Bump the npm_and_yarn group across 1 directory with 58 updates

[dependabot]

Bumps the npm_and_yarn group with 54 updates in the / directory:

Package	From	To
lodash	4.17.11	4.17.21
request	2.87.0	2.88.2
@types/request	2.47.0	2.48.12
semver	5.5.0	5.7.2
tree-kill	1.2.0	1.2.2
ws	3.3.3	4.0.0
xml2js	0.4.19	0.5.0
codecov	3.0.2	3.7.1
flat	4.0.0	5.0.1
jsdom	12.2.0	16.5.0
loader-utils	1.1.0	1.4.2
react-dev-utils	5.0.2	11.0.4
webpack-bundle-analyzer	3.0.3	3.3.2
@babel/traverse	7.1.0	7.24.7
ajv	6.5.4	6.12.6
ajv	6.9.1	6.12.6
@jupyterlab/services	3.2.1	7.2.2
har-validator	5.1.0	5.1.5
extend	3.0.1	3.0.2
azure-storage	2.10.1	2.10.7
bl	1.2.2	1.2.3
browserify-sign	4.0.4	4.2.3
chownr	1.0.1	1.1.4
copy-props	2.0.4	2.0.5
decode-uri-component	0.2.0	0.2.2
decompress	4.2.0	4.2.1
elliptic	6.4.1	6.5.5
fsevents	1.2.4	1.2.13
ini	1.3.5	1.3.8
fstream	1.0.11	1.0.12
global-modules-path	2.3.0	removed
webpack-cli	3.1.2	3.3.12
y18n	3.2.1	3.2.2
yargs-parser	5.0.0	5.0.1
handlebars	4.1.0	4.7.8
js-yaml	3.11.0	3.14.1
gulp-inline-source	3.2.0	4.0.0
json-schema	0.2.3	0.4.0
jsprim	1.4.1	1.4.2
json5	1.0.1	2.2.3
@babel/core	7.1.0	7.24.7
html-webpack-plugin	3.2.0	5.6.0
styled-jsx	3.1.0	3.4.7
svg-inline-loader	0.8.0	0.8.2
mixin-deep	1.3.1	1.3.2
moment	2.21.0	2.30.1
underscore	1.4.4	removed
nearley	2.15.1	2.20.1
azure-storage	2.10.2	2.10.7
pathval	1.1.0	1.1.1
postcss	6.0.23	8.4.38
css-loader	1.0.1	7.1.2
qs	6.5.2	6.5.3
set-value	2.0.0	2.0.1
union-value	1.0.0	1.0.1
url-parse	1.4.3	1.5.10

Updates lodash from 4.17.11 to 4.17.21

Commits

• f299b52 Bump to v4.17.21
• c4847eb Improve performance of toNumber, trim and trimEnd on large input strings
• 3469357 Prevent command injection through _.template's variable option
• ded9bc6 Bump to v4.17.20.
• 63150ef Documentation fixes.
• 00f0f62 test.js: Remove trailing comma.
• 846e434 Temporarily use a custom fork of lodash-cli.
• 5d046f3 Re-enable Travis tests on 4.17 branch.
• aa816b3 Remove /npm-package.
• d7fbc52 Bump to v4.17.19
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by bnjmnt4n, a new releaser for lodash since your current version.

Updates request from 2.87.0 to 2.88.2

Changelog

Sourced from request's changelog.

Change Log

v2.88.0 (2018/08/10)

• #2996 fix(uuid): import versioned uuid (@​kwonoj)
• #2994 Update to oauth-sign 0.9.0 (@​dlecocq)
• #2993 Fix header tests (@​simov)
• #2904 #515, #2894 Strip port suffix from Host header if the protocol is known. (#2904) (@​paambaati)
• #2791 Improve AWS SigV4 support. (#2791) (@​vikhyat)
• #2977 Update test certificates (@​simov)

Commits

• See full diff in compare view

Updates @types/request from 2.47.0 to 2.48.12

Commits

• See full diff in compare view

Updates semver from 5.5.0 to 5.7.2

Release notes

Sourced from semver's releases.

v5.7.2

5.7.2 (2023-07-10)

Bug Fixes

• 2f8fd41 #585 better handling of whitespace (#585) (@​joaomoreno, @​lukekarrys)

Changelog

Sourced from semver's changelog.

5.7.2 (2023-07-10)

Bug Fixes

• 2f8fd41 #585 better handling of whitespace (#585) (@​joaomoreno, @​lukekarrys)

5.7

• Add minVersion method

5.6

• Move boolean loose param to an options object, with backwards-compatibility protection.
• Add ability to opt out of special prerelease version handling with the includePrerelease option flag.

5.5

• Add version coercion capabilities

5.4

• Add intersection checking

5.3

• Add minSatisfying method

5.2

• Add prerelease(v) that returns prerelease components

5.1

• Add Backus-Naur for ranges
• Remove excessively cute inspection methods

5.0

• Remove AMD/Browserified build artifacts
• Fix ltr and gtr when using the * range
• Fix for range * with a prerelease identifier

Commits

• f8cc313 chore: release 5.7.2
• 2f8fd41 fix: better handling of whitespace (#585)
• deb5ad5 chore: @​npmcli/template-oss@​4.16.0
• c83c18c 5.7.1
• 956e228 Correct typo in README
• 8055dda 5.7.0
• 604e73d auto-publishing scripts
• bed01e2 remove the nomin comments, since we don't minify any more anyway
• 9cb68f1 document parse method
• 38d42ca 5.7 changelog
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by lukekarrys, a new releaser for semver since your current version.

Updates tree-kill from 1.2.0 to 1.2.2

Release notes

Sourced from tree-kill's releases.

v1.2.1

Changelog:

• add missing LICENSE file
• fix TypeScript definitions

Commits

• cb47838 1.2.2
• deee138 fix: handle sanitising better, add tests
• ff73dbf fix: sanitise pid parameter (#31)
• 3b5b8fe update Changelog
• d408f04 1.2.1
• 32624c1 Merge pull request #24 from LinusU/patch-1
• c784c3d Add callback-as-second-argument support to typings
• 6d6843c Merge pull request #21 from orodley/patch-1
• d515c80 Add LICENSE file
• See full diff in compare view

Updates ws from 3.3.3 to 4.0.0

Release notes

Sourced from ws's releases.

4.0.0

Breaking changes

• The close status code is now set to 1005 if the received close frame contains no status code (a31b1f6).
• Error messages and types have been updated (695c5ea).
• The onerror event handler now receives an ErrorEvent instead of JavaScript error (63e275e).
• The third argument of WebSocket.prototype.ping() and WebSocket.prototype.pong() is no longer a boolean but an optional callback (30c9f71).
• The non-standard protocolVersion and bytesReceived attributes have been removed (30c9f71...ee9b5f3).
• The extensions attribute is no longer an object but a string representing the extensions selected by the server (fdec524).
• The 'headers' event on the client has been renamed to 'upgrade'. Listeners of this event now receive only the response argument (1c783c2).
• The WebSocket.prototype.pause() and WebSocket.prototype.resume() methods have been removed to prevent the user from interfering with the state of the underlying net.Socket stream (a206e98).

Commits

• a04d985 [dist] 4.0.0
• d03ada2 [minor] Rename some variables for clarity
• a206e98 [major] Remove WebSocket#pause() and WebSocket#resume()
• 1c783c2 [major] Rename the 'headers' event to 'upgrade'
• 9bbc978 [test] Reorganize tests
• fdec524 [fix] Fix extentions property type
• 46461a9 [minor] Refactor server client initialization
• ee9b5f3 [major] Remove non-standard bytesReceived attribute
• 7f8ebc6 [major] Remove non-standard protocolVersion attribute
• 30c9f71 [major] Make WebSocket#p{i,o}ng() accept an optional callback
• Additional commits viewable in compare view

Updates xml2js from 0.4.19 to 0.5.0

Commits

• 9f730bb Update package.json with latest PR
• 50a492a Merge pull request #603 from autopulated/master
• 7bc3c5d Merge pull request #598 from fnimick/master
• f412a12 Merge pull request #635 from wisesimpson/patch-1
• d318ce0 Update README.md
• 581b19a use Object.create(null) to create all parsed objects (prevent prototype repla...
• a212950 Add documentation for explicitCharkey option
• 1832e0b Merge pull request #512 from economia/master
• 198063c Merge pull request #556 from Omega-Ariston/fix-issue544
• 0d71785 Merge pull request #562 from Omega-Ariston/addDocExample
• Additional commits viewable in compare view

Updates codecov from 3.0.2 to 3.7.1

Release notes

Sourced from codecov's releases.

v3.6.4

Fix for Cirrus CI

v3.6.3

AWS Codebuild fixes + package updates

v3.6.2

command line args sanitised

v3.6.1

Fix for Semaphore

v3.6.0

AWS CodeBuild Semaphore v2

v3.3.0

Added pipe --pipe, -l

v3.1.0

Custom Yaml file Token from .codecov.yml

v3.0.4

Security fixes

v3.0.3

Fix for not git repos

Changelog

Sourced from codecov's changelog.

3.7.1

• Move to execFileSync and security fixes

3.7.0

• Remove the X-Amz-Acl: public-read header

3.6.4

• Fix Cirrus CI

3.6.3

• Fix for AWS Codebuild & package updates

3.6.2

• Command line args sanitized fix

3.6.1

• Fix for Semaphore

3.6.0

• Added AWS CodeBuild and Semaphore2

3.5.0

• Added TeamCity support

3.4.0

• Added Heroku CI support

3.3.0

• Added pipe with --pipe, -l

3.2.0

• Added azure pipelines .

3.1.0

• Custom yaml file. Allow codecov token from yml file.

3.0.4

... (truncated)

Commits

• 29dd5b6 3.7.1
• c0711c6 Switch from execSync to execFileSync (#180)
• 5f6cc62 Bump lodash from 4.17.15 to 4.17.19 (#183)
• 0c4d7f3 Merge pull request #182 from codecov/update-readme-badges
• cc5e121 Update depstat image and urls
• b44b44e Update readme with 400 error info (#181)
• bb79335 V3.7.0 (#179)
• 0d7b9b0 Remove 'x-amz-acl': 'public-read' header (#178)
• eeff4e1 Bump acorn from 5.7.3 to 5.7.4 (#174)
• eb8a527 Merge pull request #172 from RoboCafaz/bugfix/codebuild-pr-parser
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by drazisil, a new releaser for codecov since your current version.

Updates flat from 4.0.0 to 5.0.1

Commits

• f25d3a1 Release 5.0.1
• 54cc7ad use standard formatting
• 779816e drop dependencies
• 2eea6d3 Bump lodash from 4.17.15 to 4.17.19
• a61a554 Bump acorn from 7.1.0 to 7.4.0
• 20ef0ef Fix prototype pollution on unflatten
• e8fb281 Test prototype pollution on unflatten
• 6e95c43 Add node 10 & 12 to travis config.
• 38239cc Release 5.0.0
• beaea9d Add tests around cli. Only show usage if on TTY & no argument, allow eaccess ...
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by timoxley, a new releaser for flat since your current version.

Updates jsdom from 12.2.0 to 16.5.0

Release notes

Sourced from jsdom's releases.

Version 16.5.0

• Added window.queueMicrotask().
• Added window.event.
• Added inputEvent.inputType. (diegohaz)
• Removed ondragexit from Window and friends, per a spec update.
• Fixed the URL of about:blank iframes. Previously it was getting set to the parent's URL. (SimonMueller)
• Fixed the loading of subresources from the filesystem when they had non-ASCII filenames.
• Fixed the hidden="" attribute to cause display: none per the user-agent stylesheet. (ph-fritsche)
• Fixed the new File() constructor to no longer convert / to :, per a pending spec update.
• Fixed mutation observer callbacks to be called with the MutationObserver instance as their this value.
• Fixed <input type=checkbox> and <input type=radio> to be mutable even when disabled, per a spec update.
• Fixed XMLHttpRequest to not fire a redundant final progress event if a progress event was previously fired with the same loaded value. This would usually occur with small files.
• Fixed XMLHttpRequest to expose the Content-Length header on cross-origin responses.
• Fixed xhr.response to return null for failures that occur during the middle of the download.
• Fixed edge cases around passing callback functions or event handlers. (ExE-Boss)
• Fixed edge cases around the properties of proxy-like objects such as localStorage or dataset. (ExE-Boss)
• Fixed a potential memory leak with custom elements (although we could not figure out how to trigger it). (soncodi)

Version 16.4.0

• Added a not-implemented warning if you try to use the second pseudo-element argument to getComputedStyle(), unless you pass a ::part or ::slotted pseudo-element, in which case we throw an error per the spec. (ExE-Boss)
• Improved the performance of repeated access to el.tagName, which also indirectly improves performance of selector matching and style computation. (eps1lon)
• Fixed form.elements to respect the form="" attribute, so that it can contain non-descendant form controls. (ccwebdesign)
• Fixed el.focus() to do nothing on disconnected elements. (eps1lon)
• Fixed el.focus() to work on SVG elements. (zjffun)
• Fixed removing the currently-focused element to move focus to the <body> element. (eps1lon)
• Fixed imgEl.complete to return true for <img> elements with empty or unset src="" attributes. (strager)
• Fixed imgEl.complete to return true if an error occurs loading the <img>, when canvas is enabled. (strager)
• Fixed imgEl.complete to return false if the <img> element's src="" attribute is reset. (strager)
• Fixed the valueMissing validation check for <input type="radio">. (zjffun)
• Fixed translate="" and draggable="" attribute processing to use ASCII case-insensitivity, instead of Unicode case-insensitivity. (zjffun)

Version 16.3.0

• Added firing of focusin and focusout when using el.focus() and el.blur(). (trueadm)
• Fixed elements with the contenteditable="" attribute to be considered as focusable. (jamieliu386)
• Fixed window.NodeFilter to be per-Window, instead of shared across all Windows. (ExE-Boss)
• Fixed edge-case behavior involving use of objects with handleEvent properties as event listeners. (ExE-Boss)
• Fixed a second failing image load sometimes firing a load event instead of an error event, when the canvas package is installed. (strager)
• Fixed drawing an empty canvas into another canvas. (zjffun)

Version 16.2.2

• Updated StyleSheetList for better spec compliance; notably it no longer inherits from Array.prototype. (ExE-Boss)
• Fixed requestAnimationFrame() from preventing process exit. This likely regressed in v16.1.0.
• Fixed setTimeout() to no longer leak the closures passed in to it. This likely regressed in v16.1.0. (AviVahl)
• Fixed infinite recursion that could occur when calling click() on a <label> element, or one of its descendants.
• Fixed getComputedStyle() to consider inline style="" attributes. (eps1lon)
• Fixed several issues with <input type="number">'s stepUp() and stepDown() functions to be properly decimal-based, instead of floating point-based.
• Fixed various issues where updating selectEl.value would not invalidate properties such as selectEl.selectedOptions. (ExE-Boss)
• Fixed <input>'s src property, and <ins>/<del>'s cite property, to properly reflect as URLs.
• Fixed window.addEventLister, window.removeEventListener, and window.dispatchEvent to properly be inherited from EventTarget, instead of being distinct functions. (ExE-Boss)
• Fixed errors that would occur if attempting to use a DOM object, such as a custom element, as an argument to addEventListener.

... (truncated)

Changelog

Sourced from jsdom's changelog.

16.5.0

• Added window.queueMicrotask().
• Added window.event.
• Added inputEvent.inputType. (diegohaz)
• Removed ondragexit from Window and friends, per a spec update.
• Fixed the URL of about:blank iframes. Previously it was getting set to the parent's URL. (SimonMueller)
• Fixed the loading of subresources from the filesystem when they had non-ASCII filenames.
• Fixed the hidden="" attribute to cause display: none per the user-agent stylesheet. (ph-fritsche)
• Fixed the new File() constructor to no longer convert / to :, per a pending spec update.
• Fixed mutation observer callbacks to be called with the MutationObserver instance as their this value.
• Fixed <input type=checkbox> and <input type=radio> to be mutable even when disabled, per a spec update.
• Fixed XMLHttpRequest to not fire a redundant final progress event if a progress event was previously fired with the same loaded value. This would usually occur with small files.
• Fixed XMLHttpRequest to expose the Content-Length header on cross-origin responses.
• Fixed xhr.response to return null for failures that occur during the middle of the download.
• Fixed edge cases around passing callback functions or event handlers. (ExE-Boss)
• Fixed edge cases around the properties of proxy-like objects such as localStorage or dataset. (ExE-Boss)
• Fixed a potential memory leak with custom elements (although we could not figure out how to trigger it). (soncodi)

16.4.0

• Added a not-implemented warning if you try to use the second pseudo-element argument to getComputedStyle(), unless you pass a ::part or ::slotted pseudo-element, in which case we throw an error per the spec. (ExE-Boss)
• Improved the performance of repeated access to el.tagName, which also indirectly improves performance of selector matching and style computation. (eps1lon)
• Fixed form.elements to respect the form="" attribute, so that it can contain non-descendant form controls. (ccwebdesign)
• Fixed el.focus() to do nothing on disconnected elements. (eps1lon)
• Fixed el.focus() to work on SVG elements. (zjffun)
• Fixed removing the currently-focused element to move focus to the <body> element. (eps1lon)
• Fixed imgEl.complete to return true for <img> elements with empty or unset src="" attributes. (strager)
• Fixed imgEl.complete to return true if an error occurs loading the <img>, when canvas is enabled. (strager)
• Fixed imgEl.complete to return false if the <img> element's src="" attribute is reset. (strager)
• Fixed the valueMissing validation check for <input type="radio">. (zjffun)
• Fixed translate="" and draggable="" attribute processing to use ASCII case-insensitivity, instead of Unicode case-insensitivity. (zjffun)

16.3.0

• Added firing of focusin and focusout when using el.focus() and el.blur(). (trueadm)
• Fixed elements with the contenteditable="" attribute to be considered as focusable. (jamieliu386)
• Fixed window.NodeFilter to be per-Window, instead of shared across all Windows. (ExE-Boss)
• Fixed edge-case behavior involving use of objects with handleEvent properties as event listeners. (ExE-Boss)
• Fixed a second failing image load sometimes firing a load event instead of an error event, when the canvas package is installed. (strager)
• Fixed drawing an empty canvas into another canvas. (zjffun)

16.2.2

• Updated StyleSheetList for better spec compliance; notably it no longer inherits from Array.prototype. (ExE-Boss)
• Fixed requestAnimationFrame() from preventing process exit. This likely regressed in v16.1.0.
• Fixed setTimeout() to no longer leak the closures passed in to it. This likely regressed in v16.1.0. (AviVahl)
• Fixed infinite recursion that could occur when calling click() on a <label> element, or one of its descendants.
• Fixed getComputedStyle() to consider inline style="" attributes. (eps1lon)
• Fixed several issues with <input type="number">'s stepUp() and stepDown() functions to be properly decimal-based, instead of floating point-based.

... (truncated)

Commits

• 2d82763 Version 16.5.0
• 9741311 Fix loading of subresources with Unicode filenames
• 5e46553 Use domenic's ESLint config as the base
• 19b35da Fix the URL of about:blank iframes
• 017568e Support inputType on InputEvent
• 29f4fdf Upgrade dependencies
• e2f7639 Refactor create‑event‑accessor.js to remove code duplication
• ff69a75 Convert JSDOM to use callback functions
• 19df6bc Update links in contributing guidelines
• 1e34ff5 Test triage
• Additional commits viewable in compare view

Updates loader-utils from 1.1.0 to 1.4.2

Release notes

Sourced from loader-utils's releases.

v1.4.2

1.4.2 (2022-11-11)

Bug Fixes

• ReDoS problem (#226) (17cbf8f)

v1.4.1

1.4.1 (2022-11-07)

Bug Fixes

• security problem (#220) (4504e34)

v1.4.0

1.4.0 (2020-02-19)

Features

• the resourceQuery is passed to the interpolateName method (#163) (cd0e428)

v1.3.0

1.3.0 (2020-02-19)

Features

• support the [query] template for the interpolatedName method (#162) (469eeba)

v1.2.3

1.2.3 (2018-12-27)

Bug Fixes

• interpolateName: don't interpolated hashType without hash or contenthash (#140) (3528fd9)

v1.2.2

1.2.2 (2018-12-27)

Bug Fixes

... (truncated)

Changelog

Sourced from loader-utils's changelog.

1.4.2 (2022-11-11)

Bug Fixes

• ReDoS problem (#226) (17cbf8f)

1.4.1 (2022-11-07)

Bug Fixes

• security problem (#220) (4504e34)

1.4.0 (2020-02-19)

Features

• the resourceQuery is passed to the interpolateName method (#163) (cd0e428)

1.3.0 (2020-02-19)

Features

• support the [query] template for the interpolatedName method (#162) (469eeba)

1.2.3 (2018-12-27)

Bug Fixes

• interpolateName: don't interpolated hashType without hash or contenthash (#140) (3528fd9)

1.2.2 (2018-12-27)

Bug Fixes

... (truncated)

Commits

• 331ad50 chore(release): 1.4.2
• 17cbf8f fix: ReDoS problem (#226)
• 8f082b3 chore(release): 1.4.1
• 4504e34 fix: security problem (#220)
• d95b8b5 chore(release): 1.4.0
• cd0e428 feat: the resourceQuery is passed to the interpolateName method (#163)
• 06d36cf chore(release): 1.3.0
• 469eeba feat: support the [query] template for the interpolatedName method (#162)
• 909c99d chore: funding.yml config and CI fix (#159)
• b5b74f0 Set up CI with Azure Pipelines
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by evilebottnawi, a new releaser for loader-utils since your current version.

Updates react-dev-utils from 5.0.2 to 11.0.4

Changelog

Sourced from react-dev-utils's changelog.

2.0.3 and Newer Versions

Please refer to CHANGELOG-2.x.md for the 2.x range, and https://github.com/facebook/create-react-app/blob/main/CHANGELOG.md for the newer versions.

1.1.5 (August 24, 2018)

• react-scripts

  • Update the webpack-dev-server dependency

• react-dev-utils

  • #4866 Fix a Windows-only vulnerability (CVE-2018-6342) in the development server (@​acdlite)
  • Update the sockjs-client dependency

Committers: 1

• Andrew Clark (acdlite)

Migrating from 1.1.4 to 1.1.5

Inside any created project that has not been ejected, run:

npm install --save --save-exact react-scripts@1.1.5

or

yarn add --exact react-scripts@1.1.5

1.1.4 (April 3, 2018)

🐛 Bug Fix

• react-dev-utils

  • #4250 Upgrade detect-port-alt to fix #4189. (@​Timer)

Committers: 1

• Joe Haddad (Timer)

Migrating from 1.1.3 to 1.1.4

Inside any created project that has not been ejected, run:

</tr></table> 

... (truncated)

Commits

• See full diff in compare view

Updates webpack-bundle-analyzer from 3.0.3 to 3.3.2

Changelog

Sourced from webpack-bundle-analyzer's changelog.

3.3.2

• Bug Fix
  • Fix regression with escaping internal assets (#264, fixes #263)

3.3.1

• Improvements

  • Use relative links for serving internal assets (#261, fixes #254)
  • Properly escape embedded JS/JSON (#262)

• Bug Fix

  • Fix showing help message on -h flag (#260, fixes #239)

3.3.0

• New Feature

  • Show/hide chunks using context menu (#246, @​bregenspan)

• Internal

  • Updated dev dependencies

3.2.0

• Improvements
  • Add support for .mjs output files (#252, @​jlopezxs)

3.1.0

• Bug Fix
  • Properly determine the size of the modules containing special characters (#223, @​hulkish)
  • Update acorn to v6 (#248, @​realityking)

3.0.4

• Bug Fix
  • Make webpack's done hook wait until analyzer writes report or stat file (#247, @​mareolan)

Commits

• 345c3f5 v3.3.2
• a615815 Merge pull request #264 from webpack-contrib/fix-escape-regression
• 20f2b4c Fix regression with escaping internal assets
• 9836649 v3.3.1
• d1db526 Remove outdated item from troubleshooting section
• ca34279 Merge pull request #261 from webpack-contrib/relative-links-to-assets
• 99818f9 Fix changelog
• 21722d2 Add changelog entry
• ed99c32 Use relative links for serving internal assets
• 3ce1b8c Merge pull request #262 from webpack-contrib/proper-js-escape
• Additional commits viewable in compare view

Updates @babel/traverse from 7.1.0 to 7.24.7

Release notes

Sourced from @​babel/traverse's releases.

v7.24.7 (2024-06-05)

🐛 Bug Fix

• babel-node
  • #16554 Allow extra flags in babel-node (@​nicolo-ribaudo)
• babel-traverse
  • #16522 fix: incorrect constantViolations with destructuring (@​liuxingbaoyu)
• babel-helper-transform-fixture-test-runner, babel-plugin-proposal-explicit-resource-management
  • #16524 fix: Transform using in switch correctly (@​liuxingbaoyu)

🏠 Internal

• babel-helpers, babel-runtime-corejs2, babel-runtime-corejs3, babel-runtime
  • #16525 Delete unused array helpers (@​blakewilson)

Committers: 7

• Amjad Yahia Robeen Hassan (@​amjed-98)
• Babel Bot (@​babel-bot)
• Blake Wilson (@​blakewilson)
• Huáng Jùnliàng (@​JLHwung)
• Nicolò Ribaudo (@​nicolo-ribaudo)
• Sukka (@​SukkaW)
• @​liuxingbaoyu

v7.24.6 (2024-05-24)

Thanks @​amjed-98, @​blakewilson, @​coelhucas, and @​SukkaW for your first PRs!

🐛 Bug Fix

• babel-helper-create-class-features-plugin, babel-plugin-transform-class-properties
  • #16514 Fix source maps for private member expressions (@​nicolo-ribaudo)
• babel-core, babel-generator, babel-plugin-transform-modules-commonjs
  • #16515 Fix source maps for template literals (@​nicolo-ribaudo)
• babel-helper-create-class-features-plugin, babel-plugin-proposal-decorators
  • #16485 Support undecorated static accessor in anonymous classes (@​JLHwung)
  • #16484 Fix decorator bare yield await (@​JLHwung)
• babel-helpers, babel-plugin-proposal-decorators, babel-runtime-corejs3
  • #16483 Fix: throw TypeError if addInitializer is called after finished (@​JLHwung)
• babel-parser, babel-plugin-transform-typescript
  • #16476 fix: Correctly parse cls.fn<C> = x (@​liuxingbaoyu)

🏠 Internal

• babel-core, babel-helpers, babel-plugin-transform-runtime, babel-preset-env, babel-runtime-corejs2, babel-runtime-corejs3, babel-runtime
  • #16501 Generate helper metadata at build time (@​nicolo-ribaudo)
• babel-helpers
  • #16499 Add tsconfig.json for @babel/helpers/src/helpers (@​nicolo-ribaudo)
• babel-cli, babel-helpers, babel-plugin-external-helpers, babel-plugin-proposal-decorators, babel-plugin-transform-class-properties, babel-plugin-transform-modules-commonjs, babel-plugin-transform-modules-systemjs, babel-plugin-transform-runtime, babel-preset-env, babel-runtime-corejs2, babel-runtime-corejs3, babel-runtime
  • #16495 Move all runtime helpers to individual files (@​nicolo-ribaudo)
• babel-parser, babel-traverse
  • #16482 Statically generate boilerplate for bitfield accessors (@​nicolo-ribaudo)
• Other

... (truncated)

Changelog

Sourced from @​babel/traverse's changelog.

v7.24.7 (2024-06-05)

🐛 Bug Fix

• babel-node
  • #16554 Allow extra flags in babel-node (@​nicolo-ribaudo)
• babel-traverse
  • #16522 fix: incorrect constantViolations with destructuring (@​liuxingbaoyu)
• babel-helper-transform-fixture-test-runner, babel-plugin-proposal-explicit-resource-management
  • #16524 fix: Transform using in switch correctly (@​liuxingbaoyu)

🏠 Internal

• babel-helpers, babel-runtime-corejs2, babel-runtime-corejs3, babel-runtime
  • #16525 Delete unused array helpers (@​blakewilsonDescription has been truncated

[socket-security]

New and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package	New capabilities	Transitives	Size	Publisher
npm/@babel/compat-data@7.24.7	None	0	65.6 kB	nicolo-ribaudo
npm/@babel/core@7.24.7	environment, filesystem, unsafe	0	785 kB	nicolo-ribaudo
npm/@babel/helper-compilation-targets@7.24.7	None	0	52.2 kB	nicolo-ribaudo
npm/@babel/helper-environment-visitor@7.24.7	None	0	6.72 kB	nicolo-ribaudo
npm/@babel/helper-string-parser@7.24.7	None	0	31.8 kB	nicolo-ribaudo
npm/@babel/helper-validator-identifier@7.24.7	None	0	49.3 kB	nicolo-ribaudo
npm/@babel/helper-validator-option@7.24.7	None	0	11.8 kB	nicolo-ribaudo
npm/@babel/helpers@7.24.7	None	0	859 kB	nicolo-ribaudo
npm/@babel/traverse@7.24.7	None	0	634 kB	nicolo-ribaudo
npm/@jridgewell/gen-mapping@0.3.5	None	0	81.6 kB	jridgewell
npm/@jridgewell/resolve-uri@3.1.2	None	0	53.2 kB	jridgewell
npm/@jridgewell/set-array@1.2.1	None	0	17.9 kB	jridgewell
npm/@jridgewell/source-map@0.3.6	None	0	177 kB	jridgewell
npm/@jridgewell/sourcemap-codec@1.4.15	None	0	45.9 kB	jridgewell
npm/@jridgewell/trace-mapping@0.3.25	None	0	169 kB	jridgewell
npm/@jupyter/ydoc@2.0.1	None	0	133 kB	davidbrochart
npm/@jupyterlab/coreutils@6.2.2	environment, eval	0	115 kB	jupyterlab-release-bot
npm/@jupyterlab/nbformat@4.2.2	None	0	27.3 kB	jupyterlab-release-bot
npm/@jupyterlab/services@7.2.2	environment, network	0	1.21 MB	jupyterlab-release-bot
npm/@jupyterlab/settingregistry@4.2.2	None	0	200 kB	jupyterlab-release-bot
npm/@jupyterlab/statedb@4.2.2	None	0	90.4 kB	jupyterlab-release-bot
npm/@lumino/algorithm@2.0.1	None	0	635 kB	jupyterlab-release-bot
npm/@lumino/commands@2.3.0	None	0	385 kB	jupyterlab-release-bot
npm/@lumino/coreutils@2.1.2	None	0	259 kB	jupyterlab-release-bot
npm/@lumino/disposable@2.1.2	None	0	53 kB	jupyterlab-release-bot
npm/@lumino/domutils@2.0.1	None	0	132 kB	jupyterlab-release-bot
npm/@lumino/keyboard@2.0.1	None	0	71.1 kB	jupyterlab-release-bot
npm/@lumino/polling@2.1.2	None	0	186 kB	jupyterlab-release-bot
npm/@lumino/properties@2.0.1	None	0	65.2 kB	jupyterlab-release-bot
npm/@lumino/signaling@2.1.2	None	0	163 kB	jupyterlab-release-bot
npm/@lumino/virtualdom@2.0.1	None	0	340 kB	jupyterlab-release-bot
npm/@nodelib/fs.scandir@2.1.5	filesystem	0	22.2 kB	mrmlnc
npm/@nodelib/fs.stat@2.0.5	filesystem	0	11.8 kB	mrmlnc
npm/@nodelib/fs.walk@1.2.8	None	0	26.4 kB	mrmlnc
npm/@rjsf/utils@5.18.4	environment	0	1.63 MB	rjsf-bot
npm/@tootallnate/once@1.1.2	None	0	4.08 kB	tootallnate
npm/@types/caseless@0.12.5	None	0	4.72 kB	types
npm/@types/html-minifier-terser@6.1.0	None	0	9.56 kB	types
npm/@types/q@1.5.8	None	0	32 kB	types
npm/@types/request@2.48.12	None	0	19.8 kB	types
npm/abab@2.0.6	None	0	10.4 kB	jeffcarp
npm/accepts@1.3.8	None	0	16.8 kB	dougwilson
npm/acorn-globals@6.0.0	None	0	9.1 kB	timothygu
npm/acorn-walk@7.2.0	None	0	100 kB	marijn
npm/address@1.1.2	environment, filesystem, shell	0	13.4 kB	fengmk2
npm/agent-base@6.0.2	None	0	34.6 kB	tootallnate
npm/ajv@8.16.0	eval	0	1.03 MB	esp
npm/aws4@1.13.0	environment	0	23.4 kB	hichaelmart
npm/azure-storage@2.10.7	environment, filesystem, network	0	2.67 MB	windowsazure
npm/bfj@6.1.2	filesystem	0	374 kB	philbooth
npm/big.js@5.2.2	None	0	63.9 kB	mikemcl
npm/bindings@1.5.0	environment, filesystem	0	11.2 kB	tootallnate
npm/bl@1.2.3	None	0	38.9 kB	rvagg
npm/body-parser@1.20.2	network	0	60.8 kB	dougwilson
npm/browser-process-hrtime@1.0.0	None	0	3.52 kB	kumavis
npm/browserify-sign@4.2.3	None	0	15.8 kB	ljharb
npm/bytes@3.1.2	None	0	12.3 kB	dougwilson
npm/call-bind@1.0.7	None	0	22.1 kB	ljharb
npm/camel-case@4.1.2	None	0	14.3 kB	blakeembrey
npm/camelcase@5.3.1	None	0	7.45 kB	sindresorhus
npm/check-types@8.0.3	None	0	54.3 kB	philbooth
npm/chownr@1.1.4	filesystem	0	5.71 kB	isaacs
npm/clean-css@5.3.3	environment, filesystem, network	0	493 kB	jakub.pawlowicz
npm/coa@2.0.2	environment, filesystem	0	72.5 kB	qfox
npm/codecov@3.7.1	environment, filesystem, shell	0	81 kB	drazisil
npm/compute-gcd@1.2.1	None	0	11.8 kB	planeshifter
npm/compute-lcm@1.1.2	None	0	9.25 kB	planeshifter
npm/content-type@1.0.5	None	0	10.5 kB	dougwilson
npm/cookie@0.6.0	None	0	23.7 kB	dougwilson
npm/cookiejar@2.1.4	None	0	14.5 kB	andyburke
npm/copy-props@2.0.5	None	0	14.3 kB	sttk
npm/css-loader@7.1.2	None	0	141 kB	evilebottnawi
npm/css-select-base-adapter@0.1.1	None	0	10.9 kB	nrkn
npm/css-tree@1.0.0-alpha.29	None	0	627 kB	lahmatiy
npm/css-url-regex@1.1.0	None	0	2.72 kB	johno
npm/cssesc@3.0.0	None	0	17.5 kB	mathias
npm/csso@3.5.1	None	0	335 kB	lahmatiy
npm/cssom@0.4.4	None	0	48.7 kB	nv
npm/cssstyle@2.3.0	None	0	176 kB	jon.sakas
npm/data-urls@2.0.0	None	0	8.08 kB	domenic
npm/decimal.js@10.4.3	None	0	283 kB	mikemcl
npm/decode-uri-component@0.2.2	None	0	6.09 kB	samverschueren
npm/decompress@4.2.1	None	0	8.12 kB	sindresorhus
npm/define-data-property@1.1.4	None	0	30.9 kB	ljharb
npm/depd@2.0.0	environment, eval	0	27.1 kB	dougwilson
npm/destroy@1.2.0	filesystem	0	9.02 kB	dougwilson
npm/dom-converter@0.2.0	None	0	7.9 kB	ariaminaei
npm/domexception@2.0.1	None	0	15.5 kB	domenic
npm/dot-case@3.0.4	None	0	10.5 kB	blakeembrey
npm/ejs@2.7.4	eval, filesystem	0	129 kB	mde
npm/elliptic@6.5.5	None	0	119 kB	indutny
npm/emoji-regex@7.0.3	None	0	36.3 kB	mathias
npm/es-define-property@1.0.0	None	0	11.8 kB	ljharb
npm/es-errors@1.3.0	None	0	12.3 kB	ljharb
npm/es-object-atoms@1.0.0	None	0	9.17 kB	ljharb
npm/escalade@3.1.2	filesystem	0	11.6 kB	lukeed
npm/express@4.19.2	environment, filesystem, network	0	215 kB	wesleytodd
npm/extend@3.0.2	None	0	23.5 kB	ljharb
npm/fast-glob@3.3.2	filesystem	0	96.7 kB	mrmlnc
npm/fast-safe-stringify@2.1.1	None	0	39.7 kB	matteo.collina
npm/fastq@1.17.1	None	0	41.9 kB	matteo.collina
npm/file-uri-to-path@1.0.0	None	0	8.07 kB	tootallnate
npm/filesize@6.1.0	None	0	70.6 kB	avoidwork
npm/finalhandler@1.2.0	environment	0	18.6 kB	dougwilson
npm/flat@5.0.1	None	0	26.6 kB	timoxley
npm/fork-ts-checker-webpack-plugin@4.1.6	environment, filesystem, shell, unsafe	0	236 kB	piotr-oles
npm/formidable@1.2.6	filesystem	0	44.3 kB	tunnckocore
npm/forwarded@0.2.0	None	0	5.88 kB	dougwilson
npm/fsevents@1.2.13	filesystem, shell	0	25.8 kB	pipobscure
npm/fstream@1.0.12	filesystem	0	63.5 kB	isaacs
npm/gensync@1.0.0-beta.2	None	0	28.9 kB	loganfsmyth
npm/get-intrinsic@1.2.4	eval	0	41.6 kB	ljharb
npm/gopd@1.0.1	None	0	7.7 kB	ljharb
npm/gulp-inline-source@4.0.0	None	0	10.5 kB	fmal
npm/gzip-size@5.1.1	filesystem	0	7.48 kB	sindresorhus
npm/handlebars@4.7.8	filesystem	0	2.78 MB	jaylinski
npm/har-validator@5.1.5	None	0	8.22 kB	ahmadnassri
npm/has-property-descriptors@1.0.2	None	0	10.9 kB	ljharb
npm/has-proto@1.0.3	None	0	12 kB	ljharb
npm/hasown@2.0.2	None	0	8.77 kB	ljharb
npm/html-encoding-sniffer@2.0.1	None	0	11.5 kB	domenic
npm/html-minifier-terser@6.1.0	None	0	99.6 kB	sibiraj-s
npm/html-webpack-plugin@5.6.0	filesystem, unsafe	0	120 kB	evilebottnawi
npm/http-errors@2.0.0	None	0	18.8 kB	dougwilson
npm/http-proxy-agent@4.0.1	network	0	17.1 kB	tootallnate
npm/https-proxy-agent@4.0.0	network	0	16.9 kB	tootallnate
npm/icss-utils@5.1.0	None	0	10 kB	evilebottnawi
npm/ignore-walk@3.0.3	filesystem	0	10.9 kB	isaacs
npm/immer@8.0.1	environment	0	832 kB	mweststrate
npm/ini@1.3.8	None	0	9.3 kB	isaacs
npm/inline-source@6.1.10	filesystem	0	36 kB	popeindustries
npm/ipaddr.js@1.9.1	None	0	42.1 kB	whitequark
npm/is-docker@2.2.1	filesystem	0	3.01 kB	sindresorhus
npm/is-potential-custom-element-name@1.0.1	None	0	3.92 kB	mathias
npm/is-root@2.1.0	None	0	2.68 kB	sindresorhus
npm/is-wsl@2.2.0	environment, filesystem	0	3.76 kB	sindresorhus
npm/isomorphic.js@0.2.5	unsafe	0	4.94 kB	dmonad
npm/js-yaml@3.14.1	eval	0	291 kB	vitaly
npm/jsdom@16.5.0	eval, filesystem, network, shell, unsafe	0	2.89 MB	domenic
npm/json-schema-compare@0.2.2	None	0	18.1 kB	mokkabonna
npm/json-schema-merge-allof@0.8.1	None	0	93.9 kB	mokkabonna
npm/json-schema@0.4.0	None	0	26.1 kB	kriszyp
npm/json5@2.2.3	None	0	235 kB	jordanbtucker
npm/jsonpointer@5.0.1	None	0	6.75 kB	marcbachmann
npm/jsprim@1.4.2	None	0	31.2 kB	bahamat
npm/kleur@3.0.3	None	0	9.89 kB	lukeed
npm/lib0@0.2.94	environment	0	1.9 MB	dmonad
npm/loader-utils@1.4.2	None	0	25.9 kB	evilebottnawi
npm/lodash-es@4.17.21	eval	0	636 kB	bnjmnt4n
npm/lodash@4.17.21	None	0	1.41 MB	bnjmnt4n
npm/lower-case@2.0.2	None	0	17.7 kB	blakeembrey
npm/merge2@1.4.1	None	0	8.9 kB	zensh
npm/microevent.ts@0.1.1	None	0	89.5 kB	dirtyhairy
npm/mixin-deep@1.3.2	None	0	7.22 kB	doowb
npm/moment@2.30.1	None	0	4.35 MB	ichernev
npm/nanoid@3.3.7	None	0	24.4 kB	ai
npm/nearley@2.20.1	None	0	75.8 kB	hardmath123
npm/negotiator@0.6.3	None	0	27.4 kB	dougwilson
npm/no-case@3.0.4	None	0	25.1 kB	blakeembrey
npm/nwsapi@2.2.10	None	0	80.7 kB	diego
npm/oauth-sign@0.9.0	None	0	13.8 kB	simov
npm/on-finished@2.4.1	unsafe	0	13.7 kB	dougwilson
npm/open@7.4.2	environment, filesystem, shell	0	41.9 kB	sindresorhus
npm/opener@1.5.2	shell	0	6.21 kB	domenic
npm/param-case@3.0.4	None	0	10.2 kB	blakeembrey
npm/parseurl@1.3.3	None	0	10.3 kB	dougwilson
npm/pascal-case@3.1.2	None	0	14.8 kB	blakeembrey
npm/pathval@1.1.1	None	0	15.8 kB	chai
npm/picocolors@1.0.1	environment	0	5.15 kB	alexeyraspopov
npm/picomatch@2.3.1	None	0	90 kB	mrmlnc
npm/pkg-up@3.1.0	None	0	4.25 kB	sindresorhus
npm/postcss-modules-extract-imports@3.1.0	None	0	11.2 kB	evilebottnawi
npm/postcss-modules-local-by-default@4.0.5	None	0	22.5 kB	evilebottnawi
npm/postcss-modules-scope@3.2.0	None	0	15 kB	evilebottnawi
npm/postcss-modules-values@4.0.0	None	0	9.66 kB	evilebottnawi
npm/postcss-selector-parser@6.1.0	None	0	186 kB	evilebottnawi
npm/postcss-value-parser@4.2.0	None	0	27.2 kB	evilebottnawi
npm/postcss@8.4.38	environment, filesystem	0	198 kB	ai
npm/pretty-error@4.0.0	None	0	58.9 kB	ariaminaei
npm/prompts@2.4.0	None	0	185 kB	terkelg
npm/proxy-addr@2.0.7	None	0	15.4 kB	dougwilson

🚮 Removed packages: npm/@babel/core@7.1.0, npm/@babel/helpers@7.1.0, npm/@babel/traverse@7.1.0, npm/@jupyterlab/coreutils@2.2.1, npm/@jupyterlab/observables@2.1.1, npm/@jupyterlab/services@3.2.1, npm/@phosphor/algorithm@1.1.2, npm/@phosphor/collections@1.1.2, npm/@phosphor/coreutils@1.3.0, npm/@phosphor/disposable@1.1.2, npm/@phosphor/messaging@1.2.2, npm/@phosphor/signaling@1.2.2, npm/@types/caseless@0.12.1, npm/@types/form-data@2.2.1, npm/@types/request@2.47.0, npm/abab@2.0.0, npm/accepts@1.3.5, npm/acorn-globals@4.3.0, npm/acorn-walk@6.1.0, npm/address@1.0.3, npm/ajv@5.5.2, npm/ansi-escapes@3.1.0, npm/array-equal@1.0.0, npm/array-filter@0.0.1, npm/array-map@0.0.0, npm/array-reduce@0.0.0, npm/aws4@1.7.0, npm/azure-storage@2.10.1, npm/babel-types@6.26.0, npm/bfj@6.1.1, npm/big.js@3.2.0, npm/bl@1.2.2, npm/body-parser@1.18.3, npm/browser-process-hrtime@0.1.3, npm/browserify-sign@4.0.4, npm/bytes@3.0.0, npm/camel-case@3.0.0, npm/chardet@0.4.2, npm/check-types@7.4.0, npm/chownr@1.1.1, npm/clap@1.2.3, npm/clean-css@4.2.1, npm/cli-cursor@2.1.0, npm/cli-width@2.2.0, npm/co@4.6.0, npm/coa@1.0.4, npm/codecov@3.0.2, npm/comment-json@1.1.3, npm/content-type@1.0.4, npm/cookie@0.3.1, npm/copy-props@2.0.4, npm/css-loader@1.0.1, npm/css-selector-tokenizer@0.7.1, npm/css-tree@1.0.0-alpha25, npm/cssesc@0.1.0, npm/csso@3.4.0, npm/cssom@0.3.4, npm/cssstyle@1.1.1, npm/data-urls@1.0.1, npm/decode-uri-component@0.2.0, npm/decompress@4.2.0, npm/depd@1.1.2, npm/destroy@1.0.4, npm/dom-converter@0.1.4, npm/domexception@1.0.1, npm/ejs@2.6.1, npm/elliptic@6.4.1, npm/eventsource@0.1.6, npm/express@4.16.4, npm/extend@3.0.1, npm/external-editor@2.2.0, npm/fast-deep-equal@1.1.0, npm/fastparse@1.1.2, npm/faye-websocket@0.11.1, npm/figures@2.0.0, npm/filesize@3.5.11, npm/finalhandler@1.1.1, npm/flat@4.0.0, npm/forwarded@0.1.2, npm/fsevents@1.2.4, npm/fstream@1.0.11, npm/global-modules-path@2.3.0, npm/gulp-inline-source@3.2.0, npm/gzip-size@3.0.0, npm/handlebars@4.1.0, npm/har-validator@5.0.3, npm/html-encoding-sniffer@1.0.2, npm/html-minifier@3.5.20, npm/html-webpack-plugin@3.2.0, npm/http-errors@1.6.3, npm/http-parser-js@0.4.13, npm/icss-replace-symbols@1.1.0, npm/icss-utils@2.1.0, npm/ini@1.3.5, npm/inline-source@5.2.7, npm/inquirer@3.3.0, npm/ipaddr.js@1.8.0, npm/is-root@1.0.0, npm/is-wsl@1.1.0, npm/js-yaml@3.11.0, npm/jsdom@12.2.0, npm/json-parser@1.1.5, npm/json-schema-traverse@0.3.1, npm/json-schema@0.2.3, npm/json3@3.3.2, npm/json5@0.5.1, npm/jsprim@1.4.1, npm/loader-utils@1.1.0, npm/lodash.sortby@4.7.0, npm/lodash@4.17.11, npm/lower-case@1.1.4, npm/mixin-deep@1.3.1, npm/moment@2.21.0, npm/moo@0.4.3, npm/mute-stream@0.0.7, npm/nan@2.11.1, npm/nearley@2.15.1, npm/negotiator@0.6.1, npm/no-case@2.3.2, npm/nomnom@1.6.2, npm/nwsapi@2.0.9, npm/oauth-sign@0.8.2, npm/on-finished@2.3.0, npm/onetime@2.0.1, npm/opener@1.5.1, npm/original@1.0.2, npm/param-case@2.1.1, npm/parseurl@1.3.2, npm/path-posix@1.0.0, npm/pathval@1.1.0, npm/pn@1.1.0, npm/postcss-modules-extract-imports@1.2.1, npm/postcss-modules-local-by-default@1.2.0, npm/postcss-modules-scope@1.1.0, npm/postcss-modules-values@1.3.0, npm/postcss-value-parser@3.3.1, npm/postcss@6.0.23, npm/pretty-error@2.1.1, npm/proxy-addr@2.0.4, npm/punycode@1.4.1, npm/pure-color@1.3.0, npm/q@1.5.1, npm/qs@6.5.2, npm/query-string@5.1.1, npm/querystring-es3@0.2.1, npm/querystring@0.2.0, npm/querystringify@2.0.0, npm/queue@3.1.0, npm/raf@3.4.0, npm/railroad-diagrams@1.0.0, npm/randexp@0.4.6, npm/randombytes@2.0.6, npm/randomfill@1.0.4, npm/range-parser@1.2.0, npm/raw-body@2.3.3, npm/raw-loader@0.5.1, npm/react-annotation@1.3.1, npm/react-base16-styling@0.5.3, npm/react-codemirror@1.0.0, npm/react-color@2.14.1, npm/react-dev-utils@5.0.2, npm/react-dom@16.5.2, npm/react-error-overlay@4.0.1, npm/react-hot-loader@4.3.11, npm/react-is@16.5.2, npm/react-json-tree@0.11.0, npm/react-lifecycles-compat@3.0.4, npm/react-markdown@3.6.0, npm/react-table-hoc-fixed-columns@1.0.1, npm/react-table@6.8.6, npm/react-test-renderer@16.5.2, npm/react@16.5.2, npm/reactcss@1.2.3, npm/read-pkg-up@1.0.1, npm/read-pkg@1.1.0, npm/readable-stream@2.0.6, npm/readdirp@2.1.0, npm/rechoir@0.6.2, npm/recursive-readdir@2.2.1, npm/reflect-metadata@0.1.12, npm/regenerate-unicode-properties@7.0.0, npm/regenerate@1.4.0

View full report↗︎

[socket-security]

🚨 Potential security issues detected. Learn more about Socket for GitHub ↗︎

To accept the risk, merge this PR and you will not be notified again.

Alert	Package	Note	Source	CI
Install scripts	npm/ejs@2.7.4	Install script: postinstall Source: node ./postinstall.js	package-lock.json
Install scripts	npm/fsevents@1.2.13	Install script: install Source: node install.js	package-lock.json

View full report↗︎

Next steps

What is an install script?

Install scripts are run when the package is installed. The majority of malware in npm is hidden in install scripts.

Packages should not be running non-essential scripts during install and there are often solutions to problems people solve with install scripts that can be run at publish time instead.

Take a deeper look at the dependency

Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support [AT] socket [DOT] dev.

Remove the package

If you happen to install a dependency that Socket reports as Known Malware you should immediately remove it and select a different dependency. For other alert types, you may may wish to investigate alternative packages or consider if there are other ways to mitigate the specific risk posed by the dependency.

Mark a package as acceptable risk

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of ecosystem/package-name@version specifiers. e.g. @SocketSecurity ignore npm/foo@1.0.0 or ignore all packages with @SocketSecurity ignore-all

• @SocketSecurity ignore npm/ejs@2.7.4
• @SocketSecurity ignore npm/fsevents@1.2.13

[dependabot]

Superseded by #3.