chore(deps): update all dependencies

[renovate]

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package	Change	Age	Confidence	Type	Update
@1stg/app-config (source)	^4.1.3 → ^15.0.0			devDependencies	major
@1stg/lib-config (source)	^6.1.3 → ^13.0.0			devDependencies	major
@changesets/changelog-github (source)	^0.5.0 → ^0.7.0			devDependencies	minor
@types/node (source)	^17.0.45 → ^24.0.0			devDependencies	major
@types/react (source)	^18.3.18 → ^19.0.0			devDependencies	major
@types/react-dom (source)	^18.3.5 → ^19.0.0			devDependencies	major
actions/checkout	v3 → v6			action	major
actions/setup-node	v3 → v6			action	major
node	16.x → 24.x			uses-with	major
patch-package	^6.5.1 → ^8.0.0			devDependencies	major
prettier (source)	^2.8.8 → ^3.0.0			resolutions	major
react (source)	^18.3.1 → ^19.0.0			devDependencies	major
react-dom (source)	^18.3.1 → ^19.0.0			devDependencies	major
react-router-dom (source)	^6.28.1 → ^7.0.0			devDependencies	major
sirv-cli	^2.0.2 → ^3.0.0			devDependencies	major
typescript (source)	^4.9.5 → ^6.0.0			devDependencies	major

---

Release Notes

1stG/configs (@​1stg/app-config)

v15.0.0

Compare Source

Major Changes

• #​393 3f70b26 Thanks @​JounQin! - chore: bump commitlint

• #​393 3f70b26 Thanks @​JounQin! - chore: bump typescript v6

Patch Changes

• Updated dependencies [3f70b26, 3f70b26, 3f70b26]:
  • @​1stg/stylelint-config@​6.2.0
  • @​1stg/postcss-config@​6.2.0
  • @​1stg/common-config@​15.0.0

v14.3.0

Compare Source

Minor Changes

• #​388 5343736 Thanks @​JounQin! - fix: clarify correct engines field due to 1stg/prettier-config

Patch Changes

• Updated dependencies [5343736]:
  • @​1stg/common-config@​14.3.0

v14.2.0

Compare Source

Minor Changes

• #​385 a7ee3ee Thanks @​JounQin! - chore(deps): bump related config packages

Patch Changes

• Updated dependencies [a7ee3ee]:
  • @​1stg/common-config@​14.2.0

v14.1.0

Compare Source

Minor Changes

• #​377 ed8b7e5 Thanks @​JounQin! - feat: enable eslint-plugin-node-dependencies conditionally

Patch Changes

• Updated dependencies [ed8b7e5, ed8b7e5, ed8b7e5]:
  • @​1stg/postcss-config@​6.1.0
  • @​1stg/stylelint-config@​6.1.0
  • @​1stg/common-config@​14.1.0

v14.0.0

Compare Source

Major Changes

• #​371 3cbd4b7 Thanks @​JounQin! - feat!: migrate eslint-plugin-unicorn to eslint-plugin-unicorn-x

• #​372 f6e2755 Thanks @​JounQin! - feat!: use n.convertPath setting for hashbang rule

Patch Changes

• Updated dependencies [3cbd4b7, f6e2755]:
  • @​1stg/common-config@​14.0.0

v13.1.0

Compare Source

Minor Changes

• #​367 94685f7 Thanks @​JounQin! - chore(eslint): bump eslint-plugin-unicorn to v59.0.1

Patch Changes

• Updated dependencies [94685f7]:
  • @​1stg/common-config@​13.1.0

v13.0.1

Compare Source

Patch Changes

• Updated dependencies [db3b78b]:
  • @​1stg/common-config@​11.0.0

v13.0.0

Compare Source

Major Changes

• #​229 6561a5e Thanks @​JounQin! - chore: bump all upgradable (dev)Dependencies

Patch Changes

• Updated dependencies [6561a5e]:
  • @​1stg/common-config@​10.0.0

v12.0.1

Compare Source

Patch Changes

• #​220 9268bd0 Thanks @​JounQin! - fix(tsconfig): incompatible module option for Node16 and NodeNext

• #​220 9268bd0 Thanks @​JounQin! - fix(eslint): incorrect project setting for ts in md/mdx

• Updated dependencies [9268bd0, 9268bd0]:

  • @​1stg/common-config@​9.0.1

v12.0.0

Compare Source

Major Changes

• 93a4ce0 Thanks @​JounQin! - chore: bump eslint plugins

Patch Changes

• Updated dependencies [93a4ce0]:
  • @​1stg/common-config@​9.0.0

v11.1.2

Compare Source

Patch Changes

• #​325 cf9c358 Thanks @​JounQin! - fix(eslint-config): enable curly correctly due to config-prettier

• Updated dependencies [cf9c358]:

  • @​1stg/browserslist-config@​2.1.2
  • @​1stg/common-config@​11.1.2
  • @​1stg/postcss-config@​6.0.4

v11.1.1

Compare Source

Patch Changes

• #​322 8fc446d Thanks @​JounQin! - chore(prettier-config): bump sh plugin

• Updated dependencies [8fc446d]:

  • @​1stg/common-config@​11.1.1

v11.1.0

Compare Source

Minor Changes

• #​191 59681fb Thanks @​JounQin! - chore: bump eslint-plugin-jsdoc

Patch Changes

• Updated dependencies [59681fb]:
  • @​1stg/common-config@​8.1.0

v11.0.3

Compare Source

Patch Changes

• #​309 5dbb419 Thanks @​JounQin! - chore(eslint-config): enable destructuring: all for prefer-const

  chore: bump all deps

• Updated dependencies [5dbb419]:

  • @​1stg/browserslist-config@​2.1.1
  • @​1stg/common-config@​11.0.5
  • @​1stg/postcss-config@​6.0.2
  • @​1stg/stylelint-config@​6.0.2

v11.0.2

Compare Source

Patch Changes

• 3227ee5 Thanks @​JounQin! - chore(eslint-config): drop outdated eslint-formatter-friendly

• Updated dependencies [3227ee5]:

  • @​1stg/common-config@​11.0.4

v11.0.1

Compare Source

Patch Changes

• 55d6ede Thanks @​JounQin! - chore: bump pkgr packages

v11.0.0

Compare Source

Major Changes

• d03df9f Thanks @​JounQin! - feat!: migrate to eslint-community packages, bump stylelint

Patch Changes

• Updated dependencies [d03df9f, 16bf6b4]:
  • @​1stg/common-config@​8.0.0

v10.0.1

Compare Source

Patch Changes

• Updated dependencies [17fe967]:
  • @​1stg/stylelint-config@​6.0.0

v10.0.0

Compare Source

Major Changes

• #​229 6561a5e Thanks @​JounQin! - chore: bump all upgradable (dev)Dependencies

Patch Changes

• Updated dependencies [6561a5e]:
  • @​1stg/browserslist-config@​2.0.0
  • @​1stg/common-config@​10.0.0
  • @​1stg/postcss-config@​6.0.0

v9.0.1

Compare Source

Patch Changes

• #​220 9268bd0 Thanks @​JounQin! - fix(tsconfig): incompatible module option for Node16 and NodeNext

• #​220 9268bd0 Thanks @​JounQin! - fix(eslint): incorrect project setting for ts in md/mdx

• Updated dependencies [9268bd0, 9268bd0]:

  • @​1stg/common-config@​9.0.1

v9.0.0

Compare Source

Major Changes

• 93a4ce0 Thanks @​JounQin! - chore: bump eslint plugins

Patch Changes

• Updated dependencies [93a4ce0]:
  • @​1stg/common-config@​9.0.0

v8.1.0

Compare Source

Minor Changes

• #​191 59681fb Thanks @​JounQin! - chore: bump eslint-plugin-jsdoc

• #​191 59681fb Thanks @​JounQin! - chore: bump stylelint-config-standard and stylelint-scss

Patch Changes

• Updated dependencies [59681fb, 59681fb]:
  • @​1stg/common-config@​8.1.0
  • @​1stg/stylelint-config@​5.1.0

v8.0.1

Compare Source

Patch Changes

• 55d6ede Thanks @​JounQin! - chore: bump pkgr packages

v8.0.0

Compare Source

Major Changes

• d03df9f Thanks @​JounQin! - feat!: migrate to eslint-community packages, bump stylelint

Minor Changes

• #​178 16bf6b4 Thanks @​JounQin! - chore: bump all (dev)Dependencies

Patch Changes

• Updated dependencies [d03df9f, 16bf6b4]:
  • @​1stg/common-config@​8.0.0
  • @​1stg/postcss-config@​5.0.0
  • @​1stg/stylelint-config@​5.0.0

v7.3.0

Compare Source

Minor Changes

• #​172 02236f3 Thanks @​JounQin! - chore: bump all (dev)Dependencies, update node engine

Patch Changes

• Updated dependencies [02236f3]:
  • @​1stg/common-config@​7.2.0
  • @​1stg/postcss-config@​4.0.0
  • @​1stg/stylelint-config@​4.8.2

v7.2.1

Compare Source

Patch Changes

• #​168 3b1246d Thanks @​JounQin! - fix(babel-preset): enable allowDeclareFields with `@babel/plugin-tr…

• Updated dependencies [3b1246d]:

  • @​1stg/common-config@​7.1.1

v7.2.0

Compare Source

Minor Changes

• #​172 02236f3 Thanks @​JounQin! - chore: bump all (dev)Dependencies, update node engine

Patch Changes

• Updated dependencies [02236f3]:
  • @​1stg/babel-preset@​3.2.3
  • @​1stg/commitlint-config@​3.2.0
  • @​1stg/eslint-config@​5.7.0
  • @​1stg/lint-staged@​3.4.1
  • @​1stg/prettier-config@​3.9.2
  • @​1stg/remark-preset@​2.0.0
  • @​1stg/simple-git-hooks@​0.2.3
  • @​1stg/tsconfig@​2.3.2

v7.1.1

Compare Source

Patch Changes

• #​168 3b1246d Thanks @​JounQin! - fix(babel-preset): enable allowDeclareFields with `@babel/plugin-tr…

• Updated dependencies [3b1246d]:

  • @​1stg/babel-preset@​3.2.2

v7.1.0

Compare Source

Minor Changes

• #​164 990677b Thanks @​JounQin! - feat(eslint): enable curly with all option

• #​164 990677b Thanks @​JounQin! - feat(babel): bump babel-preset-proposal-typescript@v3

Patch Changes

• #​164 990677b Thanks @​JounQin! - fix(eslint): move prefer-optional-chain to type awared section

• #​164 990677b Thanks @​JounQin! - chore: bump all (dev)Dependencies

• Updated dependencies [990677b, 990677b, 990677b, 990677b]:

  • @​1stg/eslint-config@​5.6.0
  • @​1stg/lint-staged@​3.4.0
  • @​1stg/babel-preset@​3.2.0
  • @​1stg/commitlint-config@​3.1.5
  • @​1stg/markuplint-config@​2.2.1
  • @​1stg/prettier-config@​3.9.1
  • @​1stg/remark-preset@​1.0.1
  • @​1stg/simple-git-hooks@​0.2.2
  • @​1stg/tsconfig@​2.3.1

v7.0.0

Compare Source

Major Changes

• #​155 88168c6 Thanks @​JounQin! - feat: migrate @1stg/remark-config to @1stg/remark-preset

Patch Changes

• Updated dependencies [6f6022a, 88168c6]:
  • @​1stg/lint-staged@​3.3.2
  • @​1stg/remark-preset@​1.0.0

v6.2.0

Compare Source

Minor Changes

• #​153 ac25180 Thanks @​JounQin! - chore(deps): bump all (dev)Dependencies, fix related usage

Patch Changes

• #​153 ac25180 Thanks @​JounQin! - fix(lint-staged): run prettier after eslint if CONFIG_PREFER_PRETTIER enabled

• Updated dependencies [ac25180, ac25180, ac25180, ac25180]:

  • @​1stg/tsconfig@​2.3.0
  • @​1stg/lint-staged@​3.3.1
  • @​1stg/eslint-config@​5.5.0
  • @​1stg/prettier-config@​3.8.0

v6.1.5

Compare Source

Patch Changes

• #​144 8d9171d Thanks @​JounQin! - perf(eslint): bump eslint-import-resolver-typescript, eslint-plugin-json-schema-validator and eslint-plugin-mdx

• #​144 8d9171d Thanks @​JounQin! - chore(eslint): replace eslint-plugin-import with eslint-plugin-i

• Updated dependencies [8d9171d, 8d9171d]:

  • @​1stg/common-config@​6.1.4

v6.1.4

Compare Source

Patch Changes

• #​141 701f349 Thanks @​JounQin! - chore: bump eslint and plugins

• Updated dependencies [701f349]:

  • @​1stg/common-config@​6.1.3

v6.1.3

Compare Source

Patch Changes

• #​133 9db70a5 Thanks @​JounQin! - fix(eslint): incorrect prettier parser inferred for angular html files

• Updated dependencies [9db70a5]:

  • @​1stg/common-config@​6.1.2

v6.1.2

Compare Source

Patch Changes

• #​131 1e06825 Thanks @​JounQin! - fix(eslint): disable prettier/prettier rule for md/mdx automatically

• Updated dependencies [1e06825]:

  • @​1stg/common-config@​6.1.1

v6.1.1

Compare Source

Patch Changes

• 3aad99a Thanks @​JounQin! - fix(stylelint): no need to disable prettier/prettier when it is unavailable

• Updated dependencies [3aad99a]:

  • @​1stg/stylelint-config@​4.6.1

v6.1.0

Compare Source

Minor Changes

• #​128 7228ebb Thanks @​JounQin! - feat: bump deps, cross-env has been removed from @1stg/lint-staged

Patch Changes

• Updated dependencies [7228ebb, 7228ebb]:
  • @​1stg/common-config@​6.1.0
  • @​1stg/stylelint-config@​4.6.0

v6.0.0

Compare Source

Major Changes

• #​126 48d7542 Thanks @​JounQin! - build!: migrate to pnpm, yarn-deduplicate has been removed, you'll need to install it manually if you're still using yarn@v1

Patch Changes

• #​126 48d7542 Thanks @​JounQin! - fix: support more markup files

• Updated dependencies [48d7542, 48d7542, 48d7542]:

  • @​1stg/common-config@​6.0.0
  • @​1stg/stylelint-config@​4.5.0

v5.2.7

Compare Source

Patch Changes

• #​121 e23439a Thanks @​JounQin! - fix(prettier): .vscode/*.json should be considered as jsonc

• #​123 4f70fd3 Thanks @​JounQin! - docs: add README files

• Updated dependencies [4f70fd3]:

  • @​1stg/browserslist-config@​1.2.3
  • @​1stg/common-config@​5.2.7
  • @​1stg/postcss-config@​3.2.4
  • @​1stg/stylelint-config@​4.4.5

v5.2.6

Compare Source

Patch Changes

• #​117 5b9ae0a Thanks @​JounQin! - chore: upgrade @​pkgr/utils

• Updated dependencies [5b9ae0a]:

  • @​1stg/postcss-config@​3.2.3
  • @​1stg/stylelint-config@​4.4.4
  • @​1stg/common-config@​5.2.6

v5.2.5

Compare Source

Patch Changes

• #​115 c750c5d Thanks @​JounQin! - feat: bump deps

• Updated dependencies [c750c5d]:

  • @​1stg/common-config@​5.2.5

v5.2.4

Compare Source

Patch Changes

• #​113 cae8e34 Thanks @​JounQin! - fix(eslint): remove plugin:jsonc/auto-config

• Updated dependencies [cae8e34]:

  • @​1stg/common-config@​5.2.4

v5.2.3

Compare Source

Patch Changes

• #​111 eb18aaa Thanks @​JounQin! - chore: add donate and funding fields

• Updated dependencies [eb18aaa]:

  • @​1stg/browserslist-config@​1.2.2
  • @​1stg/common-config@​5.2.3
  • @​1stg/postcss-config@​3.2.2
  • @​1stg/stylelint-config@​4.4.3

v5.2.2

Compare Source

Patch Changes

• #​109 d648751 Thanks @​JounQin! - fix: exclude some json files which are jsonc actually

• Updated dependencies [d648751]:

  • @​1stg/common-config@​5.2.2

v5.2.1

Compare Source

Patch Changes

• #​107 720e694 Thanks @​JounQin! - fix(prettier): upgrade prettier-plugin-stylus

• #​107 720e694 Thanks @​JounQin! - chore: add website info in author field

• Updated dependencies [720e694, 720e694]:

  • @​1stg/common-config@​5.2.1
  • @​1stg/stylelint-config@​4.4.2
  • @​1stg/browserslist-config@​1.2.1
  • @​1stg/postcss-config@​3.2.1

v5.2.0

Compare Source

Minor Changes

• #​104 4f267cc Thanks @​JounQin! - feat(stylelint): enable stylelint-stylus

• #​102 ca3a9ff Thanks @​JounQin! - feat(eslint): enable json-schema-validator for toml and yaml

Patch Changes

• Updated dependencies [4f267cc, ca3a9ff]:
  • @​1stg/common-config@​5.2.0
  • @​1stg/stylelint-config@​4.4.0

v5.1.0

Compare Source

Minor Changes

• #​100 ab745b4 Thanks @​JounQin! - feat(eslint): enable css/es-x/json-schema-validator/regexp plugins

Patch Changes

• Updated dependencies [ab745b4]:
  • @​1stg/common-config@​5.1.0

v5.0.0

Compare Source

Major Changes

• #​98 9c2c16d Thanks @​JounQin! - feat!: use official eslint-plugin-prettier and eslint-plugin-svelte v2

Patch Changes

• Updated dependencies [9c2c16d]:
  • @​1stg/common-config@​5.0.0

v4.4.0

Compare Source

Minor Changes

• 62a9421 Thanks @​JounQin! - feat: use upgrade prettier-plugin-sh

• 62a9421 Thanks @​JounQin! - feat: use @​rxts/eslint-plugin-prettier instead

Patch Changes

• Updated dependencies [62a9421, 62a9421]:
  • @​1stg/common-config@​4.4.0

v4.3.0

Compare Source

Minor Changes

• af649e7 Thanks @​JounQin! - feat: bump deps, update node engine setting

Patch Changes

• Updated dependencies [af649e7]:
  • @​1stg/browserslist-config@​1.2.0
  • @​1stg/common-config@​4.3.0
  • @​1stg/postcss-config@​3.2.0
  • @​1stg/stylelint-config@​4.3.0

v4.2.3

Compare Source

Patch Changes

• c8c6b0c Thanks @​JounQin! - fix(lint-staged): do not run prettier on .nvmrc

• Updated dependencies [c8c6b0c]:

  • @​1stg/common-config@​4.2.3

v4.2.2

Compare Source

Patch Changes

• 27662c4 Thanks @​JounQin! - fix(prettier): ignore .nvmrc, use sh for .*shrc

• Updated dependencies

✂ Note

PR body was truncated to here.

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • Between 12:00 AM and 03:59 AM, on day 1 of the month (* 0-3 1 * *)
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[changeset-bot]

⚠️ No Changeset found

Latest commit: ef570f6

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

[coderabbitai]

Important

Review skipped

Bot user detected.

To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

• 🔍 Trigger a full review

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	@​1stg/​lib-config@​6.1.3 ⏵ 13.0.1	-2		+11	-2
	@​1stg/​app-config@​4.1.3 ⏵ 15.0.0	+5		+19	-5
	react-router-dom@​7.17.0
	@​changesets/​changelog-github@​0.5.0 ⏵ 0.7.0			+1
	type-coverage@​2.29.1
	webpack@​5.85.0
	@​types/​react-dom@​18.3.5 ⏵ 19.2.3
	html-webpack-harddisk-plugin@​2.0.0
	rollup@​2.74.1
	@​types/​react@​18.3.18 ⏵ 19.2.17	+1
	sirv-cli@​3.0.1
	svelte@​3.59.2
	github-markdown-css@​5.8.1
	patch-package@​8.0.1
	ts-node@​10.9.2
	react@​19.2.7
	typescript@​6.0.3
	vue@​3.5.13
	react-dom@​19.2.7
	@​types/​node@​17.0.45 ⏵ 24.13.2	+1		+20	+5

View full report

[socket-security]

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action	Severity	Alert  (click "▶" to expand/collapse)
Warn		Critical CVE: Prototype pollution in webpack npm loader-utils CVE: GHSA-76p3-8jx3-jpfq Prototype pollution in webpack loader-utils (CRITICAL) Affected versions: >= 2.0.0 < 2.0.3; < 1.4.1 Patched version: 1.4.1 From: ? → npm/@pkgr/webpack@3.4.0 → npm/loader-utils@1.4.0 ℹ Read more on: This package | This alert | What is a critical CVE? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Remove or replace dependencies that include known critical CVEs. Consumers can use dependency overrides or npm audit fix --force to remove vulnerable dependencies. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/loader-utils@1.4.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Obfuscated code: npm @typescript-eslint/eslint-plugin is 90.0% likely obfuscated Confidence: 0.90 Location: Package overview From: ? → npm/@1stg/app-config@15.0.0 → npm/@1stg/lib-config@13.0.1 → npm/@typescript-eslint/eslint-plugin@8.61.0 ℹ Read more on: This package | This alert | What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@typescript-eslint/eslint-plugin@8.61.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Obfuscated code: npm diff-sequences is 90.0% likely obfuscated Confidence: 0.90 Location: Package overview From: ? → npm/@1stg/app-config@15.0.0 → npm/@1stg/lib-config@13.0.1 → npm/diff-sequences@27.5.1 ℹ Read more on: This package | This alert | What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/diff-sequences@27.5.1. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Obfuscated code: npm micromark-core-commonmark is 90.0% likely obfuscated Confidence: 0.90 Location: Package overview From: ? → npm/@pkgr/webpack-mdx@2.2.0 → npm/micromark-core-commonmark@1.0.6 ℹ Read more on: This package | This alert | What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/micromark-core-commonmark@1.0.6. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Obfuscated code: npm uvu is 90.0% likely obfuscated Confidence: 0.90 Location: Package overview From: ? → npm/@pkgr/webpack-mdx@2.2.0 → npm/uvu@0.5.3 ℹ Read more on: This package | This alert | What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/uvu@0.5.3. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Obfuscated code: npm webpack is 90.0% likely obfuscated Confidence: 0.90 Location: Package overview From: ? → npm/webpack@5.107.2 ℹ Read more on: This package | This alert | What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/webpack@5.107.2. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Obfuscated code: npm webpack is 90.0% likely obfuscated Confidence: 0.90 Location: Package overview From: packages/webpack-plugins/package.json → npm/webpack@5.85.0 ℹ Read more on: This package | This alert | What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/webpack@5.85.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report