Bump the npm_and_yarn group across 2 directories with 18 updates

[dependabot]

Bumps the npm_and_yarn group with 1 update in the / directory: axios.
Bumps the npm_and_yarn group with 17 updates in the /website directory:

Package	From	To
semver	5.7.1	5.7.2
@babel/traverse	7.17.3	7.24.1
follow-redirects	1.14.9	1.15.6
http-cache-semantics	4.1.0	4.1.1
ip	1.1.5	1.1.9
json5	1.0.1	1.0.2
@sideway/formula	3.0.0	3.0.1
async	2.6.3	2.6.4
express	4.17.3	4.19.2
loader-utils	1.4.0	1.4.2
minimist	1.2.5	1.2.8
node-forge	1.2.1	1.3.1
postcss	8.4.7	8.4.38
terser	5.12.0	5.30.3
ua-parser-js	0.7.31	0.7.37
webpack-dev-middleware	5.3.1	5.3.4
webpack	5.70.0	5.91.0

Updates axios from 0.21.4 to 0.28.0

Release notes

Sourced from axios's releases.

Release v0.28.0

Release notes:

Bug Fixes

• fix(security): fixed CVE-2023-45857 by backporting withXSRFToken option to v0.x (#6091)

Backports from v1.x:

• Allow null indexes on formSerializer and paramsSerializer v0.x (#4961)
• Fixing content-type header repeated #4745
• Fixed timeout error message for HTTP 4738
• Added axios.formToJSON method (#4735)
• URL params serializer (#4734)
• Fixed toFormData Blob issue on node>v17 #4728
• Adding types for progress event callbacks #4675
• Fixed max body length defaults #4731
• Added data URL support for node.js (#4725)
• Added isCancel type assert (#4293)
• Added the ability for the url-encoded-form serializer to respect the formSerializer config (#4721)
• Add string[] to AxiosRequestHeaders type (#4322)
• Allow type definition for axios instance methods (#4224)
• Fixed AxiosError stack capturing; (#4718)
• Fixed AxiosError status code type; (#4717)
• Adding Canceler parameters config and request (#4711)
• fix(types): allow to specify partial default headers for instance creation (#4185)
• Added blob to the list of protocols supported by the browser (#4678)
• Fixing Z_BUF_ERROR when no content (#4701)
• Fixed race condition on immediate requests cancellation (#4261)
• Added a clear() function to the request and response interceptors object so a user can ensure that all interceptors have been removed from an Axios instance axios/axios#4248
• Added generic AxiosAbortSignal TS interface to avoid importing AbortController polyfill (#4229)
• Fix TS definition for AxiosRequestTransformer (#4201)
• Use type alias instead of interface for AxiosPromise (#4505)
• Include request and config when creating a CanceledError instance (#4659)
• Added generic TS types for the exposed toFormData helper (#4668)
• Optimized the code that checks cancellation (#4587)
• Replaced webpack with rollup (#4596)
• Added stack trace to AxiosError (#4624)
• Updated AxiosError.config to be optional in the type definition (#4665)
• Removed incorrect argument for NetworkError constructor (#4656)

v0.27.2

Fixes and Functionality:

• Fixed FormData posting in browser environment by reverting #3785 (#4640)
• Enhanced protocol parsing implementation (#4639)
• Fixed bundle size

v0.27.1

Fixes and Functionality:

• Removed import of url module in browser build due to huge size overhead and builds being broken (#4594)
• Bumped follow-redirects to ^1.14.9 (#4615)

... (truncated)

Changelog

Sourced from axios's changelog.

0.28.0 (2024-02-12)

Release notes:

Bug Fixes

• fix(security): fixed CVE-2023-45857 by backporting withXSRFToken option to v0.x (#6091)

Backports from v1.x:

• Allow null indexes on formSerializer and paramsSerializer v0.x (#4961)
• Fixing content-type header repeated #4745
• Fixed timeout error message for HTTP 4738
• Added axios.formToJSON method (#4735)
• URL params serializer (#4734)
• Fixed toFormData Blob issue on node>v17 #4728
• Adding types for progress event callbacks #4675
• Fixed max body length defaults #4731
• Added data URL support for node.js (#4725)
• Added isCancel type assert (#4293)
• Added the ability for the url-encoded-form serializer to respect the formSerializer config (#4721)
• Add string[] to AxiosRequestHeaders type (#4322)
• Allow type definition for axios instance methods (#4224)
• Fixed AxiosError stack capturing; (#4718)
• Fixed AxiosError status code type; (#4717)
• Adding Canceler parameters config and request (#4711)
• fix(types): allow to specify partial default headers for instance creation (#4185)
• Added blob to the list of protocols supported by the browser (#4678)
• Fixing Z_BUF_ERROR when no content (#4701)
• Fixed race condition on immediate requests cancellation (#4261)
• Added a clear() function to the request and response interceptors object so a user can ensure that all interceptors have been removed from an Axios instance axios/axios#4248
• Added generic AxiosAbortSignal TS interface to avoid importing AbortController polyfill (#4229)
• Fix TS definition for AxiosRequestTransformer (#4201)
• Use type alias instead of interface for AxiosPromise (#4505)
• Include request and config when creating a CanceledError instance (#4659)
• Added generic TS types for the exposed toFormData helper (#4668)
• Optimized the code that checks cancellation (#4587)
• Replaced webpack with rollup (#4596)
• Added stack trace to AxiosError (#4624)
• Updated AxiosError.config to be optional in the type definition (#4665)
• Removed incorrect argument for NetworkError constructor (#4656)

0.27.2 (April 27, 2022)

Fixes and Functionality:

• Fixed FormData posting in browser environment by reverting #3785 (#4640)
• Enhanced protocol parsing implementation (#4639)
• Fixed bundle size

0.27.1 (April 26, 2022)

... (truncated)

Commits

• 3b7635a [Release] v0.28.0 (#6211)
• 27c0076 feat(backport): added ability for paramsSerializer to handle function; (#6227)
• 80c3d74 chore(ci): backported publish action; (#6224)
• 2755df5 fix(security): fixed CVE-2023-45857 by backporting withXSRFToken option to ...
• 880b42e docs: Fix a typo in README
• c4bf0a4 Allow null indexes on formSerializer and paramsSerializer v0.x (#4961)
• 1e2679f fix: [Types] Type of header in AxiosRequestConfig / for Axios.create is incor...
• 80b546c fix: loosing request header (#4858) (#4871)
• 6acb5ef feat: brower platform add data protocol. (#4814)
• bbb2264 fix(typing): axios response headers can be undefined (#4813)
• Additional commits viewable in compare view

Updates follow-redirects from 1.15.1 to 1.15.6

Commits

• 35a517c Release version 1.15.6 of the npm package.
• c4f847f Drop Proxy-Authorization across hosts.
• 8526b4a Use GitHub for disclosure.
• b1677ce Release version 1.15.5 of the npm package.
• d8914f7 Preserve fragment in responseUrl.
• 6585820 Release version 1.15.4 of the npm package.
• 7a6567e Disallow bracketed hostnames.
• 05629af Prefer native URL instead of deprecated url.parse.
• 1cba8e8 Prefer native URL instead of legacy url.resolve.
• 72bc2a4 Simplify _processResponse error handling.
• Additional commits viewable in compare view

Updates semver from 5.7.1 to 5.7.2

Release notes

Sourced from semver's releases.

v5.7.2

5.7.2 (2023-07-10)

Bug Fixes

• 2f8fd41 #585 better handling of whitespace (#585) (@​joaomoreno, @​lukekarrys)

Changelog

Sourced from semver's changelog.

5.7.2 (2023-07-10)

Bug Fixes

• 2f8fd41 #585 better handling of whitespace (#585) (@​joaomoreno, @​lukekarrys)

5.7

• Add minVersion method

5.6

• Move boolean loose param to an options object, with backwards-compatibility protection.
• Add ability to opt out of special prerelease version handling with the includePrerelease option flag.

5.5

• Add version coercion capabilities

5.4

• Add intersection checking

5.3

• Add minSatisfying method

5.2

• Add prerelease(v) that returns prerelease components

5.1

• Add Backus-Naur for ranges
• Remove excessively cute inspection methods

5.0

• Remove AMD/Browserified build artifacts
• Fix ltr and gtr when using the * range
• Fix for range * with a prerelease identifier

Commits

• f8cc313 chore: release 5.7.2
• 2f8fd41 fix: better handling of whitespace (#585)
• deb5ad5 chore: @​npmcli/template-oss@​4.16.0
• See full diff in compare view

Maintainer changes

This version was pushed to npm by lukekarrys, a new releaser for semver since your current version.

Updates @babel/traverse from 7.17.3 to 7.24.1

Release notes

Sourced from @​babel/traverse's releases.

v7.24.1 (2024-03-19)

🐛 Bug Fix

• babel-helper-create-class-features-plugin, babel-plugin-proposal-decorators
  • #16350 Fix decorated class computed keys ordering (@​JLHwung)
  • #16344 Fix decorated class static field private access (@​JLHwung)
• babel-plugin-proposal-decorators, babel-plugin-proposal-json-modules, babel-plugin-transform-async-generator-functions, babel-plugin-transform-regenerator, babel-plugin-transform-runtime, babel-preset-env
  • #16329 Respect moduleName for @babel/runtime/regenerator imports (@​nicolo-ribaudo)
• babel-helper-create-class-features-plugin, babel-plugin-proposal-decorators, babel-plugin-proposal-pipeline-operator, babel-plugin-transform-class-properties
  • #16331 Fix decorator memoiser binding kind (@​JLHwung)
• babel-helper-create-class-features-plugin, babel-helper-replace-supers, babel-plugin-proposal-decorators, babel-plugin-transform-class-properties
  • #16325 Fix decorator evaluation private environment (@​JLHwung)

📝 Documentation

• #16319 Update SECURITY.md (@​nicolo-ribaudo)

🏠 Internal

• babel-code-frame, babel-highlight
  • #16359 Replace chalk with picocolors (@​nicolo-ribaudo)
• babel-helper-fixtures, babel-helpers, babel-plugin-bugfix-safari-id-destructuring-collision-in-function-expression, babel-plugin-proposal-pipeline-operator, babel-plugin-transform-unicode-sets-regex, babel-preset-env, babel-preset-flow
  • #16352 Run Babel transform tests on old node if possible (@​JLHwung)
• babel-helper-module-imports, babel-plugin-proposal-import-wasm-source, babel-plugin-proposal-json-modules, babel-plugin-proposal-record-and-tuple, babel-plugin-transform-react-jsx-development, babel-plugin-transform-react-jsx
  • #16349 Support merging imports in import injector (@​nicolo-ribaudo)
• Other
  • #16332 Test Babel 7 plugins compatibility with Babel 8 core (@​nicolo-ribaudo)

🔬 Output optimization

• babel-helper-replace-supers, babel-plugin-transform-class-properties, babel-plugin-transform-classes, babel-plugin-transform-parameters, babel-plugin-transform-runtime
  • #16345 Optimize the use of assertThisInitialized after super() (@​liuxingbaoyu)
• babel-plugin-transform-class-properties, babel-plugin-transform-classes
  • #16343 Use simpler assertThisInitialized more often (@​liuxingbaoyu)
• babel-plugin-proposal-decorators, babel-plugin-transform-class-properties, babel-plugin-transform-object-rest-spread, babel-traverse
  • #16342 Consider well-known and registered symbols as literals (@​nicolo-ribaudo)
• babel-core, babel-plugin-external-helpers, babel-plugin-proposal-decorators, babel-plugin-proposal-function-bind, babel-plugin-transform-class-properties, babel-plugin-transform-classes, babel-plugin-transform-flow-comments, babel-plugin-transform-flow-strip-types, babel-plugin-transform-function-name, babel-plugin-transform-modules-systemjs, babel-plugin-transform-parameters, babel-plugin-transform-private-property-in-object, babel-plugin-transform-react-jsx, babel-plugin-transform-runtime, babel-plugin-transform-spread, babel-plugin-transform-typescript, babel-preset-env
  • #16326 Reduce the use of class names (@​liuxingbaoyu)

Committers: 4

• Babel Bot (@​babel-bot)
• Huáng Jùnliàng (@​JLHwung)
• Nicolò Ribaudo (@​nicolo-ribaudo)
• @​liuxingbaoyu

v7.24.0 (2024-02-28)

Thanks @​ajihyf for your first PR!

Release post with summary and highlights: https://babeljs.io/7.24.0

🚀 New Feature

• babel-standalone

... (truncated)

Changelog

Sourced from @​babel/traverse's changelog.

v7.24.1 (2024-03-19)

🐛 Bug Fix

• babel-helper-create-class-features-plugin, babel-plugin-proposal-decorators
  • #16350 Fix decorated class computed keys ordering (@​JLHwung)
  • #16344 Fix decorated class static field private access (@​JLHwung)
• babel-plugin-proposal-decorators, babel-plugin-proposal-json-modules, babel-plugin-transform-async-generator-functions, babel-plugin-transform-regenerator, babel-plugin-transform-runtime, babel-preset-env
  • #16329 Respect moduleName for @babel/runtime/regenerator imports (@​nicolo-ribaudo)
• babel-helper-create-class-features-plugin, babel-plugin-proposal-decorators, babel-plugin-proposal-pipeline-operator, babel-plugin-transform-class-properties
  • #16331 Fix decorator memoiser binding kind (@​JLHwung)
• babel-helper-create-class-features-plugin, babel-helper-replace-supers, babel-plugin-proposal-decorators, babel-plugin-transform-class-properties
  • #16325 Fix decorator evaluation private environment (@​JLHwung)

📝 Documentation

• #16319 Update SECURITY.md (@​nicolo-ribaudo)

🏠 Internal

• babel-code-frame, babel-highlight
  • #16359 Replace chalk with picocolors (@​nicolo-ribaudo)
• babel-helper-fixtures, babel-helpers, babel-plugin-bugfix-safari-id-destructuring-collision-in-function-expression, babel-plugin-proposal-pipeline-operator, babel-plugin-transform-unicode-sets-regex, babel-preset-env, babel-preset-flow
  • #16352 Run Babel transform tests on old node if possible (@​JLHwung)
• babel-helpers, babel-plugin-transform-async-generator-functions, babel-plugin-transform-class-properties, babel-plugin-transform-class-static-block, babel-plugin-transform-modules-commonjs, babel-plugin-transform-modules-systemjs, babel-plugin-transform-regenerator, babel-plugin-transform-runtime, babel-preset-env, babel-runtime-corejs3, babel-runtime, babel-standalone
  • #16323 Allow separate helpers to be excluded in Babel 8 (@​liuxingbaoyu)
• babel-helper-module-imports, babel-plugin-proposal-import-wasm-source, babel-plugin-proposal-json-modules, babel-plugin-proposal-record-and-tuple, babel-plugin-transform-react-jsx-development, babel-plugin-transform-react-jsx
  • #16349 Support merging imports in import injector (@​nicolo-ribaudo)
• babel-helper-create-class-features-plugin, babel-plugin-bugfix-safari-id-destructuring-collision-in-function-expression, babel-plugin-bugfix-v8-spread-parameters-in-optional-chaining, babel-plugin-bugfix-v8-static-class-fields-redefine-readonly, babel-plugin-external-helpers, babel-plugin-proposal-async-do-expressions, babel-plugin-proposal-decorators, babel-plugin-proposal-destructuring-private, babel-plugin-proposal-do-expressions, babel-plugin-proposal-duplicate-named-capturing-groups-regex, babel-plugin-proposal-explicit-resource-management, babel-plugin-proposal-export-default-from, babel-plugin-proposal-function-bind, babel-plugin-proposal-function-sent, babel-plugin-proposal-import-attributes-to-assertions, babel-plugin-proposal-import-defer, babel-plugin-proposal-import-wasm-source, babel-plugin-proposal-json-modules, babel-plugin-proposal-optional-chaining-assign, babel-plugin-proposal-partial-application, babel-plugin-proposal-pipeline-operator, babel-plugin-proposal-record-and-tuple, babel-plugin-proposal-regexp-modifiers, babel-plugin-proposal-throw-expressions, babel-plugin-syntax-async-do-expressions, babel-plugin-syntax-decimal, babel-plugin-syntax-decorators, babel-plugin-syntax-destructuring-private, babel-plugin-syntax-do-expressions, babel-plugin-syntax-explicit-resource-management, babel-plugin-syntax-export-default-from, babel-plugin-syntax-flow, babel-plugin-syntax-function-bind, babel-plugin-syntax-function-sent, babel-plugin-syntax-import-assertions, babel-plugin-syntax-import-attributes, babel-plugin-syntax-import-defer, babel-plugin-syntax-import-reflection, babel-plugin-syntax-import-source, babel-plugin-syntax-jsx, babel-plugin-syntax-module-blocks, babel-plugin-syntax-optional-chaining-assign, babel-plugin-syntax-partial-application, babel-plugin-syntax-pipeline-operator, babel-plugin-syntax-record-and-tuple, babel-plugin-syntax-throw-expressions, babel-plugin-syntax-typescript, babel-plugin-transform-arrow-functions, babel-plugin-transform-async-generator-functions, babel-plugin-transform-async-to-generator, babel-plugin-transform-block-scoped-functions, babel-plugin-transform-block-scoping, babel-plugin-transform-class-properties, babel-plugin-transform-class-static-block, babel-plugin-transform-classes, babel-plugin-transform-computed-properties, babel-plugin-transform-destructuring, babel-plugin-transform-dotall-regex, babel-plugin-transform-duplicate-keys, babel-plugin-transform-dynamic-import, babel-plugin-transform-exponentiation-operator, babel-plugin-transform-export-namespace-from, babel-plugin-transform-flow-comments, babel-plugin-transform-flow-strip-types, babel-plugin-transform-for-of, babel-plugin-transform-function-name, babel-plugin-transform-instanceof, babel-plugin-transform-jscript, babel-plugin-transform-json-strings, babel-plugin-transform-literals, babel-plugin-transform-logical-assignment-operators, babel-plugin-transform-member-expression-literals, babel-plugin-transform-modules-amd, babel-plugin-transform-modules-commonjs, babel-plugin-transform-modules-systemjs, babel-plugin-transform-modules-umd, babel-plugin-transform-new-target, babel-plugin-transform-nullish-coalescing-operator, babel-plugin-transform-numeric-separator, babel-plugin-transform-object-assign, babel-plugin-transform-object-rest-spread, babel-plugin-transform-object-set-prototype-of-to-assign, babel-plugin-transform-object-super, babel-plugin-transform-optional-catch-binding, babel-plugin-transform-optional-chaining, babel-plugin-transform-parameters, babel-plugin-transform-private-methods, babel-plugin-transform-private-property-in-object, babel-plugin-transform-property-literals, babel-plugin-transform-property-mutators, babel-plugin-transform-proto-to-assign, babel-plugin-transform-react-constant-elements, babel-plugin-transform-react-display-name, babel-plugin-transform-react-inline-elements, babel-plugin-transform-react-jsx-compat, babel-plugin-transform-react-jsx-self, babel-plugin-transform-react-jsx-source, babel-plugin-transform-react-pure-annotations, babel-plugin-transform-regenerator, babel-plugin-transform-reserved-words, babel-plugin-transform-runtime, babel-plugin-transform-shorthand-properties, babel-plugin-transform-spread, babel-plugin-transform-sticky-regex, babel-plugin-transform-strict-mode, babel-plugin-transform-template-literals, babel-plugin-transform-typeof-symbol, babel-plugin-transform-typescript, babel-plugin-transform-unicode-escapes, babel-plugin-transform-unicode-property-regex, babel-plugin-transform-unicode-regex, babel-plugin-transform-unicode-sets-regex, babel-preset-env, babel-preset-flow, babel-preset-react, babel-preset-typescript
  • #16332 Test Babel 7 plugins compatibility with Babel 8 core (@​nicolo-ribaudo)
• babel-compat-data, babel-plugin-transform-object-rest-spread, babel-preset-env
  • #16318 [babel 8] Fix @babel/compat-data package.json (@​nicolo-ribaudo)

🔬 Output optimization

• babel-helper-replace-supers, babel-plugin-transform-class-properties, babel-plugin-transform-classes, babel-plugin-transform-parameters, babel-plugin-transform-runtime
  • #16345 Optimize the use of assertThisInitialized after super() (@​liuxingbaoyu)
• babel-plugin-transform-class-properties, babel-plugin-transform-classes
  • #16343 Use simpler assertThisInitialized more often (@​liuxingbaoyu)
• babel-plugin-proposal-decorators, babel-plugin-transform-class-properties, babel-plugin-transform-object-rest-spread, babel-traverse
  • #16342 Consider well-known and registered symbols as literals (@​nicolo-ribaudo)
• babel-core, babel-plugin-external-helpers, babel-plugin-proposal-decorators, babel-plugin-proposal-function-bind, babel-plugin-transform-class-properties, babel-plugin-transform-classes, babel-plugin-transform-flow-comments, babel-plugin-transform-flow-strip-types, babel-plugin-transform-function-name, babel-plugin-transform-modules-systemjs, babel-plugin-transform-parameters, babel-plugin-transform-private-property-in-object, babel-plugin-transform-react-jsx, babel-plugin-transform-runtime, babel-plugin-transform-spread, babel-plugin-transform-typescript, babel-preset-env
  • #16326 Reduce the use of class names (@​liuxingbaoyu)

v7.24.0 (2024-02-28)

🚀 New Feature

• babel-standalone
  • #11696 Export babel tooling packages in @babel/standalone (@​ajihyf)
• babel-core, babel-helper-create-class-features-plugin, babel-helpers, babel-plugin-transform-class-properties
  • #16267 Implement noUninitializedPrivateFieldAccess assumption (@​nicolo-ribaudo)
• babel-helper-create-class-features-plugin, babel-helpers, babel-plugin-proposal-decorators, babel-plugin-proposal-pipeline-operator, babel-plugin-syntax-decorators, babel-plugin-transform-class-properties, babel-runtime-corejs2, babel-runtime-corejs3, babel-runtime
  • #16242 Support decorator 2023-11 normative updates (@​JLHwung)
• babel-preset-flow
  • #16309 [babel 7] Allow setting ignoreExtensions in Flow preset (@​nicolo-ribaudo)

... (truncated)

Commits

• 822b025 v7.24.1
• fc0d5ad Update typescript and lint tools (#16351)
• 69e7928 Consider well-known and registered symbols as literals (#16342)
• 40110e9 Update source map deps (#16327)
• ce59160 v7.24.0
• bd5abd5 fix: avoid popContext on unvisited node paths (#16305)
• 08a057c Use Object.hasOwn when available (#16248)
• a0dd614 v7.23.9
• 1200542 fix: Don't throw in getTypeAnnotation when using TS+inference (#15383)
• e428a6d v7.23.7
• Additional commits viewable in compare view

Updates follow-redirects from 1.14.9 to 1.15.6

Commits

• 35a517c Release version 1.15.6 of the npm package.
• c4f847f Drop Proxy-Authorization across hosts.
• 8526b4a Use GitHub for disclosure.
• b1677ce Release version 1.15.5 of the npm package.
• d8914f7 Preserve fragment in responseUrl.
• 6585820 Release version 1.15.4 of the npm package.
• 7a6567e Disallow bracketed hostnames.
• 05629af Prefer native URL instead of deprecated url.parse.
• 1cba8e8 Prefer native URL instead of legacy url.resolve.
• 72bc2a4 Simplify _processResponse error handling.
• Additional commits viewable in compare view

Updates http-cache-semantics from 4.1.0 to 4.1.1

Commits

• 2449650 Update mocha
• 560b2d8 Don't use regex to trim whitespace
• b1bdb92 Remove linting package zoo
• c20dc7e Cache 308
• See full diff in compare view

Updates ip from 1.1.5 to 1.1.9

Commits

• 1ecbf2f 1.1.9
• 6a3ada9 lib: fixed CVE-2023-42282 and added unit test
• 5dc3b2f 1.1.8
• 8e6f28b lib: even better node 6 support
• 088c9e5 1.1.7
• 1a4ca35 lib: add back support for Node.js 6
• af82ef4 1.1.6
• dba19f6 package: exclude test folder from publishing
• 7cd7f30 ci: use github workflows
• 4de50ae lib: node 18 support
• See full diff in compare view

Updates json5 from 1.0.1 to 1.0.2

Release notes

Sourced from json5's releases.

v1.0.2

• Fix: Properties with the name __proto__ are added to objects and arrays. (#199) This also fixes a prototype pollution vulnerability reported by Jonathan Gregson! (#295). This has been backported to v1. (#298)

Changelog

Sourced from json5's changelog.

Unreleased [code, diff]

v2.2.3 [code, diff]

• Fix: json5@2.2.3 is now the 'latest' release according to npm instead of v1.0.2. (#299)

v2.2.2 [code, diff]

• Fix: Properties with the name __proto__ are added to objects and arrays. (#199) This also fixes a prototype pollution vulnerability reported by Jonathan Gregson! (#295).

v2.2.1 [code, diff]

• Fix: Removed dependence on minimist to patch CVE-2021-44906. (#266)

v2.2.0 [code, diff]

• New: Accurate and documented TypeScript declarations are now included. There is no need to install @types/json5. (#236, #244)

v2.1.3 [code, diff]

• Fix: An out of memory bug when parsing numbers has been fixed. (#228, #229)

v2.1.2 [code, diff]

... (truncated)

Commits

• a62db1e 1.0.2
• e0c23fe docs: update CHANGELOG for v1.0.2
• 62a6540 fix: add proto to objects and arrays
• See full diff in compare view

Updates @sideway/formula from 3.0.0 to 3.0.1

Commits

• 5b44c1b 3.0.1
• 9fbc20a chore: better number regex
• 41ae98e Cleanup
• c59f35e Move to Sideway
• See full diff in compare view

Maintainer changes

This version was pushed to npm by marsup, a new releaser for @​sideway/formula since your current version.

Updates async from 2.6.3 to 2.6.4

Changelog

Sourced from async's changelog.

v2.6.4

• Fix potential prototype pollution exploit (#1828)

Commits

• c6bdaca Version 2.6.4
• 8870da9 Update built files
• 4df6754 update changelog
• 8f7f903 Fix prototype pollution vulnerability (#1828)
• See full diff in compare view

Maintainer changes

This version was pushed to npm by hargasinski, a new releaser for async since your current version.

Updates express from 4.17.3 to 4.19.2

Release notes

Sourced from express's releases.

4.19.2

What's Changed

• Improved fix for open redirect allow list bypass

Full Changelog: expressjs/express@4.19.1...4.19.2

4.19.1

What's Changed

• Fix ci after location patch by @​wesleytodd in expressjs/express#5552
• fixed un-edited version in history.md for 4.19.0 by @​wesleytodd in expressjs/express#5556

Full Changelog: expressjs/express@4.19.0...4.19.1

4.19.0

What's Changed

• fix typo in release date by @​UlisesGascon in expressjs/express#5527
• docs: nominating @​wesleytodd to be project captian by @​wesleytodd in expressjs/express#5511
• docs: loosen TC activity rules by @​wesleytodd in expressjs/express#5510
• Add note on how to update docs for new release by @​crandmck in expressjs/express#5541
• Prevent open redirect allow list bypass due to encodeurl
• Release 4.19.0 by @​wesleytodd in expressjs/express#5551

New Contributors

• @​crandmck made their first contribution in expressjs/express#5541

Full Changelog: expressjs/express@4.18.3...4.19.0

4.18.3

Main Changes

• Fix routing requests without method
• deps: body-parser@1.20.2
  • Fix strict json error message on Node.js 19+
  • deps: content-type@~1.0.5
  • deps: raw-body@2.5.2

Other Changes

• Use https: protocol instead of deprecated git: protocol by @​vcsjones in expressjs/express#5032
• build: Node.js@16.18 and Node.js@18.12 by @​abenhamdine in expressjs/express#5034
• ci: update actions/checkout to v3 by @​armujahid in expressjs/express#5027
• test: remove unused function arguments in params by @​raksbisht in expressjs/express#5124
• Remove unused originalIndex from acceptParams by @​raksbisht in expressjs/express#5119
• Fixed typos by @​raksbisht in expressjs/express#5117
• examples: remove unused params by @​raksbisht in expressjs/express#5113
• fix: parameter str is not described in JSDoc by @​raksbisht in expressjs/express#5130
• fix: typos in History.md by @​raksbisht in expressjs/express#5131
• build : add Node.js@19.7 by @​abenhamdine in expressjs/express#5028
• test: remove unused function arguments in params by @​raksbisht in expressjs/express#5137

... (truncated)

Changelog

Sourced from express's changelog.

4.19.2 / 2024-03-25

• Improved fix for open redirect allow list bypass

4.19.1 / 2024-03-20

• Allow passing non-strings to res.location with new encoding handling checks

4.19.0 / 2024-03-20

• Prevent open redirect allow list bypass due to encodeurl
• deps: cookie@0.6.0

4.18.3 / 2024-02-29

• Fix routing requests without method
• deps: body-parser@1.20.2
  • Fix strict json error message on Node.js 19+
  • deps: content-type@~1.0.5
  • deps: raw-body@2.5.2
• deps: cookie@0.6.0
  • Add partitioned option

4.18.2 / 2022-10-08

• Fix regression routing a large stack in a single route
• deps: body-parser@1.20.1
  • deps: qs@6.11.0
  • perf: remove unnecessary object clone
• deps: qs@6.11.0

4.18.1 / 2022-04-29

• Fix hanging on large stack of sync routes

4.18.0 / 2022-04-25

• Add "root" option to res.download
• Allow options without filename in res.download
• Deprecate string and non-integer arguments to res.status
• Fix behavior of null/undefined as maxAge in res.cookie
• Fix handling very large stacks of sync middleware
• Ignore Object.prototype values in settings through app.set/app.get

... (truncated)

Commits

• 04bc627 4.19.2
• da4d763 Improved fix for open redirect allow list bypass
• 4f0f6cc 4.19.1
• a003cfa Allow passing non-strings to res.location with new encoding handling checks f...
• a1fa90f fixed un-edited version in history.md for 4.19.0
• 11f2b1d build: fix build due to inconsistent supertest behavior in older versions
• 084e365 4.19.0
• 0867302 Prevent open redirect allow list bypass due to encodeurl
• 567c9c6 Add note on how to updat...

  Description has been truncated

[socket-security]

New and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package	New capabilities	Transitives	Size	Publisher
npm/@ampproject/remapping@2.3.0	None	0	78.9 kB	jridgewell
npm/@babel/code-frame@7.24.2	environment	0	24.1 kB	nicolo-ribaudo
npm/@babel/compat-data@7.24.4	None	0	65.2 kB	nicolo-ribaudo
npm/@babel/core@7.24.4	environment, filesystem, unsafe	+2	866 kB	nicolo-ribaudo
npm/@babel/generator@7.24.4	None	+1	662 kB	nicolo-ribaudo
npm/@babel/helper-compilation-targets@7.23.6	None	+2	82.5 kB	nicolo-ribaudo
npm/@babel/helper-environment-visitor@7.22.20	None	0	6.56 kB	nicolo-ribaudo
npm/@babel/helper-function-name@7.23.0	None	0	21.6 kB	nicolo-ribaudo
npm/@babel/helper-hoist-variables@7.22.5	None	0	7.03 kB	nicolo-ribaudo
npm/@babel/helper-module-imports@7.24.3	None	0	63.8 kB	nicolo-ribaudo
npm/@babel/helper-module-transforms@7.23.3	None	0	158 kB	nicolo-ribaudo
npm/@babel/helper-simple-access@7.22.5	None	0	14.1 kB	nicolo-ribaudo
npm/@babel/helper-split-export-declaration@7.22.6	None	0	10.7 kB	nicolo-ribaudo
npm/@babel/helper-validator-identifier@7.22.20	None	0	49.1 kB	nicolo-ribaudo
npm/@babel/helper-validator-option@7.23.5	None	0	11.7 kB	nicolo-ribaudo
npm/@babel/helpers@7.24.4	None	0	650 kB	nicolo-ribaudo
npm/@babel/highlight@7.24.2	environment	+6	102 kB	nicolo-ribaudo
npm/@babel/parser@7.24.4	None	0	1.88 MB	nicolo-ribaudo
npm/@babel/template@7.24.0	None	0	68.9 kB	nicolo-ribaudo
npm/@babel/traverse@7.24.1	None	0	615 kB	nicolo-ribaudo
npm/@babel/types@7.24.0	environment	+1	2.44 MB	nicolo-ribaudo
npm/@cspotcode/source-map-support@0.8.1	filesystem	0	102 kB	cspotcode
npm/@gar/promisify@1.1.3	None	0	4.2 kB	gar
npm/@istanbuljs/load-nyc-config@1.1.0	environment, filesystem	0	10.9 kB	coreyfarrell
npm/@istanbuljs/schema@0.1.3	None	0	17.2 kB	coreyfarrell
npm/@jest/types@27.5.1	None	+1	62.6 kB	simenb
npm/@jridgewell/gen-mapping@0.3.5	None	0	81.6 kB	jridgewell
npm/@jridgewell/resolve-uri@3.1.2	None	0	53.2 kB	jridgewell
npm/@jridgewell/set-array@1.2.1	None	0	17.9 kB	jridgewell
npm/@jridgewell/sourcemap-codec@1.4.15	None	0	45.9 kB	jridgewell
npm/@jridgewell/trace-mapping@0.3.9	None	0	92.3 kB	jridgewell
npm/@microsoft/api-extractor-model@7.28.13	None	0	791 kB	odspnpm
npm/@microsoft/api-extractor@7.43.0	None	+1	34 MB	odspnpm
npm/@microsoft/tsdoc-config@0.16.2	filesystem	+1	277 kB	odspnpm
npm/@microsoft/tsdoc@0.14.2	None	0	2.62 MB	odspnpm
npm/@npmcli/fs@2.1.1	filesystem	0	38.8 kB	lukekarrys
npm/@npmcli/move-file@2.0.0	filesystem	0	8.56 kB	gar
npm/@rushstack/node-core-library@4.0.2	environment, filesystem, shell, unsafe	+1	1.11 MB	odspnpm
npm/@rushstack/rig-package@0.5.2	filesystem	0	78.3 kB	odspnpm
npm/@rushstack/ts-command-line@4.19.1	environment	0	469 kB	odspnpm
npm/@swc/core-darwin-arm64@1.4.13	None	0	38.6 MB	kdy1
npm/@swc/core-darwin-x64@1.4.13	None	0	41.2 MB	kdy1
npm/@swc/core-linux-arm-gnueabihf@1.4.13	None	0	25.3 MB	kdy1
npm/@swc/core-linux-arm64-gnu@1.4.13	None	0	44.2 MB	kdy1
npm/@swc/core-linux-arm64-musl@1.4.13	None	0	56.2 MB	kdy1
npm/@swc/core-linux-x64-gnu@1.4.13	None	0	50.3 MB	kdy1
npm/@swc/core-linux-x64-musl@1.4.13	None	0	62.9 MB	kdy1
npm/@swc/core-win32-arm64-msvc@1.4.13	None	0	34.2 MB	kdy1
npm/@swc/core-win32-ia32-msvc@1.4.13	None	0	27.6 MB	kdy1
npm/@swc/core-win32-x64-msvc@1.4.13	None	0	53.5 MB	kdy1
npm/@swc/core@1.4.13	environment, filesystem, shell	+1	211 kB	kdy1
npm/@swc/types@0.1.6	None	+1	186 kB	kdy1
npm/@swc/wasm@1.4.13	eval, filesystem	0	20.6 MB	kdy1
npm/@tootallnate/once@2.0.0	None	0	16.3 kB	tootallnate
npm/@tsconfig/node10@1.0.11	None	0	2.31 kB	typescript-deploys
npm/@tsconfig/node12@1.0.11	None	0	2.5 kB	typescript-deploys
npm/@tsconfig/node14@14.1.2	None	0	2.36 kB	typescript-deploys
npm/@tsconfig/node16@16.1.3	None	0	2.36 kB	typescript-deploys
npm/@tsconfig/node18@18.2.4	None	0	2.36 kB	typescript-deploys
npm/@tsconfig/node20@20.1.4	None	0	2.36 kB	typescript-deploys
npm/@types/argparse@1.0.38	None	0	7.38 kB	types
npm/@types/diff@4.0.2	None	0	14.9 kB	types
npm/@types/glob@8.1.0	None	0	6.66 kB	types
npm/@types/istanbul-lib-coverage@2.0.6	None	0	5.45 kB	types
npm/@types/istanbul-lib-report@3.0.3	None	0	7.92 kB	types
npm/@types/istanbul-reports@3.0.4	None	0	6.68 kB	types
npm/@types/json-schema@7.0.15	None	0	31.7 kB	types
npm/@types/lodash@4.17.0	None	0	862 kB	types
npm/@types/minimatch@5.1.2	None	0	12.5 kB	types
npm/@types/node@20.12.7	None	0	2.03 MB	types
npm/@types/prop-types@15.7.12	None	0	6.71 kB	types
npm/@types/proper-lockfile@4.1.4	None	0	5.84 kB	types
npm/@types/proxyquire@1.3.31	None	0	3.25 kB	types
npm/@types/react@16.14.60	None	0	169 kB	types
npm/@types/retry@0.12.5	None	0	7.57 kB	types
npm/@types/rimraf@3.0.2	None	0	7.5 kB	types
npm/@types/scheduler@0.16.8	None	0	8.25 kB	types
npm/@types/semver@7.5.8	None	0	23.3 kB	types
npm/@types/stack-utils@2.0.3	None	0	6.43 kB	types
npm/@types/yargs-parser@21.0.3	None	0	8.65 kB	types
npm/@types/yargs@16.0.9	None	0	53 kB	types
npm/abbrev@1.1.1	None	0	4.78 kB	isaacs
npm/acorn-walk@8.3.2	None	0	52.4 kB	marijn
npm/acorn@8.11.3	None	0	531 kB	marijn
npm/agent-base@6.0.2	None	0	34.6 kB	tootallnate
npm/agentkeepalive@4.2.1	network	0	38.8 kB	fengmk2
npm/ansi-styles@6.2.1	None	0	17.5 kB	sindresorhus
npm/anymatch@3.1.3	None	0	9.65 kB	phated
npm/append-transform@2.0.0	None	0	8.33 kB	jakxz
npm/aproba@2.0.0	None	0	8.05 kB	iarna
npm/archy@1.0.0	None	0	8.42 kB	substack
npm/are-we-there-yet@3.0.1	None	0	14.3 kB	lukekarrys
npm/arg@4.1.3	None	0	12.9 kB	qix
npm/array-find-index@1.0.2	None	0	2.88 kB	sindresorhus
npm/arrgv@1.0.2	None	0	9.07 kB	astur
npm/arrify@3.0.0	None	0	3.5 kB	sindresorhus
npm/asynckit@0.4.0	None	0	27.4 kB	alexindigo
npm/ava@5.3.1	None	0	272 kB	novemberborn
npm/axios@0.28.1	network	0	883 kB	jasonsaayman
npm/binary-extensions@2.3.0	None	0	5.03 kB	sindresorhus
npm/blueimp-md5@2.19.0	None	0	28.9 kB	blueimp
npm/browserslist@4.23.0	environment, filesystem	0	62.8 kB	ai
npm/cacache@16.1.1	filesystem	+2	93.5 kB	gar
npm/caching-transform@4.0.0	filesystem	+1	22.9 kB	coreyfarrell
npm/callsites@4.1.0	None	0	6.53 kB	sindresorhus
npm/camelcase@5.3.1	None	0	7.45 kB	sindresorhus
npm/caniuse-lite@1.0.30001373	None	0	1.58 MB	caniuse-lite
npm/cbor@8.1.0	None	0	154 kB	hildjj
npm/chalk@5.3.0	None	0	43.7 kB	sindresorhus
npm/chokidar@3.6.0	environment, filesystem	0	90.2 kB	paulmillr
npm/chownr@2.0.0	filesystem	0	5.75 kB	isaacs
npm/chunkd@2.0.1	None	0	3.82 kB	thejameskyle
npm/ci-info@3.9.0	environment	0	26.1 kB	sibiraj-s
npm/ci-parallel-vars@1.0.1	None	0	4.27 kB	thejameskyle
npm/clean-yaml-object@0.1.0	None	0	5.63 kB	jamestalmage
npm/cli-truncate@3.1.0	None	0	11.4 kB	sindresorhus
npm/cliui@6.0.0	None	+1	18.9 kB	bcoe
npm/code-excerpt@4.0.0	None	0	4.21 kB	vdemedes
npm/color-support@1.1.3	None	0	9.23 kB	isaacs
npm/colors@1.2.5	environment	0	37.2 kB	dabh
npm/combined-stream@1.0.8	None	0	11.5 kB	alexindigo
npm/commander@10.0.1	environment, filesystem, shell	0	174 kB	abetomo
npm/common-path-prefix@3.0.0	None	0	4.01 kB	novemberborn
npm/concordance@5.0.4	None	0	165 kB	novemberborn
npm/console-control-strings@1.1.0	None	0	12.7 kB	iarna
npm/convert-source-map@1.9.0	filesystem	0	11.4 kB	thlorenz
npm/convert-to-spaces@2.0.1	None	0	2.96 kB	vdemedes
npm/create-require@1.1.1	filesystem, unsafe	0	6.25 kB	pi0
npm/csstype@3.1.3	None	0	1.25 MB	faddee
npm/currently-unhandled@0.4.1	None	0	5.55 kB	jamestalmage
npm/date-time@3.1.0	None	0	4.93 kB	sindresorhus
npm/debug@4.3.4	environment	+1	49.2 kB	qix
npm/decamelize@1.2.0	None	0	2.94 kB	sindresorhus
npm/default-require-extensions@3.0.1	filesystem	0	3.34 kB	sindresorhus
npm/del@7.0.0	None	0	12.8 kB	sindresorhus
npm/delayed-stream@1.0.0	None	0	8.02 kB	apechimp
npm/delegates@1.0.0	None	0	7.46 kB	tjholowaychuk
npm/depd@1.1.2	environment, eval	0	30.5 kB	dougwilson
npm/diff-sequences@27.5.1	None	0	53 kB	simenb
npm/diff@4.0.2	None	0	335 kB	kpdecker
npm/dprint@0.25.1	filesystem, shell	0	6.6 kB	dsherret
npm/electron-to-chromium@1.4.731	None	0	284 kB	kilianvalkhof
npm/emittery@1.0.3	None	0	46.6 kB	sindresorhus
npm/encoding@0.1.13	None	0	7.12 kB	andris
npm/env-paths@2.2.1	None	0	10.2 kB	sindresorhus
npm/err-code@2.0.3	None	0	12.3 kB	achingbrain
npm/es6-error@4.1.1	None	0	9.86 kB	bjy
npm/escalade@3.1.2	filesystem	0	11.6 kB	lukeed
npm/escape-string-regexp@5.0.0	None	0	3.66 kB	sindresorhus
npm/expect@27.0.2	None	0	164 kB	simenb
npm/fast-diff@1.3.0	None	0	52.3 kB	luin
npm/fast-glob@3.3.2	filesystem	0	96.7 kB	mrmlnc
npm/fastq@1.17.1	None	0	41.9 kB	matteo.collina
npm/figures@5.0.0	None	0	37.1 kB	sindresorhus
npm/fill-keys@1.0.2	None	0	3.9 kB	bendrucker
npm/follow-redirects@1.15.6	network	0	29.4 kB	rubenverborgh
npm/foreground-child@2.0.0	shell	0	9.4 kB	bcoe
npm/form-data@4.0.0	filesystem, network	0	43.4 kB	niftylettuce
npm/fromentries@1.3.2	None	0	4.95 kB	feross
npm/fs-extra@7.0.1	filesystem	0	124 kB	ryanzim
npm/fs-minipass@2.1.0	filesystem	0	14.1 kB	isaacs
npm/fsevents@2.3.3	None	0	173 kB	pipobscure
npm/function-bind@1.1.2	None	0	31.4 kB	ljharb
npm/gauge@4.0.4	None	0	43.2 kB	gar
npm/get-caller-file@2.0.5	None	0	4.72 kB	stefanpenner
npm/get-package-type@0.1.0	filesystem	0	6.01 kB	coreyfarrell
npm/glob@7.2.3	filesystem	+1	90 kB	isaacs
npm/globby@13.2.2	None	0	25.1 kB	sindresorhus
npm/graceful-fs@4.2.11	environment, filesystem	0	32.5 kB	isaacs
npm/has-unicode@2.0.1	environment	0	3.44 kB	iarna
npm/hasha@5.2.2	filesystem	0	16 kB	sindresorhus
npm/html-escaper@2.0.2	None	0	13.1 kB	webreflection
npm/http-cache-semantics@4.1.0	None	0	36.2 kB	kornel
npm/http-proxy-agent@5.0.0	network	0	17.1 kB	tootallnate
npm/https-proxy-agent@5.0.1	network	0	26 kB	tootallnate
npm/humanize-ms@1.2.1	None	0	3.66 kB	dead_horse
npm/iconv-lite@0.6.3	None	0	349 kB	ashtuchkin
npm/ignore-by-default@2.1.0	None	0	3.08 kB	novemberborn
npm/ignore@5.3.1	None	0	51.5 kB	kael
npm/import-lazy@4.0.0	None	0	4.9 kB	sindresorhus
npm/imurmurhash@0.1.4	None	0	11.9 kB	jensyt
npm/indent-string@5.0.0	None	0	4.74 kB	sindresorhus
npm/infer-owner@1.0.4	filesystem	0	4.29 kB	isaacs
npm/ip@2.0.0	None	0	13.6 kB	indutny
npm/irregular-plurals@3.5.0	None	0	6.92 kB	sindresorhus
npm/is-core-module@2.13.1	None	+1	39 kB	ljharb
npm/is-error@2.2.2	None	0	6.22 kB	mk-pmb
npm/is-lambda@1.0.1	None	0	2.94 kB	watson
npm/is-object@1.0.2	None	0	18.1 kB	ljharb
npm/is-path-cwd@3.0.0	None	0	3.16 kB	sindresorhus
npm/is-path-inside@4.0.0	None	0	4.2 kB	sindresorhus
npm/is-plain-object@5.0.0	None	0	9.16 kB	trysound
npm/is-promise@4.0.0	None	0	2.96 kB	then-bot
npm/is-stream@2.0.1	None	0	5.93 kB	sindresorhus
npm/is-typedarray@1.0.0	None	0	4.41 kB	hughsk
npm/is-unicode-supported@1.3.0	environment	0	3.88 kB	sindresorhus
npm/is-windows@1.0.2	None	0	7.96 kB	jonschlinkert
npm/istanbul-lib-coverage@3.2.2	None	0	34.4 kB	oss-bot
npm/istanbul-lib-hook@3.0.0	unsafe	0	17.9 kB	coreyfarrell
npm/istanbul-lib-instrument@4.0.3	None	0	57.9 kB	coreyfarrell
npm/istanbul-lib-processinfo@2.0.3	environment, filesystem	+1	24.5 kB	isaacs
npm/istanbul-lib-report@3.0.1	filesystem	+1	47.6 kB	oss-bot
npm/istanbul-lib-source-maps@4.0.1	filesystem	0	34.1 kB	oss-bot
npm/istanbul-reports@3.1.7	None	0	294 kB	oss-bot
npm/jest-diff@27.5.1	eval	0	85.2 kB	simenb
npm/jest-get-type@27.5.1	None	0	3.81 kB	simenb
npm/jest-matcher-utils@27.5.1	None	+1	45.6 kB	simenb
npm/jest-message-util@27.5.1	eval	+1	21.6 kB	simenb
npm/jest-regex-util@27.5.1	None	0	3.37 kB	simenb
npm/jju@1.4.0	filesystem	0	70.4 kB	rlidwka
npm/js-string-escape@1.0.1	None	0	3.81 kB	joliss
npm/json5@2.2.3	None	0	235 kB	jordanbtucker
npm/jsonc-parser@3.2.1	None	0	210 kB	vscode-bot
npm/jsonfile@4.0.0	filesystem	0	16.9 kB	ryanzim
npm/load-json-file@7.0.1	None	0	5.37 kB	sindresorhus
npm/lodash.flattendeep@4.4.0	None	0	12.1 kB	jdalton
npm/lodash.get@4.4.2	None	0	26.5 kB	jdalton
npm/lodash.isequal@4.5.0	None	0	52.7 kB	jdalton
npm/lunr@2.3.9	None	0	976 kB	olivernn
npm/make-error@1.3.6	None	0	12.4 kB	julien-f
npm/make-fetch-happen@10.2.0	environment, network	+1	193 kB	gar
npm/map-age-cleaner@0.1.3	None	0	8.41 kB	samverschueren
npm/marked@4.3.0	None	0	428 kB	tonybrix
npm/matcher@5.0.0	None	0	11.8 kB	sindresorhus
npm/md5-hex@3.0.1	None	0	4.24 kB	sindresorhus
npm/mem@9.0.2	None	0	17.9 kB	sindresorhus
npm/merge-descriptors@1.0.3	None	0	5.08 kB	sindresorhus
npm/micromatch@4.0.5	None	0	55.9 kB	jonschlinkert
npm/mime-db@1.52.0	None	0	206 kB	dougwilson
npm/mime-types@2.1.35	None	0	18.3 kB	dougwilson
npm/mimic-fn@4.0.0	None	0	8.18 kB	sindresorhus
npm/minimatch@3.0.8	None	0	34.7 kB	isaacs
npm/minipass-collect@1.0.2	None	0	4.87 kB	isaacs
npm/minipass-fetch@2.1.2	environment, network	0	46.3 kB	gar
npm/minipass-flush@1.0.5	None	0	3.77 kB	isaacs
npm/minipass-pipeline@1.2.4	None	0	7 kB	isaacs
npm/minipass-sized@1.0.3	None	0	124 kB	isaacs
npm/minipass@3.3.6	None	0	48.1 kB	isaacs
npm/minizlib@2.1.2	None	0	17.3 kB	isaacs
npm/mkdirp@1.0.4	environment, filesystem	0	19.1 kB	isaacs
npm/module-not-found-error@1.0.1	None	0	2.55 kB	bendrucker
npm/ms@2.1.3	None	0	6.72 kB	styfle
npm/negotiator@0.6.3	None	0	27.4 kB	dougwilson
npm/node-gyp@9.1.0	environment, shell	0	1.99 MB	rvagg
npm/node-preload@0.2.1	environment	0	9.22 kB	coreyfarrell
npm/node-releases@2.0.14	None	0	34 kB	chicoxyzzy
npm/nofilter@3.1.0	None	0	52 kB	hildjj
npm/nopt@5.0.0	environment	0	25.8 kB	isaacs
npm/npmlog@6.0.2	None	0	17.1 kB	lukekarrys
npm/nyc@15.1.0	environment, filesystem, unsafe	+2	341 kB	coreyfarrell
npm/outdent@0.8.0	None	0	42.9 kB	cspotcode
npm/p-defer@1.0.0	None	0	2.94 kB	sindresorhus
npm/p-event@5.0.1	None	0	23.9 kB	sindresorhus
npm/p-map@5.5.0	None	+2	30 kB	sindresorhus
npm/p-timeout@5.1.0	None	0	11.3 kB	sindresorhus
npm/package-hash@4.0.0	environment, shell	0	9.18 kB	coreyfarrell
npm/parse-ms@3.0.0	None	0	3.53 kB	sindresorhus
npm/path-equal@1.2.5	None	0	9.96 kB	unional
npm/pkg-conf@4.0.0	None	+5	52 kB	sindresorhus
npm/plur@5.1.0	None	0	5.08 kB	sindresorhus
npm/postcss@8.4.38	environment, filesystem	0	198 kB	ai
npm/pretty-format@27.5.1	eval	+1	83.7 kB	simenb
npm/pretty-ms@8.0.0	None	0	11.8 kB	sindresorhus
npm/process-on-spawn@1.0.0	shell	0	7.47 kB	coreyfarrell
npm/promise-inflight@1.0.1	None	0	3.04 kB	iarna
npm/promise-retry@2.0.1	None	0	15.6 kB	achingbrain
npm/proper-lockfile@4.1.2	None	0	29.9 kB	hugomrdias
npm/proxy-from-env@1.1.0	environment	0	29.5 kB	rob-w
npm/proxyquire@2.1.3	unsafe	0	67.2 kB	bendrucker
npm/punycode@2.3.1	None	0	33.5 kB	google-wombot
npm/react-is@17.0.2	environment	0	24.8 kB	gaearon
npm/readable-stream@3.6.2	environment	0	124 kB	matteo.collina
npm/release-zalgo@1.0.0	None	0	10.9 kB	novemberborn
npm/require-directory@2.1.1	filesystem	0	12.1 kB	troygoode
npm/require-main-filename@2.0.0	None	0	3.93 kB	bcoe
npm/resolve-cwd@3.0.0	None	0	4.98 kB	sindresorhus
npm/resolve-from@5.0.0	filesystem, unsafe	0	5.82 kB	sindresorhus
npm/resolve@1.22.8	environment, filesystem	0	145 kB	ljharb
npm/retry@0.12.0	None	0	32.2 kB	tim-kos
npm/safe-stable-stringify@2.4.3	None	0	30.1 kB	bridgear
npm/safer-buffer@2.1.2	None	0	42.3 kB	chalker
npm/semver@7.6.0	None	0	94.2 kB	npm-cli-ops
npm/serialize-error@7.0.1	None	+1	95.4 kB	sindresorhus
npm/set-blocking@2.0.0	None	0	4.22 kB	bcoe
npm/shiki@0.10.1	filesystem, network	0	8.35 MB	octref
npm/signal-exit@3.0.7	None	0	9.96 kB	isaacs
npm/slice-ansi@5.0.0	None	+1	11.6 kB	sindresorhus
npm/smart-buffer@4.2.0	None	0	138 kB	joshglazebrook
npm/socks-proxy-agent@7.0.0	network	0	22.8 kB	kikobeats
npm/socks@2.7.0	network	0	152 kB	joshglazebrook
npm/spawn-wrap@2.0.0	environment, filesystem, shell, unsafe	0	34.1 kB	coreyfarrell
npm/ssri@9.0.1	None	0	37.5 kB	nlf
npm/stack-utils@2.0.6	unsafe	+1	17.9 kB	isaacs
npm/string-argv@0.3.2	None	0	7.8 kB	cellule
npm/strip-ansi@7.1.0	None	+1	9.99 kB	sindresorhus
npm/strip-bom@4.0.0	None	0	3.91 kB	sindresorhus
npm/supertap@3.0.1	None	0	7.12 kB	vdemedes
npm/tar@6.2.1	environment, filesystem	+1	236 kB	isaacs
npm/temp-dir@3.0.0	None	0	3.15 kB	sindresorhus
npm/test-exclude@6.0.0	None	0	23.6 kB	coreyfarrell
npm/throat@6.0.2	None	0	9.14 kB	throat-bot
npm/time-zone@1.0.0	None	0	2.73 kB	sindresorhus
npm/ts-node@10.9.2	environment, filesystem, unsafe	+2	762 kB	blakeembrey
npm/type-fest@0.8.1	None	0	57.9 kB	sindresorhus
npm/typedarray-to-buffer@3.1.5	None	0	8.84 kB	feross
npm/typedoc@0.22.18	environment, filesystem, shell, unsafe	+3	68.3 MB	typedoc-bot
npm/typescript-json-schema@0.54.0	filesystem, unsafe	+2	66.8 MB	domoritz
npm/typescript@3.9.10	None	0	54.1 MB	typescript-bot
npm/typescript@5.4.4	None	0	32.4 MB	typescript-bot
npm/unique-filename@1.1.1	None	0	41.4 kB	iarna
npm/unique-slug@2.0.2	None	0	2.68 kB	zkat
npm/universalify@0.1.2	None	0	4.71 kB	ryanzim
npm/update-browserslist-db@1.0.13	filesystem, shell	0	13.9 kB	ai
npm/uuid@8.3.2	None	0	116 kB	ctavan
npm/v8-compile-cache-lib@3.0.1	environment, filesystem, unsafe	0	18.2 kB	cspotcode
npm/validator@13.11.0	None	0	751 kB	profnandaa
npm/vscode-oniguruma@1.7.0	network	0	490 kB	vscode-bot
npm/well-known-symbols@2.0.0	None	0	3.26 kB	novemberborn
npm/which-module@2.0.1	None	0	4.04 kB	nexdrew
npm/wide-align@1.1.5	None	0	4.47 kB	iarna
npm/wrap-ansi@6.2.0	None	0	9.5 kB	sindresorhus
npm/write-file-atomic@5.0.1	filesystem	+1	89.1 kB	npm-cli-ops
npm/y18n@4.0.3	filesystem	0	11 kB	oss-bot
npm/yargs-parser@18.1.3	environment	0	71.5 kB	oss-bot
npm/yargs@17.7.2	environment, filesystem	+4	487 kB	oss-bot
npm/yn@3.1.1	None	0	6.31 kB	sindresorhus
npm/yocto-queue@1.0.0	None	0	6.41 kB	sindresorhus
npm/z-schema@5.0.6	None	0	1.95 MB	zaggino

🚮 Removed packages: npm/@babel/traverse@7.17.3, npm/@types/json-schema@7.0.9, npm/@types/mdast@3.0.10, npm/@types/node@17.0.21, npm/@types/unist@2.0.6, npm/acorn@8.7.0, npm/address@1.1.2, npm/ajv@8.10.0, npm/ansi-align@3.0.1, npm/boolbase@1.0.0, npm/call-bind@1.0.2, npm/caniuse-lite@1.0.30001313, npm/ccount@1.1.0, npm/collapse-white-space@1.0.6, npm/cosmiconfig@7.0.1, npm/css-tree@1.1.3, npm/css-what@5.1.0, npm/domelementtype@2.2.0, npm/domhandler@4.3.0, npm/domutils@2.8.0, npm/extend@3.0.2, npm/fast-glob@3.2.11, npm/fbjs@3.0.4, npm/glob@7.2.0, npm/graceful-fs@4.2.9, npm/has-symbols@1.0.3, npm/icss-utils@5.1.0, npm/ignore@5.2.0, npm/ini@1.3.8, npm/is-alphabetical@1.0.4, npm/is-docker@2.2.1, npm/jest-worker@27.5.1, npm/kind-of@6.0.3, npm/loose-envify@1.4.0, npm/memfs@3.4.1, npm/mime-types@2.1.18, npm/minimist@1.2.5, npm/object-assign@4.1.1, npm/object-keys@1.1.1, npm/open@8.4.0, npm/parse5@6.0.1, npm/postcss-selector-parser@6.0.9, npm/postcss-value-parser@4.2.0, npm/postcss@8.4.7, npm/property-information@5.6.0, npm/react-is@16.13.1, npm/readable-stream@3.6.0, npm/repeat-string@1.6.1, npm/safe-buffer@5.1.2, npm/semver@7.3.5, npm/svgo@2.8.0, npm/tapable@2.2.1, npm/terser@5.12.0, npm/tiny-warning@1.0.3, npm/unist-util-generated@1.1.6, npm/unist-util-is@4.1.0, npm/unist-util-position@3.1.0, npm/vfile-location@3.2.0, npm/web-namespaces@1.1.4, npm/xtend@4.0.2, npm/yaml@1.10.2

View full report↗︎

[socket-security]

🚨 Potential security issues detected. Learn more about Socket for GitHub ↗︎

To accept the risk, merge this PR and you will not be notified again.

Alert	Package	Note	Source
Install scripts	npm/dprint@0.25.1	Install script: postinstall Source: node ./install.js	package.json
Install scripts	npm/@swc/core@1.4.13	Install script: postinstall Source: node postinstall.js	package.json

View full report↗︎

Next steps

What is an install script?

Install scripts are run when the package is installed. The majority of malware in npm is hidden in install scripts.

Packages should not be running non-essential scripts during install and there are often solutions to problems people solve with install scripts that can be run at publish time instead.

Take a deeper look at the dependency

Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support [AT] socket [DOT] dev.

Remove the package

If you happen to install a dependency that Socket reports as Known Malware you should immediately remove it and select a different dependency. For other alert types, you may may wish to investigate alternative packages or consider if there are other ways to mitigate the specific risk posed by the dependency.

Mark a package as acceptable risk

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of ecosystem/package-name@version specifiers. e.g. @SocketSecurity ignore npm/foo@1.0.0 or ignore all packages with @SocketSecurity ignore-all

• @SocketSecurity ignore npm/dprint@0.25.1
• @SocketSecurity ignore npm/@swc/core@1.4.13