Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore(deps): bump react-medium-image-zoom from 5.1.2 to 5.1.3 #149

Merged
merged 1 commit into from
Feb 27, 2023
Merged

chore(deps): bump react-medium-image-zoom from 5.1.2 to 5.1.3 #149

merged 1 commit into from
Feb 27, 2023

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Feb 27, 2023
edited

⚠️ Dependabot is rebasing this PR ⚠️

Rebasing might not happen immediately, so don't worry if this takes some time.

Note: if you make any changes to this PR yourself, they will take precedence over the rebase.

Bumps react-medium-image-zoom from 5.1.2 to 5.1.3.

Release notes

Sourced from react-medium-image-zoom's releases.

v5.1.3

[5.1.3] - 2023-02-25

Fixed

Changelog

Sourced from react-medium-image-zoom's changelog.

[5.1.3] - 2023-02-25

Fixed

Commits
  • ce1d2d2 v5.1.3
  • 0b4feca chore: add zjhch123 to contributors
  • d99b52e Merge pull request #389 from zjhch123/dev/jiahzhan/fix/image-has-already-been...
  • fe1cb42 Update: fix missed case
  • 594cf82 Update: follow code style and create util function
  • e7fda39 Fix: image has already been loaded
  • 16ebc24 Merge pull request #380 from rpearce/chore/bump-deps
  • dbed889 upgrade deps; drop axe-core; drop npm-run-all
  • See full diff in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
chore(deps): bump react-medium-image-zoom from 5.1.2 to 5.1.3
19b6fc6 
Bumps [react-medium-image-zoom](https://github.com/rpearce/react-medium-image-zoom) from 5.1.2 to 5.1.3.
- [Release notes](https://github.com/rpearce/react-medium-image-zoom/releases)
- [Changelog](https://github.com/rpearce/react-medium-image-zoom/blob/main/CHANGELOG.md)
- [Commits](rpearce/react-medium-image-zoom@v5.1.2...v5.1.3)

---
updated-dependencies:
- dependency-name: react-medium-image-zoom
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added the 🔗 dependencies Pull requests that update a dependency file label Feb 27, 2023
@socket-security
Copy link

Socket Security Pull Request Report

Dependency issues detected: If you merge this pull request, you will not be alerted to the instances of these issues again.

⚠️ URL strings

Package contains fragments of external URLs or IP addresses, which may indicate that it covertly exfiltrates data.

Avoid using packages that make connections to the network, since this helps to leak data.

Package URL Fragment Location Source
react-medium-image-zoom@5.1.3 (upgraded) http://www.w3.org/2000/svg dist/index.js package.json
react-medium-image-zoom@5.1.3 (upgraded) http://www.w3.org/2000/svg dist/index.js package.json
react-qr-code@2.0.11 (added) http://www.w3.org/2000/svg lib/QRCodeSvg/index.js package.json
react-query@3.39.2 (added) http://www.w3.org/2000/svg dist/react-query-devtools.production.min.js package.json via @types/react-query@1.2.9
react-query@3.39.2 (added) http://www.w3.org/2000/svg es/devtools/styledComponents.js package.json via @types/react-query@1.2.9
relative-time-format@1.1.6 (added) http://www.w3.org/2000/svg demo/lib/react-dom.js package.json via javascript-time-ago@2.5.9, react-time-ago@7.2.1
relative-time-format@1.1.6 (added) http://www.w3.org/2000/svg demo/lib/react-dom.js package.json via javascript-time-ago@2.5.9, react-time-ago@7.2.1
relative-time-format@1.1.6 (added) http://www.w3.org/2000/svg demo/lib/react-dom.js package.json via javascript-time-ago@2.5.9, react-time-ago@7.2.1
satori@0.2.2 (added) http://www.w3.org/2000/svg dist/index.cjs package.json via @vercel/og@0.1.0
satori@0.2.2 (added) http://www.w3.org/2000/svg dist/index.cjs package.json via @vercel/og@0.1.0
satori@0.2.2 (added) http://www.w3.org/2000/svg dist/index.js package.json via @vercel/og@0.1.0
satori@0.2.2 (added) http://www.w3.org/2000/svg dist/index.js package.json via @vercel/og@0.1.0
satori@0.2.2 (added) http://www.w3.org/2000/svg dist/index.wasm.cjs package.json via @vercel/og@0.1.0
satori@0.2.2 (added) http://www.w3.org/2000/svg dist/index.wasm.cjs package.json via @vercel/og@0.1.0
satori@0.2.2 (added) http://www.w3.org/2000/svg dist/index.wasm.js package.json via @vercel/og@0.1.0
satori@0.2.2 (added) http://www.w3.org/2000/svg dist/index.wasm.js package.json via @vercel/og@0.1.0
Pull request report summary
Issue Status
Critical CVE ✅ 0 issues
CVE ✅ 0 issues
Mild CVE ✅ 0 issues
Install scripts ✅ 0 issues
Native code ✅ 0 issues
Bin script confusion ✅ 0 issues
Bin script shell injection ✅ 0 issues
Filesystem access ✅ 0 issues
Network access ✅ 0 issues
Shell access ✅ 0 issues
Debug access ✅ 0 issues
Long strings ✅ 0 issues
High entropy strings ✅ 0 issues
URL strings ⚠️ 16 issues
Uses eval ✅ 0 issues
Dynamic require ✅ 0 issues
Environment variable access ✅ 0 issues
Missing dependency ✅ 0 issues
Unused dependency ✅ 0 issues
Peer dependency ✅ 0 issues
Uncaught optional dependency ✅ 0 issues
Unresolved require ✅ 0 issues
Extraneous dependency ✅ 0 issues
Obfuscated require ✅ 0 issues
Obfuscated code ✅ 0 issues
Minified code ✅ 0 issues
Bidirectional unicode control characters ✅ 0 issues
Zero width unicode chars ✅ 0 issues
Bad text encoding ✅ 0 issues
Unicode homoglyphs ✅ 0 issues
Invisible chars ✅ 0 issues
Suspicious strings ✅ 0 issues
Invalid package.json ✅ 0 issues
HTTP dependency ✅ 0 issues
Git dependency ✅ 0 issues
GitHub dependency ✅ 0 issues
File dependency ✅ 0 issues
No tests ✅ 0 issues
No repository ✅ 0 issues
Bad semver ✅ 0 issues
Bad dependency semver ✅ 0 issues
No v1 ✅ 0 issues
No website ✅ 0 issues
No bug tracker ✅ 0 issues
No contributors or author data ✅ 0 issues
CommonJS depending on ESModule ✅ 0 issues
Empty package ✅ 0 issues
Trivial Package ✅ 0 issues
No README ✅ 0 issues
Deprecated ✅ 0 issues
Chronological version anomaly ✅ 0 issues
Semver anomaly ✅ 0 issues
New author ✅ 0 issues
Unstable ownership ✅ 0 issues
Non-existent author ✅ 0 issues
Unmaintained ✅ 0 issues
Unpublished package ✅ 0 issues
Major refactor ✅ 0 issues
Missing package tarball ✅ 0 issues
Unsafe copyright ✅ 0 issues
License change ✅ 0 issues
Non OSI license ✅ 0 issues
Deprecated license ✅ 0 issues
Missing license ✅ 0 issues
Non SPDX license ✅ 0 issues
Unclear license ✅ 0 issues
Mixed license ✅ 0 issues
Legal notice ✅ 0 issues
Modified license ✅ 0 issues
Modified license exception ✅ 0 issues
License exception ✅ 0 issues
Deprecated SPDX exception ✅ 0 issues
Potential typo squat ✅ 0 issues
Known Malware ✅ 0 issues
Telemetry ✅ 0 issues
Protestware/Troll package ✅ 0 issues
AI detected malware ✅ 0 issues
Bot Commands

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of package-name@version specifiers. e.g. @SocketSecurity ignore foo@1.0.0 bar@2.4.2

  • @SocketSecurity ignore react-medium-image-zoom@5.1.3
  • @SocketSecurity ignore react-qr-code@2.0.11
  • @SocketSecurity ignore react-query@3.39.2
  • @SocketSecurity ignore relative-time-format@1.1.6
  • @SocketSecurity ignore satori@0.2.2

Powered by socket.dev

@dahal dahal merged commit 6ff7677 into main Feb 27, 2023
@dahal dahal deleted the dependabot/npm_and_yarn/react-medium-image-zoom-5.1.3 branch February 27, 2023 07:04
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
🔗 dependencies Pull requests that update a dependency file
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
1 participant
@dahal