Skip to content

Bump the npm_and_yarn group across 3 directories with 10 updates #48

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
Dargon789 merged 1 commit into from
Mar 12, 2025
Merged

Bump the npm_and_yarn group across 3 directories with 10 updates #48

Dargon789 merged 1 commit into from
Mar 12, 2025

Conversation

@dependabot
Copy link

@dependabot dependabot bot commented on behalf of github Mar 11, 2025
edited by sourcery-ai bot
Loading

Bumps the npm_and_yarn group with 9 updates in the /docs directory:

Package From To
next 14.2.10 14.2.21
undici 5.28.4 5.28.5
@babel/traverse 7.24.1 7.26.9
elliptic 6.6.0 6.6.1
express 4.21.1 4.21.2
markdown-to-jsx 7.5.0 7.7.4
nanoid 3.3.1 3.3.9
store2 2.13.1 2.14.4
tough-cookie 4.1.3 4.1.4

Bumps the npm_and_yarn group with 1 update in the /packages/hardhat-truffle4 directory: web3.
Bumps the npm_and_yarn group with 1 update in the /packages/hardhat-web3-legacy directory: web3.

Updates next from 14.2.10 to 14.2.21

Commits

Updates undici from 5.28.4 to 5.28.5

Release notes

Sourced from undici's releases.

v5.28.5

⚠️ Security Release ⚠️

Fixes CVE CVE-2025-22150 GHSA-c76h-2ccp-4975 (embargoed until 22-01-2025).

Full Changelog: nodejs/undici@v5.28.4...v5.28.5

Commits

Updates @babel/traverse from 7.24.1 to 7.26.9

Release notes

Sourced from @​babel/traverse's releases.

v7.26.9 (2025-02-14)

🐛 Bug Fix

🏠 Internal

Committers: 5

v7.26.8 (2025-02-08)

🏠 Internal

  • babel-preset-env
    • #17097 Update dependency babel-plugin-polyfill-corejs3 to ^0.11.0

v7.26.7 (2025-01-24)

Thanks @​branchseer and @​tquetano-netflix for your first PRs!

🐛 Bug Fix

  • babel-helpers, babel-preset-env, babel-runtime-corejs3
  • babel-plugin-transform-typeof-symbol
  • babel-parser
  • babel-core
  • babel-plugin-transform-typescript
  • babel-plugin-transform-typescript, babel-traverse, babel-types

Committers: 6

... (truncated)

Changelog

Sourced from @​babel/traverse's changelog.

v7.26.9 (2025-02-14)

🐛 Bug Fix

🏠 Internal

v7.26.7 (2025-01-24)

🐛 Bug Fix

  • babel-helpers, babel-preset-env, babel-runtime-corejs3
  • babel-plugin-transform-typeof-symbol
  • babel-parser
  • babel-core
  • babel-plugin-transform-typescript
  • babel-plugin-transform-typescript, babel-traverse, babel-types

v7.26.6 (2025-01-13)

🐛 Bug Fix

  • babel-plugin-transform-nullish-coalescing-operator

v7.26.5 (2025-01-10)

👓 Spec Compliance

🐛 Bug Fix

  • babel-plugin-transform-block-scoped-functions
  • babel-plugin-transform-typescript
  • babel-parser
  • babel-generator, babel-parser, babel-plugin-transform-flow-strip-types, babel-types

... (truncated)

Commits

Updates elliptic from 6.6.0 to 6.6.1

Commits

Updates express from 4.21.1 to 4.21.2

Release notes

Sourced from express's releases.

4.21.2

What's Changed

Full Changelog: expressjs/express@4.21.1...4.21.2

Changelog

Sourced from express's changelog.

4.21.2 / 2024-11-06

  • deps: path-to-regexp@0.1.12
    • Fix backtracking protection
  • deps: path-to-regexp@0.1.11
    • Throws an error on invalid path values
Commits
Maintainer changes

This version was pushed to npm by jonchurch, a new releaser for express since your current version.


Updates markdown-to-jsx from 7.5.0 to 7.7.4

Release notes

Sourced from markdown-to-jsx's releases.

v7.7.4

+--------------------------+------------------------+-----------------------+
|                          │ simple markdown string │ large markdown string |
+--------------------------+------------------------+-----------------------+
| markdown-to-jsx (7.7.4)  │ 92,671 ops/sec         │ 330 ops/sec           |
+--------------------------+------------------------+-----------------------+
| markdown-to-jsx (7.7.3)  │ 91,164 ops/sec         │ 301 ops/sec           |
+--------------------------+------------------------+-----------------------+

Patch Changes

  • adc08c7: Further optimize the plain text splitting regex.
  • c8bc5f3: Remove redundant detectors when processing paragraphs.
  • d96a8d8: Replace some regexes with optimized functions to avoid polynomial time scenarios. Also fixes compatibility issues in some older browsers with the trimEnd API.
  • 7be3d77: Optimize regexes and parsing to do less work.
  • cf7693c: Rework inline code syntax handling, handle escaped characters in code blocks correctly so they render without the backslash.

v7.7.3

Patch Changes

  • 8026103: Handle paragraph splitting better, fixes #641.
  • 1ea00bb: Adjust table row parsing to better handle inline syntaxes and improve performance.

v7.7.2

Patch Changes

  • 52a727c: Use ReactNode instead of ReactChild for React 19 compatibility
  • 4fa87d8: Bump ws from 8.11.0 to 8.18.0

v7.7.1

Patch Changes

  • 9d42449: Factor out unnecessary element cloning.
  • 8920038: Remove use of explicit React.createElement.

v7.7.0

Minor Changes

  • 20777bf: Add support for GFM alert-style blockquotes.

    > [!Note]
> This is a note-flavored alert blockquote. The "Note" text is injected as a `<header>` by
> default and the blockquote can be styled via the injected class `markdown-alert-note`
> for example.

Patch Changes

... (truncated)

Changelog

Sourced from markdown-to-jsx's changelog.

7.7.4

Patch Changes

  • adc08c7: Further optimize the plain text splitting regex.
  • c8bc5f3: Remove redundant detectors when processing paragraphs.
  • d96a8d8: Replace some regexes with optimized functions to avoid polynomial time scenarios. Also fixes compatibility issues in some older browsers with the trimEnd API.
  • 7be3d77: Optimize regexes and parsing to do less work.
  • cf7693c: Rework inline code syntax handling, handle escaped characters in code blocks correctly so they render without the backslash.

7.7.3

Patch Changes

  • 8026103: Handle paragraph splitting better, fixes #641.
  • 1ea00bb: Adjust table row parsing to better handle inline syntaxes and improve performance.

7.7.2

Patch Changes

  • 52a727c: Use ReactNode instead of ReactChild for React 19 compatibility
  • 4fa87d8: Bump ws from 8.11.0 to 8.18.0

7.7.1

Patch Changes

  • 9d42449: Factor out unnecessary element cloning.
  • 8920038: Remove use of explicit React.createElement.

7.7.0

Minor Changes

  • 20777bf: Add support for GFM alert-style blockquotes.

    > [!Note]
> This is a note-flavored alert blockquote. The "Note" text is injected as a `<header>` by
> default and the blockquote can be styled via the injected class `markdown-alert-note`
> for example.

Patch Changes

  • 5d7900b: Adjust type signature for <Markdown> component to allow for easier composition.
  • 918b44b: Use newer React.JSX.* namespace instead of JSX.* for React 19 compatibility.
  • 91a5948: Arbitrary HTML no longer punches out pipes when parsing rows. If you absolutely need a pipe character that isn't a table separator, either escape it or enclose it in backticks to trigger inline code handling.
  • 23caecb: Drop encountered ref attributes when processing inline HTML, React doesn't handle it well.

... (truncated)

Commits
  • c2443a3 Version Packages
  • 9cec5ae remove old benchmark in changeset
  • d96a8d8 eliminate some polynomial time issues
  • 07875ff adjust package.json
  • b09dc2c improve compatibility
  • 90d7e87 simplify benchmarking for quick iteration against self
  • 2d9e570 replace trimend with more compatible variant
  • cf7693c refactor: improve inline code performance
  • c8bc5f3 refactor: remove redundant matchers during paragraph matching
  • adc08c7 refactor: optimize splitter
  • Additional commits viewable in compare view

Updates nanoid from 3.3.1 to 3.3.9

Release notes

Sourced from nanoid's releases.

3.3.9

  • Reduced npm package size.
Changelog

Sourced from nanoid's changelog.

3.3.9

  • Reduced npm package size.

3.3.8

  • Fixed a way to break Nano ID by passing non-integer size (by @​myndzi).

3.3.7

  • Fixed node16 TypeScript support (by Saadi Myftija).

3.3.6

  • Fixed package.

3.3.5

  • Backport funding information.

3.3.4

3.3.3

  • Reduced size (by Anton Khlynovskiy).

3.3.2

  • Fixed enhanced-resolve support.
Commits

Updates store2 from 2.13.1 to 2.14.4

Commits

Updates tough-cookie from 4.1.3 to 4.1.4

Release notes

Sourced from tough-cookie's releases.

v4.1.4

https://www.npmjs.com/package/tough-cookie/v/4.1.4

What's Changed

New Contributors

Full Changelog: salesforce/tough-cookie@v4.1.3...v4.1.4

Commits
  • cacbc37 Bump version to 4.1.4
  • a48fb3a Add tests for url validation
  • 50e69bf Merge pull request #261 from postmanlabs/fix/url-string-validation
  • 1253d58 Merge pull request #409 from corvidism/validators-to-string
  • 238367e Add local alias for toString
  • cf6debd Fix incorrect string validation for URL
  • See full diff in compare view
Maintainer changes

This version was pushed to npm by ccasey, a new releaser for tough-cookie since your current version.


Updates web3 from 0.20.0 to 1.5.3

Release notes

Sourced from web3's releases.

web3-eth@4.0.0-alpha.0

Initial alpha release

Install with yarn add web3-eth@4.0.0-alpha.0

web3-core-requestmanager@4.0.0-alpha.0

Initial alpha release

Install with yarn add web3-core-requestmanager@4.0.0-alpha.0

web3-providers-http@4.0.0-alpha.0

Initial alpha release

Install with yarn add web3-providers-http@4.0.0-alpha.0

web3-providers-base@1.0.0-alpha.1

Changed

  • Update version to 1.0.0-alpha.1 for web3-providers-base
  • Update version to 4.0.0-alpha.0 for web3-utils in web3-providers-base

web3-utils@4.0.0-alpha.0

Initial alpha release

Install with yarn add web3-utils@4.0.0-alpha.0

web3-packagetemplate@1.0.0-alpha.0

Initial alpha release

Install with yarn add web3-packagetemplate@1.0.0-alpha.0

Changelog

Sourced from web3's changelog.

[1.5.3]

Fixed

  • Unable to send legacy transaction if network supported EIP-1559 (#4277)
  • Fixed bug in sending transaction with providers not support "newBlockHeaders" event (#3891)

Changed

  • ethers from 5.1.4 to 5.4.4 (#4231)
  • karma from 5.2.3 to 6.3.4 (#4231)
  • lerna from 3.22.1 to 4.0.0 (#4231)
  • Dropped build tests in CI for Node v8 and v10, and added support for Node v14 (#4231)
  • Change default value for maxPriorityFeePerGas from 1 Gwei to 2.5 Gwei (#4284)
  • Fixed bug in signTransaction (#4295)

[1.6.0]

Changed

[1.6.1]

Added

  • Support for eth_createAccessList as both an rpc call (web3.eth.createAccessList) and property of contract method wrappers (contractInstance.methods.getValue().createAccessList) (#4332)

Changed

  • Not considering tx.chainId if tx.common.customChain.chainId is provided for web3.eth.accounts.signTransaction function (#4293)
  • Added missing PromiEvent handler types (#4194)
  • Updated README to include webpack 5 angular support instructions (#4174)
  • Updated the documentation for the Web3.utils, removed context for _ (underscore lib) (#4403)
  • Emit subscription id with connect event when creating a subscription (#4300)
  • Introduced new configuration "blockHeaderTimeout" for waiting of block headers for transaction receipt (#3891)
  • Format block.baseFeePerGas to number (#4330)
  • Correct web3-eth-personal.sendTransaction example in documentation (#4409)
  • Updated README to include webpack 5 angular support instructions (#4174)

Fixed

  • Fix 1.6.1 build size issue with removing static asset files (#4506)
  • Correct web3.rst example in documentation (#4511)
  • Correct BlockHeader typing (receiptRoot -> receiptsRoot) (#4452)

[1.7.0]

Added

... (truncated)

Commits
Maintainer changes

This version was pushed to npm by spacesailor, a new releaser for web3 since your current version.


Updates web3 from 0.20.0 to 1.5.3

Release notes

Sourced from web3's releases.

web3-eth@4.0.0-alpha.0

Initial alpha release

Install with yarn add web3-eth@4.0.0-alpha.0

web3-core-requestmanager@4.0.0-alpha.0

Initial alpha release

Install with yarn add web3-core-requestmanager@4.0.0-alpha.0

web3-providers-http@4.0.0-alpha.0

Initial alpha release

Install with yarn add web3-providers-http@4.0.0-alpha.0

web3-providers-base@1.0.0-alpha.1

Changed

  • Update version to 1.0.0-alpha.1 for web3-providers-base
  • Update version to 4.0.0-alpha.0 for web3-utils in web3-providers-base

web3-utils@4.0.0-alpha.0

Initial alpha release

Install with yarn add web3-utils@4.0.0-alpha.0

web3-packagetemplate@1.0.0-alpha.0

Initial alpha release

Install with yarn add web3-packagetemplate@1.0.0-alpha.0

Changelog

Sourced from web3's changelog.

[1.5.3]

Fixed

  • Unable to send legacy transaction if network supported EIP-1559 (#4277)
  • Fixed bug in sending transaction with providers not support "newBlockHeaders" event (#3891)

Changed

  • ethers from 5.1.4 to 5.4.4 (#4231)
  • karma from 5.2.3 to 6.3.4 (#4231)
  • lerna from 3.22.1 to 4.0.0 (#4231)
  • Dropped build tests in CI for Node v8 and v10, and added support for Node v14 (#4231)
  • Change default value for maxPriorityFeePerGas from 1 Gwei to 2.5 Gwei (#4284)
  • Fixed bug in signTransaction (#4295)

[1.6.0]

Changed

[1.6.1]

Added

  • Support for eth_createAccessList as both an rpc call (web3.eth.createAccessList) and property of contract method wrappers (contractInstance.methods.getValue().createAccessList) (#4332)

Changed

  • Not considering tx.chainId if tx.common.customChain.chainId is provided for web3.eth.accounts.signTransaction function (#4293)
  • Added missing PromiEvent handler types (#4194)
  • Updated README to include webpack 5 angular support instructions (#4174)
  • Updated the documentation for the Web3.utils, removed context for _ (underscore lib) (#4403)
  • Emit subscription id with connect event when creating a subscription (#4300)
  • Introduced new configuration "blockHeaderTimeout" for waiting of block headers for transaction receipt (#3891)
  • Format block.baseFeePerGas to number (#4330)
  • Correct web3-eth-personal.sendTransaction example in documentation (#4409)
  • Updated README to include webpack 5 angular support instructions (#4174)

Fixed

  • Fix 1.6.1 build size issue with removing static asset files (#4506)
  • Correct web3.rst example in documentation (#4511)
  • Correct BlockHeader typing (receiptRoot -> receiptsRoot) (#4452)

[1.7.0]

Added

... (truncated)

Commits
Maintainer changes

This version was pushed to npm by spacesailor, a new releaser for web3 since your current version.


Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
    You can disable automated security fix PRs for this repo from the Security Alerts page.

Summary by Sourcery

Enhancements:

  • Update multiple dependencies, including next, undici, @babel/traverse, elliptic, express, markdown-to-jsx, nanoid, store2, tough-cookie, and web3.

@dependabot
Bump the npm_and_yarn group across 3 directories with 10 updates
908d507 
Bumps the npm_and_yarn group with 9 updates in the /docs directory:

| Package | From | To |
| --- | --- | --- |
| [next](https://github.com/vercel/next.js) | `14.2.10` | `14.2.21` |
| [undici](https://github.com/nodejs/undici) | `5.28.4` | `5.28.5` |
| [@babel/traverse](https://github.com/babel/babel/tree/HEAD/packages/babel-traverse) | `7.24.1` | `7.26.9` |
| [elliptic](https://github.com/indutny/elliptic) | `6.6.0` | `6.6.1` |
| [express](https://github.com/expressjs/express) | `4.21.1` | `4.21.2` |
| [markdown-to-jsx](https://github.com/quantizor/markdown-to-jsx) | `7.5.0` | `7.7.4` |
| [nanoid](https://github.com/ai/nanoid) | `3.3.1` | `3.3.9` |
| [store2](https://github.com/nbubna/store) | `2.13.1` | `2.14.4` |
| [tough-cookie](https://github.com/salesforce/tough-cookie) | `4.1.3` | `4.1.4` |

Bumps the npm_and_yarn group with 1 update in the /packages/hardhat-truffle4 directory: [web3](https://github.com/ChainSafe/web3.js).
Bumps the npm_and_yarn group with 1 update in the /packages/hardhat-web3-legacy directory: [web3](https://github.com/ChainSafe/web3.js).


Updates `next` from 14.2.10 to 14.2.21
- [Release notes](https://github.com/vercel/next.js/releases)
- [Changelog](https://github.com/vercel/next.js/blob/canary/release.js)
- [Commits](vercel/next.js@v14.2.10...v14.2.21)

Updates `undici` from 5.28.4 to 5.28.5
- [Release notes](https://github.com/nodejs/undici/releases)
- [Commits](nodejs/undici@v5.28.4...v5.28.5)

Updates `@babel/traverse` from 7.24.1 to 7.26.9
- [Release notes](https://github.com/babel/babel/releases)
- [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md)
- [Commits](https://github.com/babel/babel/commits/v7.26.9/packages/babel-traverse)

Updates `elliptic` from 6.6.0 to 6.6.1
- [Commits](indutny/elliptic@v6.6.0...v6.6.1)

Updates `express` from 4.21.1 to 4.21.2
- [Release notes](https://github.com/expressjs/express/releases)
- [Changelog](https://github.com/expressjs/express/blob/4.21.2/History.md)
- [Commits](expressjs/express@4.21.1...4.21.2)

Updates `markdown-to-jsx` from 7.5.0 to 7.7.4
- [Release notes](https://github.com/quantizor/markdown-to-jsx/releases)
- [Changelog](https://github.com/quantizor/markdown-to-jsx/blob/main/CHANGELOG.md)
- [Commits](quantizor/markdown-to-jsx@v7.5.0...v7.7.4)

Updates `nanoid` from 3.3.1 to 3.3.9
- [Release notes](https://github.com/ai/nanoid/releases)
- [Changelog](https://github.com/ai/nanoid/blob/main/CHANGELOG.md)
- [Commits](ai/nanoid@3.3.1...3.3.9)

Updates `store2` from 2.13.1 to 2.14.4
- [Commits](nbubna/store@2.13.1...2.14.4)

Updates `tough-cookie` from 4.1.3 to 4.1.4
- [Release notes](https://github.com/salesforce/tough-cookie/releases)
- [Changelog](https://github.com/salesforce/tough-cookie/blob/master/CHANGELOG.md)
- [Commits](salesforce/tough-cookie@v4.1.3...v4.1.4)

Updates `web3` from 0.20.0 to 1.5.3
- [Release notes](https://github.com/ChainSafe/web3.js/releases)
- [Changelog](https://github.com/web3/web3.js/blob/4.x/CHANGELOG.md)
- [Commits](https://github.com/ChainSafe/web3.js/commits/v1.5.3)

Updates `web3` from 0.20.0 to 1.5.3
- [Release notes](https://github.com/ChainSafe/web3.js/releases)
- [Changelog](https://github.com/web3/web3.js/blob/4.x/CHANGELOG.md)
- [Commits](https://github.com/ChainSafe/web3.js/commits/v1.5.3)

---
updated-dependencies:
- dependency-name: next
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: undici
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: "@babel/traverse"
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: elliptic
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: express
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: markdown-to-jsx
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: nanoid
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: store2
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: tough-cookie
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: web3
  dependency-type: direct:development
  dependency-group: npm_and_yarn
- dependency-name: web3
  dependency-type: direct:development
  dependency-group: npm_and_yarn
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Mar 11, 2025
@sourcery-ai
Copy link

sourcery-ai bot commented Mar 11, 2025
edited
Loading

Reviewer's Guide by Sourcery

This pull request bumps the npm_and_yarn group across 3 directories. It updates next, undici, @babel/traverse, elliptic, express, markdown-to-jsx, nanoid, store2, and tough-cookie in the /docs directory. It also updates web3 in the /packages/hardhat-truffle4 and /packages/hardhat-web3-legacy directories. The changes are implemented by modifying the package.json and pnpm-lock.yaml files in the respective directories.

No diagrams generated as the changes look simple and do not need a visual representation.

File-Level Changes

Change Details Files
Updated multiple dependencies in the /docs directory.
  • Updated next from 14.2.10 to 14.2.21.
  • Updated undici from 5.28.4 to 5.28.5.
  • Updated @babel/traverse from 7.24.1 to 7.26.9.
  • Updated elliptic from 6.6.0 to 6.6.1.
  • Updated express from 4.21.1 to 4.21.2.
  • Updated markdown-to-jsx from 7.5.0 to 7.7.4.
  • Updated nanoid from 3.3.1 to 3.3.9.
  • Updated store2 from 2.13.1 to 2.14.4.
  • Updated tough-cookie from 4.1.3 to 4.1.4.
 docs/pnpm-lock.yaml
docs/package.json
docs/yarn.lock
Updated web3 in the /packages/hardhat-truffle4 directory.
  • Updated web3 from 0.20.0 to 1.5.3.
 packages/hardhat-truffle4/package.json
Updated web3 in the /packages/hardhat-web3-legacy directory.
  • Updated web3 from 0.20.0 to 1.5.3.
 packages/hardhat-web3-legacy/package.json
Tips and commands

Interacting with Sourcery

  • Trigger a new review: Comment @sourcery-ai review on the pull request.
  • Continue discussions: Reply directly to Sourcery's review comments.
  • Generate a GitHub issue from a review comment: Ask Sourcery to create an
    issue from a review comment by replying to it. You can also reply to a
    review comment with @sourcery-ai issue to create an issue from it.
  • Generate a pull request title: Write @sourcery-ai anywhere in the pull
    request title to generate a title at any time. You can also comment
    @sourcery-ai title on the pull request to (re-)generate the title at any time.
  • Generate a pull request summary: Write @sourcery-ai summary anywhere in
    the pull request body to generate a PR summary at any time exactly where you
    want it. You can also comment @sourcery-ai summary on the pull request to
    (re-)generate the summary at any time.
  • Generate reviewer's guide: Comment @sourcery-ai guide on the pull
    request to (re-)generate the reviewer's guide at any time.
  • Resolve all Sourcery comments: Comment @sourcery-ai resolve on the
    pull request to resolve all Sourcery comments. Useful if you've already
    addressed all the comments and don't want to see them anymore.
  • Dismiss all Sourcery reviews: Comment @sourcery-ai dismiss on the pull
    request to dismiss all existing Sourcery reviews. Especially useful if you
    want to start fresh with a new review - don't forget to comment
    @sourcery-ai review to trigger a new review!
  • Generate a plan of action for an issue: Comment @sourcery-ai plan on
    an issue to generate a plan of action for it.

Customizing Your Experience

Access your dashboard to:

  • Enable or disable review features such as the Sourcery-generated pull request
    summary, the reviewer's guide, and others.
  • Change the review language.
  • Add, remove or edit custom review instructions.
  • Adjust other review settings.

Getting Help

sourcery-ai[bot]
sourcery-ai bot reviewed Mar 11, 2025
View reviewed changes
Copy link

@sourcery-ai sourcery-ai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We have skipped reviewing this pull request. It seems to have been created by a bot (hey, dependabot[bot]!). We assume it knows what it's doing!

@socket-security
Copy link

socket-security bot commented Mar 11, 2025

🚨 Potential security issues detected. Learn more about Socket for GitHub ↗︎

To accept the risk, merge this PR and you will not be notified again.

Alert Package NoteSourceCI
Unpopular package npm/async-function@1.0.0 ⚠︎
Unstable ownership npm/async-function@1.0.0 ⚠︎
License Policy Violation npm/caniuse-lite@1.0.30001703
  • License: CC-BY-4.0 (npm metadata)
  • License: CC-BY-4.0 (package/LICENSE)
  • License: CC-BY-4.0 (package/package.json)
 ⚠︎

View full report↗︎

Next steps

What are unpopular packages?

This package is not very popular.

Unpopular packages may have less maintenance and contain other problems.

What is unstable ownership?

A new collaborator has begun publishing package versions. Package stability and security risk may be elevated.

Try to reduce the number of authors you depend on to reduce the risk to malicious actors gaining access to your supply chain. Packages should remove inactive collaborators with publishing rights from packages on npm.

What is a license policy violation?

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Find a package that does not violate your license policy or adjust your policy to allow this package's license.

Take a deeper look at the dependency

Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support [AT] socket [DOT] dev.

Remove the package

If you happen to install a dependency that Socket reports as Known Malware you should immediately remove it and select a different dependency. For other alert types, you may may wish to investigate alternative packages or consider if there are other ways to mitigate the specific risk posed by the dependency.

Mark a package as acceptable risk

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of ecosystem/package-name@version specifiers. e.g. @SocketSecurity ignore npm/foo@1.0.0 or ignore all packages with @SocketSecurity ignore-all

  • @SocketSecurity ignore npm/async-function@1.0.0
  • @SocketSecurity ignore npm/caniuse-lite@1.0.30001703

@Dargon789 Dargon789 merged commit 312f4bd into patch-2 Mar 12, 2025
6 of 22 checks passed
@Dargon789 Dargon789 deleted the dependabot/npm_and_yarn/docs/npm_and_yarn-02dc57f0e7 branch March 12, 2025 22:03
@github-actions github-actions bot locked as resolved and limited conversation to collaborators Jun 11, 2025
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

@sourcery-ai sourcery-ai[bot] sourcery-ai[bot] left review comments

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code status:triaging

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@Dargon789