chore(deps-dev): bump the dev-deps group across 1 directory with 6 updates

[dependabot]

Bumps the dev-deps group with 6 updates in the / directory:

Package	From	To
@moonrepo/cli	1.29.3	1.30.6
@vitest/coverage-v8	2.1.4	2.1.8
vitest	2.1.4	2.1.8
@astrojs/starlight	0.28.5	0.30.3
rollup	4.24.3	4.29.1
vite	5.4.10	6.0.6

Updates @moonrepo/cli from 1.29.3 to 1.30.6

Release notes

Sourced from @​moonrepo/cli's releases.

v1.30.6

🐞 Fixes

• Fixed an issue where python venv would fail to find an applicable Python version.
• Fixed an issue with PowerShell Git hooks not bubbling up exit codes of failed commands.
• Fixed an issue where Git submodules/worktrees would point to the wrong hooks folder.

⚙️ Internal

• Updated proto to v0.44.1 (from 0.43.1).

v1.30.5

🐞 Fixes

• Fixed Python virtual env bin path not being available for tasks when python.version is not defined.

⚙️ Internal

• Updated proto to v0.43.1 (from 0.43.0).
• Updated dependencies.

v1.30.4

🐞 Fixes

• Fixed moon ci showing incorrect job related logs.
• Fixed some issues with the Python toolchain:
  • pip is no longer required to be enabled to activate a virtual environment.
  • Changed python.rootRequirementsOnly to false by default.
  • The venv root is now the location of a found requirements.txt, otherwise the package root, or workspace root if python.rootRequirementsOnly is enabled.
  • Tasks will now inherit the correct venv paths in PATH.

v1.30.3

🐞 Fixes

• Fixed an issue where a task with explicit no inputs (inputs: []) would always be marked as affected.

⚙️ Internal

• Updated proto to v0.43.0 (from 0.42.2).
• Updated wasmtime to v26 (from v23).
• Updated Rust to v1.83.

v1.30.2

🐞 Fixes

• Fixed an issue where dependencies/dependents of an affected task would be skipped in the action graph if they were also not affected.
• Fixed a potential cycle (stack overflow) that may occur in the affected tracker.

... (truncated)

Changelog

Sourced from @​moonrepo/cli's changelog.

1.30.6

🐞 Fixes

• Fixed an issue where python venv would fail to find an applicable Python version.
• Fixed an issue with PowerShell Git hooks not bubbling up exit codes of failed commands.
• Fixed an issue where Git submodules/worktrees would point to the wrong hooks folder.

⚙️ Internal

• Updated proto to v0.44.1 (from 0.43.1).

1.30.5

🐞 Fixes

• Fixed Python virtual env bin path not being available for tasks when python.version is not defined.

⚙️ Internal

• Updated proto to v0.43.1 (from 0.43.0).
• Updated dependencies.

1.30.4

🐞 Fixes

• Fixed moon ci showing incorrect job related logs.
• Fixed some issues with the Python toolchain:
  • pip is no longer required to be enabled to activate a virtual environment.
  • Changed python.rootRequirementsOnly to false by default.
  • The venv root is now the location of a found requirements.txt, otherwise the package root, or workspace root if python.rootRequirementsOnly is enabled.
  • Tasks will now inherit the correct venv paths in PATH.

1.30.3

🐞 Fixes

• Fixed an issue where a task with explicit no inputs (inputs: []) would always be marked as affected.

⚙️ Internal

• Updated proto to v0.43.0 (from 0.42.2).
• Updated wasmtime to v26 (from v23).
• Updated Rust to v1.83.

1.30.2

... (truncated)

Commits

• 62bf614 Release
• e4babb9 Release
• 717e6e9 Release
• 7a2933c Release
• dedbffd Release
• 5d36b4c Release
• 3856bb8 Release
• ac8fa57 Release
• See full diff in compare view

Updates @vitest/coverage-v8 from 2.1.4 to 2.1.8

Release notes

Sourced from @​vitest/coverage-v8's releases.

v2.1.8

   🐞 Bug Fixes

• Support Node 21  -  by @​sheremet-va (92f7a)

    View changes on GitHub

v2.1.7

   🐞 Bug Fixes

• Revert support for Vite 6  -  by @​sheremet-va (fbe5c)
  • This introduced some breaking changes (vitest-dev/vitest#6992). We will enable support for it later. In the meantime, you can still use pnpm.overrides or yarn resolutions to override the vite version in the vitest package - the APIs are compatible.

    View changes on GitHub

v2.1.6

🚀 Features

• Support Vite 6

    View changes on GitHub

v2.1.5

   🐞 Bug Fixes

• dangerouslyIgnoreUnhandledErrors without base reporter  -  by @​AriPerkkio in vitest-dev/vitest#6808 (0bf0a)
• Capture unhandledRejection even when base reporter is not used  -  by @​AriPerkkio in vitest-dev/vitest#6812 (8878b)
• Don't change the working directory when loading workspace projects  -  by @​sheremet-va in vitest-dev/vitest#6811 (f0aea)
• Remove sequence.concurrent from the RuntimeConfig type  -  by @​sheremet-va in vitest-dev/vitest#6880 (6af73)
• Stop the runner before restarting, restart on workspace config change  -  by @​sheremet-va in vitest-dev/vitest#6859 (b01df)
• Don't rerun on Esc or Ctrl-C during watch filter  -  by @​hi-ogawa in vitest-dev/vitest#6895 (98f76)
• Print ssrTransform error  -  by @​hi-ogawa in vitest-dev/vitest#6885 (4c96c)
• Throw an error and a warning if .poll, .element, .rejects/.resolves, and locator.* weren't awaited  -  by @​sheremet-va in vitest-dev/vitest#6877 (93b67)
• browser:
  • Don't process the default css styles  -  by @​sheremet-va in vitest-dev/vitest#6861 (0d67f)
  • Support non US key input  -  by @​hi-ogawa in vitest-dev/vitest#6873 (5969d)
  • Stop the browser rpc when the pool is closed  -  by @​sheremet-va in vitest-dev/vitest#6858 (9a0c9)
  • Init browsers eagerly when tests are running  -  by @​sheremet-va in vitest-dev/vitest#6876 (417bd)
• coverage:
  • Report uncovered files when re-run by enter or 'a'  -  by @​AriPerkkio in vitest-dev/vitest#6848 (487c8)
• ui:
  • Remove crossorigin attributes for same origin assets  -  by @​hi-ogawa in vitest-dev/vitest#6883 (6e793)
• vite-node:
  • Improve esm check to decide external  -  by @​hi-ogawa in vitest-dev/vitest#6816 (7e1fa)
  • Top-level throw in module is not reported properly  -  by @​vanaigr and @​hi-ogawa in vitest-dev/vitest#6840 (cf0cb)
• vitest:
  • Use fetch() implementation from happy-dom  -  by @​capricorn86 in vitest-dev/vitest#6879 (3c56f)

   🏎 Performance

... (truncated)

Commits

• d69cc75 bump: 2.1.8
• 81ed45b chore: release v2.1.7
• b936702 bump: 2.1.6
• 32f23b9 chore: release v2.1.5
• 0ad2cdc chore(deps): update all non-major dependencies (#6890)
• See full diff in compare view

Updates vitest from 2.1.4 to 2.1.8

Release notes

Sourced from vitest's releases.

v2.1.8

   🐞 Bug Fixes

• Support Node 21  -  by @​sheremet-va (92f7a)

    View changes on GitHub

v2.1.7

   🐞 Bug Fixes

• Revert support for Vite 6  -  by @​sheremet-va (fbe5c)
  • This introduced some breaking changes (vitest-dev/vitest#6992). We will enable support for it later. In the meantime, you can still use pnpm.overrides or yarn resolutions to override the vite version in the vitest package - the APIs are compatible.

    View changes on GitHub

v2.1.6

🚀 Features

• Support Vite 6

    View changes on GitHub

v2.1.5

   🐞 Bug Fixes

• dangerouslyIgnoreUnhandledErrors without base reporter  -  by @​AriPerkkio in vitest-dev/vitest#6808 (0bf0a)
• Capture unhandledRejection even when base reporter is not used  -  by @​AriPerkkio in vitest-dev/vitest#6812 (8878b)
• Don't change the working directory when loading workspace projects  -  by @​sheremet-va in vitest-dev/vitest#6811 (f0aea)
• Remove sequence.concurrent from the RuntimeConfig type  -  by @​sheremet-va in vitest-dev/vitest#6880 (6af73)
• Stop the runner before restarting, restart on workspace config change  -  by @​sheremet-va in vitest-dev/vitest#6859 (b01df)
• Don't rerun on Esc or Ctrl-C during watch filter  -  by @​hi-ogawa in vitest-dev/vitest#6895 (98f76)
• Print ssrTransform error  -  by @​hi-ogawa in vitest-dev/vitest#6885 (4c96c)
• Throw an error and a warning if .poll, .element, .rejects/.resolves, and locator.* weren't awaited  -  by @​sheremet-va in vitest-dev/vitest#6877 (93b67)
• browser:
  • Don't process the default css styles  -  by @​sheremet-va in vitest-dev/vitest#6861 (0d67f)
  • Support non US key input  -  by @​hi-ogawa in vitest-dev/vitest#6873 (5969d)
  • Stop the browser rpc when the pool is closed  -  by @​sheremet-va in vitest-dev/vitest#6858 (9a0c9)
  • Init browsers eagerly when tests are running  -  by @​sheremet-va in vitest-dev/vitest#6876 (417bd)
• coverage:
  • Report uncovered files when re-run by enter or 'a'  -  by @​AriPerkkio in vitest-dev/vitest#6848 (487c8)
• ui:
  • Remove crossorigin attributes for same origin assets  -  by @​hi-ogawa in vitest-dev/vitest#6883 (6e793)
• vite-node:
  • Improve esm check to decide external  -  by @​hi-ogawa in vitest-dev/vitest#6816 (7e1fa)
  • Top-level throw in module is not reported properly  -  by @​vanaigr and @​hi-ogawa in vitest-dev/vitest#6840 (cf0cb)
• vitest:
  • Use fetch() implementation from happy-dom  -  by @​capricorn86 in vitest-dev/vitest#6879 (3c56f)

   🏎 Performance

... (truncated)

Commits

• d69cc75 bump: 2.1.8
• 92f7a2a fix: support Node 21
• 81ed45b chore: release v2.1.7
• fbe5c39 fix: revert support for Vite 6
• b936702 bump: 2.1.6
• 32f23b9 chore: release v2.1.5
• 417bdb4 fix(browser): init browsers eagerly when tests are running (#6876)
• 93b67c2 fix: throw an error and a warning if .poll, .element, .rejects/`.resolv...
• 9a0c93d fix(browser): stop the browser rpc when the pool is closed (#6858)
• 251893b chore: set resolve.mainFields and resolve.conditions for SSR environment ...
• Additional commits viewable in compare view

Updates @astrojs/starlight from 0.28.5 to 0.30.3

Release notes

Sourced from @​astrojs/starlight's releases.

@​astrojs/starlight@​0.30.3

Patch Changes

• #2717 c5fcbb3 Thanks @​delucis! - Fixes a list item spacing issue where line break elements (<br>) could receive a margin, breaking layout in Firefox

• #2724 02d7ac6 Thanks @​dionysuzx! - Adds social link support for Farcaster

• #2635 ec4b851 Thanks @​HiDeoo! - Fixes an issue where the language picker in multilingual sites could display the wrong language when navigating between pages with the browser back/forward buttons.

• #2726 e54ebd5 Thanks @​techfg! - Adds icon for phone

@​astrojs/starlight@​0.30.2

Patch Changes

• #2702 02d16f3 Thanks @​HiDeoo! - Fixes an issue with autogenerated sidebars when using Starlight with Astro's new Content Layer API with directories containing spaces or special characters.

• #2704 fd16470 Thanks @​delucis! - Fixes display of focus indicator around site title

@​astrojs/starlight@​0.30.1

Patch Changes

• #2688 5c6996c Thanks @​HiDeoo! - Fixes an issue with autogenerated sidebars when using Starlight with Astro's new Content Layer API where group names would be sluggified.

@​astrojs/starlight@​0.30.0

Minor Changes

• #2612 8d5a4e8 Thanks @​HiDeoo! - Adds support for Astro v5, drops support for Astro v4.

  Upgrade Astro and dependencies

  ⚠️ BREAKING CHANGE: Astro v4 is no longer supported. Make sure you update Astro and any other official integrations at the same time as updating Starlight:

  npx @astrojs/upgrade

  Community Starlight plugins and Astro integrations may also need to be manually updated to work with Astro v5. If you encounter any issues, please reach out to the plugin or integration author to see if it is a known issue or if an updated version is being worked on.

  Update your collections

  ⚠️ BREAKING CHANGE: Starlight's internal content collections, which organize, validate, and render your content, have been updated to use Astro's new Content Layer API and require configuration changes in your project.

  1. Move the content config file. This file no longer lives within the src/content/config.ts folder and should now exist at src/content.config.ts.

  2. Edit the collection definition(s). To update the docs collection, a loader is now required:

      // src/content.config.ts
      import { defineCollection } from "astro:content";
     +import { docsLoader } from "@astrojs/starlight/loaders";

... (truncated)

Changelog

Sourced from @​astrojs/starlight's changelog.

0.30.3

Patch Changes

• #2717 c5fcbb3 Thanks @​delucis! - Fixes a list item spacing issue where line break elements (<br>) could receive a margin, breaking layout in Firefox

• #2724 02d7ac6 Thanks @​dionysuzx! - Adds social link support for Farcaster

• #2635 ec4b851 Thanks @​HiDeoo! - Fixes an issue where the language picker in multilingual sites could display the wrong language when navigating between pages with the browser back/forward buttons.

• #2726 e54ebd5 Thanks @​techfg! - Adds icon for phone

0.30.2

Patch Changes

• #2702 02d16f3 Thanks @​HiDeoo! - Fixes an issue with autogenerated sidebars when using Starlight with Astro's new Content Layer API with directories containing spaces or special characters.

• #2704 fd16470 Thanks @​delucis! - Fixes display of focus indicator around site title

0.30.1

Patch Changes

• #2688 5c6996c Thanks @​HiDeoo! - Fixes an issue with autogenerated sidebars when using Starlight with Astro's new Content Layer API where group names would be sluggified.

0.30.0

Minor Changes

• #2612 8d5a4e8 Thanks @​HiDeoo! - Adds support for Astro v5, drops support for Astro v4.

  Upgrade Astro and dependencies

  ⚠️ BREAKING CHANGE: Astro v4 is no longer supported. Make sure you update Astro and any other official integrations at the same time as updating Starlight:

  npx @astrojs/upgrade

  Community Starlight plugins and Astro integrations may also need to be manually updated to work with Astro v5. If you encounter any issues, please reach out to the plugin or integration author to see if it is a known issue or if an updated version is being worked on.

  Update your collections

  ⚠️ BREAKING CHANGE: Starlight's internal content collections, which organize, validate, and render your content, have been updated to use Astro's new Content Layer API and require configuration changes in your project.

  1. Move the content config file. This file no longer lives within the src/content/config.ts folder and should now exist at src/content.config.ts.

  2. Edit the collection definition(s). To update the docs collection, a loader is now required:

... (truncated)

Commits

• 30a37d3 [ci] release (#2718)
• e54ebd5 Adds icon for phone (#2726)
• 02d7ac6 Add farcaster to social links (#2724)
• ec4b851 Fix language selector invalid value (#2635)
• c5fcbb3 Fix list item spacing bug on Firefox (#2717)
• 4fd272b [ci] release (#2703)
• fd16470 Fix site title focus ring (#2704)
• 02d16f3 Fix issue with user-defined autogenerated sidebar groups (#2702)
• 0e419cc [ci] release (#2689)
• 5c6996c Fix autogenerated sidebar issue (#2688)
• Additional commits viewable in compare view

Updates rollup from 4.24.3 to 4.29.1

Release notes

Sourced from rollup's releases.

v4.29.1

4.29.1

2024-12-21

Bug Fixes

• Fix crash from deoptimized logical expressions (#5771)

Pull Requests

• #5769: Remove unnecessary lifetimes (@​lukastaegert)
• #5771: fix: do not optimize the literal value if the cache is deoptimized (@​TrickyPi)

v4.29.0

4.29.0

2024-12-20

Features

• Treat objects as truthy and always check second argument to better simplify logical expressions (#5763)

Pull Requests

• #5759: docs: add utf-8 encoding to JSON file reading (@​chouchouji)
• #5760: fix(deps): lock file maintenance minor/patch updates (@​renovate[bot])
• #5763: fix: introduce UnknownFalsyValue for enhancing if statement tree-shaking (@​TrickyPi)
• #5766: chore(deps): update dependency @​rollup/plugin-node-resolve to v16 (@​renovate[bot])
• #5767: fix(deps): lock file maintenance minor/patch updates (@​renovate[bot])

v4.28.1

4.28.1

2024-12-06

Bug Fixes

• Support running Rollup natively on LoongArch (#5749)
• Add optional debugId to SourceMap types (#5751)

Pull Requests

• #5749: feat: add support for LoongArch (@​darkyzhou)
• #5751: feat: Add debugId to SourceMap types (@​timfish, @​lukastaegert)
• #5752: chore(deps): update dependency mocha to v11 (@​renovate[bot])
• #5753: chore(deps): update dependency vite to v6 (@​renovate[bot])
• #5754: fix(deps): update swc monorepo (major) (@​renovate[bot])
• #5755: chore(deps): lock file maintenance minor/patch updates (@​renovate[bot])
• #5756: Test if saving the Cargo cache can speed up FreeBSD (@​lukastaegert)

... (truncated)

Changelog

Sourced from rollup's changelog.

4.29.1

2024-12-21

Bug Fixes

• Fix crash from deoptimized logical expressions (#5771)

Pull Requests

• #5769: Remove unnecessary lifetimes (@​lukastaegert)
• #5771: fix: do not optimize the literal value if the cache is deoptimized (@​TrickyPi)

4.29.0

2024-12-20

Features

• Treat objects as truthy and always check second argument to better simplify logical expressions (#5763)

Pull Requests

• #5759: docs: add utf-8 encoding to JSON file reading (@​chouchouji)
• #5760: fix(deps): lock file maintenance minor/patch updates (@​renovate[bot])
• #5763: fix: introduce UnknownFalsyValue for enhancing if statement tree-shaking (@​TrickyPi)
• #5766: chore(deps): update dependency @​rollup/plugin-node-resolve to v16 (@​renovate[bot])
• #5767: fix(deps): lock file maintenance minor/patch updates (@​renovate[bot])

4.28.1

2024-12-06

Bug Fixes

• Support running Rollup natively on LoongArch (#5749)
• Add optional debugId to SourceMap types (#5751)

Pull Requests

• #5749: feat: add support for LoongArch (@​darkyzhou)
• #5751: feat: Add debugId to SourceMap types (@​timfish, @​lukastaegert)
• #5752: chore(deps): update dependency mocha to v11 (@​renovate[bot])
• #5753: chore(deps): update dependency vite to v6 (@​renovate[bot])
• #5754: fix(deps): update swc monorepo (major) (@​renovate[bot])
• #5755: chore(deps): lock file maintenance minor/patch updates (@​renovate[bot])
• #5756: Test if saving the Cargo cache can speed up FreeBSD (@​lukastaegert)

4.28.0

... (truncated)

Commits

• 5d37778 4.29.1
• 86e1f43 fix: do not optimize the literal value if the cache is deoptimized (#5771)
• f116952 Remove unnecessary lifetimes (#5769)
• dadd488 4.29.0
• a4b78eb fix(deps): lock file maintenance minor/patch updates (#5767)
• d52f00d fix: introduce UnknownFalsyValue for enhancing if statement tree-shaking (#5763)
• 65c8901 chore(deps): update dependency @​rollup/plugin-node-resolve to v16 (#5766)
• 7a8ac46 docs: add utf-8 encoding to JSON file reading (#5759)
• 31f1670 fix(deps): lock file maintenance minor/patch updates (#5760)
• e60fb1c 4.28.1
• Additional commits viewable in compare view

Updates vite from 5.4.10 to 6.0.6

Release notes

Sourced from vite's releases.

v6.0.6

Please refer to CHANGELOG.md for details.

v6.0.5

Please refer to CHANGELOG.md for details.

v6.0.4

Please refer to CHANGELOG.md for details.

v6.0.3

Please refer to CHANGELOG.md for details.

v6.0.2

Please refer to CHANGELOG.md for details.

create-vite@6.0.1

Please refer to CHANGELOG.md for details.

v6.0.1

Please refer to CHANGELOG.md for details.

create-vite@6.0.0

Please refer to CHANGELOG.md for details.

plugin-legacy@6.0.0

Please refer to CHANGELOG.md for details.

v6.0.0

Please refer to CHANGELOG.md for details.

v6.0.0-beta.10

Please refer to CHANGELOG.md for details.

v6.0.0-beta.9

Please refer to CHANGELOG.md for details.

v6.0.0-beta.8

Please refer to CHANGELOG.md for details.

v6.0.0-beta.7

Please refer to CHANGELOG.md for details.

v6.0.0-beta.6

Please refer to CHANGELOG.md for details.

v6.0.0-beta.5

Please refer to CHANGELOG.md for details.

v6.0.0-beta.4

Please refer to CHANGELOG.md for details.

... (truncated)

Changelog

Sourced from vite's changelog.

6.0.6 (2024-12-26)

• fix: replace runner-side path normalization with fetchModule-side resolve (#18361) (9f10261), closes #18361
• fix(css): resolve style tags in HTML files correctly for lightningcss (#19001) (afff05c), closes #19001
• fix(css): show correct error when unknown placeholder is used for CSS modules pattern in lightningcs (9290d85), closes #19070
• fix(resolve): handle package.json with UTF-8 BOM (#19000) (902567a), closes #19000
• fix(ssrTransform): preserve line offset when transforming imports (#19004) (1aa434e), closes #19004
• chore: fix typo in comment (#19067) (eb06ec3), closes #19067
• chore: update comment about build.target (#19047) (0e9e81f), closes #19047
• revert: unpin esbuild version (#19043) (8bfe247), closes #19043
• test(ssr): test virtual module with query (#19044) (a1f4b46), closes #19044

6.0.5 (2024-12-20)

• fix: esbuild regression (pin to 0.24.0) (#19027) (4359e0d), closes #19027

6.0.4 (2024-12-19)

• fix: this.resolve skipSelf should not skip for different id or import (#18903) (4727320), closes #18903
• fix: fallback terser to main thread when function options are used (#18987) (12b612d), closes #18987
• fix: merge client and ssr values for pluginContainer.getModuleInfo (#18895) (258cdd6), closes #18895
• fix(css): escape double quotes in url() when lightningcss is used (#18997) (3734f80), closes #18997
• fix(css): root relative import in sass modern API on Windows (#18945) (c4b532c), closes #18945
• fix(css): skip non css in custom sass importer (#18970) (21680bd), closes #18970
• fix(deps): update all non-major dependencies (#18967) (d88d000), closes #18967
• fix(deps): update all non-major dependencies (#18996) (2b4f115), closes #18996
• fix(optimizer): keep NODE_ENV as-is when keepProcessEnv is true (#18899) (8a6bb4e), closes #18899
• fix(ssr): recreate ssrCompatModuleRunner on restart (#18973) (7d6dd5d), closes #18973
• chore: better validation error message for dts build (#18948) (63b82f1), closes #18948
• chore(deps): update all non-major dependencies (#18916) (ef7a6a3), closes #18916
• chore(deps): update dependency @​rollup/plugin-node-resolve to v16 (#18968) (62fad6d), closes #18968
• refactor: make internal invoke event to use the same interface with handleInvoke (#18902) (27f691b), closes #18902
• refactor: simplify manifest plugin code (#18890) (1bfe21b), closes #18890
• test: test ModuleRunnerTransport invoke API (#18865) (e5f5301), closes #18865
• test: test output hash changes (#18898) (bfbb130), closes #18898

6.0.3 (2024-12-05)

• fix: handle postcss load unhandled rejections (#18886) (d5fb653), closes #18886
• fix: make handleInvoke interface compatible with invoke (#18876) (a1dd396), closes #18876
• fix: make result interfaces for ModuleRunnerTransport#invoke more explicit (#18851) (a75fc31), closes #18851
• fix: merge environments.ssr.resolve with root ssr config (#18857) (3104331), closes #18857
• fix: no permission to create vite config file (#18844) (ff47778), closes #18844
• fix: remove CSS import in CJS correctly in some cases (#18885) (690a36f), closes #18885

... (truncated)

Commits

• 5c2b4a0 release: v6.0.6
• 9290d85 fix(css): show correct error when unknown placeholder is used for CSS modules...
• afff05c fix(css): resolve style tags in HTML files correctly for lightningcss (#19001)

[socket-security]

New and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package	New capabilities	Transitives	Size	Publisher
npm/@astrojs/starlight@0.30.3	Transitive: environment, filesystem, network, shell	+236	29.7 MB	fredkschott
npm/@moonrepo/cli@1.30.6	environment, filesystem Transitive: shell	+1	32.1 kB	milesj
npm/@vitest/coverage-v8@2.1.8	Transitive: environment, filesystem, shell	+63	10.7 MB	vitestbot
npm/rollup@4.29.1	None	+1	2.63 MB	eventualbuddha, lukastaegert, rich_harris, ...2 more
npm/vite@6.0.6	Transitive: environment, filesystem	+5	3.35 MB	antfu, patak, soda, ...2 more
npm/vitest@2.1.8	environment, eval Transitive: filesystem, network, shell, unsafe	+39	8.18 MB	vitestbot

🚮 Removed packages: npm/@astrojs/starlight@0.28.5, npm/@moonrepo/cli@1.29.3, npm/@vitest/coverage-v8@2.1.4, npm/rollup@4.24.3, npm/vite@5.4.10, npm/vitest@2.1.4

View full report↗︎

[socket-security]

🚨 Potential security issues detected. Learn more about Socket for GitHub ↗︎

To accept the risk, merge this PR and you will not be notified again.

Alert	Package	Note	Source	CI
Possible typosquat attack	npm/emoji-regex-xs@1.0.0	Did you mean: emoji-regex~~-xs~~	docs/package.json pnpm-lock.yaml	⚠︎

View full report↗︎

Next steps

What is a typosquat?

Package name is similar to other popular packages and may not be the package you want.

Use care when consuming similarly named packages and ensure that you did not intend to consume a different package. Malicious packages often publish using similar names as existing popular packages.

Take a deeper look at the dependency

Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support [AT] socket [DOT] dev.

Remove the package

If you happen to install a dependency that Socket reports as Known Malware you should immediately remove it and select a different dependency. For other alert types, you may may wish to investigate alternative packages or consider if there are other ways to mitigate the specific risk posed by the dependency.

Mark a package as acceptable risk

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of ecosystem/package-name@version specifiers. e.g. @SocketSecurity ignore npm/foo@1.0.0 or ignore all packages with @SocketSecurity ignore-all

• @SocketSecurity ignore npm/emoji-regex-xs@1.0.0

[dependabot]

Superseded by #185.