Bump the major group across 1 directory with 5 updates

[dependabot]

Bumps the major group with 5 updates in the / directory:

Package	From	To
@eslint/js	9.32.0	10.0.1
eslint	9.32.0	10.0.0
@clack/core	0.5.0	1.0.0
@clack/prompts	0.11.0	1.0.0
@google-cloud/secret-manager	5.6.0	6.1.1

Updates @eslint/js from 9.32.0 to 10.0.1

Release notes

Sourced from @​eslint/js's releases.

v10.0.0

Breaking Changes

• f9e54f4 feat!: estimate rule-tester failure location (#20420) (ST-DDT)
• a176319 feat!: replace chalk with styleText and add color to ResultsMeta (#20227) (루밀LuMir)
• c7046e6 feat!: enable JSX reference tracking (#20152) (Pixel998)
• fa31a60 feat!: add name to configs (#20015) (Kirk Waiblinger)
• 3383e7e fix!: remove deprecated SourceCode methods (#20137) (Pixel998)
• 501abd0 feat!: update dependency minimatch to v10 (#20246) (renovate[bot])
• ca4d3b4 fix!: stricter rule tester assertions for valid test cases (#20125) (唯然)
• 96512a6 fix!: Remove deprecated rule context methods (#20086) (Nicholas C. Zakas)
• c69fdac feat!: remove eslintrc support (#20037) (Francesco Trotta)
• 208b5cc feat!: Use ScopeManager#addGlobals() (#20132) (Milos Djermanovic)
• a2ee188 fix!: add uniqueItems: true in no-invalid-regexp option (#20155) (Tanuj Kanti)
• a89059d feat!: Program range span entire source text (#20133) (Pixel998)
• 39a6424 fix!: assert 'text' is a string across all RuleFixer methods (#20082) (Pixel998)
• f28fbf8 fix!: Deprecate "always" and "as-needed" options of the radix rule (#20223) (Milos Djermanovic)
• aa3fb2b fix!: tighten func-names schema (#20119) (Pixel998)
• f6c0ed0 feat!: report eslint-env comments as errors (#20128) (Francesco Trotta)
• 4bf739f fix!: remove deprecated LintMessage#nodeType and TestCaseError#type (#20096) (Pixel998)
• 523c076 feat!: drop support for jiti < 2.2.0 (#20016) (michael faith)
• 454a292 feat!: update eslint:recommended configuration (#20210) (Pixel998)
• 4f880ee feat!: remove v10_* and inactive unstable_* flags (#20225) (sethamus)
• f18115c feat!: no-shadow-restricted-names report globalThis by default (#20027) (sethamus)
• c6358c3 feat!: Require Node.js ^20.19.0 || ^22.13.0 || >=24 (#20160) (Milos Djermanovic)

Features

• bff9091 feat: handle Array.fromAsync in array-callback-return (#20457) (Francesco Trotta)
• 290c594 feat: add self to no-implied-eval rule (#20468) (sethamus)
• 43677de feat: fix handling of function and class expression names in no-shadow (#20432) (Milos Djermanovic)
• f0cafe5 feat: rule tester add assertion option requireData (#20409) (fnx)
• f7ab693 feat: output RuleTester test case failure index (#19976) (ST-DDT)
• 7cbcbf9 feat: add countThis option to max-params (#20236) (Gerkin)
• f148a5e feat: add error assertion options (#20247) (ST-DDT)
• 09e6654 feat: update error loc of require-yield and no-useless-constructor (#20267) (Tanuj Kanti)

Bug Fixes

• 436b82f fix: update eslint (#20473) (renovate[bot])
• 1d29d22 fix: detect default this binding in Array.fromAsync callbacks (#20456) (Francesco Trotta)
• 727451e fix: fix regression of global mode report range in strict rule (#20462) (ntnyq)
• e80485f fix: remove fake FlatESLint and LegacyESLint exports (#20460) (Francesco Trotta)
• 9eeff3b fix: update esquery (#20423) (cryptnix)
• b34b938 fix: use Error.prepareStackTrace to estimate failing test location (#20436) (Francesco Trotta)
• 51aab53 fix: update eslint (#20443) (renovate[bot])
• 23490b2 fix: handle space before colon in RuleTester location estimation (#20433) (Francesco Trotta)
• f244dbf fix: use MessagePlaceholderData type from @eslint/core (#20348) (루밀LuMir)
• d186f8c fix: update eslint (#20427) (renovate[bot])
• 2332262 fix: error location should not modify error message in RuleTester (#20421) (Milos Djermanovic)
• ab99b21 fix: ensure filename is passed as third argument to verifyAndFix() (#20405) (루밀LuMir)
• 8a60f3b fix: remove ecmaVersion and sourceType from ParserOptions type (#20415) (Pixel998)
• eafd727 fix: remove TDZ scope type (#20231) (jaymarvelz)

... (truncated)

Commits

• See full diff in compare view

Updates eslint from 9.32.0 to 10.0.0

Release notes

Sourced from eslint's releases.

v10.0.0

Breaking Changes

• f9e54f4 feat!: estimate rule-tester failure location (#20420) (ST-DDT)
• a176319 feat!: replace chalk with styleText and add color to ResultsMeta (#20227) (루밀LuMir)
• c7046e6 feat!: enable JSX reference tracking (#20152) (Pixel998)
• fa31a60 feat!: add name to configs (#20015) (Kirk Waiblinger)
• 3383e7e fix!: remove deprecated SourceCode methods (#20137) (Pixel998)
• 501abd0 feat!: update dependency minimatch to v10 (#20246) (renovate[bot])
• ca4d3b4 fix!: stricter rule tester assertions for valid test cases (#20125) (唯然)
• 96512a6 fix!: Remove deprecated rule context methods (#20086) (Nicholas C. Zakas)
• c69fdac feat!: remove eslintrc support (#20037) (Francesco Trotta)
• 208b5cc feat!: Use ScopeManager#addGlobals() (#20132) (Milos Djermanovic)
• a2ee188 fix!: add uniqueItems: true in no-invalid-regexp option (#20155) (Tanuj Kanti)
• a89059d feat!: Program range span entire source text (#20133) (Pixel998)
• 39a6424 fix!: assert 'text' is a string across all RuleFixer methods (#20082) (Pixel998)
• f28fbf8 fix!: Deprecate "always" and "as-needed" options of the radix rule (#20223) (Milos Djermanovic)
• aa3fb2b fix!: tighten func-names schema (#20119) (Pixel998)
• f6c0ed0 feat!: report eslint-env comments as errors (#20128) (Francesco Trotta)
• 4bf739f fix!: remove deprecated LintMessage#nodeType and TestCaseError#type (#20096) (Pixel998)
• 523c076 feat!: drop support for jiti < 2.2.0 (#20016) (michael faith)
• 454a292 feat!: update eslint:recommended configuration (#20210) (Pixel998)
• 4f880ee feat!: remove v10_* and inactive unstable_* flags (#20225) (sethamus)
• f18115c feat!: no-shadow-restricted-names report globalThis by default (#20027) (sethamus)
• c6358c3 feat!: Require Node.js ^20.19.0 || ^22.13.0 || >=24 (#20160) (Milos Djermanovic)

Features

• bff9091 feat: handle Array.fromAsync in array-callback-return (#20457) (Francesco Trotta)
• 290c594 feat: add self to no-implied-eval rule (#20468) (sethamus)
• 43677de feat: fix handling of function and class expression names in no-shadow (#20432) (Milos Djermanovic)
• f0cafe5 feat: rule tester add assertion option requireData (#20409) (fnx)
• f7ab693 feat: output RuleTester test case failure index (#19976) (ST-DDT)
• 7cbcbf9 feat: add countThis option to max-params (#20236) (Gerkin)
• f148a5e feat: add error assertion options (#20247) (ST-DDT)
• 09e6654 feat: update error loc of require-yield and no-useless-constructor (#20267) (Tanuj Kanti)

Bug Fixes

• 436b82f fix: update eslint (#20473) (renovate[bot])
• 1d29d22 fix: detect default this binding in Array.fromAsync callbacks (#20456) (Francesco Trotta)
• 727451e fix: fix regression of global mode report range in strict rule (#20462) (ntnyq)
• e80485f fix: remove fake FlatESLint and LegacyESLint exports (#20460) (Francesco Trotta)
• 9eeff3b fix: update esquery (#20423) (cryptnix)
• b34b938 fix: use Error.prepareStackTrace to estimate failing test location (#20436) (Francesco Trotta)
• 51aab53 fix: update eslint (#20443) (renovate[bot])
• 23490b2 fix: handle space before colon in RuleTester location estimation (#20433) (Francesco Trotta)
• f244dbf fix: use MessagePlaceholderData type from @eslint/core (#20348) (루밀LuMir)
• d186f8c fix: update eslint (#20427) (renovate[bot])
• 2332262 fix: error location should not modify error message in RuleTester (#20421) (Milos Djermanovic)
• ab99b21 fix: ensure filename is passed as third argument to verifyAndFix() (#20405) (루밀LuMir)
• 8a60f3b fix: remove ecmaVersion and sourceType from ParserOptions type (#20415) (Pixel998)
• eafd727 fix: remove TDZ scope type (#20231) (jaymarvelz)

... (truncated)

Commits

• 4e6c4ac 10.0.0
• ddd8a22 Build: changelog update for 10.0.0
• bff9091 feat: handle Array.fromAsync in array-callback-return (#20457)
• 1ece282 chore: ignore /docs/v9.x in link checker (#20452)
• 034e139 ci: add type integration test for @html-eslint/eslint-plugin (#20345)
• f3fbc2f chore: set @eslint/js version to 10.0.0 to skip releasing it (#20466)
• e978dda docs: Update README
• 4cecf83 docs: Update README
• c79f0ab docs: Update README
• afc0681 chore: remove scopeManager.addGlobals patch for typescript-eslint parser (#20...
• Additional commits viewable in compare view

Updates @clack/core from 0.5.0 to 1.0.0

Release notes

Sourced from @​clack/core's releases.

@​clack/core@​1.0.0

Major Changes

• c713fd5: The package is now distributed as ESM-only. In v0 releases, the package was dual-published as CJS and ESM.

  For existing CJS projects using Node v20+, please see Node's guide on Loading ECMAScript modules using require().

Minor Changes

• 7bc3301: Prompts now have a userInput stored separately from their value.

• 2837845: Adds suggestion and path prompts

• 729bbb6: Add support for customizable spinner cancel and error messages. Users can now customize these messages either per spinner instance or globally via the updateSettings function to support multilingual CLIs.

  This update also improves the architecture by exposing the core settings to the prompts package, enabling more consistent default message handling across the codebase.

  // Per-instance customization
  const spinner = prompts.spinner({
    cancelMessage: "Operación cancelada", // "Operation cancelled" in Spanish
    errorMessage: "Se produjo un error", // "An error occurred" in Spanish
  });
  // Global customization via updateSettings
  prompts.updateSettings({
  messages: {
  cancel: "Operación cancelada", // "Operation cancelled" in Spanish
  error: "Se produjo un error", // "An error occurred" in Spanish
  },
  });
  // Settings can now be accessed directly
  console.log(prompts.settings.messages.cancel); // "Operación cancelada"
  // Direct options take priority over global settings
  const spinner = prompts.spinner({
  cancelMessage: "Cancelled", // This will be used instead of the global setting
  });

• 55645c2: Support wrapping autocomplete and select prompts.

• f2c2b89: Adds AutocompletePrompt to core with comprehensive tests and implement both autocomplete and autocomplete-multiselect components in prompts package.

• df4eea1: Remove suggestion prompt and change path prompt to be an autocomplete prompt.

• 1604f97: Add clearOnError option to password prompt to automatically clear input when validation fails

Patch Changes

... (truncated)

Changelog

Sourced from @​clack/core's changelog.

1.0.0

Major Changes

• c713fd5: The package is now distributed as ESM-only. In v0 releases, the package was dual-published as CJS and ESM.

  For existing CJS projects using Node v20+, please see Node's guide on Loading ECMAScript modules using require().

Minor Changes

• 7bc3301: Prompts now have a userInput stored separately from their value.

• 2837845: Adds suggestion and path prompts

• 729bbb6: Add support for customizable spinner cancel and error messages. Users can now customize these messages either per spinner instance or globally via the updateSettings function to support multilingual CLIs.

  This update also improves the architecture by exposing the core settings to the prompts package, enabling more consistent default message handling across the codebase.

  // Per-instance customization
  const spinner = prompts.spinner({
    cancelMessage: "Operación cancelada", // "Operation cancelled" in Spanish
    errorMessage: "Se produjo un error", // "An error occurred" in Spanish
  });
  // Global customization via updateSettings
  prompts.updateSettings({
  messages: {
  cancel: "Operación cancelada", // "Operation cancelled" in Spanish
  error: "Se produjo un error", // "An error occurred" in Spanish
  },
  });
  // Settings can now be accessed directly
  console.log(prompts.settings.messages.cancel); // "Operación cancelada"
  // Direct options take priority over global settings
  const spinner = prompts.spinner({
  cancelMessage: "Cancelled", // This will be used instead of the global setting
  });

• 55645c2: Support wrapping autocomplete and select prompts.

• f2c2b89: Adds AutocompletePrompt to core with comprehensive tests and implement both autocomplete and autocomplete-multiselect components in prompts package.

• df4eea1: Remove suggestion prompt and change path prompt to be an autocomplete prompt.

• 1604f97: Add clearOnError option to password prompt to automatically clear input when validation fails

Patch Changes

• 0718b07: fix: export *Options types for prompts.
• bfe0dd3: Prevents placeholder from being used as input value in text prompts
• 6868c1c: Adds a new selectableGroups boolean to the group multi-select prompt. Using selectableGroups: false will disable the ability to select a top-level group, but still allow every child to be selected individually.

... (truncated)

Commits

• bc31ee8 v1 (#446)
• a520163 [ci] release (alpha) (#445)
• 68dbf9b feat: add caseSensitive option to select-key (#443)
• 08b58f5 [ci] release (alpha) (#406)
• 0041d81 [ci] format
• 0718b07 fix: export missing types from @​clack/core (#238)
• acc4c3a feat: add withGuide option (#409)
• 4ba2d78 fix: support off-screen lines when re-rendering (#414)
• 7530af0 fix: wrap messages in select prompts (#410)
• 69508f4 [ci] release (alpha) (#399)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for @​clack/core since your current version.

Updates @clack/prompts from 0.11.0 to 1.0.0

Release notes

Sourced from @​clack/prompts's releases.

@​clack/prompts@​1.0.0

Major Changes

• c713fd5: The package is now distributed as ESM-only. In v0 releases, the package was dual-published as CJS and ESM.

  For existing CJS projects using Node v20+, please see Node's guide on Loading ECMAScript modules using require().

Minor Changes

• 415410b: This adds a custom filter function to autocompleteMultiselect. It could be used, for example, to support fuzzy searching logic.

• 7bc3301: Prompts now have a userInput stored separately from their value.

• 8409f2c: feat: add styleFrame option for spinner

• 2837845: Adds suggestion and path prompts

• 99c3530: Adds format option to the note prompt to allow formatting of individual lines

• 0aaee4c: Added new taskLog prompt for log output which is cleared on success

• 729bbb6: Add support for customizable spinner cancel and error messages. Users can now customize these messages either per spinner instance or globally via the updateSettings function to support multilingual CLIs.

  This update also improves the architecture by exposing the core settings to the prompts package, enabling more consistent default message handling across the codebase.

  // Per-instance customization
  const spinner = prompts.spinner({
    cancelMessage: "Operación cancelada", // "Operation cancelled" in Spanish
    errorMessage: "Se produjo un error", // "An error occurred" in Spanish
  });
  // Global customization via updateSettings
  prompts.updateSettings({
  messages: {
  cancel: "Operación cancelada", // "Operation cancelled" in Spanish
  error: "Se produjo un error", // "An error occurred" in Spanish
  },
  });
  // Settings can now be accessed directly
  console.log(prompts.settings.messages.cancel); // "Operación cancelada"
  // Direct options take priority over global settings
  const spinner = prompts.spinner({
  cancelMessage: "Cancelled", // This will be used instead of the global setting
  });

• 44df9af: Adds a new groupSpacing option to grouped multi-select prompts. If set to an integer greater than 0, it will add that number of new lines between each group.

... (truncated)

Changelog

Sourced from @​clack/prompts's changelog.

1.0.0

Major Changes

• c713fd5: The package is now distributed as ESM-only. In v0 releases, the package was dual-published as CJS and ESM.

  For existing CJS projects using Node v20+, please see Node's guide on Loading ECMAScript modules using require().

Minor Changes

• 415410b: This adds a custom filter function to autocompleteMultiselect. It could be used, for example, to support fuzzy searching logic.

• 7bc3301: Prompts now have a userInput stored separately from their value.

• 8409f2c: feat: add styleFrame option for spinner

• 2837845: Adds suggestion and path prompts

• 99c3530: Adds format option to the note prompt to allow formatting of individual lines

• 0aaee4c: Added new taskLog prompt for log output which is cleared on success

• 729bbb6: Add support for customizable spinner cancel and error messages. Users can now customize these messages either per spinner instance or globally via the updateSettings function to support multilingual CLIs.

  This update also improves the architecture by exposing the core settings to the prompts package, enabling more consistent default message handling across the codebase.

  // Per-instance customization
  const spinner = prompts.spinner({
    cancelMessage: "Operación cancelada", // "Operation cancelled" in Spanish
    errorMessage: "Se produjo un error", // "An error occurred" in Spanish
  });
  // Global customization via updateSettings
  prompts.updateSettings({
  messages: {
  cancel: "Operación cancelada", // "Operation cancelled" in Spanish
  error: "Se produjo un error", // "An error occurred" in Spanish
  },
  });
  // Settings can now be accessed directly
  console.log(prompts.settings.messages.cancel); // "Operación cancelada"
  // Direct options take priority over global settings
  const spinner = prompts.spinner({
  cancelMessage: "Cancelled", // This will be used instead of the global setting
  });

• 44df9af: Adds a new groupSpacing option to grouped multi-select prompts. If set to an integer greater than 0, it will add that number of new lines between each group.

• 55645c2: Support wrapping autocomplete and select prompts.

• 9e5bc6c: Add support for signals in prompts, allowing them to be aborted.

• f2c2b89: Adds AutocompletePrompt to core with comprehensive tests and implement both autocomplete and autocomplete-multiselect components in prompts package.

• 38019c7: Updates the API for stopping spinners and progress bars to be clearer

... (truncated)

Commits

• bc31ee8 v1 (#446)
• a520163 [ci] release (alpha) (#445)
• 68dbf9b feat: add caseSensitive option to select-key (#443)
• 55eb280 fix(autocomplete): display placeholder only when user input is empty (#442)
• c4feafb [ci] format
• 415410b feat(prompts): add custom filter option to autocomplete (#444)
• 5c65e38 [ci] release (alpha) (#434)
• f952592 fix: render guide with empty log lines (#436)
• 372b526 feat: add clear to spinner (#433)
• 4d50be6 [ci] release (alpha) (#422)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for @​clack/prompts since your current version.

Updates @google-cloud/secret-manager from 5.6.0 to 6.1.1

Release notes

Sourced from @​google-cloud/secret-manager's releases.

aiplatform: v6.1.0

6.1.0 (2026-01-12)

Features

• Add Lustre support to the Vertex Training Custom Job API (#6952) (8e2862c)
• Add Lustre support to the Vertex Training Custom Job API (#6959) (168fe86)

aiplatform: v6.0.0

6.0.0 (2025-12-09)

⚠ BREAKING CHANGES

• fix issue when using UrlContext tool (#6911)

Bug Fixes

• Fix issue when using UrlContext tool (#6911) (6fb8d09)

aiplatform: v5.14.0

5.14.0 (2025-11-21)

Features

• Add ReplicatedVoiceConfig to VoiceConfig to enable Gemini TTS voice replication (#6899) (beb5cac)
• Add support for developer connect based deployment (#6900) (7b6c79b)

aiplatform: v5.13.0

5.13.0 (2025-11-11)

Features

• Add order_by to list_events (#6864) (8d71bbf)

aiplatform: v5.12.0

5.12.0 (2025-10-25)

Features

• Add EmbedContent method v1 (#6844) (da2c718)

aiplatform: v5.11.0

5.11.0 (2025-10-23)

... (truncated)

Changelog

Sourced from @​google-cloud/secret-manager's changelog.

6.1.1 (2025-10-13)

Bug Fixes

• [gkeconnect-gateway] remove unused GatewayServiceClient (#6775) (41c2ff2)
• Remove unmaintained modules (#6789) (5540190)

6.1.0 (2025-07-09)

Features

• [Many APIs] add methods from gax to cache proto root and process custom error details (#6419) (f8a324c)
• [Many APIs] add methods from gax to cache proto root and process custom error details (#6423) (df9184f)
• [secretmanager] update secret manager protos for tags (#6400) (b41f79d)
• Add protobufjs 2023 edition support (#6303) (4a0cba1)

6.0.1 (2025-03-19)

Bug Fixes

• [Many APIs] await/catch promises, and update listOperationsAsync return type (#6188) (a73cdbf)

6.0.0 (2025-03-18)

⚠ BREAKING CHANGES

• upgrade to Node 18 (#6096)

Features

• [Many APIs] add request/response debug logging to gapics (b99c5f8)

Miscellaneous Chores

• Upgrade to Node 18 (#6096) (eadae64)

Commits

• 2260f12 chore!: migrate to Node 14 (#4443)
• 64109b0 fix: [Many APIs] fix typings for IAM methods (#4463)
• a018c21 chore: [secretmanager] postprocessor updates (#4442)
• 05cc8c6 chore(deps): pin dependency linkinator to v4.1.2 (#4303)
• 628023a build: make tests run faster (#4205)
• 48234a8 chore: release main (#4153)
• 170f7d5 fix: minify JSON and JS files, and remove .map files (#4143)
• 0b67d88 fix(deps): bump google-gax to ^3.5.8 (#4117)
• aa185bb chore: release main (#3992)
• 95399f7 fix: [Many APIs] changing format of the jsdoc links (#3989)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[changeset-bot]

⚠️ No Changeset found

Latest commit: fcb537f

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	@​clack/​core@​0.5.0 ⏵ 1.0.0			-2
	@​google-cloud/​secret-manager@​5.6.0 ⏵ 6.1.1	+1
	@​eslint/​js@​9.32.0 ⏵ 10.0.1			+10	-2
	@​clack/​prompts@​0.11.0 ⏵ 1.0.0			+1	+1

View full report

[socket-security]

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action	Severity	Alert  (click "▶" to expand/collapse)
Warn		Obfuscated code: npm markdown-it is 91.0% likely obfuscated Confidence: 0.91 Location: Package overview From: pnpm-lock.yaml → npm/@vscode/vsce@3.6.2 → npm/markdown-it@14.1.0 ℹ Read more on: This package | This alert | What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/markdown-it@14.1.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report

[pkg-pr-new]

Open in StackBlitz

@env-spec/parser

npm i https://pkg.pr.new/dmno-dev/varlock/@env-spec/parser@282

varlock

npm i https://pkg.pr.new/dmno-dev/varlock@282

@varlock/astro-integration

npm i https://pkg.pr.new/dmno-dev/varlock/@varlock/astro-integration@282

@varlock/nextjs-integration

npm i https://pkg.pr.new/dmno-dev/varlock/@varlock/nextjs-integration@282

@varlock/vite-integration

npm i https://pkg.pr.new/dmno-dev/varlock/@varlock/vite-integration@282

@varlock/1password-plugin

npm i https://pkg.pr.new/dmno-dev/varlock/@varlock/1password-plugin@282

@varlock/google-secret-manager-plugin

npm i https://pkg.pr.new/dmno-dev/varlock/@varlock/google-secret-manager-plugin@282

commit: fcb537f