[Snyk] Upgrade @sentry/react from 7.16.0 to 8.29.0

[q1blue]

Snyk has created this PR to upgrade @sentry/react from 7.16.0 to 8.29.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

⚠️ Warning: This PR contains major version upgrade(s), and may be a breaking change.

• The recommended version is 204 versions ahead of your current version.

• The recommended version was released on 22 days ago.

Release notes

Package name: @sentry/react

• 8.29.0 - 2024-09-09
  

  Important Changes

  • Beta releases of official Solid and SolidStart Sentry SDKs

  This release marks the beta releases of the @ sentry/solid and @ sentry/solidstart Sentry SDKs. For details on how to
  use them, check out the
  Sentry Solid SDK README and the
  Sentry SolidStart SDK README
  respectively. Please reach out on GitHub if you have
  any feedback or concerns.

  • feat(node): Option to only wrap instrumented modules (#13139)

  Adds the SDK option to only wrap ES modules with import-in-the-middle that specifically need to be instrumented.

  import * as Sentry from '@ sentry/node';

  Sentry.init({
  dsn: 'PUBLIC_DSN',
  registerEsmLoaderHooks: { onlyIncludeInstrumentedModules: true },
  });

  • feat(node): Update OpenTelemetry packages to instrumentation v0.53.0 (#13587)

  All internal OpenTelemetry instrumentation was updated to their latest version. This adds support for Mongoose v7 and v8
  and fixes various bugs related to ESM mode.

  Other Changes

  • feat(nextjs): Emit warning when using turbopack (#13566)
  • feat(nextjs): Future-proof Next.js config options overriding (#13586)
  • feat(node): Add generic-pool integration (#13465)
  • feat(nuxt): Upload sourcemaps generated by Nitro (#13382)
  • feat(solidstart): Add browserTracingIntegration by default (#13561)
  • feat(solidstart): Add sentrySolidStartVite plugin to simplify source maps upload (#13493)
  • feat(vue): Only start UI spans if parent is available (#13568)
  • fix(cloudflare): Guard context.waitUntil call in request handler (#13549)
  • fix(gatsby): Fix assets path for sourcemaps upload (#13592)
  • fix(nextjs): Use posix paths for sourcemap uploads (#13603)
  • fix(node-fetch): Use stringified origin url (#13581)
  • fix(node): Replace dashes in generic-pool span origins with underscores (#13579)
  • fix(replay): Fix types in WebVitalData (#13573)
  • fix(replay): Improve replay web vital types (#13602)
  • fix(utils): Keep logger on carrier (#13570)

  Work in this release was contributed by @ Zen-cronic. Thank you for your contribution!

• 8.28.0 - 2024-09-03
  

  Important Changes

  • Beta release of official NestJS SDK

  This release contains the beta version of @ sentry/nestjs! For details on how to use it, check out the
  README. Any feedback/bug reports
  are greatly appreciated, please reach out on GitHub.

  • fix(browser): Remove faulty LCP, FCP and FP normalization logic (#13502)

  This release fixes a bug in the @ sentry/browser package and all SDKs depending on this package (e.g. @ sentry/react
  or @ sentry/nextjs) that caused the SDK to send incorrect web vital values for the LCP, FCP and FP vitals. The SDK
  previously incorrectly processed the original values as they were reported from the browser. When updating your SDK to
  this version, you might experience an increase in LCP, FCP and FP values, which potentially leads to a decrease in your
  performance score in the Web Vitals Insights module in Sentry. This is because the previously reported values were
  smaller than the actually measured values. We apologize for the inconvenience!

  Other Changes

  • feat(nestjs): Add SentryGlobalGraphQLFilter (#13545)
  • feat(nestjs): Automatic instrumentation of nestjs interceptors after route execution (#13264)
  • feat(nextjs): Add bundleSizeOptimizations to build options (#13323)
  • feat(nextjs): Stabilize captureRequestError (#13550)
  • feat(nuxt): Wrap config in nuxt context (#13457)
  • feat(profiling): Expose profiler as top level primitive (#13512)
  • feat(replay): Add layout shift to CLS replay data (#13386)
  • feat(replay): Upgrade rrweb packages to 2.26.0 (#13483)
  • fix(cdn): Do not mangle _metadata (#13426)
  • fix(cdn): Fix SDK source for CDN bundles (#13475)
  • fix(nestjs): Check arguments before instrumenting with @ Injectable (#13544)
  • fix(nestjs): Ensure exception and host are correctly passed on when using @ WithSentry (#13564)
  • fix(node): Suppress tracing for transport request execution rather than transport creation (#13491)
  • fix(replay): Consider more things as DOM mutations for dead clicks (#13518)
  • fix(vue): Correctly obtain component name (#13484)

  Work in this release was contributed by @ leopoldkristjansson, @ mhuggins and @ filips123. Thank you for your
  contributions!

• 8.27.0 - 2024-08-27
  

  Important Changes

  • fix(nestjs): Exception filters in main app module are not being executed (#13278)

    With this release nestjs error monitoring is no longer automatically set up after adding the SentryModule to your
    application, which led to issues in certain scenarios. You will now have to either add the SentryGlobalFilter to
    your main module providers or decorate the catch() method in your existing global exception filters with the newly
    released @ WithSentry() decorator. See the docs for
    more details.

  Other Changes

  • feat: Add options for passing nonces to feedback integration (#13347)
  • feat: Add support for SENTRY_SPOTLIGHT env var in Node (#13325)
  • feat(deps): bump @ prisma/instrumentation from 5.17.0 to 5.18.0 (#13327)
  • feat(feedback): Improve error message for 403 errors (#13441)
  • fix(deno): Don't rely on Deno.permissions.querySync (#13378)
  • fix(replay): Ensure we publish replay CDN bundles (#13437)

  Work in this release was contributed by @ charpeni. Thank you for your contribution!

• 8.26.0 - 2024-08-14
  

  Important Changes

  • feat(node): Add fsInstrumentation (#13291)

    This release adds fsIntegration, an integration that instruments the fs API to the Sentry Node SDK. The
    integration creates spans with naming patterns of fs.readFile, fs.unlink, and so on.

    This integration is not enabled by default and needs to be registered in your Sentry.init call. You can configure
    via options whether to include path arguments or error messages as span attributes when an fs call fails:

    Sentry.init({
      integrations: [
        Sentry.fsIntegration({
          recordFilePaths: true,
          recordErrorMessagesAsSpanAttributes: true,
        }),
      ],
    });

    WARNING: This integration may add significant overhead to your application. Especially in scenarios with a lot of
    file I/O, like for example when running a framework dev server, including this integration can massively slow down
    your application.

  Other Changes

  • feat(browser): Add spotlightBrowser integration (#13263)

  • feat(browser): Allow sentry in safari extension background page (#13209)

  • feat(browser): Send CLS as standalone span (experimental) (#13056)

  • feat(core): Add OpenTelemetry-specific getTraceData implementation (#13281)

  • feat(nextjs): Always add browserTracingIntegration (#13324)

  • feat(nextjs): Always transmit trace data to the client (#13337)

  • feat(nextjs): export SentryBuildOptions (#13296)

  • feat(nextjs): Update experimental_captureRequestError to reflect RequestInfo.path change in Next.js canary
    (#13344)

  • feat(nuxt): Always add tracing meta tags (#13273)

  • feat(nuxt): Set transaction name for server error (#13292)

  • feat(replay): Add a replay-specific logger (#13256)

  • feat(sveltekit): Add bundle size optimizations to plugin options (#13318)

  • feat(sveltekit): Always add browserTracingIntegration (#13322)

  • feat(tracing): Make long animation frames opt-out (#13255)

  • fix(astro): Correctly extract request data (#13315)

  • fix(astro): Only track access request headers in dynamic page requests (#13306)

  • fix(nuxt): Add import line for disabled autoImport (#13342)

  • fix(nuxt): Add vue to excludeEsmLoaderHooks array (#13346)

  • fix(opentelemetry): Do not overwrite http span name if kind is internal (#13282)

  • fix(remix): Ensure origin is correctly set for remix server spans (#13305)

  Work in this release was contributed by @ MonstraG, @ undead-voron and @ Zen-cronic. Thank you for your contributions!

• 8.25.0 - 2024-08-09
  

  Important Changes

  • Alpha release of Official Solid Start SDK

  This release contains the alpha version of @ sentry/solidstart, our SDK for Solid Start!
  For details on how to use it, please see the README. Any feedback/bug reports are
  greatly appreciated, please reach out on GitHub.

  Other Changes

  • feat(astro): Add bundleSizeOptimizations vite options to integration (#13250)
  • feat(astro): Always add BrowserTracing (#13244)
  • feat(core): Add getTraceMetaTags function (#13201)
  • feat(nestjs): Automatic instrumentation of nestjs exception filters (#13230)
  • feat(node): Add useOperationNameForRootSpan tographqlIntegration (#13248)
  • feat(sveltekit): Add wrapServerRouteWithSentry wrapper (#13247)
  • fix(aws-serverless): Extract sentry trace data from handler context over event (#13266)
  • fix(browser): Initialize default integration if defaultIntegrations: undefined (#13261)
  • fix(utils): Streamline IP capturing on incoming requests (#13272)
• 8.24.0 - 2024-08-06
• 8.23.0 - 2024-08-05
• 8.22.0 - 2024-08-01
• 8.21.0 - 2024-07-31
• 8.20.0 - 2024-07-24
• 8.19.0 - 2024-07-19
• 8.18.0 - 2024-07-16
• 8.17.0 - 2024-07-10
• 8.16.0 - 2024-07-09
• 8.15.0 - 2024-07-05
• 8.14.0 - 2024-07-04
• 8.13.0 - 2024-06-27
• 8.12.0 - 2024-06-25
• 8.12.0-beta.0 - 2024-06-24
• 8.11.0 - 2024-06-21
• 8.10.0 - 2024-06-19
• 8.9.2 - 2024-06-12
• 8.9.1 - 2024-06-11
• 8.9.0 - 2024-06-11
• 8.8.0 - 2024-06-07
• 8.7.0 - 2024-05-29
• 8.6.0 - 2024-05-29
• 8.5.0 - 2024-05-27
• 8.4.0 - 2024-05-23
• 8.3.0 - 2024-05-22
• 8.2.1 - 2024-05-16
• 8.2.0 - 2024-05-16
• 8.1.0 - 2024-05-16
• 8.0.0 - 2024-05-13
• 8.0.0-rc.3 - 2024-05-10
• 8.0.0-rc.2 - 2024-05-08
• 8.0.0-rc.1 - 2024-05-07
• 8.0.0-rc.0 - 2024-05-06
• 8.0.0-beta.6 - 2024-05-03
• 8.0.0-beta.5 - 2024-04-30
• 8.0.0-beta.4 - 2024-04-24
• 8.0.0-beta.3 - 2024-04-19
• 8.0.0-beta.2 - 2024-04-17
• 8.0.0-beta.1 - 2024-04-15
• 8.0.0-alpha.9 - 2024-04-08
• 8.0.0-alpha.8 - 2024-04-08
• 8.0.0-alpha.7 - 2024-03-27
• 8.0.0-alpha.5 - 2024-03-22
• 8.0.0-alpha.4 - 2024-03-14
• 8.0.0-alpha.3 - 2024-03-14
• 8.0.0-alpha.2 - 2024-03-05
• 7.119.0 - 2024-08-14
  
  • backport(tracing): Report dropped spans for transactions (#13343)

  Bundle size 📦

  Path	Size
  @ sentry/browser (incl. Tracing, Replay, Feedback) - Webpack (gzipped)	80.96 KB
  @ sentry/browser (incl. Tracing, Replay) - Webpack (gzipped)	71.89 KB
  @ sentry/browser (incl. Tracing, Replay with Canvas) - Webpack (gzipped)	76.14 KB
  @ sentry/browser (incl. Tracing, Replay) - Webpack with treeshaking flags (gzipped)	65.52 KB
  @ sentry/browser (incl. Tracing) - Webpack (gzipped)	35.77 KB
  @ sentry/browser (incl. browserTracingIntegration) - Webpack (gzipped)	35.66 KB
  @ sentry/browser (incl. Feedback) - Webpack (gzipped)	31.71 KB
  @ sentry/browser (incl. sendFeedback) - Webpack (gzipped)	31.72 KB
  @ sentry/browser - Webpack (gzipped)	22.91 KB
  @ sentry/browser (incl. Tracing, Replay, Feedback) - ES6 CDN Bundle (gzipped)	79.17 KB
  @ sentry/browser (incl. Tracing, Replay) - ES6 CDN Bundle (gzipped)	70.49 KB
  @ sentry/browser (incl. Tracing) - ES6 CDN Bundle (gzipped)	36.17 KB
  @ sentry/browser - ES6 CDN Bundle (gzipped)	25.41 KB
  @ sentry/browser (incl. Tracing, Replay) - ES6 CDN Bundle (minified & uncompressed)	221.92 KB
  @ sentry/browser (incl. Tracing) - ES6 CDN Bundle (minified & uncompressed)	109.52 KB
  @ sentry/browser - ES6 CDN Bundle (minified & uncompressed)	76.24 KB
  @ sentry/browser (incl. Tracing) - ES5 CDN Bundle (gzipped)	39.45 KB
  @ sentry/react (incl. Tracing, Replay) - Webpack (gzipped)	72.4 KB
  @ sentry/react - Webpack (gzipped)	22.94 KB
  @ sentry/nextjs Client (incl. Tracing, Replay) - Webpack (gzipped)	90.16 KB
  @ sentry/nextjs Client - Webpack (gzipped)	54.27 KB
  @ sentry-internal/feedback - Webpack (gzipped)	17.34 KB

• 7.118.0 - 2024-06-21
• 7.117.0 - 2024-06-10
• 7.116.0 - 2024-05-17
• 7.115.0 - 2024-05-16
• 7.114.0 - 2024-05-08
• 7.113.0 - 2024-05-02
• 7.112.2 - 2024-04-24
• 7.112.1 - 2024-04-23
• 7.112.0 - 2024-04-23
• 7.111.0 - 2024-04-18
• 7.110.1 - 2024-04-15
• 7.110.0 - 2024-04-11
• 7.109.0 - 2024-03-28
• 7.108.0 - 2024-03-22
• 7.107.0 - 2024-03-14
• 7.106.1 - 2024-03-11
• 7.106.0 - 2024-03-08
• 7.105.0 - 2024-03-04
• 7.104.0 - 2024-02-29
• 7.103.0 - 2024-02-27
• 7.102.1 - 2024-02-22
• 7.102.0 - 2024-02-20
• 7.101.1 - 2024-02-15
• 7.101.0 - 2024-02-13
• 7.100.1 - 2024-02-07
• 7.100.0 - 2024-02-06
• 7.99.0 - 2024-01-30
• 7.98.0 - 2024-01-25
• 7.97.0 - 2024-01-25
• 7.95.0 - 2024-01-23
• 7.94.1 - 2024-01-19
• 7.93.0 - 2024-01-10
• 7.92.0 - 2024-01-04
• 7.91.0 - 2023-12-22
• 7.90.0 - 2023-12-20
• 7.89.0 - 2023-12-19
• 7.88.0 - 2023-12-14
• 7.87.0 - 2023-12-13
• 7.86.0 - 2023-12-07
• 7.85.0 - 2023-12-04
• 7.84.0 - 2023-11-30
• 7.83.0 - 2023-11-28
• 7.82.0 - 2023-11-27
• 7.81.1 - 2023-11-21
• 7.81.0 - 2023-11-20
• 7.80.2-alpha.1 - 2023-11-15
• 7.80.2-alpha.0 - 2023-11-14
• 7.80.1 - 2023-11-14
• 7.80.0 - 2023-11-09
• 7.79.0 - 2023-11-08
• 7.78.0 - 2023-11-08
• 7.77.0 - 2023-10-31
• 7.76.0 - 2023-10-27
• 7.75.1 - 2023-10-25
• 7.75.0 - 2023-10-24
• 7.74.2-alpha.1 - 2023-10-23
• 7.74.2-alpha.0 - 2023-10-19
• 7.74.1 - 2023-10-17
• 7.74.0 - 2023-10-13
• 7.73.0 - 2023-10-02
• 7.72.0 - 2023-09-26
• 7.71.0 - 2023-09-25
• 7.70.0 - 2023-09-20
• 7.70.0-beta.1 - 2023-09-15
• 7.70.0-beta.0 - 2023-09-14
• 7.69.0 - 2023-09-13
• 7.68.0 - 2023-09-06
• 7.67.0 - 2023-09-05
• 7.67.0-beta.0 - 2023-08-31
• 7.66.0 - 2023-08-30
• 7.66.0-alpha.0 - 2023-08-29
• 7.65.0 - 2023-08-28
• 7.65.0-alpha.0 - 2023-08-16
• 7.64.0 - 2023-08-14
• 7.64.0-alpha.0 - 2023-08-11
• 7.63.0 - 2023-08-10
• 7.62.0 - 2023-08-09
• 7.61.1 - 2023-08-04
• 7.61.0 - 2023-07-31
• 7.60.1 - 2023-07-26
• 7.60.0 - 2023-07-21
• 7.59.3 - 2023-07-19
• 7.59.2 - 2023-07-18
• 7.59.1 - 2023-07-18
• 7.59.0-beta.1 - 2023-07-17
• 7.59.0-beta.0 - 2023-07-13
• 7.58.1 - 2023-07-13
• 7.58.0 - 2023-07-12
• 7.57.0 - 2023-06-28
• 7.57.0-beta.0 - 2023-06-21
• 7.56.0 - 2023-06-19
• 7.55.2 - 2023-06-14
• 7.55.1 - 2023-06-14
• 7.55.0 - 2023-06-13
• 7.54.0 - 2023-06-01
• 7.53.1 - 2023-05-24
• 7.53.0 - 2023-05-23
• 7.52.1 - 2023-05-15
• 7.52.0 - 2023-05-15
• 7.51.2 - 2023-05-08
• 7.51.1 - 2023-05-08
• 7.51.0 - 2023-05-04
• 7.50.0 - 2023-04-27
• 7.49.0 - 2023-04-20
• 7.48.0 - 2023-04-14
• 7.47.0 - 2023-04-05
• 7.46.0 - 2023-03-30
• 7.45.0 - 2023-03-24
• 7.44.2 - 2023-03-21
• 7.44.1 - 2023-03-20
• 7.44.0 - 2023-03-20
• 7.43.0 - 2023-03-13
• 7.42.0 - 2023-03-09
• 7.41.0 - 2023-03-06
• 7.40.0 - 2023-03-01
• 7.39.0 - 2023-02-27
• 7.38.0 - 2023-02-17
• 7.37.2 - 2023-02-13
• 7.37.1 - 2023-02-10
• 7.37.0 - 2023-02-09
• 7.36.0 - 2023-02-02
• 7.35.0 - 2023-02-01
• 7.34.0 - 2023-01-26
• 7.34.0-beta.0 - 2023-01-25
• 7.33.0 - 2023-01-24
• 7.32.1 - 2023-01-23
• 7.32.0 - 2023-01-23
• 7.31.1 - 2023-01-17
• 7.31.0 - 2023-01-16
• 7.30.0 - 2023-01-10
• 7.29.0 - 2023-01-04
• 7.28.1 - 2022-12-22
• 7.28.0 - 2022-12-20
• 7.27.0 - 2022-12-16
• 7.26.0 - 2022-12-13
• 7.25.0 - 2022-12-12
• 7.24.2 - 2022-12-07
• 7.24.1 - 2022-12-07
• 7.24.0 - 2022-12-07
• 7.23.0 - 2022-12-01
• 7.22.0 - 2022-11-29
• 7.21.1 - 2022-11-23
• 7.21.0 - 2022-11-22
• 7.20.1 - 2022-11-21
• 7.20.0 - 2022-11-17
• 7.19.0 - 2022-11-10
• 7.18.0 - 2022-11-08
• 7.17.4 - 2022-11-03
• 7.17.3 - 2022-10-31
• 7.17.2 - 2022-10-28
• 7.17.1 - 2022-10-27
• 7.17.0 - 2022-10-27
• 7.16.0 - 2022-10-19

from @sentry/react GitHub release notes

---

Important

• Warning: This PR contains a major version upgrade, and may be a breaking change.
• Check the changes in this PR to ensure they won't cause issues with your project.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

• 🧐 View latest project report
• 📜 Customise PR templates
• 🛠 Adjust upgrade PR settings
• 🔕 Ignore this dependency or unsubscribe from future upgrade PRs

[changeset-bot]

⚠️ No Changeset found

Latest commit: 08358aa

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

[socket-security]

New and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package	New capabilities	Transitives	Size	Publisher
npm/@djagger/echartsx@0.0.22	None	+1	59.7 kB	djagger
npm/@docusaurus/core@2.1.0	Transitive: environment, eval, filesystem, network, shell, unsafe	+324	32.8 MB	slorber
npm/@docusaurus/module-type-aliases@2.1.0	Transitive: filesystem, shell	+16	2.23 MB	slorber
npm/@docusaurus/plugin-client-redirects@2.1.0	filesystem Transitive: environment, eval, shell, unsafe	+215	20.9 MB	slorber
npm/@docusaurus/plugin-google-gtag@2.1.0	environment Transitive: eval, filesystem, shell, unsafe	+213	20.5 MB	slorber
npm/@docusaurus/preset-classic@2.1.0	environment Transitive: eval, filesystem, network, shell, unsafe	+270	25.6 MB	slorber
npm/@docusaurus/theme-search-algolia@2.1.0	filesystem Transitive: environment, eval, network, shell, unsafe	+287	27.2 MB	slorber
npm/@emotion/react@11.10.4	environment Transitive: filesystem, unsafe	+68	13.7 MB	emotion-release-bot
npm/@emotion/server@11.10.0	environment	+8	197 kB	emotion-release-bot
npm/@emotion/styled@11.10.4	environment Transitive: filesystem, unsafe	+65	13.2 MB	emotion-release-bot
npm/@geo-maps/countries-land-10km@0.6.0	None	0	1.06 MB	simonepri
npm/@makotot/ghostui@2.0.0	environment	0	151 kB	makotot
npm/@mdx-js/react@1.6.22	None	0	15.5 kB	johno
npm/@mui/icons-material@5.10.9	None	+5	20 MB	hbjorbj
npm/@mui/lab@5.0.0-alpha.104	environment	+20	9.92 MB	michaldudak
npm/@mui/material@5.10.10	environment	+22	18.1 MB	michaldudak
npm/@mui/x-data-grid@5.17.8	environment	+16	9.71 MB	alexandrefauquette
npm/@primer/octicons-react@16.3.1	None	0	1.22 MB	primer-css
npm/@sentry/react@8.29.0	Transitive: network	+9	10.4 MB	sentry-bot
npm/@sentry/tracing@7.16.0	None	+4	2.83 MB	sentry-bot
npm/@stackql/docusaurus-plugin-hubspot@1.0.1	environment	0	3.73 kB	jeffreyaven
npm/@tidb-community/tracking-script@0.1.0	None	+1	148 kB	hustkiwi
npm/@tsconfig/docusaurus@1.0.6	None	0	2.69 kB	typescript-deploys
npm/@types/d3-hierarchy@3.1.0	None	0	39.7 kB	types
npm/@types/grecaptcha@3.0.4	None	0	8.75 kB	types
npm/@types/is-hotkey@0.1.7	None	0	6.23 kB	types
npm/@types/luxon@2.4.0	None	0	113 kB	types
npm/@types/react-copy-to-clipboard@5.0.4	None	+4	1.38 MB	types
npm/@types/webpack-env@1.18.0	None	0	17.1 kB	types
npm/@typescript-eslint/eslint-plugin@5.42.0	Transitive: environment, filesystem	+28	5.13 MB	jameshenry
npm/ace-builds@1.12.3	None	0	49.1 MB	nightwing
npm/ahooks@3.7.2	None	+6	2.95 MB	taoweng
npm/animate.css@4.1.1	None	0	279 kB	eltonmesquita
npm/axios@0.26.1	environment, network	+1	427 kB	jasonsaayman
npm/babel-plugin-direct-import@1.0.0	filesystem	0	27.2 kB	umidbekk
npm/chart.js@3.9.1	None	0	21.1 MB	chartjs-ci
npm/chartjs-plugin-datalabels@2.1.0	None	0	92.4 kB	chartjs-ci
npm/clsx@1.2.1	None	0	5.67 kB	lukeed
npm/country-code-emoji@2.3.0	None	0	11.3 kB	thekelvinliu
npm/d3-hierarchy@3.1.2	None	0	136 kB	mbostock
npm/date-fns@2.29.3	None	0	6.87 MB	leshakoss
npm/deepmerge@4.2.2	None	0	30.1 kB	tehshrike
npm/echarts-for-react@3.0.2	None	+1	87.6 kB	atool
npm/echarts-gl@2.0.9	Transitive: eval	+1	17.9 MB	lang
npm/echarts@5.4.0	environment, eval, network	+1	41.6 MB	100pah
npm/eslint-config-standard-with-typescript@23.0.0	Transitive: environment, filesystem	+20	1.77 MB	mightyiam
npm/eslint-plugin-import@2.26.0	filesystem, unsafe Transitive: environment, eval	+33	3.21 MB	ljharb
npm/eslint-plugin-n@15.4.0	filesystem	+10	1.35 MB	weiran.zsd
npm/eslint-plugin-promise@6.1.1	None	0	67.1 kB	eslint-community-bot
npm/eslint-plugin-react@7.31.10	filesystem Transitive: environment, eval	+30	3.09 MB	ljharb
npm/eslint@8.26.0	filesystem Transitive: environment, eval, shell, unsafe	+52	8.84 MB	eslintbot
npm/human-format@1.0.0	None	0	14.4 kB	julien-f
npm/is-hotkey@0.2.0	None	0	20 kB	ianstormtaylor
npm/luxon@2.5.0	None	0	3.87 MB	icambron

🚮 Removed packages: npm/@fastify/auth@5.0.1, npm/@fastify/autoload@6.0.1, npm/@fastify/cookie@10.0.1, npm/@fastify/cors@10.0.1, npm/@fastify/env@5.0.1, npm/@fastify/jwt@9.0.1, npm/@fastify/mysql@5.0.1, npm/@fastify/oauth2@8.0.1, npm/@fastify/redis@7.0.1, npm/@fastify/sensible@6.0.1, npm/@fastify/swagger@9.1.0, npm/@fastify/type-provider-json-schema-to-ts@4.0.0, npm/@fastify/websocket@11.0.1, npm/@goparrot/geocoder@4.5.0, npm/@koa/cors@5.0.0, npm/@mgcrea/fastify-request-logger@1.7.1, npm/@octokit/core@6.1.2, npm/@octokit/plugin-throttling@9.3.1, npm/@octokit/rest@21.0.2, npm/@types/async@3.2.24, npm/@types/chance@1.1.6, npm/@types/generic-pool@3.8.1, npm/@types/glob@8.1.0, npm/@types/jest@29.5.13, npm/@types/koa-router@7.4.8, npm/@types/koa-static@4.0.4, npm/@types/koa@2.15.0, npm/@types/koa__cors@5.0.0, npm/@types/luxon@3.4.2, npm/@types/mysql@2.15.26, npm/@types/node-schedule@2.1.7, npm/@types/node@22.7.4, npm/@types/tail@2.2.3, npm/@types/tiny-async-pool@2.0.3, npm/@types/validator@13.12.2, npm/@types/ws@8.5.12, npm/ajv-cli@5.0.0, npm/ajv-formats@3.0.1, npm/async@3.2.6, npm/axios@1.7.7, npm/braces@3.0.3, npm/bullmq@5.14.0, npm/chalk@5.3.0, npm/chance@1.1.12, npm/commander@1.1.1, npm/commander@12.1.0, npm/concurrently@9.0.1, npm/consola@3.2.3, npm/cron-parser@4.9.0, npm/dotenv@16.4.5, npm/emoji-regex@10.4.0, npm/eventemitter3@5.0.1, npm/execa@8.0.1, npm/fill-range@7.1.1, npm/generic-pool@3.9.0, npm/get-stream@8.0.1, npm/husky@9.1.6, npm/is-fullwidth-code-point@5.0.0, npm/is-stream@3.0.0, npm/jest@29.7.0, npm/json-schema-to-typescript@15.0.2, npm/koa-body@6.0.1, npm/koa-router@13.0.1, npm/koa-static@5.0.0, npm/koa@2.15.3, npm/lint-staged@15.2.10, npm/lru-cache@11.0.1, npm/luxon@3.5.0, npm/merge-stream@2.0.0, npm/micromatch@4.0.8, npm/ms@2.1.3, npm/mysql2@3.11.3, npm/mysql@2.18.1, npm/node-schedule@2.1.1, npm/node-sql-parser@5.3.2, npm/npm-run-path@5.3.0, npm/octokit@4.0.2, npm/openapi3-ts@4.4.0, npm/p-queue@8.0.1, npm/path-key@3.1.1, npm/picomatch@2.3.1, npm/pinyin@3.1.0, npm/prom-client@15.1.3, npm/reflect-metadata@0.2.2, npm/shebang-command@2.0.0, npm/shebang-regex@3.0.0, npm/socket.io@4.8.0, npm/string-width@7.2.0, npm/table@6.8.2, npm/tail@2.2.6, npm/tiny-async-pool@2.1.0, npm/to-regex-range@5.0.1, npm/ts-node@10.9.2, npm/typescript@5.6.2, npm/which@2.0.2, npm/wrap-ansi@9.0.0, npm/yaml@1.10.2, npm/yaml@2.5.1

View full report↗︎

[socket-security]

🚨 Potential security issues detected. Learn more about Socket for GitHub ↗︎

To accept the risk, merge this PR and you will not be notified again.

Alert	Package	Note	Source	CI
Critical CVE	npm/@babel/traverse@7.19.6	CVE: GHSA-67hx-6x53-jw92 Babel vulnerable to arbitrary code execution when compiling specifically crafted malicious code (CRITICAL) Affected versions: < 7.23.2 Patched version: 7.23.2	web/package-lock.json web/package.json	⚠︎

View full report↗︎

Next steps

What is a critical CVE?

Contains a Critical Common Vulnerability and Exposure (CVE).

Remove or replace dependencies that include known critical CVEs. Consumers can use dependency overrides or npm audit fix --force to remove vulnerable dependencies.

Take a deeper look at the dependency

Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support [AT] socket [DOT] dev.

Remove the package

If you happen to install a dependency that Socket reports as Known Malware you should immediately remove it and select a different dependency. For other alert types, you may may wish to investigate alternative packages or consider if there are other ways to mitigate the specific risk posed by the dependency.

Mark a package as acceptable risk

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of ecosystem/package-name@version specifiers. e.g. @SocketSecurity ignore npm/foo@1.0.0 or ignore all packages with @SocketSecurity ignore-all

• @SocketSecurity ignore npm/@babel/traverse@7.19.6