fix(deps): pin dependencies by renovate[bot] · Pull Request #12 · storm-software/acidic

renovate · 2024-01-08T02:44:42Z

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package	Type	Update	Change
@ls-lint/ls-lint	pnpm.catalog.default	pin	`^2.3.1` → `2.3.1`
@monodon/rust	pnpm.catalog.default	pin	`^2.3.0` → `2.3.0`
@napi-rs/cli (source)	pnpm.catalog.default	pin	`^3.5.0` → `3.6.2`
@napi-rs/wasm-runtime (source)	pnpm.catalog.default	pin	`^1.1.0` → `1.1.4`
@nx/devkit (source)	pnpm.catalog.default	minor	`22.3.1` → `22.7.3`
@nx/eslint-plugin (source)	pnpm.catalog.default	minor	`22.3.1` → `22.7.3`
@nx/jest (source)	pnpm.catalog.default	minor	`22.3.1` → `22.7.3`
@nx/js (source)	pnpm.catalog.default	minor	`22.3.1` → `22.7.3`
@nx/plugin (source)	pnpm.catalog.default	minor	`22.3.1` → `22.7.3`
@nx/react (source)	pnpm.catalog.default	minor	`22.3.1` → `22.7.3`
@nx/storybook (source)	pnpm.catalog.default	minor	`22.3.1` → `22.7.3`
@nx/vite (source)	pnpm.catalog.default	minor	`22.3.1` → `22.7.3`
@nx/web (source)	pnpm.catalog.default	minor	`22.3.1` → `22.7.3`
@nx/workspace (source)	pnpm.catalog.default	minor	`22.3.1` → `22.7.3`
@oxc-project/runtime (source)	pnpm.catalog.default	pin	`^0.97.0` → `0.97.0`
@powerlines/nx (source)	pnpm.catalog.default	pin	`^0.10.68` → `0.10.68`
@powerlines/plugin-env (source)	pnpm.catalog.default	pin	`^0.13.64` → `0.13.106`
@powerlines/plugin-plugin (source)	pnpm.catalog.default	pin	`^0.12.27` → `0.12.27`
@powerlines/plugin-react (source)	pnpm.catalog.default	pin	`^0.1.58` → `0.1.596`
@powerlines/plugin-tsup (source)	pnpm.catalog.default	pin	`^0.12.67` → `0.12.520`
@powerlines/plugin-untyped (source)	pnpm.catalog.default	pin	`^0.2.8` → `0.2.478`
@powerlines/plugin-vite (source)	pnpm.catalog.default	pin	`^0.14.58` → `0.14.517`
@powerlines/tsconfig (source)	pnpm.catalog.default	pin	`^0.2.43` → `0.2.43`
@storm-software/config (source)	pnpm.catalog.default	pin	`^1.134.72` → `1.134.72`
@storm-software/config-tools (source)	pnpm.catalog.default	pin	`^1.188.72` → `1.188.72`
@storm-software/cspell (source)	pnpm.catalog.default	pin	`^0.45.71` → `0.45.71`
@storm-software/esbuild (source)	pnpm.catalog.default	pin	`^0.53.60` → `0.53.190`
@storm-software/eslint (source)	pnpm.catalog.default	pin	`^0.169.73` → `0.169.73`
@storm-software/git-tools (source)	pnpm.catalog.default	pin	`^2.124.55` → `2.124.55`
@storm-software/linting-tools (source)	pnpm.catalog.default	pin	`^1.132.72` → `1.132.72`
@storm-software/markdownlint (source)	pnpm.catalog.default	pin	`^0.30.71` → `0.30.71`
@storm-software/pnpm-tools (source)	pnpm.catalog.default	pin	`^0.6.74` → `0.6.74`
@storm-software/prettier (source)	pnpm.catalog.default	pin	`^0.57.71` → `0.57.71`
@storm-software/testing-tools (source)	pnpm.catalog.default	pin	`^1.119.60` → `1.119.182`
@storm-software/tsdoc (source)	pnpm.catalog.default	pin	`^0.13.71` → `0.13.71`
@storm-software/unbuild (source)	pnpm.catalog.default	pin	`^0.57.60` → `0.57.190`
@storm-software/untyped (source)	pnpm.catalog.default	pin	`^0.24.53` → `0.24.53`
@storm-software/workspace-tools (source)	pnpm.catalog.default	pin	`^1.294.18` → `1.294.18`
@stryke/convert (source)	pnpm.catalog.default	pin	`^0.6.23` → `0.6.58`
@stryke/crypto (source)	pnpm.catalog.default	pin	`^0.5.24` → `0.5.44`
@stryke/fs (source)	pnpm.catalog.default	pin	`^0.33.19` → `0.33.76`
@stryke/helpers (source)	pnpm.catalog.default	pin	`^0.9.25` → `0.9.51`
@stryke/path (source)	pnpm.catalog.default	pin	`^0.22.10` → `0.22.13`
@stryke/type-checks (source)	pnpm.catalog.default	pin	`^0.5.8` → `0.5.41`
@stryke/types (source)	pnpm.catalog.default	pin	`^0.10.22` → `0.10.53`
@stryke/url (source)	pnpm.catalog.default	pin	`^0.3.14` → `0.3.39`
@swc-node/register	pnpm.catalog.default	pin	`^1.11.1` → `1.11.1`
@swc/core (source)	pnpm.catalog.default	pin	`^1.15.3` → `1.15.40`
@swc/helpers (source)	pnpm.catalog.default	pin	`^0.5.17` → `0.5.21`
@taplo/cli (source)	pnpm.catalog.default	pin	`^0.7.0` → `0.7.0`
@types/estree (source)	pnpm.catalog.default	pin	`^1.0.8` → `1.0.9`
@types/jest (source)	pnpm.catalog.default	pin	`^30.0.0` → `30.0.0`
@types/node (source)	pnpm.catalog.default	minor	`20.9.0` → `20.19.41`
@types/react (source)	pnpm.catalog.default	pin	`^19.2.7` → `19.2.15`
@types/react-dom (source)	pnpm.catalog.default	pin	`^19.2.3` → `19.2.3`
@vitest/ui (source)	pnpm.catalog.default	pin	`^3.2.4` → `3.2.4`
@vscode/vsce (source)	dependencies	minor	`2.21.1` → `2.32.0`
GitGuardian/ggshield	action	minor	`v1.39.0` → `v1.50.4`
backtrace	workspace.dependencies	pin	`0.3.71` → `=0.3.71`
bentocache	dependencies	minor	`1.0.0-beta.7` → `1.6.1`
cacache	workspace.dependencies	pin	`13.0.0` → `=13.0.0`
colored	workspace.dependencies	pin	`2.1.0` → `=2.1.0`
copyfiles	pnpm.catalog.default	pin	`^2.4.1` → `2.4.1`
defu	pnpm.catalog.default	pin	`^6.1.4` → `6.1.4`
directories	workspace.dependencies	pin	`5.0.1` → `=5.0.1`
es-module-lexer	pnpm.catalog.default	pin	`^1.7.0` → `1.7.0`
eslint (source)	pnpm.catalog.default	pin	`^9.39.1` → `9.39.4`
eslint-flat-config-utils	pnpm.catalog.default	pin	`^2.1.4` → `2.1.4`
estree-walker	pnpm.catalog.default	pin	`^3.0.3` → `3.0.3`
handlebars	workspace.dependencies	pin	`6.3.2` → `=6.3.2`
indexmap	workspace.dependencies	pin	`2.2.6` → `=2.2.6`
indoc	workspace.dependencies	pin	`2.0.4` → `=2.0.4`
itertools	workspace.dependencies	pin	`0.12.1` → `=0.12.1`
jest (source)	pnpm.catalog.default	pin	`^30.2.0` → `30.4.2`
jest-environment-jsdom (source)	pnpm.catalog.default	pin	`^30.2.0` → `30.4.1`
jest-environment-node (source)	pnpm.catalog.default	pin	`^30.2.0` → `30.4.1`
jest-util (source)	pnpm.catalog.default	pin	`^30.2.0` → `30.4.1`
jiti	pnpm.catalog.default	pin	`^2.6.1` → `2.7.0`
jsonc-eslint-parser	pnpm.catalog.default	pin	`^2.4.1` → `2.4.2`
langium (source)	pnpm.catalog.default	pin	`^2.1.3` → `2.1.3`
lazy_static	workspace.dependencies	pin	`1.4.0` → `=1.4.0`
lefthook	pnpm.catalog.default	pin	`^1.13.6` → `1.13.6`
log4brains (source)	pnpm.catalog.default	pin	`^1.1.0` → `1.1.0`
magic-string	pnpm.catalog.default	pin	`^0.30.21` → `0.30.21`
napi	workspace.dependencies	pin	`2.10.2` → `=2.10.2`
napi-build	workspace.dependencies	pin	`2.0.1` → `=2.0.1`
napi-derive	workspace.dependencies	pin	`2.9.3` → `=2.9.3`
node (source)		minor	`20.11.0` → `20.20.2`
nx (source)	pnpm.catalog.default	minor	`22.3.1` → `22.7.3`
periscopic	pnpm.catalog.default	pin	`^4.0.2` → `4.0.3`
pest (source)	workspace.dependencies	pin	`2.7.8` → `=2.7.8`
pest_derive (source)	workspace.dependencies	pin	`2.7.8` → `=2.7.8`
pnpm (source)	packageManager	minor	`10.26.0` → `10.33.4`
pnpm (source)	uses-with	minor	`8.10.2` → `8.15.9`
powerlines (source)	pnpm.catalog.default	pin	`^0.30.13` → `0.30.13`
prettier (source)	pnpm.catalog.default	pin	`^3.7.4` → `3.8.3`
prettier (source)	dependencies	minor	`^3.7.4` → `^3.8.3`
prettier-plugin-prisma	pnpm.catalog.default	pin	`^5.0.0` → `5.0.0`
prettier-plugin-tailwindcss	pnpm.catalog.default	pin	`^0.5.14` → `0.5.14`
prost	workspace.dependencies	pin	`0.12.3` → `=0.12.3`
prost-types	workspace.dependencies	pin	`0.12.3` → `=0.12.3`
protoc-bin-vendored	workspace.dependencies	pin	`3.0.0` → `=3.0.0`
react (source)	pnpm.catalog.default	pin	`^19.2.1` → `19.2.6`
react (source)	peerDependencies	minor	`18.2.0` → `18.3.1`
react (source)	dependencies	minor	`18.2.0` → `18.3.1`
react-dom (source)	pnpm.catalog.default	pin	`^19.2.1` → `19.2.6`
react-dom (source)	peerDependencies	minor	`18.2.0` → `18.3.1`
react-dom (source)	dependencies	minor	`18.2.0` → `18.3.1`
rimraf	pnpm.catalog.default	pin	`^5.0.10` → `5.0.10`
rsc-html-stream	pnpm.catalog.default	pin	`^0.0.7` → `0.0.7`
rust (source, changelog)	toolchain	minor	`1.91.1` → `1.95.0`
serde (source)	workspace.dependencies	pin	`1.0.197` → `=1.0.197`
serde_derive (source)	workspace.dependencies	pin	`1.0.197` → `=1.0.197`
serde_json	workspace.dependencies	pin	`1.0.115` → `=1.0.115`
sherif	pnpm.catalog.default	pin	`^1.9.0` → `1.11.1`
signal-exit	pnpm.catalog.default	pin	`^4.1.0` → `4.1.0`
storm-config (source)	workspace.dependencies	pin	`0.2.8` → `=0.2.8`
storm-workspace (source)	workspace.dependencies	pin	`0.19.59` → `=0.19.59`
strum	workspace.dependencies	pin	`0.27.2` → `=0.27.2`
strum_macros	workspace.dependencies	pin	`0.27.2` → `=0.27.2`
styfle/cancel-workflow-action	action	minor	`0.12.1` → `0.13.1`
tailwindcss (source)	pnpm.catalog.default	minor	`3.2.7` → `3.4.19`
tempfile (source)	workspace.dependencies	pin	`3.10.1` → `=3.10.1`
thiserror	workspace.dependencies	pin	`2.0.17` → `=2.0.17`
tonic	dependencies	minor	`0.11.0` → `0.14.0`
tonic	workspace.dependencies	pin	`0.11.0` → `=0.11.0`
tonic-build	workspace.dependencies	pin	`0.11.0` → `=0.11.0`
tonic-health	dependencies	minor	`0.11.0` → `0.14.0`
tonic-reflection	workspace.dependencies	pin	`0.6.0` → `=0.6.0`
tonic-types	dependencies	minor	`0.11.0` → `0.14.0`
tonic-web	dependencies	minor	`0.11.0` → `0.14.0`
tower-http	dependencies	minor	`0.5.2` → `0.6.0`
ts-node (source)	pnpm.catalog.default	pin	`^10.9.2` → `10.9.2`
tslib (source)	pnpm.catalog.default	pin	`^2.8.1` → `2.8.1`
tsup (source)	pnpm.catalog.default	minor	`8.4.0` → `8.5.1`
tsx (source)	pnpm.catalog.default	pin	`^4.21.0` → `4.22.3`
turbo-stream	pnpm.catalog.default	pin	`^3.1.0` → `3.2.0`
typescript (source)	pnpm.catalog.default	pin	`^5.9.3` → `5.9.3`
verdaccio (source)	pnpm.catalog.default	pin	`^5.33.0` → `5.33.0`
vite (source)	pnpm.catalog.default	pin	`^5.4.21` → `5.4.21`
vite-plugin-dts (

✂ Note

PR body was truncated to here.

socket-security · 2024-02-12T02:26:48Z

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action	Severity	Alert (click "▶" to expand/collapse)
Warn		Critical CVE: npm `fast-xml-parser` has an entity encoding bypass via regex injection in DOCTYPE entity names CVE: GHSA-m7jm-9gc2-mpf2 fast-xml-parser has an entity encoding bypass via regex injection in DOCTYPE entity names (CRITICAL) Affected versions: >= 5.0.0 < 5.3.5; >= 4.1.3 < 4.5.4 Patched version: 5.3.5 From: pnpm-lock.yaml → `npm/fast-xml-parser@5.2.5` ℹ Read more on: This package \| This alert \| What is a critical CVE? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Remove or replace dependencies that include known critical CVEs. Consumers can use dependency overrides or npm audit fix --force to remove vulnerable dependencies. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore npm/fast-xml-parser@5.2.5`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Obfuscated code: npm `buffer` is 96.0% likely obfuscated Confidence: 0.96 Location: Package overview From: pnpm-lock.yaml → `npm/buffer@4.9.2` ℹ Read more on: This package \| This alert \| What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore npm/buffer@4.9.2`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Obfuscated code: npm `commander` is 90.0% likely obfuscated Confidence: 0.90 Location: Package overview From: pnpm-lock.yaml → `npm/commander@10.0.1` ℹ Read more on: This package \| This alert \| What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore npm/commander@10.0.1`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Obfuscated code: npm `entities` is 91.0% likely obfuscated Confidence: 0.91 Location: Package overview From: pnpm-lock.yaml → `npm/entities@4.5.0` ℹ Read more on: This package \| This alert \| What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore npm/entities@4.5.0`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Obfuscated code: npm `entities` is 91.0% likely obfuscated Confidence: 0.91 Location: Package overview From: pnpm-lock.yaml → `npm/entities@6.0.1` ℹ Read more on: This package \| This alert \| What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore npm/entities@6.0.1`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Obfuscated code: npm `es-module-lexer` is 90.0% likely obfuscated Confidence: 0.90 Location: Package overview From: pnpm-lock.yaml → `npm/es-module-lexer@2.0.0` ℹ Read more on: This package \| This alert \| What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore npm/es-module-lexer@2.0.0`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Obfuscated code: npm `es-module-lexer` is 90.0% likely obfuscated Confidence: 0.90 Location: Package overview From: pnpm-lock.yaml → `npm/es-module-lexer@2.0.0` ℹ Read more on: This package \| This alert \| What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore npm/es-module-lexer@2.0.0`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Obfuscated code: npm `execa` is 90.0% likely obfuscated Confidence: 0.90 Location: Package overview From: pnpm-lock.yaml → `npm/execa@9.6.1` ℹ Read more on: This package \| This alert \| What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore npm/execa@9.6.1`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Obfuscated code: npm `highlight.js` is 90.0% likely obfuscated Confidence: 0.90 Location: Package overview From: pnpm-lock.yaml → `npm/highlight.js@10.7.3` ℹ Read more on: This package \| This alert \| What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore npm/highlight.js@10.7.3`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Obfuscated code: npm `jiti` is 90.0% likely obfuscated Confidence: 0.90 Location: Package overview From: pnpm-lock.yaml → `npm/jiti@2.6.1` ℹ Read more on: This package \| This alert \| What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore npm/jiti@2.6.1`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Obfuscated code: npm `json-schema` is 90.0% likely obfuscated Confidence: 0.90 Location: Package overview From: pnpm-lock.yaml → `npm/json-schema@0.4.0` ℹ Read more on: This package \| This alert \| What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore npm/json-schema@0.4.0`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Obfuscated code: npm `kind-of` is 90.0% likely obfuscated Confidence: 0.90 Location: Package overview From: pnpm-lock.yaml → `npm/kind-of@6.0.3` ℹ Read more on: This package \| This alert \| What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore npm/kind-of@6.0.3`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Obfuscated code: npm `node-fetch-native` is 90.0% likely obfuscated Confidence: 0.90 Location: Package overview From: pnpm-lock.yaml → `npm/node-fetch-native@1.6.7` ℹ Read more on: This package \| This alert \| What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore npm/node-fetch-native@1.6.7`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Obfuscated code: npm `rimraf` is 90.0% likely obfuscated Confidence: 0.90 Location: Package overview From: package.json → `npm/rimraf@5.0.10` ℹ Read more on: This package \| This alert \| What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore npm/rimraf@5.0.10`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report

stormie-bot

Code review by ChatGPT

stormie-bot

Code review by ChatGPT

stormie-bot

Code review by ChatGPT

stormie-bot

Code review by ChatGPT

stormie-bot

Code review by ChatGPT

stormie-bot

Code review by ChatGPT

stormie-bot

Code review by ChatGPT

stormie-bot

Code review by ChatGPT

stormie-bot

Code review by ChatGPT

stormie-bot

Code review by ChatGPT

stormie-bot

Code review by ChatGPT

renovate · 2025-12-29T00:43:21Z

⚠️ Artifact update problem

Renovate failed to update artifacts related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

any of the package files in this branch needs updating, or
the branch becomes conflicted, or
you click the rebase/retry checkbox if found above, or
you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: Cargo.lock

Command failed: cargo update --config net.git-fetch-with-cli=true --manifest-path Cargo.toml --workspace
error: failed to load manifest for workspace member `/tmp/renovate/repos/github/storm-software/acidic/apps/engine`
referenced by workspace at `/tmp/renovate/repos/github/storm-software/acidic/Cargo.toml`

Caused by:
  failed to load manifest for dependency `acidic-config`

Caused by:
  failed to read `/tmp/renovate/repos/github/storm-software/acidic/crates/config/Cargo.toml`

Caused by:
  No such file or directory (os error 2)

File name: Cargo.lock

Command failed: cargo update --config net.git-fetch-with-cli=true --manifest-path apps/engine/Cargo.toml --workspace
error: failed to load manifest for workspace member `/tmp/renovate/repos/github/storm-software/acidic/apps/engine`
referenced by workspace at `/tmp/renovate/repos/github/storm-software/acidic/Cargo.toml`

Caused by:
  failed to load manifest for dependency `acidic-config`

Caused by:
  failed to read `/tmp/renovate/repos/github/storm-software/acidic/crates/config/Cargo.toml`

Caused by:
  No such file or directory (os error 2)

deepsource-io · 2025-12-29T00:43:21Z

DeepSource Code Review

We reviewed changes in fb59a67...cbbfa5f on this pull request. Below is the summary for the review, and you can see the individual issues we found as inline review comments.

See full review on DeepSource ↗

PR Report Card

Overall Grade	Security Reliability Complexity Hygiene

Code Review Summary

Analyzer	Status	Updated (UTC)	Details
JavaScript		May 25, 2026 1:39a.m.	Review ↗
Shell		May 25, 2026 1:39a.m.	Review ↗

Important

AI Review is run only on demand for your team. We're only showing results of static analysis review right now. To trigger AI Review, comment @deepsourcebot review on this thread.

socket-security · 2026-05-18T00:50:02Z

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	node-fetch@3.3.2
	clsx@2.1.1
	chalk@5.6.2
	rimraf@5.0.10
	commander@11.1.0
	defu@6.1.4
	pino-pretty@10.3.1

View full report

renovate Bot requested a review from sullivanpj as a code owner January 8, 2024 02:44

renovate Bot force-pushed the renovate/dependencies-non-major branch from f1befb8 to e510e06 Compare February 12, 2024 02:25

stormie-bot previously approved these changes Feb 12, 2024

View reviewed changes

stormie-bot enabled auto-merge (squash) February 12, 2024 02:25

renovate Bot dismissed stormie-bot’s stale review via ce8d02f February 19, 2024 02:10

renovate Bot force-pushed the renovate/dependencies-non-major branch from e510e06 to ce8d02f Compare February 19, 2024 02:10

stormie-bot previously approved these changes Feb 19, 2024

View reviewed changes

renovate Bot dismissed stormie-bot’s stale review via 8ddf8a7 February 26, 2024 00:32

renovate Bot force-pushed the renovate/dependencies-non-major branch from ce8d02f to 8ddf8a7 Compare February 26, 2024 00:32

stormie-bot previously approved these changes Feb 26, 2024

View reviewed changes

renovate Bot dismissed stormie-bot’s stale review via 1a704c6 March 4, 2024 01:32

renovate Bot force-pushed the renovate/dependencies-non-major branch from 8ddf8a7 to 1a704c6 Compare March 4, 2024 01:32

stormie-bot previously approved these changes Mar 4, 2024

View reviewed changes

renovate Bot dismissed stormie-bot’s stale review via 45b9630 March 11, 2024 00:52

renovate Bot force-pushed the renovate/dependencies-non-major branch from 1a704c6 to 45b9630 Compare March 11, 2024 00:52

stormie-bot previously approved these changes Mar 11, 2024

View reviewed changes

renovate Bot dismissed stormie-bot’s stale review via 1b332cb March 18, 2024 01:40

renovate Bot force-pushed the renovate/dependencies-non-major branch from 45b9630 to 1b332cb Compare March 18, 2024 01:40

stormie-bot previously approved these changes Mar 18, 2024

View reviewed changes

renovate Bot dismissed stormie-bot’s stale review via 1ac724a March 25, 2024 01:49

renovate Bot force-pushed the renovate/dependencies-non-major branch from 1b332cb to 1ac724a Compare March 25, 2024 01:49

stormie-bot previously approved these changes Mar 25, 2024

View reviewed changes

renovate Bot dismissed stormie-bot’s stale review via 32494b9 April 1, 2024 00:37

renovate Bot force-pushed the renovate/dependencies-non-major branch from 1ac724a to 32494b9 Compare April 1, 2024 00:37

stormie-bot previously approved these changes Apr 1, 2024

View reviewed changes

renovate Bot dismissed stormie-bot’s stale review via bf42e4f April 8, 2024 01:15

renovate Bot force-pushed the renovate/dependencies-non-major branch from 32494b9 to bf42e4f Compare April 8, 2024 01:15

stormie-bot previously approved these changes Apr 8, 2024

View reviewed changes

renovate Bot dismissed stormie-bot’s stale review via d5836b6 April 29, 2024 01:47

renovate Bot force-pushed the renovate/dependencies-non-major branch from 535ea08 to b8aafdd Compare October 21, 2024 01:54

stormie-bot previously approved these changes Oct 21, 2024

View reviewed changes

renovate Bot dismissed stormie-bot’s stale review via 9927e17 October 28, 2024 00:51

stormie-bot previously approved these changes Oct 28, 2024

View reviewed changes

stormie-bot previously approved these changes Nov 4, 2024

View reviewed changes

stormie-bot reviewed Nov 11, 2024

View reviewed changes

stormie-bot previously approved these changes Nov 18, 2024

View reviewed changes

stormie-bot reviewed Nov 18, 2024

View reviewed changes

stormie-bot previously approved these changes Nov 25, 2024

View reviewed changes

stormie-bot reviewed Nov 25, 2024

View reviewed changes

stormie-bot previously approved these changes Dec 2, 2024

View reviewed changes

stormie-bot reviewed Dec 2, 2024

View reviewed changes

stormie-bot previously approved these changes Dec 9, 2024

View reviewed changes

stormie-bot reviewed Dec 9, 2024

View reviewed changes

stormie-bot previously approved these changes Dec 16, 2024

View reviewed changes

stormie-bot reviewed Dec 16, 2024

View reviewed changes

stormie-bot previously approved these changes Dec 23, 2024

View reviewed changes

stormie-bot reviewed Dec 23, 2024

View reviewed changes

stormie-bot previously approved these changes Dec 30, 2024

View reviewed changes

stormie-bot reviewed Dec 30, 2024

View reviewed changes

stormie-bot previously approved these changes Dec 30, 2024

View reviewed changes

stormie-bot reviewed Dec 30, 2024

View reviewed changes

stormie-bot previously approved these changes Jan 13, 2025

View reviewed changes

stormie-bot reviewed Jan 13, 2025

View reviewed changes

stormie-bot previously approved these changes Jan 20, 2025

View reviewed changes

stormie-bot reviewed Jan 20, 2025

View reviewed changes

fix(deps): pin dependencies

cbbfa5f

Uh oh!

Conversation

renovate Bot commented Jan 8, 2024 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

socket-security Bot commented Feb 12, 2024 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

stormie-bot left a comment

Choose a reason for hiding this comment

Uh oh!

stormie-bot left a comment

Choose a reason for hiding this comment

Uh oh!

stormie-bot left a comment

Choose a reason for hiding this comment

Uh oh!

stormie-bot left a comment

Choose a reason for hiding this comment

Uh oh!

stormie-bot left a comment

Choose a reason for hiding this comment

Uh oh!

stormie-bot left a comment

Choose a reason for hiding this comment

Uh oh!

stormie-bot left a comment

Choose a reason for hiding this comment

Uh oh!

stormie-bot left a comment

Choose a reason for hiding this comment

Uh oh!

stormie-bot left a comment

Choose a reason for hiding this comment

Uh oh!

stormie-bot left a comment

Choose a reason for hiding this comment

Uh oh!

stormie-bot left a comment

Choose a reason for hiding this comment

Uh oh!

renovate Bot commented Dec 29, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

⚠️ Artifact update problem

File name: Cargo.lock

File name: Cargo.lock

Uh oh!

deepsource-io Bot commented Dec 29, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

DeepSource Code Review

PR Report Card

Code Review Summary

Uh oh!

socket-security Bot commented May 18, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

renovate Bot commented Jan 8, 2024 •

edited

Loading

socket-security Bot commented Feb 12, 2024 •

edited

Loading

renovate Bot commented Dec 29, 2025 •

edited

Loading

deepsource-io Bot commented Dec 29, 2025 •

edited

Loading

socket-security Bot commented May 18, 2026 •

edited

Loading