fix(deps): update dependency @oclif/plugin-plugins to v5 #422

This PR updates various dependencies in the package.json and yarn.lock files, improving the versioning of several packages, enhancing compatibility, and resolving potential vulnerabilities.

Detailed summary

Upgraded @oclif/plugin-plugins from 4.3.10 to 5.4.15
Updated multiple packages in yarn.lock to newer versions
Removed obsolete package entries and added new dependencies like @isaacs/fs-minipass
Increased version numbers for npm, node-gyp, and other core packages
Enhanced dependency management for improved stability and performance

The following files were skipped due to too many changes: yarn.lock

✨ Ask PR-Codex anything about this PR by commenting with /codex {your question}

changeset-bot · 2024-11-11T00:25:35Z

⚠️ No Changeset found

Latest commit: 3d73dbb

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

socket-security · 2024-11-11T00:26:53Z

New and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package	New capabilities	Transitives	Size	Publisher
npm/@oclif/[email protected]	Transitive: environment, eval, filesystem, network, shell, unsafe	`+25`	19.2 MB	salesforce-releases

🚮 Removed packages: npm/@oclif/[email protected]

View full report↗︎

codecov · 2024-11-11T00:33:08Z

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 68.15%. Comparing base (79cbdf0) to head (3d73dbb).

Additional details and impacted files

@@           Coverage Diff           @@
##           master     #422   +/-   ##
=======================================
  Coverage   68.15%   68.15%           
=======================================
  Files         292      292           
  Lines       11347    11347           
  Branches     1677     1660   -17     
=======================================
  Hits         7733     7733           
+ Misses       3491     3447   -44     
- Partials      123      167   +44

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

socket-security · 2024-11-13T11:01:11Z

🚨 Potential security issues detected. Learn more about Socket for GitHub ↗︎

To accept the risk, merge this PR and you will not be notified again.

Alert	Package	Note	Source	CI
AI-detected potential code anomaly	npm/[email protected]	Notes: The code sets up signal listeners to handle termination signals in a Node.js process and execute a provided callback. While it does not contain overtly malicious behavior, there are some suspicious elements and potential risks. The use of empty try/catch blocks to ignore errors could hide issues. Killing the process with the received signal and setting an empty timeout afterwards is unusual and raises questions about the code's intent. Increasing the max listeners count could also be used to circumvent listener limits. However, without more context about the intended use case, it's difficult to conclude definitively that this code is malicious. The suspicious behaviors warrant caution and further review to determine if they could be exploited for malicious purposes. Confidence: 1.00 Severity: 0.60	`packages/cli/package.json`	🚫

View full report↗︎

Next steps

What is an AI-detected potential code anomaly?

AI has identified unusual behaviors that may pose a security risk.

An AI system found a low-risk anomaly in this package. It may still be fine to use, but you should check that it is safe before proceeding.

Take a deeper look at the dependency

Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support [AT] socket [DOT] dev.

Remove the package

If you happen to install a dependency that Socket reports as Known Malware you should immediately remove it and select a different dependency. For other alert types, you may may wish to investigate alternative packages or consider if there are other ways to mitigate the specific risk posed by the dependency.

Mark a package as acceptable risk

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of ecosystem/package-name@version specifiers. e.g. @SocketSecurity ignore npm/[email protected] or ignore all packages with @SocketSecurity ignore-all

@SocketSecurity ignore npm/[email protected]

Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

renovate · 2024-11-14T14:37:40Z

Renovate Ignore Notification

Because you closed this PR without merging, Renovate will ignore this update. You will not get PRs for any future 5.x releases. But if you manually upgrade to 5.x then Renovate will re-enable minor and patch updates automatically.

If you accidentally closed this PR, or if you changed your mind: rename this PR to get a fresh replacement PR.

renovate bot requested a review from a team as a code owner November 11, 2024 00:25

renovate bot force-pushed the renovate/oclif-plugin-plugins-5.x branch 4 times, most recently from e3a3d11 to 87d51d5 Compare November 13, 2024 10:59

renovate bot force-pushed the renovate/oclif-plugin-plugins-5.x branch 7 times, most recently from 1c9d720 to f9167a4 Compare November 14, 2024 10:49

fix(deps): update dependency @oclif/plugin-plugins to v5

3d73dbb

Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

renovate bot force-pushed the renovate/oclif-plugin-plugins-5.x branch from f9167a4 to 3d73dbb Compare November 14, 2024 12:58

aaronmgdr closed this Nov 14, 2024

renovate bot deleted the renovate/oclif-plugin-plugins-5.x branch November 14, 2024 14:37

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

fix(deps): update dependency @oclif/plugin-plugins to v5 #422

fix(deps): update dependency @oclif/plugin-plugins to v5 #422

renovate bot commented Nov 11, 2024 •

edited by pr-codex bot

Loading

changeset-bot bot commented Nov 11, 2024 •

edited

Loading

socket-security bot commented Nov 11, 2024 •

edited

Loading

codecov bot commented Nov 11, 2024 •

edited

Loading

socket-security bot commented Nov 13, 2024 •

edited

Loading

renovate bot commented Nov 14, 2024

fix(deps): update dependency @oclif/plugin-plugins to v5 #422

fix(deps): update dependency @oclif/plugin-plugins to v5 #422

Conversation

renovate bot commented Nov 11, 2024 • edited by pr-codex bot Loading

Release Notes

Bug Fixes

Bug Fixes

Bug Fixes

Bug Fixes

Bug Fixes

Bug Fixes

Bug Fixes

Bug Fixes

Bug Fixes

Bug Fixes

Bug Fixes

Bug Fixes

Bug Fixes

Bug Fixes

Bug Fixes

Features

5.3.9 (2024-07-23)

Bug Fixes

5.3.8 (2024-07-21)

Bug Fixes

5.3.7 (2024-07-14)

Bug Fixes

5.3.6 (2024-07-13)

Bug Fixes

5.3.5 (2024-07-13)

Bug Fixes

5.3.4 (2024-07-07)

Bug Fixes

5.3.3 (2024-06-30)

Bug Fixes

5.3.2 (2024-06-15)

Bug Fixes

5.3.1 (2024-06-13)

Bug Fixes

Bug Fixes

Bug Fixes

Bug Fixes

Bug Fixes

Bug Fixes

Bug Fixes

Bug Fixes

Bug Fixes

Bug Fixes

Features

5.2.4 (2024-06-09)

Bug Fixes

5.2.3 (2024-06-05)

Bug Fixes

5.2.2 (2024-06-04)

Bug Fixes

5.2.1 (2024-06-01)

Bug Fixes

Bug Fixes

Bug Fixes

Bug Fixes

Bug Fixes

Bug Fixes

5.1.3-dev.0 (2024-05-24)

Bug Fixes

Features

5.1.3 (2024-05-24)

Bug Fixes

5.1.2 (2024-05-18)

Bug Fixes

5.1.1 (2024-05-18)

Bug Fixes

Bug Fixes

Bug Fixes

Bug Fixes

Features

5.0.21 (2024-05-11)

Bug Fixes

5.0.20 (2024-05-11)

Bug Fixes

5.0.19 (2024-05-05)

renovate bot commented Nov 11, 2024 •

edited by pr-codex bot

Loading