Skip to content

Update dependency svelte to v4 [SECURITY] #381

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
renovate wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Update dependency svelte to v4 [SECURITY] #381

renovate wants to merge 1 commit into from

Conversation

@renovate
Copy link
Contributor

@renovate renovate bot commented Aug 30, 2024
edited
Loading

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
svelte (source) ^3.55.0 -> ^4.0.0 age adoption passing confidence

GitHub Vulnerability Alerts

CVE-2024-45047

Summary

A potential XSS vulnerability exists in Svelte for versions prior to 4.2.19.

Details

Svelte improperly escapes HTML on server-side rendering. It converts strings according to the following rules:

  • If the string is an attribute value:
    • " -> "
    • & -> &
    • Other characters -> No conversion
  • Otherwise:
    • < -> &lt;
    • & -> &amp;
    • Other characters -> No conversion

The assumption is that attributes will always stay as such, but in some situation the final DOM tree rendered on browsers is different from what Svelte expects on server-side rendering. This may be leveraged to perform XSS attacks. More specifically, this can occur when injecting malicious content into an attribute within a <noscript> tag.

PoC

A vulnerable page (+page.svelte):

<script>
import { page } from "$app/stores"

// user input
let href = $page.url.searchParams.get("href") ?? "https://example.com";
</script>

<noscript>
  <a href={href}>test</a>
</noscript>

If a user accesses the following URL,

http://localhost:4173/?href=</noscript><script>alert(123)</script>

then, alert(123) will be executed.

Impact

XSS, when using an attribute within a noscript tag

Release Notes

sveltejs/svelte (svelte)

v4.2.19

Compare Source

Patch Changes

  • fix: ensure typings for <svelte:options> are picked up (#​12902)

  • fix: escape < in attribute strings (#​12989)

v4.2.18

Compare Source

Patch Changes

v4.2.17

Compare Source

Patch Changes
  • fix: correctly handle falsy values of style directives in SSR mode (#​11584)

v4.2.16

Compare Source

Patch Changes
  • fix: check if svelte component exists on custom element destroy (#​11489)

v4.2.15

Compare Source

Patch Changes
  • support attribute selector inside :global() (#​11135)

v4.2.14

Compare Source

Patch Changes
  • fix parsing camelcase container query name (#​11131)

v4.2.13

Compare Source

Patch Changes
  • fix: applying :global for +,~ sibling combinator when slots are present (#​9282)

v4.2.12

Compare Source

Patch Changes
  • fix: properly update svelte:component props when there are spread props (#​10604)

v4.2.11

Compare Source

Patch Changes
  • fix: check that component wasn't instantiated in connectedCallback (#​10466)

v4.2.10

Compare Source

Patch Changes

  • fix: add scrollend event type (#​10336)

  • fix: add fetchpriority attribute type (#​10390)

  • fix: Add miter-clip and arcs to stroke-linejoin attribute (#​10377)

  • fix: make inline doc links valid (#​10366)

v4.2.9

Compare Source

Patch Changes

  • fix: add types for popover attributes and events (#​10042)

  • fix: add gamepadconnected and gamepaddisconnected events (#​9864)

  • fix: make @types/estree a dependency (#​10149)

  • fix: bump axobject-query (#​10167)

v4.2.8

Compare Source

Patch Changes
  • fix: port over props that were set prior to initialization (#​9701)

v4.2.7

Compare Source

Patch Changes
  • fix: handle spreads within static strings (#​9554)

v4.2.6

Compare Source

Patch Changes
  • fix: adjust static attribute regex (#​9551)

v4.2.5

Compare Source

Patch Changes
  • fix: ignore expressions in top level script/style tag attributes (#​9498)

v4.2.4

Compare Source

Patch Changes
  • fix: handle closing tags inside attribute values (#​9486)

v4.2.3

Compare Source

Patch Changes

  • fix: improve a11y-click-events-have-key-events message (#​9358)

  • fix: more robust hydration of html tag (#​9184)

v4.2.2

Compare Source

Patch Changes

  • fix: support camelCase properties on custom elements (#​9328)

  • fix: add missing plaintext-only value to contenteditable type (#​9242)

  • chore: upgrade magic-string to 0.30.4 (#​9292)

  • fix: ignore trailing comments when comparing nodes (#​9197)

v4.2.1

Compare Source

Patch Changes

  • fix: update style directive when style attribute is present and is updated via an object prop (#​9187)

  • fix: css sourcemap generation with unicode filenames (#​9120)

  • fix: do not add module declared variables as dependencies (#​9122)

  • fix: handle svelte:element with dynamic this and spread attributes (#​9112)

  • fix: silence false positive reactive component warning (#​9094)

  • fix: head duplication when binding is present (#​9124)

  • fix: take custom attribute name into account when reflecting property (#​9140)

  • fix: add indeterminate to the list of HTMLAttributes (#​9180)

  • fix: recognize option value on spread attribute (#​9125)

v4.2.0

Compare Source

Minor Changes
  • feat: move svelteHTML from language-tools into core to load the correct svelte/element types (#​9070)

v4.1.2

Compare Source

Patch Changes

  • fix: allow child element with slot attribute within svelte:element (#​9038)

  • fix: Add data-* to svg attributes (#​9036)

v4.1.1

Compare Source

Patch Changes
  • fix: svelte:component spread props change not picked up (#​9006)

v4.1.0

Compare Source

Minor Changes
  • feat: add ability to extend custom element class (#​8991)
Patch Changes

  • fix: ensure svelte:component evaluates props once (#​8946)

  • fix: remove let:variable slot bindings from select binding dependencies (#​8969)

  • fix: handle destructured primitive literals (#​8871)

  • perf: optimize imports that are not mutated or reassigned (#​8948)

  • fix: don't add accessor twice (#​8996)

v4.0.5

Compare Source

Patch Changes
  • fix: generate type definition with nullable types (#​8924)

v4.0.4

Compare Source

Patch Changes

  • fix: claim svg tags in raw mustache tags correctly (#​8910)

  • fix: repair invalid raw html content during hydration (#​8912)

v4.0.3

Compare Source

Patch Changes
  • fix: handle falsy srcset values (#​8901)

v4.0.2

Compare Source

Patch Changes

  • fix: reflect all custom element prop updates back to attribute (#​8898)

  • fix: shrink custom element baseline a bit (#​8858)

  • fix: use non-destructive hydration for all @html tags (#​8880)

  • fix: align disclose-version exports specification (#​8874)

  • fix: check srcset when hydrating to prevent needless requests (#​8868)

v4.0.1

Compare Source

Patch Changes

  • fix: ensure identifiers in destructuring contexts don't clash with existing ones (#​8840)

  • fix: ensure createEventDispatcher and ActionReturn work with types from generic function parameters (#​8872)

  • fix: apply transition to <svelte:element> with local transition (#​8865)

  • fix: relax a11y "no redundant role" rule for li, ul, ol (#​8867)

  • fix: remove tsconfig.json from published package (#​8859)

v4.0.0

Compare Source

Major Changes

  • breaking: Minimum supported Node version is now Node 16 (#​8566)

  • breaking: Minimum supported webpack version is now webpack 5 (#​8515)

  • breaking: Bundlers must specify the browser condition when building a frontend bundle for the browser (#​8516)

  • breaking: Minimum supported vite-plugin-svelte version is now 2.4.1. SvelteKit users can upgrade to 1.20.0 or newer to ensure a compatible version (#​8516)

  • breaking: Minimum supported rollup-plugin-svelte version is now 7.1.5 (198dbcf)

  • breaking: Minimum supported svelte-loader is now 3.1.8 (198dbcf)

  • breaking: Minimum supported TypeScript version is now TypeScript 5 (it will likely work with lower versions, but we make no guarantees about that) (#​8488)

  • breaking: Remove svelte/register hook, CJS runtime version and CJS compiler output (#​8613)

  • breaking: Stricter types for createEventDispatcher (see PR for migration instructions) (#​7224)

  • breaking: Stricter types for Action and ActionReturn (see PR for migration instructions) (#​7442)

  • breaking: Stricter types for onMount - now throws a type error when returning a function asynchronously to catch potential mistakes around callback functions
    (see PR for migration instructions) (#​8136)

  • breaking: Overhaul and drastically improve creating custom elements with Svelte (see PR for list of changes and migration instructions) ([#​8457](https://github.
    com/feat: custom elements rework sveltejs/svelte#8457))

  • breaking: Deprecate SvelteComponentTyped in favor of SvelteComponent (#​8512)

  • breaking: Make transitions local by default to prevent confusion around page navigations (#​6686)

  • breaking: Error on falsy values instead of stores passed to derived (#​7947)

  • breaking: Custom store implementers now need to pass an update function additionally to the set function ([#​6750](https://github.com/sveltejs/svelte/pull/
    6750))

  • breaking: Do not expose default slot bindings to named slots and vice versa (#​6049)

  • breaking: Change order in which preprocessors are applied (#​8618)

  • breaking: The runtime now makes use of classList.toggle(name, boolean) which does not work in very old browsers ([#​8629](https://github.com/sveltejs/svelte/
    pull/8629))

  • breaking: apply inert to outroing elements (#​8628)

  • breaking: use CustomEvent constructor instead of deprecated createEvent method (#​8775)

Minor Changes

  • Add a way to modify attributes for script/style preprocessors (#​8618)

  • Improve hydration speed by adding data-svelte-h attribute to detect unchanged HTML elements (#​7426)

  • Add a11y no-noninteractive-element-interactions rule (#​8391)

  • Add a11y-no-static-element-interactionsrule (#​8251)

  • Allow #each to iterate over iterables like Set, Map etc (#​7425)

  • Improve duplicate key error for keyed each blocks (#​8411)

  • Warn about : in attributes and props to prevent ambiguity with Svelte directives (#​6823)

  • feat: add version info to window. You can opt out by setting discloseVersion to false in the compiler options (#​8761)

  • feat: smaller minified output for destructor chunks (#​8763)

Patch Changes

  • Bind null option and input values consistently (#​8312)

  • Allow $store to be used with changing values including nullish values (#​7555)

  • Initialize stylesheet with /* empty */ to enable setting CSP directive that also works in Safari (#​7800)

  • Treat slots as if they don't exist when using CSS adjacent and general sibling combinators (#​8284)

  • Fix transitions so that they don't require a style-src 'unsafe-inline' Content Security Policy (CSP) (#​6662).

  • Explicitly disallow var declarations extending the reactive statement scope (#​6800)

  • Improve error message when trying to use animate: directives on inline components (#​8641)

  • fix: export ComponentType from svelte entrypoint (#​8578)

  • fix: never use html optimization for mustache tags in hydration mode (#​8744)

  • fix: derived store types (#​8578)

  • Generate type declarations with dts-buddy (#​8578)

  • fix: ensure types are loaded with all TS settings (#​8721)

  • fix: account for preprocessor source maps when calculating meta info (#​8778)

  • chore: deindent cjs output for compiler (#​8785)

  • warn on boolean compilerOptions.css (#​8710)

  • fix: export correct SvelteComponent type (#​8721)

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate bot force-pushed the renovate/npm-svelte-vulnerability branch from e440eb6 to 33d712d Compare October 10, 2024 20:15
@socket-security
Copy link

socket-security bot commented Oct 10, 2024
edited
Loading

Caution

Review the following alerts detected in dependencies.

According to your organization's Security Policy, you must resolve all "Block" alerts before proceeding. Learn more about Socket for GitHub.

Action Severity Alert  (click "▶" to expand/collapse)
Block High
High CVE: Model Context Protocol (MCP) TypeScript SDK does not enable DNS rebinding protection by default in npm @modelcontextprotocol/sdk

CVE: GHSA-w48q-cv73-mx4w Model Context Protocol (MCP) TypeScript SDK does not enable DNS rebinding protection by default (HIGH)

Affected versions: < 1.24.0

Patched version: 1.24.0

From: packages/mcp/package.jsonnpm/@modelcontextprotocol/sdk@1.17.3

ℹ Read more on: This package | This alert | What is a CVE?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Remove or replace dependencies that include known high severity CVEs. Consumers can use dependency overrides or npm audit fix --force to remove vulnerable dependencies.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@modelcontextprotocol/sdk@1.17.3. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Block Low
Potential code anomaly (AI signal): npm @humanwhocodes/retry is 100.0% likely to have a medium risk anomaly

Notes: The Retrier class implements a conventional, well-scoped retry mechanism with abort support and backoff-like scheduling. There is no evidence of malicious behavior, data exfiltration, or backdoors in this fragment. The primary security considerations relate to the trustworthiness of the host-provided function (fn) and the external timing constants that govern bail/retry behavior. Overall risk is moderate due to the possibility of executing arbitrary host code, but this is expected for a retry utility; no external communications or data leakage are evident here.

Confidence: 1.00

Severity: 0.60

From: ?npm/eslint@9.33.0npm/@humanwhocodes/retry@0.3.1

ℹ Read more on: This package | This alert | What is an AI-detected potential code anomaly?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: An AI system found a low-risk anomaly in this package. It may still be fine to use, but you should check that it is safe before proceeding.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@humanwhocodes/retry@0.3.1. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Block Low
Potential code anomaly (AI signal): npm ajv is 100.0% likely to have a medium risk anomaly

Notes: The code represents a conventional, non-obfuscated part of AJV’s custom keyword support. No direct malicious actions are evident within this module. Security concerns mainly arise from the broader supply chain: the external rule implementation (dotjs/custom), the definition schema, and any user-supplied keyword definitions. The dynamic compilation path (compile(metaSchema, true)) should be exercised with trusted inputs. Recommended follow-up: review the contents of the external modules and monitor the inputs supplied to addKeyword/definitionSchema to ensure no unsafe behavior is introduced during validation or data handling.

Confidence: 1.00

Severity: 0.60

From: ?npm/eslint@9.33.0npm/@modelcontextprotocol/sdk@1.17.3npm/ajv@6.12.6

ℹ Read more on: This package | This alert | What is an AI-detected potential code anomaly?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: An AI system found a low-risk anomaly in this package. It may still be fine to use, but you should check that it is safe before proceeding.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/ajv@6.12.6. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Block Low
Potential code anomaly (AI signal): npm code-red is 100.0% likely to have a medium risk anomaly

Notes: The analyzed code fragment appears to be a conventional AST-to-source code printer component with legitimate node handling and type normalization. No evidence of malicious activity, data leakage, or backdoors within this portion. Security posture remains moderate pending broader context about AST input sources.

Confidence: 1.00

Severity: 0.60

From: ?npm/svelte@4.2.20npm/code-red@1.0.4

ℹ Read more on: This package | This alert | What is an AI-detected potential code anomaly?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: An AI system found a low-risk anomaly in this package. It may still be fine to use, but you should check that it is safe before proceeding.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/code-red@1.0.4. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Block Low
Potential code anomaly (AI signal): npm consola is 100.0% likely to have a medium risk anomaly

Notes: The analyzed code fragment is a feature-rich, standard Consola logging utility responsible for redirecting and managing log output with throttling, pausing, and reporter integration. There is no direct evidence of malicious activity, hardcoded secrets, or exfiltration within this snippet. However, the powerful I/O overrides pose privacy and data flow risks if reporters or downstream sinks are untrusted. The security posture hinges on trusted reporters and proper governance of the overall supply chain.

Confidence: 1.00

Severity: 0.60

From: ?npm/ava@6.4.1npm/consola@3.4.2

ℹ Read more on: This package | This alert | What is an AI-detected potential code anomaly?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: An AI system found a low-risk anomaly in this package. It may still be fine to use, but you should check that it is safe before proceeding.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/consola@3.4.2. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Block Low
Potential code anomaly (AI signal): npm css-tree is 100.0% likely to have a medium risk anomaly

Notes: The code is a standard, well-scoped parser fragment for a DSL-like FeatureFunction construct. It uses dynamic feature dispatch with proper balance checks and safe fallbacks, and emits a consistent AST node. No malicious behavior detected; the main risks relate to misconfiguration of the features map rather than code-level exploits.

Confidence: 1.00

Severity: 0.60

From: ?npm/rollup-plugin-styles@4.0.0npm/css-tree@3.1.0

ℹ Read more on: This package | This alert | What is an AI-detected potential code anomaly?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: An AI system found a low-risk anomaly in this package. It may still be fine to use, but you should check that it is safe before proceeding.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/css-tree@3.1.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Block Low
Potential code anomaly (AI signal): npm detect-libc is 100.0% likely to have a medium risk anomaly

Notes: The code represents a robust, multi-source libc detection utility for Linux, prioritizing filesystem data, then runtime reports, and finally command-based inference. It shows no malicious behavior and aligns with expected patterns for environment introspection. The main improvement areas are strengthening error visibility and handling edge cases where outputs differ from standard expectations.

Confidence: 1.00

Severity: 0.60

From: ?npm/ava@6.4.1npm/detect-libc@2.0.4

ℹ Read more on: This package | This alert | What is an AI-detected potential code anomaly?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: An AI system found a low-risk anomaly in this package. It may still be fine to use, but you should check that it is safe before proceeding.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/detect-libc@2.0.4. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Block Low
Potential code anomaly (AI signal): npm ignore is 100.0% likely to have a medium risk anomaly

Notes: The code fragment represents a conventional, well-structured path-ignore utility with caching and recursive parent-directory evaluation. Windows path normalization is present for compatibility but does not indicate malicious intent. No indicators of data leakage, external communication, or covert backdoors were found. Security impact primarily revolves around correct ignore semantics rather than intrinsic vulnerabilities. The component remains appropriate for use in a broader security-conscious pipeline if used with careful awareness of what is being ignored.

Confidence: 1.00

Severity: 0.60

From: ?npm/ava@6.4.1npm/ignore@7.0.5

ℹ Read more on: This package | This alert | What is an AI-detected potential code anomaly?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: An AI system found a low-risk anomaly in this package. It may still be fine to use, but you should check that it is safe before proceeding.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/ignore@7.0.5. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Block Low
Potential code anomaly (AI signal): npm object-hash is 100.0% likely to have a medium risk anomaly

Notes: Conclusion: The code appears to be a standard, open-source-like object hashing/serialization utility with streaming capabilities. No active malicious behavior detected within this fragment. Minor issues (typos, blob handling edge-case, and potential performance considerations for large inputs) should be addressed to reduce risk in supply-chain contexts. Overall security risk remains moderate and workload/usage controls should govern integration.

Confidence: 1.00

Severity: 0.60

From: ?npm/tailwindcss@3.4.18npm/object-hash@3.0.0

ℹ Read more on: This package | This alert | What is an AI-detected potential code anomaly?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: An AI system found a low-risk anomaly in this package. It may still be fine to use, but you should check that it is safe before proceeding.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/object-hash@3.0.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Block Low
Potential code anomaly (AI signal): npm openai is 100.0% likely to have a medium risk anomaly

Notes: The script itself is not evidently malicious but poses a moderate-to-high supply-chain risk: it invokes npx to download and execute a GitHub-hosted tarball and passes a local migration-config.json path and the process environment to the remote code. That remote code could perform arbitrary actions, read local configuration or environment secrets, or exfiltrate data. Mitigations: avoid using tarball URLs in runtime invocations, pin to vetted packages in package.json, verify integrity (checksums/signatures), vendor the migration tool or require an explicit local installation, and avoid passing sensitive file paths or environment variables to untrusted code.

Confidence: 1.00

Severity: 0.60

From: packages/ui/package.jsonnpm/openai@5.23.2

ℹ Read more on: This package | This alert | What is an AI-detected potential code anomaly?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: An AI system found a low-risk anomaly in this package. It may still be fine to use, but you should check that it is safe before proceeding.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/openai@5.23.2. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Block Low
Potential code anomaly (AI signal): npm prettier is 100.0% likely to have a medium risk anomaly

Notes: No definitive malware detected in this fragment. The main security concern is supply-chain risk from dynamically loading plugins from potentially untrusted sources. To mitigate, enforce strict plugin provenance, disable remote plugin loading, verify plugin integrity, and apply least-privilege execution for plugins.

Confidence: 1.00

Severity: 0.60

From: package.jsonnpm/prettier@3.6.2

ℹ Read more on: This package | This alert | What is an AI-detected potential code anomaly?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: An AI system found a low-risk anomaly in this package. It may still be fine to use, but you should check that it is safe before proceeding.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/prettier@3.6.2. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Block Low
Potential code anomaly (AI signal): npm proxy-addr is 100.0% likely to have a medium risk anomaly

Notes: The code is a standard, well-scoped IP trust utility (proxy-addr) with no evidence of malicious behavior. It reads IPs from request headers, validates and normalizes them, and applies a trust policy to determine the client address. No backdoors, exfiltration, or dangerous operations are present. The security posture appears acceptable for its intended purpose when used as a dependency in an Open Source project.

Confidence: 1.00

Severity: 0.60

From: ?npm/@modelcontextprotocol/sdk@1.17.3npm/proxy-addr@2.0.7

ℹ Read more on: This package | This alert | What is an AI-detected potential code anomaly?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: An AI system found a low-risk anomaly in this package. It may still be fine to use, but you should check that it is safe before proceeding.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/proxy-addr@2.0.7. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Block Low
Potential code anomaly (AI signal): npm resolve is 100.0% likely to have a medium risk anomaly

Notes: This manifest uses a non-registry, relative-path dependency ('resolve': '../../../') which is a significant supply-chain risk because it allows arbitrary local code to be pulled in and executed without registry protections. Combined with the 'lerna bootstrap' postinstall script (which can trigger other lifecycle scripts across the monorepo), this setup increases the chance of untrusted code execution and other malicious behavior. Inspect the target of the relative path, all bootstrap-linked packages, and any lifecycle scripts before running npm install in an untrusted environment.

Confidence: 1.00

Severity: 0.60

From: ?npm/rollup-plugin-styles@4.0.0npm/@rollup/plugin-typescript@12.1.4npm/tailwindcss@3.4.18npm/@rollup/plugin-node-resolve@16.0.3npm/resolve@1.22.10

ℹ Read more on: This package | This alert | What is an AI-detected potential code anomaly?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: An AI system found a low-risk anomaly in this package. It may still be fine to use, but you should check that it is safe before proceeding.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/resolve@1.22.10. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Block Low
Potential code anomaly (AI signal): npm rimraf is 100.0% likely to have a medium risk anomaly

Notes: The rimraf module analyzed appears to be a conventional, dependable recursive deletion utility with thoughtful cross-platform safeguards and backoff strategies. There is no evidence of malicious activity, data leakage, or backdoors. The primary risk is accidental or intentional destructive file system changes if misused; treat as legitimate utility with appropriate access controls.

Confidence: 1.00

Severity: 0.60

From: ?npm/svelte-preprocess@5.1.4npm/rimraf@2.7.1

ℹ Read more on: This package | This alert | What is an AI-detected potential code anomaly?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: An AI system found a low-risk anomaly in this package. It may still be fine to use, but you should check that it is safe before proceeding.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/rimraf@2.7.1. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Block Low
Potential code anomaly (AI signal): npm rollup-plugin-terser is 100.0% likely to have a medium risk anomaly

Notes: This file is a terser wrapper that unsafely evaluates a caller-supplied string to produce options. The code itself contains no explicit exfiltration, hard-coded credentials, or network calls, and appears non-obfuscated. However, eval(optionsString) is a high-severity issue: if optionsString can be influenced by an attacker, the application can be fully compromised (RCE). Replace eval with safe parsing and validate inputs. Avoid returning mutable objects from evaluated input.

Confidence: 1.00

Severity: 0.60

From: packages/ui/package.jsonnpm/rollup-plugin-terser@7.0.2

ℹ Read more on: This package | This alert | What is an AI-detected potential code anomaly?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: An AI system found a low-risk anomaly in this package. It may still be fine to use, but you should check that it is safe before proceeding.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/rollup-plugin-terser@7.0.2. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Block Low
Potential code anomaly (AI signal): npm rxjs is 100.0% likely to have a medium risk anomaly

Notes: The code is a conventional, well-scoped implementation of an RxJS-like concat operator. No malicious behavior, data exfiltration, or suspicious I/O detected in this fragment. Security risk is low; malware likelihood is negligible for this isolated operator function.

Confidence: 1.00

Severity: 0.60

From: ?npm/concurrently@9.2.0npm/rxjs@7.8.2

ℹ Read more on: This package | This alert | What is an AI-detected potential code anomaly?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: An AI system found a low-risk anomaly in this package. It may still be fine to use, but you should check that it is safe before proceeding.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/rxjs@7.8.2. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Block Low
Potential code anomaly (AI signal): npm synckit is 100.0% likely to have a medium risk anomaly

Notes: The code is a sophisticated, legitimate utility for managing worker threads with various TypeScript runtimes and global shims. It does not exhibit explicit malicious behavior, hardcoded secrets, or standard malware patterns. The main security considerations relate to the safe handling of workerPath/globalShims inputs and ensuring that only trusted, validated worker code is executed in worker contexts. Overall risk is moderate due to the dynamic nature of code loading, but the fragment itself is a standard, non-malicious utility module.

Confidence: 1.00

Severity: 0.60

From: ?npm/eslint-plugin-prettier@5.5.4npm/synckit@0.11.11

ℹ Read more on: This package | This alert | What is an AI-detected potential code anomaly?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: An AI system found a low-risk anomaly in this package. It may still be fine to use, but you should check that it is safe before proceeding.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/synckit@0.11.11. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Block Low
Potential code anomaly (AI signal): npm terser is 100.0% likely to have a medium risk anomaly

Notes: Conclusion: The fragment is a benign static list of DOM/Web API identifiers used for tooling purposes (e.g., property enumeration, whitelist checks, or code generation). There is no evidence of malicious behavior, data exfiltration, or backdoors within this fragment alone. Overall security risk is low for this isolated piece; assessment should consider how the list is used in the broader codebase.

Confidence: 1.00

Severity: 0.60

From: ?npm/rollup-plugin-terser@7.0.2npm/terser@5.43.1

ℹ Read more on: This package | This alert | What is an AI-detected potential code anomaly?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: An AI system found a low-risk anomaly in this package. It may still be fine to use, but you should check that it is safe before proceeding.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/terser@5.43.1. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Block Low
Potential code anomaly (AI signal): npm zod is 100.0% likely to have a medium risk anomaly

Notes: No explicit network exfiltration, reverse shell, or credential theft is present in this fragment. However, the code assembles and compiles arbitrary code via the Function constructor and invokes passed-in functions immediately (twice). That behavior constitutes a strong dangerous primitive (arbitrary code execution) which can be abused if any inputs (strings or args) are attacker-controlled. Treat this module as risky in threat models where inputs are not fully trusted; review call sites and sanitize/validate inputs or avoid dynamic evaluation.

Confidence: 1.00

Severity: 0.60

From: ?npm/@modelcontextprotocol/sdk@1.17.3npm/zod@3.25.76

ℹ Read more on: This package | This alert | What is an AI-detected potential code anomaly?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: An AI system found a low-risk anomaly in this package. It may still be fine to use, but you should check that it is safe before proceeding.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/zod@3.25.76. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report

@renovate renovate bot force-pushed the renovate/npm-svelte-vulnerability branch from 33d712d to aa35f83 Compare November 18, 2024 20:32
@renovate renovate bot force-pushed the renovate/npm-svelte-vulnerability branch from aa35f83 to de0c040 Compare January 20, 2025 18:18
This was referenced Jan 20, 2025
Closed
Closed
@renovate renovate bot force-pushed the renovate/npm-svelte-vulnerability branch 2 times, most recently from 17b5d6c to a1ba4f1 Compare February 26, 2025 20:20
@renovate renovate bot force-pushed the renovate/npm-svelte-vulnerability branch from a1ba4f1 to 9bb7c98 Compare April 21, 2025 14:29
@renovate renovate bot force-pushed the renovate/npm-svelte-vulnerability branch from 9bb7c98 to 49a51d2 Compare April 29, 2025 22:45
@renovate renovate bot force-pushed the renovate/npm-svelte-vulnerability branch 5 times, most recently from 7e3f2c2 to 2db0263 Compare June 27, 2025 14:52
@renovate renovate bot force-pushed the renovate/npm-svelte-vulnerability branch 7 times, most recently from 950f211 to 1e15d83 Compare July 4, 2025 16:29
@renovate renovate bot force-pushed the renovate/npm-svelte-vulnerability branch 3 times, most recently from dacf32a to 04a37fb Compare July 15, 2025 08:38
@renovate renovate bot force-pushed the renovate/npm-svelte-vulnerability branch 5 times, most recently from 44f828c to 2072ab7 Compare July 22, 2025 20:42
@renovate renovate bot force-pushed the renovate/npm-svelte-vulnerability branch 7 times, most recently from 7fe2992 to 9d0b749 Compare November 5, 2025 19:49
@renovate renovate bot force-pushed the renovate/npm-svelte-vulnerability branch 9 times, most recently from 8a80010 to 6d165f9 Compare November 13, 2025 17:00
@renovate renovate bot force-pushed the renovate/npm-svelte-vulnerability branch 7 times, most recently from 0a0fef3 to c609075 Compare December 1, 2025 18:54
@renovate renovate bot force-pushed the renovate/npm-svelte-vulnerability branch 2 times, most recently from 4ee59a4 to 06bb02d Compare December 9, 2025 02:44
@socket-security
Copy link

socket-security bot commented Dec 9, 2025
edited
Loading

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security		 Vulnerability Quality Maintenance License
Added@​openzeppelin/​uniswap-hooks@​1.2.1501006491100
Addedrollup-plugin-terser@​7.0.210010010050100
Added@​changesets/​changelog-github@​0.5.11001006791100
Addedtypescript-eslint@​8.39.11001007496100
Addedhighlightjs-cairo@​0.4.0741008079100
Added@​types/​semver@​7.7.01001007481100
Added@​types/​semver@​7.7.11001007581100
Addedpath-browserify@​1.0.11001008575100
Addedfile-saver@​2.0.510010010075100
Addedsolidity-ast@​0.4.6010010010078100
Addedsirv-cli@​3.0.19910010079100
Added@​modelcontextprotocol/​sdk@​1.17.3998510099100
Added@​types/​file-saver@​2.0.71001008080100
Added@​types/​resize-observer-browser@​0.1.111001008380100
Addedjszip@​3.10.1100100848070
Addedtippy.js@​6.3.7981009280100
Addedrollup-plugin-livereload@​2.0.59910010080100
Addedrollup-plugin-styles@​4.0.09710010080100
Updated@​types/​node@​22.7.5 ⏵ 20.19.21100 +110081 +195 -1100
Updated@​types/​node@​22.7.5 ⏵ 20.19.10100 +110081 +195 -1100
Addedpostcss-load-config@​6.0.110010010082100
Added@​uniswap/​v4-core@​1.0.2971001008370
Added@​uniswap/​v4-periphery@​1.0.384100888470
Addedpostcss@​8.5.61001008284100
Addedconcurrently@​9.2.09910010083100
Addedsvelte-preprocess@​5.1.49210010083100
Updatedethereum-cryptography@​1.2.0 ⏵ 3.2.0100 +1100100 +183100
Addedhighlightjs-solidity@​2.0.6961008483100
Addedava@​6.4.19810010084100
Added@​rollup/​plugin-json@​6.1.010010010084100
Addedhighlight.js@​11.11.110010010085100
Addedutil@​0.12.51001008585100
Addedrollup-plugin-svelte@​7.2.310010010086100
See 25 more rows in the dashboard

View full report

@renovate renovate bot force-pushed the renovate/npm-svelte-vulnerability branch 2 times, most recently from 15c2747 to 000e763 Compare December 12, 2025 14:06
@renovate renovate bot force-pushed the renovate/npm-svelte-vulnerability branch from 000e763 to 290239b Compare December 15, 2025 13:19
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@coderabbitai coderabbitai[bot] coderabbitai[bot] left review comments

At least 2 approving reviews are required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant