Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore(deps): Bump the arcjet-apps-minor group across 1 directory with 23 updates #143

Closed
wants to merge 1 commit into from
Closed

chore(deps): Bump the arcjet-apps-minor group across 1 directory with 23 updates #143

wants to merge 1 commit into from

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Oct 16, 2024
edited
Loading

Bumps the arcjet-apps-minor group with 23 updates in the / directory:

Package From To
@astrojs/check 0.9.3 0.9.4
@astrojs/starlight 0.28.2 0.28.3
@clerk/nextjs 5.7.1 5.7.3
@fontsource-variable/figtree 5.1.0 5.1.1
@fontsource-variable/jost 5.1.0 5.1.1
@hono/node-server 1.13.1 1.13.2
@langchain/community 0.3.4 0.3.5
@nestjs/common 10.4.4 10.4.5
@nestjs/core 10.4.4 10.4.5
@sveltejs/kit 2.6.1 2.7.1
ai 3.4.7 3.4.12
astro 4.15.10 4.16.5
astro-embed 0.7.2 0.7.4
express 4.21.0 4.21.1
hono 4.6.3 4.6.5
next 14.2.14 14.2.15
openai 4.67.1 4.67.3
pino 9.4.0 9.5.0
pino-pretty 11.2.2 11.3.0
sass 1.79.4 1.79.5
starlight-links-validator 0.12.2 0.12.3
@types/bun 1.1.10 1.1.11
@types/react-dom 18.3.0 18.3.1

Updates @astrojs/check from 0.9.3 to 0.9.4

Release notes

Sourced from @​astrojs/check's releases.

@​astrojs/check@​0.9.4

Patch Changes

  • 6e62aaa: Upgrades chokidar to v4
  • 5a44072: Fixes formatting not working by default in certain circumstances
  • Updated dependencies [5a44072]
  • Updated dependencies [3a836de]
    • @​astrojs/language-server@​2.15.0
Changelog

Sourced from @​astrojs/check's changelog.

0.9.4

Patch Changes

  • 6e62aaa: Upgrades chokidar to v4
  • 5a44072: Fixes formatting not working by default in certain circumstances
  • Updated dependencies [5a44072]
  • Updated dependencies [3a836de]
    • @​astrojs/language-server@​2.15.0
Commits

Updates @astrojs/starlight from 0.28.2 to 0.28.3

Release notes

Sourced from @​astrojs/starlight's releases.

@​astrojs/starlight@​0.28.3

Patch Changes

Changelog

Sourced from @​astrojs/starlight's changelog.

0.28.3

Patch Changes

Commits

Updates @clerk/nextjs from 5.7.1 to 5.7.3

Release notes

Sourced from @​clerk/nextjs's releases.

@​clerk/nextjs@​5.7.3

Patch Changes

@​clerk/nextjs@​5.7.2

Patch Changes

  • Introduces organizationSyncOptions option to clerkMiddleware, which syncs an active organization or personal account from a URL to the Clerk session. (#3977) by @​izaaklauer

  • Updated dependencies [358be296a]:

    • @​clerk/backend@​1.13.9
Changelog

Sourced from @​clerk/nextjs's changelog.

5.7.3

Patch Changes

5.7.2

Patch Changes

  • Introduces organizationSyncOptions option to clerkMiddleware, which syncs an active organization or personal account from a URL to the Clerk session. (#3977) by @​izaaklauer

  • Updated dependencies [358be296a]:

    • @​clerk/backend@​1.13.9
Commits

Updates @fontsource-variable/figtree from 5.1.0 to 5.1.1

Commits

Updates @fontsource-variable/jost from 5.1.0 to 5.1.1

Commits

Updates @hono/node-server from 1.13.1 to 1.13.2

Release notes

Sourced from @​hono/node-server's releases.

v1.13.2

What's Changed

New Contributors

Full Changelog: honojs/node-server@v1.13.1...v1.13.2

Commits

Updates @langchain/community from 0.3.4 to 0.3.5

Release notes

Sourced from @​langchain/community's releases.

0.2.0@next

What's Changed

... (truncated)

Commits

Updates @nestjs/common from 10.4.4 to 10.4.5

Release notes

Sourced from @​nestjs/common's releases.

v10.4.5 (2024-10-16)

Dependencies

Committers: 5

Commits

Updates @nestjs/core from 10.4.4 to 10.4.5

Release notes

Sourced from @​nestjs/core's releases.

v10.4.5 (2024-10-16)

Dependencies

Committers: 5

Commits

Updates @sveltejs/kit from 2.6.1 to 2.7.1

Release notes

Sourced from @​sveltejs/kit's releases.

@​sveltejs/kit@​2.7.1

Patch Changes

  • chore: upgrade to sirv 3.0 (#12796)

  • fix: warn when form action responses are lost because SSR is off (#12063)

@​sveltejs/kit@​2.7.0

Minor Changes

  • feat: update service worker when new version is detected (#12448)

Patch Changes

  • fix: correctly handle relative paths when fetching assets on the server (#12113)

  • fix: decode non ASCII anchor hashes when scrolling into view (#12699)

  • fix: page response missing CSP and Link headers when return promise in load (#12418)

@​sveltejs/kit@​2.6.4

Patch Changes

  • fix: only preload links that have a different URL than the current page (#12773)

  • fix: revert change to replace version in generateBundle (#12779)

  • fix: catch stack trace fixing errors thrown in web containers (#12775)

  • fix: use absolute links in JSDoc comments (#12772)

@​sveltejs/kit@​2.6.3

Patch Changes

  • fix: ensure a changing version doesn't affect the hashes for chunks without any actual code changes (#12700)

  • fix: prevent crash when logging URL search params in a server load function (#12763)

  • chore: revert update dependency cookie to ^0.7.0 (#12767)

@​sveltejs/kit@​2.6.2

Patch Changes

... (truncated)

Changelog

Sourced from @​sveltejs/kit's changelog.

2.7.1

Patch Changes

  • chore: upgrade to sirv 3.0 (#12796)

  • fix: warn when form action responses are lost because SSR is off (#12063)

2.7.0

Minor Changes

  • feat: update service worker when new version is detected (#12448)

Patch Changes

  • fix: correctly handle relative paths when fetching assets on the server (#12113)

  • fix: decode non ASCII anchor hashes when scrolling into view (#12699)

  • fix: page response missing CSP and Link headers when return promise in load (#12418)

2.6.4

Patch Changes

  • fix: only preload links that have a different URL than the current page (#12773)

  • fix: revert change to replace version in generateBundle (#12779)

  • fix: catch stack trace fixing errors thrown in web containers (#12775)

  • fix: use absolute links in JSDoc comments (#12772)

2.6.3

Patch Changes

  • fix: ensure a changing version doesn't affect the hashes for chunks without any actual code changes (#12700)

  • fix: prevent crash when logging URL search params in a server load function (#12763)

... (truncated)

Commits
  • 9d55410 Version Packages (#12805)
  • dbc9c94 chore: upgrade to sirv 3.0 (#12796)
  • 96642d2 fix: add warning for form action responses lost without SSR (#12063)
  • f3b638e Version Packages (#12789)
  • df48fc6 fix: handle relative assets paths in server fetch correctly (#12113)
  • 5780deb fix: decode hash when clicking on same hash to correctly scroll on non ascii ...
  • 989949a docs: add report uri directive to CSP example (#12788)
  • 8aa95b4 feat: update service worker when new version is detected (#12448)
  • 6f9aefd fix: page response missing CSP and Link headers when return promise in load...
  • 4c1e3c0 chore: add code comment explaining empty catch block (#12780)
  • Additional commits viewable in compare view

Updates ai from 3.4.7 to 3.4.12

Release notes

Sourced from ai's releases.

ai@3.4.12

Patch Changes

  • a23da5b: feat (ai/core): forward abort signal to tools

ai@3.4.11

Patch Changes

  • caedcda: feat (ai/ui): add setData helper to useChat
  • Updated dependencies [caedcda]
    • @​ai-sdk/svelte@​0.0.52
    • @​ai-sdk/react@​0.0.63
    • @​ai-sdk/solid@​0.0.50
    • @​ai-sdk/vue@​0.0.55

ai@3.4.10

Patch Changes

  • 0b557d7: feat (ai/core): add tracer option to telemetry settings
  • 44f6bc5: feat (ai/core): expose StepResult type

ai@3.4.9

Patch Changes

  • d347538: fix (ai/core): export FilePart interface

ai@3.4.8

Patch Changes

  • Updated dependencies [b5f577e]
    • @​ai-sdk/vue@​0.0.54
Commits

Updates astro from 4.15.10 to 4.16.5

Release notes

Sourced from astro's releases.

astro@4.16.5

Patch Changes

astro@4.16.4

Patch Changes

  • #12223 79ffa5d Thanks @​ArmandPhilippot! - Fixes a false positive reported by the dev toolbar Audit app where a label was considered missing when associated with a button

    The button element can be used with a label (e.g. to create a switch) and should not be reported as an accessibility issue when used as a child of a label.

  • #12199 c351352 Thanks @​ematipico! - Fixes a regression in the computation of Astro.currentLocale

  • #12222 fb55695 Thanks @​ematipico! - Fixes an issue where the edge middleware couldn't correctly compute the client IP address when calling ctx.clientAddress()

astro@4.16.3

Patch Changes

astro@4.16.2

Patch Changes

astro@4.16.1

Patch Changes

  • #12177 a4ffbfa Thanks @​matthewp! - Ensure we target scripts for execution in the router

    Using document.scripts is unsafe because if the application has a name="scripts" this will shadow the built-in document.scripts. Fix is to use getElementsByTagName to ensure we're only grabbing real scripts.

  • #12173 2d10de5 Thanks @​ematipico! - Fixes a bug where Astro Actions couldn't redirect to the correct pathname when there was a rewrite involved.

astro@4.16.0

Minor Changes

  • #12039 710a1a1 Thanks @​ematipico! - Adds a markdown.shikiConfig.langAlias option that allows aliasing a non-supported code language to a known language. This is useful when the language of your code samples is not a built-in Shiki language, but you want your Markdown source to contain an accurate language while also displaying syntax highlighting.

    The following example configures Shiki to highlight cjs code blocks using the javascript syntax highlighter:

    import { defineConfig } from 'astro/config';
export default defineConfig({
markdown: {
shikiConfig: {

... (truncated)

Changelog

Sourced from astro's changelog.

4.16.5

Patch Changes

4.16.4

Patch Changes

  • #12223 79ffa5d Thanks @​ArmandPhilippot! - Fixes a false positive reported by the dev toolbar Audit app where a label was considered missing when associated with a button

    The button element can be used with a label (e.g. to create a switch) and should not be reported as an accessibility issue when used as a child of a label.

  • #12199 c351352 Thanks @​ematipico! - Fixes a regression in the computation of Astro.currentLocale

  • #12222 fb55695 Thanks @​ematipico! - Fixes an issue where the edge middleware couldn't correctly compute the client IP address when calling ctx.clientAddress()

4.16.3

Patch Changes

4.16.2

Patch Changes

4.16.1

Patch Changes

  • #12177 a4ffbfa Thanks @​matthewp! - Ensure we target scripts for execution in the router

    Using document.scripts is unsafe because if the application has a name="scripts" this will shadow the built-in document.scripts. Fix is to use getElementsByTagName to ensure we're only grabbing real scripts.

  • #12173 2d10de5 Thanks @​ematipico! - Fixes a bug where Astro Actions couldn't redirect to the correct pathname when there was a rewrite involved.

4.16.0

Minor Changes

... (truncated)

Commits

Updates astro-embed from 0.7.2 to 0.7.4

Release notes

Sourced from astro-embed's releases.

astro-embed@0.7.4

Patch Changes

astro-embed@0.7.3

Patch Changes

@dependabot
chore(deps): Bump the arcjet-apps-minor group across 1 directory with…
7c485cf 
… 23 updates

Bumps the arcjet-apps-minor group with 23 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [@astrojs/check](https://github.com/withastro/language-tools/tree/HEAD/packages/astro-check) | `0.9.3` | `0.9.4` |
| [@astrojs/starlight](https://github.com/withastro/starlight/tree/HEAD/packages/starlight) | `0.28.2` | `0.28.3` |
| [@clerk/nextjs](https://github.com/clerk/javascript/tree/HEAD/packages/nextjs) | `5.7.1` | `5.7.3` |
| [@fontsource-variable/figtree](https://github.com/fontsource/font-files/tree/HEAD/fonts/variable/figtree) | `5.1.0` | `5.1.1` |
| [@fontsource-variable/jost](https://github.com/fontsource/font-files/tree/HEAD/fonts/variable/jost) | `5.1.0` | `5.1.1` |
| [@hono/node-server](https://github.com/honojs/node-server) | `1.13.1` | `1.13.2` |
| [@langchain/community](https://github.com/langchain-ai/langchainjs) | `0.3.4` | `0.3.5` |
| [@nestjs/common](https://github.com/nestjs/nest/tree/HEAD/packages/common) | `10.4.4` | `10.4.5` |
| [@nestjs/core](https://github.com/nestjs/nest/tree/HEAD/packages/core) | `10.4.4` | `10.4.5` |
| [@sveltejs/kit](https://github.com/sveltejs/kit/tree/HEAD/packages/kit) | `2.6.1` | `2.7.1` |
| [ai](https://github.com/vercel/ai) | `3.4.7` | `3.4.12` |
| [astro](https://github.com/withastro/astro/tree/HEAD/packages/astro) | `4.15.10` | `4.16.5` |
| [astro-embed](https://github.com/delucis/astro-embed/tree/HEAD/packages/astro-embed) | `0.7.2` | `0.7.4` |
| [express](https://github.com/expressjs/express) | `4.21.0` | `4.21.1` |
| [hono](https://github.com/honojs/hono) | `4.6.3` | `4.6.5` |
| [next](https://github.com/vercel/next.js) | `14.2.14` | `14.2.15` |
| [openai](https://github.com/openai/openai-node) | `4.67.1` | `4.67.3` |
| [pino](https://github.com/pinojs/pino) | `9.4.0` | `9.5.0` |
| [pino-pretty](https://github.com/pinojs/pino-pretty) | `11.2.2` | `11.3.0` |
| [sass](https://github.com/sass/dart-sass) | `1.79.4` | `1.79.5` |
| [starlight-links-validator](https://github.com/HiDeoo/starlight-links-validator) | `0.12.2` | `0.12.3` |
| [@types/bun](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/bun) | `1.1.10` | `1.1.11` |
| [@types/react-dom](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/react-dom) | `18.3.0` | `18.3.1` |



Updates `@astrojs/check` from 0.9.3 to 0.9.4
- [Release notes](https://github.com/withastro/language-tools/releases)
- [Changelog](https://github.com/withastro/language-tools/blob/main/packages/astro-check/CHANGELOG.md)
- [Commits](https://github.com/withastro/language-tools/commits/@astrojs/check@0.9.4/packages/astro-check)

Updates `@astrojs/starlight` from 0.28.2 to 0.28.3
- [Release notes](https://github.com/withastro/starlight/releases)
- [Changelog](https://github.com/withastro/starlight/blob/main/packages/starlight/CHANGELOG.md)
- [Commits](https://github.com/withastro/starlight/commits/@astrojs/starlight@0.28.3/packages/starlight)

Updates `@clerk/nextjs` from 5.7.1 to 5.7.3
- [Release notes](https://github.com/clerk/javascript/releases)
- [Changelog](https://github.com/clerk/javascript/blob/main/packages/nextjs/CHANGELOG.md)
- [Commits](https://github.com/clerk/javascript/commits/@clerk/nextjs@5.7.3/packages/nextjs)

Updates `@fontsource-variable/figtree` from 5.1.0 to 5.1.1
- [Changelog](https://github.com/fontsource/font-files/blob/main/CHANGELOG.md)
- [Commits](https://github.com/fontsource/font-files/commits/HEAD/fonts/variable/figtree)

Updates `@fontsource-variable/jost` from 5.1.0 to 5.1.1
- [Changelog](https://github.com/fontsource/font-files/blob/main/CHANGELOG.md)
- [Commits](https://github.com/fontsource/font-files/commits/HEAD/fonts/variable/jost)

Updates `@hono/node-server` from 1.13.1 to 1.13.2
- [Release notes](https://github.com/honojs/node-server/releases)
- [Commits](honojs/node-server@v1.13.1...v1.13.2)

Updates `@langchain/community` from 0.3.4 to 0.3.5
- [Release notes](https://github.com/langchain-ai/langchainjs/releases)
- [Changelog](https://github.com/langchain-ai/langchainjs/blob/main/release_workspace.js)
- [Commits](https://github.com/langchain-ai/langchainjs/commits)

Updates `@nestjs/common` from 10.4.4 to 10.4.5
- [Release notes](https://github.com/nestjs/nest/releases)
- [Commits](https://github.com/nestjs/nest/commits/v10.4.5/packages/common)

Updates `@nestjs/core` from 10.4.4 to 10.4.5
- [Release notes](https://github.com/nestjs/nest/releases)
- [Commits](https://github.com/nestjs/nest/commits/v10.4.5/packages/core)

Updates `@sveltejs/kit` from 2.6.1 to 2.7.1
- [Release notes](https://github.com/sveltejs/kit/releases)
- [Changelog](https://github.com/sveltejs/kit/blob/main/packages/kit/CHANGELOG.md)
- [Commits](https://github.com/sveltejs/kit/commits/@sveltejs/kit@2.7.1/packages/kit)

Updates `ai` from 3.4.7 to 3.4.12
- [Release notes](https://github.com/vercel/ai/releases)
- [Changelog](https://github.com/vercel/ai/blob/main/CHANGELOG.md)
- [Commits](https://github.com/vercel/ai/compare/ai@3.4.7...ai@3.4.12)

Updates `astro` from 4.15.10 to 4.16.5
- [Release notes](https://github.com/withastro/astro/releases)
- [Changelog](https://github.com/withastro/astro/blob/main/packages/astro/CHANGELOG.md)
- [Commits](https://github.com/withastro/astro/commits/astro@4.16.5/packages/astro)

Updates `astro-embed` from 0.7.2 to 0.7.4
- [Release notes](https://github.com/delucis/astro-embed/releases)
- [Changelog](https://github.com/delucis/astro-embed/blob/main/packages/astro-embed/CHANGELOG.md)
- [Commits](https://github.com/delucis/astro-embed/commits/astro-embed@0.7.4/packages/astro-embed)

Updates `express` from 4.21.0 to 4.21.1
- [Release notes](https://github.com/expressjs/express/releases)
- [Changelog](https://github.com/expressjs/express/blob/4.21.1/History.md)
- [Commits](expressjs/express@4.21.0...4.21.1)

Updates `hono` from 4.6.3 to 4.6.5
- [Release notes](https://github.com/honojs/hono/releases)
- [Commits](honojs/hono@v4.6.3...v4.6.5)

Updates `next` from 14.2.14 to 14.2.15
- [Release notes](https://github.com/vercel/next.js/releases)
- [Changelog](https://github.com/vercel/next.js/blob/canary/release.js)
- [Commits](vercel/next.js@v14.2.14...v14.2.15)

Updates `openai` from 4.67.1 to 4.67.3
- [Release notes](https://github.com/openai/openai-node/releases)
- [Changelog](https://github.com/openai/openai-node/blob/master/CHANGELOG.md)
- [Commits](openai/openai-node@v4.67.1...v4.67.3)

Updates `pino` from 9.4.0 to 9.5.0
- [Release notes](https://github.com/pinojs/pino/releases)
- [Commits](pinojs/pino@v9.4.0...v9.5.0)

Updates `pino-pretty` from 11.2.2 to 11.3.0
- [Release notes](https://github.com/pinojs/pino-pretty/releases)
- [Commits](pinojs/pino-pretty@v11.2.2...v11.3.0)

Updates `sass` from 1.79.4 to 1.79.5
- [Release notes](https://github.com/sass/dart-sass/releases)
- [Changelog](https://github.com/sass/dart-sass/blob/main/CHANGELOG.md)
- [Commits](sass/dart-sass@1.79.4...1.79.5)

Updates `starlight-links-validator` from 0.12.2 to 0.12.3
- [Release notes](https://github.com/HiDeoo/starlight-links-validator/releases)
- [Commits](HiDeoo/starlight-links-validator@v0.12.2...v0.12.3)

Updates `@types/bun` from 1.1.10 to 1.1.11
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/bun)

Updates `@types/react-dom` from 18.3.0 to 18.3.1
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/react-dom)

---
updated-dependencies:
- dependency-name: "@astrojs/check"
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: arcjet-apps-minor
- dependency-name: "@astrojs/starlight"
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: arcjet-apps-minor
- dependency-name: "@clerk/nextjs"
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: arcjet-apps-minor
- dependency-name: "@fontsource-variable/figtree"
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: arcjet-apps-minor
- dependency-name: "@fontsource-variable/jost"
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: arcjet-apps-minor
- dependency-name: "@hono/node-server"
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: arcjet-apps-minor
- dependency-name: "@langchain/community"
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: arcjet-apps-minor
- dependency-name: "@nestjs/common"
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: arcjet-apps-minor
- dependency-name: "@nestjs/core"
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: arcjet-apps-minor
- dependency-name: "@sveltejs/kit"
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: arcjet-apps-minor
- dependency-name: ai
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: arcjet-apps-minor
- dependency-name: astro
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: arcjet-apps-minor
- dependency-name: astro-embed
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: arcjet-apps-minor
- dependency-name: express
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: arcjet-apps-minor
- dependency-name: hono
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: arcjet-apps-minor
- dependency-name: next
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: arcjet-apps-minor
- dependency-name: openai
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: arcjet-apps-minor
- dependency-name: pino
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: arcjet-apps-minor
- dependency-name: pino-pretty
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: arcjet-apps-minor
- dependency-name: sass
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: arcjet-apps-minor
- dependency-name: starlight-links-validator
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: arcjet-apps-minor
- dependency-name: "@types/bun"
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: arcjet-apps-minor
- dependency-name: "@types/react-dom"
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: arcjet-apps-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label Oct 16, 2024
@vercel Vercel
Copy link

vercel bot commented Oct 16, 2024
edited
Loading

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name Status Preview Comments Updated (UTC)
arcjet-docs ✅ Ready (Inspect) Visit Preview 💬 Add feedback Oct 16, 2024 10:38pm

@dependabot dependabot bot requested review from blaine-arcjet and e-moran October 16, 2024 22:36
@socket-security Socket Security
Copy link

New and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package New capabilities Transitives Size Publisher
npm/@astrojs/check@0.9.4 Transitive: environment, eval, filesystem, network, shell, unsafe +92 44.2 MB fredkschott, matthewp, natemoo-re
npm/@astrojs/starlight@0.28.3 Transitive: environment, eval, filesystem, network, shell +235 31.2 MB fredkschott, matthewp, natemoo-re
npm/@clerk/nextjs@5.7.3 Transitive: environment, network +22 6.72 MB nikosdouvlis
npm/@fontsource-variable/figtree@5.1.1 None 0 79.8 kB lotusdevshack
npm/@fontsource-variable/jost@5.1.1 None 0 135 kB lotusdevshack
npm/@hono/node-server@1.13.2 network 0 166 kB yusukebe
npm/@langchain/community@0.3.5 Transitive: environment, filesystem, shell +35 38.8 MB jacoblee93
npm/@nestjs/common@10.4.5 None +7 5.4 MB nestjscore
npm/@nestjs/core@10.4.5 Transitive: environment, filesystem, network, shell +20 6.21 MB nestjscore
npm/@sveltejs/kit@2.7.1 environment, eval Transitive: filesystem, network, shell, unsafe +73 244 MB svelte-admin
npm/@types/bun@1.1.11 None +5 4.66 MB types
npm/@types/react-dom@18.3.1 None 0 0 B
npm/ai@3.4.12 environment, network Transitive: filesystem, unsafe +62 34.2 MB vercel-release-bot
npm/astro-embed@0.7.4 Transitive: network, unsafe +29 5.04 MB delucis
npm/astro@4.16.5 Transitive: environment, eval, filesystem, network, shell +340 295 MB fredkschott
npm/express@4.21.1 Transitive: environment, eval, filesystem, network, unsafe +64 2.16 MB blakeembrey, dougwilson, linusu, ...4 more
npm/hono@4.6.5 None 0 1.04 MB yusukebe
npm/next@14.2.15 environment, filesystem, network, shell, unsafe +24 453 MB vercel-release-bot
npm/openai@4.67.3 Transitive: filesystem, network +24 9.29 MB dschnurr, dschnurr-openai, jeevnayak, ...2 more
npm/pino-pretty@11.3.0 Transitive: environment, filesystem +28 1.55 MB jsumners, matteo.collina, watson
npm/pino@9.5.0 Transitive: environment, eval, filesystem +12 1.18 MB davidmarkclements, jsumners, matteo.collina, ...1 more
npm/sass@1.79.5 filesystem, unsafe Transitive: environment, shell +27 12.9 MB sassbot
npm/starlight-links-validator@0.12.3 None +29 1.92 MB hideoo

🚮 Removed packages: npm/@astrojs/check@0.9.3, npm/@astrojs/starlight@0.28.2, npm/@clerk/nextjs@5.7.1, npm/@fontsource-variable/figtree@5.1.0, npm/@fontsource-variable/jost@5.1.0, npm/@hono/node-server@1.13.1, npm/@langchain/community@0.3.4, npm/@nestjs/common@10.4.4, npm/@nestjs/core@10.4.4, npm/@sveltejs/kit@2.6.1, npm/@types/bun@1.1.10, npm/@types/react-dom@18.3.0, npm/ai@3.4.7, npm/astro-embed@0.7.2, npm/astro@4.15.10, npm/express@4.21.0, npm/hono@4.6.3, npm/next@14.2.14, npm/openai@4.67.1, npm/pino-pretty@11.2.2, npm/pino@9.4.0, npm/sass@1.79.4, npm/starlight-links-validator@0.12.2

View full report↗︎

@socket-security Socket Security
Copy link

🚨 Potential security issues detected. Learn more about Socket for GitHub ↗︎

To accept the risk, merge this PR and you will not be notified again.

Alert Package NoteSourceCI
New author npm/cookie@0.7.0 🚫
Unstable ownership npm/cookie@0.7.0 🚫
Install scripts npm/@clerk/shared@2.9.1
  • Install script: postinstall
  • Source: node ./scripts/postinstall.mjs
 🚫

View full report↗︎

Next steps

What is new author?

A new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.

Scrutinize new collaborator additions to packages because they now have the ability to publish code into your dependency tree. Packages should avoid frequent or unnecessary additions or changes to publishing rights.

What is unstable ownership?

A new collaborator has begun publishing package versions. Package stability and security risk may be elevated.

Try to reduce the amount of authors you depend on to reduce the risk to malicious actors gaining access to your supply chain. Packages should remove inactive collaborators with publishing rights from packages on npm.

What is an install script?

Install scripts are run when the package is installed. The majority of malware in npm is hidden in install scripts.

Packages should not be running non-essential scripts during install and there are often solutions to problems people solve with install scripts that can be run at publish time instead.

Take a deeper look at the dependency

Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support [AT] socket [DOT] dev.

Remove the package

If you happen to install a dependency that Socket reports as Known Malware you should immediately remove it and select a different dependency. For other alert types, you may may wish to investigate alternative packages or consider if there are other ways to mitigate the specific risk posed by the dependency.

Mark a package as acceptable risk

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of ecosystem/package-name@version specifiers. e.g. @SocketSecurity ignore npm/foo@1.0.0 or ignore all packages with @SocketSecurity ignore-all

  • @SocketSecurity ignore npm/cookie@0.7.0
  • @SocketSecurity ignore npm/@clerk/shared@2.9.1

@davidmytton
Copy link
Contributor

Will run this manually now we've merged in #82

@dependabot Dependabot
Copy link
Contributor Author

dependabot bot commented on behalf of github Oct 17, 2024

This pull request was built based on a group rule. Closing it will not ignore any of these versions in future pull requests.

To ignore these dependencies, configure ignore rules in dependabot.yml

@dependabot dependabot bot deleted the dependabot/npm_and_yarn/arcjet-apps-minor-281aa26244 branch October 17, 2024 14:56
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@blaine-arcjet blaine-arcjet Awaiting requested review from blaine-arcjet

@e-moran e-moran Awaiting requested review from e-moran

Assignees

@e-moran e-moran

@blaine-arcjet blaine-arcjet

Labels
dependencies Pull requests that update a dependency file
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@davidmytton @e-moran @blaine-arcjet