You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
fix: scan the PR/issue author instead of the triggering actor
The action now resolves the username from payload.pull_request.user.login / payload.issue.user.login first, falling back to context.actor only if neither is present. (#31)
Next steps: Take a moment to review the security alert above. Review
the linked package source code to understand the potential risk. Ensure the
package is not malicious before proceeding. If you're unsure how to proceed,
reach out to your security team or ask the Socket team for help at
support@socket.dev.
Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.
Mark the package as acceptable risk. To ignore this alert only
in this pull request, reply with the comment
@SocketSecurity ignore npm/@emnapi/runtime@1.11.1. You can
also ignore all packages with @SocketSecurity ignore-all.
To ignore an alert for all future pull requests, use Socket's Dashboard to
change the triage state of this alert.
Warn
Obfuscated code: npm better-sqlite3 is 90.0% likely obfuscated
Next steps: Take a moment to review the security alert above. Review
the linked package source code to understand the potential risk. Ensure the
package is not malicious before proceeding. If you're unsure how to proceed,
reach out to your security team or ask the Socket team for help at
support@socket.dev.
Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.
Mark the package as acceptable risk. To ignore this alert only
in this pull request, reply with the comment
@SocketSecurity ignore npm/better-sqlite3@12.11.1. You can
also ignore all packages with @SocketSecurity ignore-all.
To ignore an alert for all future pull requests, use Socket's Dashboard to
change the triage state of this alert.
Warn
Obfuscated code: npm happy-dom is 90.0% likely obfuscated
Next steps: Take a moment to review the security alert above. Review
the linked package source code to understand the potential risk. Ensure the
package is not malicious before proceeding. If you're unsure how to proceed,
reach out to your security team or ask the Socket team for help at
support@socket.dev.
Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.
Mark the package as acceptable risk. To ignore this alert only
in this pull request, reply with the comment
@SocketSecurity ignore npm/happy-dom@20.10.6. You can
also ignore all packages with @SocketSecurity ignore-all.
To ignore an alert for all future pull requests, use Socket's Dashboard to
change the triage state of this alert.
✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 32.61%. Comparing base (0c5e8db) to head (8c9284b). ⚠️ Report is 1 commits behind head on main.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
^24.13.2→^24.13.3^24.13.2→^24.13.3^3.1.4→^3.1.7^4.1.8→^4.1.10v2.0.0→v2.0.1v10.3.0→v10.4.0^12.10.1→^12.11.1^5.12.1→^5.12.3v4.0.1→v4.0.210.5.0→10.7.0^20.10.3→^20.10.6^6.16.1→^6.26.0^1.60.0→^1.61.111.6.0→11.11.011.12.0v6.0.8→v6.0.9^7.8.4→^7.8.5^4.1.0→^4.2.0^4.3.1→^4.3.2^4.1.8→^4.1.103.5.38→3.5.393.5.38→3.5.39^3.3.5→^3.3.7Release Notes
unjs/unhead (@unhead/vue)
v3.1.7Compare Source
🐞 Bug Fixes
🏎 Performance
View changes on GitHub
v3.1.6Compare Source
🏎 Performance
View changes on GitHub
v3.1.5Compare Source
🐞 Bug Fixes
🏎 Performance
View changes on GitHub
vitest-dev/vitest (@vitest/coverage-v8)
v4.1.10Compare Source
🐞 Bug Fixes
View changes on GitHub
v4.1.9Compare Source
🐞 Bug Fixes
importOriginalwith optimizer and query import [backport to v4] - by Hiroshi Ogawa, David Harris, Codexand Vladimir in #10546 (a5180)View changes on GitHub
MatteoGabriele/agentscan-action (MatteoGabriele/agentscan-action)
v2.0.1Compare Source
v2.0.1
The action now resolves the username from
payload.pull_request.user.login/payload.issue.user.loginfirst, falling back tocontext.actoronly if neither is present. (#31)Full Changelog: MatteoGabriele/agentscan-action@v2.0.0...v2.0.1
actions/stale (actions/stale)
v10.4.0Compare Source
What's Changed
Bug Fix
only-issue-typesvalidation by @trueberryless in #1338Dependency Updates
New Contributors
Full Changelog: actions/stale@v10.3.0...v10.4.0
WiseLibs/better-sqlite3 (better-sqlite3)
v12.11.1Compare Source
What's Changed
Full Changelog: WiseLibs/better-sqlite3@v12.11.0...v12.11.1
nuxt-content/docus (docus)
v5.12.3Compare Source
Bug Fixes
app.config.tssource to an absolute path (#1404) (b2486f4)v5.12.2Compare Source
Features
Bug Fixes
dorny/paths-filter (dorny/paths-filter)
v4.0.2Compare Source
eslint/eslint (eslint)
v10.7.0Compare Source
Features
cf2a9bffeat: add errorClassNames option to preserve-caught-error rule (#21032) (sethamus)f8b873afeat: max-nested-callbacks option for constructor callbacks (#21063) (fnx)557fde8feat: support computedNumber.parseIntmember access inradixrule (#21041) (Pixel)0b4a73bfeat: add suggestions to no-compare-neg-zero (#21034) (den$)96cdd42feat: report invalid signed numeric radix values inradixrule (#21030) (Pixel)Bug Fixes
3e7bf15fix: applyignoreClassesWithImplementsto class expressions (#21069) (Pixel)0d7d70cfix: insert cause outside wrapping parens in preserve-caught-error (#21062) (Mahin Anowar)75ec753fix: handle static template literals ineqeqeqrule (#21058) (Pixel)b717a22fix: preventeqeqeqnull option from reporting non-equality operators (#21057) (Pixel)e35b05ffix: avoidno-invalid-regexpfalse positive for shadowed RegExp (#21051) (Pixel)a3172b6fix: avoidno-control-regexfalse positive for shadowed RegExp (#21050) (Pixel)d1f637efix: parenthesize sequence expression operands in no-implicit-coercion (#21045) (spokodev)8859baffix: avoid prefer-numeric-literals false positive for shadowed globals (#21047) (한국)a9e5961fix: use-isnan false positive on shadowed NaN/Number (#20958) (sethamus)8a240a7fix: avoid false positives inradixrule for spread arguments (#21044) (Pixel)Documentation
c30d808docs: Update README (GitHub Actions Bot)5139800docs: document ESLint migration codemods in v9 and v10 guides (#20980) (Alex Bit)04174cbdocs: Update README (GitHub Actions Bot)026e130docs: update semver policy for bug fixes (#21048) (Milos Djermanovic)9d42fefdocs: Update README (GitHub Actions Bot)b230159docs: Update README (GitHub Actions Bot)0129972docs: correct**/.jsglob to**/*.jsin config files guide (#21036) (EduardF1)Chores
9489379chore: update dependency @eslint/eslintrc to ^3.3.6 (#21076) (renovate[bot])81a4774chore: updates for v9.39.5 release (Jenkins)9835414chore: enable$ExpectTypeannotations in all TypeScript files (#21071) (Francesco Trotta)72adf6bchore: restrictmarkdownlint-cli2updates in renovate (#21067) (lumir)833ec10chore: update dependency prettier to v3.9.4 (#21061) (renovate[bot])7ea106dchore: update ecosystem plugins (#21059) (ESLint Bot)8fb550echore: add prettier update commit to.git-blame-ignore-revs(#21056) (lumir)e4e1166chore: update dependency prettier to v3.9.1 (#21055) (renovate[bot])0493f53chore: update prettier to v3.9.0 (#21054) (Pixel)1056a99chore: update dependency prettier to v3.8.5 (#21049) (renovate[bot])4d4155dci: run ecosystem tests on pull requests (#21027) (sethamus)993539fchore: update dependency @eslint/json to ^2.0.1 (#21042) (renovate[bot])53f8b69test: add error locations tono-constant-binary-expression(#21039) (lumir)5ab71d5refactor: clean up radix rule internals (#21015) (Pixel)a80a9a4chore: update ecosystem plugins (#21035) (ESLint Bot)7c9a029ci: add Node.js 26 to CI (#20847) (lumir)v10.6.0Compare Source
Features
b1f9106feat: detect Symbol() and BigInt() in no-constant-binary-expression (#20981) (Taejin Kim)f291007feat: add checkRelationalComparisons to no-constant-binary-expression (#20948) (sethamus)Bug Fixes
6b05784fix: prefer-exponentiation-operator invalid autofix at statement start (#20997) (Milos Djermanovic)bb9eb2afix: account for shadowedBooleaninno-extra-boolean-cast(#21013) (den$)8fd8741fix: don't report shadowed undefined inradixrule (#21011) (Pixel)5784980fix: don't report shadowed undefined in no-throw-literal (#21010) (Pixel)9cd1e6dfix: suppress invalid class suggestion in no-promise-executor-return (#21008) (Pixel)d4eb2dcfix: don't report shadowed undefined in prefer-promise-reject-errors (#21006) (Pixel)2360464fix: prefer-promise-reject-errors false positives for shadowed Promise (#21003) (den$)63d52d2fix: restore max-classes-per-file report range (#21002) (Pixel)7feaff0fix: callback detection logic for IIFEs in max-nested-callbacks (#20979) (fnx)399a2ecfix: don't report inner non-callbacks inmax-nested-callbacks(#20995) (Milos Djermanovic)Documentation
a83683ddocs: Update README (GitHub Actions Bot)f5449f9docs: document userland patterns for global assertionOptions in RuleT… (#20986) (playgirl)bea49f7docs: Update README (GitHub Actions Bot)e5f70f9docs: update code-path diagrams (#20984) (Tanuj Kanti)8890c2ddocs: add TypeScript config guidance for MCP server (#20796) (Pierluigi Lenoci)3eb3d9bdocs: Update README (GitHub Actions Bot)c5bb59cdocs: Update README (GitHub Actions Bot)eb3c97cdocs: fix grammar in prefer-const rule description (#20983) (lumir)Chores
6a42034ci: run ecosystem tests on main branch (#20891) (sethamus)3dbacdbci: bump actions/checkout from 6 to 7 (#21014) (dependabot[bot])c3abfcachore: correct JSDoc param types in html formatter (#21018) (Minseon Kim)a832320ci: split ecosystem tests into separate jobs (#21001) (xbinaryx)27166e7chore: update ecosystem plugins (#21005) (ESLint Bot)865d76eci: bump pnpm/action-setup from 6.0.8 to 6.0.9 (#20989) (dependabot[bot])27a88c9chore: update dependency markdown-it to v14 in root (#20994) (Milos Djermanovic)970cea6chore: update dependency markdown-it to v14 (#20993) (Milos Djermanovic)b482120chore: update dependency prettier to v3.8.4 (#20990) (renovate[bot])6993fb3chore: update ecosystem plugins (#20985) (ESLint Bot)capricorn86/happy-dom (happy-dom)
v20.10.6Compare Source
👷♂️ Patch fixes
v20.10.5Compare Source
👷♂️ Patch fixes
v20.10.4Compare Source
👷♂️ Patch fixes
webpro-nl/knip (knip)
v6.26.0: Release 6.26.0Compare Source
4249935) - thanks @trueberryless!1da09fd)39125a7)aed361c)3b4d58c)d92107e)ef3b601)8292981)#-imports to source when node condition is unbuilt (resolve #1873) (f2713ed)a6f0772)5742913)7301075)5e6f82b)009aad8)f638c83)9396ab1)3ceee89)9bc1754)45dea0a)e1249ad)a45941d)43aecd5)589ffda)f041c19)8fa7b11)4254f7d)dfb9acb)d533da8)b99702a)aab080b)5dea975)c84bb7a)620079d)b5231c1)fc1ba0f)f256a5b) - thanks @trueberryless!6b8454a)606e5d0)199180d)1974533)a220729)v6.25.0: Release 6.25.0Compare Source
nodeLinker: pnpmstore (#1852) (3764605) - thanks @blowery!9cc5a41)packageExtensionsin yarn and pnpm (#1847) (61d3164) - thanks @trueberryless!d23c10d) - thanks @trueberryless!1eb42e6) - thanks @trueberryless!3bf3d11) - thanks @trueberryless!6e6a509) - thanks @dayongkr!2ac4c04) - thanks @jakeleventhal!da606eb)d231d67)fc7bb1e)6f18138)105687d)38e4a4a)1255369)77c2142)0f27e77)195510c)92903ec)a0bfe7b)1301475)23b4a74)e3f0e5c)9422d06)5e192e9)5dc7f12) - thanks @remcohaszing!46111ef) - thanks @jakeleventhal!5ab3483) - thanks [@trueberryless](https://redirect.github.com/tConfiguration
📅 Schedule: (UTC)
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.
This PR was generated by Mend Renovate. View the repository job log.