal): npm ws is 100.0% likely to have a medium risk anomaly Notes: The code implements a standard EventTarget-like mixin for wrapping event listeners and dispatching events to user callbacks. There are no suspicious patterns such as dynamic code execution, hardcoded secrets, or network activity. The risk is contingent on what the consumer does inside their handlers; the snippet itself does not introduce malware or data leakage mechanisms beyond normal event dispatch. Overall security risk is low in isolation. Confidence: 1.00 Severity: 0.60 From: package-lock.json → npm/ws@8.19.0 ℹ Read more on: This package | This alert | What is an AI-detected potential code anomaly? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: An AI system found a low-risk anomaly in this package. It may still be fine to use, but you should check that it is safe before proceeding. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/ws@8.19.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Block		Potential code anomaly (AI signal): npm xmlbuilder is 100.0% likely to have a medium risk anomaly Notes: The analyzed code is a standard XML writer base (XMLWriterBase) used to serialize XML node trees into strings. There is no concrete evidence of malicious behavior such as data exfiltration, reverse shells, or covert network activity within this fragment. The primary caveat is ensuring proper escaping of node values to prevent XML Injection in downstream consumers; otherwise, the module appears safe as a library component for XML generation. Confidence: 1.00 Severity: 0.60 From: package-lock.json → npm/xmlbuilder@11.0.1 ℹ Read more on: This package | This alert | What is an AI-detected potential code anomaly? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: An AI system found a low-risk anomaly in this package. It may still be fine to use, but you should check that it is safe before proceeding. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/xmlbuilder@11.0.1. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report