Bump the npm_and_yarn group across 1 directory with 57 updates #17

dependabot · 2025-09-11T01:04:16Z

Bumps the npm_and_yarn group with 23 updates in the / directory:

Package	From	To
semver	`5.7.1`	`5.7.2`
@babel/helpers	`7.13.10`	`7.28.4`
@babel/runtime-corejs3	`7.13.10`	`7.28.4`
ansi-html	`0.0.7`	`0.0.9`
react-scripts	`4.0.3`	`5.0.1`
ansi-regex	`5.0.0`	`5.0.1`
ansi-regex	`3.0.0`	`3.0.1`
ansi-regex	`4.1.0`	`4.1.1`
base-x	`3.0.8`	`3.0.11`
qs	`6.5.2`	`6.5.3`
brace-expansion	`1.1.11`	`1.1.12`
browserify-sign	`4.2.1`	`4.2.3`
cipher-base	`1.0.4`	`1.0.6`
cookiejar	`2.1.2`	`2.1.4`
decode-uri-component	`0.2.0`	`0.2.2`
elliptic	`6.5.4`	`6.6.1`
@ethersproject/signing-key	`5.1.0`	`5.8.0`
es5-ext	`0.10.53`	`0.10.64`
secp256k1	`3.8.0`	`3.8.1`
secp256k1	`4.0.2`	`4.0.4`
got	`7.1.0`	`12.1.0`
web3	`1.3.4`	`1.10.4`
minimatch	`3.0.4`	`3.0.8`
tough-cookie	`2.5.0`	`4.1.4`
node-sass	`5.0.0`	`9.0.0`
web3	`1.10.4`	`4.16.0`
sha.js	`2.4.11`	`2.4.12`

Updates semver from 5.7.1 to 5.7.2

Release notes

Sourced from semver's releases.

v5.7.2

5.7.2 (2023-07-10)

Bug Fixes

2f8fd41 #585 better handling of whitespace (#585) (@joaomoreno, @lukekarrys)

Changelog

Sourced from semver's changelog.

5.7.2 (2023-07-10)

Bug Fixes

2f8fd41 #585 better handling of whitespace (#585) (@joaomoreno, @lukekarrys)

5.7

Add minVersion method

5.6

Move boolean loose param to an options object, with backwards-compatibility protection.

Add ability to opt out of special prerelease version handling with the includePrerelease option flag.

5.5

Add version coercion capabilities

5.4

Add intersection checking

5.3

Add minSatisfying method

5.2

Add prerelease(v) that returns prerelease components

5.1

Add Backus-Naur for ranges

Remove excessively cute inspection methods

5.0

Remove AMD/Browserified build artifacts

Fix ltr and gtr when using the * range

Fix for range * with a prerelease identifier

Commits

f8cc313 chore: release 5.7.2
2f8fd41 fix: better handling of whitespace (#585)
deb5ad5 chore: @npmcli/template-oss@4.16.0
See full diff in compare view

Maintainer changes

This version was pushed to npm by lukekarrys, a new releaser for semver since your current version.

Updates @babel/helpers from 7.13.10 to 7.28.4

Release notes

Sourced from @babel/helpers's releases.

v7.28.4 (2025-09-05)

Thanks @gwillen and @mrginglymus for your first PRs!

🏠 Internal

babel-core, babel-helper-check-duplicate-nodes, babel-traverse, babel-types

#17493 Update Jest to v30.1.1 (@JLHwung)

babel-plugin-transform-regenerator

#17455 chore: Clean up transform-regenerator (@liuxingbaoyu)

babel-core

#17474 Switch to @jridgewell/remapping (@mrginglymus)

Committers: 5

Babel Bot (@babel-bot)

Bill Collins (@mrginglymus)

Glenn Willen (@gwillen)

Huáng Jùnliàng (@JLHwung)

@liuxingbaoyu

v7.28.3 (2025-08-14)

👓 Spec Compliance

babel-helper-create-class-features-plugin, babel-plugin-proposal-decorators, babel-plugin-transform-class-static-block, babel-preset-env

#17443 [static blocks] Do not inject new static fields after static code (@nicolo-ribaudo)

🐛 Bug Fix

babel-parser

#17465 fix(parser/typescript): parse import("./a", {with:{},}) (@easrng)

#17478 fix(parser): stop subscript parsing on async arrow (@JLHwung)

💅 Polish

babel-plugin-transform-regenerator, babel-plugin-transform-runtime

#17363 Do not save last yield in call in temp var (@nicolo-ribaudo)

📝 Documentation

#17448 move eslint-{parser,plugin} docs to the website (@JLHwung)

🏠 Internal

#17454 Enable type checking for scripts and babel-worker.cjs (@JLHwung)

🔬 Output optimization

babel-plugin-proposal-destructuring-private, babel-plugin-proposal-do-expressions

#17444 Optimize do expression output (@JLHwung)

Committers: 5

Babel Bot (@babel-bot)

Huáng Jùnliàng (@JLHwung)

Jam Balaya (@JamBalaya56562)

Nicolò Ribaudo (@nicolo-ribaudo)

easrng (@easrng)

... (truncated)

Changelog

Sourced from @babel/helpers's changelog.

v7.28.4 (2025-09-05)

🏠 Internal

babel-core, babel-helper-check-duplicate-nodes, babel-traverse, babel-types

#17493 Update Jest to v30.1.1 (@JLHwung)

babel-plugin-transform-regenerator

#17455 chore: Clean up transform-regenerator (@liuxingbaoyu)

babel-core

#17474 Switch to @jridgewell/remapping (@mrginglymus)

v7.28.3 (2025-08-14)

👓 Spec Compliance

babel-helper-create-class-features-plugin, babel-plugin-proposal-decorators, babel-plugin-transform-class-static-block, babel-preset-env

#17443 [static blocks] Do not inject new static fields after static code (@nicolo-ribaudo)

🐛 Bug Fix

babel-parser

#17465 fix(parser/typescript): parse import("./a", {with:{},}) (@easrng)

#17478 fix(parser): stop subscript parsing on async arrow (@JLHwung)

💅 Polish

babel-plugin-transform-regenerator, babel-plugin-transform-runtime

#17363 Do not save last yield in call in temp var (@nicolo-ribaudo)

📝 Documentation

#17448 move eslint-{parser,plugin} docs to the website (@JLHwung)

🏠 Internal

#17454 Enable type checking for scripts and babel-worker.cjs (@JLHwung)

🔬 Output optimization

babel-plugin-proposal-destructuring-private, babel-plugin-proposal-do-expressions

#17444 Optimize do expression output (@JLHwung)

v7.28.2 (2025-07-24)

🐛 Bug Fix

babel-types

#17445 [babel 7] Make operator param in t.tsTypeOperator optional (@nicolo-ribaudo)

babel-helpers, babel-plugin-transform-async-generator-functions, babel-plugin-transform-regenerator, babel-preset-env, babel-runtime-corejs3

#17441 fix: regeneratorDefine compatibility with es5 strict mode (@liuxingbaoyu)

v7.28.1 (2025-07-12)

🐛 Bug Fix

babel-plugin-transform-async-generator-functions, babel-plugin-transform-regenerator

#17426 fix: regenerator correctly handles throw outside of try (@liuxingbaoyu)

📝 Documentation

babel-types

#17422 Add missing FunctionParameter docs (@JLHwung)

... (truncated)

Commits

35055e3 v7.28.4
18d88b8 Improve @babel/core typings (#17471)
ef155f5 v7.28.3
741cbd2 chore: fix various typos across codebase (#17476)
cac0ff4 v7.28.2
f743094 fix: regeneratorDefine compatibility with es5 strict mode (#17441)
baa4cb8 v7.27.6
fdbf1b3 fix: finally causes unexpected return value (#17366)
7d06930 v7.27.4
5b9468d Reduce regenerator size more (#17287)
Additional commits viewable in compare view

Updates @babel/runtime-corejs3 from 7.13.10 to 7.28.4

Release notes

Sourced from @babel/runtime-corejs3's releases.

v7.28.4 (2025-09-05)

Thanks @gwillen and @mrginglymus for your first PRs!

🏠 Internal

babel-core, babel-helper-check-duplicate-nodes, babel-traverse, babel-types

#17493 Update Jest to v30.1.1 (@JLHwung)

babel-plugin-transform-regenerator

#17455 chore: Clean up transform-regenerator (@liuxingbaoyu)

babel-core

#17474 Switch to @jridgewell/remapping (@mrginglymus)

Committers: 5

Babel Bot (@babel-bot)

Bill Collins (@mrginglymus)

Glenn Willen (@gwillen)

Huáng Jùnliàng (@JLHwung)

@liuxingbaoyu

v7.28.3 (2025-08-14)

👓 Spec Compliance

babel-helper-create-class-features-plugin, babel-plugin-proposal-decorators, babel-plugin-transform-class-static-block, babel-preset-env

#17443 [static blocks] Do not inject new static fields after static code (@nicolo-ribaudo)

🐛 Bug Fix

babel-parser

#17465 fix(parser/typescript): parse import("./a", {with:{},}) (@easrng)

#17478 fix(parser): stop subscript parsing on async arrow (@JLHwung)

💅 Polish

babel-plugin-transform-regenerator, babel-plugin-transform-runtime

#17363 Do not save last yield in call in temp var (@nicolo-ribaudo)

📝 Documentation

#17448 move eslint-{parser,plugin} docs to the website (@JLHwung)

🏠 Internal

#17454 Enable type checking for scripts and babel-worker.cjs (@JLHwung)

🔬 Output optimization

babel-plugin-proposal-destructuring-private, babel-plugin-proposal-do-expressions

#17444 Optimize do expression output (@JLHwung)

Committers: 5

Babel Bot (@babel-bot)

Huáng Jùnliàng (@JLHwung)

Jam Balaya (@JamBalaya56562)

Nicolò Ribaudo (@nicolo-ribaudo)

easrng (@easrng)

... (truncated)

Changelog

Sourced from @babel/runtime-corejs3's changelog.

v7.28.4 (2025-09-05)

🏠 Internal

babel-core, babel-helper-check-duplicate-nodes, babel-traverse, babel-types

#17493 Update Jest to v30.1.1 (@JLHwung)

babel-plugin-transform-regenerator

#17455 chore: Clean up transform-regenerator (@liuxingbaoyu)

babel-core

#17474 Switch to @jridgewell/remapping (@mrginglymus)

v7.28.3 (2025-08-14)

👓 Spec Compliance

babel-helper-create-class-features-plugin, babel-plugin-proposal-decorators, babel-plugin-transform-class-static-block, babel-preset-env

#17443 [static blocks] Do not inject new static fields after static code (@nicolo-ribaudo)

🐛 Bug Fix

babel-parser

#17465 fix(parser/typescript): parse import("./a", {with:{},}) (@easrng)

#17478 fix(parser): stop subscript parsing on async arrow (@JLHwung)

💅 Polish

babel-plugin-transform-regenerator, babel-plugin-transform-runtime

#17363 Do not save last yield in call in temp var (@nicolo-ribaudo)

📝 Documentation

#17448 move eslint-{parser,plugin} docs to the website (@JLHwung)

🏠 Internal

#17454 Enable type checking for scripts and babel-worker.cjs (@JLHwung)

🔬 Output optimization

babel-plugin-proposal-destructuring-private, babel-plugin-proposal-do-expressions

#17444 Optimize do expression output (@JLHwung)

v7.28.2 (2025-07-24)

🐛 Bug Fix

babel-types

#17445 [babel 7] Make operator param in t.tsTypeOperator optional (@nicolo-ribaudo)

babel-helpers, babel-plugin-transform-async-generator-functions, babel-plugin-transform-regenerator, babel-preset-env, babel-runtime-corejs3

#17441 fix: regeneratorDefine compatibility with es5 strict mode (@liuxingbaoyu)

v7.28.1 (2025-07-12)

🐛 Bug Fix

babel-plugin-transform-async-generator-functions, babel-plugin-transform-regenerator

#17426 fix: regenerator correctly handles throw outside of try (@liuxingbaoyu)

📝 Documentation

babel-types

#17422 Add missing FunctionParameter docs (@JLHwung)

... (truncated)

Commits

35055e3 v7.28.4
18d88b8 Improve @babel/core typings (#17471)
ef155f5 v7.28.3
cac0ff4 v7.28.2
f743094 fix: regeneratorDefine compatibility with es5 strict mode (#17441)
ccc5fae v7.28.0
cd0de90 Update babel-polyfill packages (#17403)
baa4cb8 v7.27.6
fdbf1b3 fix: finally causes unexpected return value (#17366)
7d06930 v7.27.4
Additional commits viewable in compare view

Updates @babel/traverse from 7.13.13 to 7.28.4

Release notes

Sourced from @babel/traverse's releases.

v7.28.4 (2025-09-05)

Thanks @gwillen and @mrginglymus for your first PRs!

🏠 Internal

babel-core, babel-helper-check-duplicate-nodes, babel-traverse, babel-types

#17493 Update Jest to v30.1.1 (@JLHwung)

babel-plugin-transform-regenerator

#17455 chore: Clean up transform-regenerator (@liuxingbaoyu)

babel-core

#17474 Switch to @jridgewell/remapping (@mrginglymus)

Committers: 5

Babel Bot (@babel-bot)

Bill Collins (@mrginglymus)

Glenn Willen (@gwillen)

Huáng Jùnliàng (@JLHwung)

@liuxingbaoyu

v7.28.3 (2025-08-14)

👓 Spec Compliance

babel-helper-create-class-features-plugin, babel-plugin-proposal-decorators, babel-plugin-transform-class-static-block, babel-preset-env

#17443 [static blocks] Do not inject new static fields after static code (@nicolo-ribaudo)

🐛 Bug Fix

babel-parser

#17465 fix(parser/typescript): parse import("./a", {with:{},}) (@easrng)

#17478 fix(parser): stop subscript parsing on async arrow (@JLHwung)

💅 Polish

babel-plugin-transform-regenerator, babel-plugin-transform-runtime

#17363 Do not save last yield in call in temp var (@nicolo-ribaudo)

📝 Documentation

#17448 move eslint-{parser,plugin} docs to the website (@JLHwung)

🏠 Internal

#17454 Enable type checking for scripts and babel-worker.cjs (@JLHwung)

🔬 Output optimization

babel-plugin-proposal-destructuring-private, babel-plugin-proposal-do-expressions

#17444 Optimize do expression output (@JLHwung)

Committers: 5

Babel Bot (@babel-bot)

Huáng Jùnliàng (@JLHwung)

Jam Balaya (@JamBalaya56562)

Nicolò Ribaudo (@nicolo-ribaudo)

easrng (@easrng)

... (truncated)

Changelog

Sourced from @babel/traverse's changelog.

v7.28.4 (2025-09-05)

🏠 Internal

babel-core, babel-helper-check-duplicate-nodes, babel-traverse, babel-types

#17493 Update Jest to v30.1.1 (@JLHwung)

babel-plugin-transform-regenerator

#17455 chore: Clean up transform-regenerator (@liuxingbaoyu)

babel-core

#17474 Switch to @jridgewell/remapping (@mrginglymus)

v7.28.3 (2025-08-14)

👓 Spec Compliance

babel-helper-create-class-features-plugin, babel-plugin-proposal-decorators, babel-plugin-transform-class-static-block, babel-preset-env

#17443 [static blocks] Do not inject new static fields after static code (@nicolo-ribaudo)

🐛 Bug Fix

babel-parser

#17465 fix(parser/typescript): parse import("./a", {with:{},}) (@easrng)

#17478 fix(parser): stop subscript parsing on async arrow (@JLHwung)

💅 Polish

babel-plugin-transform-regenerator, babel-plugin-transform-runtime

#17363 Do not save last yield in call in temp var (@nicolo-ribaudo)

📝 Documentation

#17448 move eslint-{parser,plugin} docs to the website (@JLHwung)

🏠 Internal

#17454 Enable type checking for scripts and babel-worker.cjs (@JLHwung)

🔬 Output optimization

babel-plugin-proposal-destructuring-private, babel-plugin-proposal-do-expressions

#17444 Optimize do expression output (@JLHwung)

v7.28.2 (2025-07-24)

🐛 Bug Fix

babel-types

#17445 [babel 7] Make operator param in t.tsTypeOperator optional (@nicolo-ribaudo)

babel-helpers, babel-plugin-transform-async-generator-functions, babel-plugin-transform-regenerator, babel-preset-env, babel-runtime-corejs3

#17441 fix: regeneratorDefine compatibility with es5 strict mode (@liuxingbaoyu)

v7.28.1 (2025-07-12)

🐛 Bug Fix

babel-plugin-transform-async-generator-functions, babel-plugin-transform-regenerator

#17426 fix: regenerator correctly handles throw outside of try (@liuxingbaoyu)

📝 Documentation

babel-types

#17422 Add missing FunctionParameter docs (@JLHwung)

... (truncated)

Commits

35055e3 v7.28.4
b41f8cd Update Jest to v30.1.1 (#17493)
22493b6 Improve @babel/traverse typings (#17485)
18d88b8 Improve @babel/core typings (#17471)
ef155f5 v7.28.3
741cbd2 chore: fix various typos across codebase (#17476)
5051613 Type-check .d.ts file with strict: true (#17461)
ccc5fae v7.28.0
4b4e7e2 Create babel-helper-globals (#17297)
cf5ae03 LVal coverage updates (Part 2) (#17391)
Additional commits viewable in compare view

Updates ansi-html from 0.0.7 to 0.0.9

Commits

See full diff in compare view

Updates react-scripts from 4.0.3 to 5.0.1

Commits

19fa58d Publish
9802941 fix: webpack noise printed only if error or warning (#12245)
2eef1d0 Update templates to use React 18 createRoot (#12220)
221e511 Publish
5614c87 Add support for Tailwind (#11717)
20edab4 fix(webpackDevServer): disable overlay for warnings (#11413)
3afbbc0 Update all dependencies (#11624)
f5467d5 feat(eslint-config-react-app): support ESLint 8.x (#11375)
c7627ce Update webpack and dev server (#11646)
544befe Update package.json (#11597)
Additional commits viewable in compare view

Updates ansi-regex from 5.0.0 to 5.0.1

Release notes

Sourced from ansi-regex's releases.

v5.0.1

Fixes (backport of 6.0.1 to v5)

This is a backport of the minor ReDos vulnerability in ansi-regex@<6.0.1, as requested in #38.

Fix ReDoS in certain cases (#37) You are only really affected if you run the regex on untrusted user input in a server context, which it's very unlikely anyone is doing, since this regex is mainly used in command-line tools.

CVE-2021-3807

https://github.com/chalk/ansi-regex/compare/v5.0.0..v5.0.1

Thank you @yetingli for the patch and reproduction case!

Commits

a9babce 5.0.1
4657833 fix incorrect format
c3c0b3f Fix potential ReDoS (#37)
178363b Move to GitHub Actions (#35)
0755e66 Add @Qix- to funding.yml
See full diff in compare view

Updates ansi-regex from 3.0.0 to 3.0.1

Release notes

Sourced from ansi-regex's releases.

v5.0.1

Fixes (backport of 6.0.1 to v5)

This is a backport of the minor ReDos vulnerability in ansi-regex@<6.0.1, as requested in #38.

Fix ReDoS in certain cases (#37) You are only really affected if you run the regex on untrusted user input in a server context, which it's very unlikely anyone is doing, since this regex is mainly used in command-line tools.

CVE-2021-3807

https://github.com/chalk/ansi-regex/compare/v5.0.0..v5.0.1

Thank you @yetingli for the patch and reproduction case!

Commits

a9babce 5.0.1
4657833 fix incorrect format
c3c0b3f Fix potential ReDoS (#37)
178363b Move to GitHub Actions (#35)
0755e66 Add @Qix- to funding.yml
See full diff in compare view

Updates ansi-regex from 4.1.0 to 4.1.1

Release notes

Sourced from ansi-regex's releases.

v5.0.1

Fixes (backport of 6.0.1 to v5)

This is a backport of the minor ReDos vulnerability in ansi-regex@<6.0.1, as requested in #38.

Fix ReDoS in certain cases (#37) You are only really affected if you run the regex on untrusted user input in a server context, which it's very unlikely anyone is doing, since this regex is mainly used in command-line tools.

CVE-2021-3807

https://github.com/chalk/ansi-regex/compare/v5.0.0..v5.0.1

Thank you @yetingli for the patch and reproduction case!

Commits

a9babce 5.0.1
4657833 fix incorrect format
c3c0b3f Fix potential ReDoS (#37)
178363b Move to GitHub Actions (#35)
0755e66 Add @Qix- to funding.yml
See full diff in compare view

Updates async from 2.6.3 to 3.2.6

Changelog

Sourced from async's changelog.

v3.2.5

Ensure Error objects such as AggregateError are propagated without modification (#1920)

v3.2.4

Fix a bug in priorityQueue where it didn't wait for the result. (#1725)

Fix a bug where unshiftAsync was included in priorityQueue. (#1790)

v3.2.3

Fix bugs in comment parsing in autoInject. (#1767, #1780)

v3.2.2

Fix potential prototype pollution exploit

v3.2.1

Use queueMicrotask if available to the environment (#1761)

Minor perf improvement in priorityQueue (#1727)

More examples in documentation (#1726)

Various doc fixes (#1708, #1712, #1717, #1740, #1739, #1749, #1756)

Improved test coverage (#1754)

v3.2.0

Fix a bug in Safari related to overwriting func.name

Remove built-in browserify configuration (#1653)

Varios doc fixes (#1688, #1703, #1704)

v3.1.1

Allow redefining name property on wrapped functions.

v3.1.0

Added q.pushAsync and q.unshiftAsync, analagous to q.push and q.unshift, except they always do not accept a callback, and reject if processing the task errors. (#1659)

Promises returned from q.push and q.unshift when a callback is not passed now resolve even if an error ocurred. (#1659)

Fixed a parsing bug in autoInject with complicated function bodies (#1663)

Added ES6+ configuration for Browserify bundlers (#1653)

Various doc fixes (#1664, #1658, #1665, #1652)

v3.0.1

Bug fixes

Fixed a regression where arrays passed to queue and cargo would be completely flattened. (#1645)

Clarified Async's browser support (#1643)

v3.0.0

The async/await release!

There are a lot of new features and subtle breaking changes in this major version, but the biggest feature is that most Async methods return a Promise if you omit the callback, meaning you can await them from within an async function.
</tr></table> 

... (truncated)

Commits

85fb18f Version 3.2.6
8c0c941 Update built files
5f756b4 Fix ReDoS (#1980)
39cdc9b build(deps-dev): bump karma from 6.4.3 to 6.4.4 (#1985)
7b8ddeb build(deps-dev): bump @babel/core from 7.24.7 to 7.25.2 (#1981)
4634a9d build(deps-dev): bump rollup from 4.18.0 to 4.19.2 (#1982)
afb176c build(deps-dev): bump chai from 4.4.1 to 4.5.0 (#1983)
3568a74 build(deps-dev): bump @babel/eslint-parser from 7.24.7 to 7.25.1 (#1984)
9e885fd build(deps-dev): bump babel-plugin-istanbul from 6.1.1 to 7.0.0 (#1986)
f9c7f2a build(deps-dev): bump semver from 7.6.2 to 7.6.3 (#1987)
Additional commits viewable in compare view

Updates json5 from 1.0.1 to 1.0.2

Release notes

Sourced from json5's releases.

v1.0.2

Fix: Properties with the name __proto__ are added to objects and arrays. (#199) This also fixes a prototype pollution vulnerability reported by Jonathan Gregson! (#295). This has been backported to v1. (#298)

Changelog

Sourced from json5's changelog.

Unreleased [code, diff]

v2.2.3 [code, diff]

Fix: json5@2.2.3 is now the 'latest' release according to npm instead of v1.0.2. (#299)

v2.2.2 [code, diff]

Fix: Properties with the name __proto__ are added to objects and arrays. (#199) This also fixes a prototype pollution vulnerability reported by Jonathan Gregson! (#295).

v2.2.1 [code, diff]

Fix: Removed dependence on minimist to patch CVE-2021-44906. (#266)

v2.2.0 [code, diff]

New: Accurate and documented TypeScript declarations are now included. There is no need to install @types/json5. (#236, #244)

v2.1.3 [code, diff]

Fix: An out of memory bug when parsing numbers has been fixed. (#228, #229)

v2.1.2 [code, diff]

... (truncated)

Commits

a62db1e 1.0.2
e0c23fe docs: update CHANGELOG for v1.0.2
62a6540 fix: add proto to objects and arrays
See full diff in compare view

Updates loader-utils from 1.2.3 to 2.0.0

Release notes

Sourced from loader-utils's releases.

v2.0.0

2.0.0 (2020-03-17)

⚠ BREAKING CHANGES

minimum required Node.js version is 8.9.0 (#166) (c937e8c)

the getOptions method returns empty object on empty query (#167) (b595cfb)

Use md4 by default

v1.4.2

1.4.2 (2022-11-11)

Bug Fixes

ReDoS problem (#226) (17cbf8f)

v1.4.1

1.4.1 (2022-11-07)

Bug Fixes

security problem (#220) (4504e34)

v1.4.0

1.4.0 (2020-02-19)

Features

the resourceQuery is passed to the interpolateName method (#163) (cd0e428)

v1.3.0

1.3.0 (2020-02-19)

Features

support the [query] template for the interpolatedName method (#162) (469eeba)

Changelog

Sourced from loader-utils's changelog.

2.0.0 (2020-03-17)

⚠ BREAKING CHANGES

minimum required Node.j... Description has been truncated

Bumps the npm_and_yarn group with 23 updates in the / directory: | Package | From | To | | --- | --- | --- | | [semver](https://github.com/npm/node-semver) | `5.7.1` | `5.7.2` | | [@babel/helpers](https://github.com/babel/babel/tree/HEAD/packages/babel-helpers) | `7.13.10` | `7.28.4` | | [@babel/runtime-corejs3](https://github.com/babel/babel/tree/HEAD/packages/babel-runtime-corejs3) | `7.13.10` | `7.28.4` | | [ansi-html](https://github.com/Tjatse/ansi-html) | `0.0.7` | `0.0.9` | | [react-scripts](https://github.com/facebook/create-react-app/tree/HEAD/packages/react-scripts) | `4.0.3` | `5.0.1` | | [ansi-regex](https://github.com/chalk/ansi-regex) | `5.0.0` | `5.0.1` | | [ansi-regex](https://github.com/chalk/ansi-regex) | `3.0.0` | `3.0.1` | | [ansi-regex](https://github.com/chalk/ansi-regex) | `4.1.0` | `4.1.1` | | [base-x](https://github.com/cryptocoinjs/base-x) | `3.0.8` | `3.0.11` | | [qs](https://github.com/ljharb/qs) | `6.5.2` | `6.5.3` | | [brace-expansion](https://github.com/juliangruber/brace-expansion) | `1.1.11` | `1.1.12` | | [browserify-sign](https://github.com/crypto-browserify/browserify-sign) | `4.2.1` | `4.2.3` | | [cipher-base](https://github.com/crypto-browserify/cipher-base) | `1.0.4` | `1.0.6` | | [cookiejar](https://github.com/bmeck/node-cookiejar) | `2.1.2` | `2.1.4` | | [decode-uri-component](https://github.com/SamVerschueren/decode-uri-component) | `0.2.0` | `0.2.2` | | [elliptic](https://github.com/indutny/elliptic) | `6.5.4` | `6.6.1` | | [@ethersproject/signing-key](https://github.com/ethers-io/ethers.js/tree/HEAD/packages/signing-key) | `5.1.0` | `5.8.0` | | [es5-ext](https://github.com/medikoo/es5-ext) | `0.10.53` | `0.10.64` | | [secp256k1](https://github.com/cryptocoinjs/secp256k1-node) | `3.8.0` | `3.8.1` | | [secp256k1](https://github.com/cryptocoinjs/secp256k1-node) | `4.0.2` | `4.0.4` | | [got](https://github.com/sindresorhus/got) | `7.1.0` | `12.1.0` | | [web3](https://github.com/ChainSafe/web3.js) | `1.3.4` | `1.10.4` | | [minimatch](https://github.com/isaacs/minimatch) | `3.0.4` | `3.0.8` | | [tough-cookie](https://github.com/salesforce/tough-cookie) | `2.5.0` | `4.1.4` | | [node-sass](https://github.com/sass/node-sass) | `5.0.0` | `9.0.0` | | [web3](https://github.com/ChainSafe/web3.js) | `1.10.4` | `4.16.0` | | [sha.js](https://github.com/crypto-browserify/sha.js) | `2.4.11` | `2.4.12` | Updates `semver` from 5.7.1 to 5.7.2 - [Release notes](https://github.com/npm/node-semver/releases) - [Changelog](https://github.com/npm/node-semver/blob/v5.7.2/CHANGELOG.md) - [Commits](npm/node-semver@v5.7.1...v5.7.2) Updates `@babel/helpers` from 7.13.10 to 7.28.4 - [Release notes](https://github.com/babel/babel/releases) - [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md) - [Commits](https://github.com/babel/babel/commits/v7.28.4/packages/babel-helpers) Updates `@babel/runtime-corejs3` from 7.13.10 to 7.28.4 - [Release notes](https://github.com/babel/babel/releases) - [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md) - [Commits](https://github.com/babel/babel/commits/v7.28.4/packages/babel-runtime-corejs3) Updates `@babel/traverse` from 7.13.13 to 7.28.4 - [Release notes](https://github.com/babel/babel/releases) - [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md) - [Commits](https://github.com/babel/babel/commits/v7.28.4/packages/babel-traverse) Updates `ansi-html` from 0.0.7 to 0.0.9 - [Commits](https://github.com/Tjatse/ansi-html/commits) Updates `react-scripts` from 4.0.3 to 5.0.1 - [Release notes](https://github.com/facebook/create-react-app/releases) - [Changelog](https://github.com/facebook/create-react-app/blob/main/CHANGELOG-4.x.md) - [Commits](https://github.com/facebook/create-react-app/commits/react-scripts@5.0.1/packages/react-scripts) Updates `ansi-regex` from 5.0.0 to 5.0.1 - [Release notes](https://github.com/chalk/ansi-regex/releases) - [Commits](chalk/ansi-regex@v5.0.0...v5.0.1) Updates `ansi-regex` from 3.0.0 to 3.0.1 - [Release notes](https://github.com/chalk/ansi-regex/releases) - [Commits](chalk/ansi-regex@v5.0.0...v5.0.1) Updates `ansi-regex` from 4.1.0 to 4.1.1 - [Release notes](https://github.com/chalk/ansi-regex/releases) - [Commits](chalk/ansi-regex@v5.0.0...v5.0.1) Updates `async` from 2.6.3 to 3.2.6 - [Release notes](https://github.com/caolan/async/releases) - [Changelog](https://github.com/caolan/async/blob/master/CHANGELOG.md) - [Commits](caolan/async@v2.6.3...v3.2.6) Updates `json5` from 1.0.1 to 1.0.2 - [Release notes](https://github.com/json5/json5/releases) - [Changelog](https://github.com/json5/json5/blob/main/CHANGELOG.md) - [Commits](json5/json5@v1.0.1...v1.0.2) Updates `loader-utils` from 1.2.3 to 2.0.0 - [Release notes](https://github.com/webpack/loader-utils/releases) - [Changelog](https://github.com/webpack/loader-utils/blob/master/CHANGELOG.md) - [Commits](webpack/loader-utils@v1.2.3...v2.0.0) Updates `base-x` from 3.0.8 to 3.0.11 - [Commits](cryptocoinjs/base-x@v3.0.8...v3.0.11) Updates `body-parser` from 1.19.0 to 1.20.3 - [Release notes](https://github.com/expressjs/body-parser/releases) - [Changelog](https://github.com/expressjs/body-parser/blob/master/HISTORY.md) - [Commits](expressjs/body-parser@1.19.0...1.20.3) Updates `qs` from 6.5.2 to 6.5.3 - [Changelog](https://github.com/ljharb/qs/blob/main/CHANGELOG.md) - [Commits](ljharb/qs@v6.5.2...v6.5.3) Updates `brace-expansion` from 1.1.11 to 1.1.12 - [Release notes](https://github.com/juliangruber/brace-expansion/releases) - [Commits](juliangruber/brace-expansion@1.1.11...v1.1.12) Updates `braces` from 2.3.2 to 3.0.3 - [Changelog](https://github.com/micromatch/braces/blob/master/CHANGELOG.md) - [Commits](https://github.com/micromatch/braces/commits/3.0.3) Updates `browserify-sign` from 4.2.1 to 4.2.3 - [Changelog](https://github.com/browserify/browserify-sign/blob/main/CHANGELOG.md) - [Commits](browserify/browserify-sign@v4.2.1...v4.2.3) Updates `normalize-url` from 1.9.1 to 4.5.0 - [Release notes](https://github.com/sindresorhus/normalize-url/releases) - [Commits](sindresorhus/normalize-url@v1.9.1...v4.5.0) Updates `cipher-base` from 1.0.4 to 1.0.6 - [Changelog](https://github.com/browserify/cipher-base/blob/master/CHANGELOG.md) - [Commits](browserify/cipher-base@v1.0.4...v1.0.6) Updates `cookie` from 0.4.0 to 0.7.1 - [Release notes](https://github.com/jshttp/cookie/releases) - [Commits](jshttp/cookie@v0.4.0...v0.7.1) Updates `cookiejar` from 2.1.2 to 2.1.4 - [Commits](https://github.com/bmeck/node-cookiejar/commits) Updates `cross-spawn` from 6.0.5 to 7.0.6 - [Changelog](https://github.com/moxystudio/node-cross-spawn/blob/master/CHANGELOG.md) - [Commits](moxystudio/node-cross-spawn@v6.0.5...v7.0.6) Updates `decode-uri-component` from 0.2.0 to 0.2.2 - [Release notes](https://github.com/SamVerschueren/decode-uri-component/releases) - [Commits](SamVerschueren/decode-uri-component@v0.2.0...v0.2.2) Updates `ejs` from 2.7.4 to 3.1.10 - [Release notes](https://github.com/mde/ejs/releases) - [Commits](mde/ejs@v2.7.4...v3.1.10) Updates `elliptic` from 6.5.4 to 6.6.1 - [Commits](indutny/elliptic@v6.5.4...v6.6.1) Updates `@ethersproject/signing-key` from 5.1.0 to 5.8.0 - [Release notes](https://github.com/ethers-io/ethers.js/releases) - [Changelog](https://github.com/ethers-io/ethers.js/blob/v5.8.0/CHANGELOG.md) - [Commits](https://github.com/ethers-io/ethers.js/commits/v5.8.0/packages/signing-key) Updates `es5-ext` from 0.10.53 to 0.10.64 - [Release notes](https://github.com/medikoo/es5-ext/releases) - [Changelog](https://github.com/medikoo/es5-ext/blob/main/CHANGELOG.md) - [Commits](medikoo/es5-ext@v0.10.53...v0.10.64) Updates `secp256k1` from 3.8.0 to 3.8.1 - [Release notes](https://github.com/cryptocoinjs/secp256k1-node/releases) - [Commits](cryptocoinjs/secp256k1-node@v3.8.0...v3.8.1) Updates `secp256k1` from 4.0.2 to 4.0.4 - [Release notes](https://github.com/cryptocoinjs/secp256k1-node/releases) - [Commits](cryptocoinjs/secp256k1-node@v3.8.0...v3.8.1) Updates `express` from 4.17.1 to 4.21.2 - [Release notes](https://github.com/expressjs/express/releases) - [Changelog](https://github.com/expressjs/express/blob/4.21.2/History.md) - [Commits](expressjs/express@4.17.1...4.21.2) Updates `path-to-regexp` from 0.1.7 to 0.1.12 - [Release notes](https://github.com/pillarjs/path-to-regexp/releases) - [Changelog](https://github.com/pillarjs/path-to-regexp/blob/master/History.md) - [Commits](pillarjs/path-to-regexp@v0.1.7...v0.1.12) Updates `follow-redirects` from 1.13.3 to 1.15.11 - [Release notes](https://github.com/follow-redirects/follow-redirects/releases) - [Commits](follow-redirects/follow-redirects@v1.13.3...v1.15.11) Updates `micromatch` from 3.1.10 to 4.0.8 - [Release notes](https://github.com/micromatch/micromatch/releases) - [Changelog](https://github.com/micromatch/micromatch/blob/master/CHANGELOG.md) - [Commits](micromatch/micromatch@3.1.10...4.0.8) Updates `got` from 7.1.0 to 12.1.0 - [Release notes](https://github.com/sindresorhus/got/releases) - [Commits](sindresorhus/got@v7.1.0...v12.1.0) Updates `web3` from 1.3.4 to 1.10.4 - [Release notes](https://github.com/ChainSafe/web3.js/releases) - [Changelog](https://github.com/web3/web3.js/blob/v1.10.4/CHANGELOG.md) - [Commits](web3/web3.js@v1.3.4...v1.10.4) Updates `http-cache-semantics` from 4.1.0 to 4.2.0 - [Commits](https://github.com/kornelski/http-cache-semantics/commits) Updates `http-proxy-middleware` from 0.19.1 to 2.0.9 - [Release notes](https://github.com/chimurai/http-proxy-middleware/releases) - [Changelog](https://github.com/chimurai/http-proxy-middleware/blob/v2.0.9/CHANGELOG.md) - [Commits](chimurai/http-proxy-middleware@v0.19.1...v2.0.9) Updates `immer` from 8.0.1 to 9.0.21 - [Release notes](https://github.com/immerjs/immer/releases) - [Commits](immerjs/immer@v8.0.1...v9.0.21) Updates `minimatch` from 3.0.4 to 3.0.8 - [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md) - [Commits](isaacs/minimatch@v3.0.4...v3.0.8) Updates `minimist` from 1.2.5 to 1.2.8 - [Changelog](https://github.com/minimistjs/minimist/blob/main/CHANGELOG.md) - [Commits](minimistjs/minimist@v1.2.5...v1.2.8) Updates `nanoid` from 3.1.22 to 3.3.11 - [Release notes](https://github.com/ai/nanoid/releases) - [Changelog](https://github.com/ai/nanoid/blob/main/CHANGELOG.md) - [Commits](ai/nanoid@3.1.22...3.3.11) Updates `node-forge` from 0.10.0 to 1.3.1 - [Changelog](https://github.com/digitalbazaar/forge/blob/main/CHANGELOG.md) - [Commits](digitalbazaar/forge@0.10.0...v1.3.1) Updates `on-headers` from 1.0.2 to 1.1.0 - [Release notes](https://github.com/jshttp/on-headers/releases) - [Changelog](https://github.com/jshttp/on-headers/blob/master/HISTORY.md) - [Commits](jshttp/on-headers@v1.0.2...v1.1.0) Updates `pbkdf2` from 3.1.1 to 3.1.3 - [Changelog](https://github.com/browserify/pbkdf2/blob/master/CHANGELOG.md) - [Commits](browserify/pbkdf2@v3.1.1...v3.1.3) Updates `postcss` from 7.0.21 to 7.0.39 - [Release notes](https://github.com/postcss/postcss/releases) - [Changelog](https://github.com/postcss/postcss/blob/7.0.39/CHANGELOG.md) - [Commits](postcss/postcss@7.0.21...7.0.39) Updates `tough-cookie` from 2.5.0 to 4.1.4 - [Release notes](https://github.com/salesforce/tough-cookie/releases) - [Changelog](https://github.com/salesforce/tough-cookie/blob/master/CHANGELOG.md) - [Commits](salesforce/tough-cookie@v2.5.0...v4.1.4) Updates `node-sass` from 5.0.0 to 9.0.0 - [Release notes](https://github.com/sass/node-sass/releases) - [Changelog](https://github.com/sass/node-sass/blob/master/CHANGELOG.md) - [Commits](sass/node-sass@v5.0.0...v9.0.0) Updates `web3` from 1.10.4 to 4.16.0 - [Release notes](https://github.com/ChainSafe/web3.js/releases) - [Changelog](https://github.com/web3/web3.js/blob/v1.10.4/CHANGELOG.md) - [Commits](web3/web3.js@v1.3.4...v1.10.4) Updates `rollup` from 1.32.1 to 2.79.2 - [Release notes](https://github.com/rollup/rollup/releases) - [Changelog](https://github.com/rollup/rollup/blob/master/CHANGELOG-1.md) - [Commits](rollup/rollup@v1.32.1...v2.79.2) Updates `send` from 0.17.1 to 0.19.0 - [Release notes](https://github.com/pillarjs/send/releases) - [Changelog](https://github.com/pillarjs/send/blob/master/HISTORY.md) - [Commits](pillarjs/send@0.17.1...0.19.0) Updates `serve-static` from 1.14.1 to 1.16.2 - [Release notes](https://github.com/expressjs/serve-static/releases) - [Changelog](https://github.com/expressjs/serve-static/blob/v1.16.2/HISTORY.md) - [Commits](expressjs/serve-static@v1.14.1...v1.16.2) Updates `sha.js` from 2.4.11 to 2.4.12 - [Changelog](https://github.com/browserify/sha.js/blob/master/CHANGELOG.md) - [Commits](browserify/sha.js@v2.4.11...v2.4.12) Updates `shell-quote` from 1.7.2 to 1.8.3 - [Changelog](https://github.com/ljharb/shell-quote/blob/main/CHANGELOG.md) - [Commits](ljharb/shell-quote@v1.7.2...v1.8.3) Updates `ssri` from 6.0.1 to 8.0.1 - [Release notes](https://github.com/npm/ssri/releases) - [Changelog](https://github.com/npm/ssri/blob/main/CHANGELOG.md) - [Commits](npm/ssri@v6.0.1...v8.0.1) Updates `tar` from 4.4.13 to 6.2.1 - [Release notes](https://github.com/isaacs/node-tar/releases) - [Changelog](https://github.com/isaacs/node-tar/blob/main/CHANGELOG.md) - [Commits](isaacs/node-tar@v4.4.13...v6.2.1) Updates `ws` from 3.3.3 to 7.5.10 - [Release notes](https://github.com/websockets/ws/releases) - [Commits](websockets/ws@3.3.3...7.5.10) Updates `terser` from 4.8.0 to 5.44.0 - [Changelog](https://github.com/terser/terser/blob/master/CHANGELOG.md) - [Commits](terser/terser@v4.8.0...v5.44.0) Updates `webpack-dev-middleware` from 3.7.3 to 5.3.4 - [Release notes](https://github.com/webpack/webpack-dev-middleware/releases) - [Changelog](https://github.com/webpack/webpack-dev-middleware/blob/v5.3.4/CHANGELOG.md) - [Commits](webpack/webpack-dev-middleware@v3.7.3...v5.3.4) Updates `webpack-dev-server` from 3.11.1 to 4.15.2 - [Release notes](https://github.com/webpack/webpack-dev-server/releases) - [Changelog](https://github.com/webpack/webpack-dev-server/blob/v4.15.2/CHANGELOG.md) - [Commits](webpack/webpack-dev-server@v3.11.1...v4.15.2) Updates `word-wrap` from 1.2.3 to 1.2.5 - [Release notes](https://github.com/jonschlinkert/word-wrap/releases) - [Commits](jonschlinkert/word-wrap@1.2.3...1.2.5) --- updated-dependencies: - dependency-name: semver dependency-version: 5.7.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: "@babel/helpers" dependency-version: 7.28.4 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: "@babel/runtime-corejs3" dependency-version: 7.28.4 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: "@babel/traverse" dependency-version: 7.28.4 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: ansi-html dependency-version: 0.0.9 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: react-scripts dependency-version: 5.0.1 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: ansi-regex dependency-version: 5.0.1 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: ansi-regex dependency-version: 3.0.1 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: ansi-regex dependency-version: 4.1.1 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: async dependency-version: 3.2.6 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: json5 dependency-version: 1.0.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: loader-utils dependency-version: 2.0.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: base-x dependency-version: 3.0.11 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: body-parser dependency-version: 1.20.3 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: qs dependency-version: 6.5.3 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: brace-expansion dependency-version: 1.1.12 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: braces dependency-version: 3.0.3 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: browserify-sign dependency-version: 4.2.3 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: normalize-url dependency-version: 4.5.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: cipher-base dependency-version: 1.0.6 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: cookie dependency-version: 0.7.1 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: cookiejar dependency-version: 2.1.4 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: cross-spawn dependency-version: 7.0.6 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: decode-uri-component dependency-version: 0.2.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: ejs dependency-version: 3.1.10 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: elliptic dependency-version: 6.6.1 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: "@ethersproject/signing-key" dependency-version: 5.8.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: es5-ext dependency-version: 0.10.64 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: secp256k1 dependency-version: 3.8.1 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: secp256k1 dependency-version: 4.0.4 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: express dependency-version: 4.21.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: path-to-regexp dependency-version: 0.1.12 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: follow-redirects dependency-version: 1.15.11 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: micromatch dependency-version: 4.0.8 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: got dependency-version: 12.1.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: web3 dependency-version: 1.10.4 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: http-cache-semantics dependency-version: 4.2.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: http-proxy-middleware dependency-version: 2.0.9 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: immer dependency-version: 9.0.21 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: minimatch dependency-version: 3.0.8 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: minimist dependency-version: 1.2.8 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: nanoid dependency-version: 3.3.11 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: node-forge dependency-version: 1.3.1 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: on-headers dependency-version: 1.1.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: pbkdf2 dependency-version: 3.1.3 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: postcss dependency-version: 7.0.39 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: tough-cookie dependency-version: 4.1.4 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: node-sass dependency-version: 9.0.0 dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: web3 dependency-version: 4.16.0 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: rollup dependency-version: 2.79.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: send dependency-version: 0.19.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: serve-static dependency-version: 1.16.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: sha.js dependency-version: 2.4.12 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: shell-quote dependency-version: 1.8.3 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: ssri dependency-version: 8.0.1 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: tar dependency-version: 6.2.1 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: ws dependency-version: 7.5.10 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: terser dependency-version: 5.44.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: webpack-dev-middleware dependency-version: 5.3.4 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: webpack-dev-server dependency-version: 4.15.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: word-wrap dependency-version: 1.2.5 dependency-type: indirect dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <support@github.com>

socket-security · 2025-09-11T01:06:38Z

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Package	Supply Chain Security	Vulnerability	Quality	Maintenance
@babel/plugin-proposal-class-properties@7.12.1 ⏵ 7.18.6	⁺¹		⁺¹	⁺¹
@babel/preset-react@7.12.1 ⏵ 7.27.1	⁺¹		⁺²
react-scripts@4.0.3 ⏵ 5.0.1	⁺¹
@babel/eslint-parser@7.13.14 ⏵ 7.28.4			^-25
node-sass@5.0.0 ⏵ 9.0.0	⁺¹	⁺⁵
prop-types@15.7.2 ⏵ 15.8.1
web3@1.3.4 ⏵ 4.16.0	^-1	⁺⁵	⁺²¹
eslint-plugin-import@2.22.1 ⏵ 2.32.0
eslint-plugin-react@7.23.1 ⏵ 7.37.5
eslint-plugin-react-hooks@4.2.0 ⏵ 4.6.2			⁺¹

View full report

socket-security · 2025-09-11T01:06:40Z

Caution

Review the following alerts detected in dependencies.

According to your organization's Security Policy, you must resolve all "Block" alerts before proceeding. It is recommended to resolve "Warn" alerts too. Learn more about Socket for GitHub.

Action	Severity	Alert (click "▶" to expand/collapse)
Block		`es5-ext@0.10.64` is Protestware or potentially unwanted behavior. Note: The script attempts to run a local post-install script, which could potentially contain malicious code. The error handling suggests that it is designed to fail silently, which is a common tactic in malicious scripts. From: package-lock.json → `npm/@toruslabs/torus-embed@1.9.14` → `npm/es5-ext@0.10.64` ℹ Read more on: This package \| This alert \| What is protestware? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Consider that consuming this package may come along with functionality unrelated to its primary purpose. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore npm/es5-ext@0.10.64`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Block		`abortcontroller-polyfill@1.7.8` has Network access. Module: globalThis["fetch"] Location: Package overview From: package-lock.json → `npm/@toruslabs/torus-embed@1.9.14` → `npm/abortcontroller-polyfill@1.7.8` ℹ Read more on: This package \| This alert \| What is network access? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Packages should remove all network access that is functionally unnecessary. Consumers should audit network access to ensure legitimate use. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore npm/abortcontroller-polyfill@1.7.8`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Block		`agentkeepalive@4.6.0` has Network access. Module: http Location: Package overview From: package-lock.json → `npm/react-scripts@5.0.1` → `npm/node-sass@9.0.0` → `npm/agentkeepalive@4.6.0` ℹ Read more on: This package \| This alert \| What is network access? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Packages should remove all network access that is functionally unnecessary. Consumers should audit network access to ensure legitimate use. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore npm/agentkeepalive@4.6.0`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Block		`agentkeepalive@4.6.0` has Network access. Module: https Location: Package overview From: package-lock.json → `npm/react-scripts@5.0.1` → `npm/node-sass@9.0.0` → `npm/agentkeepalive@4.6.0` ℹ Read more on: This package \| This alert \| What is network access? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Packages should remove all network access that is functionally unnecessary. Consumers should audit network access to ensure legitimate use. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore npm/agentkeepalive@4.6.0`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Block		`cross-fetch@4.1.0` has Network access. Module: globalThis["fetch"] Location: Package overview From: package-lock.json → `npm/web3@4.16.0` → `npm/@toruslabs/torus-embed@1.9.14` → `npm/cross-fetch@4.1.0` ℹ Read more on: This package \| This alert \| What is network access? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Packages should remove all network access that is functionally unnecessary. Consumers should audit network access to ensure legitimate use. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore npm/cross-fetch@4.1.0`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Block		`domutils@2.8.0` has Network access. Module: globalThis["fetch"] Location: Package overview From: package-lock.json → `npm/react-scripts@5.0.1` → `npm/domutils@2.8.0` ℹ Read more on: This package \| This alert \| What is network access? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Packages should remove all network access that is functionally unnecessary. Consumers should audit network access to ensure legitimate use. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore npm/domutils@2.8.0`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Block		`foreground-child@3.3.1` has Shell access. Module: child_process Location: Package overview From: package-lock.json → `npm/react-scripts@5.0.1` → `npm/foreground-child@3.3.1` ℹ Read more on: This package \| This alert \| What is shell access? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Packages should avoid accessing the shell which can reduce portability, and make it easier for malicious shell access to be introduced. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore npm/foreground-child@3.3.1`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Block		`http-proxy-agent@4.0.1` has Network access. Module: tls Location: Package overview From: package-lock.json → `npm/react-scripts@5.0.1` → `npm/node-sass@9.0.0` → `npm/http-proxy-agent@4.0.1` ℹ Read more on: This package \| This alert \| What is network access? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Packages should remove all network access that is functionally unnecessary. Consumers should audit network access to ensure legitimate use. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore npm/http-proxy-agent@4.0.1`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Block		`http-proxy-agent@4.0.1` has Network access. Module: net Location: Package overview From: package-lock.json → `npm/react-scripts@5.0.1` → `npm/node-sass@9.0.0` → `npm/http-proxy-agent@4.0.1` ℹ Read more on: This package \| This alert \| What is network access? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Packages should remove all network access that is functionally unnecessary. Consumers should audit network access to ensure legitimate use. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore npm/http-proxy-agent@4.0.1`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Block		`http-proxy-agent@5.0.0` has Network access. Module: net Location: Package overview From: package-lock.json → `npm/node-sass@9.0.0` → `npm/http-proxy-agent@5.0.0` ℹ Read more on: This package \| This alert \| What is network access? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Packages should remove all network access that is functionally unnecessary. Consumers should audit network access to ensure legitimate use. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore npm/http-proxy-agent@5.0.0`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Block		`http-proxy-agent@5.0.0` has Network access. Module: tls Location: Package overview From: package-lock.json → `npm/node-sass@9.0.0` → `npm/http-proxy-agent@5.0.0` ℹ Read more on: This package \| This alert \| What is network access? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Packages should remove all network access that is functionally unnecessary. Consumers should audit network access to ensure legitimate use. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore npm/http-proxy-agent@5.0.0`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Block		`https-proxy-agent@5.0.1` has Network access. Module: net Location: Package overview From: package-lock.json → `npm/react-scripts@5.0.1` → `npm/node-sass@9.0.0` → `npm/https-proxy-agent@5.0.1` ℹ Read more on: This package \| This alert \| What is network access? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Packages should remove all network access that is functionally unnecessary. Consumers should audit network access to ensure legitimate use. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore npm/https-proxy-agent@5.0.1`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Block		`https-proxy-agent@5.0.1` has Network access. Module: tls Location: Package overview From: package-lock.json → `npm/react-scripts@5.0.1` → `npm/node-sass@9.0.0` → `npm/https-proxy-agent@5.0.1` ℹ Read more on: This package \| This alert \| What is network access? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Packages should remove all network access that is functionally unnecessary. Consumers should audit network access to ensure legitimate use. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore npm/https-proxy-agent@5.0.1`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Block		`jake@10.9.4` has Shell access. Module: child_process Location: Package overview From: package-lock.json → `npm/react-scripts@5.0.1` → `npm/jake@10.9.4` ℹ Read more on: This package \| This alert \| What is shell access? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Packages should avoid accessing the shell which can reduce portability, and make it easier for malicious shell access to be introduced. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore npm/jake@10.9.4`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Block		`launch-editor@2.11.1` has Shell access. Module: child_process Location: Package overview From: package-lock.json → `npm/react-scripts@5.0.1` → `npm/launch-editor@2.11.1` ℹ Read more on: This package \| This alert \| What is shell access? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Packages should avoid accessing the shell which can reduce portability, and make it easier for malicious shell access to be introduced. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore npm/launch-editor@2.11.1`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Block		`make-fetch-happen@10.2.1` has Network access. Module: globalThis["fetch"] Location: Package overview From: package-lock.json → `npm/node-sass@9.0.0` → `npm/make-fetch-happen@10.2.1` ℹ Read more on: This package \| This alert \| What is network access? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Packages should remove all network access that is functionally unnecessary. Consumers should audit network access to ensure legitimate use. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore npm/make-fetch-happen@10.2.1`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Block		`make-fetch-happen@10.2.1` has Network access. Module: https-proxy-agent Location: Package overview From: package-lock.json → `npm/node-sass@9.0.0` → `npm/make-fetch-happen@10.2.1` ℹ Read more on: This package \| This alert \| What is network access? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Packages should remove all network access that is functionally unnecessary. Consumers should audit network access to ensure legitimate use. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore npm/make-fetch-happen@10.2.1`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Block		`make-fetch-happen@10.2.1` has Network access. Module: http Location: Package overview From: package-lock.json → `npm/node-sass@9.0.0` → `npm/make-fetch-happen@10.2.1` ℹ Read more on: This package \| This alert \| What is network access? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Packages should remove all network access that is functionally unnecessary. Consumers should audit network access to ensure legitimate use. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore npm/make-fetch-happen@10.2.1`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Block		`make-fetch-happen@10.2.1` has Network access. Module: https Location: Package overview From: package-lock.json → `npm/node-sass@9.0.0` → `npm/make-fetch-happen@10.2.1` ℹ Read more on: This package \| This alert \| What is network access? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Packages should remove all network access that is functionally unnecessary. Consumers should audit network access to ensure legitimate use. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore npm/make-fetch-happen@10.2.1`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Block		`make-fetch-happen@10.2.1` has Network access. Module: http-proxy-agent Location: Package overview From: package-lock.json → `npm/node-sass@9.0.0` → `npm/make-fetch-happen@10.2.1` ℹ Read more on: This package \| This alert \| What is network access? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Packages should remove all network access that is functionally unnecessary. Consumers should audit network access to ensure legitimate use. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore npm/make-fetch-happen@10.2.1`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Block		`make-fetch-happen@10.2.1` has Network access. Module: http-cache-semantics Location: Package overview From: package-lock.json → `npm/node-sass@9.0.0` → `npm/make-fetch-happen@10.2.1` ℹ Read more on: This package \| This alert \| What is network access? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Packages should remove all network access that is functionally unnecessary. Consumers should audit network access to ensure legitimate use. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore npm/make-fetch-happen@10.2.1`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Block		`make-fetch-happen@10.2.1` has Network access. Module: dns Location: Package overview From: package-lock.json → `npm/node-sass@9.0.0` → `npm/make-fetch-happen@10.2.1` ℹ Read more on: This package \| This alert \| What is network access? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Packages should remove all network access that is functionally unnecessary. Consumers should audit network access to ensure legitimate use. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore npm/make-fetch-happen@10.2.1`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Block		`make-fetch-happen@9.1.0` has Network access. Module: http Location: Package overview From: package-lock.json → `npm/react-scripts@5.0.1` → `npm/node-sass@9.0.0` → `npm/make-fetch-happen@9.1.0` ℹ Read more on: This package \| This alert \| What is network access? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Packages should remove all network access that is functionally unnecessary. Consumers should audit network access to ensure legitimate use. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore npm/make-fetch-happen@9.1.0`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Block		`make-fetch-happen@9.1.0` has Network access. Module: https Location: Package overview From: package-lock.json → `npm/react-scripts@5.0.1` → `npm/node-sass@9.0.0` → `npm/make-fetch-happen@9.1.0` ℹ Read more on: This package \| This alert \| What is network access? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Packages should remove all network access that is functionally unnecessary. Consumers should audit network access to ensure legitimate use. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore npm/make-fetch-happen@9.1.0`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Block		`make-fetch-happen@9.1.0` has Network access. Module: globalThis["fetch"] Location: Package overview From: package-lock.json → `npm/react-scripts@5.0.1` → `npm/node-sass@9.0.0` → `npm/make-fetch-happen@9.1.0` ℹ Read more on: This package \| This alert \| What is network access? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Packages should remove all network access that is functionally unnecessary. Consumers should audit network access to ensure legitimate use. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore npm/make-fetch-happen@9.1.0`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Block		`make-fetch-happen@9.1.0` has Network access. Module: http-cache-semantics Location: Package overview From: package-lock.json → `npm/react-scripts@5.0.1` → `npm/node-sass@9.0.0` → `npm/make-fetch-happen@9.1.0` ℹ Read more on: This package \| This alert \| What is network access? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Packages should remove all network access that is functionally unnecessary. Consumers should audit network access to ensure legitimate use. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore npm/make-fetch-happen@9.1.0`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
See 73 more rows in the dashboard

View full report

dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Sep 11, 2025

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Bump the npm_and_yarn group across 1 directory with 57 updates #17

Bump the npm_and_yarn group across 1 directory with 57 updates #17

Uh oh!

dependabot bot commented on behalf of github Sep 11, 2025

Uh oh!

socket-security bot commented Sep 11, 2025

Uh oh!

socket-security bot commented Sep 11, 2025

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Uh oh!

Bump the npm_and_yarn group across 1 directory with 57 updates #17

Are you sure you want to change the base?

Bump the npm_and_yarn group across 1 directory with 57 updates #17

Uh oh!

Conversation

dependabot bot commented on behalf of github Sep 11, 2025

v5.7.2

5.7.2 (2023-07-10)

Bug Fixes

5.7.2 (2023-07-10)

Bug Fixes

5.7

5.6

5.5

5.4

5.3

5.2

5.1

5.0

v7.28.4 (2025-09-05)

🏠 Internal

Committers: 5

v7.28.3 (2025-08-14)

👓 Spec Compliance

🐛 Bug Fix

💅 Polish

📝 Documentation

🏠 Internal

🔬 Output optimization

Committers: 5

v7.28.4 (2025-09-05)

🏠 Internal

v7.28.3 (2025-08-14)

👓 Spec Compliance

🐛 Bug Fix

💅 Polish

📝 Documentation

🏠 Internal

🔬 Output optimization

v7.28.2 (2025-07-24)

🐛 Bug Fix

v7.28.1 (2025-07-12)

🐛 Bug Fix

📝 Documentation

v7.28.4 (2025-09-05)

🏠 Internal

Committers: 5

v7.28.3 (2025-08-14)

👓 Spec Compliance

🐛 Bug Fix

💅 Polish

📝 Documentation

🏠 Internal

🔬 Output optimization

Committers: 5

v7.28.4 (2025-09-05)

🏠 Internal

v7.28.3 (2025-08-14)

👓 Spec Compliance

🐛 Bug Fix

💅 Polish

📝 Documentation

🏠 Internal

🔬 Output optimization

v7.28.2 (2025-07-24)

🐛 Bug Fix

v7.28.1 (2025-07-12)

🐛 Bug Fix

📝 Documentation

v7.28.4 (2025-09-05)

🏠 Internal

Committers: 5

v7.28.3 (2025-08-14)

👓 Spec Compliance

🐛 Bug Fix

💅 Polish

📝 Documentation

🏠 Internal

🔬 Output optimization

Fixes (backport of `6.0.1` to v5)

Fixes (backport of `6.0.1` to v5)

Fixes (backport of `6.0.1` to v5)