[Snyk] Fix for 1 vulnerabilities

[adamlaska]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • website/package.json
  • website/package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	658/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 5.3	Information Exposure SNYK-JS-SANITIZEHTML-6256334	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: gatsby-transformer-remark

The new version differs by 250 commits.

• 0c6cd61 chore(release): Publish
• 5e8e621 chore: Update main README (#36954)
• 7130cd4 test(gatsby): Slices API integration tests (#36747)
• 6496eed chore(release): Publish next
• bc7ac84 chore: preserve previous webpack stats derived values, even if we restart webpack itself (#36980)
• 2b5af32 fix: drop `__renderedByLocation` prop when calculating slice props hashes and don't expose it to slice component (#36979)
• cc1ee9b chore(release): Publish next
• 6a53861 chore(gatsby-link): Correct type export (#36968)
• 0ad6314 fix(gatsby-graphiql-explorer): Use upstream exporter package (#36966)
• 964265c chore(release): Publish next
• b624442 chore: Update peerDeps (#36965)
• b2ab092 chore(release): Publish next
• e2a14bf feat(gatsby): Slices <> partial hydration interop (#36960)
• 0083e62 fix(deps): update starters and examples gatsby packages to ^4.24.7 (#36957)
• 68e9cab chore(changelogs): update changelogs (#36958)
• b9eb8d2 chore(deps): update dependency autoprefixer to ^10.4.13 for gatsby-plugin-sass (#36934)
• 58c37ea chore(deps): update dependency @ jridgewell/trace-mapping to ^0.3.17 for gatsby-legacy-polyfills (#36933)
• a5e4c47 fix(deps): update dependency body-parser to ^1.20.1 for gatsby-source-drupal (#36940)
• c86aa7e chore(docs): Add clarification for Pro Tip on Part 4 of tutorial (#36918)
• d5c775a feat(gatsby): handle graphql-import-node bundling (#36951)
• 59e2976 feat(gatsby-remark-embed-snippet): added csproj to language map so it will be recognized as xml (#36919)
• c8a7dda chore(docs): Valhalla Content Hub Reference Guide (#36949)
• 3044280 fix(gatsby): stitch slices if just page html was regenerating without any of used slices regenerating (#36950)
• 10abdcb chore(release): Publish next

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.

[google-cla]

Thanks for your pull request! It looks like this may be your first contribution to a Google open source project. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA).

View this failed invocation of the CLA check for more information.

For the most up to date status, view the checks section at the bottom of the pull request.

[socket-security]

New and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package	New capabilities	Transitives	Size	Publisher
npm/@babel/runtime@7.23.9	None	0	249 kB	nicolo-ribaudo
npm/@jupyter/react-components@0.15.2	None	+7	9.19 MB	fcollonval
npm/@jupyter/web-components@0.15.2	None	+5	8.11 MB	fcollonval
npm/@jupyter/ydoc@1.1.1	None	+5	1.27 MB	davidbrochart
npm/@jupyterlab/nbformat@4.1.2	None	+1	287 kB	jupyterlab-release-bot
npm/@jupyterlab/outputarea@4.0.0	Transitive: environment, eval, network	+51	17.3 MB	jupyterlab-release-bot
npm/@jupyterlab/settingregistry@4.1.2	Transitive: eval	+24	7.37 MB	jupyterlab-release-bot
npm/@jupyterlab/statedb@4.1.2	None	+9	2.17 MB	jupyterlab-release-bot
npm/@jupyterlab/statusbar@4.1.2	Transitive: environment, eval, network	+59	27.6 MB	jupyterlab-release-bot
npm/@jupyterlab/translation@4.1.2	eval Transitive: environment, network	+34	6.27 MB	jupyterlab-release-bot
npm/@jupyterlab/ui-components@4.1.2	Transitive: environment, eval, network	+58	27.6 MB	jupyterlab-release-bot
npm/@lmdb/lmdb-darwin-arm64@2.5.3	None	0	2.06 MB	kriszyp
npm/@lmdb/lmdb-darwin-x64@2.5.3	None	0	2.22 MB	kriszyp
npm/@lmdb/lmdb-linux-arm@2.5.3	None	0	5.11 MB	kriszyp
npm/@lmdb/lmdb-linux-arm64@2.5.3	None	0	5.58 MB	kriszyp
npm/@lmdb/lmdb-linux-x64@2.5.3	None	0	7.01 MB	kriszyp
npm/@lmdb/lmdb-win32-x64@2.5.3	None	0	1.85 MB	kriszyp
npm/@lumino/algorithm@2.0.1	None	0	635 kB	jupyterlab-release-bot
npm/@lumino/collections@2.0.1	None	+1	748 kB	jupyterlab-release-bot
npm/@lumino/commands@2.2.0	None	+7	2.02 MB	jupyterlab-release-bot
npm/@lumino/coreutils@2.1.2	None	0	259 kB	jupyterlab-release-bot
npm/@lumino/disposable@2.1.2	None	+3	1.11 MB	jupyterlab-release-bot
npm/@lumino/domutils@2.0.1	None	0	132 kB	jupyterlab-release-bot
npm/@lumino/dragdrop@2.1.4	None	+4	1.44 MB	jupyterlab-release-bot
npm/@lumino/keyboard@2.0.1	None	0	71.1 kB	jupyterlab-release-bot
npm/@lumino/messaging@2.0.1	None	+2	890 kB	jupyterlab-release-bot
npm/@lumino/polling@2.1.2	None	+4	1.3 MB	jupyterlab-release-bot
npm/@lumino/properties@2.0.1	None	0	65.2 kB	jupyterlab-release-bot
npm/@lumino/signaling@2.1.2	None	+2	1.06 MB	jupyterlab-release-bot
npm/@lumino/virtualdom@2.0.1	None	+1	974 kB	jupyterlab-release-bot
npm/@lumino/widgets@2.3.1	None	+12	7.34 MB	jupyterlab-release-bot
npm/@microsoft/fast-colors@5.3.1	None	0	665 kB	chrisdholt
npm/@microsoft/fast-element@1.12.0	None	0	981 kB	fastsvc
npm/@microsoft/fast-foundation@2.49.5	None	+3	5.38 MB	fastsvc
npm/@microsoft/fast-react-wrapper@0.3.23	None	+4	6.41 MB	fastsvc
npm/@microsoft/fast-web-utilities@5.4.1	None	+1	108 kB	fastsvc
npm/@msgpackr-extract/msgpackr-extract-darwin-arm64@3.0.2	None	0	108 kB	kriszyp
npm/@msgpackr-extract/msgpackr-extract-darwin-x64@3.0.2	None	0	107 kB	kriszyp
npm/@msgpackr-extract/msgpackr-extract-linux-arm@3.0.2	None	0	53.2 kB	kriszyp
npm/@msgpackr-extract/msgpackr-extract-linux-arm64@3.0.2	None	0	58.5 kB	kriszyp
npm/@msgpackr-extract/msgpackr-extract-linux-x64@3.0.2	None	0	62.2 kB	kriszyp
npm/@msgpackr-extract/msgpackr-extract-win32-x64@3.0.2	None	0	228 kB	kriszyp
npm/@rjsf/core@5.17.1	environment Transitive: eval	+9	5.75 MB	rjsf-bot
npm/@rjsf/utils@5.17.1	Transitive: eval	+7	3.79 MB	epicfaace, rjsf-bot
npm/@szmarczak/http-timer@4.0.6	None	+1	16.3 kB	szmarczak
npm/@tokenizer/token@0.3.0	None	0	3.04 kB	borewit
npm/@types/cacheable-request@6.0.3	None	+4	236 kB	types
npm/@types/hast@2.3.10	None	+1	14.7 kB	types
npm/@types/http-cache-semantics@4.0.4	None	0	9.28 kB	types
npm/@types/keyv@3.1.4	None	+1	213 kB	types
npm/@types/mdast@3.0.15	None	+1	19.6 kB	types
npm/@types/parse5@5.0.3	None	0	20.4 kB	types
npm/@types/react@18.2.58	None	+3	2.01 MB	types
npm/@types/responselike@1.0.3	None	+1	211 kB	types
npm/@types/scheduler@0.16.8	None	0	8.25 kB	types
npm/@types/unist@2.0.10	None	0	8.56 kB	types
npm/cacheable-lookup@5.0.4	network	0	23.9 kB	szmarczak
npm/compute-gcd@1.2.1	None	0	11.8 kB	planeshifter
npm/compute-lcm@1.1.2	None	+1	21.1 kB	planeshifter
npm/defer-to-connect@2.0.1	None	0	5.44 kB	szmarczak
npm/exenv-es6@1.1.1	None	0	7.17 kB	chrisdholt
npm/fastq@1.17.1	None	0	41.9 kB	matteo.collina
npm/free-style@3.1.0	None	0	192 kB	blakeembrey
npm/gatsby-core-utils@4.13.1	environment, filesystem, shell, unsafe Transitive: network	+30	28.7 MB	pieh
npm/gatsby-transformer-remark@6.0.0	Transitive: environment, eval, filesystem, network, shell, unsafe	+393	62.9 MB	pieh
npm/graceful-fs@4.2.11	environment, filesystem	0	32.5 kB	isaacs
npm/gray-matter@4.0.3	eval, filesystem Transitive: environment	+4	783 kB	rmassaioli
npm/hash-wasm@4.11.0	None	0	1.77 MB	daninet
npm/hast-to-hyperscript@9.0.1	None	+2	32.9 kB	wooorm
npm/hast-util-is-element@1.1.0	None	0	12.1 kB	wooorm
npm/hast-util-raw@6.1.0	None	+10	108 kB	wooorm
npm/hast-util-to-html@7.1.3	None	+5	69.1 kB	wooorm
npm/hast-util-to-parse5@6.0.0	None	+3	43.6 kB	wooorm
npm/hast-util-whitespace@1.0.4	None	0	6.72 kB	wooorm
npm/html-void-elements@1.0.5	None	0	4.78 kB	wooorm
npm/http2-wrapper@1.0.3	network	0	53.1 kB	szmarczak
npm/ieee754@1.2.1	None	0	6.8 kB	feross
npm/ini@1.3.5	None	0	8.93 kB	isaacs
npm/inline-style-parser@0.1.1	None	0	30.6 kB	remarkablemark
npm/inquirer@6.2.2	Transitive: environment, filesystem, shell	+13	2.03 MB	sboudrias
npm/internal-ip@4.2.0	Transitive: environment, filesystem, shell	+8	149 kB	sindresorhus
npm/intersection-observer@0.5.1	None	0	71.5 kB	philipwalton
npm/into-stream@3.1.0	None	+2	17.7 kB	sindresorhus
npm/invariant@2.2.4	Transitive: environment	+2	28.5 kB	zertosh
npm/invert-kv@1.0.0	None	0	1.3 kB	sindresorhus
npm/ip-regex@2.1.0	None	0	4.73 kB	sindresorhus
npm/ip@1.1.5	None	0	35.7 kB	indutny
npm/ipaddr.js@1.8.0	None	0	39.3 kB	whitequark
npm/is-absolute-url@2.1.0	None	0	2.48 kB	sindresorhus
npm/is-absolute@1.0.0	None	+3	29.6 kB	jonschlinkert
npm/is-accessor-descriptor@0.1.6	None	+1	29.9 kB	jonschlinkert
npm/is-alphabetical@1.0.2	None	0	4.68 kB	wooorm
npm/is-alphanumeric@1.0.0	None	0	2.67 kB	arthurvr
npm/is-alphanumerical@1.0.2	None	+2	13.9 kB	wooorm
npm/is-arrayish@0.2.1	None	0	4.05 kB	qix
npm/is-binary-path@1.0.1	None	+1	7.36 kB	sindresorhus
npm/is-buffer@1.1.6	None	0	5.58 kB	feross
npm/is-builtin-module@1.0.0	None	+1	6.15 kB	sindresorhus
npm/is-callable@1.1.4	None	0	30.6 kB	ljharb
npm/is-ci@1.2.1	Transitive: environment	+1	15.2 kB	watson
npm/is-color-stop@1.1.0	None	+4	47.3 kB	pigcan
npm/is-cwebp-readable@2.0.1	None	+1	32.8 kB	shinnn
npm/is-data-descriptor@0.1.4	None	+1	29.1 kB	jonschlinkert
npm/is-date-object@1.0.1	None	0	15 kB	ljharb
npm/is-decimal@1.0.2	None	0	4.38 kB	wooorm
npm/is-descriptor@0.1.6	None	+3	45.4 kB	jonschlinkert
npm/is-directory@0.3.1	filesystem	0	5.79 kB	jonschlinkert
npm/is-extendable@0.1.1	None	0	5.09 kB	jonschlinkert
npm/is-extglob@2.1.1	None	0	6.22 kB	jonschlinkert
npm/is-finite@1.0.2	None	0	2.48 kB	sindresorhus
npm/is-fullwidth-code-point@2.0.0	None	0	4.14 kB	sindresorhus
npm/is-function@1.0.1	None	0	175 kB	grncdr
npm/is-glob@4.0.0	None	+1	16.9 kB	doowb
npm/is-hexadecimal@1.0.2	None	0	4.67 kB	wooorm
npm/is-installed-globally@0.1.0	Transitive: environment, filesystem	+3	20.6 kB	sindresorhus
npm/is-jpg@2.0.0	None	0	2.96 kB	sindresorhus
npm/is-lower-case@1.1.3	None	+1	8.46 kB	blakeembrey
npm/is-natural-number@4.0.1	None	0	5.81 kB	shinnn
npm/is-npm@1.0.0	None	0	1.19 kB	sindresorhus
npm/is-number@3.0.0	None	+1	30 kB	jonschlinkert
npm/is-obj@1.0.1	None	0	2.4 kB	sindresorhus
npm/is-object@1.0.1	None	0	6.98 kB	ljharb
npm/is-path-cwd@1.0.0	None	0	1.16 kB	sindresorhus
npm/is-path-in-cwd@1.0.1	None	+1	5.07 kB	sindresorhus
npm/is-path-inside@1.0.1	None	0	2.6 kB	sindresorhus
npm/is-plain-obj@1.1.0	None	0	2.62 kB	sindresorhus
npm/is-plain-object@2.0.4	None	+1	14.4 kB	jonschlinkert
npm/is-png@1.1.0	None	0	3.06 kB	sindresorhus
npm/is-promise@2.1.0	None	0	2.61 kB	forbeslindesay
npm/is-redirect@1.0.0	None	0	2.47 kB	sindresorhus
npm/is-regex@1.0.4	None	+2	49.1 kB	ljharb
npm/is-regexp@1.0.0	None	0	1.21 kB	sindresorhus
npm/is-relative-url@2.0.0	None	+1	4.98 kB	sindresorhus
npm/is-relative@1.0.0	None	+1	13.1 kB	jonschlinkert
npm/is-resolvable@1.1.0	None	0	4.21 kB	shinnn
npm/is-retry-allowed@1.1.0	None	0	3.56 kB	floatdrop
npm/is-root@1.0.0	None	0	1.14 kB	sindresorhus
npm/is-stream@1.1.0	None	0	3.23 kB	sindresorhus
npm/is-svg@3.0.0	None	+1	6.12 kB	sindresorhus
npm/is-symbol@1.0.2	None	+1	37.3 kB	ljharb
npm/is-typedarray@1.0.0	None	0	4.41 kB	hughsk
npm/is-unc-path@1.0.0	None	0	6.51 kB	jonschlinkert
npm/is-upper-case@1.1.2	None	0	3.8 kB	blakeembrey
npm/is-utf8@0.2.1	None	0	4.34 kB	wayfind
npm/is-whitespace-character@1.0.2	None	0	4.96 kB	wooorm
npm/is-windows@1.0.2	None	0	7.96 kB	jonschlinkert
npm/is-word-character@1.0.2	None	0	4.75 kB	wooorm
npm/is-wsl@1.1.0	environment, filesystem	0	2.88 kB	sindresorhus
npm/isarray@1.0.0	None	0	3.89 kB	juliangruber
npm/isemail@3.2.0	None	0	71.3 kB	skeggse
npm/isexe@2.0.0	environment, filesystem	0	11 kB	isaacs
npm/isobject@3.0.1	None	0	6.93 kB	doowb
npm/isomorphic-fetch@2.2.1	None	0	5.98 kB	financial-times
npm/isomorphic.js@0.2.5	unsafe	0	4.94 kB	dmonad
npm/isstream@0.1.2	None	0	13.3 kB	rvagg
npm/isurl@1.0.0	None	+3	42.7 kB	stevenvachon
npm/iterall@1.2.2	None	0	91.1 kB	leebyron
npm/jest-worker@23.2.0	environment, shell	0	23.4 kB	mjesun
npm/jimp@0.2.28	environment, filesystem Transitive: eval	+8	7 MB	oliver.moran
npm/joi@12.0.0	network Transitive: environment	+2	277 kB	marsup
npm/jpeg-js@0.2.0	None	0	4.55 MB	eugeneware
npm/js-base64@2.5.0	None	0	164 kB	dankogai
npm/js-levenshtein@1.1.4	None	0	5.73 kB	ggustf
npm/js-tokens@4.0.0	None	0	15.1 kB	lydell
npm/js-yaml@3.14.1	eval Transitive: environment, filesystem	+2	722 kB	vitaly
npm/jsbn@0.1.1	None	0	45.8 kB	andyperlitch
npm/jsesc@2.5.2	None	0	32 kB	mathias
npm/json-buffer@3.0.0	None	0	5.44 kB	dominictarr
npm/json-loader@0.5.7	None	0	6.78 kB	d3viant0ne
npm/json-parse-better-errors@1.0.2	None	0	6.7 kB	zkat
npm/json-parser@1.1.5	None	+1	327 kB	kael
npm/json-schema-compare@0.2.2	None	+1	1.43 MB	mokkabonna
npm/json-schema-merge-allof@0.8.1	None	+4	1.55 MB	mokkabonna
npm/json-schema@0.2.3	None	0	147 kB	kriszyp
npm/json-stable-stringify-without-jsonify@1.0.1	None	0	14.2 kB	samn
npm/json-stable-stringify@1.0.1	None	+1	28.6 kB	substack
npm/json-stringify-safe@5.0.1	None	0	12.7 kB	isaacs
npm/json3@3.3.2	None	0	63.6 kB	kitcambridge
npm/json5@2.2.3	None	0	235 kB	jordanbtucker
npm/jsonfile@4.0.0	filesystem Transitive: environment	+1	49.5 kB	ryanzim
npm/jsonify@0.0.0	None	0	14.7 kB
npm/jsonpointer@5.0.1	None	0	6.75 kB	marcbachmann
npm/jsprim@1.4.1	Transitive: environment	+3	212 kB	dap
npm/jsx-ast-utils@2.0.1	None	+11	645 kB	evcohen
npm/kebab-hash@0.1.2	None	+1	23.4 kB	chmac
npm/keyv@3.0.0	None	+1	18.8 kB	lukechilds
npm/killable@1.0.1	None	0	2.91 kB	commandoline
npm/kind-of@6.0.2	None	0	22.5 kB	jonschlinkert
npm/last-call-webpack-plugin@3.0.0	None	+1	1.42 MB	nmfr
npm/latest-version@3.1.0	None	0	3.02 kB	sindresorhus
npm/lazy-cache@1.0.4	None	0	7.5 kB	jonschlinkert
npm/lcid@1.0.0	None	+1	7.74 kB	sindresorhus
npm/leven@2.1.0	None	0	4.8 kB	sindresorhus
npm/levn@0.3.0	None	0	34 kB	gkz
npm/lib0@0.2.89	environment Transitive: unsafe	+1	1.8 MB	dmonad
npm/lmdb@2.5.3	environment, filesystem, unsafe	+6	26.1 MB	kriszyp
npm/load-bmfont@1.4.0	filesystem	+1	12.8 kB	mattdesl
npm/load-json-file@2.0.0	Transitive: environment, filesystem	+1	35.7 kB	sindresorhus
npm/loader-fs-cache@1.0.1	filesystem	+3	23.2 kB	viankakrisna
npm/loader-runner@2.4.0	filesystem	0	16.3 kB	sokra
npm/loader-utils@1.2.0	None	+3	367 kB	evilebottnawi
npm/locate-path@2.0.0	None	0	3.97 kB	sindresorhus
npm/lock@1.1.0	None	0	9.6 kB	raymondmayjr
npm/lockfile@1.0.4	environment, filesystem	0	29.1 kB	isaacs
npm/lodash-es@4.17.21	eval	0	636 kB	bnjmnt4n
npm/lodash._reinterpolate@3.0.0	None	0	3.18 kB	jdalton
npm/lodash.assign@4.2.0	None	0	19.9 kB	jdalton
npm/lodash.assignin@4.2.0	None	0	19.4 kB	jdalton
npm/lodash.bind@4.2.1	None	0	39.7 kB	jdalton
npm/lodash.camelcase@4.3.0	None	0	21.9 kB	jdalton
npm/lodash.clonedeep@4.5.0	None	0	48.2 kB	jdalton
npm/lodash.deburr@4.1.0	None	0	11.8 kB	jdalton
npm/lodash.defaults@4.2.0	None	0	21.1 kB	jdalton
npm/lodash.escape@4.0.1	None	0	9.15 kB	jdalton
npm/lodash.escaperegexp@4.1.2	None	0	7.61 kB	jdalton
npm/lodash.every@4.6.0	None	0	68.1 kB	jdalton
npm/lodash.filter@4.6.0	None	0	67.1 kB	jdalton
npm/lodash.flatten@4.4.0	None	0	12.1 kB	jdalton
npm/lodash.flattendeep@4.4.0	None	0	12.1 kB	jdalton
npm/lodash.foreach@4.5.0	None	0	17.9 kB	jdalton
npm/lodash.isplainobject@4.0.6	None	0	6.89 kB	jdalton
npm/lodash.isstring@4.0.1	None	0	4.75 kB	jdalton
npm/lodash.kebabcase@4.1.1	None	0	17.7 kB	jdalton
npm/lodash.map@4.6.0	None	0	67.2 kB	jdalton
npm/lodash.maxby@4.6.0	None	0	64.1 kB	jdalton
npm/lodash.memoize@4.1.2	None	0	20.1 kB	jdalton
npm/lodash.merge@4.6.1	None	0	53.9 kB	jdalton
npm/lodash.mergewith@4.6.1	None	0	54 kB	jdalton
npm/lodash.pick@4.4.0	None	0	16.3 kB	jdalton
npm/lodash.reduce@4.6.0	None	0	67.9 kB	jdalton
npm/lodash.reject@4.6.0	None	0	68 kB	jdalton
npm/lodash.some@4.6.0	None	0	67.3 kB	jdalton
npm/lodash.tail@4.1.1	None	0	4.65 kB	jdalton
npm/lodash.template@4.4.0	eval	+2	49.6 kB	jdalton
npm/lodash.templatesettings@4.1.0	eval	+1	13.8 kB	jdalton
npm/lodash.toarray@4.4.0	None	0	25.8 kB	jdalton
npm/lodash.uniq@4.5.0	None	0	25 kB	jdalton
npm/lodash@4.17.21	None	0	1.41 MB	bnjmnt4n
npm/logalot@2.1.0	None	+2	14.4 kB	kevva
npm/loglevel@1.6.1	None	0	121 kB	pimterry
npm/lokijs@1.5.6	filesystem	0	459 kB	techfort
npm/longest-streak@2.0.2	None	0	4.59 kB	wooorm
npm/longest@1.0.1	None	0	4.66 kB	jonschlinkert
npm/loose-envify@1.4.0	environment	+1	20.9 kB	zertosh
npm/loud-rejection@1.6.0	None	+2	13.5 kB	sindresorhus
npm/lower-case-first@1.0.2	None	+1	8.79 kB	blakeembrey
npm/lower-case@1.1.4	None	0	4.78 kB	blakeembrey
npm/lowercase-keys@1.0.1	None	0	2.46 kB	sindresorhus
npm/lpad-align@1.1.2	None	+3	13.6 kB	kevva
npm/lru-cache@4.0.0	None	0	38.7 kB	isaacs
npm/ltcdr@2.2.1	filesystem, shell	0	51 kB	cwmma
npm/make-dir@1.3.0	filesystem	0	6.53 kB	sindresorhus
npm/map-age-cleaner@0.1.3	None	0	8.41 kB	samverschueren
npm/map-cache@0.2.2	None	0	7.6 kB	jonschlinkert
npm/map-obj@1.0.1	None	0	2.52 kB	sindresorhus
npm/map-visit@1.0.0	None	0	8.47 kB	jonschlinkert
npm/markdown-escapes@1.0.2	None	0	4.88 kB	wooorm
npm/markdown-table@1.1.2	None	0	11.8 kB	wooorm
npm/markdown-to-jsx@7.4.1	None	0	438 kB	probablyup
npm/marked@0.4.0	None	0	76.5 kB	amidknight
npm/md-attr-parser@1.2.1	None	0	38.8 kB	ache
npm/md5-file@3.2.3	filesystem	+3	13.2 kB	linusu
npm/md5.js@1.3.5	None	+2	17.5 kB	cwmma
npm/md5@2.2.1	None	+3	26.4 kB	pvorb
npm/mdast-squeeze-paragraphs@3.0.4	None	0	5.46 kB	wooorm
npm/mdast-util-compact@1.0.2	None	0	5.96 kB	wooorm
npm/mdast-util-definitions@1.2.3	None	0	6.46 kB	wooorm
npm/mdast-util-find-and-replace@1.1.1	None	+1	14.5 kB	wooorm
npm/mdast-util-footnote@0.1.7	None	+3	78.2 kB	wooorm
npm/mdast-util-from-markdown@0.8.5	None	+2	73.2 kB	wooorm
npm/mdast-util-gfm-autolink-literal@0.1.3	None	+3	31.9 kB	wooorm
npm/mdast-util-gfm-strikethrough@0.2.3	None	+3	73 kB	wooorm
npm/mdast-util-gfm-table@0.1.6	None	+4	90.3 kB	wooorm
npm/mdast-util-gfm-task-list-item@0.1.6	None	+3	75 kB	wooorm
npm/mdast-util-gfm@0.1.2	None	+11	155 kB	wooorm
npm/mdast-util-to-hast@4.0.0	None	+3	40.2 kB	wooorm
npm/mdast-util-to-markdown@0.6.5	None	+2	64.2 kB	wooorm

🚮 Removed packages: npm/@babel/runtime@7.2.0, npm/@jupyterlab/outputarea@0.19.1, npm/@types/react@16.8.5, npm/@types/unist@2.0.2, npm/gatsby-transformer-remark@2.2.5, npm/graceful-fs@4.1.15, npm/gray-matter@4.0.2, npm/hast-to-hyperscript@5.0.0, npm/hast-util-is-element@1.0.2, npm/hast-util-raw@4.0.0, npm/hast-util-to-html@4.0.1, npm/hast-util-to-parse5@4.0.1, npm/hast-util-whitespace@1.0.2, npm/html-void-elements@1.0.3, npm/ieee754@1.1.12

View full report↗︎

[socket-security]

🚨 Potential security issues detected. Learn more about Socket for GitHub ↗︎

To accept the risk, merge this PR and you will not be notified again.

Alert	Package	Note	Source
Native code	npm/lmdb@2.5.3	Location: Package overview	website/package-lock.json
Potential typo squat	npm/json-parser@1.1.5	Did you mean: jsonc-parser (1.8 thousand times more downloads)	website/package-lock.json

View full report↗︎

Next steps

What's wrong with native code?

Contains native code which could be a vector to obscure malicious code, and generally decrease the likelihood of reproducible or reliable installs.

Ensure that native code bindings are expected. Consumers may consider pure JS and functionally similar alternatives to avoid the challenges and risks associated with native code bindings.

What is a typosquat?

Package name is similar to other popular packages and may not be the package you want.

Use care when consuming similarly named packages and ensure that you did not intend to consume a different package. Malicious packages often publish using similar names as existing popular packages.

Take a deeper look at the dependency

Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support [AT] socket [DOT] dev.

Remove the package

If you happen to install a dependency that Socket reports as Known Malware you should immediately remove it and select a different dependency. For other alert types, you may may wish to investigate alternative packages or consider if there are other ways to mitigate the specific risk posed by the dependency.

Mark a package as acceptable risk

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of ecosystem/package-name@version specifiers. e.g. @SocketSecurity ignore npm/foo@1.0.0 or ignore all packages with @SocketSecurity ignore-all

• @SocketSecurity ignore npm/lmdb@2.5.3
• @SocketSecurity ignore npm/json-parser@1.1.5