chore(deps): bump the npm_and_yarn group across 2 directories with 10 updates by dependabot[bot] · Pull Request #1 · MetaMask/keystone-sdk-base

dependabot · 2025-03-20T12:56:18Z

Bumps the npm_and_yarn group with 1 update in the / directory: webpack.
Bumps the npm_and_yarn group with 10 updates in the /packages/ur-registry-eth directory:

Package	From	To
webpack	`5.74.0`	`5.94.0`
@babel/runtime	`7.15.3`	`7.25.9`
@babel/traverse	`7.15.0`	`7.25.9`
browserify-sign	`4.2.1`	`4.2.3`
decode-uri-component	`0.2.0`	`0.2.2`
minimist	`1.2.5`	`1.2.8`
qs	`6.5.2`	`6.5.3`
secp256k1	`4.0.2`	`4.0.4`
shelljs	`0.8.4`	`0.8.5`
tmpl	`1.0.4`	`1.0.5`

Updates webpack from 5.95.0 to 5.98.0

Release notes

Sourced from webpack's releases.

v5.98.0

Fixes

Avoid the deprecation message #19062 by @alexander-akait

Should not escape CSS local ident in JS #19060 by @JSerFeng

MF parse range not compatible with Safari #19083 by @alexander-akait

Preserve filenameTemplate in new split chunk #19104 by @henryqdineen

Use module IDs for final render order #19184 by @dmichon-msft

Strip blob: protocol when public path is auto #19199 by @alexander-akait

Respect output.charset everywhere #19202 by @alexander-akait

Node async WASM loader generation #19210 by @ashi009

Correct BuildInfo and BuildMeta type definitions #19200 by @inottn

Performance Improvements

Improve FlagDependencyExportsPlugin for large JSON by depth #19058 by @hai-x

Optimize assign-depths #19193 by @dmichon-msft

Use startsWith for matching instead of converting the string to a regex #19207 by @inottn

Chores

Bump nanoid from 3.3.7 to 3.3.8 #19063 by @dependabot

Fixed incorrect typecast in DefaultStatsFactoryPlugin #19156 by @Andarist

Improved readme.md by adding video links for understanding webpack #19101 by @Vansh5632

Typo fix #19205 by @hai-x

Adopt the new webpack governance model #18804 by @ovflowd

Features

Implement /* webpackIgnore: true */ for require.resolve #19201 by @alexander-akait

Continuous Integration

CI fix #19196 by @alexander-akait

New Contributors

@Andarist made their first contribution in webpack/webpack#19156

@Vansh5632 made their first contribution in webpack/webpack#19101

@ashi009 made their first contribution in webpack/webpack#19210

@ovflowd made their first contribution in webpack/webpack#18804

Full Changelog: webpack/webpack@v5.97.1...v5.98.0

v5.97.1

Bug Fixes

Performance regression

Sub define key should't be renamed when it's a defined variable

v5.97.0

Bug Fixes

Don't crash with filesystem cache and unknown scheme

Generate a valid code when output.iife is true and output.library.type is umd

Fixed conflict variable name with concatenate modules and runtime code

Merge duplicate chunks before

... (truncated)

Commits

f1bdec5 5.98.0
9579f22 chore: adopt the new webpack governance model (#18804)
a1edb20 fix: node async wasm loader now use output.module to determinate code gener...
e55b08b perf: use startsWith for matching instead of converting the string to a regex
6e14dba chore: fix typo (#19205)
f123ce5 fix: respect output.charset everywhere (#19202)
af20c7b fix: strip blob: protocol when public path is auto (#19199)
80826c5 feat: implement /* webpackIgnore: true */ for require.resolve (#19201)
ac6ffca fix(types): correct BuildInfo and BuildMeta type definitions (#19200)
8ac130a ci: fix
Additional commits viewable in compare view

Updates webpack from 5.74.0 to 5.94.0

Release notes

Sourced from webpack's releases.

v5.98.0

Fixes

Avoid the deprecation message #19062 by @alexander-akait

Should not escape CSS local ident in JS #19060 by @JSerFeng

MF parse range not compatible with Safari #19083 by @alexander-akait

Preserve filenameTemplate in new split chunk #19104 by @henryqdineen

Use module IDs for final render order #19184 by @dmichon-msft

Strip blob: protocol when public path is auto #19199 by @alexander-akait

Respect output.charset everywhere #19202 by @alexander-akait

Node async WASM loader generation #19210 by @ashi009

Correct BuildInfo and BuildMeta type definitions #19200 by @inottn

Performance Improvements

Improve FlagDependencyExportsPlugin for large JSON by depth #19058 by @hai-x

Optimize assign-depths #19193 by @dmichon-msft

Use startsWith for matching instead of converting the string to a regex #19207 by @inottn

Chores

Bump nanoid from 3.3.7 to 3.3.8 #19063 by @dependabot

Fixed incorrect typecast in DefaultStatsFactoryPlugin #19156 by @Andarist

Improved readme.md by adding video links for understanding webpack #19101 by @Vansh5632

Typo fix #19205 by @hai-x

Adopt the new webpack governance model #18804 by @ovflowd

Features

Implement /* webpackIgnore: true */ for require.resolve #19201 by @alexander-akait

Continuous Integration

CI fix #19196 by @alexander-akait

New Contributors

@Andarist made their first contribution in webpack/webpack#19156

@Vansh5632 made their first contribution in webpack/webpack#19101

@ashi009 made their first contribution in webpack/webpack#19210

@ovflowd made their first contribution in webpack/webpack#18804

Full Changelog: webpack/webpack@v5.97.1...v5.98.0

v5.97.1

Bug Fixes

Performance regression

Sub define key should't be renamed when it's a defined variable

v5.97.0

Bug Fixes

Don't crash with filesystem cache and unknown scheme

Generate a valid code when output.iife is true and output.library.type is umd

Fixed conflict variable name with concatenate modules and runtime code

Merge duplicate chunks before

... (truncated)

Commits

f1bdec5 5.98.0
9579f22 chore: adopt the new webpack governance model (#18804)
a1edb20 fix: node async wasm loader now use output.module to determinate code gener...
e55b08b perf: use startsWith for matching instead of converting the string to a regex
6e14dba chore: fix typo (#19205)
f123ce5 fix: respect output.charset everywhere (#19202)
af20c7b fix: strip blob: protocol when public path is auto (#19199)
80826c5 feat: implement /* webpackIgnore: true */ for require.resolve (#19201)
ac6ffca fix(types): correct BuildInfo and BuildMeta type definitions (#19200)
8ac130a ci: fix
Additional commits viewable in compare view

Updates @babel/runtime from 7.15.3 to 7.25.9

Release notes

Sourced from @babel/runtime's releases.

v7.25.9 (2024-10-22)

Thanks @victorenator for your first PR!

🐛 Bug Fix

babel-parser, babel-template, babel-types

#16905 fix: Keep type annotations in syntacticPlaceholders mode (@liuxingbaoyu)

babel-helper-compilation-targets, babel-preset-env

#16907 fix: support BROWSERSLIST{,_CONFIG} env (@JLHwung)

Other

#16884 Analyze ClassAccessorProperty to prevent the no-undef rule (@victorenator)

🏠 Internal

babel-helper-transform-fixture-test-runner

#16914 remove test options flaky (@JLHwung)

Every package

#16917 fix: Accidentally published tsconfig files (@liuxingbaoyu)

🏃‍♀️ Performance

babel-parser, babel-types

#16918 perf: Make VISITOR_KEYS etc. faster to access (@liuxingbaoyu)

Committers: 4

Babel Bot (@babel-bot)

Huáng Jùnliàng (@JLHwung)

Viktar Vaŭčkievič (@victorenator)

@liuxingbaoyu

v7.25.8 (2024-10-10)

🐛 Bug Fix

babel-core

#16888 Restore public API of resolvePlugin/resolvePreset (@nicolo-ribaudo)

🏠 Internal

babel-parser, babel-plugin-proposal-async-do-expressions, babel-plugin-proposal-destructuring-private, babel-plugin-proposal-do-expressions, babel-plugin-proposal-explicit-resource-management, babel-plugin-proposal-export-default-from, babel-plugin-proposal-function-bind, babel-plugin-proposal-function-sent, babel-plugin-proposal-import-defer, babel-plugin-proposal-partial-application, babel-plugin-proposal-throw-expressions, babel-plugin-transform-async-generator-functions, babel-plugin-transform-class-static-block, babel-plugin-transform-dynamic-import, babel-plugin-transform-export-namespace-from, babel-plugin-transform-json-strings, babel-plugin-transform-logical-assignment-operators, babel-plugin-transform-nullish-coalescing-operator, babel-plugin-transform-numeric-separator, babel-plugin-transform-object-rest-spread, babel-plugin-transform-optional-catch-binding, babel-plugin-transform-optional-chaining, babel-plugin-transform-private-property-in-object, babel-preset-env

#16824 Inline one-line syntax plugins (@nicolo-ribaudo)

Committers: 3

Babel Bot (@babel-bot)

Nicolò Ribaudo (@nicolo-ribaudo)

@liuxingbaoyu

v7.25.7 (2024-10-02)

Thanks @DylanPiercey and @YuHyeonWook for your first PRs!

🐛 Bug Fix

babel-helper-validator-identifier

#16825 fix: update identifier to unicode 16 (@JLHwung)

... (truncated)

Changelog

Sourced from @babel/runtime's changelog.

v7.25.9 (2024-10-22)

🐛 Bug Fix

babel-parser, babel-template, babel-types

#16905 fix: Keep type annotations in syntacticPlaceholders mode (@liuxingbaoyu)

babel-helper-compilation-targets, babel-preset-env

#16907 fix: support BROWSERSLIST{,_CONFIG} env (@JLHwung)

Other

#16884 Analyze ClassAccessorProperty to prevent the no-undef rule (@victorenator)

🏠 Internal

babel-helper-transform-fixture-test-runner

#16914 remove test options flaky (@JLHwung)

🏃‍♀️ Performance

babel-parser, babel-types

#16918 perf: Make VISITOR_KEYS etc. faster to access (@liuxingbaoyu)

v7.25.8 (2024-10-10)

🐛 Bug Fix

babel-core

#16888 Restore public API of resolvePlugin/resolvePreset (@nicolo-ribaudo)

🏠 Internal

babel-parser, babel-plugin-proposal-async-do-expressions, babel-plugin-proposal-destructuring-private, babel-plugin-proposal-do-expressions, babel-plugin-proposal-explicit-resource-management, babel-plugin-proposal-export-default-from, babel-plugin-proposal-function-bind, babel-plugin-proposal-function-sent, babel-plugin-proposal-import-defer, babel-plugin-proposal-partial-application, babel-plugin-proposal-throw-expressions, babel-plugin-transform-async-generator-functions, babel-plugin-transform-class-static-block, babel-plugin-transform-dynamic-import, babel-plugin-transform-export-namespace-from, babel-plugin-transform-json-strings, babel-plugin-transform-logical-assignment-operators, babel-plugin-transform-nullish-coalescing-operator, babel-plugin-transform-numeric-separator, babel-plugin-transform-object-rest-spread, babel-plugin-transform-optional-catch-binding, babel-plugin-transform-optional-chaining, babel-plugin-transform-private-property-in-object, babel-preset-env

#16824 Inline one-line syntax plugins (@nicolo-ribaudo)

v7.25.7 (2024-10-02)

🐛 Bug Fix

babel-helper-validator-identifier

#16825 fix: update identifier to unicode 16 (@JLHwung)

babel-traverse

#16814 fix: issue with node path keys updated on unrelated paths (@DylanPiercey)

babel-plugin-transform-classes

#16797 Use an inclusion rather than exclusion list for super() check (@nicolo-ribaudo)

babel-generator

#16788 Fix printing of TS infer in compact mode (@nicolo-ribaudo)

#16785 Print TS type annotations for destructuring in assignment pattern (@nicolo-ribaudo)

#16778 Respect [no LineTerminator here] after nodes (@nicolo-ribaudo)

💅 Polish

babel-types

#16852 Add deprecated JSDOC for fields (@liuxingbaoyu)

🏠 Internal

babel-core

#16820 Allow sync loading of ESM when --experimental-require-module (@nicolo-ribaudo)

babel-helper-compilation-targets, babel-helper-plugin-utils, babel-preset-env

#16858 Add browserslist config to external dependency (@JLHwung)

babel-plugin-proposal-destructuring-private, babel-plugin-syntax-decimal, babel-plugin-syntax-import-reflection, babel-standalone

... (truncated)

Commits

b07957e v7.25.9
af91759 fix: Accidentally publishing useless files (#16917)
2533cfb v7.25.7
69d65f1 [babel 8] Require Node.js ^18.20.0 || ^20.17.0 || >=22.8.0 (#16800)
2f72b97 v7.25.6
cbf124c v7.25.4
575863c Avoid unnecessary parens around sequence expressions (#16722)
d2e3ee2 v7.25.0
e774270 Improve super.x output (#16374)
1f5af44 v7.24.8
Additional commits viewable in compare view

Updates @babel/traverse from 7.15.0 to 7.25.9

Release notes

Sourced from @babel/traverse's releases.

v7.25.9 (2024-10-22)

Thanks @victorenator for your first PR!

🐛 Bug Fix

babel-parser, babel-template, babel-types

#16905 fix: Keep type annotations in syntacticPlaceholders mode (@liuxingbaoyu)

babel-helper-compilation-targets, babel-preset-env

#16907 fix: support BROWSERSLIST{,_CONFIG} env (@JLHwung)

Other

#16884 Analyze ClassAccessorProperty to prevent the no-undef rule (@victorenator)

🏠 Internal

babel-helper-transform-fixture-test-runner

#16914 remove test options flaky (@JLHwung)

Every package

#16917 fix: Accidentally published tsconfig files (@liuxingbaoyu)

🏃‍♀️ Performance

babel-parser, babel-types

#16918 perf: Make VISITOR_KEYS etc. faster to access (@liuxingbaoyu)

Committers: 4

Babel Bot (@babel-bot)

Huáng Jùnliàng (@JLHwung)

Viktar Vaŭčkievič (@victorenator)

@liuxingbaoyu

v7.25.8 (2024-10-10)

🐛 Bug Fix

babel-core

#16888 Restore public API of resolvePlugin/resolvePreset (@nicolo-ribaudo)

🏠 Internal

babel-parser, babel-plugin-proposal-async-do-expressions, babel-plugin-proposal-destructuring-private, babel-plugin-proposal-do-expressions, babel-plugin-proposal-explicit-resource-management, babel-plugin-proposal-export-default-from, babel-plugin-proposal-function-bind, babel-plugin-proposal-function-sent, babel-plugin-proposal-import-defer, babel-plugin-proposal-partial-application, babel-plugin-proposal-throw-expressions, babel-plugin-transform-async-generator-functions, babel-plugin-transform-class-static-block, babel-plugin-transform-dynamic-import, babel-plugin-transform-export-namespace-from, babel-plugin-transform-json-strings, babel-plugin-transform-logical-assignment-operators, babel-plugin-transform-nullish-coalescing-operator, babel-plugin-transform-numeric-separator, babel-plugin-transform-object-rest-spread, babel-plugin-transform-optional-catch-binding, babel-plugin-transform-optional-chaining, babel-plugin-transform-private-property-in-object, babel-preset-env

#16824 Inline one-line syntax plugins (@nicolo-ribaudo)

Committers: 3

Babel Bot (@babel-bot)

Nicolò Ribaudo (@nicolo-ribaudo)

@liuxingbaoyu

v7.25.7 (2024-10-02)

Thanks @DylanPiercey and @YuHyeonWook for your first PRs!

🐛 Bug Fix

babel-helper-validator-identifier

#16825 fix: update identifier to unicode 16 (@JLHwung)

... (truncated)

Changelog

Sourced from @babel/traverse's changelog.

v7.25.9 (2024-10-22)

🐛 Bug Fix

babel-parser, babel-template, babel-types

#16905 fix: Keep type annotations in syntacticPlaceholders mode (@liuxingbaoyu)

babel-helper-compilation-targets, babel-preset-env

#16907 fix: support BROWSERSLIST{,_CONFIG} env (@JLHwung)

Other

#16884 Analyze ClassAccessorProperty to prevent the no-undef rule (@victorenator)

🏠 Internal

babel-helper-transform-fixture-test-runner

#16914 remove test options flaky (@JLHwung)

🏃‍♀️ Performance

babel-parser, babel-types

#16918 perf: Make VISITOR_KEYS etc. faster to access (@liuxingbaoyu)

v7.25.8 (2024-10-10)

🐛 Bug Fix

babel-core

#16888 Restore public API of resolvePlugin/resolvePreset (@nicolo-ribaudo)

🏠 Internal

babel-parser, babel-plugin-proposal-async-do-expressions, babel-plugin-proposal-destructuring-private, babel-plugin-proposal-do-expressions, babel-plugin-proposal-explicit-resource-management, babel-plugin-proposal-export-default-from, babel-plugin-proposal-function-bind, babel-plugin-proposal-function-sent, babel-plugin-proposal-import-defer, babel-plugin-proposal-partial-application, babel-plugin-proposal-throw-expressions, babel-plugin-transform-async-generator-functions, babel-plugin-transform-class-static-block, babel-plugin-transform-dynamic-import, babel-plugin-transform-export-namespace-from, babel-plugin-transform-json-strings, babel-plugin-transform-logical-assignment-operators, babel-plugin-transform-nullish-coalescing-operator, babel-plugin-transform-numeric-separator, babel-plugin-transform-object-rest-spread, babel-plugin-transform-optional-catch-binding, babel-plugin-transform-optional-chaining, babel-plugin-transform-private-property-in-object, babel-preset-env

#16824 Inline one-line syntax plugins (@nicolo-ribaudo)

v7.25.7 (2024-10-02)

🐛 Bug Fix

babel-helper-validator-identifier

#16825 fix: update identifier to unicode 16 (@JLHwung)

babel-traverse

#16814 fix: issue with node path keys updated on unrelated paths (@DylanPiercey)

babel-plugin-transform-classes

#16797 Use an inclusion rather than exclusion list for super() check (@nicolo-ribaudo)

babel-generator

#16788 Fix printing of TS infer in compact mode (@nicolo-ribaudo)

#16785 Print TS type annotations for destructuring in assignment pattern (@nicolo-ribaudo)

#16778 Respect [no LineTerminator here] after nodes (@nicolo-ribaudo)

💅 Polish

babel-types

#16852 Add deprecated JSDOC for fields (@liuxingbaoyu)

🏠 Internal

babel-core

#16820 Allow sync loading of ESM when --experimental-require-module (@nicolo-ribaudo)

babel-helper-compilation-targets, babel-helper-plugin-utils, babel-preset-env

#16858 Add browserslist config to external dependency (@JLHwung)

babel-plugin-proposal-destructuring-private, babel-plugin-syntax-decimal, babel-plugin-syntax-import-reflection, babel-standalone

... (truncated)

Commits

b07957e v7.25.9
af91759 fix: Accidentally publishing useless files (#16917)
2533cfb v7.25.7
611d958 [babel 8] Create TSClassImplements|TSInterfaceHeritage nodes (#16731)
506bf91 Remove BABEL_TYPES_8_BREAKING flag and enable it by default (#16817)
9e14f7d chore: Enable more lint rules (#16827)
e69a7e5 fix: issue with node path keys updated on unrelated paths (#16814)
7467c9d [Babel 8] Remove some Scope methods (#16705)
0a55713 [Babel 8] Remove DecimalLiteral AST (#16807)
69d65f1 [babel 8] Require Node.js ^18.20.0 || ^20.17.0 || >=22.8.0 (#16800)
Additional commits viewable in compare view

Updates browserify-sign from 4.2.1 to 4.2.3

Changelog

Sourced from browserify-sign's changelog.

v4.2.3 - 2024-03-05

Commits

[patch] widen support to 0.12 9247adf

[patch] drop minimum node support to v1 4d0ee49

[Dev Deps] update aud, npmignore, tape 87f3a35

[actions] remove redundant finisher 37a4758

[Deps] pin hash-base to ~3.0, due to a breaking change 9e2bf12

[Deps] update parse-asn1 [f427270`](browserify/browserify-sign@f427270)

[Deps] update elliptic fb261ce

[Deps] pin elliptic due to a breaking change 168e16f

v4.2.2 - 2023-10-25

Fixed

[Tests] log when openssl doesn't support cipher [#37](https://github.com/crypto-browserify/browserify-sign/issues/37)

Commits

Only apps should have lockfiles 09a8995

[eslint] switch to eslint 83fe463

[meta] add npmignore and auto-changelog 4418183

[meta] fix package.json indentation 9ac5a5e

[Tests] migrate from travis to github actions d845d85

[Fix] sign: throw on unsupported padding scheme 8767739

[Fix] properly check the upper bound for DSA signatures 85994cd

[Tests] handle openSSL not supporting a scheme f5f17c2

[Deps] update bn.js, browserify-rsa, elliptic, parse-asn1, readable-stream, safe-buffer a67d0eb

[Dev Deps] update nyc, standard, tape cc5350b

[Tests] always run coverage; downgrade nyc 75ce1d5

[meta] add safe-publish-latest dcf49ce

[Tests] add npm run posttest 75dd8fd

[Dev Deps] update tape 3aec038

[Tests] skip unsupported schemes 703c83e

[Tests] node < 6 lacks array includes 3aa43cf

[Dev Deps] fix eslint range 98d4e0d

Commits

bf2c3ec v4.2.3
9247adf [patch] widen support to 0.12
f427270 [Deps] update `parse-asn1
87f3a35 [Dev Deps] update aud, npmignore, tape
fb261ce [Deps] update elliptic
4d0ee49 [patch] drop minimum node support to v1
9e2bf12 [Deps] pin hash-base to ~3.0, due to a breaking change
168e16f [Deps] pin elliptic due to a breaking change
37a4758 [actions] remove redundant finisher
4af5a90 v4.2.2
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by ljharb, a new releaser for browserify-sign since your current version.

Updates decode-uri-component from 0.2.0 to 0.2.2

Release notes

Sourced from decode-uri-component's releases.

v0.2.2

Prevent overwriting previously decoded tokens 980e0bf

SamVerschueren/decode-uri-component@v0.2.1...v0.2.2

v0.2.1

Switch to GitHub workflows 76abc93

Fix issue where decode throws - fixes #6 746ca5d

Update license (#1) 486d7e2

Tidelift tasks a650457

Meta tweaks 66e1c28

SamVerschueren/decode-uri-component@v0.2.0...v0.2.1

Commits

a0eea46 0.2.2
980e0bf Prevent overwriting previously decoded tokens
3c8a373 0.2.1
76abc93 Switch to GitHub workflows
746ca5d Fix issue where decode throws - fixes #6
486d7e2 Update license (#1)
a650457 Tidelift tasks
66e1c28 Meta tweaks
See full diff in compare view

Updates minimist from 1.2.5 to 1.2.8

Changelog

Sourced from minimist's changelog.

v1.2.8 - 2023-02-09

Merged

[Fix] Fix long option followed by single dash [#17](https://github.com/minimistjs/minimist/issues/17)

[Tests] Remove duplicate test [#12](https://github.com/minimistjs/minimist/issues/12)

[Fix] opt.string works with multiple aliases [#10](https://github.com/minimistjs/minimist/issues/10)

Fixed

[Fix] Fix long option followed by single dash (#17) [#15](https://github.com/minimistjs/minimist/issues/15)

[Tests] Remove duplicate test (#12) [#8](https://github.com/minimistjs/minimist/issues/8)

[Fix] Fix long option followed by single dash [#15](https://github.com/minimistjs/minimist/issues/15)

[Fix] opt.string works with multiple aliases (#10) [#9](https://github.com/minimistjs/minimist/issues/9)

[Fix] Fix handling of short option with non-trivial equals [#5](https://github.com/minimistjs/minimist/issues/5)

[Tests] Remove duplicate test [#8](https://github.com/minimistjs/minimist/issues/8)

[Fix] opt.string works with multiple aliases [#9](https://github.com/minimistjs/minimist/issues/9)

Commits

Merge tag 'v0.2.3' a026794

[eslint] fix indentation and whitespace 5368ca4

[eslint] fix indentation and whitespace e5f5067

[eslint] more cleanup 62fde7d

[eslint] more cleanup 36ac5d0

[meta] add auto-changelog 73923d2

[actions] add reusable workflows d80727d

[eslint] add eslint; rules to enable later are warnings 48bc06a

[eslint] fix indentation 34b0f1c

[readme] rename and add badges 5df0fe4

[Dev Deps] switch from covert to nyc a48b128

[Dev Deps] update covert, tape; remove unnecessary tap f0fb958

[meta] create FUNDING.yml; add funding in package.json 3639e0c

[meta] use npmignore to autogenerate an npmignore file be2e038

Only apps should have lockfiles 282b570

isConstructorOrProto adapted from PR ef9153f

[Dev Deps] update @ljharb/eslint-config, aud 098873c

[Dev Deps] update @ljharb/eslint-config, aud 3124ed3

[meta] add safe-publish-latest 4b927de

[Tests] add aud in posttest b32d9bd

[meta] update repo URLs f9fdfc0

[actions] Avoid 0.6 tests due to build failures ba92fe6

[Dev Deps] update tape 950eaa7

[Dev Deps] add missing npmignore dev dep 3226afa

Merge tag 'v0.2.2' 980d7ac

v1.2.7 - 2022-10-10

Commits

... (truncated)

Commits

6901ee2 v1.2.8
a026794 Merge tag 'v0.2.3'
c0b2661 v0.2.3
63b8fee [Fix] Fix long option followed by single dash (#17)
72239e6 [Tests] Remove duplicate test (#12)
34b0f1c [eslint] fix indentation
3226afa [Dev Deps] add missing npmignore dev dep

… updates Bumps the npm_and_yarn group with 1 update in the / directory: [webpack](https://github.com/webpack/webpack). Bumps the npm_and_yarn group with 10 updates in the /packages/ur-registry-eth directory: | Package | From | To | | --- | --- | --- | | [webpack](https://github.com/webpack/webpack) | `5.74.0` | `5.94.0` | | [@babel/runtime](https://github.com/babel/babel/tree/HEAD/packages/babel-runtime) | `7.15.3` | `7.25.9` | | [@babel/traverse](https://github.com/babel/babel/tree/HEAD/packages/babel-traverse) | `7.15.0` | `7.25.9` | | [browserify-sign](https://github.com/crypto-browserify/browserify-sign) | `4.2.1` | `4.2.3` | | [decode-uri-component](https://github.com/SamVerschueren/decode-uri-component) | `0.2.0` | `0.2.2` | | [minimist](https://github.com/minimistjs/minimist) | `1.2.5` | `1.2.8` | | [qs](https://github.com/ljharb/qs) | `6.5.2` | `6.5.3` | | [secp256k1](https://github.com/cryptocoinjs/secp256k1-node) | `4.0.2` | `4.0.4` | | [shelljs](https://github.com/shelljs/shelljs) | `0.8.4` | `0.8.5` | | [tmpl](https://github.com/daaku/nodejs-tmpl) | `1.0.4` | `1.0.5` | Updates `webpack` from 5.95.0 to 5.98.0 - [Release notes](https://github.com/webpack/webpack/releases) - [Commits](webpack/webpack@v5.95.0...v5.98.0) Updates `webpack` from 5.74.0 to 5.94.0 - [Release notes](https://github.com/webpack/webpack/releases) - [Commits](webpack/webpack@v5.95.0...v5.98.0) Updates `@babel/runtime` from 7.15.3 to 7.25.9 - [Release notes](https://github.com/babel/babel/releases) - [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md) - [Commits](https://github.com/babel/babel/commits/v7.25.9/packages/babel-runtime) Updates `@babel/traverse` from 7.15.0 to 7.25.9 - [Release notes](https://github.com/babel/babel/releases) - [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md) - [Commits](https://github.com/babel/babel/commits/v7.25.9/packages/babel-traverse) Updates `browserify-sign` from 4.2.1 to 4.2.3 - [Changelog](https://github.com/browserify/browserify-sign/blob/main/CHANGELOG.md) - [Commits](browserify/browserify-sign@v4.2.1...v4.2.3) Updates `decode-uri-component` from 0.2.0 to 0.2.2 - [Release notes](https://github.com/SamVerschueren/decode-uri-component/releases) - [Commits](SamVerschueren/decode-uri-component@v0.2.0...v0.2.2) Updates `minimist` from 1.2.5 to 1.2.8 - [Changelog](https://github.com/minimistjs/minimist/blob/main/CHANGELOG.md) - [Commits](minimistjs/minimist@v1.2.5...v1.2.8) Updates `qs` from 6.5.2 to 6.5.3 - [Changelog](https://github.com/ljharb/qs/blob/main/CHANGELOG.md) - [Commits](ljharb/qs@v6.5.2...v6.5.3) Updates `secp256k1` from 4.0.2 to 4.0.4 - [Release notes](https://github.com/cryptocoinjs/secp256k1-node/releases) - [Commits](cryptocoinjs/secp256k1-node@v4.0.2...v4.0.4) Updates `shelljs` from 0.8.4 to 0.8.5 - [Release notes](https://github.com/shelljs/shelljs/releases) - [Changelog](https://github.com/shelljs/shelljs/blob/master/CHANGELOG.md) - [Commits](shelljs/shelljs@v0.8.4...v0.8.5) Updates `tmpl` from 1.0.4 to 1.0.5 - [Commits](https://github.com/daaku/nodejs-tmpl/commits/v1.0.5) --- updated-dependencies: - dependency-name: webpack dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: webpack dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: "@babel/runtime" dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: "@babel/traverse" dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: browserify-sign dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: decode-uri-component dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: minimist dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: qs dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: secp256k1 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: shelljs dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: tmpl dependency-type: indirect dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <support@github.com>

socket-security · 2025-03-20T12:57:21Z

New, updated, and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package	New capabilities	Transitives	Size	Publisher
npm/@apocentre/alias-sampling@0.5.3	None	`0`	24.3 kB	antwnic4
npm/@babel/generator@7.15.4 ➜ 7.26.10	None	`0`	0 B
npm/@babel/helper-hoist-variables@7.15.4 ➜ 7.14.5	None	`0`	3.38 kB	nicolo-ribaudo
npm/@babel/runtime@7.15.3 ➜ 7.26.10	None	`+1`	276 kB	nicolo-ribaudo
npm/@babel/traverse@7.15.4 ➜ 7.26.10	Transitive: environment	`+5`	4.65 MB
npm/@jridgewell/gen-mapping@0.3.2, 0.3.5 ➜ 0.3.8	None	`+1`	251 kB	jridgewell
npm/@ngraveio/bc-ur@1.1.6	None	`0`	114 kB	antwnic4
npm/assert@2.0.0	None	`0`	75.3 kB	lukechilds
npm/available-typed-arrays@1.0.4	None	`0`	13.6 kB	ljharb
npm/bignumber.js@9.0.1	None	`0`	402 kB	mikemcl
npm/browserslist@4.16.8, 4.24.2 ➜ 4.24.4	None	`0`	64.9 kB	ai
npm/caniuse-lite@1.0.30001252, 1.0.30001669 ➜ 1.0.30001706	None	`0`	2.16 MB	ai, beneb, caniuse-lite
npm/debug@4.3.2 ➜ 4.4.0	None	`0`	42.8 kB	qix
npm/electron-to-chromium@1.3.820, 1.5.45 ➜ 1.5.122	None	`0`	159 kB	kilianvalkhof
npm/elliptic@6.6.1	None	`0`	120 kB	indutny
npm/enhanced-resolve@5.10.0 ➜ 5.18.1	None	`0`	213 kB	evilebottnawi, jhnns, sokra, ...1 more
npm/es6-object-assign@1.1.0	None	`0`	13.1 kB	rubennorte
npm/foreach@2.0.5	None	`0`	8.66 kB	manuelstofer
npm/is-typed-array@1.1.7	None	`0`	15.9 kB	ljharb
npm/jsbi@3.2.1	None	`0`	321 kB	google-wombot
npm/jsesc@2.5.2 ➜ 3.1.0	None	`0`	32.3 kB	mathias
npm/node-releases@1.1.75, 2.0.18 ➜ 2.0.19	None	`0`	37.2 kB	chicoxyzzy
npm/object-is@1.1.5	None	`0`	23.3 kB	ljharb
npm/update-browserslist-db@1.1.1 ➜ 1.1.3	None	`0`	0 B
npm/util@0.12.4	environment	`0`	33.6 kB	goto-bus-stop
npm/webpack@5.74.0, 5.95.0 ➜ 5.98.0	Transitive: eval, shell	`+46`	14 MB	evilebottnawi, jhnns, sokra, ...1 more
npm/which-typed-array@1.1.6	None	`0`	28.3 kB	ljharb

🚮 Removed packages: npm/@jridgewell/resolve-uri@3.1.0, npm/@jridgewell/set-array@1.1.2, npm/@jridgewell/source-map@0.3.2, npm/@jridgewell/trace-mapping@0.3.15, npm/@types/estree@0.0.50, npm/acorn-import-assertions@1.8.0, npm/browserify-sign@4.2.1, npm/chrome-trace-event@1.0.3, npm/colorette@1.3.0, npm/decode-uri-component@0.2.0, npm/escalade@3.1.1, npm/graceful-fs@4.2.10, npm/minimist@1.2.5, npm/ms@2.1.2, npm/qs@6.5.2, npm/secp256k1@4.0.2, npm/shelljs@0.8.4, npm/tmpl@1.0.4, npm/watchpack@2.4.0

View full report↗︎

socket-security · 2025-03-20T12:57:23Z

🚨 Potential security issues detected. Learn more about Socket for GitHub ↗︎

To accept the risk, merge this PR and you will not be notified again.

Alert	Package	Note	Source	CI
New author	npm/assert@2.0.0	New Author: lukechilds Previous Author: goto-bus-stop	`packages/ur-registry-eth/yarn.lock`	🚫
New author	npm/hash-base@3.0.5	New Author: ljharb Previous Author: fanatid	`packages/ur-registry-eth/yarn.lock`	🚫
Native code	npm/bufferutil@4.0.9	Location: Package overview	`packages/sol-keyring/package.json` `pnpm-lock.yaml`	🚫

View full report↗︎

Next steps

What is new author?

A new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.

Scrutinize new collaborator additions to packages because they now have the ability to publish code into your dependency tree. Packages should avoid frequent or unnecessary additions or changes to publishing rights.

Why is native code a concern?

Contains native code (e.g., compiled binaries or shared libraries). Including native code can obscure malicious behavior.

Verify that the inclusion of native code is expected and necessary for this package's functionality. If it is unnecessary or unexpected, consider using alternative packages without native code to mitigate potential risks.

Take a deeper look at the dependency

Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support [AT] socket [DOT] dev.

Remove the package

If you happen to install a dependency that Socket reports as Known Malware you should immediately remove it and select a different dependency. For other alert types, you may may wish to investigate alternative packages or consider if there are other ways to mitigate the specific risk posed by the dependency.

Mark a package as acceptable risk

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of ecosystem/package-name@version specifiers. e.g. @SocketSecurity ignore npm/foo@1.0.0 or ignore all packages with @SocketSecurity ignore-all

@SocketSecurity ignore npm/assert@2.0.0
@SocketSecurity ignore npm/hash-base@3.0.5
@SocketSecurity ignore npm/bufferutil@4.0.9

dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Mar 20, 2025

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Comments

chore(deps): bump the npm_and_yarn group across 2 directories with 10 updates#1

chore(deps): bump the npm_and_yarn group across 2 directories with 10 updates#1
dependabot[bot] wants to merge 1 commit intomasterfrom
dependabot/npm_and_yarn/npm_and_yarn-20b4adec27

dependabot bot commented on behalf of github Mar 20, 2025

Uh oh!

socket-security bot commented Mar 20, 2025

Uh oh!

socket-security bot commented Mar 20, 2025

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Comments

Conversation

dependabot bot commented on behalf of github Mar 20, 2025

v5.98.0

Fixes

Performance Improvements

Chores

Features

Continuous Integration

New Contributors

v5.97.1

Bug Fixes

v5.97.0

Bug Fixes

v5.98.0

Fixes

Performance Improvements

Chores

Features

Continuous Integration

New Contributors

v5.97.1

Bug Fixes

v5.97.0

Bug Fixes

v7.25.9 (2024-10-22)

🐛 Bug Fix

🏠 Internal

🏃‍♀️ Performance

Committers: 4

v7.25.8 (2024-10-10)

🐛 Bug Fix

🏠 Internal

Committers: 3

v7.25.7 (2024-10-02)

🐛 Bug Fix

v7.25.9 (2024-10-22)

🐛 Bug Fix

🏠 Internal

🏃‍♀️ Performance

v7.25.8 (2024-10-10)

🐛 Bug Fix

🏠 Internal

v7.25.7 (2024-10-02)

🐛 Bug Fix

💅 Polish

🏠 Internal

v7.25.9 (2024-10-22)

🐛 Bug Fix

🏠 Internal

🏃‍♀️ Performance

Committers: 4

v7.25.8 (2024-10-10)

🐛 Bug Fix

🏠 Internal

Committers: 3

v7.25.7 (2024-10-02)

🐛 Bug Fix

v7.25.9 (2024-10-22)

🐛 Bug Fix

🏠 Internal

🏃‍♀️ Performance

v7.25.8 (2024-10-10)

🐛 Bug Fix

🏠 Internal

v7.25.7 (2024-10-02)

🐛 Bug Fix

💅 Polish

🏠 Internal

v4.2.3 - 2024-03-05

Commits

v4.2.2 - 2023-10-25

Fixed

Commits

v0.2.2

v0.2.1

v1.2.8 - 2023-02-09

Merged

Fixed

Commits