Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore: update dependencies 📦 #2938

Merged
merged 1 commit into from
May 23, 2023
Merged

chore: update dependencies 📦 #2938

merged 1 commit into from
May 23, 2023

Conversation

bigint
Copy link
Member

@bigint bigint commented May 23, 2023

No description provided.

@vercel
Copy link

vercel bot commented May 23, 2023
edited
Loading

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name Status Preview Updated (UTC)
prerender ✅ Ready (Inspect) Visit Preview May 23, 2023 1:41pm
web ✅ Ready (Inspect) Visit Preview May 23, 2023 1:41pm

@vercel vercel bot temporarily deployed to Preview – prerender May 23, 2023 13:39 Inactive
@socket-security
Copy link

New dependency changes detected. Learn more about Socket for GitHub ↗︎

🚨 Potential security issues found in this pull request. To accept the risk, merge this PR and you will not be notified again.

Bot Commands

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of package-name@version specifiers. e.g. @SocketSecurity ignore foo@1.0.0 bar@* or ignore all packages with @SocketSecurity ignore-all

  • @SocketSecurity ignore lens@0.0.0
🧐 Potential typo squat

Package name is similar to other popular packages and may not be the package you want.

Use care when consuming similarly named packages and ensure that you did not intend to consume a different package. Malicious packages often publish using similar names as existing popular packages.

Package 📎 Did you mean? Found in
lens@0.0.0 (added) levns (3.3 million times more downloads) pnpm-lock.yaml, apps/prerender/package.json, pnpm-lock.yaml via lib@0.0.0, apps/web/package.json, pnpm-lock.yaml via @workers/snapshot-relay@0.0.0, lib@0.0.0, ui@0.0.0, packages/lib/package.json, pnpm-lock.yaml, packages/ui/package.json via lib@0.0.0, packages/workers/snapshot-relay/package.json via lib@0.0.0, pnpm-lock.yaml, tests/package.json via lib@0.0.0
Pull request alert summary
Issue Status
Install scripts ✅ 0 issues
Native code ✅ 0 issues
Bin script shell injection ✅ 0 issues
Unresolved require ✅ 0 issues
Invalid package.json ✅ 0 issues
HTTP dependency ✅ 0 issues
Git dependency ✅ 0 issues
Potential typo squat ⚠️ 1 issue
Known Malware ✅ 0 issues
Telemetry ✅ 0 issues
Protestware/Troll package ✅ 0 issues

📊 Modified Dependency Overview:

⬆️ Updated Package Version Diff Added Capability Access +/- Transitive Count Publisher
@aws-sdk/client-sts@3.337.0 3.335.0...3.337.0 None +45/-45 aws-sdk-bot
@playwright/test@1.34.1 1.34.0...1.34.1 None +1/-1 aslushnikov
@aws-sdk/client-s3@3.337.0 3.335.0...3.337.0 None +64/-64 aws-sdk-bot
@snapshot-labs/snapshot.js@0.4.85 0.4.84...0.4.85 None +0/-0 bonustrack
@growthbook/growthbook@0.27.0 0.26.0...0.27.0 None +0/-0 jdorn
@cloudflare/workers-types@4.20230518.0 4.20230511.0...4.20230518.0 None +0/-0 wrangler-publisher

🚮 Removed packages: react-virtuoso@4.3.7

@bigint bigint enabled auto-merge (squash) May 23, 2023 13:40
@bigint bigint merged commit 48ee611 into main May 23, 2023
4 of 5 checks passed
@bigint bigint deleted the update-dependencies branch May 23, 2023 13:46
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@bigint bigint

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
1 participant
@bigint