Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Snyk] Upgrade @sentry/react from 7.16.0 to 8.29.0 #904

Open
wants to merge 1 commit into
base: main
Choose a base branch
from

Conversation

q1blue
Copy link
Collaborator

@q1blue q1blue commented Sep 30, 2024

snyk-top-banner

Snyk has created this PR to upgrade @sentry/react from 7.16.0 to 8.29.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.


⚠️ Warning: This PR contains major version upgrade(s), and may be a breaking change.

  • The recommended version is 204 versions ahead of your current version.

  • The recommended version was released on 22 days ago.

Release notes
Package name: @sentry/react
  • 8.29.0 - 2024-09-09

    Important Changes

    • Beta releases of official Solid and SolidStart Sentry SDKs

    This release marks the beta releases of the @ sentry/solid and @ sentry/solidstart Sentry SDKs. For details on how to
    use them, check out the
    Sentry Solid SDK README and the
    Sentry SolidStart SDK README
    respectively. Please reach out on GitHub if you have
    any feedback or concerns.

    • feat(node): Option to only wrap instrumented modules (#13139)

    Adds the SDK option to only wrap ES modules with import-in-the-middle that specifically need to be instrumented.

    import * as Sentry from '@ sentry/node';

    Sentry.init({
    dsn: 'PUBLIC_DSN',
    registerEsmLoaderHooks: { onlyIncludeInstrumentedModules: true },
    });

    • feat(node): Update OpenTelemetry packages to instrumentation v0.53.0 (#13587)

    All internal OpenTelemetry instrumentation was updated to their latest version. This adds support for Mongoose v7 and v8
    and fixes various bugs related to ESM mode.

    Other Changes

    • feat(nextjs): Emit warning when using turbopack (#13566)
    • feat(nextjs): Future-proof Next.js config options overriding (#13586)
    • feat(node): Add generic-pool integration (#13465)
    • feat(nuxt): Upload sourcemaps generated by Nitro (#13382)
    • feat(solidstart): Add browserTracingIntegration by default (#13561)
    • feat(solidstart): Add sentrySolidStartVite plugin to simplify source maps upload (#13493)
    • feat(vue): Only start UI spans if parent is available (#13568)
    • fix(cloudflare): Guard context.waitUntil call in request handler (#13549)
    • fix(gatsby): Fix assets path for sourcemaps upload (#13592)
    • fix(nextjs): Use posix paths for sourcemap uploads (#13603)
    • fix(node-fetch): Use stringified origin url (#13581)
    • fix(node): Replace dashes in generic-pool span origins with underscores (#13579)
    • fix(replay): Fix types in WebVitalData (#13573)
    • fix(replay): Improve replay web vital types (#13602)
    • fix(utils): Keep logger on carrier (#13570)

    Work in this release was contributed by @ Zen-cronic. Thank you for your contribution!

  • 8.28.0 - 2024-09-03

    Important Changes

    • Beta release of official NestJS SDK

    This release contains the beta version of @ sentry/nestjs! For details on how to use it, check out the
    README. Any feedback/bug reports
    are greatly appreciated, please reach out on GitHub.

    • fix(browser): Remove faulty LCP, FCP and FP normalization logic (#13502)

    This release fixes a bug in the @ sentry/browser package and all SDKs depending on this package (e.g. @ sentry/react
    or @ sentry/nextjs) that caused the SDK to send incorrect web vital values for the LCP, FCP and FP vitals. The SDK
    previously incorrectly processed the original values as they were reported from the browser. When updating your SDK to
    this version, you might experience an increase in LCP, FCP and FP values, which potentially leads to a decrease in your
    performance score in the Web Vitals Insights module in Sentry. This is because the previously reported values were
    smaller than the actually measured values. We apologize for the inconvenience!

    Other Changes

    • feat(nestjs): Add SentryGlobalGraphQLFilter (#13545)
    • feat(nestjs): Automatic instrumentation of nestjs interceptors after route execution (#13264)
    • feat(nextjs): Add bundleSizeOptimizations to build options (#13323)
    • feat(nextjs): Stabilize captureRequestError (#13550)
    • feat(nuxt): Wrap config in nuxt context (#13457)
    • feat(profiling): Expose profiler as top level primitive (#13512)
    • feat(replay): Add layout shift to CLS replay data (#13386)
    • feat(replay): Upgrade rrweb packages to 2.26.0 (#13483)
    • fix(cdn): Do not mangle _metadata (#13426)
    • fix(cdn): Fix SDK source for CDN bundles (#13475)
    • fix(nestjs): Check arguments before instrumenting with @ Injectable (#13544)
    • fix(nestjs): Ensure exception and host are correctly passed on when using @ WithSentry (#13564)
    • fix(node): Suppress tracing for transport request execution rather than transport creation (#13491)
    • fix(replay): Consider more things as DOM mutations for dead clicks (#13518)
    • fix(vue): Correctly obtain component name (#13484)

    Work in this release was contributed by @ leopoldkristjansson, @ mhuggins and @ filips123. Thank you for your
    contributions!

  • 8.27.0 - 2024-08-27

    Important Changes

    • fix(nestjs): Exception filters in main app module are not being executed (#13278)

      With this release nestjs error monitoring is no longer automatically set up after adding the SentryModule to your
      application, which led to issues in certain scenarios. You will now have to either add the SentryGlobalFilter to
      your main module providers or decorate the catch() method in your existing global exception filters with the newly
      released @ WithSentry() decorator. See the docs for
      more details.

    Other Changes

    • feat: Add options for passing nonces to feedback integration (#13347)
    • feat: Add support for SENTRY_SPOTLIGHT env var in Node (#13325)
    • feat(deps): bump @ prisma/instrumentation from 5.17.0 to 5.18.0 (#13327)
    • feat(feedback): Improve error message for 403 errors (#13441)
    • fix(deno): Don't rely on Deno.permissions.querySync (#13378)
    • fix(replay): Ensure we publish replay CDN bundles (#13437)

    Work in this release was contributed by @ charpeni. Thank you for your contribution!

  • 8.26.0 - 2024-08-14

    Important Changes

    • feat(node): Add fsInstrumentation (#13291)

      This release adds fsIntegration, an integration that instruments the fs API to the Sentry Node SDK. The
      integration creates spans with naming patterns of fs.readFile, fs.unlink, and so on.

      This integration is not enabled by default and needs to be registered in your Sentry.init call. You can configure
      via options whether to include path arguments or error messages as span attributes when an fs call fails:

      Sentry.init({
        integrations: [
          Sentry.fsIntegration({
            recordFilePaths: true,
            recordErrorMessagesAsSpanAttributes: true,
          }),
        ],
      });

      WARNING: This integration may add significant overhead to your application. Especially in scenarios with a lot of
      file I/O, like for example when running a framework dev server, including this integration can massively slow down
      your application.

    Other Changes

    • feat(browser): Add spotlightBrowser integration (#13263)

    • feat(browser): Allow sentry in safari extension background page (#13209)

    • feat(browser): Send CLS as standalone span (experimental) (#13056)

    • feat(core): Add OpenTelemetry-specific getTraceData implementation (#13281)

    • feat(nextjs): Always add browserTracingIntegration (#13324)

    • feat(nextjs): Always transmit trace data to the client (#13337)

    • feat(nextjs): export SentryBuildOptions (#13296)

    • feat(nextjs): Update experimental_captureRequestError to reflect RequestInfo.path change in Next.js canary
      (#13344)

    • feat(nuxt): Always add tracing meta tags (#13273)

    • feat(nuxt): Set transaction name for server error (#13292)

    • feat(replay): Add a replay-specific logger (#13256)

    • feat(sveltekit): Add bundle size optimizations to plugin options (#13318)

    • feat(sveltekit): Always add browserTracingIntegration (#13322)

    • feat(tracing): Make long animation frames opt-out (#13255)

    • fix(astro): Correctly extract request data (#13315)

    • fix(astro): Only track access request headers in dynamic page requests (#13306)

    • fix(nuxt): Add import line for disabled autoImport (#13342)

    • fix(nuxt): Add vue to excludeEsmLoaderHooks array (#13346)

    • fix(opentelemetry): Do not overwrite http span name if kind is internal (#13282)

    • fix(remix): Ensure origin is correctly set for remix server spans (#13305)

    Work in this release was contributed by @ MonstraG, @ undead-voron and @ Zen-cronic. Thank you for your contributions!

  • 8.25.0 - 2024-08-09

    Important Changes

    • Alpha release of Official Solid Start SDK

    This release contains the alpha version of @ sentry/solidstart, our SDK for Solid Start!
    For details on how to use it, please see the README. Any feedback/bug reports are
    greatly appreciated, please reach out on GitHub.

    Other Changes

    • feat(astro): Add bundleSizeOptimizations vite options to integration (#13250)
    • feat(astro): Always add BrowserTracing (#13244)
    • feat(core): Add getTraceMetaTags function (#13201)
    • feat(nestjs): Automatic instrumentation of nestjs exception filters (#13230)
    • feat(node): Add useOperationNameForRootSpan tographqlIntegration (#13248)
    • feat(sveltekit): Add wrapServerRouteWithSentry wrapper (#13247)
    • fix(aws-serverless): Extract sentry trace data from handler context over event (#13266)
    • fix(browser): Initialize default integration if defaultIntegrations: undefined (#13261)
    • fix(utils): Streamline IP capturing on incoming requests (#13272)
  • 8.24.0 - 2024-08-06
  • 8.23.0 - 2024-08-05
  • 8.22.0 - 2024-08-01
  • 8.21.0 - 2024-07-31
  • 8.20.0 - 2024-07-24
  • 8.19.0 - 2024-07-19
  • 8.18.0 - 2024-07-16
  • 8.17.0 - 2024-07-10
  • 8.16.0 - 2024-07-09
  • 8.15.0 - 2024-07-05
  • 8.14.0 - 2024-07-04
  • 8.13.0 - 2024-06-27
  • 8.12.0 - 2024-06-25
  • 8.12.0-beta.0 - 2024-06-24
  • 8.11.0 - 2024-06-21
  • 8.10.0 - 2024-06-19
  • 8.9.2 - 2024-06-12
  • 8.9.1 - 2024-06-11
  • 8.9.0 - 2024-06-11
  • 8.8.0 - 2024-06-07
  • 8.7.0 - 2024-05-29
  • 8.6.0 - 2024-05-29
  • 8.5.0 - 2024-05-27
  • 8.4.0 - 2024-05-23
  • 8.3.0 - 2024-05-22
  • 8.2.1 - 2024-05-16
  • 8.2.0 - 2024-05-16
  • 8.1.0 - 2024-05-16
  • 8.0.0 - 2024-05-13
  • 8.0.0-rc.3 - 2024-05-10
  • 8.0.0-rc.2 - 2024-05-08
  • 8.0.0-rc.1 - 2024-05-07
  • 8.0.0-rc.0 - 2024-05-06
  • 8.0.0-beta.6 - 2024-05-03
  • 8.0.0-beta.5 - 2024-04-30
  • 8.0.0-beta.4 - 2024-04-24
  • 8.0.0-beta.3 - 2024-04-19
  • 8.0.0-beta.2 - 2024-04-17
  • 8.0.0-beta.1 - 2024-04-15
  • 8.0.0-alpha.9 - 2024-04-08
  • 8.0.0-alpha.8 - 2024-04-08
  • 8.0.0-alpha.7 - 2024-03-27
  • 8.0.0-alpha.5 - 2024-03-22
  • 8.0.0-alpha.4 - 2024-03-14
  • 8.0.0-alpha.3 - 2024-03-14
  • 8.0.0-alpha.2 - 2024-03-05
  • 7.119.0 - 2024-08-14
    • backport(tracing): Report dropped spans for transactions (#13343)

    Bundle size 📦

    Path Size
    @ sentry/browser (incl. Tracing, Replay, Feedback) - Webpack (gzipped) 80.96 KB
    @ sentry/browser (incl. Tracing, Replay) - Webpack (gzipped) 71.89 KB
    @ sentry/browser (incl. Tracing, Replay with Canvas) - Webpack (gzipped) 76.14 KB
    @ sentry/browser (incl. Tracing, Replay) - Webpack with treeshaking flags (gzipped) 65.52 KB
    @ sentry/browser (incl. Tracing) - Webpack (gzipped) 35.77 KB
    @ sentry/browser (incl. browserTracingIntegration) - Webpack (gzipped) 35.66 KB
    @ sentry/browser (incl. Feedback) - Webpack (gzipped) 31.71 KB
    @ sentry/browser (incl. sendFeedback) - Webpack (gzipped) 31.72 KB
    @ sentry/browser - Webpack (gzipped) 22.91 KB
    @ sentry/browser (incl. Tracing, Replay, Feedback) - ES6 CDN Bundle (gzipped) 79.17 KB
    @ sentry/browser (incl. Tracing, Replay) - ES6 CDN Bundle (gzipped) 70.49 KB
    @ sentry/browser (incl. Tracing) - ES6 CDN Bundle (gzipped) 36.17 KB
    @ sentry/browser - ES6 CDN Bundle (gzipped) 25.41 KB
    @ sentry/browser (incl. Tracing, Replay) - ES6 CDN Bundle (minified & uncompressed) 221.92 KB
    @ sentry/browser (incl. Tracing) - ES6 CDN Bundle (minified & uncompressed) 109.52 KB
    @ sentry/browser - ES6 CDN Bundle (minified & uncompressed) 76.24 KB
    @ sentry/browser (incl. Tracing) - ES5 CDN Bundle (gzipped) 39.45 KB
    @ sentry/react (incl. Tracing, Replay) - Webpack (gzipped) 72.4 KB
    @ sentry/react - Webpack (gzipped) 22.94 KB
    @ sentry/nextjs Client (incl. Tracing, Replay) - Webpack (gzipped) 90.16 KB
    @ sentry/nextjs Client - Webpack (gzipped) 54.27 KB
    @ sentry-internal/feedback - Webpack (gzipped) 17.34 KB
  • 7.118.0 - 2024-06-21
  • 7.117.0 - 2024-06-10
  • 7.116.0 - 2024-05-17
  • 7.115.0 - 2024-05-16
  • 7.114.0 - 2024-05-08
  • 7.113.0 - 2024-05-02
  • 7.112.2 - 2024-04-24
  • 7.112.1 - 2024-04-23
  • 7.112.0 - 2024-04-23
  • 7.111.0 - 2024-04-18
  • 7.110.1 - 2024-04-15
  • 7.110.0 - 2024-04-11
  • 7.109.0 - 2024-03-28
  • 7.108.0 - 2024-03-22
  • 7.107.0 - 2024-03-14
  • 7.106.1 - 2024-03-11
  • 7.106.0 - 2024-03-08
  • 7.105.0 - 2024-03-04
  • 7.104.0 - 2024-02-29
  • 7.103.0 - 2024-02-27
  • 7.102.1 - 2024-02-22
  • 7.102.0 - 2024-02-20
  • 7.101.1 - 2024-02-15
  • 7.101.0 - 2024-02-13
  • 7.100.1 - 2024-02-07
  • 7.100.0 - 2024-02-06
  • 7.99.0 - 2024-01-30
  • 7.98.0 - 2024-01-25
  • 7.97.0 - 2024-01-25
  • 7.95.0 - 2024-01-23
  • 7.94.1 - 2024-01-19
  • 7.93.0 - 2024-01-10
  • 7.92.0 - 2024-01-04
  • 7.91.0 - 2023-12-22
  • 7.90.0 - 2023-12-20
  • 7.89.0 - 2023-12-19
  • 7.88.0 - 2023-12-14
  • 7.87.0 - 2023-12-13
  • 7.86.0 - 2023-12-07
  • 7.85.0 - 2023-12-04
  • 7.84.0 - 2023-11-30
  • 7.83.0 - 2023-11-28
  • 7.82.0 - 2023-11-27
  • 7.81.1 - 2023-11-21
  • 7.81.0 - 2023-11-20
  • 7.80.2-alpha.1 - 2023-11-15
  • 7.80.2-alpha.0 - 2023-11-14
  • 7.80.1 - 2023-11-14
  • 7.80.0 - 2023-11-09
  • 7.79.0 - 2023-11-08
  • 7.78.0 - 2023-11-08
  • 7.77.0 - 2023-10-31
  • 7.76.0 - 2023-10-27
  • 7.75.1 - 2023-10-25
  • 7.75.0 - 2023-10-24
  • 7.74.2-alpha.1 - 2023-10-23
  • 7.74.2-alpha.0 - 2023-10-19
  • 7.74.1 - 2023-10-17
  • 7.74.0 - 2023-10-13
  • 7.73.0 - 2023-10-02
  • 7.72.0 - 2023-09-26
  • 7.71.0 - 2023-09-25
  • 7.70.0 - 2023-09-20
  • 7.70.0-beta.1 - 2023-09-15
  • 7.70.0-beta.0 - 2023-09-14
  • 7.69.0 - 2023-09-13
  • 7.68.0 - 2023-09-06
  • 7.67.0 - 2023-09-05
  • 7.67.0-beta.0 - 2023-08-31
  • 7.66.0 - 2023-08-30
  • 7.66.0-alpha.0 - 2023-08-29
  • 7.65.0 - 2023-08-28
  • 7.65.0-alpha.0 - 2023-08-16
  • 7.64.0 - 2023-08-14
  • 7.64.0-alpha.0 - 2023-08-11
  • 7.63.0 - 2023-08-10
  • 7.62.0 - 2023-08-09
  • 7.61.1 - 2023-08-04
  • 7.61.0 - 2023-07-31
  • 7.60.1 - 2023-07-26
  • 7.60.0 - 2023-07-21
  • 7.59.3 - 2023-07-19
  • 7.59.2 - 2023-07-18
  • 7.59.1 - 2023-07-18
  • 7.59.0-beta.1 - 2023-07-17
  • 7.59.0-beta.0 - 2023-07-13
  • 7.58.1 - 2023-07-13
  • 7.58.0 - 2023-07-12
  • 7.57.0 - 2023-06-28
  • 7.57.0-beta.0 - 2023-06-21
  • 7.56.0 - 2023-06-19
  • 7.55.2 - 2023-06-14
  • 7.55.1 - 2023-06-14
  • 7.55.0 - 2023-06-13
  • 7.54.0 - 2023-06-01
  • 7.53.1 - 2023-05-24
  • 7.53.0 - 2023-05-23
  • 7.52.1 - 2023-05-15
  • 7.52.0 - 2023-05-15
  • 7.51.2 - 2023-05-08
  • 7.51.1 - 2023-05-08
  • 7.51.0 - 2023-05-04
  • 7.50.0 - 2023-04-27
  • 7.49.0 - 2023-04-20
  • 7.48.0 - 2023-04-14
  • 7.47.0 - 2023-04-05
  • 7.46.0 - 2023-03-30
  • 7.45.0 - 2023-03-24
  • 7.44.2 - 2023-03-21
  • 7.44.1 - 2023-03-20
  • 7.44.0 - 2023-03-20
  • 7.43.0 - 2023-03-13
  • 7.42.0 - 2023-03-09
  • 7.41.0 - 2023-03-06
  • 7.40.0 - 2023-03-01
  • 7.39.0 - 2023-02-27
  • 7.38.0 - 2023-02-17
  • 7.37.2 - 2023-02-13
  • 7.37.1 - 2023-02-10
  • 7.37.0 - 2023-02-09
  • 7.36.0 - 2023-02-02
  • 7.35.0 - 2023-02-01
  • 7.34.0 - 2023-01-26
  • 7.34.0-beta.0 - 2023-01-25
  • 7.33.0 - 2023-01-24
  • 7.32.1 - 2023-01-23
  • 7.32.0 - 2023-01-23
  • 7.31.1 - 2023-01-17
  • 7.31.0 - 2023-01-16
  • 7.30.0 - 2023-01-10
  • 7.29.0 - 2023-01-04
  • 7.28.1 - 2022-12-22
  • 7.28.0 - 2022-12-20
  • 7.27.0 - 2022-12-16
  • 7.26.0 - 2022-12-13
  • 7.25.0 - 2022-12-12
  • 7.24.2 - 2022-12-07
  • 7.24.1 - 2022-12-07
  • 7.24.0 - 2022-12-07
  • 7.23.0 - 2022-12-01
  • 7.22.0 - 2022-11-29
  • 7.21.1 - 2022-11-23
  • 7.21.0 - 2022-11-22
  • 7.20.1 - 2022-11-21
  • 7.20.0 - 2022-11-17
  • 7.19.0 - 2022-11-10
  • 7.18.0 - 2022-11-08
  • 7.17.4 - 2022-11-03
  • 7.17.3 - 2022-10-31
  • 7.17.2 - 2022-10-28
  • 7.17.1 - 2022-10-27
  • 7.17.0 - 2022-10-27
  • 7.16.0 - 2022-10-19
from @sentry/react GitHub release notes

Important

  • Warning: This PR contains a major version upgrade, and may be a breaking change.
  • Check the changes in this PR to ensure they won't cause issues with your project.
  • This PR was automatically created by Snyk using the credentials of a real user.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

Snyk has created this PR to upgrade @sentry/react from 7.16.0 to 8.29.0.

See this package in npm:
@sentry/react

See this project in Snyk:
https://app.snyk.io/org/q1blue-rxw/project/5b430cad-b455-40c7-a7ff-af5a8804e8ca?utm_source=github&utm_medium=referral&page=upgrade-pr
Copy link

changeset-bot bot commented Sep 30, 2024

⚠️ No Changeset found

Latest commit: 08358aa

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

Copy link

New and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package New capabilities Transitives Size Publisher
npm/@djagger/echartsx@0.0.22 None +1 59.7 kB djagger
npm/@docusaurus/core@2.1.0 Transitive: environment, eval, filesystem, network, shell, unsafe +324 32.8 MB slorber
npm/@docusaurus/module-type-aliases@2.1.0 Transitive: filesystem, shell +16 2.23 MB slorber
npm/@docusaurus/plugin-client-redirects@2.1.0 filesystem Transitive: environment, eval, shell, unsafe +215 20.9 MB slorber
npm/@docusaurus/plugin-google-gtag@2.1.0 environment Transitive: eval, filesystem, shell, unsafe +213 20.5 MB slorber
npm/@docusaurus/preset-classic@2.1.0 environment Transitive: eval, filesystem, network, shell, unsafe +270 25.6 MB slorber
npm/@docusaurus/theme-search-algolia@2.1.0 filesystem Transitive: environment, eval, network, shell, unsafe +287 27.2 MB slorber
npm/@emotion/react@11.10.4 environment Transitive: filesystem, unsafe +68 13.7 MB emotion-release-bot
npm/@emotion/server@11.10.0 environment +8 197 kB emotion-release-bot
npm/@emotion/styled@11.10.4 environment Transitive: filesystem, unsafe +65 13.2 MB emotion-release-bot
npm/@geo-maps/countries-land-10km@0.6.0 None 0 1.06 MB simonepri
npm/@makotot/ghostui@2.0.0 environment 0 151 kB makotot
npm/@mdx-js/react@1.6.22 None 0 15.5 kB johno
npm/@mui/icons-material@5.10.9 None +5 20 MB hbjorbj
npm/@mui/lab@5.0.0-alpha.104 environment +20 9.92 MB michaldudak
npm/@mui/material@5.10.10 environment +22 18.1 MB michaldudak
npm/@mui/x-data-grid@5.17.8 environment +16 9.71 MB alexandrefauquette
npm/@primer/octicons-react@16.3.1 None 0 1.22 MB primer-css
npm/@sentry/react@8.29.0 Transitive: network +9 10.4 MB sentry-bot
npm/@sentry/tracing@7.16.0 None +4 2.83 MB sentry-bot
npm/@stackql/docusaurus-plugin-hubspot@1.0.1 environment 0 3.73 kB jeffreyaven
npm/@tidb-community/tracking-script@0.1.0 None +1 148 kB hustkiwi
npm/@tsconfig/docusaurus@1.0.6 None 0 2.69 kB typescript-deploys
npm/@types/d3-hierarchy@3.1.0 None 0 39.7 kB types
npm/@types/grecaptcha@3.0.4 None 0 8.75 kB types
npm/@types/is-hotkey@0.1.7 None 0 6.23 kB types
npm/@types/luxon@2.4.0 None 0 113 kB types
npm/@types/react-copy-to-clipboard@5.0.4 None +4 1.38 MB types
npm/@types/webpack-env@1.18.0 None 0 17.1 kB types
npm/@typescript-eslint/eslint-plugin@5.42.0 Transitive: environment, filesystem +28 5.13 MB jameshenry
npm/ace-builds@1.12.3 None 0 49.1 MB nightwing
npm/ahooks@3.7.2 None +6 2.95 MB taoweng
npm/animate.css@4.1.1 None 0 279 kB eltonmesquita
npm/axios@0.26.1 environment, network +1 427 kB jasonsaayman
npm/babel-plugin-direct-import@1.0.0 filesystem 0 27.2 kB umidbekk
npm/chart.js@3.9.1 None 0 21.1 MB chartjs-ci
npm/chartjs-plugin-datalabels@2.1.0 None 0 92.4 kB chartjs-ci
npm/clsx@1.2.1 None 0 5.67 kB lukeed
npm/country-code-emoji@2.3.0 None 0 11.3 kB thekelvinliu
npm/d3-hierarchy@3.1.2 None 0 136 kB mbostock
npm/date-fns@2.29.3 None 0 6.87 MB leshakoss
npm/deepmerge@4.2.2 None 0 30.1 kB tehshrike
npm/echarts-for-react@3.0.2 None +1 87.6 kB atool
npm/echarts-gl@2.0.9 Transitive: eval +1 17.9 MB lang
npm/echarts@5.4.0 environment, eval, network +1 41.6 MB 100pah
npm/eslint-config-standard-with-typescript@23.0.0 Transitive: environment, filesystem +20 1.77 MB mightyiam
npm/eslint-plugin-import@2.26.0 filesystem, unsafe Transitive: environment, eval +33 3.21 MB ljharb
npm/eslint-plugin-n@15.4.0 filesystem +10 1.35 MB weiran.zsd
npm/eslint-plugin-promise@6.1.1 None 0 67.1 kB eslint-community-bot
npm/eslint-plugin-react@7.31.10 filesystem Transitive: environment, eval +30 3.09 MB ljharb
npm/eslint@8.26.0 filesystem Transitive: environment, eval, shell, unsafe +52 8.84 MB eslintbot
npm/human-format@1.0.0 None 0 14.4 kB julien-f
npm/is-hotkey@0.2.0 None 0 20 kB ianstormtaylor
npm/luxon@2.5.0 None 0 3.87 MB icambron

🚮 Removed packages: npm/@fastify/auth@5.0.1, npm/@fastify/autoload@6.0.1, npm/@fastify/cookie@10.0.1, npm/@fastify/cors@10.0.1, npm/@fastify/env@5.0.1, npm/@fastify/jwt@9.0.1, npm/@fastify/mysql@5.0.1, npm/@fastify/oauth2@8.0.1, npm/@fastify/redis@7.0.1, npm/@fastify/sensible@6.0.1, npm/@fastify/swagger@9.1.0, npm/@fastify/type-provider-json-schema-to-ts@4.0.0, npm/@fastify/websocket@11.0.1, npm/@goparrot/geocoder@4.5.0, npm/@koa/cors@5.0.0, npm/@mgcrea/fastify-request-logger@1.7.1, npm/@octokit/core@6.1.2, npm/@octokit/plugin-throttling@9.3.1, npm/@octokit/rest@21.0.2, npm/@types/async@3.2.24, npm/@types/chance@1.1.6, npm/@types/generic-pool@3.8.1, npm/@types/glob@8.1.0, npm/@types/jest@29.5.13, npm/@types/koa-router@7.4.8, npm/@types/koa-static@4.0.4, npm/@types/koa@2.15.0, npm/@types/koa__cors@5.0.0, npm/@types/luxon@3.4.2, npm/@types/mysql@2.15.26, npm/@types/node-schedule@2.1.7, npm/@types/node@22.7.4, npm/@types/tail@2.2.3, npm/@types/tiny-async-pool@2.0.3, npm/@types/validator@13.12.2, npm/@types/ws@8.5.12, npm/ajv-cli@5.0.0, npm/ajv-formats@3.0.1, npm/async@3.2.6, npm/axios@1.7.7, npm/braces@3.0.3, npm/bullmq@5.14.0, npm/chalk@5.3.0, npm/chance@1.1.12, npm/commander@1.1.1, npm/commander@12.1.0, npm/concurrently@9.0.1, npm/consola@3.2.3, npm/cron-parser@4.9.0, npm/dotenv@16.4.5, npm/emoji-regex@10.4.0, npm/eventemitter3@5.0.1, npm/execa@8.0.1, npm/fill-range@7.1.1, npm/generic-pool@3.9.0, npm/get-stream@8.0.1, npm/husky@9.1.6, npm/is-fullwidth-code-point@5.0.0, npm/is-stream@3.0.0, npm/jest@29.7.0, npm/json-schema-to-typescript@15.0.2, npm/koa-body@6.0.1, npm/koa-router@13.0.1, npm/koa-static@5.0.0, npm/koa@2.15.3, npm/lint-staged@15.2.10, npm/lru-cache@11.0.1, npm/luxon@3.5.0, npm/merge-stream@2.0.0, npm/micromatch@4.0.8, npm/ms@2.1.3, npm/mysql2@3.11.3, npm/mysql@2.18.1, npm/node-schedule@2.1.1, npm/node-sql-parser@5.3.2, npm/npm-run-path@5.3.0, npm/octokit@4.0.2, npm/openapi3-ts@4.4.0, npm/p-queue@8.0.1, npm/path-key@3.1.1, npm/picomatch@2.3.1, npm/pinyin@3.1.0, npm/prom-client@15.1.3, npm/reflect-metadata@0.2.2, npm/shebang-command@2.0.0, npm/shebang-regex@3.0.0, npm/socket.io@4.8.0, npm/string-width@7.2.0, npm/table@6.8.2, npm/tail@2.2.6, npm/tiny-async-pool@2.1.0, npm/to-regex-range@5.0.1, npm/ts-node@10.9.2, npm/typescript@5.6.2, npm/which@2.0.2, npm/wrap-ansi@9.0.0, npm/yaml@1.10.2, npm/yaml@2.5.1

View full report↗︎

Copy link

🚨 Potential security issues detected. Learn more about Socket for GitHub ↗︎

To accept the risk, merge this PR and you will not be notified again.

Alert Package NoteSourceCI
Critical CVE npm/@babel/traverse@7.19.6 ⚠︎

View full report↗︎

Next steps

What is a critical CVE?

Contains a Critical Common Vulnerability and Exposure (CVE).

Remove or replace dependencies that include known critical CVEs. Consumers can use dependency overrides or npm audit fix --force to remove vulnerable dependencies.

Take a deeper look at the dependency

Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support [AT] socket [DOT] dev.

Remove the package

If you happen to install a dependency that Socket reports as Known Malware you should immediately remove it and select a different dependency. For other alert types, you may may wish to investigate alternative packages or consider if there are other ways to mitigate the specific risk posed by the dependency.

Mark a package as acceptable risk

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of ecosystem/package-name@version specifiers. e.g. @SocketSecurity ignore npm/foo@1.0.0 or ignore all packages with @SocketSecurity ignore-all

  • @SocketSecurity ignore npm/@babel/traverse@7.19.6

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants