fix: socket security vulnerabilities #468
Conversation
|
Updated and removed dependencies detected. Learn more about Socket for GitHub ↗︎
🚮 Removed packages: npm/@babel/[email protected], npm/@babel/[email protected] |
| "pre-push": "yarn lint" | ||
| }, | ||
| "resolutions": { | ||
| "minimist": "1.2.8", |
There was a problem hiding this comment.
Fixes GHSA-xvch-5gv4-984h
| }, | ||
| "resolutions": { | ||
| "minimist": "1.2.8", | ||
| "plist": "3.0.5", |
There was a problem hiding this comment.
Fixes GHSA-4cpg-3vgw-4877
| "minimist": "1.2.8", | ||
| "plist": "3.0.5", | ||
| "@xmldom/xmldom": "0.7.7", | ||
| "@babel/traverse": "7.25.9", |
There was a problem hiding this comment.
Fixes GHSA-67hx-6x53-jw92
| "resolutions": { | ||
| "minimist": "1.2.8", | ||
| "plist": "3.0.5", | ||
| "@xmldom/xmldom": "0.7.7", |
There was a problem hiding this comment.
Fixes GHSA-crh6-fp67-6883
| "plist": "3.0.5", | ||
| "@xmldom/xmldom": "0.7.7", | ||
| "@babel/traverse": "7.25.9", | ||
| "simple-plist": "1.3.1", |
There was a problem hiding this comment.
Fixes: GHSA-gff7-g5r8-mg8m
| "@xmldom/xmldom": "0.7.7", | ||
| "@babel/traverse": "7.25.9", | ||
| "simple-plist": "1.3.1", | ||
| "shell-quote": "1.7.3", |
There was a problem hiding this comment.
Fixes: GHSA-g4rg-993r-mgx7
| "cross-spawn": "7.0.5", | ||
| "ws": "8.17.1", | ||
| "node-fetch": "3.1.1", | ||
| "json5": "2.2.2", |
There was a problem hiding this comment.
Fixes: GHSA-9c47-m6qq-7p4h
| "ws": "8.17.1", | ||
| "node-fetch": "3.1.1", | ||
| "json5": "2.2.2", | ||
| "merge": "2.1.1", |
There was a problem hiding this comment.
Fixes: GHSA-7wpw-2hjm-89gp
| "node-fetch": "3.1.1", | ||
| "json5": "2.2.2", | ||
| "merge": "2.1.1", | ||
| "semver": "7.5.2", |
There was a problem hiding this comment.
Fixes: GHSA-c2qf-rxjj-qqgw
| "json5": "2.2.2", | ||
| "merge": "2.1.1", | ||
| "semver": "7.5.2", | ||
| "braces": "^3.0.3", |
There was a problem hiding this comment.
Already fixed: GHSA-grv7-fg5c-xmjg
| "shell-quote": "1.7.3", | ||
| "cross-spawn": "7.0.5", | ||
| "ws": "8.17.1", | ||
| "node-fetch": "3.1.1", |
There was a problem hiding this comment.
Fixes: GHSA-r683-j2x4-v87g
| "@babel/traverse": "7.25.9", | ||
| "simple-plist": "1.3.1", | ||
| "shell-quote": "1.7.3", | ||
| "cross-spawn": "7.0.5", |
There was a problem hiding this comment.
Fixes: GHSA-3xgq-45jj-v275
georgewrmarshall
force-pushed
the
fix/467/socket-vulnerabilities
branch
from
1d81771 to
41b8ed6
Compare
Description
This PR addresses critical security vulnerabilities identified by Socket Security scanning tool, particularly focusing on the critical and high issues that aren't supply chain attacks, which we are protected against by lavamoat
Related issues
Fixes: #467
Manual testing steps
Screenshots/Recordings
Vulnerabilities addressed
Pre-merge author checklist
Pre-merge reviewer checklist