Skip to content

chore(deps): update non-major#279

Open
renovate[bot] wants to merge 1 commit intomainfrom
renovate/non-major
Open

chore(deps): update non-major#279
renovate[bot] wants to merge 1 commit intomainfrom
renovate/non-major

Conversation

@renovate
Copy link
Copy Markdown
Contributor

@renovate renovate bot commented Mar 9, 2026
edited
Loading

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package Change Age Confidence
@hookform/resolvers (source) ^3.1.1^3.10.0 age confidence
@reduxjs/toolkit (source) ^2.6.0^2.11.2 age confidence
@sanity/client (source) ^7.13.2^7.20.0 age confidence
@sanity/icons (source) ^3.7.0^3.7.4 age confidence
@sanity/pkg-utils (source) ^7.1.1^7.11.9 age confidence
@sanity/plugin-kit ^4.0.19^4.0.20 age confidence
@sanity/ui (source) ^3.0.5^3.1.14 age confidence
@sanity/uuid (source) ^3.0.1^3.0.2 age confidence
@sanity/vision (source) ^3.80.1^3.99.0 age confidence
@tanem/react-nprogress ^5.0.55^5.0.63 age confidence
@types/react (source) ^19.0.12^19.2.14 age confidence
@types/react-dom (source) ^19.0.4^19.2.3 age confidence
@types/react-file-icon (source) ^1.0.4^1.0.5 age confidence
copy-to-clipboard ^3.3.1^3.3.3 age confidence
date-fns ^4.0.0^4.1.0 age confidence
eslint-config-prettier ^8.10.0^8.10.2 age confidence
eslint-plugin-prettier ^4.2.1^4.2.5 age confidence
eslint-plugin-react ^7.37.4^7.37.5 age confidence
filesize (source) ^9.0.0^9.0.11 age confidence
groq (source) ^3.0.0^3.99.0 age confidence
husky ^8.0.2^8.0.3 age confidence
lint-staged ^13.0.3^13.3.0 age confidence
nanoid ^3.3.8^3.3.11 age confidence
prettier-plugin-packagejson ^2.5.10^2.5.22 age confidence
react (source) ^19.0.0^19.2.4 age confidence
react-dom (source) ^19.0.0^19.2.4 age confidence
react-dropzone ^11.3.1^11.7.1 age confidence
react-hook-form (source) ^7.54.2^7.72.1 age confidence
react-is (source) ^19.0.0^19.2.4 age confidence
react-select (source) ^5.10.1^5.10.2 age confidence
react-virtuoso (source) ^4.12.5^4.18.4 age confidence
redux-observable 3.0.0-rc.23.0.0-rc.3 age confidence
rxjs (source) ^7.8.1^7.8.2 age confidence
sanity (source) ^3.80.1^3.99.0 age confidence
styled-components (source) ^6.1.16^6.3.12 age confidence
typescript (source) 5.8.25.9.3 age confidence
zod (source) ^3.21.4^3.25.76 age confidence

Release Notes

reduxjs/redux-toolkit (@​reduxjs/toolkit)

v2.11.2

Compare Source

v2.11.1

Compare Source

This bugfix release fixes an issue with our internal AbortSignal handling that was reported as causing an error in a rare reset situation. We've also restructured our publishing process to use NPM Trusted Publishing, and updated our TS support matrix to only support TS 5.4+.

Changelog

Publishing Changes

We've previously done most of our releases semi-manually locally, with various release process CLI tools. With the changes to NPM publishing security and the recent wave of NPM attacks, we've updated our publishing process to solely use NPM Trusted Publishing via workflows. We've also done a hardening pass on our own CI setup.

We had done a couple releases via CI workflows previously, and later semi-manual releases caused PNPM to warn that RTK was no longer trusted. This release should be trusted and will resolve that issue.

Thanks to the e18e folks and their excellent guide at https://e18e.dev/docs/publishing for making this process easier!

TS Support Matrix Updates

We've previously mentioned rolling changes to our TS support matrix in release notes, but didn't officially document our support policy. We've added a description of the support policy (last 2 years of TS releases, matching DefinitelyTyped) and the current oldest TS version we support in the docs:

As of today, we've updated the support matrix to be TS 5.4+ . As always, it's possible RTK will work if you're using an earlier version of TS, but we don't test against earlier versions and don't support any issues with those versions.

We have run an initial test with the upcoming TS 7.0 native tsgo release. We found a couple minor issues with our own TS build and test setup, but no obvious issues with using RTK with TS 7.0.

Bug Fixes

A user reported a rare edge case where the combination of resetApiState and retry() could lead to an error calling an AbortController. We've restructured our AbortController handling logic to avoid that (and simplified a bit of our internals in the process).

What's Changed

Full Changelog: reduxjs/redux-toolkit@v2.11.0...v2.11.1

v2.11.0

Compare Source

v2.10.1

Compare Source

This bugfix release fixes an issue with window access breaking in SSR due to the byte-shaving work in 2.10.

What's Changed

Full Changelog: reduxjs/redux-toolkit@v2.10.0...v2.10.1

v2.10.0

Compare Source

v2.9.2

Compare Source

This bugfix release fixes a potential internal data leak in SSR environments, improves handling of headers in fetchBaseQuery, improves retry handling for unexpected errors and request aborts, and fixes a longstanding issue with prefetch leaving an unused subscription. We've also shipped a new graphqlRequestBaseQuery release with updated dependencies and better error handling.

Changelog

Internal Subscription Handling

We had a report that a Redux SSR app had internal subscription data showing up across different requests. After investigation, this was a bug introduced by the recent RTKQ perf optimizations, where the internal subscription fields were hoisted outside of the middleware setup and into createApi itself. This meant they existed outside of the per-store-instance lifecycle. We've reworked the logic to ensure the data is per-store again. We also fixed another issue that miscalculated when there was an active request while checking for cache entry cleanup.

Note that no actual app data was leaked in this case, just the internal subscription IDs that RTKQ uses in its own middleware to track the existence of subscriptions per cache entry.

fetchBaseQuery Headers

We've updated fetchBaseQuery to avoid setting content-type in cases where a non-JSONifiable value like FormData is being passed as the request body, so that the browser can set that content type itself. It also now sets the accept header based on the selected responseHandler (JSON or text).

retry Behavior and Cleanup

The retry util now respects the maxRetries option when catching unknown errors in addition to the existing known errors logic. It also now checks the request's AbortSignal and will stop retrying if aborted.

In conjunction with that, dispatching resetApiState will now abort all in-flight requests.

The prefetch util and usePrefetch hook had a long-standing issue where they would create a subscription for a cache entry, but there was no way to clean up that subscription. This meant that the cache entry was effectively permanent. They now initiate the request without adding a subscription. This will fetch the cache entry and leave it in the store for the keepUnusedDataFor period as intended, giving your app time to actually subscribe to the value (such as prefetching the cache entry in a route handler, and then subscribing in a component).

graphqlRequestBaseQuery

We've published @rtk-query/graphql-request-base-query v2.3.2, which updates the graphql-request dep to ^7. We also fixed an issue where the error handling rethrew unknown errors - it now returns {error} as a base query is supposed to.

What's Changed

Full Changelog: reduxjs/redux-toolkit@v2.9.1...v2.9.2

v2.9.1

Compare Source

This bugfix release fixes how sorted entity adapters handle duplicate IDs, tweaks the TS types for RTKQ query state cache entries to improve how the data field is handled, and adds better cleanup for long-running listener middleware effects.

What's Changed

  • fix(entityAdapter): ensure sorted addMany keeps first occurrence of duplicate ids by @​demyanm in #​5097
  • fix(entityAdapter): ensure sorted setMany keeps just unique IDs in state.ids by @​demyanm in #​5107
  • fix(types): ensure non-undefined data on isSuccess with exactOptionalPropertyTypes by @​CO0Ki3 in #​5088
  • Allow executing effects that have become unsubscribed to be canceled by listenerMiddleware.clearListeners by @​chris-chambers in #​5102

Full Changelog: reduxjs/redux-toolkit@v2.9.0...v2.9.1

v2.9.0

Compare Source

This feature release rewrites RTK Query's internal subscription and polling systems and the useStableQueryArgs hook for better perf, adds automatic AbortSignal handling to requests still in progress when a cache entry is removed, fixes a bug with the transformResponse option for queries, adds a new builder.addAsyncThunk method, and fixes assorted other issues.

Changelog

RTK Query Performance Improvements

We had reports that RTK Query could get very slow when there were thousands of subscriptions to the same cache entry. After investigation, we found that the internal polling logic was attempting to recalculate the minimum polling time after every new subscription was added. This was highly inefficient, as most subscriptions don't change polling settings, and it required repeated O(n) iteration over the growing list of subscriptions. We've rewritten that logic to debounce the update check and ensure a max of one polling value update per tick for the entire API instance.

Related, while working on the request abort changes, testing showed that use of plain Records to hold subscription data was inefficient because we have to iterate keys to check size. We've rewritten the subscription handling internals to use Maps instead, as well as restructuring some additional checks around in-flight requests.

These two improvements drastically improved runtime perf for the thousands-of-subscriptions-one-cache-entry repro, eliminating RTK methods as visible hotspots in the perf profiles. It likely also improves perf for general usage as well.

We've also changed the implementation of our internal useStableQueryArgs hook to avoid calling serializeQueryArgs on its value, which can avoid potential perf issues when a query takes a very large object as its cache key.

[!NOTE]
The internal logic switched from serializing the query arg to doing reference checks on nested values. This means that if you are passing a non-POJO value in a query arg, such as useSomeQuery({a: new Set()}), and you have refetchOnMountOrArgChange enabled, this will now trigger refeteches each time as the Set references are now considered different based on equality instead of serialization.

Abort Signal Handling on Cleanup

We've had numerous requests over time for various forms of "abort in-progress requests when the data is no longer needed / params change / component unmounts / some expensive request is taking too long". This is a complex topic with multiple potential use cases, and our standard answer has been that we don't want to abort those requests - after all, cache entries default to staying in memory for 1 minute after the last subscription is removed, so RTKQ's cache can still be updated when the request completes. That also means that it doesn't make sense to abort a request "on unmount".

However, it does then make sense to abort an in-progress request if the cache entry itself is removed. Given that, we've updated our cache handling to automatically call the existing resPromise.abort() method in that case, triggering the AbortSignal attached to the baseQuery. The handling at that point depends on your app - fetchBaseQuery should handle that, a custom baseQuery or queryFn would need to listen to the AbortSignal.

We do have an open issue asking for further discussions of potential abort / cancelation use cases and would appreciate further feedback.

New Options

The builder callback used in createReducer and createSlice.extraReducers now has builder.addAsyncThunk available, which allows handling specific actions from a thunk in the same way that you could define a thunk inside createSlice.reducers:

        const slice = createSlice({
          name: 'counter',
          initialState: {
            loading: false,
            errored: false,
            value: 0,
          },
          reducers: {},
          extraReducers: (builder) =>
            builder.addAsyncThunk(asyncThunk, {
              pending(state) {
                state.loading = true
              },
              fulfilled(state, action) {
                state.value = action.payload
              },
              rejected(state) {
                state.errored = true
              },
              settled(state) {
                state.loading = false
              },
            }),
        })

createApi and individual endpoint definitions now accept a skipSchemaValidation option with an array of schema types to skip, or true to skip validation entirely (in case you want to use a schema for its types, but the actual validation is expensive).

Bug Fixes

The infinite query implementation accidentally changed the query internals to always run transformResponse if provided, including if you were using upsertQueryData(), which then broke. It's been fixed to only run on an actual query request.

The internal changes to the structure of the state.api.provided structure broke our handling of extractRehydrationInfo - we've updated that to handle the changed structure.

The infinite query status fields like hasNextPage are now a looser type of boolean initially, rather than strictly false.

TS Types

We now export Immer's WritableDraft type to fix another non-portable types issue.

We've added an api.endpoints.myEndpoint.types.RawResultType types-only field to match the other available fields.

What's Changed

Full Changelog: reduxjs/redux-toolkit@v2.8.2...v2.9.0

v2.8.2

Compare Source

This bugfix release fixes a bundle size regression in RTK Query from the build and packaging changes in v2.8.0.

If you're using v2.8.0 or v2.8.1, please upgrade to v2.8.2 right away to resolve that bundle size issue!

Changelog

RTK Query Bundle Size

In v2.8.0, we reworked our packaging setup to better support React Native. While there weren't many meaningful code changes, we did alter our bundling build config file. In the process, we lost the config options to externalize the @reduxjs/toolkit core when building the RTK Query nested entry points. This resulted in a regression where the RTK core code also got bundled directly into the RTK Query artifacts, resulting in a significant size increase.

This release fixes the build config and restores the previous RTKQ build artifact sizes.

What's Changed

Full Changelog: reduxjs/redux-toolkit@v2.8.1...v2.8.2

v2.8.1

Compare Source

This bugfix release makes an additional update to the package config to fix a regression that happened with Jest and jest-environment-jsdom.

[!CAUTION]
This release had a bundle size regression. Please update to v2.8.2 to resolve that issue.

Changes

More Package Updates

After releasing v2.8.0, we got reports that Jest tests were breaking. After investigation we concluded that jest-environment-jsdom was looking at the new browser package exports condition we'd added to better support JSPM, finding an ESM file containing the export keyword, and erroring because it doesn't support ES modules correctly.

#​4971 (comment) listed several viable workarounds, but this is enough of an issue we wanted to fix it directly. We've tweaked the package exports setup again, and it appears to resolve the issue with Jest.

What's Changed

Full Changelog: reduxjs/redux-toolkit@v2.8.0...v2.8.1

v2.8.0

Compare Source

This feature release improves React Native compatibility by updating our package exports definitions, and adds queryArg as an additional parameter to infinite query page param functions.

[!CAUTION]
This release had a bundle size regression, as well as a breakage with jest-environment-jsdom. Please update to v2.8.2 to resolve those issues.

Changelog

Package Exports and React Native Compatibility

Expo and the Metro bundler have been adding improved support for the exports field in package.json files, but those changes started printing warnings due to how some of our package definitions were configured.

We've reworked the package definitions (again!), and this should be resolved now.

Infinite Query Page Params

The signature for the getNext/PreviousPageParam functions has been:

(
    lastPage: DataType,
    allPages: Array<DataType>,
    lastPageParam: PageParam,
    allPageParams: Array<PageParam>,
  ) => PageParam | undefined | null

This came directly from React Query's API and implementation.

We've had some requests to make the endpoint's queryArg available in page param functions. For React Query, that isn't necessary because the callbacks are defined inline when you call the useInfiniteQuery hook, so you've already got the query arg available in scope and can use it. Since RTK Query defines these callbacks as part of the endpoint definition, the query arg isn't in scope.

We've added queryArg as an additional 5th parameter to these functions in case it's needed.

Other Changes

We've made a few assorted docs updates, including replacing the search implementation to now use a local index generated on build (which should be more reliable and also has a nicer results list uI), and fixing some long-standing minor docs issues.

What's Changed

Full Changelog: reduxjs/redux-toolkit@v2.7.0...v2.8.0

v2.7.0

Compare Source

RTK has hit Stage 2.7! 🤣 This feature release adds support for Standard Schema validation in RTK Query endpoints, fixes several issues with infinite queries, improves perf when infinite queries provide tags, adds a dev-mode check for duplicate middleware, and improves reference stability in slice selectors and infinite query hooks.

Changelog

Standard Schema Validation for RTK Query

Apps often need to validate responses from the server, both to ensure the data is correct, and to help enforce that the data matches the expected TS types. This is typically done with schema libraries such as Zod, Valibot, and Arktype. Because of the similarities in usage APIs, those libraries and others now support a common API definition called Standard Schema, allowing you to plug your chosen validation library in anywhere Standard Schema is supported.

RTK Query now supports using Standard Schema to validate query args, responses, and errors. If schemas are provided, the validations will be run and errors thrown if the data is invalid. Additionally, providing a schema allows TS inference for that type as well, allowing you to omit generic types from the endpoint.

Schema usage is per-endpoint, and can look like this:

import { createApi, fetchBaseQuery } from '@&#8203;reduxjs/toolkit/query/react'
import * as v from 'valibot'

const postSchema = v.object({
  id: v.number(),
  name: v.string(),
})
type Post = v.InferOutput<typeof postSchema>

const api = createApi({
  baseQuery: fetchBaseQuery({ baseUrl: '/' }),
  endpoints: (build) => ({
    getPost: build.query({
      // infer arg from here
      query: ({ id }: { id: number }) => `/post/${id}`,
      // infer result from here
      responseSchema: postSchema,
    }),
    getTransformedPost: build.query({
      // infer arg from here
      query: ({ id }: { id: number }) => `/post/${id}`,
      // infer untransformed result from here
      rawResponseSchema: postSchema,
      // infer transformed result from here
      transformResponse: (response) => ({
        ...response,
        published_at: new Date(response.published_at),
      }),
    }),
  }),
})

If desired, you can also configure schema error handling with the catchSchemaFailure option. You can also disable actual runtime validation with skipSchemaValidation (primarily useful for cases when payloads may be large and expensive to validate, but you still want to benefit from the TS type inference).

See the "Schema Validation" docs section in the createApi reference and the usage guide sections on queries, infinite queries, and mutations, for more details.

Infinite Query Fixes

This release fixes several reported issue with infinite queries:

  • The lifecycleApi.updateCachedData method is now correctly available
  • The skip option now correctly works for infinite query hooks
  • Infinite query fulfilled actions now include the meta field from the base query (such as {request, response}). For cases where multiple pages are being refetched, this will be the meta from the last page fetched.
  • useInfiniteQuerySubscription now returns stable references for refetch and the fetchNext/PreviousPage methods
upsertQueryEntries, Tags Performance and API State Structure

We recently published a fix to actually process per-endpoint providedTags when using upsertQueryEntries. However, this exposed a performance issue - the internal tag handling logic was doing repeated O(n) iterations over all endpoint+tag entries in order to clear out existing references to that cache key. In cases where hundreds or thousands of cache entries were being inserted, this became extremely expensive.

We've restructured the state.api.provided data structure to handle reverse-mapping between tags and cache keys, which drastically improves performance in this case. However, it's worth noting that this is a change to that state structure. This shouldn't affect apps, because the RTKQ state is intended to be treated as a black box and not generally directly accessed by user app code. However, it's possible someone may have depended on that specific state structure when writing a custom selector, in which case this would break. An actual example of this is the Redux DevTools RTKQ panel, which iterates the tags data while displaying cache entries. That did break with this change. Prior to releasing RTK 2.7,we released Redux DevTools 3.2.10, which includes support for both the old and new state.api.provided definitions.

TS Support Matrix Updates

Following with the DefinitelyTyped support matrix, we've officially dropped support for TS 5.0, and currently support TS 5.1 - 5.8. (RTK likely still works with 5.0, but we no longer test against that in CI.)

Duplicate Middleware Dev Checks

configureStore now checks the final middleware array for duplicate middleware references. This will catch cases such as accidentally adding the same RTKQ API middleware twice (such as adding baseApi.middleware and injectedApi.middlweware - these are actually the same object and same middleware).

Unlike the other dev-mode checks, this is part of configureStore itself, not getDefaultMiddleware().

This can be configured via the new duplicateMiddlewareCheck option.

Other Changes

createEntityAdapter now correctly handles adding an item and then applying multiple updates to it.

The generated combineSlices selectors will now return the same placeholder initial state reference for a given slice, rather than returning a new initial state reference every time.

useQuery hooks should now correctly refetch after dispatching resetApiState.

What's Changed

Full Changelog: reduxjs/redux-toolkit@v2.6.1...v2.7.0

sanity-io/client (@​sanity/client)

v7.20.0

Compare Source

Features

v7.19.0

Compare Source

Features

v7.18.0

Compare Source

Features
  • types: add VideoRenditionInfo types with typed resolution (#​1186) (6d9e85e)
Bug Fixes

v7.17.0

Compare Source

Features
  • projects: add onlyExplicitMembership option to projects.list() (#​1200) (96619c5)

v7.16.0

Compare Source

Features
  • dataset: added embeddings configuration options (d4cca13)

v7.15.0

Compare Source

Features

v7.14.1

Compare Source

Bug Fixes

v7.14.0

Compare Source

Features
  • media-library: add thumbhash support to AssetMetadataType (223fdbc)
  • media-library: improve Media Library API support (#​1171) (df82583)
Bug Fixes
  • types: thumbhash -> thumbHash (223fdbc)
sanity-io/pkg-utils (@​sanity/pkg-utils)

v7.11.9

Compare Source

Bug Fixes

v7.11.8

Compare Source

Bug Fixes

v7.11.7

Compare Source

Bug Fixes

v7.11.6

Compare Source

Bug Fixes

v7.11.5

Compare Source

Bug Fixes
  • deps: Update dependency rolldown-plugin-dts to v0.15.6 (#​1765) (705c932)

v7.11.4

Compare Source

Bug Fixes
  • deps: Update dependency rolldown-plugin-dts to v0.15.5 (#​1756) (19947bf)

v7.11.3

Compare Source

Bug Fixes
  • rolldown: dts resolver should only external node_modules (#​1751) (624b0ce)

v7.11.2

Compare Source

Bug Fixes
  • deps: Update dependency rolldown-plugin-dts to v0.15.4 (#​1746) (ef4b171)

v7.11.1

Compare Source

Bug Fixes
  • vanilla-extract: support bundles and browser targets (fb1a638)

v7.11.0

Compare Source

Features

v7.10.1

[Compare Source](https://redirect.git

Configuration

📅 Schedule: Branch creation - "before 3am on Monday" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

  • If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate using a curated preset maintained by Sanity. View repository job log here

@vercel
Copy link
Copy Markdown

vercel bot commented Mar 9, 2026
edited
Loading

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
sanity-plugin-media Ready Ready Preview, Comment Apr 6, 2026 10:47am

Request Review

@socket-security
Copy link
Copy Markdown

socket-security bot commented Mar 9, 2026
edited
Loading

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security		 Vulnerability Quality Maintenance License
Updatednpm/​eslint-config-prettier@​8.10.0 ⏵ 8.10.21001007288100
Updatednpm/​redux-observable@​3.0.0-rc.2 ⏵ 3.0.0-rc.3991007386 +3100
Updatednpm/​@​types/​react-dom@​19.0.4 ⏵ 19.2.310010075 +186100
Updatednpm/​@​sanity/​client@​7.13.2 ⏵ 7.20.078 -1910010099 +2100
Updatednpm/​@​types/​react@​19.0.12 ⏵ 19.2.141001007990 -2100
Updatednpm/​eslint-plugin-react@​7.37.4 ⏵ 7.37.597 +110010082100
Updatednpm/​prettier-plugin-packagejson@​2.5.10 ⏵ 2.5.22100 +110082 +589 +2100
Updatednpm/​react@​19.0.0 ⏵ 19.2.4100 +11008497100
Updatednpm/​react-select@​5.10.1 ⏵ 5.10.295100100 +185100
Updatednpm/​@​sanity/​ui@​3.0.5 ⏵ 3.1.1497 -110086 +298 -2100
Updatednpm/​@​types/​react-file-icon@​1.0.4 ⏵ 1.0.5100 +110010086 +7100
Updatednpm/​zod@​3.24.2 ⏵ 3.25.7698 +210010088100
Addednpm/​typescript@​5.9.31001009010090
Updatednpm/​@​reduxjs/​toolkit@​2.6.1 ⏵ 2.11.295100100 +190100
Updatednpm/​eslint-plugin-prettier@​4.2.1 ⏵ 4.2.59910010090100
Updatednpm/​@​tanem/​react-nprogress@​5.0.55 ⏵ 5.0.6399 +1100100 +192 +3100
Updatednpm/​react-virtuoso@​4.12.5 ⏵ 4.18.4100 +1100100 +2592100
Updatednpm/​react-dom@​19.0.0 ⏵ 19.2.4100 +110092 +198100
Updatednpm/​styled-components@​6.1.16 ⏵ 6.3.129310010098 +11100
Updatednpm/​react-hook-form@​7.54.2 ⏵ 7.72.197100100 +195100
Updatednpm/​@​sanity/​pkg-utils@​7.1.1 ⏵ 7.11.996100100100 +2100
Updatednpm/​react-is@​19.0.0 ⏵ 19.2.410010010098100

View full report

@socket-security
Copy link
Copy Markdown

socket-security bot commented Mar 9, 2026
edited
Loading

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action Severity Alert  (click "▶" to expand/collapse)
Warn High
License policy violation: npm typescript

License: LicenseRef-W3C-Community-Final-Specification-Agreement - the applicable license policy does not allow this license (4) (package/ThirdPartyNoticeText.txt)

From: package-lock.jsonnpm/typescript@5.9.3

ℹ Read more on: This package | This alert | What is a license policy violation?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/typescript@5.9.3. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report

@renovate renovate bot force-pushed the renovate/non-major branch from c0f825e to 32a75c7 Compare March 10, 2026 03:45
@renovate renovate bot force-pushed the renovate/non-major branch from 32a75c7 to f9e438c Compare March 13, 2026 14:50
@renovate renovate bot force-pushed the renovate/non-major branch from f9e438c to 97e1de9 Compare March 16, 2026 11:11
@renovate renovate bot force-pushed the renovate/non-major branch from 97e1de9 to 8945926 Compare March 19, 2026 15:10
@renovate renovate bot force-pushed the renovate/non-major branch from 8945926 to a66e9b2 Compare March 20, 2026 14:39
@renovate renovate bot force-pushed the renovate/non-major branch from a66e9b2 to 87cbb4c Compare March 20, 2026 19:06
@renovate renovate bot force-pushed the renovate/non-major branch from 87cbb4c to b5347f7 Compare March 22, 2026 14:36
@renovate renovate bot force-pushed the renovate/non-major branch from b5347f7 to 3b741e2 Compare March 25, 2026 02:38
@renovate renovate bot force-pushed the renovate/non-major branch from 3b741e2 to ae279da Compare March 27, 2026 10:43
@renovate renovate bot force-pushed the renovate/non-major branch from ae279da to a305d74 Compare March 27, 2026 16:58
@renovate renovate bot force-pushed the renovate/non-major branch from a305d74 to 3b235e6 Compare April 1, 2026 22:34
@renovate renovate bot force-pushed the renovate/non-major branch from 3b235e6 to 19e2227 Compare April 2, 2026 06:55
@renovate renovate bot force-pushed the renovate/non-major branch from 19e2227 to 4708fbd Compare April 4, 2026 10:13
@renovate renovate bot force-pushed the renovate/non-major branch from 4708fbd to a2aaac9 Compare April 6, 2026 10:47
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

🤖 bot 📦 deps

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants