Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[CHORE] Core dependency upgrade #1865

Merged
merged 39 commits into from
Feb 21, 2025
Merged

[CHORE] Core dependency upgrade #1865

merged 39 commits into from
Feb 21, 2025

Conversation

aristidesstaffieri
Copy link
Contributor

@aristidesstaffieri aristidesstaffieri commented Feb 21, 2025
edited
Loading

Closes #1824

Re-roll of #1830

Major dependency upgrade for -
react
react-router
typescript
styled-components
clsx
@testing-library/*
@reduxjs-toolkit

Notable changes -
Improved store types
new routing API from react-router v7, significant changes to the routing paradigm and architecture, mostly found in Router.tsx but also impacts all nested routes.

Regressions -
Send/Swap tests are not easily compatible with these changes due to the changes to nested routes. I've commented and detailed the situation and potential ways to revive them in the change set diffs for the tests.

dependabot bot and others added 30 commits January 19, 2025 03:13
@dependabot
Bump the major group across 5 directories with 83 updates
45ecef5 
---
updated-dependencies:
- dependency-name: "@testing-library/dom"
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: major
- dependency-name: "@testing-library/jest-dom"
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: major
- dependency-name: "@types/testing-library__jest-dom"
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: major
- dependency-name: "@typescript-eslint/eslint-plugin"
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: major
- dependency-name: "@typescript-eslint/parser"
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: major
- dependency-name: eslint
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: major
- dependency-name: eslint-config-prettier
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: major
- dependency-name: eslint-import-resolver-typescript
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: major
- dependency-name: eslint-plugin-flowtype
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: major
- dependency-name: eslint-plugin-react-hooks
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: major
- dependency-name: glob
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: major
- dependency-name: got
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: major
- dependency-name: husky
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: major
- dependency-name: isomorphic-unfetch
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: major
- dependency-name: jest
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: major
- dependency-name: "@types/jest"
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: major
- dependency-name: jsdom
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: major
- dependency-name: lint-staged
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: major
- dependency-name: prettier
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: major
- dependency-name: pretty-quick
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: major
- dependency-name: typescript
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: major
- dependency-name: webpack-cli
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: major
- dependency-name: webpack-merge
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: major
- dependency-name: "@lavamoat/allow-scripts"
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: major
- dependency-name: "@lavamoat/preinstall-always-fail"
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: major
- dependency-name: eslint-plugin-jsdoc
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: major
- dependency-name: clsx
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: major
- dependency-name: react
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: major
- dependency-name: "@types/react"
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: major
- dependency-name: react-dom
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: major
- dependency-name: "@types/react-dom"
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: major
- dependency-name: react-is
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: major
- dependency-name: styled-components
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: major
- dependency-name: "@reduxjs/toolkit"
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: major
- dependency-name: "@testing-library/react"
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: major
- dependency-name: "@testing-library/user-event"
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: major
- dependency-name: "@types/jsdom"
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: major
- dependency-name: "@types/node"
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: major
- dependency-name: "@types/react-copy-to-clipboard"
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: major
- dependency-name: "@types/testing-library__jest-dom"
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: major
- dependency-name: concurrently
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: major
- dependency-name: history
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: major
- dependency-name: "@types/history"
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: major
- dependency-name: i18next
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: major
- dependency-name: i18next-browser-languagedetector
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: major
- dependency-name: jest-environment-jsdom
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: major
- dependency-name: qrcode.react
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: major
- dependency-name: react-i18next
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: major
- dependency-name: react-redux
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: major
- dependency-name: react-router-dom
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: major
- dependency-name: redux
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: major
- dependency-name: sass-loader
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: major
- dependency-name: ses
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: major
- dependency-name: "@sentry/webpack-plugin"
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: major
- dependency-name: "@stellar/prettier-config"
  dependency-type: direct:development
  dependency-group: major
- dependency-name: prettier
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: major
- dependency-name: typescript
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: major
- dependency-name: "@lavamoat/allow-scripts"
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: major
- dependency-name: "@stellar/js-xdr"
  dependency-type: direct:production
  dependency-group: major
- dependency-name: bignumber.js
  dependency-type: direct:production
  dependency-group: major
- dependency-name: "@stellar/prettier-config"
  dependency-type: direct:development
  dependency-group: major
- dependency-name: typescript
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: major
- dependency-name: bignumber.js
  dependency-type: direct:production
  dependency-group: major
- dependency-name: "@lavamoat/allow-scripts"
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: major
- dependency-name: "@types/react"
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: major
- dependency-name: "@types/react-dom"
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: major
- dependency-name: prettier
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: major
- dependency-name: pretty-quick
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: major
- dependency-name: "@lavamoat/allow-scripts"
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: major
- dependency-name: bignumber.js
  dependency-type: direct:production
  dependency-group: major
- dependency-name: react
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: major
- dependency-name: react-dom
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: major
- dependency-name: "@ledgerhq/hw-app-str"
  dependency-type: direct:production
  dependency-group: major
- dependency-name: "@ledgerhq/hw-transport-webusb"
  dependency-type: direct:production
  dependency-group: major
- dependency-name: "@reduxjs/toolkit"
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: major
- dependency-name: "@sentry/browser"
  dependency-type: direct:production
  dependency-group: major
- dependency-name: "@stellar/typescript-wallet-sdk-km"
  dependency-type: direct:production
  dependency-group: major
- dependency-name: "@testing-library/react"
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: major
- dependency-name: "@testing-library/user-event"
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: major
- dependency-name: "@types/history"
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: major
- dependency-name: "@types/jsdom"
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: major
- dependency-name: "@types/lodash"
  dependency-type: direct:production
  dependency-group: major
- dependency-name: "@types/node"
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: major
- dependency-name: "@types/qrcode.react"
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: major
- dependency-name: "@types/react-copy-to-clipboard"
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: major
- dependency-name: "@types/react-redux"
  dependency-type: direct:production
  dependency-group: major
- dependency-name: "@types/react-router-dom"
  dependency-type: direct:production
  dependency-group: major
- dependency-name: "@types/testing-library__jest-dom"
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: major
- dependency-name: concurrently
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: major
- dependency-name: dotenv-webpack
  dependency-type: direct:production
  dependency-group: major
- dependency-name: formik
  dependency-type: direct:production
  dependency-group: major
- dependency-name: history
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: major
- dependency-name: html-loader
  dependency-type: direct:production
  dependency-group: major
- dependency-name: html-webpack-plugin
  dependency-type: direct:production
  dependency-group: major
- dependency-name: i18next
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: major
- dependency-name: i18next-browser-languagedetector
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: major
- dependency-name: i18next-resources-to-backend
  dependency-type: direct:production
  dependency-group: major
- dependency-name: jest-canvas-mock
  dependency-type: direct:production
  dependency-group: major
- dependency-name: jest-environment-jsdom
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: major
- dependency-name: jsonschema
  dependency-type: direct:production
  dependency-group: major
- dependency-name: lodash
  dependency-type: direct:production
  dependency-group: major
- dependency-name: mini-css-extract-plugin
  dependency-type: direct:production
  dependency-group: major
- dependency-name: prop-types
  dependency-type: direct:production
  dependency-group: major
- dependency-name: punycode
  dependency-type: direct:production
  dependency-group: major
- dependency-name: qrcode.react
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: major
- dependency-name: react-copy-to-clipboard
  dependency-type: direct:production
  dependency-group: major
- dependency-name: react-i18next
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: major
- dependency-name: react-redux
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: major
- dependency-name: react-router-dom
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: major
- dependency-name: redux
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: major
- dependency-name: sass
  dependency-type: direct:production
  dependency-group: major
- dependency-name: sass-loader
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: major
- dependency-name: semver
  dependency-type: direct:production
  dependency-group: major
- dependency-name: ses
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: major
- dependency-name: tsconfig-paths-webpack-plugin
  dependency-type: direct:production
  dependency-group: major
- dependency-name: yup
  dependency-type: direct:production
  dependency-group: major
- dependency-name: "@sentry/webpack-plugin"
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: major
- dependency-name: "@types/semver"
  dependency-type: direct:development
  dependency-group: major
- dependency-name: terser-webpack-plugin
  dependency-type: direct:development
  dependency-group: major
- dependency-name: thread-loader
  dependency-type: direct:development
  dependency-group: major
...

Signed-off-by: dependabot[bot] <support@github.com>
@aristidesstaffieri
upgrades all syntax for breaking changes
9d78969
@aristidesstaffieri
updates test harness and syntax for new major versions, updates Route…
d8c655a 
…r patterns to work in v7
@aristidesstaffieri
migrate navigateTo to use v7 API, fix tests for send payment
514edaf
@aristidesstaffieri
updates account tests for new router model
429201d
@aristidesstaffieri
updates account creator tests for new router model
4a7f495
@aristidesstaffieri
updates account history tests for new router model
081b57a
@aristidesstaffieri
updates grant access tests for new router model
d68a8e7
@aristidesstaffieri
updates manage assets tests for new router model
fc3d4e1
@aristidesstaffieri
updates mnemonic phrase tests for new router model
e333ae9
@aristidesstaffieri
updates review auth tests for new router model
71102d5
@aristidesstaffieri
updates send token payment tests for new router model
f95ec60
@aristidesstaffieri
updates sign tx tests for new router model
65c7d68
@aristidesstaffieri
updates swap tests for new router model
5cb10ab
@aristidesstaffieri
updates swap unfunded tests for new router model
a4bc4d0
@aristidesstaffieri
updates operation keyval tests for new router model
6c80d2a
@aristidesstaffieri
catches up e2e tests to upstream changes
601063f
@aristidesstaffieri
bumps node version in CI to 22
c9da8f0
@aristidesstaffieri
cleans up imports in ManageAssets test, adds jest dom types to API ts…
54db544 
… config
@aristidesstaffieri
temporarily dont fail on eslint failure
df47a2b
@aristidesstaffieri
fixes routing logic for nested routes
7aa9973
@aristidesstaffieri
disable eslint - temporary
184d8f5
@aristidesstaffieri
fixes nested routing path handling for router v7, disables tests that…
4b1ef80 
… rely on nested routing
@aristidesstaffieri
updates test ID reference in e2e payment tests
f8f2b7f
@aristidesstaffieri
bumps docs node engine to >=22
b3ab691
@aristidesstaffieri
trigger build to retry docs preview
25909fe
@aristidesstaffieri
bumps node version in npm rc for docs
79eb390
@aristidesstaffieri
restores swap index route
03bcd79
@aristidesstaffieri
properly handle second level nested routed for settings
5618e3d
@aristidesstaffieri
adds getPathFromRoute to clean up sub routing changes
96ef7f5
aristidesstaffieri and others added 9 commits February 11, 2025 13:30
@aristidesstaffieri
upgrades all actions to use node version 22
add3f0c
@aristidesstaffieri
removes stray comment from refactor
d88f696
@aristidesstaffieri
redo eslint, prettier, ts configs to be compatible with new major ver…
9134812 
…sions
@piyalbasu @aristidesstaffieri
release/5.27.2 (#1827) (#1828)
c934bef 
* Feature/memory security improvement 5.27.2 (#1827)

* add temporary store extra data

* add tests for switching accounts

* reset session length

* upgrade jest and add unit tests

* rm unused selectors

* fix sendpayment test

* rm npm package and add unit tests

* add better error handling and Sentry capture

* rm console.log

* make sure to login before adding new stellar address

* add a test for imported S key payment

* Fix/import acct when timed out (#1832)

* make sure to login to all accounts before importing by private key if session has timed out

* update comment

* login before showing mnemonic phrase (#1834)

* login before showing mnemonic phrase

* add more Sentry error capture
@piyalbasu @aristidesstaffieri
bump versions to 5.27.2 (#1837)
2ed128d
@aristidesstaffieri @CassioMG
@piyalbasu @dependabot
Release 5.28.0 (#1798)
b7bde94 
* Redesign Account History (#1785)

* Remove leftovers

* Move stellarExpertUrl to inside HistoryItem

* Display amounts using Badge component

* Date font size and color

* Make formatted amount label consistent between History item and Tx detail components

* Fix isRecieving => isReceiving typo

* Redesign "payment" row

* Redesign "swap" payment

* Use SVG for history icons

* Swapped label

* Use SDS Icon components

* format

* Remove history segments

* Use Text SDS component + refactor some styling

* Renaming

* Swap icons with placeholders

* center swap icons

* Icons for soroban operations

* Remove a few spaces to keep consistency

* Don't show small icon for generic transactions

* Handle CreateAccount and ChangeTrust operations

* Separate history in month sections + use SDS Text component to render headers

* clean up

* Displays actual month name

* getHistoryState => historyState renaming

* Delete HistoryList component

Is not adding much value currently

* Use AppHeader component

* Tweak section margin

* tweak bottom margin

* Use index to get last section instead of mutating the array

* Use more descriptive names to color classes

* Remove Account ternaries

* Leave amount field blank instead of displaying "N/A" label

* Use "tertiary" variant for Send and Swap buttons

* Reduce Badge max width

* Add translations

* Fix test id

* Add key to list item

* Drop ticker on balances view

* Fix tests

* Prevent null pointer when attrs is null

* Fix icon for mint and transfer invocations

* Fix "false" appearing as amount sign

* Fix tests

* Extract isDustPayment to a helper

* Display stellar logo for XLM transfer invocations

* Use pxToRem

* Use pxToRem

* Use pxToRem

* adding blockaid byline and feedback form (#1767)

* Bump @stellar/design-system in /extension (#1729)

Bumps [@stellar/design-system](https://github.com/stellar/stellar-design-system) from 2.0.0-beta.15 to 2.0.0-beta.17.
- [Release notes](https://github.com/stellar/stellar-design-system/releases)
- [Commits](https://github.com/stellar/stellar-design-system/commits)

---
updated-dependencies:
- dependency-name: "@stellar/design-system"
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* adding blockaid byline and feedback form

* fix tests

* Added translations

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* “Add Token” via freighter-api (#1815)

* First cut on data flow

* Fix lint warnings

* Clean up

* Only enable button if asset found

* If there is an asset, display it right away

* Add missing network param

* Guard against missing contract id

* Make sure popup is always closed

* Use publicKeySelector instead

* No need for backwards compatibility on new method

* Default to tx's network passphrase

* Return contractId on success

* Default to Mainnet passphrase

* Add tests

* Use Type definition for input and output

* Disable rule only on necessary spots

* Let optional params be optional

* First cut on UI

* only display info when it exists

* Display token image when available

* Display "Asset on your lists" notification

* Fetch asset name from TOML

* Prevent infinity spinner

* Fetch and display balance

* Display error if id not valid

* Add/update docs

* Missing addToken documentation

* Missing getNetworkDetails documentation

* "Simulated Balance Changes" => "Balance Info"

* Fetch token balance using freighter-backend instead of soroban rpc

* Fix/replace alert (#1847)

* reusing an existing notification style to redesign the blockaid Alert notification

* make sure warnings match case and fix row gap

* update testid

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: Cássio Marcos Goulart <3228151+CassioMG@users.noreply.github.com>
Co-authored-by: Piyal Basu <pbasu235@gmail.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@github-actions @actions-user @aristidesstaffieri
Bump versions to 5.28.0 (#1862)
71fad87 
* docs(): bumping release to 5.28.0

* trigger CI

---------

Co-authored-by: GitHub Action <action@github.com>
Co-authored-by: Aristides Staffieri <aristides.staffieri@stellar.org>
@github-actions @actions-user @aristidesstaffieri
Bump @stellar/freighter-api version to (#1864)
4560ad8 
* @stellar/freighter-api: bumping version to 3.1.0

* [create-pull-request] automated change

* trigger CI

---------

Co-authored-by: GitHub Action <action@github.com>
Co-authored-by: aristidesstaffieri <6886006+aristidesstaffieri@users.noreply.github.com>
Co-authored-by: Aristides Staffieri <aristides.staffieri@stellar.org>
@aristidesstaffieri
Merge remote-tracking branch 'origin' into chore/core-dep-reroll-1
7c33f68
@aristidesstaffieri aristidesstaffieri self-assigned this Feb 21, 2025
@socket-security Socket Security
Copy link

Report too large to display inline

View full report↗︎

@socket-security Socket Security
Copy link

🚨 Potential security issues detected. Learn more about Socket for GitHub ↗︎

To accept the risk, merge this PR and you will not be notified again.

Alert Package NoteSourceCI
Deprecated npm/@types/history@5.0.0
  • Reason: This is a stub types definition. history provides its own type definitions, so you do not need this installed.
 ⚠︎
Deprecated npm/@types/testing-library__jest-dom@6.0.0
  • Reason: This is a stub types definition. @testing-library/jest-dom provides its own type definitions, so you do not need this installed.
 ⚠︎
Deprecated npm/@types/qrcode.react@3.0.0
  • Reason: This is a stub types definition. qrcode.react provides its own type definitions, so you do not need this installed.
 ⚠︎

View full report↗︎

Next steps

What is a deprecated package?

The maintainer of the package marked it as deprecated. This could indicate that a single version should not be used, or that the package is no longer maintained and any new vulnerabilities will not be fixed.

Research the state of the package and determine if there are non-deprecated versions that can be used, or if it should be replaced with a new, supported solution.

Take a deeper look at the dependency

Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support [AT] socket [DOT] dev.

Remove the package

If you happen to install a dependency that Socket reports as Known Malware you should immediately remove it and select a different dependency. For other alert types, you may may wish to investigate alternative packages or consider if there are other ways to mitigate the specific risk posed by the dependency.

Mark a package as acceptable risk

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of ecosystem/package-name@version specifiers. e.g. @SocketSecurity ignore npm/foo@1.0.0 or ignore all packages with @SocketSecurity ignore-all

  • @SocketSecurity ignore npm/@types/history@5.0.0
  • @SocketSecurity ignore npm/@types/testing-library__jest-dom@6.0.0
  • @SocketSecurity ignore npm/@types/qrcode.react@3.0.0

@aristidesstaffieri aristidesstaffieri requested a review from a team February 21, 2025 17:51
@aristidesstaffieri aristidesstaffieri merged commit c08dfd0 into release/5.29.0 Feb 21, 2025
3 checks passed
@aristidesstaffieri aristidesstaffieri deleted the chore/core-dep-reroll-1 branch February 21, 2025 18:33
This was referenced Feb 21, 2025
Closed
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@piyalbasu piyalbasu piyalbasu approved these changes

Assignees

@aristidesstaffieri aristidesstaffieri

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@aristidesstaffieri @piyalbasu