Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update dependency prettier-plugin-packagejson to v2.5.10 #232

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Update dependency prettier-plugin-packagejson to v2.5.10 #232

wants to merge 1 commit into from

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Jan 17, 2025
edited
Loading

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
prettier-plugin-packagejson 2.5.7 -> 2.5.10 age adoption passing confidence

Release Notes

matzkoh/prettier-plugin-packagejson (prettier-plugin-packagejson)

v2.5.10

Compare Source

v2.5.9

Compare Source

Bug Fixes
  • deps: update dependency sort-package-json to v2.15.0 (0f3dd4b)

v2.5.8

Compare Source

Bug Fixes
  • deps: update dependency sort-package-json to v2.14.0 (fe3557e)

Configuration

📅 Schedule: Branch creation - "after 10pm every weekday,every weekend,before 5am every weekday" in timezone America/New_York, Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate bot requested a review from paulshryock as a code owner January 17, 2025 05:10
@socket-security Socket Security
Copy link

socket-security bot commented Jan 17, 2025
edited
Loading

Updated dependencies detected. Learn more about Socket for GitHub ↗︎

Package New capabilities Transitives Size Publisher
npm/prettier-plugin-packagejson@2.5.72.5.10 Transitive: environment, filesystem +12 374 kB matzkoh

View full report↗︎

@socket-security Socket Security
Copy link

socket-security bot commented Jan 17, 2025
edited
Loading

🚨 Potential security issues detected. Learn more about Socket for GitHub ↗︎

To accept the risk, merge this PR and you will not be notified again.

Alert Package NoteSourceCI
Dynamic require npm/prettier-plugin-packagejson@2.5.10 🚫

View full report↗︎

Next steps

What is dynamic require?

Dynamic require can indicate the package is performing dangerous or unsafe dynamic code execution.

Packages should avoid dynamic imports when possible. Audit the use of dynamic require to ensure it is not executing malicious or vulnerable code.

Take a deeper look at the dependency

Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support [AT] socket [DOT] dev.

Remove the package

If you happen to install a dependency that Socket reports as Known Malware you should immediately remove it and select a different dependency. For other alert types, you may may wish to investigate alternative packages or consider if there are other ways to mitigate the specific risk posed by the dependency.

Mark a package as acceptable risk

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of ecosystem/package-name@version specifiers. e.g. @SocketSecurity ignore npm/foo@1.0.0 or ignore all packages with @SocketSecurity ignore-all

  • @SocketSecurity ignore npm/prettier-plugin-packagejson@2.5.10

@renovate renovate bot force-pushed the renovate/prettier-plugin-packagejson-2.x branch 5 times, most recently from 174e853 to a7bbb3a Compare January 23, 2025 14:17
@renovate renovate bot force-pushed the renovate/prettier-plugin-packagejson-2.x branch 6 times, most recently from 2f8d92f to 4be7bac Compare January 31, 2025 09:51
@renovate renovate bot force-pushed the renovate/prettier-plugin-packagejson-2.x branch 3 times, most recently from 621f12c to 5a2bf36 Compare February 4, 2025 13:41
@renovate renovate bot force-pushed the renovate/prettier-plugin-packagejson-2.x branch 12 times, most recently from d9e46f4 to cc61c9a Compare February 14, 2025 16:07
@renovate renovate bot force-pushed the renovate/prettier-plugin-packagejson-2.x branch 3 times, most recently from 74fda8e to c80f66a Compare February 22, 2025 10:04
@renovate renovate bot force-pushed the renovate/prettier-plugin-packagejson-2.x branch 8 times, most recently from 853511d to a6418e7 Compare February 27, 2025 14:55
@renovate renovate bot changed the title Update dependency prettier-plugin-packagejson to v2.5.8 Update dependency prettier-plugin-packagejson to v2.5.9 Feb 28, 2025
@renovate renovate bot force-pushed the renovate/prettier-plugin-packagejson-2.x branch 2 times, most recently from d7a1a18 to b430cc0 Compare March 1, 2025 14:51
@renovate renovate bot changed the title Update dependency prettier-plugin-packagejson to v2.5.9 Update dependency prettier-plugin-packagejson to v2.5.10 Mar 3, 2025
@renovate renovate bot force-pushed the renovate/prettier-plugin-packagejson-2.x branch from b430cc0 to 1ebba7a Compare March 3, 2025 01:46
@renovate renovate bot force-pushed the renovate/prettier-plugin-packagejson-2.x branch from 1ebba7a to f3c959f Compare March 3, 2025 07:24
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@paulshryock paulshryock Awaiting requested review from paulshryock paulshryock is a code owner

Assignees
No one assigned
Labels
dependencies
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants