Skip to content

Update dependency @types/mocha to v10.0.10#14

Open
renovate[bot] wants to merge 1 commit into
mainfrom
renovate/mocha-10.x-lockfile
Open

Update dependency @types/mocha to v10.0.10#14
renovate[bot] wants to merge 1 commit into
mainfrom
renovate/mocha-10.x-lockfile

Conversation

@renovate

@renovate renovate Bot commented Aug 19, 2024

Copy link
Copy Markdown

This PR contains the following updates:

Package Change Age Confidence
@types/mocha (source) 10.0.610.0.10 age confidence

Configuration

📅 Schedule: Branch creation - Between 12:00 AM and 03:59 AM, only on Monday ( * 0-3 * * 1 ) (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.


  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate
renovate Bot force-pushed the renovate/mocha-10.x-lockfile branch from a993f78 to af38b11 Compare September 16, 2024 05:34
@renovate renovate Bot changed the title Update dependency @types/mocha to v10.0.7 Update dependency @types/mocha to v10.0.8 Sep 16, 2024
@renovate renovate Bot changed the title Update dependency @types/mocha to v10.0.8 Update dependency @types/mocha to v10.0.9 Oct 11, 2024
@renovate
renovate Bot force-pushed the renovate/mocha-10.x-lockfile branch from af38b11 to c03bccf Compare October 11, 2024 08:40
@renovate renovate Bot changed the title Update dependency @types/mocha to v10.0.9 Update dependency @types/mocha to v10.0.10 Nov 24, 2024
@renovate
renovate Bot force-pushed the renovate/mocha-10.x-lockfile branch from c03bccf to 2d894c5 Compare November 24, 2024 08:53
@renovate
renovate Bot force-pushed the renovate/mocha-10.x-lockfile branch from 2d894c5 to 6bfabd0 Compare January 24, 2025 07:53
@renovate
renovate Bot force-pushed the renovate/mocha-10.x-lockfile branch from 6bfabd0 to 1bb7f6b Compare February 1, 2025 03:03
@renovate
renovate Bot force-pushed the renovate/mocha-10.x-lockfile branch from 1bb7f6b to 6680d92 Compare February 9, 2025 20:14
@renovate
renovate Bot force-pushed the renovate/mocha-10.x-lockfile branch 2 times, most recently from aa6469c to 4f4ae3b Compare March 12, 2025 00:10
@renovate
renovate Bot force-pushed the renovate/mocha-10.x-lockfile branch 2 times, most recently from 8f3c305 to 8ef45bc Compare March 20, 2025 07:45
@renovate
renovate Bot force-pushed the renovate/mocha-10.x-lockfile branch from 8ef45bc to 6e65d09 Compare April 3, 2025 03:53
@renovate
renovate Bot force-pushed the renovate/mocha-10.x-lockfile branch from 6e65d09 to a9808ff Compare April 12, 2025 00:00
@socket-security

socket-security Bot commented Apr 12, 2025

Copy link
Copy Markdown

Caution

Review the following alerts detected in dependencies.

According to your organization's Security Policy, you must resolve all "Block" alerts before proceeding. Learn more about Socket for GitHub.

Action Severity Alert  (click "▶" to expand/collapse)
Block High
viem@1.21.4 has Telemetry.

Note: The code seems to be related to URI manipulation and validation, but the use of dynamic image loading could be an attempt to obfuscate network communication, raising potential security concerns.

From: ?npm/@wagmi/connectors@3.1.11npm/viem@1.21.4

ℹ Read more on: This package | This alert | What is telemetry?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Most telemetry comes with settings to disable it. Consider disabling telemetry if you do not want to be tracked.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/viem@1.21.4. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Block High
viem@2.0.0 has Telemetry.

Note: The code seems to be related to URI manipulation and validation, but the use of dynamic image loading could be an attempt to obfuscate network communication, raising potential security concerns.

From: ?npm/@celo/rainbowkit-celo@1.1.1npm/wagmi@1.4.13npm/@wagmi/connectors@3.1.11npm/viem@2.0.0

ℹ Read more on: This package | This alert | What is telemetry?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Most telemetry comes with settings to disable it. Consider disabling telemetry if you do not want to be tracked.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/viem@2.0.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Block Low
@walletconnect/core@2.11.0 is a AI-detected potential code anomaly.

Notes: The fragment demonstrates a legitimate attestation/verification subsystem using an embedded iframe and cross-origin messaging with persistent expiration management. The main security vulnerabilities stem from cross-origin messaging with an insecure wildcard in postMessage and reliance on external attestation endpoints. Harden cross-origin messaging by specifying exact targetOrigin, validating message sources, and restricting data exchanged via postMessage. Add input validation for attestationId/verifyUrl and minimize sensitive data in logs. Overall risk is medium; malware likelihood is low unless combined with insecure deployment practices.

Confidence: 1.00

Severity: 0.60

From: ?npm/@wagmi/connectors@3.1.11npm/@walletconnect/core@2.11.0

ℹ Read more on: This package | This alert | What is an AI-detected potential code anomaly?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: An AI system found a low-risk anomaly in this package. It may still be fine to use, but you should check that it is safe before proceeding.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@walletconnect/core@2.11.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Block Low
viem@2.34.0 is a AI-detected potential code anomaly.

Notes: The code implements a cross-chain deposit flow with proper validations, artifact reads, and on-chain interactions. There is no evidence of hidden backdoors, data exfiltration, or malware. The main security considerations relate to token approval logic and correct configuration of flags to avoid granting excessive allowances. Overall, the module appears legitimate for a bridge deposit flow, with moderate risk primarily around configuration of approvals and correct handling of gas/fees.

Confidence: 1.00

Severity: 0.60

From: ?npm/@wagmi/connectors@3.1.11npm/viem@2.34.0

ℹ Read more on: This package | This alert | What is an AI-detected potential code anomaly?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: An AI system found a low-risk anomaly in this package. It may still be fine to use, but you should check that it is safe before proceeding.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/viem@2.34.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report

@renovate
renovate Bot force-pushed the renovate/mocha-10.x-lockfile branch from a9808ff to e682031 Compare April 26, 2025 12:05
@renovate
renovate Bot force-pushed the renovate/mocha-10.x-lockfile branch from e682031 to 66d5e0c Compare May 24, 2025 04:05
@renovate
renovate Bot force-pushed the renovate/mocha-10.x-lockfile branch 2 times, most recently from ab2d9dd to a5aaaf5 Compare June 6, 2025 14:15
@renovate
renovate Bot force-pushed the renovate/mocha-10.x-lockfile branch from a5aaaf5 to 9b14d7e Compare June 28, 2025 20:12
@renovate
renovate Bot force-pushed the renovate/mocha-10.x-lockfile branch from 9b14d7e to e6fd0c1 Compare July 6, 2025 00:14
@renovate
renovate Bot force-pushed the renovate/mocha-10.x-lockfile branch from e6fd0c1 to 38bb416 Compare August 14, 2025 19:50
@renovate
renovate Bot force-pushed the renovate/mocha-10.x-lockfile branch from 38bb416 to 702c16c Compare August 23, 2025 16:16
@renovate
renovate Bot force-pushed the renovate/mocha-10.x-lockfile branch from 702c16c to 66cba53 Compare September 26, 2025 07:52
@renovate
renovate Bot force-pushed the renovate/mocha-10.x-lockfile branch from 66cba53 to 62d96c7 Compare October 25, 2025 19:56
@renovate
renovate Bot force-pushed the renovate/mocha-10.x-lockfile branch from 62d96c7 to a88b043 Compare November 15, 2025 12:16
@renovate
renovate Bot force-pushed the renovate/mocha-10.x-lockfile branch from a88b043 to 2b491e7 Compare January 1, 2026 03:29
@renovate
renovate Bot force-pushed the renovate/mocha-10.x-lockfile branch from 2b491e7 to f600123 Compare January 19, 2026 23:15
@renovate
renovate Bot force-pushed the renovate/mocha-10.x-lockfile branch from f600123 to 221a880 Compare January 24, 2026 07:25
@renovate
renovate Bot force-pushed the renovate/mocha-10.x-lockfile branch from 221a880 to 8f7274f Compare February 4, 2026 00:06
@renovate
renovate Bot force-pushed the renovate/mocha-10.x-lockfile branch 2 times, most recently from c38e110 to 6691f3f Compare February 19, 2026 11:57
@renovate
renovate Bot force-pushed the renovate/mocha-10.x-lockfile branch 2 times, most recently from a900b65 to a8b5988 Compare March 14, 2026 11:15
@renovate
renovate Bot force-pushed the renovate/mocha-10.x-lockfile branch from a8b5988 to 4492ee0 Compare April 15, 2026 19:11
@renovate
renovate Bot force-pushed the renovate/mocha-10.x-lockfile branch from 4492ee0 to 9581032 Compare May 14, 2026 03:13
@renovate
renovate Bot force-pushed the renovate/mocha-10.x-lockfile branch from 9581032 to 83e316c Compare May 23, 2026 10:41
@renovate
renovate Bot force-pushed the renovate/mocha-10.x-lockfile branch from 83e316c to c9d9986 Compare June 6, 2026 00:17
@renovate
renovate Bot force-pushed the renovate/mocha-10.x-lockfile branch from c9d9986 to 863d320 Compare June 13, 2026 07:45
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
@renovate
renovate Bot force-pushed the renovate/mocha-10.x-lockfile branch from 863d320 to 1b1be5c Compare July 18, 2026 06:56
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants