Skip to content

build(deps): Bump @storm-software/linting-tools from 1.38.13 to 1.44.1#46

Closed
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/storm-software/linting-tools-1.44.1
Closed

build(deps): Bump @storm-software/linting-tools from 1.38.13 to 1.44.1#46
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/storm-software/linting-tools-1.44.1

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Mar 25, 2024

Bumps @storm-software/linting-tools from 1.38.13 to 1.44.1.

Release notes

Sourced from @​storm-software/linting-tools's releases.

linting-tools@1.44.1

1.44.1 (2024-03-25)

🩹 Fixes

  • storm-workspace: Resolved issue with failed unit-test (42e5a411)

❤️ Thank You

  • Patrick Sullivan

linting-tools@1.44.0

1.44.0 (2024-03-25)

🚀 Features

  • workspace-tools: Added Nx plugin to apply rust and typescript targets (5738161f)

  • workspace-tools: Major updates to base nx.json configuration (06ec9a6a)

🩹 Fixes

  • git-tools: Resolved issues with left-hook scripts (daf28aa2)

❤️ Thank You

  • Patrick Sullivan

linting-tools@1.43.1

1.43.1 (2024-03-19)

🩹 Fixes

  • linting-tools: Update the linting-tools asset configuration (c35e2491)

❤️ Thank You

  • Patrick Sullivan

linting-tools@1.43.0

1.43.0 (2024-03-19)

... (truncated)

Changelog

Sourced from @​storm-software/linting-tools's changelog.

1.44.1 (2024-03-25)

🩹 Fixes

  • storm-workspace: Resolved issue with failed unit-test (42e5a411)

❤️ Thank You

  • Patrick Sullivan

1.44.0 (2024-03-25)

🚀 Features

  • workspace-tools: Added Nx plugin to apply rust and typescript targets (5738161f)

  • workspace-tools: Major updates to base nx.json configuration (06ec9a6a)

🩹 Fixes

  • git-tools: Resolved issues with left-hook scripts (daf28aa2)

❤️ Thank You

  • Patrick Sullivan

1.43.1 (2024-03-19)

🩹 Fixes

  • linting-tools: Update the linting-tools asset configuration (c35e2491)

❤️ Thank You

  • Patrick Sullivan

1.43.0 (2024-03-19)

🚀 Features

  • linting-tools: Added the taplo and ls-lint tools (24c984eb)

... (truncated)

Commits
  • bffe60f chore(release): Publish monorepo release updates
  • 42e5a41 fix(storm-workspace): Resolved issue with failed unit-test
  • 30b8445 chore(release): Publish monorepo release updates
  • 06ec9a6 feat(workspace-tools): Major updates to base nx.json configuration
  • daf28aa fix(git-tools): Resolved issues with left-hook scripts
  • 5738161 feat(workspace-tools): Added Nx plugin to apply rust and typescript targets
  • df52eec chore(release): Publish monorepo release updates
  • c35e249 fix(linting-tools): Update the linting-tools asset configuration
  • 5ad2038 chore(release): Publish monorepo release updates
  • 24c984e feat(linting-tools): Added the taplo and ls-lint tools
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
build(deps): Bump @storm-software/linting-tools from 1.38.13 to 1.44.1
5295fa3 
Bumps [@storm-software/linting-tools](https://github.com/storm-software/storm-ops/tree/HEAD/packages/linting-tools) from 1.38.13 to 1.44.1.
- [Release notes](https://github.com/storm-software/storm-ops/releases)
- [Changelog](https://github.com/storm-software/storm-ops/blob/main/packages/linting-tools/CHANGELOG.md)
- [Commits](https://github.com/storm-software/storm-ops/commits/linting-tools@1.44.1/packages/linting-tools)

---
updated-dependencies:
- dependency-name: "@storm-software/linting-tools"
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot requested a review from sullivanpj as a code owner March 25, 2024 13:05
@dependabot dependabot Bot added javascript Pull requests that update Javascript code Mend: dependency security vulnerability Security vulnerability detected by Mend labels Mar 25, 2024
@dependabot dependabot Bot mentioned this pull request Mar 25, 2024
Closed
@stormie-bot stormie-bot enabled auto-merge (squash) March 25, 2024 13:05
@socket-security
Copy link
Copy Markdown

socket-security Bot commented Mar 25, 2024

New and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package New capabilities Transitives Size Publisher
npm/@dagrejs/dagre@1.0.4 None +1 485 kB davidnewell
npm/@eslint/eslintrc@3.0.0 filesystem, unsafe Transitive: eval +1 1.6 MB eslintbot
npm/@nx/cypress@18.0.4 environment, filesystem +1 212 kB nrwl-jason
npm/@nx/devkit@18.0.4 environment, filesystem, shell, unsafe +1 183 kB nrwl-jason
npm/@nx/esbuild@18.0.4 None +1 59 kB nrwl-jason
npm/@nx/eslint-plugin@18.0.4 filesystem +10 2.36 MB nrwl-jason
npm/@nx/eslint@18.0.4 environment, filesystem +1 169 kB nrwl-jason
npm/@nx/jest@18.0.4 environment, filesystem, unsafe Transitive: shell +47 9.1 MB nrwl-jason
npm/@nx/js@18.0.4 environment, filesystem, shell Transitive: unsafe +127 11.1 MB nrwl-jason
npm/@nx/react@18.0.4 environment Transitive: filesystem, unsafe +141 11.2 MB nrwl-jason
npm/@nx/storybook@18.0.4 environment, filesystem +1 218 kB nrwl-jason
npm/@nx/vite@18.0.4 environment, eval, filesystem +1 538 kB nrwl-jason
npm/@nx/web@18.0.4 environment +1 157 kB nrwl-jason
npm/@nx/workspace@18.0.4 environment, filesystem +1 212 kB nrwl-jason
npm/@storm-software/config-tools@1.27.13 None 0 7.44 MB stormie-bot
npm/@storm-software/config@1.2.13 None 0 139 kB stormie-bot
npm/@storm-software/git-tools@1.36.13 Transitive: environment, eval, filesystem, network +20 422 MB stormie-bot
npm/@storm-software/workspace-tools@1.56.13 Transitive: environment, eval, filesystem, shell, unsafe +287 78.2 MB stormie-bot
npm/@storm-stack/cli@1.17.2 environment, eval, filesystem, shell, unsafe 0 1.24 MB stormie-bot
npm/@storm-stack/date-time@1.18.2 environment +1 4.45 MB stormie-bot
npm/@storm-stack/errors@1.18.2 Transitive: environment, eval, filesystem, shell, unsafe +167 74.2 MB stormie-bot
npm/@storm-stack/file-system@1.21.2 environment, eval, filesystem, network, shell, unsafe 0 1.4 MB stormie-bot
npm/@storm-stack/jotai@1.16.2 None 0 502 kB stormie-bot
npm/@storm-stack/logging@1.20.2 environment 0 1.41 MB stormie-bot
npm/@storm-stack/plugin-system@1.8.2 Transitive: environment, filesystem, shell +1 9.34 MB stormie-bot
npm/@storm-stack/serialization@1.18.2 None +2 336 kB stormie-bot
npm/@storm-stack/telemetry@1.2.2 environment 0 1 MB stormie-bot
npm/@storm-stack/unique-identifier@1.17.2 None +1 1.06 MB stormie-bot
npm/@storm-stack/utilities@1.17.2 environment +2 397 kB stormie-bot
npm/@storybook/addon-essentials@7.6.6 Transitive: environment, eval, filesystem, network, shell, unsafe +131 25.7 MB shilman
npm/@storybook/addon-interactions@7.6.6 Transitive: environment +24 7.03 MB shilman
npm/@storybook/addons@7.6.6 Transitive: environment, eval, network +28 5.98 MB shilman
npm/@storybook/core-server@7.6.6 filesystem Transitive: environment, eval, network, shell, unsafe +59 27.9 MB shilman
npm/@storybook/jest@0.2.3 None +6 1.67 MB yannbf
npm/@storybook/react-vite@7.6.6 Transitive: environment, eval, filesystem, network, unsafe +67 10.5 MB shilman
npm/@storybook/react@7.6.6 Transitive: environment, filesystem, network, unsafe +42 7.73 MB shilman
npm/@storybook/test-runner@0.16.0 environment Transitive: eval, filesystem, network, unsafe +68 10.4 MB shilman
npm/@storybook/testing-library@0.2.2 Transitive: environment +8 4 MB yannbf
npm/@storybook/theming@7.6.6 environment +3 746 kB shilman
npm/@swc-node/register@1.8.0 environment, filesystem +3 366 kB broooooklyn
npm/@swc/cli@0.1.63 environment, filesystem Transitive: network, shell +4 1.03 MB kdy1
npm/@swc/core@1.3.101 environment, filesystem, shell +2 400 kB kdy1
npm/@swc/helpers@0.5.3 None 0 228 kB kdy1
npm/@testing-library/react@14.0.0 environment +7 8.78 MB testing-library-bot
npm/@types/jest@29.5.11 None 0 78.7 kB types
npm/@types/node@18.19.4 None 0 3.82 MB types
npm/@types/node@20.9.0 None 0 3.92 MB types
npm/@types/prettier@3.0.0 None 0 1.72 kB types
npm/@types/react-dom@18.2.18 None 0 33.3 kB types
npm/@types/react@18.2.55 None +2 431 kB types
npm/@types/vscode@1.85.0 None 0 626 kB types
npm/@typescript-eslint/eslint-plugin@6.13.2 None +10 5.14 MB jameshenry
npm/@typescript-eslint/parser@6.13.2 None +4 1.36 MB jameshenry
npm/@vitejs/plugin-react-swc@3.5.0 filesystem, unsafe 0 33.5 kB vitebot
npm/@vitejs/plugin-react@4.2.1 Transitive: environment, filesystem, unsafe +35 8.06 MB vitebot
npm/@vitest/coverage-v8@1.2.2 None +7 737 kB oreanno
npm/@vitest/ui@1.0.4 None +1 914 kB oreanno
npm/@vscode/vsce@2.21.1 environment, filesystem, shell +1 4.26 MB vscode-bot
npm/autoprefixer@10.4.13 environment Transitive: filesystem +1 261 kB ai
npm/bentocache@1.0.0-beta.7 None +9 1.18 MB julien-r44

🚮 Removed packages: npm/chalk@5.3.0, npm/chokidar@3.5.3, npm/clsx@2.1.0, npm/commander@11.1.0, npm/eslint-config-prettier@9.1.0, npm/espree@9.6.1, npm/glob@10.3.10, npm/lodash-es@4.17.21, npm/postcss@8.4.35, npm/react-dom@18.2.0, npm/react@18.2.0, npm/rimraf@5.0.5, npm/tslib@2.6.2, npm/typescript@5.3.3, npm/zod@3.22.4

View full report↗︎

@socket-security
Copy link
Copy Markdown

socket-security Bot commented Mar 25, 2024

🚨 Potential security issues detected. Learn more about Socket for GitHub ↗︎

To accept the risk, merge this PR and you will not be notified again.

Alert Package NoteSource
Install scripts npm/@swc/core@1.3.101
  • Install script: postinstall
  • Source: node postinstall.js

View full report↗︎

Next steps

What is an install script?

Install scripts are run when the package is installed. The majority of malware in npm is hidden in install scripts.

Packages should not be running non-essential scripts during install and there are often solutions to problems people solve with install scripts that can be run at publish time instead.

Take a deeper look at the dependency

Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support [AT] socket [DOT] dev.

Remove the package

If you happen to install a dependency that Socket reports as Known Malware you should immediately remove it and select a different dependency. For other alert types, you may may wish to investigate alternative packages or consider if there are other ways to mitigate the specific risk posed by the dependency.

Mark a package as acceptable risk

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of ecosystem/package-name@version specifiers. e.g. @SocketSecurity ignore npm/foo@1.0.0 or ignore all packages with @SocketSecurity ignore-all

  • @SocketSecurity ignore npm/@swc/core@1.3.101

@dependabot @github
Copy link
Copy Markdown
Contributor Author

dependabot Bot commented on behalf of github Apr 29, 2024

Superseded by #57.

@dependabot dependabot Bot closed this Apr 29, 2024
auto-merge was automatically disabled April 29, 2024 12:46

Pull request was closed

@dependabot dependabot Bot deleted the dependabot/npm_and_yarn/storm-software/linting-tools-1.44.1 branch April 29, 2024 12:46
@storm-software storm-software locked and limited conversation to collaborators May 1, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

@stormie-bot stormie-bot stormie-bot approved these changes

@sullivanpj sullivanpj Awaiting requested review from sullivanpj sullivanpj is a code owner

Assignees

No one assigned

Labels

javascript Pull requests that update Javascript code Mend: dependency security vulnerability Security vulnerability detected by Mend

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@stormie-bot