fix(deps): update sanity packages

[renovate]

Note

Mend has cancelled the proposed renaming of the Renovate GitHub app being renamed to mend[bot].

This notice will be removed on 2025-10-07.

---

This PR contains the following updates:

Package	Change	Age	Confidence
@sanity/client (source)	^7.4.0 -> ^7.11.2
@sanity/comlink (source)	^3.0.5 -> ^3.0.9
@sanity/core-loader (source)	^1.8.10 -> ^1.8.18
@sanity/image-url (source)	^1.1.0 -> ^1.2.0
@sanity/presentation-comlink (source)	^1.0.21 -> ^1.0.29
@sanity/prettier-config	^1.0.3 -> ^1.0.6
@sanity/preview-url-secret (source)	^2.1.11 -> ^2.1.15
@sanity/types (source)	^3.91.0 -> ^3.99.0
@sanity/visual-editing (source)	^2.15.0 -> ^2.15.4
groq (source)	^3.91.0 -> ^3.99.0
sanity (source)	^3.91.0 -> ^3.99.0

---

Release Notes

sanity-io/client (@​sanity/client)

v7.11.2

Compare Source

Bug Fixes

• types: add import release action type (#​1138) (d7aeae7)

v7.11.1

Compare Source

Bug Fixes

• move extra options check after first connect attempt (#​1136) (fa8a040)

v7.11.0

Compare Source

Features

• add includeAllVersions option to getDocument method (#​1130) (dc5e882)
• add media library video client (#​1134) (0cb6e64)

v7.10.0

Compare Source

Features

• projects: allow a project list to be filtered to a specific Organization ID (#​1131) (b455862)

v7.9.0

Compare Source

Features

• add ReleaseCardinality type and update ReleaseDocument interface (#​1129) (fd5198e)
• allow experimental resource for projects and datasets (#​1124) (a2c8892)

v7.8.2

Compare Source

Bug Fixes

• allows perspective on instructionParams (#​1122) (32a9463)
• correctly uses format: 'string' typing for prompt (#​1121) (f3e07ea)
• stega: narrow filtering URL patterns to valid URL protocols (#​1118) (b8788f5)

v7.8.1

Compare Source

Bug Fixes

• add missing provider property to CurrentSanityUser type (#​1115) (5d98eca)

v7.8.0

Compare Source

Features

• version.create action supports optional baseId and versionId instead of document (#​1108) (aaa1042)

v7.7.0

Compare Source

Features

• add isHttpError method (and shared HttpError interface) (#​1112) (98ee6d3)
• add ignoreExperimentalApiWarning configuration option (#​1107) (b1cdfbe)

v7.6.0

Compare Source

Features

• transform: adds support for optional imageUrl param in for target.operation image-description (#​1105) (c47214f)

v7.5.0

Compare Source

Features

• agent.action.transform can now transform images to text descriptions (#​1096) (609e572)

v7.4.1

Compare Source

Bug Fixes

• only allow non-nullable values in search params (#​1043) (19c00ea)

sanity-io/visual-editing (@​sanity/comlink)

v3.0.9

Bug Fixes

• deps: Update dependency isbot to ^5.1.29 (#​3185) (c6e8698)

v3.0.8

Bug Fixes

• deps: update dependency @​sanity/pkg-utils to v7 (#​3125) (58d123b)

v3.0.7

Bug Fixes

• deps: bump xstate to 5.20 (5a5c004)

v3.0.6

Bug Fixes

• deps: Update dependency xstate to ^5.19.4 (#​3011) (33111d6)
• deps: update react compiler dependencies 🤖 ✨ (#​3030) (5e009da)

sanity-io/visual-editing (@​sanity/core-loader)

v1.8.18

Dependencies

• The following workspace dependencies were updated
  • dependencies
    • @​sanity/presentation-comlink bumped to 1.0.29
    • @​sanity/visual-editing-csm bumped to 2.0.24

v1.8.17

Dependencies

• The following workspace dependencies were updated
  • dependencies
    • @​sanity/comlink bumped to 3.0.9
    • @​sanity/presentation-comlink bumped to 1.0.28

v1.8.16

Dependencies

• The following workspace dependencies were updated
  • dependencies
    • @​sanity/presentation-comlink bumped to 1.0.27
    • @​sanity/visual-editing-csm bumped to 2.0.23

v1.8.15

Dependencies

• The following workspace dependencies were updated
  • dependencies
    • @​sanity/presentation-comlink bumped to 1.0.26
    • @​sanity/visual-editing-csm bumped to 2.0.22

v1.8.14

Bug Fixes

• deps: update dependency @​sanity/pkg-utils to v7 (#​3125) (58d123b)

Dependencies

• The following workspace dependencies were updated
  • dependencies
    • @​sanity/comlink bumped to 3.0.8
    • @​sanity/presentation-comlink bumped to 1.0.25
    • @​sanity/visual-editing-csm bumped to 2.0.21

v1.8.13

Bug Fixes

• deps: update dependency @​sanity/client to ^7.8.0 (95f2802)

Dependencies

• The following workspace dependencies were updated
  • dependencies
    • @​sanity/presentation-comlink bumped to 1.0.24
    • @​sanity/visual-editing-csm bumped to 2.0.20

v1.8.12

Dependencies

• The following workspace dependencies were updated
  • dependencies
    • @​sanity/comlink bumped to 3.0.7
    • @​sanity/presentation-comlink bumped to 1.0.23

v1.8.11

Bug Fixes

• deps: update dependency @​sanity/client to v7.6.0 (#​3020) (039b859)

Dependencies

• The following workspace dependencies were updated
  • dependencies
    • @​sanity/comlink bumped to 3.0.6
    • @​sanity/presentation-comlink bumped to 1.0.22
    • @​sanity/visual-editing-csm bumped to 2.0.19

sanity-io/image-url (@​sanity/image-url)

v1.2.0

Compare Source

Minor Changes

• #​77 c48fd9f Thanks @​stipsan! - add placeholder object for when image is being uploaded (#​76)

Patch Changes

• #​82 c7370d4 Thanks @​RitaDias! - - when still uploading return a placeholder image via dataurl (#​84)

All notable changes will be documented in this file.

sanity-io/visual-editing (@​sanity/presentation-comlink)

v1.0.29

Dependencies

• The following workspace dependencies were updated
  • dependencies
    • @​sanity/visual-editing-types bumped to 1.1.6

v1.0.28

Dependencies

• The following workspace dependencies were updated
  • dependencies
    • @​sanity/comlink bumped to 3.0.9

v1.0.27

Dependencies

• The following workspace dependencies were updated
  • dependencies
    • @​sanity/visual-editing-types bumped to 1.1.5

v1.0.26

Dependencies

• The following workspace dependencies were updated
  • dependencies
    • @​sanity/visual-editing-types bumped to 1.1.4

v1.0.25

Bug Fixes

• deps: update dependency @​sanity/pkg-utils to v7 (#​3125) (58d123b)

Dependencies

• The following workspace dependencies were updated
  • dependencies
    • @​sanity/comlink bumped to 3.0.8
    • @​sanity/visual-editing-types bumped to 1.1.3

v1.0.24

Bug Fixes

• deps: update dependency @​sanity/client to ^7.8.0 (95f2802)

Dependencies

• The following workspace dependencies were updated
  • dependencies
    • @​sanity/visual-editing-types bumped to 1.1.2

v1.0.23

Dependencies

• The following workspace dependencies were updated
  • dependencies
    • @​sanity/comlink bumped to 3.0.7

v1.0.22

Bug Fixes

• deps: update dependency @​sanity/client to v7.6.0 (#​3020) (039b859)

Dependencies

• The following workspace dependencies were updated
  • dependencies
    • @​sanity/comlink bumped to 3.0.6
    • @​sanity/visual-editing-types bumped to 1.1.1

sanity-io/prettier-config (@​sanity/prettier-config)

v1.0.6

Compare Source

Bug Fixes

• deps: update dependency prettier to ^3.6.0 (#​22) (588483d)

v1.0.5

Compare Source

Bug Fixes

• improve dts output (6608181)

v1.0.4

Compare Source

Bug Fixes

• deps: update prettier-plugin-packagejson to v2.5.15 (e3c8ee5)

sanity-io/visual-editing (@​sanity/preview-url-secret)

v2.1.15

Bug Fixes

• declare @sanity/icons, sanity, as optional peer deps (0e0b8d3)

v2.1.14

Bug Fixes

• deps: update dependency @​sanity/pkg-utils to v7 (#​3125) (58d123b)

v2.1.13

Bug Fixes

• deps: update dependency @​sanity/client to ^7.8.0 (95f2802)

v2.1.12

Bug Fixes

• deps: update dependency @​sanity/client to v7.6.0 (#​3020) (039b859)

sanity-io/sanity (@​sanity/types)

v3.99.0

Compare Source

Features

• Media Library video integration (#​9909) (5342858)

v3.98.1

Compare Source

Note: Version bump only for package @​sanity/types

v3.98.0

Compare Source

Note: Version bump only for package @​sanity/types

v3.97.1

Compare Source

Note: Version bump only for package @​sanity/types

v3.97.0

Compare Source

Note: Version bump only for package @​sanity/types

v3.96.0

Compare Source

Note: Version bump only for package @​sanity/types

v3.95.0

Compare Source

Note: Version bump only for package @​sanity/types

v3.94.2

Compare Source

Note: Version bump only for package @​sanity/types

v3.94.1

Compare Source

Note: Version bump only for package @​sanity/types

v3.94.0

Compare Source

Features

• core: media validator (#​9648) (2e3d18b) by Per-Kristian Nordnes (per.kristian.nordnes@gmail.com)

Bug Fixes

• core: fix issues with ML uploads (#​9745) (8bce663) by Per-Kristian Nordnes (per.kristian.nordnes@gmail.com)
• stop publishing src folders to npm (#​9744) (e9296c1) by Cody Olsen (81981+stipsan@users.noreply.github.com)

v3.93.0

Compare Source

Features

• core: add one line portable text editor option (#​9625) (f64bd68) by Pedro Bonamin (46196328+pedrobonamin@users.noreply.github.com)

Bug Fixes

• deps: update dependency @​sanity/client to ^7.6.0 (#​9649) (e41e814) by renovate[bot] (2913961+renovate[bot]@​users.noreply.github.com)

v3.92.0

Compare Source

Features

• add timeZone settings to datetime input (#​8181) (1ca2568) by Eoin Falconer (eoin.falc@gmail.com)
• core: allow configuring PTE plugins (#​8785) (57b8dc5) by Christian Grøngaard (christian.groengaard@sanity.io)

Bug Fixes

• deps: update dependency @​sanity/client to ^7.4.1 (#​9563) (28995c1) by renovate[bot] (2913961+renovate[bot]@​users.noreply.github.com)
• deps: update dependency @​sanity/client to ^7.5.0 (#​9591) (f33154b) by renovate[bot] (2913961+renovate[bot]@​users.noreply.github.com)
• speedup sanity dev by warming up the entry file (#​9567) (10dc15d) by Cody Olsen (81981+stipsan@users.noreply.github.com)

sanity-io/visual-editing (@​sanity/visual-editing)

v2.15.4

Bug Fixes

• deps: update dependency @​sanity/pkg-utils to v7 (#​3125) (58d123b)

Dependencies

• The following workspace dependencies were updated
  • dependencies
    • @​sanity/comlink bumped to 3.0.8
    • @​sanity/insert-menu bumped to 1.1.13
    • @​sanity/presentation-comlink bumped to 1.0.25
    • @​sanity/preview-url-secret bumped to 2.1.14
    • @​sanity/visual-editing-csm bumped to 2.0.21

v2.15.3

Bug Fixes

• deps: update dependency @​sanity/client to ^7.8.0 (95f2802)

Dependencies

• The following workspace dependencies were updated
  • dependencies
    • @​sanity/presentation-comlink bumped to 1.0.24
    • @​sanity/preview-url-secret bumped to 2.1.13
    • @​sanity/visual-editing-csm bumped to 2.0.20

v2.15.2

Bug Fixes

• deps: bump xstate to 5.20 (5a5c004)

Dependencies

• The following workspace dependencies were updated
  • dependencies
    • @​sanity/comlink bumped to 3.0.7
    • @​sanity/presentation-comlink bumped to 1.0.23

v2.15.1

Bug Fixes

• deps: update dependency @​sanity/client to v7.6.0 (#​3020) (039b859)
• deps: update dependency styled-components to ^6.1.19 (#​3010) (1070331)
• deps: Update dependency use-effect-event to ^2.0.2 (#​3059) (a2e0e9c)
• deps: Update dependency use-effect-event to v2 (#​3025) (f7a76d2)
• deps: Update dependency xstate to ^5.19.4 (#​3011) (33111d6)

Dependencies

• The following workspace dependencies were updated
  • dependencies
    • @​sanity/comlink bumped to 3.0.6
    • @​sanity/presentation-comlink bumped to 1.0.22
    • @​sanity/preview-url-secret bumped to 2.1.12
    • @​sanity/visual-editing-csm bumped to 2.0.19

sanity-io/sanity (groq)

v3.99.0

Compare Source

Note: Version bump only for package groq

v3.98.1

Compare Source

Note: Version bump only for package groq

v3.98.0

Compare Source

Note: Version bump only for package groq

v3.97.1

Compare Source

Note: Version bump only for package groq

v3.97.0

Compare Source

Note: Version bump only for package groq

v3.96.0

Compare Source

Note: Version bump only for package groq

v3.95.0

Compare Source

Note: Version bump only for package groq

v3.94.2

Compare Source

Note: Version bump only for package groq

v3.94.1

Compare Source

Note: Version bump only for package groq

v3.94.0

Compare Source

Bug Fixes

• stop publishing src folders to npm (#​9744) (e9296c1) by Cody Olsen (81981+stipsan@users.noreply.github.com)

v3.93.0

Compare Source

Note: Version bump only for package groq

v3.92.0

Compare Source

Note: Version bump only for package groq

sanity-io/sanity (sanity)

v3.99.0

Compare Source

Features

• core: keep values when clicking off create release modal (#​9871) (fe8330e)
• Media Library video integration (#​9909) (5342858)

Bug Fixes

• deps: update dependency @​portabletext/block-tools to ^1.1.38 (#​9940) (3dd90d5)
• deps: update dependency @​portabletext/editor to ^1.57.5 (#​9941) (892da2b)
• deps: update dependency @​sanity/ui to ^2.16.4 (#​9934) (3967361)

v3.98.1

Compare Source

• fix: handling where no templates available and not showing create doc button (#​9933) (d2f9810), closes #​9933
• fix(deps): update dependency @​portabletext/block-tools to ^1.1.36 (#​9918) (46a7d9d), closes #​9918
• fix(deps): update dependency @​portabletext/block-tools to ^1.1.37 (#​9927) (c545a1b), closes #​9927
• fix(deps): update dependency @​portabletext/editor to ^1.57.0 (#​9913) (e124c21), closes #​9913
• fix(deps): update dependency @​portabletext/editor to ^1.57.1 (#​9919) (32ebd0c), closes #​9919
• fix(deps): update dependency @​portabletext/editor to ^1.57.3 (#​9928) (ea2b66d), closes #​9928
• fix(deps): update dependency @​sanity/ui to ^2.16.3 (#​9931) (d2b3cf5), closes #​9931

v3.98.0

Compare Source

Features

• synchronize schema to the server (#​9622) (2d6d901) by Magnus Holm (judofyr@gmail.com)

Bug Fixes

• core: actions flickering- remove cleanup step for hook states on change (#​9885) (2ab9505) by Pedro Bonamin (46196328+pedrobonamin@users.noreply.github.com)
• deps: update dependency @​portabletext/block-tools to ^1.1.35 (#​9897) (d21610b) by renovate[bot] (2913961+renovate[bot]@​users.noreply.github.com)
• deps: update dependency @​portabletext/editor to ^1.56.0 (#​9889) (9cfd35d) by renovate[bot] (2913961+renovate[bot]@​users.noreply.github.com)

v3.97.1

Compare Source

Note: Version bump only for package sanity

v3.97.0

Compare Source

Features

• cli: add API tokens management commands (#​9821) (6494f59) by Rune Botten (rbotten@gmail.com)

Bug Fixes

• deps: update dependency @​portabletext/block-tools to ^1.1.34 (#​9874) (c7f16f0) by renovate[bot] (2913961+renovate[bot]@​users.noreply.github.com)
• deps: update dependency @​portabletext/editor to ^1.55.15 (#​9875) (41afd49) by renovate[bot] (2913961+renovate[bot]@​users.noreply.github.com)

v3.96.0

Compare Source

Features

• sanity: account for draft model being switched off in isPerspectiveWriteable (3d68545) by Ash (ash@sanity.io)
• sanity: add document.drafts.enabled configuration option (a06c4a5) by Ash (ash@sanity.io)
• sanity: add draft model switched off message to ChooseNewDocumentDestinationBanner (1337002) by Ash (ash@sanity.io)
• sanity: add option to compare draft to ObsoleteDraftBanner (0f6c350) by Ash (ash@sanity.io)
• sanity: do not render draft status indicators if draft model is not switched on (453e102) by Ash (ash@sanity.io)
• sanity: enable dynamic default perspective (508c736) by Ash (ash@sanity.io)
• sanity: exclude drafts from perspective stack when draft model is not switched on (242c878) by Ash (ash@sanity.io)
• sanity: make global perspective picker compatible with any default perspective (45a6712) by Ash (ash@sanity.io)
• sanity: prevent non-live-edit-document creation when the draft model is not switched on (20c6a6f) by Ash (ash@sanity.io)
• sanity: refine obsolete draft copy (af4c563) by Ash (ash@sanity.io)
• sanity: warn of obsolete drafts when draft model is switched off (1fd984a) by Ash (ash@sanity.io)

Bug Fixes

• add visual indicator when text is removed (#​9832) (ae8c0c1) by RitaDias (rita@sanity.io)
• cli: fixes dev command message (#​9856) (27f0d0c) by Binoy Patel (me@binoy.io)
• core: add 10th text level in PTE (#​9783) (da4dc30) by Christian Grøngaard (christian.groengaard@sanity.io)
• core: PTE open referenced documents from annotation popup (#​9643) (d4af0c8) by Pedro Bonamin (46196328+pedrobonamin@users.noreply.github.com)
• core: set _updateAt to the creation time in version documents (#​9861) (4d354aa) by Pedro Bonamin (46196328+pedrobonamin@users.noreply.github.com)
• core: tasks active tool animation (#​9840) (27d3390) by Pedro Bonamin (46196328+pedrobonamin@users.noreply.github.com)
• core: use data-list-index on PTE blocks to improve list counts (#​9784) (de51f45) by Christian Grøngaard (christian.groengaard@sanity.io)
• core: version chip disables context menu when releases are disabled (#​9815) (2b39112) by Jordan Lawrence (<jordanl17@​me.com>)
• deps: update dependency @​portabletext/block-tools to ^1.1.33 (#​9835) (2349c0d) by renovate[bot] (2913961+renovate[bot]@​users.noreply.github.com)
• deps: update dependency @​portabletext/editor to ^1.55.10 (#​9852) (0b5b051) by renovate[bot] (2913961+renovate[bot][@&#8203

---

Configuration

📅 Schedule: Branch creation - "before 3am on Monday" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Mend Renovate using a curated preset maintained by . View repository job log here

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	@​sanity/​types@​3.91.0 ⏵ 3.99.0			+1
	@​sanity/​presentation-comlink@​1.0.21 ⏵ 1.0.29	+1		+3	-1
	@​sanity/​prettier-config@​1.0.3 ⏵ 1.0.6	+2		+2	+2
	@​sanity/​core-loader@​1.8.10 ⏵ 1.8.18	+1		+2	-1
	groq@​3.91.0 ⏵ 3.99.0			+1
	@​sanity/​image-url@​1.1.0 ⏵ 1.2.0				-1
	sanity@​3.91.0 ⏵ 3.99.0	+1
	@​sanity/​comlink@​3.0.5 ⏵ 3.0.9	+1			-1
	@​sanity/​preview-url-secret@​2.1.11 ⏵ 2.1.15				-1
	@​sanity/​visual-editing@​2.15.0 ⏵ 2.15.4	+1
	@​sanity/​client@​7.4.0 ⏵ 7.11.2	+1			+1

View full report

[socket-security]

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action	Severity	Alert  (click "▶" to expand/collapse)
Warn		@architect/asap@7.0.10 has Environment variable access. Location: Package overview From: pnpm-lock.yaml → npm/sanity@3.99.0 → npm/@architect/asap@7.0.10 ℹ Read more on: This package | This alert | What is environment variable access? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Packages should be clear about which environment variables they access, and care should be taken to ensure they only access environment variables they claim to. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@architect/asap@7.0.10. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		@architect/asap@7.0.10 has Environment variable access. Env Vars: AWS_REGION Location: Package overview From: pnpm-lock.yaml → npm/sanity@3.99.0 → npm/@architect/asap@7.0.10 ℹ Read more on: This package | This alert | What is environment variable access? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Packages should be clear about which environment variables they access, and care should be taken to ensure they only access environment variables they claim to. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@architect/asap@7.0.10. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		@architect/inventory@4.0.9 has Environment variable access. Location: Package overview From: pnpm-lock.yaml → npm/sanity@3.99.0 → npm/@architect/inventory@4.0.9 ℹ Read more on: This package | This alert | What is environment variable access? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Packages should be clear about which environment variables they access, and care should be taken to ensure they only access environment variables they claim to. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@architect/inventory@4.0.9. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		@architect/inventory@4.0.9 has Environment variable access. Env Vars: key Location: Package overview From: pnpm-lock.yaml → npm/sanity@3.99.0 → npm/@architect/inventory@4.0.9 ℹ Read more on: This package | This alert | What is environment variable access? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Packages should be clear about which environment variables they access, and care should be taken to ensure they only access environment variables they claim to. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@architect/inventory@4.0.9. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		@architect/inventory@4.0.9 has Environment variable access. Env Vars: AWS_REGION Location: Package overview From: pnpm-lock.yaml → npm/sanity@3.99.0 → npm/@architect/inventory@4.0.9 ℹ Read more on: This package | This alert | What is environment variable access? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Packages should be clear about which environment variables they access, and care should be taken to ensure they only access environment variables they claim to. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@architect/inventory@4.0.9. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		@architect/utils@4.0.6 has Environment variable access. Env Vars: ARC_QUIET Location: Package overview From: pnpm-lock.yaml → npm/sanity@3.99.0 → npm/@architect/utils@4.0.6 ℹ Read more on: This package | This alert | What is environment variable access? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Packages should be clear about which environment variables they access, and care should be taken to ensure they only access environment variables they claim to. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@architect/utils@4.0.6. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		@architect/utils@4.0.6 has Environment variable access. Env Vars: QUIET Location: Package overview From: pnpm-lock.yaml → npm/sanity@3.99.0 → npm/@architect/utils@4.0.6 ℹ Read more on: This package | This alert | What is environment variable access? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Packages should be clear about which environment variables they access, and care should be taken to ensure they only access environment variables they claim to. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@architect/utils@4.0.6. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		@architect/utils@4.0.6 has Environment variable access. Env Vars: AWS_REGION Location: Package overview From: pnpm-lock.yaml → npm/sanity@3.99.0 → npm/@architect/utils@4.0.6 ℹ Read more on: This package | This alert | What is environment variable access? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Packages should be clear about which environment variables they access, and care should be taken to ensure they only access environment variables they claim to. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@architect/utils@4.0.6. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		@architect/utils@4.0.6 has Environment variable access. Env Vars: AWS_ACCESS_KEY_ID Location: Package overview From: pnpm-lock.yaml → npm/sanity@3.99.0 → npm/@architect/utils@4.0.6 ℹ Read more on: This package | This alert | What is environment variable access? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Packages should be clear about which environment variables they access, and care should be taken to ensure they only access environment variables they claim to. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@architect/utils@4.0.6. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		@architect/utils@4.0.6 has Environment variable access. Env Vars: AWS_PROFILE Location: Package overview From: pnpm-lock.yaml → npm/sanity@3.99.0 → npm/@architect/utils@4.0.6 ℹ Read more on: This package | This alert | What is environment variable access? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Packages should be clear about which environment variables they access, and care should be taken to ensure they only access environment variables they claim to. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@architect/utils@4.0.6. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		@architect/utils@4.0.6 has Environment variable access. Location: Package overview From: pnpm-lock.yaml → npm/sanity@3.99.0 → npm/@architect/utils@4.0.6 ℹ Read more on: This package | This alert | What is environment variable access? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Packages should be clear about which environment variables they access, and care should be taken to ensure they only access environment variables they claim to. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@architect/utils@4.0.6. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		@architect/utils@4.0.6 has Environment variable access. Env Vars: CI Location: Package overview From: pnpm-lock.yaml → npm/sanity@3.99.0 → npm/@architect/utils@4.0.6 ℹ Read more on: This package | This alert | What is environment variable access? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Packages should be clear about which environment variables they access, and care should be taken to ensure they only access environment variables they claim to. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@architect/utils@4.0.6. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		@aws-lite/client@0.21.10 has Environment variable access. Env Vars: AWS_LAMBDA_FUNCTION_NAME Location: Package overview From: pnpm-lock.yaml → npm/sanity@3.99.0 → npm/@aws-lite/client@0.21.10 ℹ Read more on: This package | This alert | What is environment variable access? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Packages should be clear about which environment variables they access, and care should be taken to ensure they only access environment variables they claim to. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@aws-lite/client@0.21.10. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		@aws-lite/client@0.21.10 has Environment variable access. Location: Package overview From: pnpm-lock.yaml → npm/sanity@3.99.0 → npm/@aws-lite/client@0.21.10 ℹ Read more on: This package | This alert | What is environment variable access? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Packages should be clear about which environment variables they access, and care should be taken to ensure they only access environment variables they claim to. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@aws-lite/client@0.21.10. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		@aws-lite/client@0.21.10 has Environment variable access. Env Vars: AWS_PROFILE Location: Package overview From: pnpm-lock.yaml → npm/sanity@3.99.0 → npm/@aws-lite/client@0.21.10 ℹ Read more on: This package | This alert | What is environment variable access? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Packages should be clear about which environment variables they access, and care should be taken to ensure they only access environment variables they claim to. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@aws-lite/client@0.21.10. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		@aws-lite/client@0.21.10 has Environment variable access. Env Vars: AWS_LITE_DEBUG Location: Package overview From: pnpm-lock.yaml → npm/sanity@3.99.0 → npm/@aws-lite/client@0.21.10 ℹ Read more on: This package | This alert | What is environment variable access? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Packages should be clear about which environment variables they access, and care should be taken to ensure they only access environment variables they claim to. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@aws-lite/client@0.21.10. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		aws4@1.13.2 has Environment variable access. Location: Package overview From: pnpm-lock.yaml → npm/sanity@3.99.0 → npm/aws4@1.13.2 ℹ Read more on: This package | This alert | What is environment variable access? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Packages should be clear about which environment variables they access, and care should be taken to ensure they only access environment variables they claim to. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/aws4@1.13.2. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		motion-utils@12.23.6 has Environment variable access. Env Vars: NODE_ENV Location: Package overview From: pnpm-lock.yaml → npm/sanity@3.99.0 → npm/@sanity/visual-editing@2.15.4 → npm/motion-utils@12.23.6 ℹ Read more on: This package | This alert | What is environment variable access? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Packages should be clear about which environment variables they access, and care should be taken to ensure they only access environment variables they claim to. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/motion-utils@12.23.6. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report