Bump the npm_and_yarn group across 1 directory with 33 updates

[dependabot]

Bumps the npm_and_yarn group with 27 updates in the / directory:

Package	From	To
y18n	3.2.1	3.2.2
yargs-parser	13.1.1	13.1.2
protobufjs	6.11.3	6.11.4
acorn	5.7.3	5.7.4
ajv	6.10.2	6.12.6
lodash	4.17.15	4.17.21
babel-eslint	4.1.8	10.1.0
eslint	1.10.3	9.0.0
minimist	1.2.0	1.2.8
mkdirp	0.5.1	0.5.6
browserify-sign	4.0.4	4.2.3
decode-uri-component	0.2.0	0.2.2
express	4.18.2	4.19.2
loader-utils	1.2.3	1.4.2
webpack-cli	3.3.8	3.3.12
follow-redirects	1.15.2	1.15.6
fsevents	1.2.9	1.2.13
ini	1.3.5	1.3.8
glob-parent	3.1.0	5.1.2
webpack-dev-server	3.11.3	5.0.4
watchpack	1.6.0	1.7.5
node-notifier	5.4.3	9.0.1
webpack-notifier	1.8.0	1.15.0
serialize-javascript	1.9.1	4.0.0
terser-webpack-plugin	1.4.1	1.4.5
ssri	6.0.1	6.0.2
terser	4.3.1	4.8.1

Updates y18n from 3.2.1 to 3.2.2

Release notes

Sourced from y18n's releases.

y18n y18n-v4.0.3

Bug Fixes

• release: 4.x.x should not enforce Node 10 (#126) (1e21a53)

y18n y18n-v4.0.2

Bug Fixes

• security: ensure entry exists for backport (#120) (b22c0df)

Commits

• See full diff in compare view

Maintainer changes

This version was pushed to npm by oss-bot, a new releaser for y18n since your current version.

Updates yargs-parser from 13.1.1 to 13.1.2

Changelog

Sourced from yargs-parser's changelog.

15.0.0 (2019-10-07)

Features

• rework collect-unknown-options into unknown-options-as-args, providing more comprehensive functionality (ef771ca)

BREAKING CHANGES

• rework collect-unknown-options into unknown-options-as-args, providing more comprehensive functionality

14.0.0 (2019-09-06)

Bug Fixes

• boolean arrays with default values (#185) (7d42572)
• boolean now behaves the same as other array types (#184) (17ca3bd)
• eatNargs() for 'opt.narg === 0' and boolean typed options (#188) (c5a1db0)
• maybeCoerceNumber now takes precedence over coerce return value (#182) (2f26436)
• take into account aliases when appending arrays from config object (#199) (f8a2d3f)

Features

• add configuration option to "collect-unknown-options" (#181) (7909cc4)
• maybeCoerceNumber() now takes into account arrays (#187) (31c204b)

BREAKING CHANGES

• unless "parse-numbers" is set to "false", arrays of numeric strings are now parsed as numbers, rather than strings.
• we have dropped the broken "defaulted" functionality; we would like to revisit adding this in the future.
• maybeCoerceNumber now takes precedence over coerce return value (#182)

Commits

• See full diff in compare view

Maintainer changes

This version was pushed to npm by oss-bot, a new releaser for yargs-parser since your current version.

Updates protobufjs from 6.11.3 to 6.11.4

Commits

• See full diff in compare view

Updates acorn from 5.7.3 to 5.7.4

Commits

• 6370e90 Mark version 5.7.4
• fbc15b1 More rigorously check surrogate pairs in regexp validator
• See full diff in compare view

Updates ajv from 6.10.2 to 6.12.6

Release notes

Sourced from ajv's releases.

v6.12.6

Fix performance issue of "url" format.

v6.12.5

Fix uri scheme validation (@​ChALkeR). Fix boolean schemas with strictKeywords option (#1270)

v6.12.4

Fix: coercion of one-item arrays to scalar that should fail validation (failing example).

v6.12.3

Pass schema object to processCode function Option for strictNumbers (@​issacgerges, #1128) Fixed vulnerability related to untrusted schemas (CVE-2020-15366)

v6.12.2

Removed post-install script

v6.12.1

Docs and dependency updates

v6.12.0

Improved hostname validation (@​sambauers, #1143) Option keywords to add custom keywords (@​franciscomorais, #1137) Types fixes (@​boenrobot, @​MattiAstedrone) Docs:

• error logging example (@​RadiationSickness)
• TypeScript usage notes (@​thetric)

v6.11.0

Time formats support two digit and colon-less variants of timezone offset (#1061 , @​cjpillsbury) Docs: RegExp related security considerations Tests: Disabled failing typescript test

Commits

• fe59143 6.12.6
• d580d3e Merge pull request #1298 from ajv-validator/fix-url
• fd36389 fix: regular expression for "url" format
• 490e34c docs: link to v7-beta branch
• 9cd93a1 docs: note about v7 in readme
• 877d286 Merge pull request #1262 from b4h0-c4t/refactor-opt-object-type
• f1c8e45 6.12.5
• 764035e Merge branch 'ChALkeR-chalker/fix-comma'
• 3798160 Merge branch 'chalker/fix-comma' of git://github.com/ChALkeR/ajv into ChALkeR...
• a3c7eba Merge branch 'refactor-opt-object-type' of github.com:b4h0-c4t/ajv into refac...
• Additional commits viewable in compare view

Updates lodash from 4.17.15 to 4.17.21

Commits

• f299b52 Bump to v4.17.21
• c4847eb Improve performance of toNumber, trim and trimEnd on large input strings
• 3469357 Prevent command injection through _.template's variable option
• ded9bc6 Bump to v4.17.20.
• 63150ef Documentation fixes.
• 00f0f62 test.js: Remove trailing comma.
• 846e434 Temporarily use a custom fork of lodash-cli.
• 5d046f3 Re-enable Travis tests on 4.17 branch.
• aa816b3 Remove /npm-package.
• d7fbc52 Bump to v4.17.19
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by bnjmnt4n, a new releaser for lodash since your current version.

Updates babel-eslint from 4.1.8 to 10.1.0

Release notes

Sourced from babel-eslint's releases.

v10.1.0

• Added ability to parse Flow enums #812 (@​gkz)

v10.0.3

Fixes babel/babel-eslint#791, also eslint/eslint#12117

Some context: babel/babel-eslint#793

We ended up going with @​JLHwung's PR babel/babel-eslint#794 which uses ESLint's deps instead of going with peerDeps since it really depends on the version being used and we don't want users to have to install it directly on their own.

babel-eslint is patching patches of the dependencies of ESLint itself so these kinds of issues have happened in the past. We'll need to look into figuring out how to have a more solid way of modifying behavior instead of this monkeypatching type of thing for future releases.

v10.0.2

Fixes babel/babel-eslint#772

v10.0.1

• Reverting babel/babel-eslint#584

The TypeAlias "conversion" to a function has issues. Sounds like we need to rethink the change, most likely we can just actually change the scoping rather than hardcode an AST change.

v10.0.0

Small breaking change: add a peerDependency starting from the ESLint version that added a parser feature that we were monkeypatching before (and drop that code). If already using ESLint 5 shouldn't be any different.

• Bugfix for TypeAlias: babel/babel-eslint#584

/* @flow */
type Node<T> = { head: T; tail: Node<T> }
// or
type File = {chunks: Array<Chunk>}
type Chunk = {file: File}

• Update to test against ESLint 5, add a peerDependency: babel/babel-eslint#689
• Drop monkeypatching behavior: babel/babel-eslint#690

v9.0.0

We've released v7: https://twitter.com/left_pad/status/1034204330352500736, so this just updates babel-eslint to use those versions internally. That in itself doesn't break anything but:

• Babel now supports the new decorators proposal by default, so we need to switch between the new and the old proposal. This is a breaking change.

To enable the legacy decorators proposal users should add a specific parser option:

{
</tr></table> 

... (truncated)

Commits

• 4bd049e 10.1.0
• 2c754a8 Update Babel to ^7.7.0 and enable Flow enums parsing (#812)
• 183d13e 10.0.3
• 354953d fix: require eslint dependencies from eslint base (#794)
• 48f6d78 10.0.2
• 0241b48 removed unused file reference (#773)
• 4cf0a21 10.0.1
• 98c1f13 Revert #584 (#697)
• 8f78e28 10.0.0
• 717fba7 test value should be switched
• Additional commits viewable in compare view

Updates eslint from 1.10.3 to 9.0.0

Release notes

Sourced from eslint's releases.

v9.0.0

Breaking Changes

• b7cf3bd fix!: correct camelcase rule schema for allow option (#18232) (eMerzh)
• 09bd7fe feat!: move AST traversal into SourceCode (#18167) (Nicholas C. Zakas)
• 79a95eb feat!: disallow multiple configuration comments for same rule (#18157) (Milos Djermanovic)
• 9163646 feat!: Rule Tester checks for missing placeholder data in the message (#18073) (fnx)
• 3c4d51d feat!: default for enforceForClassMembers in no-useless-computed-key (#18054) (Francesco Trotta)
• 47e60f8 feat!: Stricter rule test validations (#17654) (fnx)
• 1a94589 feat!: no-unused-vars default caughtErrors to 'all' (#18043) (Josh Goldberg ✨)
• 57089cb feat!: no-restricted-imports allow multiple config entries for same path (#18021) (Milos Djermanovic)
• 2e1d549 feat!: detect duplicate test cases (#17955) (Bryan Mishkin)
• 701f1af feat!: no-inner-declaration new default behaviour and option (#17885) (Tanuj Kanti)
• bde5105 fix!: handle --output-file for empty output when saving to disk (#17957) (Nitin Kumar)
• 07107a5 fix!: upgrade [email protected] (#17942) (Milos Djermanovic)
• 3ee0f6c fix!: no-unused-vars varsIgnorePattern behavior with catch arguments (#17932) (Tanuj Kanti)
• 51f8bc8 fix!: configuration comments with just severity should retain options (#17945) (Milos Djermanovic)
• d191bdd feat!: Remove CodePath#currentSegments (#17936) (Milos Djermanovic)
• 946ae00 feat!: FlatRuleTester -> RuleTester (#17922) (Nicholas C. Zakas)
• baff28c feat!: remove no-inner-declarations from eslint:recommended (#17920) (Milos Djermanovic)
• cadfbcd feat!: Rename FlatESLint to ESLint (#17914) (Nicholas C. Zakas)
• d1018fc feat!: skip running warnings in --quiet mode (#17274) (Maddy Miller)
• fb81b1c feat!: Set default schema: [], drop support for function-style rules (#17792) (Milos Djermanovic)
• 0b21e1f feat!: add two more cases to no-implicit-coercion (#17832) (Gürgün Dayıoğlu)
• 2916c63 feat!: Switch Linter to flat config by default (#17851) (Nicholas C. Zakas)
• 200518e fix!: Parsing 'exported' comment using parseListConfig (#17675) (amondev)
• bdd6ba1 feat!: Remove valid-jsdoc and require-jsdoc (#17694) (Nicholas C. Zakas)
• 12be307 fix!: Behavior of CLI when no arguments are passed (#17644) (Nicholas C. Zakas)
• 8fe8c56 feat!: Update shouldUseFlatConfig and CLI so flat config is default (#17748) (Nicholas C. Zakas)
• 60dea3e feat!: deprecate no-new-symbol, recommend no-new-native-nonconstructor (#17710) (Francesco Trotta)
• 5aa9c49 feat!: check for parsing errors in suggestion fixes (#16639) (Bryan Mishkin)
• b3e0bb0 feat!: assert suggestion messages are unique in rule testers (#17532) (Josh Goldberg ✨)
• e563c52 feat!: no-invalid-regexp make allowConstructorFlags case-sensitive (#17533) (Josh Goldberg ✨)
• e5f02c7 fix!: no-sequences rule schema correction (#17878) (MHO)
• 6ee3e9e feat!: Update eslint:recommended configuration (#17716) (Milos Djermanovic)
• c2cf85a feat!: drop support for string configurations in flat config array (#17717) (Milos Djermanovic)
• c314fd6 feat!: Remove SourceCode#getComments() (#17715) (Milos Djermanovic)
• ae78ff1 feat!: Remove deprecated context methods (#17698) (Nicholas C. Zakas)
• f71c328 feat!: Swap FlatESLint-ESLint, FlatRuleTester-RuleTester in API (#17823) (Nicholas C. Zakas)
• 5304da0 feat!: remove formatters except html, json(-with-metadata), and stylish (#17531) (Josh Goldberg ✨)
• e1e827f feat!: Require Node.js ^18.18.0 || ^20.9.0 || >=21.1.0 (#17725) (Milos Djermanovic)

Features

• d54a412 feat: Add --inspect-config CLI flag (#18270) (Nicholas C. Zakas)
• 97ce45b feat: Add reportUsedIgnorePattern option to no-unused-vars rule (#17662) (Pearce Ropion)
• 3e9fcea feat: Show config names in error messages (#18256) (Nicholas C. Zakas)
• de40874 feat: Rule Performance Statistics for flat ESLint (#17850) (Mara Kiefer)
• d85c436 feat: use-isnan report NaN in indexOf and lastIndexOf with fromIndex (#18225) (Tanuj Kanti)
• b8fb572 feat: add reportUnusedFallthroughComment option to no-fallthrough rule (#18188) (Kirk Waiblinger)
• 1c173dc feat: add ignoreClassWithStaticInitBlock option to no-unused-vars (#18170) (Tanuj Kanti)
• a451b32 feat: make no-misleading-character-class report more granular errors (#18082) (Francesco Trotta)

... (truncated)

Changelog

Sourced from eslint's changelog.

v9.0.0 - April 5, 2024

• 19f9a89 chore: Update dependencies for v9.0.0 (#18275) (Nicholas C. Zakas)
• 7c957f2 chore: package.json update for @​eslint/js release (Jenkins)
• d73a33c chore: ignore /docs/v8.x in link checker (#18274) (Milos Djermanovic)
• d54a412 feat: Add --inspect-config CLI flag (#18270) (Nicholas C. Zakas)
• e151050 docs: update get-started to the new @eslint/create-config (#18217) (唯然)
• 610c148 fix: Support using declarations in no-lone-blocks (#18269) (Kirk Waiblinger)
• 44a81c6 chore: upgrade knip (#18272) (Lars Kappert)
• 94178ad docs: mention about name field in flat config (#18252) (Anthony Fu)
• 1765c24 docs: add Troubleshooting page (#18181) (Josh Goldberg ✨)
• e80b60c chore: remove code for testing version selectors (#18266) (Milos Djermanovic)
• 96607d0 docs: version selectors synchronization (#18260) (Milos Djermanovic)
• e508800 fix: rule tester ignore irrelevant test case properties (#18235) (fnx)
• a129acb fix: flat config name on ignores object (#18258) (Nicholas C. Zakas)
• 97ce45b feat: Add reportUsedIgnorePattern option to no-unused-vars rule (#17662) (Pearce Ropion)
• 651ec91 docs: remove /* eslint-env */ comments from rule examples (#18249) (Milos Djermanovic)
• 950c4f1 docs: Update README (GitHub Actions Bot)
• 3e9fcea feat: Show config names in error messages (#18256) (Nicholas C. Zakas)
• b7cf3bd fix!: correct camelcase rule schema for allow option (#18232) (eMerzh)
• 12f5746 docs: add info about dot files and dir in flat config (#18239) (Tanuj Kanti)
• b93f408 docs: update shared settings example (#18251) (Tanuj Kanti)
• 26384d3 docs: fix ecmaVersion in one example, add checks (#18241) (Milos Djermanovic)
• 7747097 docs: Update PR review process (#18233) (Nicholas C. Zakas)
• b07d427 docs: fix typo (#18246) (Kirill Gavrilov)
• a98babc chore: add npm script to run WebdriverIO test (#18238) (Francesco Trotta)
• 9b7bd3b chore: update dependency markdownlint to ^0.34.0 (#18237) (renovate[bot])
• 778082d docs: add Glossary page (#18187) (Josh Goldberg ✨)
• dadc5bf fix: constructor-super false positives with loops (#18226) (Milos Djermanovic)
• de40874 feat: Rule Performance Statistics for flat ESLint (#17850) (Mara Kiefer)
• d85c436 feat: use-isnan report NaN in indexOf and lastIndexOf with fromIndex (#18225) (Tanuj Kanti)
• b185eb9 9.0.0-rc.0 (Jenkins)
• 26010c2 Build: changelog update for 9.0.0-rc.0 (Jenkins)
• 297416d chore: package.json update for eslint-9.0.0-rc.0 (#18223) (Francesco Trotta)
• d363c51 chore: package.json update for @​eslint/js release (Jenkins)
• 239a7e2 docs: Clarify the description of sort-imports options (#18198) (gyeongwoo park)
• 09bd7fe feat!: move AST traversal into SourceCode (#18167) (Nicholas C. Zakas)
• b91f9dc build: fix TypeError in prism-eslint-hooks.js (#18209) (Francesco Trotta)
• 4769c86 docs: fix incorrect example in no-lone-blocks (#18215) (Tanuj Kanti)
• 1b841bb chore: fix some comments (#18213) (avoidaway)
• b8fb572 feat: add reportUnusedFallthroughComment option to no-fallthrough rule (#18188) (Kirk Waiblinger)
• ae8103d fix: load plugins in the CLI in flat config mode (#18185) (Francesco Trotta)
• 5251327 docs: Update README (GitHub Actions Bot)
• 29c3595 chore: remove repetitive words (#18193) (cuithon)
• 1dc8618 docs: Update README (GitHub Actions Bot)
• acc2e06 chore: Introduce Knip (#18005) (Lars Kappert)
• ba89c73 9.0.0-beta.2 (Jenkins)
• d7ec0d1 Build: changelog update for 9.0.0-beta.2 (Jenkins)
• 7509276 chore: upgrade @​eslint/js@​9.0.0-beta.2 (#18180) (Milos Djermanovic)
• 96087b3 chore: package.json update for @​eslint/js release (Jenkins)

... (truncated)

Commits

• e0cbc50 9.0.0
• 75cb5f4 Build: changelog update for 9.0.0
• 19f9a89 chore: Update dependencies for v9.0.0 (#18275)
• 7c957f2 chore: package.json update for @​eslint/js release
• d73a33c chore: ignore /docs/v8.x in link checker (#18274)
• d54a412 feat: Add --inspect-config CLI flag (#18270)
• e151050 docs: update get-started to the new @eslint/create-config (#18217)
• 610c148 fix: Support using declarations in no-lone-blocks (#18269)
• 44a81c6 chore: upgrade knip (#18272)
• 94178ad docs: mention about name field in flat config (#18252)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by eslintbot, a new releaser for eslint since your current version.

Updates minimatch from 2.0.10 to 3.0.4

Changelog

Sourced from minimatch's changelog.

change log

9.0

• No default export, only named exports.

8.0

• Recursive descent parser for extglob, allowing correct support for arbitrarily nested extglob expressions
• Bump required Node.js version

7.4

• Add escape() method
• Add unescape() method
• Add Minimatch.hasMagic() method

7.3

• Add support for posix character classes in a unicode-aware way.

7.2

• Add windowsNoMagicRoot option

7.1

• Add optimizationLevel configuration option, and revert the default back to the 6.2 style minimal optimizations, making the advanced transforms introduced in 7.0 opt-in. Also, process provided file paths in the same way in optimizationLevel:2 mode, so most things that matched with optimizationLevel 1 or 0 should match with level 2 as well. However, level 1 is the default, out of an abundance of caution.

7.0

• Preprocess patterns to simplify complicated patterns and reduce out .. pattern portions where possible. Note that this means a pattern like a/b/../* will be equivalent to a/*, and will not match the string a/b/../c. If this causes problems, it can be addressed in a patch release by resolving .. portions in the test string.

6.2

• Add nocaseMagicOnly flag

6.1

... (truncated)

Commits

• e46989a v3.0.4
• ddfacbd update brace-expansion
• 55ed736 update package scripts and deps
• eed8949 v3.0.3
• ecabc57 Do not throw on unfinished !( extglob patterns
• 81edb7c v3.0.2
• 6944abf Handle extremely long and terrible patterns more gracefully
• 8ac560e v3.0.1
• 4f3a8bc update tap
• 9cf2d88 Remove mentions of cache from readme
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by isaacs, a new releaser for minimatch since your current version.

Updates minimist from 1.2.0 to 1.2.8

Changelog

Sourced from minimist's changelog.

v1.2.8 - 2023-02-09

Merged

• [Fix] Fix long option followed by single dash [#17](https://github.com/minimistjs/minimist/issues/17)
• [Tests] Remove duplicate test [#12](https://github.com/minimistjs/minimist/issues/12)
• [Fix] opt.string works with multiple aliases [#10](https://github.com/minimistjs/minimist/issues/10)

Fixed

• [Fix] Fix long option followed by single dash (#17) [#15](https://github.com/minimistjs/minimist/issues/15)
• [Tests] Remove duplicate test (#12) [#8](https://github.com/minimistjs/minimist/issues/8)
• [Fix] Fix long option followed by single dash [#15](https://github.com/minimistjs/minimist/issues/15)
• [Fix] opt.string works with multiple aliases (#10) [#9](https://github.com/minimistjs/minimist/issues/9)
• [Fix] Fix handling of short option with non-trivial equals [#5](https://github.com/minimistjs/minimist/issues/5)
• [Tests] Remove duplicate test [#8](https://github.com/minimistjs/minimist/issues/8)
• [Fix] opt.string works with multiple aliases [#9](https://github.com/minimistjs/minimist/issues/9)

Commits

• Merge tag 'v0.2.3' a026794
• [eslint] fix indentation and whitespace 5368ca4
• [eslint] fix indentation and whitespace e5f5067
• [eslint] more cleanup 62fde7d
• [eslint] more cleanup 36ac5d0
• [meta] add auto-changelog 73923d2
• [actions] add reusable workflows d80727d
• [eslint] add eslint; rules to enable later are warnings 48bc06a
• [eslint] fix indentation 34b0f1c
• [readme] rename and add badges 5df0fe4
• [Dev Deps] switch from covert to nyc a48b128
• [Dev Deps] update covert, tape; remove unnecessary tap f0fb958
• [meta] create FUNDING.yml; add funding in package.json 3639e0c
• [meta] use npmignore to autogenerate an npmignore file be2e038
• Only apps should have lockfiles 282b570
• isConstructorOrProto adapted from PR ef9153f
• [Dev Deps] update @ljharb/eslint-config, aud 098873c
• [Dev Deps] update @ljharb/eslint-config, aud 3124ed3
• [meta] add safe-publish-latest 4b927de
• [Tests] add aud in posttest b32d9bd
• [meta] update repo URLs f9fdfc0
• [actions] Avoid 0.6 tests due to build failures ba92fe6
• [Dev Deps] update tape 950eaa7
• [Dev Deps] add missing npmignore dev dep 3226afa
• Merge tag 'v0.2.2' 980d7ac

v1.2.7 - 2022-10-10

Commits

... (truncated)

Commits

• 6901ee2 v1.2.8
• a026794 Merge tag 'v0.2.3'
• c0b2661 v0.2.3
• 63b8fee [Fix] Fix long option followed by single dash (#17)
• 72239e6 [Tests] Remove duplicate test (#12)
• 34b0f1c [eslint] fix indentation
• 3226afa [Dev Deps] add missing npmignore dev dep
• 098873c [Dev Deps] update @ljharb/eslint-config, aud
• 9ec4d27 [Fix] Fix long option followed by single dash
• ba92fe6 [actions] Avoid 0.6 tests due to build failures
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by ljharb, a new releaser for minimist since your current version.

Updates mkdirp from 0.5.1 to 0.5.6

Commits

• 92f086d 0.5.6
• 2a28125 clean up tests
• c905d65 update minimist
• 049cf18 0.5.5
• bea6382 Remove unnecessary umask calls
• 42a012c 0.5.4
• 2867920 fix infinite loop on windows machines
• d784e70 0.5.3
• d612c5d add files list so this package isn't a monster
• b2e7ba0 0.5.2
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by isaacs, a new releaser for mkdirp since your current version.

Updates browserify-sign from 4.0.4 to 4.2.3

Changelog

Sourced from browserify-sign's changelog.

v4.2.3 - 2024-03-05

Commits

• [patch] widen support to 0.12 9247adf
• [patch] drop minimum node support to v1 4d0ee49
• [Dev Deps] update aud, npmignore, tape 87f3a35
• [actions] remove redundant finisher 37a4758
• [Deps] pin hash-base to ~3.0, due to a breaking change 9e2bf12
• [Deps] update parse-asn1 [f427270`](browserify/browserify-sign@f427270)
• [Deps] update elliptic fb261ce
• [Deps] pin elliptic due to a breaking change 168e16f

v4.2.2 - 2023-10-25

Fixed

• [Tests] log when openssl doesn't support cipher [#37](https://github.com/crypto-browserify/browserify-sign/issues/37)

Commits

• Only apps should have lockfiles

[socket-security]

New and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package	New capabilities	Transitives	Size	Publisher
npm/[email protected]	Transitive: environment, filesystem	+35	6.4 MB	kaicataldo
npm/[email protected]	environment, filesystem Transitive: eval, shell, unsafe	+80	10.4 MB	eslintbot
npm/[email protected]	environment, filesystem, shell, unsafe Transitive: network	+136	3.19 MB	evilebottnawi
npm/[email protected]	environment, eval, network Transitive: filesystem, shell, unsafe	+212	17.5 MB	evilebottnawi
npm/[email protected]	Transitive: environment, filesystem, network, shell	+10	6.02 MB	gvozd
npm/[email protected]	environment, filesystem, unsafe Transitive: eval, network, shell	+297	16.6 MB	sokra

🚮 Removed packages: npm/[email protected], npm/[email protected]

View full report↗︎

[socket-security]

🚨 Potential security issues detected. Learn more about Socket for GitHub ↗︎

To accept the risk, merge this PR and you will not be notified again.

Alert	Package	Note	Source
Install scripts	npm/[email protected]	Install script: install Source: node install.js	package-lock.json package.json

View full report↗︎

Next steps

What is an install script?

Install scripts are run when the package is installed. The majority of malware in npm is hidden in install scripts.

Packages should not be running non-essential scripts during install and there are often solutions to problems people solve with install scripts that can be run at publish time instead.

Take a deeper look at the dependency

Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support [AT] socket [DOT] dev.

Remove the package

If you happen to install a dependency that Socket reports as Known Malware you should immediately remove it and select a different dependency. For other alert types, you may may wish to investigate alternative packages or consider if there are other ways to mitigate the specific risk posed by the dependency.

Mark a package as acceptable risk

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of ecosystem/package-name@version specifiers. e.g. @SocketSecurity ignore npm/[email protected] or ignore all packages with @SocketSecurity ignore-all

• @SocketSecurity ignore npm/[email protected]