[Snyk] Upgrade: , commander, pino, prom-client

[OKEAMAH]

Snyk has created this PR to upgrade multiple dependencies.

👯 The following dependencies are linked and will therefore be updated together.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

⚠️ Warning: This PR contains major version upgrade(s), and may be a breaking change.

Name	Versions	Released on

@sentry/node
from 7.119.0 to 8.26.0 | 49 versions ahead of your current version
⚠️ This is a major version upgrade, and may be a breaking change | 23 days ago
on 2024-08-14
commander
from 11.1.0 to 12.1.0 | 4 versions ahead of your current version
⚠️ This is a major version upgrade, and may be a breaking change | 4 months ago
on 2024-05-18
pino
from 8.21.0 to 9.3.2 | 6 versions ahead of your current version
⚠️ This is a major version upgrade, and may be a breaking change | a month ago
on 2024-07-25
prom-client
from 14.2.0 to 15.1.3 | 7 versions ahead of your current version
⚠️ This is a major version upgrade, and may be a breaking change | 2 months ago
on 2024-06-27

Release notes

Package name: @sentry/node

• 8.26.0 - 2024-08-14
  

  Important Changes

  • feat(node): Add fsInstrumentation (#13291)

    This release adds fsIntegration, an integration that instruments the fs API to the Sentry Node SDK. The
    integration creates spans with naming patterns of fs.readFile, fs.unlink, and so on.

    This integration is not enabled by default and needs to be registered in your Sentry.init call. You can configure
    via options whether to include path arguments or error messages as span attributes when an fs call fails:

    Sentry.init({
      integrations: [
        Sentry.fsIntegration({
          recordFilePaths: true,
          recordErrorMessagesAsSpanAttributes: true,
        }),
      ],
    });

    WARNING: This integration may add significant overhead to your application. Especially in scenarios with a lot of
    file I/O, like for example when running a framework dev server, including this integration can massively slow down
    your application.

  Other Changes

  • feat(browser): Add spotlightBrowser integration (#13263)

  • feat(browser): Allow sentry in safari extension background page (#13209)

  • feat(browser): Send CLS as standalone span (experimental) (#13056)

  • feat(core): Add OpenTelemetry-specific getTraceData implementation (#13281)

  • feat(nextjs): Always add browserTracingIntegration (#13324)

  • feat(nextjs): Always transmit trace data to the client (#13337)

  • feat(nextjs): export SentryBuildOptions (#13296)

  • feat(nextjs): Update experimental_captureRequestError to reflect RequestInfo.path change in Next.js canary
    (#13344)

  • feat(nuxt): Always add tracing meta tags (#13273)

  • feat(nuxt): Set transaction name for server error (#13292)

  • feat(replay): Add a replay-specific logger (#13256)

  • feat(sveltekit): Add bundle size optimizations to plugin options (#13318)

  • feat(sveltekit): Always add browserTracingIntegration (#13322)

  • feat(tracing): Make long animation frames opt-out (#13255)

  • fix(astro): Correctly extract request data (#13315)

  • fix(astro): Only track access request headers in dynamic page requests (#13306)

  • fix(nuxt): Add import line for disabled autoImport (#13342)

  • fix(nuxt): Add vue to excludeEsmLoaderHooks array (#13346)

  • fix(opentelemetry): Do not overwrite http span name if kind is internal (#13282)

  • fix(remix): Ensure origin is correctly set for remix server spans (#13305)

  Work in this release was contributed by @ MonstraG, @ undead-voron and @ Zen-cronic. Thank you for your contributions!

• 8.25.0 - 2024-08-09
  

  Important Changes

  • Alpha release of Official Solid Start SDK

  This release contains the alpha version of @ sentry/solidstart, our SDK for Solid Start!
  For details on how to use it, please see the README. Any feedback/bug reports are
  greatly appreciated, please reach out on GitHub.

  Other Changes

  • feat(astro): Add bundleSizeOptimizations vite options to integration (#13250)
  • feat(astro): Always add BrowserTracing (#13244)
  • feat(core): Add getTraceMetaTags function (#13201)
  • feat(nestjs): Automatic instrumentation of nestjs exception filters (#13230)
  • feat(node): Add useOperationNameForRootSpan tographqlIntegration (#13248)
  • feat(sveltekit): Add wrapServerRouteWithSentry wrapper (#13247)
  • fix(aws-serverless): Extract sentry trace data from handler context over event (#13266)
  • fix(browser): Initialize default integration if defaultIntegrations: undefined (#13261)
  • fix(utils): Streamline IP capturing on incoming requests (#13272)
• 8.24.0 - 2024-08-06
  
  • feat(nestjs): Filter RPC exceptions (#13227)
  • fix: Guard getReader function for other fetch implementations (#13246)
  • fix(feedback): Ensure feedback can be lazy loaded in CDN bundles (#13241)
• 8.23.0 - 2024-08-05
  

  Important Changes

  • feat(cloudflare): Add Cloudflare D1 instrumentation (#13142)

  This release includes support for Cloudflare D1, Cloudflare's serverless SQL database. To instrument your Cloudflare D1
  database, use the instrumentD1WithSentry method as follows:

  // env.DB is the D1 DB binding configured in your `wrangler.toml`
  const db = instrumentD1WithSentry(env.DB);
  // Now you can use the database as usual
  await db.prepare('SELECT * FROM table WHERE id = ?').bind(1).run();

  Other Changes

  • feat(cloudflare): Allow users to pass handler to sentryPagesPlugin (#13192)
  • feat(cloudflare): Instrument scheduled handler (#13114)
  • feat(core): Add getTraceData function (#13134)
  • feat(nestjs): Automatic instrumentation of nestjs interceptors before route execution (#13153)
  • feat(nestjs): Automatic instrumentation of nestjs pipes (#13137)
  • feat(nuxt): Filter out Nuxt build assets (#13148)
  • feat(profiling): Attach sdk info to chunks (#13145)
  • feat(solidstart): Add sentry onBeforeResponse middleware to enable distributed tracing (#13221)
  • feat(solidstart): Filter out low quality transactions for build assets (#13222)
  • fix(browser): Avoid showing browser extension error message in non-window global scopes (#13156)
  • fix(feedback): Call dialog.close() in dialog close callbacks in \_loadAndRenderDialog (#13203)
  • fix(nestjs): Inline Observable type to resolve missing 'rxjs' dependency (#13166)
  • fix(nuxt): Detect pageload by adding flag in Vue router (#13171)
  • fix(utils): Handle when requests get aborted in fetch instrumentation (#13202)
  • ref(browser): Improve browserMetrics collection (#13062)

  Work in this release was contributed by @ horochx. Thank you for your contribution!

• 8.22.0 - 2024-08-01
  

  Important Changes

  • feat(cloudflare): Add plugin for cloudflare pages (#13123)

  This release adds support for Cloudflare Pages to @ sentry/cloudflare, our SDK for the
  Cloudflare Workers JavaScript Runtime! For details on how to use it,
  please see the README. Any feedback/bug reports are greatly appreciated, please
  reach out on GitHub.

  // functions/_middleware.js
  import * as Sentry from '@ sentry/cloudflare';

  export const onRequest = Sentry.sentryPagesPlugin({
  dsn: PUBLIC_DSN,
  // Set tracesSampleRate to 1.0 to capture 100% of spans for tracing.
  tracesSampleRate: 1.0,
  });

  Other Changes

  • feat(meta-sdks): Remove runtime tags (#13105)
  • feat(nestjs): Automatic instrumentation of nestjs guards (#13129)
  • feat(nestjs): Filter all HttpExceptions (#13120)
  • feat(replay): Capture exception when internal_sdk_error client report happens (#13072)
  • fix: Use globalThis for code injection (#13132)

  Bundle size 📦

  Path	Size
  @ sentry/browser	22.45 KB
  @ sentry/browser (incl. Tracing)	34.22 KB
  @ sentry/browser (incl. Tracing, Replay)	70.28 KB
  @ sentry/browser (incl. Tracing, Replay) - with treeshaking flags	63.62 KB
  @ sentry/browser (incl. Tracing, Replay with Canvas)	74.68 KB
  @ sentry/browser (incl. Tracing, Replay, Feedback)	87.26 KB
  @ sentry/browser (incl. Tracing, Replay, Feedback, metrics)	89.11 KB
  @ sentry/browser (incl. metrics)	26.75 KB
  @ sentry/browser (incl. Feedback)	39.37 KB
  @ sentry/browser (incl. sendFeedback)	27.06 KB
  @ sentry/browser (incl. FeedbackAsync)	31.7 KB
  @ sentry/react	25.22 KB
  @ sentry/react (incl. Tracing)	37.22 KB
  @ sentry/vue	26.6 KB
  @ sentry/vue (incl. Tracing)	36.06 KB
  @ sentry/svelte	22.58 KB
  CDN Bundle	23.64 KB
  CDN Bundle (incl. Tracing)	35.88 KB
  CDN Bundle (incl. Tracing, Replay)	70.31 KB
  CDN Bundle (incl. Tracing, Replay, Feedback)	75.57 KB
  CDN Bundle - uncompressed	69.37 KB
  CDN Bundle (incl. Tracing) - uncompressed	106.31 KB
  CDN Bundle (incl. Tracing, Replay) - uncompressed	218.16 KB
  CDN Bundle (incl. Tracing, Replay, Feedback) - uncompressed	230.99 KB
  @ sentry/nextjs (client)	37.07 KB
  @ sentry/sveltekit (client)	34.79 KB
  @ sentry/node	114.65 KB
  @ sentry/node - without tracing	89.33 KB
  @ sentry/aws-serverless	98.5 KB

• 8.21.0 - 2024-07-31
  

  Important Changes

  • Alpha release of Official Cloudflare SDK
    • feat(cloudflare): Add withSentry method (#13025)
    • feat(cloudflare): Add cloudflare sdk scaffolding (#12953)
    • feat(cloudflare): Add basic cloudflare package and tests (#12861)

  This release contains the alpha version of @ sentry/cloudflare, our SDK for the
  Cloudflare Workers JavaScript Runtime! For details on how to use it,
  please see the README. Any feedback/bug reports are greatly appreciated, please
  reach out on GitHub.

  Please note that only Cloudflare Workers are tested and supported - official Cloudflare Pages support will come in an
  upcoming release.

  Other Changes

  • feat(feedback): Make cropped screenshot area draggable (#13071)
  • feat(core): Adapt spans for client-side fetch to streaming responses (#12723)
  • feat(core): Capture # of dropped spans through beforeSendTransaction (#13022)
  • feat(deps): bump @ opentelemetry/instrumentation-aws-sdk from 0.43.0 to 0.43.1 (#13089)
  • feat(deps): bump @ opentelemetry/instrumentation-express from 0.41.0 to 0.41.1 (#13090)
  • feat(nestjs): Automatic instrumentation of nestjs middleware (#13065)
  • feat(node): Upgrade import-in-the-middle to 1.11.0 (#13107)
  • feat(nuxt): Add connected tracing meta tags (#13098)
  • feat(nuxt): Add vue-router instrumentation (#13054)
  • feat(solidstart): Add server action instrumentation helper (#13035)
  • fix(feedback): Ensure pluggable feedback CDN bundle is correctly built (#13081)
  • fix(nextjs): Only delete clientside bundle source maps with sourcemaps.deleteFilesAfterUpload (#13102)
  • fix(node): Improve OTEL validation logic (#13079)

  Bundle size 📦

  Path	Size
  @ sentry/browser	22.45 KB
  @ sentry/browser (incl. Tracing)	34.22 KB
  @ sentry/browser (incl. Tracing, Replay)	70.26 KB
  @ sentry/browser (incl. Tracing, Replay) - with treeshaking flags	63.59 KB
  @ sentry/browser (incl. Tracing, Replay with Canvas)	74.66 KB
  @ sentry/browser (incl. Tracing, Replay, Feedback)	87.24 KB
  @ sentry/browser (incl. Tracing, Replay, Feedback, metrics)	89.08 KB
  @ sentry/browser (incl. metrics)	26.75 KB
  @ sentry/browser (incl. Feedback)	39.37 KB
  @ sentry/browser (incl. sendFeedback)	27.06 KB
  @ sentry/browser (incl. FeedbackAsync)	31.7 KB
  @ sentry/react	25.22 KB
  @ sentry/react (incl. Tracing)	37.22 KB
  @ sentry/vue	26.6 KB
  @ sentry/vue (incl. Tracing)	36.06 KB
  @ sentry/svelte	22.58 KB
  CDN Bundle	23.64 KB
  CDN Bundle (incl. Tracing)	35.88 KB
  CDN Bundle (incl. Tracing, Replay)	70.27 KB
  CDN Bundle (incl. Tracing, Replay, Feedback)	75.53 KB
  CDN Bundle - uncompressed	69.37 KB
  CDN Bundle (incl. Tracing) - uncompressed	106.31 KB
  CDN Bundle (incl. Tracing, Replay) - uncompressed	217.95 KB
  CDN Bundle (incl. Tracing, Replay, Feedback) - uncompressed	230.78 KB
  @ sentry/nextjs (client)	37.08 KB
  @ sentry/sveltekit (client)	34.81 KB
  @ sentry/node	114.55 KB
  @ sentry/node - without tracing	89.33 KB
  @ sentry/aws-serverless	98.5 KB

• 8.20.0 - 2024-07-24
  

  Important Changes

  • feat(node): Allow to pass registerEsmLoaderHooks to preload (#12998)

  You can write your own custom preload script and configure this in the preload options. registerEsmLoaderHooks can be
  passed as an option to preloadOpenTelemetry, which allows to exclude/include packages in the preload.

  • fix(node): Do not emit fetch spans when tracing is disabled (#13003)

  Sentry will not emit "fetch" spans if tracing is disabled. This is relevant for user who use their own sampler.

  Other Changes

  • feat(feedback): Trigger button aria label configuration (#13008)
  • feat(nestjs): Change nest sdk setup (#12920)
  • feat(node): Extend ESM hooks options for iitm v1.10.0 (#13016)
  • feat(node): Send client reports (#12951)
  • feat(nuxt): Automatically add BrowserTracing (#13005)
  • feat(nuxt): Setup source maps with vite config (#13018)
  • feat(replay): Improve public Replay APIs (#13000)

  Bundle size 📦

  Path	Size
  @ sentry/browser	22.31 KB
  @ sentry/browser (incl. Tracing)	33.72 KB
  @ sentry/browser (incl. Tracing, Replay)	69.82 KB
  @ sentry/browser (incl. Tracing, Replay) - with treeshaking flags	63.16 KB
  @ sentry/browser (incl. Tracing, Replay with Canvas)	74.21 KB
  @ sentry/browser (incl. Tracing, Replay, Feedback)	86.58 KB
  @ sentry/browser (incl. Tracing, Replay, Feedback, metrics)	88.45 KB
  @ sentry/browser (incl. metrics)	26.62 KB
  @ sentry/browser (incl. Feedback)	39.02 KB
  @ sentry/browser (incl. sendFeedback)	26.93 KB
  @ sentry/browser (incl. FeedbackAsync)	31.57 KB
  @ sentry/react	25.08 KB
  @ sentry/react (incl. Tracing)	36.8 KB
  @ sentry/vue	26.45 KB
  @ sentry/vue (incl. Tracing)	35.61 KB
  @ sentry/svelte	22.44 KB
  CDN Bundle	23.52 KB
  CDN Bundle (incl. Tracing)	35.5 KB
  CDN Bundle (incl. Tracing, Replay)	69.86 KB
  CDN Bundle (incl. Tracing, Replay, Feedback)	75.15 KB
  CDN Bundle - uncompressed	69 KB
  CDN Bundle (incl. Tracing) - uncompressed	105.1 KB
  CDN Bundle (incl. Tracing, Replay) - uncompressed	216.74 KB
  CDN Bundle (incl. Tracing, Replay, Feedback) - uncompressed	229.57 KB
  @ sentry/nextjs (client)	36.66 KB
  @ sentry/sveltekit (client)	34.39 KB
  @ sentry/node	111.76 KB
  @ sentry/node - without tracing	89.21 KB
  @ sentry/aws-serverless	98.34 KB

• 8.19.0 - 2024-07-19
• 8.18.0 - 2024-07-16
• 8.17.0 - 2024-07-10
• 8.16.0 - 2024-07-09
• 8.15.0 - 2024-07-05
• 8.14.0 - 2024-07-04
• 8.13.0 - 2024-06-27
• 8.12.0 - 2024-06-25
• 8.12.0-beta.0 - 2024-06-24
• 8.11.0 - 2024-06-21
• 8.10.0 - 2024-06-19
• 8.9.2 - 2024-06-12
• 8.9.1 - 2024-06-11
• 8.9.0 - 2024-06-11
• 8.8.0 - 2024-06-07
• 8.7.0 - 2024-05-29
• 8.6.0 - 2024-05-29
• 8.5.0 - 2024-05-27
• 8.4.0 - 2024-05-23
• 8.3.0 - 2024-05-22
• 8.2.1 - 2024-05-16
• 8.2.0 - 2024-05-16
• 8.1.0 - 2024-05-16
• 8.0.0 - 2024-05-13
• 8.0.0-rc.3 - 2024-05-10
• 8.0.0-rc.2 - 2024-05-08
• 8.0.0-rc.1 - 2024-05-07
• 8.0.0-rc.0 - 2024-05-06
• 8.0.0-beta.6 - 2024-05-03
• 8.0.0-beta.5 - 2024-04-30
• 8.0.0-beta.4 - 2024-04-24
• 8.0.0-beta.3 - 2024-04-19
• 8.0.0-beta.2 - 2024-04-17
• 8.0.0-beta.1 - 2024-04-15
• 8.0.0-alpha.9 - 2024-04-08
• 8.0.0-alpha.8 - 2024-04-08
• 8.0.0-alpha.7 - 2024-03-27
• 8.0.0-alpha.5 - 2024-03-22
• 8.0.0-alpha.4 - 2024-03-14
• 8.0.0-alpha.3 - 2024-03-14
• 8.0.0-alpha.2 - 2024-03-05
• 8.0.0-alpha.1 - 2024-03-04
• 7.119.0 - 2024-08-14
  
  • backport(tracing): Report dropped spans for transactions (#13343)

  Bundle size 📦

  Path	Size
  @ sentry/browser (incl. Tracing, Replay, Feedback) - Webpack (gzipped)	80.96 KB
  @ sentry/browser (incl. Tracing, Replay) - Webpack (gzipped)	71.89 KB
  @ sentry/browser (incl. Tracing, Replay with Canvas) - Webpack (gzipped)	76.14 KB
  @ sentry/browser (incl. Tracing, Replay) - Webpack with treeshaking flags (gzipped)	65.52 KB
  @ sentry/browser (incl. Tracing) - Webpack (gzipped)	35.77 KB
  @ sentry/browser (incl. browserTracingIntegration) - Webpack (gzipped)	35.66 KB
  @ sentry/browser (incl. Feedback) - Webpack (gzipped)	31.71 KB
  @ sentry/browser (incl. sendFeedback) - Webpack (gzipped)	31.72 KB
  @ sentry/browser - Webpack (gzipped)	22.91 KB
  @ sentry/browser (incl. Tracing, Replay, Feedback) - ES6 CDN Bundle (gzipped)	79.17 KB
  @ sentry/browser (incl. Tracing, Replay) - ES6 CDN Bundle (gzipped)	70.49 KB
  @ sentry/browser (incl. Tracing) - ES6 CDN Bundle (gzipped)	36.17 KB
  @ sentry/browser - ES6 CDN Bundle (gzipped)	25.41 KB
  @ sentry/browser (incl. Tracing, Replay) - ES6 CDN Bundle (minified & uncompressed)	221.92 KB
  @ sentry/browser (incl. Tracing) - ES6 CDN Bundle (minified & uncompressed)	109.52 KB
  @ sentry/browser - ES6 CDN Bundle (minified & uncompressed)	76.24 KB
  @ sentry/browser (incl. Tracing) - ES5 CDN Bundle (gzipped)	39.45 KB
  @ sentry/react (incl. Tracing, Replay) - Webpack (gzipped)	72.4 KB
  @ sentry/react - Webpack (gzipped)	22.94 KB
  @ sentry/nextjs Client (incl. Tracing, Replay) - Webpack (gzipped)	90.16 KB
  @ sentry/nextjs Client - Webpack (gzipped)	54.27 KB
  @ sentry-internal/feedback - Webpack (gzipped)	17.34 KB

from @sentry/node GitHub release notes

Package name: commander

• 12.1.0 - 2024-05-18
  

  Added

  • auto-detect special node flags node --eval and node --print when call .parse() with no arguments (#2164)

  Changed

  • prefix require of Node.js core modules with node: (#2170)
  • format source files with Prettier (#2180)
  • switch from StandardJS to directly calling ESLint for linting (#2153)
  • extend security support for previous major version of Commander (#2150)

  Removed

  • removed unimplemented Option.fullDescription from TypeScript definition (#2191)
• 12.0.0 - 2024-02-03
  

  Added

  • .addHelpOption() as another way of configuring built-in help option (#2006)
  • .helpCommand() for configuring built-in help command (#2087)

  Fixed

  • Breaking: use non-zero exit code when spawned executable subcommand terminates due to a signal (#2023)
  • Breaking: check passThroughOptions constraints when using .addCommand and throw if parent command does not have

[sourcery-ai]

We have skipped reviewing this pull request. Here's why:

• It seems to have been created by a bot ('[Snyk]' found in title). We assume it knows what it's doing!
• We don't review packaging changes - Let us know if you'd like us to change this.

[socket-security]

New and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package	New capabilities	Transitives	Size	Publisher
npm/@metamask/test-dapp@8.1.0	None	0	4.46 MB	gudahtt
npm/@playwright/test@1.40.1	Transitive: environment, eval, filesystem, network, shell, unsafe	+2	10.1 MB	dgozman-ms
npm/@synthetixio/synpress@3.7.2-beta.9	environment, filesystem Transitive: eval, network, shell, unsafe	+941	132 MB	drptbl
npm/dotenv@16.3.1	environment, filesystem	0	71.6 kB	motdotla
npm/prom-client@15.0.0	filesystem, network, unsafe	+3	3.7 MB	simenb
npm/serve@14.2.1	Transitive: environment, eval, filesystem, network, shell, unsafe	+89	4.43 MB	vercel-release-bot
npm/typescript@5.3.3	None	0	32 MB	typescript-bot
npm/viem@1.20.0	network Transitive: environment	+9	10.2 MB	jmoxey

🚮 Removed packages: npm/@babel/eslint-parser@7.23.10), npm/@changesets/changelog-github@0.4.8), npm/@changesets/cli@2.27.1), npm/@eth-optimism/contracts-periphery@1.0.8), npm/@eth-optimism/contracts@0.6.0), npm/@ethereumjs/rlp@5.0.2), npm/@ethersproject/abi@5.7.0), npm/@ethersproject/abstract-provider@5.7.0), npm/@ethersproject/abstract-signer@5.7.0), npm/@ethersproject/address@5.7.0), npm/@ethersproject/bignumber@5.7.0), npm/@ethersproject/bytes@5.7.0), npm/@ethersproject/constants@5.7.0), npm/@ethersproject/contracts@5.7.0), npm/@ethersproject/keccak256@5.7.0), npm/@ethersproject/properties@5.7.0), npm/@ethersproject/rlp@5.7.0), npm/@ethersproject/transactions@5.7.0), npm/@ethersproject/web@5.7.1), npm/@nomiclabs/hardhat-ethers@2.2.3), npm/@nomiclabs/hardhat-waffle@2.0.1), npm/@nomiclabs/hardhat-waffle@2.0.6), npm/@sentry/node@7.99.0), npm/@swc/core@1.4.6), npm/@testing-library/jest-dom@6.4.2), npm/@testing-library/react-hooks@8.0.1), npm/@testing-library/react@14.2.1), npm/@types/chai-as-promised@7.1.8), npm/@types/chai@4.3.11), npm/@types/change-case@2.3.1), npm/@types/dateformat@5.0.0), npm/@types/glob@8.1.0), npm/@types/mocha@10.0.6), npm/@types/morgan@1.9.9), npm/@types/node@20.11.17), npm/@types/pino-multi-stream@5.1.6), npm/@types/pino@7.0.5), npm/@types/semver@7.5.7), npm/@typescript-eslint/eslint-plugin@6.21.0), npm/@typescript-eslint/parser@6.21.0), npm/@vitest/coverage-istanbul@1.2.2), npm/@wagmi/cli@2.1.4), npm/@wagmi/core@2.6.3), npm/abitype@1.0.2), npm/bcfg@0.2.1), npm/body-parser@1.20.2), npm/chai-as-promised@7.1.1), npm/chai@4.3.10), npm/change-case@4.1.2), npm/dateformat@4.5.1), npm/depcheck@1.4.7), npm/doctoc@2.2.1), npm/dotenv@16.4.5), npm/envalid@8.0.0), npm/eslint-config-prettier@9.1.0), npm/eslint-config-standard@16.0.3)

View full report↗︎

[socket-security]

🚨 Potential security issues detected. Learn more about Socket for GitHub ↗︎

To accept the risk, merge this PR and you will not be notified again.

Alert	Package	Note	Source	CI
Critical CVE	npm/gh-pages@4.0.0	CVE: GHSA-8mmm-9v2q-x3f9 tschaub gh-pages vulnerable to prototype pollution (CRITICAL) Affected versions: < 5.0.0 Patched version: 5.0.0	ufm-test-services/metamask/package.json ufm-test-services/metamask/pnpm-lock.yaml	⚠︎

View full report↗︎

Next steps

What is a critical CVE?

Contains a Critical Common Vulnerability and Exposure (CVE).

Remove or replace dependencies that include known critical CVEs. Consumers can use dependency overrides or npm audit fix --force to remove vulnerable dependencies.

Take a deeper look at the dependency

Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support [AT] socket [DOT] dev.

Remove the package

If you happen to install a dependency that Socket reports as Known Malware you should immediately remove it and select a different dependency. For other alert types, you may may wish to investigate alternative packages or consider if there are other ways to mitigate the specific risk posed by the dependency.

Mark a package as acceptable risk

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of ecosystem/package-name@version specifiers. e.g. @SocketSecurity ignore npm/foo@1.0.0 or ignore all packages with @SocketSecurity ignore-all

• @SocketSecurity ignore npm/gh-pages@4.0.0

[github-actions]

This PR is stale because it has been open 14 days with no activity. Remove stale label or comment or this will be closed in 5 days.