chore(deps): update dependency prettier to v3.5.3

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
prettier (source)	3.0.3 -> 3.5.3

---

Release Notes

prettier/prettier (prettier)

v3.5.3

Compare Source

v3.5.2

Compare Source

diff

Remove module-sync condition (#​17156 by @​fisker)

In Prettier 3.5.0, we added module-sync condition to package.json, so that require("prettier") can use ESM version, but turns out it doesn't work if CommonJS and ESM plugins both imports builtin plugins. To solve this problem, we decide simply remove the module-sync condition, so require("prettier") will still use the CommonJS version, we'll revisit until require(ESM) feature is more stable.

v3.5.1

Compare Source

diff

Fix CLI crash when cache for old version exists (#​17100 by @​sosukesuzuki)

Prettier 3.5 uses a different cache format than previous versions, Prettier 3.5.0 crashes when reading existing cache file, Prettier 3.5.1 fixed the problem.

Support dockercompose and github-actions-workflow in VSCode (#​17101 by @​remcohaszing)

Prettier now supports the dockercompose and github-actions-workflow languages in Visual Studio Code.

v3.5.0

Compare Source

diff

🔗 Release Notes

v3.4.2

Compare Source

diff

Treat U+30A0 & U+30FB in Katakana Block as CJK (#​16796 by @​tats-u)

Prettier doesn't treat U+30A0 & U+30FB as Japanese. U+30FB is commonly used in Japanese to represent the delimitation of first and last names of non-Japanese people or “and”. The following “C言語・C++・Go・Rust” means “C language & C++ & Go & Rust” in Japanese.

<!-- Input (--prose-wrap=never) -->

C言
語
・
C++
・
Go
・
Rust

<!-- Prettier 3.4.1 -->
C言語・ C++ ・ Go ・ Rust

<!-- Prettier 3.4.2 -->
C言語・C++・Go・Rust

U+30A0 can be used as the replacement of the - in non-Japanese names (e.g. “Saint-Saëns” (Charles Camille Saint-Saëns) can be represented as “サン゠サーンス” in Japanese), but substituted by ASCII hyphen (U+002D) or U+FF1D (full width hyphen) in many cases (e.g. “サン=サーンス” or “サン＝サーンス”).

Fix comments print on class methods with decorators (#​16891 by @​fisker)

// Input
class A {
  @​decorator
  /** 
   * The method description
   *
  */
  async method(foo: Foo, bar: Bar) {
    console.log(foo);
  }
}

// Prettier 3.4.1
class A {
  @​decorator
  async /**
   * The method description
   *
   */
  method(foo: Foo, bar: Bar) {
    console.log(foo);
  }
}

// Prettier 3.4.2
class A {
  @​decorator
  /**
   * The method description
   *
   */
  async method(foo: Foo, bar: Bar) {
    console.log(foo);
  }
}

Fix non-idempotent formatting (#​16899 by @​seiyab)

This bug fix is not language-specific. You may see similar change in any languages. This fixes regression in 3.4.0 so change caused by it should yield same formatting as 3.3.3.

// Input
<div>
  foo
  <span>longlonglonglonglonglonglonglonglonglonglonglonglonglonglongl foo</span>
  , abc
</div>;

// Prettier 3.4.1 (first)
<div>
  foo
  <span>
    longlonglonglonglonglonglonglonglonglonglonglonglonglonglongl foo
  </span>, abc
</div>;

// Prettier 3.4.1 (second)
<div>
  foo
  <span>longlonglonglonglonglonglonglonglonglonglonglonglonglonglongl foo</span>
  , abc
</div>;

// Prettier 3.4.2
<div>
  foo
  <span>longlonglonglonglonglonglonglonglonglonglonglonglonglonglongl foo</span>
  , abc
</div>;

v3.4.1

Compare Source

diff

Remove unnecessary parentheses around assignment in v-on (#​16887 by @​fisker)

<!-- Input -->
<template>
  <button @&#8203;click="foo += 2">Click</button>
</template>

<!-- Prettier 3.4.0 -->
<template>
  <button @&#8203;click="(foo += 2)">Click</button>
</template>

<!-- Prettier 3.4.1 -->
<template>
  <button @&#8203;click="foo += 2">Click</button>
</template>

v3.4.0

Compare Source

diff

🔗 Release Notes

v3.3.3

Compare Source

diff

Add parentheses for nullish coalescing in ternary (#​16391 by @​cdignam-segment)

This change adds clarity to operator precedence.

// Input
foo ? bar ?? foo : baz;
foo ?? bar ? a : b;
a ? b : foo ?? bar;

// Prettier 3.3.2
foo ? bar ?? foo : baz;
foo ?? bar ? a : b;
a ? b : foo ?? bar;

// Prettier 3.3.3
foo ? (bar ?? foo) : baz;
(foo ?? bar) ? a : b;
a ? b : (foo ?? bar);

Add parentheses for decorator expressions (#​16458 by @​y-schneider)

Prevent parentheses around member expressions or tagged template literals from being removed to follow the stricter parsing rules of TypeScript 5.5.

// Input
@​(foo`tagged template`)
class X {}

// Prettier 3.3.2
@​foo`tagged template`
class X {}

// Prettier 3.3.3
@​(foo`tagged template`)
class X {}

Support @let declaration syntax (#​16474 by @​sosukesuzuki)

Adds support for Angular v18 @let declaration syntax.

Please see the following code example. The @let declaration allows you to define local variables within the template:

@​let name = 'Frodo';

<h1>Dashboard for {{name}}</h1>
Hello, {{name}}

For more details, please refer to the excellent blog post by the Angular Team: Introducing @​let in Angular.

We also appreciate the Angular Team for kindly answering our questions to implement this feature.

v3.3.2

Compare Source

diff

Fix handlebars path expressions starts with @ (#​16358 by @​Princeyadav05)

{{! Input }}
<div>{{@&#8203;x.y.z}}</div>

{{! Prettier 3.3.1 }}
<div>{{@&#8203;x}}</div>

{{! Prettier 3.3.2 }}
<div>{{@&#8203;x.y.z}}</div>

v3.3.1

Compare Source

diff

Preserve empty lines in front matter (#​16347 by @​fisker)

<!-- Input -->
---
foo:
  - bar1

  - bar2

  - bar3
---
Markdown

<!-- Prettier 3.3.0 -->

---
foo:
  - bar1
  - bar2
  - bar3
---

Markdown

<!-- Prettier 3.3.1 -->
---
foo:
  - bar1

  - bar2

  - bar3
---

Markdown

Preserve explicit language in front matter (#​16348 by @​fisker)

<!-- Input -->
---yaml
title: Hello
slug: home
---

<!-- Prettier 3.3.0 -->
---
title: Hello
slug: home
---

<!-- Prettier 3.3.1 -->
---yaml
title: Hello
slug: home
---

Avoid line breaks in import attributes (#​16349 by @​fisker)

// Input
import something from "./some-very-very-very-very-very-very-very-very-long-path.json" with { type: "json" };

// Prettier 3.3.0
import something from "./some-very-very-very-very-very-very-very-very-long-path.json" with { type:
  "json" };

// Prettier 3.3.1
import something from "./some-very-very-very-very-very-very-very-very-long-path.json" with { type: "json" };

v3.3.0

Compare Source

diff

🔗 Release Notes

v3.2.5

Compare Source

diff

Support Angular inline styles as single template literal (#​15968 by @​sosukesuzuki)

Angular v17 supports single string inline styles.

// Input
@​Component({
  template: `<div>...</div>`,
  styles: `h1 { color: blue; }`,
})
export class AppComponent {}

// Prettier 3.2.4
@&#8203;Component({
  template: `<div>...</div>`,
  styles: `h1 { color: blue; }`,
})
export class AppComponent {}

// Prettier 3.2.5
@&#8203;Component({
  template: `<div>...</div>`,
  styles: `
    h1 {
      color: blue;
    }
  `,
})
export class AppComponent {}

Unexpected embedded formatting for Angular template (#​15969 by @​JounQin)

Computed template should not be considered as Angular component template

// Input
const template = "foobar";

@​Component({
  [template]: `<h1>{{       hello }}</h1>`,
})
export class AppComponent {}

// Prettier 3.2.4
const template = "foobar";

@&#8203;Component({
  [template]: `<h1>{{ hello }}</h1>`,
})
export class AppComponent {}

// Prettier 3.2.5
const template = "foobar";

@&#8203;Component({
  [template]: `<h1>{{       hello }}</h1>`,
})
export class AppComponent {}

Use "json" parser for tsconfig.json by default (#​16012 by @​sosukesuzuki)

In v3.2.0, we introduced "jsonc" parser which adds trailing comma by default.

When adding a new parser we also define how it will be used based on the linguist-languages data.

tsconfig.json is a special file used by TypeScript, it uses .json file extension, but it actually uses the JSON with Comments syntax. However, we found that there are many third-party tools not recognize it correctly because of the confusing .json file extension.

We decide to treat it as a JSON file for now to avoid the extra configuration step.

To keep using the "jsonc" parser for your tsconfig.json files, add the following to your .prettierrc file

{
  "overrides": [
    {
      "files": ["tsconfig.json", "jsconfig.json"],
      "options": {
        "parser": "jsonc"
      }
    }
  ]
}

v3.2.4

Compare Source

prettier --file-info tsconfig.json
{ "ignored": false, "inferredParser": "jsonc" }

v3.2.3

Compare Source

diff

Throw errors for invalid code (#​15881 by @​fisker, @​Josh-Cena, @​auvred)

// Input
1++;

// Prettier 3.2.2
1++;

// Prettier 3.2.3
SyntaxError: Invalid left-hand side expression in unary operation (1:1)
> 1 | 1++;
    | ^

// Input
try {} catch (error = 1){}

// Prettier 3.2.2
try {
} catch (error) {}

// Prettier 3.2.3
SyntaxError: Catch clause variable cannot have an initializer. (1:23)
> 1 | try {} catch (error = 1){}
    |                       ^

Fix parser inference (#​15927 by @​fisker)

// Prettier 3.2.2
prettier --file-info tsconfig.json
{ "ignored": false, "inferredParser": "json" }

// Prettier 3.2.3
prettier --file-info tsconfig.json
{ "ignored": false, "inferredParser": "jsonc" }

v3.2.2

Compare Source

diff

Fix crash when parsing template literal CSS in a JSX style tag using a spread attribute (#​15896 by @​eelco)

For example this code would crash before:

<style {...spread}>{`.{}`}</style>

Fix formatting error on optional call expression and member chain (#​15920 by @​sosukesuzuki)

// Input
a(() => {}, c?.d());

// Prettier 3.2.1
TypeError: Cannot read properties of undefined (reading 'type')

// Prettier 3.2.2
a(() => {}, c?.d());

v3.2.1

Compare Source

diff

Fix formatting error on member chain (#​15915 by @​sosukesuzuki)

// Input
test().test2().test2(thing?.something);

// Prettier 3.2.0
TypeError: Cannot read properties of undefined (reading 'type')

// Prettier 3.2.1
test().test2().test2(thing?.something);

v3.2.0

Compare Source

diff

🔗 Release Notes

v3.1.1

Compare Source

diff

Fix config file search (#​15363 by @​fisker)

Previously, we start search for config files from the filePath as a directory, if it happened to be a directory and contains config file, it will be used by mistake.

├─ .prettierrc
└─ test.js         (A directory)
  └─ .prettierrc

// Prettier 3.1.0
await prettier.resolveConfigFile(new URL("./test.js", import.meta.url));
// <CWD>/test.js/.prettierrc

// Prettier 3.1.1
await prettier.resolveConfigFile(new URL("./test.js", import.meta.url));
// <CWD>/.prettierrc

Skip explicitly passed symbolic links with --no-error-on-unmatched-pattern (#​15533 by @​sanmai-NL)

Since Prettier v3, we stopped following symbolic links, however in some use cases, the symbolic link patterns can't be filtered out, and there is no way to prevent Prettier from throwing errors.

In Prettier 3.1.1, you can use --no-error-on-unmatched-pattern to simply skip symbolic links.

Consistently use tabs in ternaries when useTabs is true (#​15662 by @​auvred)

// Input
aaaaaaaaaaaaaaa
	? bbbbbbbbbbbbbbbbbb
	: ccccccccccccccc
	  ? ddddddddddddddd
	  : eeeeeeeeeeeeeee
	    ? fffffffffffffff
	    : gggggggggggggggg;

// Prettier 3.1.0
aaaaaaaaaaaaaaa
	? bbbbbbbbbbbbbbbbbb
	: ccccccccccccccc
	  ? ddddddddddddddd
	  : eeeeeeeeeeeeeee
	    ? fffffffffffffff
	    : gggggggggggggggg;

// Prettier 3.1.1
aaaaaaaaaaaaaaa
	? bbbbbbbbbbbbbbbbbb
	: ccccccccccccccc
		? ddddddddddddddd
		: eeeeeeeeeeeeeee
			? fffffffffffffff
			: gggggggggggggggg;

Improve config file search (#​15663 by @​fisker)

The Prettier config file search performance has been improved by more effective cache strategy.

Fix unstable and ugly formatting for comments in destructuring patterns (#​15708 by @​sosukesuzuki)

// Input
const {
  foo,
  // bar
  // baz
}: Foo = expr;

// Prettier 3.1.0
const {
  foo1,
} // bar
// baz
: Foo = expr;

// Prettier 3.1.0 second output
const {
  foo1, // bar
} // baz
: Foo = expr;

// Prettier 3.1.1
const {
  foo1,
  // bar
  // baz
}: Foo = expr;

Support "Import Attributes" (#​15718 by @​fisker)

TypeScript 5.3 supports the latest updates to the import attributes proposal.

import something from "./something.json" with { type: "json" };

Fix false claim in docs that cursorOffset is incompatible with rangeStart/rangeEnd (#​15750 by @​ExplodingCabbage)

The cursorOffset option has in fact been compatible with rangeStart/rangeEnd for over 5 years, thanks to work by @​ds300. However, Prettier's documentation (including the CLI --help text) continued to claim otherwise, falsely. The documentation is now fixed.

Keep curly braces and from keyword in empty import statements (#​15756 by @​fisker)

// Input
import { } from 'foo';
import { /* comment */ } from 'bar';

// Prettier 3.1.0
import {} from "foo";
import /* comment */ "bar";

// Prettier 3.1.1
import {} from "foo";
import {} from /* comment */ "bar";

Keep empty import attributes and assertions (#​15757 by @​fisker)

// Input
import foo from "foo" with {};
import bar from "bar" assert {};

// Prettier 3.1.0
import foo from "foo";
import bar from "bar";

// Prettier 3.1.1
import foo from "foo" with {};
import bar from "bar" assert {};

v3.1.0

Compare Source

diff

🔗 Release Notes

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[socket-security]

New, updated, and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package	New capabilities	Transitives	Size	Publisher
npm/@babel/helper-validator-identifier@7.22.20	None	0	49.1 kB	nicolo-ribaudo
npm/@babel/highlight@7.23.4	None	0	18.4 kB	nicolo-ribaudo
npm/@graphprotocol/graph-ts@0.30.0	Transitive: eval	+3	19.1 MB	dotansimha
npm/@nomicfoundation/hardhat-chai-matchers@2.0.2	None	+4	353 kB	fvictorio
npm/@nomicfoundation/hardhat-ethers@3.0.8	None	0	231 kB	kanej
npm/@nomicfoundation/hardhat-network-helpers@1.0.12	None	+4	2.39 MB	schaable
npm/@nomicfoundation/hardhat-toolbox@3.0.0	environment	+1	2.27 MB	fvictorio
npm/@nomicfoundation/hardhat-verify@1.1.1	environment	+3	980 kB	fvictorio
npm/@openzeppelin/contracts@4.9.6	None	0	2.02 MB	frangio
npm/@peculiar/asn1-schema@2.3.8	None	+1	242 kB	microshine
npm/@peculiar/json-schema@1.1.12	None	0	51.9 kB	microshine
npm/@protobufjs/aspromise@1.1.2	None	0	9.05 kB	dcode
npm/@protobufjs/base64@1.1.2	None	0	9.22 kB	dcode
npm/@protobufjs/codegen@2.0.4	None	0	9.14 kB	dcode
npm/@protobufjs/eventemitter@1.1.0	None	0	7.75 kB	dcode
npm/@protobufjs/fetch@1.1.0	network	0	8.76 kB	dcode
npm/@protobufjs/float@1.0.2	None	0	27 kB	dcode
npm/@protobufjs/inquire@1.1.0	None	0	4.29 kB	dcode
npm/@protobufjs/path@1.1.2	None	0	7.77 kB	dcode
npm/@protobufjs/pool@1.1.0	None	0	6.25 kB	dcode
npm/@protobufjs/utf8@1.1.0	None	0	23.5 kB	dcode
npm/@typechain/ethers-v6@0.4.3	filesystem	0	96.5 kB	ethereum-ts-bot
npm/@typechain/hardhat@8.0.3	filesystem	0	29.3 kB	ethereum-ts-bot
npm/@types/bn.js@5.1.5	None	0	13.8 kB	types
npm/@types/chai@4.3.6	None	0	77.5 kB	types
npm/@types/concat-stream@1.6.1	None	0	3.71 kB	types
npm/@types/form-data@0.0.33	None	0	2.99 kB	types
npm/@types/long@4.0.2	None	0	13.3 kB	types
npm/@types/minimatch@3.0.5	None	0	8.2 kB	types
npm/@types/mocha@10.0.10	None	0	96.1 kB	types
npm/@types/parse-json@4.0.2	None	0	2.95 kB	types
npm/@types/pbkdf2@3.1.2	None	0	4.52 kB	types
npm/@types/qs@6.9.10	None	0	8.93 kB	types
npm/@types/secp256k1@4.0.6	None	0	8.05 kB	types
npm/@whatwg-node/events@0.0.3	None	0	8.01 kB	ardatan
npm/ajv@6.12.6	eval	0	929 kB	esp
npm/ansi-colors@4.1.3	environment	0	26.1 kB	jonschlinkert
npm/asn1@0.2.6	None	+1	62.1 kB	bahamat
npm/assert-plus@1.0.0	environment	0	11.4 kB	pfmooney
npm/astral-regex@2.0.0	None	0	3.4 kB	kevva
npm/async@3.2.4 ➜ 3.2.5	None	0	808 kB	aearly
npm/base-x@3.0.9	None	0	9.35 kB	junderw
npm/bcrypt-pbkdf@1.0.2	None	+1	203 kB	arekinath
npm/blakejs@1.2.1	None	0	156 kB	dcposch
npm/blob-to-it@1.0.4	None	+1	11.9 kB	achingbrain
npm/browserify-aes@1.2.0	None	0	29.8 kB	cwmma
npm/bs58@4.0.1	None	0	4.57 kB	dcousens
npm/bs58check@2.1.2	None	0	4.79 kB	dcousens
npm/buffer-from@1.1.2	None	0	5.05 kB	linusu
npm/buffer-xor@1.0.3	None	0	4.83 kB	dcousens
npm/callsites@3.1.0	None	0	6.33 kB	sindresorhus
npm/chai@4.3.8	None	+4	811 kB	keithamus
npm/cipher-base@1.0.4	None	0	7.95 kB	cwmma
npm/cli-spinners@2.9.1 ➜ 2.9.2	None	0	32.1 kB	sindresorhus
npm/create-hash@1.2.0	None	0	5.21 kB	cwmma
npm/create-hmac@1.1.7	None	0	5.81 kB	cwmma
npm/dashdash@1.14.1	environment, filesystem	0	80.6 kB	trentm
npm/dns-over-http-resolver@1.2.3	network	0	26.8 kB	vascosantos
npm/ecc-jsbn@0.1.2	None	0	27.8 kB	aduh95
npm/electron-fetch@1.9.1	network	0	116 kB	arantes
npm/encoding@0.1.13	None	0	7.12 kB	andris
npm/error-ex@1.3.2	None	0	9.04 kB	qix
npm/es6-promise@4.2.8	None	0	315 kB	stefanpenner
npm/ethereum-bloom-filters@1.0.10	None	+1	73 kB	joshstevens19
npm/ethereum-cryptography@0.1.3	None	0	845 kB	alcuadrado
npm/ethereumjs-util@7.1.5	None	0	310 kB	holgerd77
npm/ethers@6.13.5	network Transitive: environment	+7	18.4 MB	ricmoo
npm/ethjs-unit@0.1.6	None	+1	634 kB	silentcicero
npm/evp_bytestokey@1.0.3	None	0	5.13 kB	dcousens
npm/extsprintf@1.3.0	None	0	22.8 kB	dap
npm/fast-decode-uri-component@1.0.1	None	0	9.23 kB	delvedor
npm/fast-fifo@1.3.2	None	0	5.07 kB	mafintosh
npm/fast-json-stable-stringify@2.1.0	None	0	17 kB	esp
npm/fast-querystring@1.1.2	None	0	19.1 kB	anonrig
npm/fast-url-parser@1.1.3	None	+1	61.1 kB	esailija
npm/filelist@1.0.4	filesystem	+1	57.5 kB	mde
npm/follow-redirects@1.15.3	network	0	28.6 kB	rubenverborgh
npm/foundry-test-utility@0.1.1	None	0	393 kB	marcaurelebesner
npm/get-iterator@1.0.2	None	0	6.63 kB	alanshaw
npm/get-port@3.2.0	network	0	3.35 kB	sindresorhus
npm/getpass@0.1.7	filesystem	0	5.67 kB	arekinath
npm/har-schema@2.0.0	None	0	15.1 kB	ahmadnassri
npm/hardhat-awesome-cli@0.1.4	filesystem, shell Transitive: environment	+8	1.16 MB	marcaurelebesner
npm/hardhat-gas-reporter@1.0.10	filesystem Transitive: environment, eval, network, shell	+46	22.3 MB	cgewecke
npm/hardhat@2.17.2	environment, filesystem, network, shell Transitive: eval	+88	41.8 MB	fvictorio
npm/hash-base@3.1.0	None	0	6.08 kB	fanatid
npm/http-basic@8.1.3	filesystem, network	0	43.7 kB	forbeslindesay
npm/human-signals@3.0.1 ➜ 2.1.0	None	0	44.3 kB	ehmicky
npm/iconv-lite@0.6.3	None	0	349 kB	ashtuchkin
npm/import-fresh@3.3.0	None	0	4.87 kB	sindresorhus
npm/interface-datastore@6.1.1	None	+1	69.5 kB	achingbrain
npm/interface-store@2.0.2	None	0	14.5 kB	achingbrain
npm/ip-regex@4.3.0	None	0	7.5 kB	sindresorhus
npm/ipfs-unixfs@6.0.9	None	0	108 kB	achingbrain
npm/is-arrayish@0.2.1	None	0	4.05 kB	qix
npm/is-electron@2.2.2	None	0	3.26 kB	cheton
npm/is-hex-prefixed@1.0.0	None	0	9.44 kB	silentcicero
npm/is-ip@3.1.0	None	0	4.25 kB	sindresorhus
npm/is-plain-obj@1.1.0 ➜ 2.1.0	None	0	3.69 kB	sindresorhus
npm/is-stream@1.1.0, 3.0.0 ➜ 2.0.1	None	0	5.93 kB	sindresorhus
npm/iso-url@1.2.1	None	0	13.5 kB	hugomrdias
npm/it-all@1.0.6	None	0	2.88 kB	achingbrain
npm/it-glob@1.0.2	filesystem	0	7.37 kB	achingbrain
npm/it-map@1.0.6	None	0	3.21 kB	achingbrain
npm/it-peekable@1.0.3	None	0	6.61 kB	achingbrain
npm/it-to-stream@1.0.0	Transitive: environment	+1	141 kB	alanshaw
npm/js-tokens@4.0.0	None	0	15.1 kB	lydell
npm/jsbn@0.1.1	None	0	45.8 kB	andyperlitch
npm/json-parse-even-better-errors@2.3.1	None	0	10.4 kB	isaacs
npm/json-schema-traverse@1.0.0 ➜ 0.4.1	None	0	19.6 kB	esp
npm/json-schema@0.4.0	None	0	26.1 kB	kriszyp
npm/jsonparse@1.3.1	None	0	36.8 kB	creationix
npm/jsprim@1.4.2	None	0	31.2 kB	bahamat
npm/keccak@3.0.4	None	0	779 kB	fanatid
npm/lines-and-columns@1.2.4	None	0	5.39 kB	eventualbuddha
npm/log-symbols@4.1.0 ➜ 3.0.0	environment	0	4.11 kB	sindresorhus
npm/matchstick-as@0.5.0	filesystem	+1	140 kB	maksdim
npm/md5.js@1.3.5	None	0	7.67 kB	cwmma
npm/minimist@1.2.8	None	0	54.5 kB	ljharb
npm/multiaddr-to-uri@8.0.0	None	0	11.2 kB	achingbrain
npm/native-fetch@3.0.0	None	0	4.13 kB	achingbrain
npm/node-addon-api@2.0.2	None	0	799 kB	nicknaso
npm/node-gyp-build@4.7.1	environment, filesystem	0	13.4 kB	mafintosh
npm/npm-run-path@5.1.0 ➜ 4.0.1	None	0	8.13 kB	sindresorhus
npm/number-to-bn@1.7.0	None	0	429 kB	silentcicero
npm/p-defer@3.0.0	None	0	3.89 kB	sindresorhus
npm/p-fifo@1.0.0	None	0	6.81 kB	alanshaw
npm/parent-module@1.0.1	None	0	3.92 kB	sindresorhus
npm/parse-cache-control@1.0.1	None	0	4.04 kB	roryf
npm/parse-json@5.2.0	None	0	5.41 kB	sindresorhus
npm/pbkdf2@3.1.2	None	0	13.8 kB	cwmma
npm/promise@8.3.0	eval	0	109 kB	then-promise-bot
npm/protobufjs@6.11.4	filesystem, network	0	14.7 MB	google-wombot
npm/psl@1.9.0	None	0	461 kB	lupomontero
npm/pump@3.0.0 ➜ 1.0.3	None	0	7.04 kB	mafintosh
npm/punycode@1.3.2, 2.3.0 ➜ 2.3.1	None	0	33.5 kB	google-wombot
npm/pvutils@1.1.3	None	0	32.1 kB	microshine
npm/randombytes@2.1.0	None	0	6.36 kB	cwmma
npm/react-native-fetch-api@3.0.0	None	0	40.9 kB	acostalima
npm/receptacle@1.3.2	None	0	12.2 kB	dylanpiercey
npm/resolve-from@4.0.0	filesystem, unsafe	0	4.64 kB	sindresorhus
npm/retimer@3.0.0	None	0	8.88 kB	matteo.collina
npm/ripemd160@2.0.2	None	0	9.79 kB	dcousens
npm/rlp@2.2.7	None	0	62.9 kB	ralxz
npm/secp256k1@4.0.3	None	0	1.89 MB	fanatid
npm/sha.js@2.4.11	None	0	31.1 kB	dcousens
npm/slice-ansi@4.0.0	None	0	6.43 kB	sindresorhus
npm/source-map@0.6.1	None	0	805 kB	tromey
npm/split-ca@1.0.1	filesystem	0	9.61 kB	bushong1
npm/sshpk@1.18.0	None	0	231 kB	bahamat
npm/strip-final-newline@3.0.0 ➜ 2.0.0	None	0	3.05 kB	sindresorhus
npm/strip-hex-prefix@1.0.0	None	0	9.66 kB	silentcicero
npm/timeout-abort-controller@2.0.0	None	0	6.07 kB	jacobheun
npm/typedarray@0.0.6	None	0	26 kB	substack
npm/undici-types@5.26.5	None	0	73.1 kB	ethan_arrowood
npm/utf8@3.0.0	None	0	11.2 kB	mathias
npm/varint@6.0.0	None	0	9.62 kB	chrisdickinson
npm/verror@1.10.0	None	+1	59 kB	dap
npm/wabt@1.0.24	None	0	7.93 MB	assemblyscript
npm/webcrypto-core@1.7.7	None	0	160 kB	microshine

🚮 Removed packages: npm/@types/aws-lambda@8.10.148, npm/discord.js@14.13.0, npm/faunadb@4.8.0, npm/prettier@3.0.3, npm/serverless-dotenv-plugin@6.0.0, npm/serverless-offline@12.0.4, npm/serverless-plugin-typescript@2.1.5, npm/serverless@3.34.0, npm/ts-node@10.9.2, npm/typescript@5.2.2

View full report↗︎

[socket-security]

🚨 Potential security issues detected. Learn more about Socket for GitHub ↗︎

To accept the risk, merge this PR and you will not be notified again.

Alert	Package	Note	Source	CI
Critical CVE	npm/flat@4.1.1	CVE: GHSA-2j2x-2gpw-g8fm flat vulnerable to Prototype Pollution (CRITICAL) Affected versions: < 5.0.1 Patched version: 5.0.1	smart_contract/package-lock.json smart_contract/package.json	⚠︎
Critical CVE	npm/ejs@3.1.6	CVE: GHSA-phwq-j96m-2c2q ejs template injection vulnerability (CRITICAL) Affected versions: < 3.1.7 Patched version: 3.1.7	subgraph/faucet-goerli/yarn.lock	⚠︎

View full report↗︎

Next steps

What is a critical CVE?

Contains a Critical Common Vulnerability and Exposure (CVE).

Remove or replace dependencies that include known critical CVEs. Consumers can use dependency overrides or npm audit fix --force to remove vulnerable dependencies.

Take a deeper look at the dependency

Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support [AT] socket [DOT] dev.

Remove the package

If you happen to install a dependency that Socket reports as Known Malware you should immediately remove it and select a different dependency. For other alert types, you may may wish to investigate alternative packages or consider if there are other ways to mitigate the specific risk posed by the dependency.

Mark a package as acceptable risk

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of ecosystem/package-name@version specifiers. e.g. @SocketSecurity ignore npm/foo@1.0.0 or ignore all packages with @SocketSecurity ignore-all

• @SocketSecurity ignore npm/flat@4.1.1
• @SocketSecurity ignore npm/ejs@3.1.6

[netlify]

✅ Deploy Preview for subspacefaucet canceled.

Name	Link
🔨 Latest commit	caeab1d
🔍 Latest deploy log	https://app.netlify.com/sites/subspacefaucet/deploys/67e80c33e03cdd0008cea5d1