⬆️ Updates release-drafter/release-drafter action to v7

[renovate]

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package	Type	Update	Change
release-drafter/release-drafter	action	major	v5.7.0 → v7.3.1

---

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

---

Release Notes

release-drafter/release-drafter (release-drafter/release-drafter)

v7.3.1

Compare Source

What's Changed

Bug Fixes

• fix: output name and tag_name in dry-run mode (#​1625) @​cchanche

Maintenance

• chore(deps): update graphql-codegen to 7.0.0 (#​1619) @​renovate[bot]
• chore(deps): update dependency nock to 14.0.15 (#​1609) @​renovate[bot]
• chore(deps): update graphql-codegen (#​1615) @​renovate[bot]
• chore(deps): update dependency typescript to 6.0.3 (#​1610) @​renovate[bot]
• ci(deps): update actions/download-artifact action to v8.0.1 (#​1620) @​renovate[bot]
• chore(deps): update dependency @​types/node to 24.12.3 (#​1608) @​renovate[bot]
• chore(deps): update vitest to 4.1.5 (#​1612) @​renovate[bot]
• chore(deps): update dependency @​biomejs/biome to 2.4.15 (#​1607) @​renovate[bot]
• chore(deps): update dependency vite to 8.0.11 (#​1611) @​renovate[bot]
• ci(deps): pin dependencies (#​1606) @​renovate[bot]

Dependency Updates

8 changes

• chore(deps): update node.js to v24.15.0 (#​1616) @​renovate[bot]
• chore(deps): update vite to v8.0.13 and vitest to v4.1.6 (#​1624) @​cchanche
• fix(deps): update dependency semver to 7.8.0 (#​1622) @​renovate[bot]
• chore(deps): update npm tool constraint to 11.14.1 (#​1617) @​renovate[bot]
• fix(deps): update dependency zod to 4.4.3 (#​1618) @​renovate[bot]
• fix(deps): update actions (#​1613) @​renovate[bot]
• chore(deps): update dependency @​biomejs/biome to 2.4.15 (#​1607) @​renovate[bot]
• fix(deps): update dependency yaml to 2.8.4 (#​1614) @​renovate[bot]

Full Changelog: release-drafter/release-drafter@v7.3.0...v7.3.1

v7.3.0

Compare Source

What's Changed

New

• feat: recover recently merged PRs missed by associated PRs lag (#​1604) @​jetersen
• feat: switch release discovery to ref comparison and explicit missing-baseline warnings (#​1570) @​jetersen

Bug Fixes

• fix: restore prerelease-identifier on first run when no prior releases exist (#​1602) @​jrbeilke
• fix: prevent using commitish like refs/pull (#​1598) @​cchanche

Maintenance

• ci: rebuild dist after codegen so generated PRs include bundle updates (#​1605) @​jetersen
• chore: update generated GraphQL types (#​1600) @​github-actions[bot]
• chore: clarify base repository pr filtering (#​1599) @​cchanche

Dependency Updates

• build(deps-dev): bump postcss from 8.5.8 to 8.5.12 (#​1597) @​dependabot[bot]

Full Changelog: release-drafter/release-drafter@v7.2.1...v7.3.0

v7.2.1

Compare Source

What's Changed

Bug Fixes

• fix: initial-commits-since in config not overwritten by input (#​1593) @​sroebert
• fix: clarify prerelease-identifier behavior and precedence in configuration (#​1594) @​neilime

Maintenance

• chore: disable "No version input..." warning (#​1595) @​cchanche

Full Changelog: release-drafter/release-drafter@v7.2.0...v7.2.1

v7.2.0

Compare Source

What's Changed

New

• feat: allow always collapsing a category (#​1444) @​mhanberg

Bug Fixes

• fix: improve advanced substitutions in replacers (#​1555) @​jetersen
• fix: support repo-only _extends and prevent .github/ path doubling (#​1577) @​jetersen

Maintenance

• chore(deps): update dependency typescript to 6.0.2 (#​1587) @​renovate[bot]
• chore(deps): update vitest to 4.1.4 (#​1585) @​renovate[bot]
• ci(deps): update peter-evans/create-pull-request action to v8 (#​1588) @​renovate[bot]
• chore(deps): update dependency vite to 8.0.5 (#​1579) @​renovate[bot]
• chore(deps): update dependency nock to 14.0.12 (#​1583) @​renovate[bot]
• chore(deps): update dependency @​types/node to 24.12.2 (#​1582) @​renovate[bot]
• chore(deps): update dependency @​biomejs/biome to 2.4.10 (#​1581) @​renovate[bot]
• chore: move codegen to monthly scheduled workflow (#​1578) @​jetersen
• chore: replace vite-tsconfig-paths plugin with native resolve.tsconfigPaths (#​1571) @​jetersen

Documentation

• docs: fix autolabeler example tag (#​1568) @​cchanche

Dependency Updates

• build(deps): bump lodash and @​graphql-codegen/plugin-helpers (#​1589) @​dependabot[bot]
• fix(deps): update dependency @​actions/github to 9.1.0 (#​1586) @​renovate[bot]
• chore(deps): update dependency yaml to 2.8.3 (#​1580) @​renovate[bot]
• chore(deps): update node.js to v24.14.1 (#​1584) @​renovate[bot]
• chore(deps): update dependency @​biomejs/biome to 2.4.10 (#​1581) @​renovate[bot]

Full Changelog: release-drafter/release-drafter@v7.1.1...v7.2.0

v7.1.1

Compare Source

What's Changed

Bug Fixes

• fix: remove disable-releaser and disable-autolabeler from action.yaml (#​1564) @​cchanche

Full Changelog: release-drafter/release-drafter@v7.1.0...v7.1.1

v7.1.0

Compare Source

What's Changed

New

• feat: filter previous releases by range with semver (#​1445) @​cchanche
• feat: support advanced substitutions in replacers (#​1517) @​cchanche

Bug Fixes

• fix: support pull_request_target event in autolabeler (#​1560) @​jmeridth
• fix: empty template when prs all are excluded by labels (#​1429) @​Bledai
• fix: fall back to org .github repo when config not found in current repo (#​1554) @​jetersen

Maintenance

• ci: make sure PRs have a type label (#​1557) @​cchanche

Documentation

• docs: update README with pull_request_target example (#​1561) @​jmeridth

Full Changelog: release-drafter/release-drafter@v7.0.0...v7.1.0

v7.0.0

Compare Source

What's Changed

Breaking

• feat: new major version (#​1475) @​cchanche

Bug Fixes

• fix: JSON schema too strict with required fields (#​1535) @​jetersen

Maintenance

• chore(deps): update vitest to 4.1.0 (#​1544) @​renovate[bot]
• chore(deps): update linters (#​1549) @​renovate[bot]
• chore(deps): update dependency nock to 14.0.11 (#​1548) @​renovate[bot]
• chore(deps): update dependency @​graphql-codegen/near-operation-file-preset to 5.0.0 (#​1545) @​renovate[bot]
• chore(deps): update dependency @​types/node to 24.12.0 (#​1543) @​renovate[bot]
• chore(deps): update dependency @​graphql-codegen/cli to 6.2.1 (#​1542) @​renovate[bot]
• chore(deps): update vite (#​1541) @​renovate[bot]
• chore(deps): update linters (#​1540) @​renovate[bot]
• build(deps): bump actions/stale from 9 to 10 (#​1527) @​dependabot[bot]

Documentation

• docs: fix v7 docs (#​1532) @​cchanche

Other changes

• chore: migrate from ESLint + Prettier to Biome (#​1552) @​jetersen
• ci: fix licensed (#​1533) @​cchanche

Dependency Updates

• fix(deps): update dependency compare-versions to 6.1.1 (#​1547) @​renovate[bot]
• fix(deps): update dependency zod to 4.3.6 (#​1551) @​renovate[bot]
• fix(deps): update dependency semver to 7.7.4 (#​1550) @​renovate[bot]

Full Changelog: release-drafter/release-drafter@v6.4.0...v7.0.0

v7

Compare Source

v6.4.0

Compare Source

What's Changed

New

• feat: Add support to excluded-paths (#​1522) @​guimorg
• feat: add include-pre-releases to action inputs (#​1525) @​cchanche

Maintenance

• revert: deprecate include-pre-releases (#​1523) @​cchanche

Full Changelog: release-drafter/release-drafter@v6.3.0...v6.4.0

v6.3.0

Compare Source

What's Changed

New

• feat: deprecate include-pre-releases in favor of prerelease (#​1515) @​christopherklint97

Maintenance

• chore: use probot logger instead of @​actions/core (#​1520) @​cchanche

Dependency Updates

8 changes

• chore: update lockfile (#​1521) @​cchanche
• build(deps-dev): bump brace-expansion from 1.1.11 to 1.1.12 (#​1494) @​dependabot[bot]
• build(deps): bump js-yaml (#​1493) @​dependabot[bot]
• build(deps-dev): bump node-fetch from 2.6.7 to 2.7.0 (#​1485) @​dependabot[bot]
• build(deps-dev): bump @​vercel/ncc from 0.34.0 to 0.38.4 (#​1484) @​dependabot[bot]
• build(deps): bump deepmerge from 4.2.2 to 4.3.1 (#​1482) @​dependabot[bot]
• build(deps): bump jws from 3.2.2 to 3.2.3 (#​1495) @​dependabot[bot]
• build(deps): bump lodash from 4.17.21 to 4.17.23 (#​1489) @​dependabot[bot]

Full Changelog: release-drafter/release-drafter@v6.2.0...v6.3.0

v6.2.0

Compare Source

What's Changed

New

• Add config option for history-limit (#​1470) @​gjvoosten
• Add 'commits-since' configuration option for release drafts (#​1451) @​slawekjaranowski

Maintenance

• build: support OIDC for npmjs publishing (#​1480) @​cchanche

Documentation

• Update README.md (#​1434) @​kunaljubce

Full Changelog: release-drafter/release-drafter@v6.1.1...v6.2.0

v6.1.1

Compare Source

What's Changed

Bug Fixes

• Honor Version Template (#​1459) @​ChronosMasterOfAllTime

Documentation

• docs: Add missing action inputs to README (#​1472) @​sasamuku

Full Changelog: release-drafter/release-drafter@v6.1.0...v6.1.1

v6.1.0

Compare Source

What's Changed

New

• Add config option for PR query limit (#​1362) @​ssolbeck

Bug Fixes

• Fix: Correctly mention bot accounts in release notes (#​1376) @​jamietanna
• Update only drafts with the same prerelease status (#​1385) @​jaap3

Documentation

• docs: Fix Fork Link (#​1412) @​Dor-bl
• Ensure support new default branch name (#​1079) @​Triloworld
• update schema generation and update schema to draft 07 (#​1422) @​jetersen
• fix typo: therelease (#​1407) @​billykern
• Document added action outputs introduced in #​1300 (#​1406) @​SVNKoch
• Update README.md (#​1421) @​yusufraji
• fix: update broken link in readme (#​1416) @​kopach
• Update v6 README.md (#​1384) @​taku333

Full Changelog: release-drafter/release-drafter@v6.0.0...v6.1.0

v6.0.0

Compare Source

What's Changed

• Update Node.js to 20 (#​1379) @​massongit

Full Changelog: release-drafter/release-drafter@v5.25.0...v6.0.0

v6

Compare Source

v5.25.0

Compare Source

What's Changed

New

• add prerelease increment behavior (#​1303) @​neilime
• add latest input (#​1348) @​o-mago

Full Changelog: release-drafter/release-drafter@v5.24.0...v5.25.0

v5.24.0

Compare Source

What's Changed

New

• Add release version to github action output (#​1300) @​mehdihadeli

Bug Fixes

• fix(release): strip prefix before comparing version (#​1255) @​neilime

Full Changelog: release-drafter/release-drafter@v5.23.0...v5.24.0

v5.23.0

Compare Source

What's Changed

New

• Add include-pre-releases configuration option (#​1302) @​robbinjanssen

Full Changelog: release-drafter/release-drafter@v5.22.0...v5.23.0

v5.22.0

Compare Source

What's Changed

New

• Only use last full release when drafting (#​1240) @​ssbarnea

Full Changelog: release-drafter/release-drafter@v5.21.1...v5.22.0

v5.21.1

Compare Source

What's Changed

Dependency Updates

• Address set-output deprecation (#​1247) @​NotMyFault

Full Changelog: release-drafter/release-drafter@v5.21.0...v5.21.1

v5.21.0

Compare Source

What's Changed

New

• fetch 100 labels for pull requests instead of 10 (#​1220) @​matoubidou

Full Changelog: release-drafter/release-drafter@v5.20.1...v5.21.0

v5.20.1

Compare Source

What's Changed

Bug Fixes

• Add missing inputs to action config (#​1202) @​gilbertsoft

Documentation

• Add more comments about pull requests permission (#​1187) @​Kirade
• Fix Vercel link (#​1188) @​shinshin86
• Add permissions to README (#​1132) @​danyeaw

Dependency Updates

20 changes

• Bump eslint-plugin-unicorn from 42.0.0 to 43.0.2 (#​1192) @​dependabot
• Bump node from af50279 to 4c8f734 (#​1191) @​dependabot
• Bump node from 17.9.0-alpine to 18.7.0-alpine (#​1190) @​dependabot
• Bump jest from 28.1.0 to 28.1.3 (#​1182) @​dependabot
• Bump eslint from 8.16.0 to 8.20.0 (#​1185) @​dependabot
• Bump nock from 13.2.4 to 13.2.9 (#​1186) @​dependabot
• Bump probot from 12.2.4 to 12.2.5 (#​1178) @​dependabot
• Bump eslint-plugin-prettier from 4.0.0 to 4.2.1 (#​1176) @​dependabot
• Bump lint-staged from 13.0.0 to 13.0.3 (#​1172) @​dependabot
• Bump prettier from 2.6.2 to 2.7.1 (#​1166) @​dependabot
• Bump @​actions/core from 1.8.2 to 1.9.0 (#​1164) @​dependabot
• Bump lint-staged from 12.4.3 to 13.0.0 (#​1156) @​dependabot
• Bump probot from 12.2.3 to 12.2.4 (#​1155) @​dependabot
• Bump @​vercel/ncc from 0.33.4 to 0.34.0 (#​1151) @​dependabot
• Bump lint-staged from 12.4.2 to 12.4.3 (#​1153) @​dependabot
• Bump lint-staged from 12.4.1 to 12.4.2 (#​1150) @​dependabot
• Bump eslint from 8.15.0 to 8.16.0 (#​1149) @​dependabot
• Bump probot from 12.2.2 to 12.2.3 (#​1152) @​dependabot
• Bump husky from 8.0.0 to 8.0.1 (#​1141) @​dependabot
• Bump @​actions/core from 1.8.0 to 1.8.2 (#​1144) @​dependabot

Full Changelog: release-drafter/release-drafter@v5.20.0...v5.20.1

v5.20.0

Compare Source

What's Changed

New

• allow header and footer to be passed as input (#​1142) @​jetersen

Dependency Updates

26 changes

• Bump jest from 27.5.1 to 28.1.0 (#​1140) @​dependabot
• Bump eslint from 8.14.0 to 8.15.0 (#​1137) @​dependabot
• Bump @​actions/core from 1.6.0 to 1.8.0 (#​1139) @​dependabot
• Bump lint-staged from 12.4.0 to 12.4.1 (#​1131) @​dependabot
• Bump @​actions/core from 1.6.0 to 1.7.0 (#​1129) @​dependabot
• Bump husky from 7.0.4 to 8.0.0 (#​1138) @​dependabot
• Bump eslint from 8.13.0 to 8.14.0 (#​1127) @​dependabot
• Bump cli-table3 from 0.6.1 to 0.6.2 (#​1122) @​dependabot
• Bump node from 17.8.0-alpine to 17.9.0-alpine (#​1121) @​dependabot
• Bump semver from 7.3.6 to 7.3.7 (#​1120) @​dependabot
• Bump @​vercel/ncc from 0.33.3 to 0.33.4 (#​1118) @​dependabot
• Bump lint-staged from 12.3.7 to 12.4.0 (#​1124) @​dependabot
• Bump eslint from 8.11.0 to 8.13.0 (#​1117) @​dependabot
• Bump semver from 7.3.5 to 7.3.6 (#​1115) @​dependabot
• Bump eslint-plugin-unicorn from 41.0.1 to 42.0.0 (#​1113) @​dependabot
• Bump prettier from 2.6.0 to 2.6.2 (#​1112) @​dependabot
• Bump node from 17.7.1-alpine to 17.8.0-alpine (#​1108) @​dependabot
• Bump minimist from 1.2.5 to 1.2.6 (#​1116) @​dependabot
• Bump lint-staged from 12.3.6 to 12.3.7 (#​1104) @​dependabot
• Bump eslint-plugin-unicorn from 41.0.0 to 41.0.1 (#​1105) @​dependabot
• Bump node from 8c62619 to d1d5dc5 (#​1106) @​dependabot
• Bump probot from 12.2.1 to 12.2.2 (#​1097) @​dependabot
• Bump node from 17.6.0-alpine to 17.7.1-alpine (#​1100) @​dependabot
• Bump eslint from 8.10.0 to 8.11.0 (#​1099) @​dependabot
• Bump prettier from 2.5.1 to 2.6.0 (#​1102) @​dependabot
• Bump lint-staged from 12.3.5 to 12.3.6 (#​1103) @​dependabot

Full Changelog: release-drafter/release-drafter@v5.19.0...v5.20.0

v5.19.0

Compare Source

What's Changed

New

• Add a collapse-after option for categories (#​1095) @​robbinjanssen
• Tag prefix (#​1092) @​blast-hardcheese
• include-paths: Permit filtering only PRs that modify path prefixes (#​1084) @​blast-hardcheese
• Unify commit search and release targeting around commitish/ref (#​1065) @​mikeroll

Bug Fixes

• Regenerate schema after #​1084 (#​1094) @​blast-hardcheese
• Filter by commitish regardless of the refs/heads prefix (#​1089) @​mikeroll
• Cap evaluated release limit at 1000 (#​1085) @​eddmann
• Provide sane defaults if we have no prior releases (#​1067) @​jetersen

Maintenance

• Sync docker/action.yml with action.yml (#​1062) @​mkurz

Documentation

• Improve contribution docs and remove unused package script (#​1066) @​masashi-sutou

Dependency Updates

14 changes

• Bump lint-staged from 12.3.4 to 12.3.5 (#​1096) @​dependabot
• Bump eslint from 8.9.0 to 8.10.0 (#​1086) @​dependabot
• Bump actions/setup-node from 2 to 3 (#​1087) @​dependabot
• Bump node from 17.5.0-alpine to 17.6.0-alpine (#​1080) @​dependabot
• Bump actions/checkout from 2 to 3 (#​1090) @​dependabot
• Bump eslint-config-prettier from 8.3.0 to 8.5.0 (#​1091) @​dependabot
• Bump url-parse from 1.5.7 to 1.5.10 (#​1088) @​dependabot
• Bump eslint-plugin-unicorn from 40.1.0 to 41.0.0 (#​1074) @​dependabot
• Bump url-parse from 1.5.4 to 1.5.7 (#​1075) @​dependabot
• Bump eslint from 8.8.0 to 8.9.0 (#​1071) @​dependabot
• Bump lint-staged from 12.3.3 to 12.3.4 (#​1070) @​dependabot
• Bump @​vercel/ncc from 0.33.1 to 0.33.3 (#​1069) @​dependabot
• Bump node from 17.4.0-alpine to 17.5.0-alpine (#​1072) @​dependabot
• Bump jest from 27.5.0 to 27.5.1 (#​1063) @​dependabot

Full Changelog: release-drafter/release-drafter@v5.18.1...v5.19.0

v5.18.1

Compare Source

What's Changed

Dependency Updates

• Bump nock from 13.2.2 to 13.2.4 (#​1056) @​dependabot
• Bump jest from 27.4.7 to 27.5.0 (#​1055) @​dependabot
• Bump @​probot/octokit-plugin-config from 1.1.4 to 1.1.5 (#​1057) @​jetersen

Full Changelog: release-drafter/release-drafter@v5.18.0...v5.18.1

v5.18.0

Compare Source

What's Changed

New

• Add header and footer (#​1050) @​mkurz

Bug Fixes

• Update target_commitish when updating a release (#​1052) @​mikeroll
• Expand vars in tag and name inputs (#​1049) @​mkurz

Dependency Updates

• Bump lint-staged from 12.3.2 to 12.3.3 (#​1051) @​dependabot
• Bump eslint from 8.7.0 to 8.8.0 (#​1046) @​dependabot
• Bump lint-staged from 12.2.2 to 12.3.2 (#​1044) @​dependabot
• Bump joi from 17.5.0 to 17.6.0 (#​1045) @​dependabot
• Bump node from 17.3.1-alpine to 17.4.0-alpine (#​1038) @​dependabot
• Bump lint-staged from 12.2.1 to 12.2.2 (#​1037) @​dependabot

Full Changelog: release-drafter/release-drafter@v5.17.6...v5.18.0

v5.17.6

Compare Source

What's Changed

Bug Fixes

• fix default for version-resolver in schema (#​1026) @​jetersen

Maintenance

• allow conditional pre commit (#​1033) @​jetersen
• add action-build for dependabot updates (#​1036) @​jetersen
• move lint staged config to JavaScript file (#​1027) @​jetersen

Dependency Updates

• Bump @​probot/adapter-github-actions from 3.1.0 to 3.1.1 (#​1034) @​dependabot
• remove nodemon as unused dev dependency (#​1035) @​jetersen
• Bump probot from 12.2.0 to 12.2.1 (#​1031) @​dependabot
• Bump lint-staged from 12.2.0 to 12.2.1 (#​1032) @​dependabot
• update joi dependency (#​1028) @​jetersen
• Bump lint-staged from 12.1.7 to 12.2.0 (#​1025) @​dependabot
• Bump eslint-plugin-unicorn from 40.0.0 to 40.1.0 (#​1021) @​dependabot
• Bump eslint from 8.6.0 to 8.7.0 (#​1019) @​dependabot

Full Changelog: release-drafter/release-drafter@v5.17.5...v5.17.6

v5.17.5

Compare Source

What's Changed

New

• add owner and repository context to template variables (#​1017) @​jetersen
• add support for moving uncategorized to a category with no labels (#​1013) @​jetersen

Bug Fixes

• ensure PRs are merged (#​1015) @​jetersen

Maintenance

• add automatic release of release-drafter (#​1016) @​jetersen

Full Changelog: release-drafter/release-drafter@v5.16.2...v5.17.5

v5.17.4

Compare Source

v5.17.3

Compare Source

v5.17.2

Compare Source

v5.17.1

Compare Source

v5.17.0

Compare Source

v5.16.2

Compare Source

What's Changed

Bug Fixes

• ensure deep merge of config (#​1012) @​jetersen

Dependency Updates

• Bump husky from 4.3.8 to 7.0.4 (#​962) @​dependabot

v5.16.1

Compare Source

What's Changed

Bug Fixes

• fix server (#​1010) @​jetersen

v5.16.0

Compare Source

What's Changed

New

• Support pull_request_target events (#​991) @​fjchen7
• Improve error message for when config is not found (#​973) [

✂ Note

PR body was truncated to here.

---

Configuration

📅 Schedule: (in timezone Europe/Moscow)

• Branch creation
  • "after 10pm every weekday,before 5am every weekday,every weekend"
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[github-actions]

Thanks for opening an issue! Make sure you've followed CONTRIBUTING.md.

[github-actions]

Hello from PR Helper

Is your PR ready for review and processing? Mark the PR ready by including #pr-ready in a comment.

If you still have work to do, even after marking this ready. Put the PR on hold by including #pr-onhold in a comment.

[github-actions]

Thanks for the PR!

This section of the codebase is owner by https://github.com/AlexRogalskiy/ - if they write a comment saying "LGTM" then it will be merged.

[socket-security]

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action	Severity	Alert  (click "▶" to expand/collapse)
Warn		Critical CVE: Prototype Pollution in npm lodash CVE: GHSA-jf85-cpcp-j695 Prototype Pollution in lodash (CRITICAL) Affected versions: < 4.17.12 Patched version: 4.17.12 From: ? → npm/dockerfile_lint@0.3.4 → npm/lodash@2.4.2 ℹ Read more on: This package | This alert | What is a critical CVE? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Remove or replace dependencies that include known critical CVEs. Consumers can use dependency overrides or npm audit fix --force to remove vulnerable dependencies. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/lodash@2.4.2. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Obfuscated code: npm cheerio is 90.0% likely obfuscated Confidence: 0.90 Location: Package overview From: ? → npm/cheerio@1.2.0 ℹ Read more on: This package | This alert | What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/cheerio@1.2.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Obfuscated code: npm cssom is 90.0% likely obfuscated Confidence: 0.90 Location: Package overview From: ? → npm/cssom@0.3.8 ℹ Read more on: This package | This alert | What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/cssom@0.3.8. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Obfuscated code: npm cssom is 90.0% likely obfuscated Confidence: 0.90 Location: Package overview From: ? → npm/cssom@0.4.4 ℹ Read more on: This package | This alert | What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/cssom@0.4.4. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Obfuscated code: npm damerau-levenshtein is 90.0% likely obfuscated Confidence: 0.90 Location: Package overview From: ? → npm/damerau-levenshtein@1.0.8 ℹ Read more on: This package | This alert | What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/damerau-levenshtein@1.0.8. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Obfuscated code: npm diff-sequences is 90.0% likely obfuscated Confidence: 0.90 Location: Package overview From: ? → npm/diff-sequences@27.5.1 ℹ Read more on: This package | This alert | What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/diff-sequences@27.5.1. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Obfuscated code: npm entities is 91.0% likely obfuscated Confidence: 0.91 Location: Package overview From: ? → npm/entities@4.5.0 ℹ Read more on: This package | This alert | What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/entities@4.5.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Obfuscated code: npm entities is 91.0% likely obfuscated Confidence: 0.91 Location: Package overview From: ? → npm/entities@6.0.1 ℹ Read more on: This package | This alert | What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/entities@6.0.1. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Obfuscated code: npm es-abstract is 90.0% likely obfuscated Confidence: 0.90 Location: Package overview From: ? → npm/es-abstract@1.24.2 ℹ Read more on: This package | This alert | What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/es-abstract@1.24.2. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report