Bump the minor-and-patch group across 2 directories with 13 updates

[dependabot]

Bumps the minor-and-patch group with 13 updates in the / directory:

Package	From	To
@babel/preset-env	7.25.3	7.25.4
@types/react	18.3.3	18.3.5
eslint-plugin-import	2.29.1	2.30.0
eslint-plugin-jsx-a11y	6.9.0	6.10.0
eslint-plugin-react	7.35.0	7.35.2
webpack	5.93.0	5.94.0
webpack-dev-server	5.0.4	5.1.0
@types/webextension-polyfill	0.12.0	0.12.1
sass	1.77.8	1.78.0
soroswap-router-sdk	1.2.10	1.2.13
tslib	2.6.3	2.7.0
@playwright/test	1.46.1	1.47.0
@sentry/webpack-plugin	2.22.2	2.22.4

Bumps the minor-and-patch group with 2 updates in the /extension directory: tslib and @playwright/test.

Updates @babel/preset-env from 7.25.3 to 7.25.4

Release notes

Sourced from @​babel/preset-env's releases.

v7.25.4 (2024-08-22)

🐛 Bug Fix

• babel-traverse
  • #16756 fix: Skip computed key when renaming (@​liuxingbaoyu)
• babel-helper-create-class-features-plugin, babel-plugin-proposal-decorators
  • #16755 fix: Decorator 2018-09 may throw an exception (@​liuxingbaoyu)
• babel-types
  • #16710 Visit AST fields nodes according to their syntactical order (@​nicolo-ribaudo)
• babel-generator
  • #16709 Print semicolon after TS export namespace as A (@​nicolo-ribaudo)

💅 Polish

• babel-generator, babel-plugin-proposal-decorators, babel-plugin-proposal-destructuring-private, babel-plugin-proposal-pipeline-operator, babel-plugin-transform-class-properties, babel-plugin-transform-destructuring, babel-plugin-transform-optional-chaining, babel-plugin-transform-private-methods, babel-plugin-transform-private-property-in-object, babel-plugin-transform-typescript, babel-runtime-corejs2, babel-runtime, babel-traverse
  • #16722 Avoid unnecessary parens around sequence expressions (@​nicolo-ribaudo)
• babel-generator, babel-plugin-transform-class-properties
  • #16714 Avoid unnecessary parens around exported arrow functions (@​nicolo-ribaudo)
• babel-generator, babel-plugin-proposal-decorators, babel-plugin-proposal-destructuring-private, babel-plugin-transform-object-rest-spread
  • #16712 Avoid printing unnecessary parens around object destructuring (@​nicolo-ribaudo)

🔬 Output optimization

• babel-generator
  • #16740 Avoid extra spaces between comments/regexps in compact mode (@​nicolo-ribaudo)

Committers: 4

• Babel Bot (@​babel-bot)
• Huáng Jùnliàng (@​JLHwung)
• Nicolò Ribaudo (@​nicolo-ribaudo)
• @​liuxingbaoyu

Changelog

Sourced from @​babel/preset-env's changelog.

v7.25.4 (2024-08-22)

🐛 Bug Fix

• babel-traverse
  • #16756 fix: Skip computed key when renaming (@​liuxingbaoyu)
• babel-helper-create-class-features-plugin, babel-plugin-proposal-decorators
  • #16755 fix: Decorator 2018-09 may throw an exception (@​liuxingbaoyu)
• babel-types
  • #16710 Visit AST fields nodes according to their syntactical order (@​nicolo-ribaudo)
• babel-generator
  • #16709 Print semicolon after TS export namespace as A (@​nicolo-ribaudo)

💅 Polish

• babel-generator, babel-plugin-proposal-decorators, babel-plugin-proposal-destructuring-private, babel-plugin-proposal-pipeline-operator, babel-plugin-transform-class-properties, babel-plugin-transform-destructuring, babel-plugin-transform-optional-chaining, babel-plugin-transform-private-methods, babel-plugin-transform-private-property-in-object, babel-plugin-transform-typescript, babel-runtime-corejs2, babel-runtime, babel-traverse
  • #16722 Avoid unnecessary parens around sequence expressions (@​nicolo-ribaudo)
• babel-generator, babel-plugin-transform-class-properties
  • #16714 Avoid unnecessary parens around exported arrow functions (@​nicolo-ribaudo)
• babel-generator, babel-plugin-proposal-decorators, babel-plugin-proposal-destructuring-private, babel-plugin-transform-object-rest-spread
  • #16712 Avoid printing unnecessary parens around object destructuring (@​nicolo-ribaudo)

🔬 Output optimization

• babel-generator
  • #16740 Avoid extra spaces between comments/regexps in compact mode (@​nicolo-ribaudo)

Commits

• cbf124c v7.25.4
• b38b027 Update compat data (#16736)
• 55dfde8 Update babel-plugin-polyfill-corejs3 (#16715)
• dba45d3 Ignore devDependencies when generating tsconfig.json (#16659)
• See full diff in compare view

Updates @types/react from 18.3.3 to 18.3.5

Commits

• See full diff in compare view

Updates eslint-plugin-import from 2.29.1 to 2.30.0

Release notes

Sourced from eslint-plugin-import's releases.

v2.30.0

Added

• dynamic-import-chunkname: add allowEmpty option to allow empty leading comments (#2942, thanks [@​JiangWeixian])
• dynamic-import-chunkname: Allow empty chunk name when webpackMode: 'eager' is set; add suggestions to remove name in eager mode (#3004, thanks [@​amsardesai])
• [no-unused-modules]: Add ignoreUnusedTypeExports option (#3011, thanks [@​silverwind])
• add support for Flat Config (#3018, thanks [@​michaelfaith])

Fixed

• [no-extraneous-dependencies]: allow wrong path (#3012, thanks [@​chabb])
• [no-cycle]: use scc algorithm to optimize (#2998, thanks [@​soryy708])
• [no-duplicates]: Removing duplicates breaks in TypeScript (#3033, thanks [@​yesl-kim])
• newline-after-import: fix considerComments option when require (#2952, thanks [@​developer-bandi])
• [order]: do not compare first path segment for relative paths (#2682) (#2885, thanks [@​mihkeleidast])

Changed

• [Docs] no-extraneous-dependencies: Make glob pattern description more explicit (#2944, thanks [@​mulztob])
• [no-unused-modules]: add console message to help debug #2866
• [Refactor] ExportMap: make procedures static instead of monkeypatching exportmap (#2982, thanks [@​soryy708])
• [Refactor] ExportMap: separate ExportMap instance from its builder logic (#2985, thanks [@​soryy708])
• [Docs] order: Add a quick note on how unbound imports and --fix (#2640, thanks [@​minervabot])
• [Tests] appveyor -> GHA (run tests on Windows in both pwsh and WSL + Ubuntu) (#2987, thanks [@​joeyguerra])
• [actions] migrate OSX tests to GHA ([ljharb#37], thanks [@​aks-])
• [Refactor] exportMapBuilder: avoid hoisting (#2989, thanks [@​soryy708])
• [Refactor] ExportMap: extract "builder" logic to separate files (#2991, thanks [@​soryy708])
• [Docs] [order]: update the description of the pathGroupsExcludedImportTypes option (#3036, thanks [@​liby])
• [readme] Clarify how to install the plugin (#2993, thanks [@​jwbth])

... (truncated)

Changelog

Sourced from eslint-plugin-import's changelog.

[2.30.0] - 2024-09-02

Added

• [dynamic-import-chunkname]: add allowEmpty option to allow empty leading comments (#2942, thanks [@​JiangWeixian])
• [dynamic-import-chunkname]: Allow empty chunk name when webpackMode: 'eager' is set; add suggestions to remove name in eager mode (#3004, thanks [@​amsardesai])
• [no-unused-modules]: Add ignoreUnusedTypeExports option (#3011, thanks [@​silverwind])
• add support for Flat Config (#3018, thanks [@​michaelfaith])

Fixed

• [no-extraneous-dependencies]: allow wrong path (#3012, thanks [@​chabb])
• [no-cycle]: use scc algorithm to optimize (#2998, thanks [@​soryy708])
• [no-duplicates]: Removing duplicates breaks in TypeScript (#3033, thanks [@​yesl-kim])
• [newline-after-import]: fix considerComments option when require (#2952, thanks [@​developer-bandi])
• [order]: do not compare first path segment for relative paths (#2682) (#2885, thanks [@​mihkeleidast])

Changed

• [Docs] no-extraneous-dependencies: Make glob pattern description more explicit (#2944, thanks [@​mulztob])
• [no-unused-modules]: add console message to help debug #2866
• [Refactor] ExportMap: make procedures static instead of monkeypatching exportmap (#2982, thanks [@​soryy708])
• [Refactor] ExportMap: separate ExportMap instance from its builder logic (#2985, thanks [@​soryy708])
• [Docs] order: Add a quick note on how unbound imports and --fix (#2640, thanks [@​minervabot])
• [Tests] appveyor -> GHA (run tests on Windows in both pwsh and WSL + Ubuntu) (#2987, thanks [@​joeyguerra])
• [actions] migrate OSX tests to GHA ([ljharb#37], thanks [@​aks-])
• [Refactor] exportMapBuilder: avoid hoisting (#2989, thanks [@​soryy708])
• [Refactor] ExportMap: extract "builder" logic to separate files (#2991, thanks [@​soryy708])
• [Docs] [order]: update the description of the pathGroupsExcludedImportTypes option (#3036, thanks [@​liby])
• [readme] Clarify how to install the plugin (#2993, thanks [@​jwbth])

Commits

• 18787d3 Bump to 2.30.0
• 9902298 [Deps] update eslint-module-utils
• 9d194a6 [utils] v2.9.0
• 0a58d75 [resolvers/webpack] v0.13.9
• a3015eb [Test] namespace: ensure valid case is actually included
• 8bdb32b [Test] add explicit marker for trailing whitespace in cases
• 038c26c [readme] Clarify how to install the plugin
• 32a2b89 [Fix] order: do not compare first path segment for relative paths (#2682)
• ee1ea02 [Fix] newline-after-import: fix considerComments option when require
• 806e3c2 [New] add support for Flat Config
• Additional commits viewable in compare view

Updates eslint-plugin-jsx-a11y from 6.9.0 to 6.10.0

Changelog

Sourced from eslint-plugin-jsx-a11y's changelog.

v6.10.0 - 2024-09-03

Fixed

• [New] label-has-associated-control: add additional error message [#1005](https://github.com/jsx-eslint/eslint-plugin-jsx-a11y/issues/1005)
• [Fix] label-has-associated-control: ignore undetermined label text [#966](https://github.com/jsx-eslint/eslint-plugin-jsx-a11y/issues/966)

Commits

• [Tests] switch from jest to tape a284cbf
• [New] add eslint 9 support deac4fd
• [New] add attributes setting a1ee7f8
• [New] allow polymorphic linting to be restricted 6cd1a70
• [Tests] remove duplicate tests 74d5dec
• [Dev Deps] update @babel/cli, @babel/core, @babel/eslint-parser, @babel/plugin-transform-flow-strip-types 6eca235
• [readme] remove deprecated travis ci badge; add github actions badge 0be7ea9
• [Tests] use npm audit instead of aud 05a5e49
• [Deps] update axobject-query 912e98c
• [Deps] unpin axobject-query 75147aa
• [Deps] update axe-core 27ff7cb
• [readme] fix jsxA11y import name ce846e0
• [readme] fix typo in shareable config section in readme cca288b

Commits

• 65c9338 v6.10.0
• 912e98c [Deps] update axobject-query
• 6cd1a70 [New] allow polymorphic linting to be restricted
• a1ee7f8 [New] add attributes setting
• 83fd9c4 [New] label-has-associated-control: add additional error message
• 75147aa [Deps] unpin axobject-query
• a284cbf [Tests] switch from jest to tape
• deac4fd [New] add eslint 9 support
• 74d5dec [Tests] remove duplicate tests
• 05a5e49 [Tests] use npm audit instead of aud
• Additional commits viewable in compare view

Updates eslint-plugin-react from 7.35.0 to 7.35.2

Release notes

Sourced from eslint-plugin-react's releases.

v7.35.2

Fixed

• jsx-curly-brace-presence: avoid autofixing attributes with double quotes to a double quoted attribute (#3814[] @​ljharb)

#3814: jsx-eslint/eslint-plugin-react#3814 jsx-curly-brace-presence: docs/rules/jsx-curly-brace-presence.md

v7.35.1

Fixed

• jsx-curly-brace-presence: do not trigger on strings containing a quote character (#3798[] @​akulsr0)

#3798: jsx-eslint/eslint-plugin-react#3798

... (truncated)

Changelog

Sourced from eslint-plugin-react's changelog.

[7.35.2] - 2024.09.03

Fixed

• [jsx-curly-brace-presence]: avoid autofixing attributes with double quotes to a double quoted attribute (#3814[] @​ljharb)

#3814: jsx-eslint/eslint-plugin-react#3814

7.35.1 - 2024.09.02

Fixed

• [jsx-curly-brace-presence]: do not trigger on strings containing a quote character (#3798[] @​akulsr0)

#3798: jsx-eslint/eslint-plugin-react#3798

Commits

• 4c10849 Update CHANGELOG and bump version
• 45ba6bc [Fix] jsx-curly-brace-presence: avoid autofixing attributes with double quo...
• e538ee9 [Tests] jsx-curly-brace-presence: clean up formatting
• 5fc0f87 Update CHANGELOG and bump version
• a2306e7 [Tests] use npm audit instead of aud
• d9c7ef1 [Dev Deps] update @babel/core, @babel/eslint-parser, aud
• 10eb235 [Fix] jsx-curly-brace-presence: do not trigger on strings containing a quot...
• 0170dbe [Refactor] add astUtil.isCallExpression predicate
• 3b6bacc [Refactor] general cleanup
• 8dc0215 [Refactor] hoist functions to module level
• Additional commits viewable in compare view

Updates webpack from 5.93.0 to 5.94.0

Release notes

Sourced from webpack's releases.

v5.94.0

Bug Fixes

• Added runtime condition for harmony reexport checked
• Handle properly data/http/https protocols in source maps
• Make bigint optimistic when browserslist not found
• Move @​types/eslint-scope to dev deps
• Related in asset stats is now always an array when no related found
• Handle ASI for export declarations
• Mangle destruction incorrect with export named default properly
• Fixed unexpected asi generation with sequence expression
• Fixed a lot of types

New Features

• Added new external type "module-import"
• Support webpackIgnore for new URL() construction
• [CSS] @import pathinfo support

Security

• Fixed DOM clobbering in auto public path

Commits

• eabf85d chore(release): 5.94.0
• 955e057 security: fix DOM clobbering in auto public path
• 9822387 test: fix
• cbb86ed test: fix
• 5ac3d7f fix: unexpected asi generation with sequence expression
• 2411661 security: fix DOM clobbering in auto public path
• b8c03d4 fix: unexpected asi generation with sequence expression
• f46a03c revert: do not use heuristic fallback for "module-import"
• 60f1898 fix: do not use heuristic fallback for "module-import"
• 66306aa Revert "fix: module-import get fallback from externalsPresets"
• Additional commits viewable in compare view

Updates webpack-dev-server from 5.0.4 to 5.1.0

Release notes

Sourced from webpack-dev-server's releases.

v5.1.0

5.1.0 (2024-09-03)

Features

• add visual progress indicators (a8f40b7)
• added the app option to be Function (by default only with connect compatibility frameworks) (3096148)
• allow the server option to be Function (#5275) (02a1c6d)
• http2 support for connect and connect compatibility frameworks which support HTTP2 (#5267) (6509a3f)

Bug Fixes

• check the platform property to determinate the target (#5269) (c3b532c)
• ipv6 output (#5270) (06005e7)
• replace rimraf with rm (#5162) (1a1561f)
• replace default gateway (#5255) (f5f0902)
• support devServer: false (#5272) (8b341cb)

Changelog

Sourced from webpack-dev-server's changelog.

5.1.0 (2024-09-03)

Features

• add visual progress indicators (a8f40b7)
• added the app option to be Function (by default only with connect compatibility frameworks) (3096148)
• allow the server option to be Function (#5275) (02a1c6d)
• http2 support for connect and connect compatibility frameworks which support HTTP2 (#5267) (6509a3f)

Bug Fixes

• check the platform property to determinate the target (#5269) (c3b532c)
• ipv6 output (#5270) (06005e7)
• replace rimraf with rm (#5162) (1a1561f)
• replace default gateway (#5255) (f5f0902)
• support devServer: false (#5272) (8b341cb)

Commits

• 5ee0d40 chore(release): v5.1.0
• 02a1c6d feat: allow the server option to be Function (#5275)
• 530db07 chore(deps): bump the dependencies group across 1 directory with 10 updates (...
• 8b341cb fix: support devServer: false (#5272)
• 06005e7 fix: ipv6 output (#5270)
• 748d420 chore(deps-dev): bump the dependencies group with 2 updates (#5271)
• c3b532c fix: check the platform property to determinate the target (#5269)
• 6509a3f feat: http2 support for connect and connect compatibility frameworks whic...
• 1b3d124 chore(deps): update (#5268)
• f5f0902 fix: replace default gateway (#5255)
• Additional commits viewable in compare view

Updates @types/webextension-polyfill from 0.12.0 to 0.12.1

Commits

• See full diff in compare view

Updates sass from 1.77.8 to 1.78.0

Release notes

Sourced from sass's releases.

Dart Sass 1.78.0

To install Sass 1.78.0, download one of the packages below and add it to your PATH, or see the Sass website for full installation instructions.

Changes

• The meta.feature-exists function is now deprecated. This deprecation is named feature-exists.

• Fix a crash when using @at-root without any queries or children in the indented syntax.

JS API

• Backport the deprecation options (fatalDeprecations, futureDeprecations, and silenceDeprecations) to the legacy JS API. The legacy JS API is itself deprecated, and you should move off of it if possible, but this will allow users of bundlers and other tools that are still using the legacy API to still control deprecation warnings.

• Fix a bug where accessing SourceSpan.url would crash when a relative URL was passed to the Sass API.

Embedded Sass

• Explicitly expose a sass executable from the sass-embedded npm package. This was intended to be included in 1.63.0, but due to the way platform-specific dependency executables are installed it did not work as intended. Now users can run npx sass for local installs or just sass when sass-embedded is installed globally.

• Add linux-riscv64, linux-musl-riscv64, and android-riscv64 support for the sass-embedded npm package.

• Fix an edge case where the Dart VM could hang when shutting down when requests were in flight.

• Fix a race condition where the embedded host could fail to shut down if it was closed around the same time a new compilation was started.

• Fix a bug where parse-time deprecation warnings could not be controlled by the deprecation options in some circumstances.

See the full changelog for changes in earlier releases.

Changelog

Sourced from sass's changelog.

1.78.0

• The meta.feature-exists function is now deprecated. This deprecation is named feature-exists.

• Fix a crash when using @at-root without any queries or children in the indented syntax.

JS API

• Backport the deprecation options (fatalDeprecations, futureDeprecations, and silenceDeprecations) to the legacy JS API. The legacy JS API is itself deprecated, and you should move off of it if possible, but this will allow users of bundlers and other tools that are still using the legacy API to still control deprecation warnings.

• Fix a bug where accessing SourceSpan.url would crash when a relative URL was passed to the Sass API.

Embedded Sass

• Explicitly expose a sass executable from the sass-embedded npm package. This was intended to be included in 1.63.0, but due to the way platform-specific dependency executables are installed it did not work as intended. Now users can run npx sass for local installs or just sass when sass-embedded is installed globally.

• Add linux-riscv64, linux-musl-riscv64, and android-riscv64 support for the sass-embedded npm package.

• Fix an edge case where the Dart VM could hang when shutting down when requests were in flight.

• Fix a race condition where the embedded host could fail to shut down if it was closed around the same time a new compilation was started.

• Fix a bug where parse-time deprecation warnings could not be controlled by the deprecation options in some circumstances.

Commits

• 90a70ef Fix failing double check test for sass-parser (#2330)
• b1d5f98 Backport deprecation API to legacy JS API (#2293)
• 56a4237 Delete unreachable default clause. (#2323)
• a7f623d Bump bufbuild/buf-setup-action in /.github/util/initialize (#2319)
• 9f82850 Ignore new unreachable_switch_default warning. (#2318)
• 798cd7c Update pubspec.yaml (#2321)
• 2bf3ae0 Fix a comment (#2316)
• eb6c19e Initial implementation of a PostCSS-compatible parser JS API (#2304)
• c3cccef Bump dartdoc from 8.0.7 to 8.0.8 (#2300)
• f0a0182 docs: Fix link to custom importer (#2315)
• Additional commits viewable in compare view

Updates soroswap-router-sdk from 1.2.10 to 1.2.13

Commits

• See full diff in compare view

Maintainer changes

This version was pushed to npm by esteblock, a new releaser for soroswap-router-sdk since your current version.

Updates tslib from 2.6.3 to 2.7.0

Release notes

Sourced from tslib's releases.

v2.7.0

What's Changed

• Implement deterministic collapse of await in await using by @​rbuckton in microsoft/tslib#262
• Use global 'Iterator.prototype' for downlevel generators by @​rbuckton in microsoft/tslib#267

Full Changelog: microsoft/tslib@v2.6.3...v2.7.0

Commits

• 6abc075 Bump version to 2.7.0.
• 227b5d6 Use global 'Iterator.prototype' for downlevel generators (#267)
• 4f2902c Implement deterministic collapse of 'await' in 'await using' (#262)
• See full diff in compare view

Updates @playwright/test from 1.46.1 to 1.47.0

Release notes

Sourced from @​playwright/test's releases.

v1.47.0

Network Tab improvements

The Network tab in the UI mode and trace viewer has several nice improvements:

• filtering by asset type and URL
• better display of query string parameters
• preview of font assets

Credit to @​kubajanik for these wonderful improvements!

--tsconfig CLI option

By default, Playwright will look up the closest tsconfig for each imported file using a heuristic. You can now specify a single tsconfig file in the command line, and Playwright will use it for all imported files, not only test files:

# Pass a specific tsconfig
npx playwright test --tsconfig tsconfig.test.json

APIRequestContext now accepts URLSearchParams and string as query parameters

You can now pass URLSearchParams and string as query parameters to APIRequestContext:

test('query params', async ({ request }) => {
  const searchParams = new URLSearchParams();
  searchParams.set('userId', 1);
  const response = await request.get(
      'https://jsonplaceholder.typicode.com/posts',
      {
        params: searchParams // or as a string: 'userId=1'
      }
  );
  // ...
});

Miscellaneous

• The mcr.microsoft.com/playwright:v1.47.0 now serves a Playwright image based on Ubuntu 24.04 Noble. To use the 22.04 jammy-based image, please use mcr.microsoft.com/playwright:v1.47.0-jammy instead.
• The :latest tag for Playwright Docker images is no longer being published. Pin to a specific version for better stability and reproducibility.
• New option behavior in page.removeAllListeners(), browser.removeAllListeners() and browserContext.removeAllListeners() to wait for ongoing listeners to complete.
• TLS client certificates can now be passed from memory by passing cert and key as buffers instead of file paths.
• Attachments with a text/html content type can now be opened in a new tab in the HTML report. This is useful for including third-party reports or other HTML content in the Playwright test report and distributing it to your team.
• noWaitAfter in locator.selectOption() was deprecated.
• We've seen reports of WebGL in Webkit misbehaving on GitHub Actions macos-13. We recommend upgrading GitHub Actions to macos-14.

... (truncated)

Commits

• d5943de cherry-pick(#32475): docs: update browsers version in release notes (#32476)
• 73fdd25 cherry-pick(#32470): feat(chromium): roll to r1134 (#32473)
• 13f4531 chore: mark 1.47 (#32472)
• 0a49c05 chore(test runner): document that --only-changed on CI needs history (#32461)
• a8139b5 docs: add release notes for 1.47 (#32463)
• 9101283 chore: move 'dev-server' extensibility point to plugin (#32448)
• 255143e feat(webkit): roll to r2070 (#32451)
• 9a2c60a chore: identify largest gaps in Bidi API (#32434)
• a87426e Update bug.yml
• ee91bdc feat(ui-mode): display list of query params in request tab (#32443)
• Additional commits viewable in compare view

Updates @sentry/webpack-plugin from 2.22.2 to 2.22.4

Release notes

Sourced from @​sentry/webpack-plugin's releases.

2.22.4

• feat(react-component-annotate): Handle function body returning a ternary (#598)
• fix: Allow injection plugins to apply to files with query parameters and fragments in their name (#597)

Work in this release contributed by @​Thristhart. Thank you for your contribution!

2.22.3

• fix(core): Always instantiate global Error class in injected code snippets (#594)

Changelog

Sourced from @​sentry/webpack-plugin's changelog.

2.22.4

• feat(react-component-annotate): Handle function body returning a ternary (#598)
• fix: Allow injection plugins to apply to files with query parameters and fragments in their name (#597)

Work in this release contributed by @​Thristhart. Thank you for your contribution!

2.22.3

• fix(core): Always instantiate global Error class in injected code snippets (#594)

Commits

• dab9336 release: 2.22.4
• 61a6fb4 meta: Update changelog for 2.22.4
• 7ee1f9f fix: Allow injection plugins to apply to files with query parameters and frag...
• 687a9f5 feat(react-component-annotate): Handle function body returning a ternary (#598)
• 71e80d9 Merge branch 'release/2.22.3'
• 242dac9 release: 2.22.3
• 4b9cea2 meta: Update CHANGELOG for 2.22.3 (#595)

[socket-security]

New and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package	New capabilities	Transitives	Size	Publisher
npm/@babel/[email protected]	None	0	101 kB	existentialism, hzoo, jlhwung, ...1 more
npm/@babel/[email protected]	None	0	83.3 kB	nicolo-ribaudo
npm/@babel/[email protected]	None	0	68.6 kB	nicolo-ribaudo
npm/@babel/[email protected]	None	0	152 kB	existentialism, hzoo, jlhwung, ...1 more
npm/@babel/[email protected]	None	0	68.4 kB	existentialism, hzoo, jlhwung, ...1 more
npm/@babel/[email protected]	None	0	68 kB	existentialism, hzoo, jlhwung, ...1 more
npm/@babel/[email protected]	None	0	234 kB	existentialism, hzoo, jlhwung, ...1 more
npm/@playwright/[email protected]	Transitive: environment, eval, filesystem, network, shell, unsafe	+3	10.8 MB	yurys
npm/@rtsao/[email protected]	None	0	3.61 kB	rtsao
npm/@types/[email protected]	None	0	438 kB	types
npm/[email protected]	None	0	111 kB	ljharb
npm/[email protected]	None	0	52.8 kB	ljharb
npm/[email protected]	environment, filesystem, unsafe	0	1.29 MB	ljharb
npm/[email protected]	None	0	758 kB	ljharb
npm/[email protected]	None	0	829 kB	ljharb
npm/[email protected]	None	0	32.7 kB	ljharb
npm/[email protected]	filesystem	0	136 kB	evilebottnawi
npm/[email protected]	environment, eval, network	0	541 kB	evilebottnawi

🚮 Removed packages: npm/@babel/[email protected]), npm/@babel/[email protected]), npm/@babel/[email protected]), npm/@babel/[email protected]), npm/@babel/[email protected]), npm/@babel/[email protected]), npm/@babel/[email protected]), npm/@playwright/[email protected]), npm/@types/[email protected]), npm/@types/[email protected]), npm/[email protected]), npm/[email protected]), npm/[email protected]), npm/[email protected]), npm/[email protected]), npm/[email protected]), npm/[email protected]), npm/[email protected]), npm/[email protected]), npm/[email protected])

View full report↗︎

[socket-security]

🚨 Potential security issues detected. Learn more about Socket for GitHub ↗︎

To accept the risk, merge this PR and you will not be notified again.

Alert	Package	Note	Source	CI
Filesystem access	npm/[email protected]	Module: fs Location: Package overview	extension/package.json	🚫
Debug access	npm/[email protected]	Module: inspector Location: Package overview	extension/package.json	🚫
Network access	npm/[email protected]	Module: net Location: Package overview	extension/package.json	🚫
Network access	npm/[email protected]	Module: http Location: Package overview	extension/package.json	🚫
Network access	npm/[email protected]	Module: https Location: Package overview	extension/package.json	🚫
Network access	npm/[email protected]	Module: http2 Location: Package overview	extension/package.json	🚫
Network access	npm/[email protected]	Module: tls Location: Package overview	extension/package.json	🚫
Network access	npm/[email protected]	Module: dns Location: Package overview	extension/package.json	🚫
Debug access	npm/[email protected]	Module: async_hooks Location: Package overview	extension/package.json	🚫
Debug access	npm/[email protected]	Module: module Location: Package overview	extension/package.json	🚫

View full report↗︎

Next steps

What is filesystem access?

Accesses the file system, and could potentially read sensitive data.

If a package must read the file system, clarify what it will read and ensure it reads only what it claims to. If appropriate, packages can leave file system access to consumers and operate on data passed to it instead.

What is debug access?

Uses debug, reflection and dynamic code execution features.

Removing the use of debug will reduce the risk of any reflection and dynamic code execution.

What is network access?

This module accesses the network.

Packages should remove all network access that is functionally unnecessary. Consumers should audit network access to ensure legitimate use.

Take a deeper look at the dependency

Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support [AT] socket [DOT] dev.

Remove the package

If you happen to install a dependency that Socket reports as Known Malware you should immediately remove it and select a different dependency. For other alert types, you may may wish to investigate alternative packages or consider if there are other ways to mitigate the specific risk posed by the dependency.

Mark a package as acceptable risk

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of ecosystem/package-name@version specifiers. e.g. @SocketSecurity ignore npm/[email protected] or ignore all packages with @SocketSecurity ignore-all

• @SocketSecurity ignore npm/[email protected]

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.