Thanks to visit codestin.com
Credit goes to github.com

Skip to content

[Snyk] Upgrade prettier from 2.4.1 to 3.5.3 #559

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
Dargon789 merged 1 commit into from
Jun 10, 2025
Merged

[Snyk] Upgrade prettier from 2.4.1 to 3.5.3 #559

Dargon789 merged 1 commit into from
Jun 10, 2025

Conversation

@Dargon789
Copy link
Owner

@Dargon789 Dargon789 commented Jun 10, 2025

snyk-top-banner

Snyk has created this PR to upgrade prettier from 2.4.1 to 3.5.3.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

⚠️ Warning: This PR contains major version upgrade(s), and may be a breaking change.

  • The recommended version is 52 versions ahead of your current version.

  • The recommended version was released 3 months ago.

Release notes
Package name: prettier
  • 3.5.3 - 2025-03-03

    🔗 Changelog

  • 3.5.2 - 2025-02-22

    🔗 Changelog

  • 3.5.1 - 2025-02-13

    🔗 Changelog

  • 3.5.0 - 2025-02-09

    diff

    🔗 Release note

  • 3.4.2 - 2024-12-04

    🔗 Changelog

  • 3.4.1 - 2024-11-26

    🔗 Changelog

  • 3.4.0 - 2024-11-26

    diff

    🔗 Release note

  • 3.3.3 - 2024-07-13
  • 3.3.2 - 2024-06-11
  • 3.3.1 - 2024-06-05
  • 3.3.0 - 2024-06-01
  • 3.2.5 - 2024-02-04
  • 3.2.4 - 2024-01-17
  • 3.2.3 - 2024-01-17
  • 3.2.2 - 2024-01-14
  • 3.2.1 - 2024-01-12
  • 3.2.0 - 2024-01-12
  • 3.1.1 - 2023-12-10
  • 3.1.0 - 2023-11-13
  • 3.0.3 - 2023-08-29
  • 3.0.2 - 2023-08-15
  • 3.0.1 - 2023-08-03
  • 3.0.0 - 2023-07-05
  • 3.0.0-alpha.9-for-vscode - 2023-04-23
  • 3.0.0-alpha.8-for-vscode - 2023-04-23
  • 3.0.0-alpha.7-for-vscode - 2023-04-23
  • 3.0.0-alpha.12 - 2023-05-26
  • 3.0.0-alpha.11 - 2023-04-25
  • 3.0.0-alpha.10 - 2023-04-23
  • 3.0.0-alpha.6 - 2023-03-02
  • 3.0.0-alpha.5 - 2023-03-01
  • 3.0.0-alpha.4 - 2022-10-26
  • 3.0.0-alpha.3 - 2022-10-20
  • 3.0.0-alpha.2 - 2022-10-13
  • 3.0.0-alpha.1 - 2022-10-08
  • 3.0.0-alpha.0 - 2022-08-17
  • 2.8.8 - 2023-04-23
  • 2.8.7 - 2023-03-24
  • 2.8.6 - 2023-03-21
  • 2.8.5 - 2023-03-20
  • 2.8.4 - 2023-02-08
  • 2.8.3 - 2023-01-14
  • 2.8.2 - 2023-01-07
  • 2.8.1 - 2022-12-07
  • 2.8.0 - 2022-11-23
  • 2.7.1 - 2022-06-16
  • 2.7.0 - 2022-06-14
  • 2.6.2 - 2022-04-02
  • 2.6.1 - 2022-03-25
  • 2.6.0 - 2022-03-16
  • 2.5.1 - 2021-12-04
  • 2.5.0 - 2021-11-25
  • 2.4.1 - 2021-09-16
from prettier GitHub release notes

Important

  • Warning: This PR contains a major version upgrade, and may be a breaking change.
  • Check the changes in this PR to ensure they won't cause issues with your project.
  • This PR was automatically created by Snyk using the credentials of a real user.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

@snyk-bot
feat: upgrade prettier from 2.4.1 to 3.5.3
e651b06 
Snyk has created this PR to upgrade prettier from 2.4.1 to 3.5.3.

See this package in npm:
prettier

See this project in Snyk:
https://app.snyk.io/org/dargon789/project/64ff2fe4-69fc-4e59-a39d-6cda025a360e?utm_source=github&utm_medium=referral&page=upgrade-pr
@vercel
Copy link

vercel bot commented Jun 10, 2025
edited
Loading

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name Status Preview Comments Updated (UTC)
hardhat-project-uz7z ✅ Ready (Inspect) Visit Preview 💬 Add feedback Jun 10, 2025 10:07pm

@codesandbox
Copy link

codesandbox bot commented Jun 10, 2025

Review or Edit in CodeSandbox

Open the branch in Web EditorVS CodeInsiders

Open Preview

@socket-security
Copy link

socket-security bot commented Jun 10, 2025

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security		 Vulnerability Quality Maintenance License
Addedeslint-module-utils@​2.12.01001006784100
Addedeslint-config-prettier@​8.3.01001006990100
Addedfind-up@​2.1.01001009376100
Addedflag@​5.0.1871001007770
Addedeslint-plugin-node@​11.1.09910010077100
Addedio-ts@​1.10.410010010078100
Addedeslint-plugin-no-only-tests@​3.0.01001009078100
Addedboxen@​8.0.19910010078100
Addedenquirer@​2.4.110010010079100
Addedchai-as-promised@​7.1.210010010080100
Addedchokidar@​3.6.09910010080100
Addedci-info@​2.0.010010010081100
Addedeslint-doc-generator@​1.7.19810010081100
Addedethereumjs-abi@​0.6.810010010081100
Addedfs-extra@​7.0.110010010081100
Addedglob@​7.2.0991001008370
Addedganache-cli@​6.12.2961001008370
See 15 more rows in the dashboard

View full report

@socket-security
Copy link

socket-security bot commented Jun 10, 2025

Caution

Review the following alerts detected in dependencies.

According to your organization's Security Policy, you must resolve all "Block" alerts before proceeding. It is recommended to resolve "Warn" alerts too. Learn more about Socket for GitHub.

Action Severity Alert (click for details)
Block Critical
[email protected] has a Critical CVE.

CVE: GHSA-xwcq-pm8m-c4vf crypto-js PBKDF2 1,000 times weaker than specified in 1993 and 1.3M times weaker than current standard (CRITICAL)

Affected versions: < 4.2.0

Patched version: 4.2.0

From: pnpm-lock.yamlnpm/[email protected]

ℹ Read more on: This package | This alert | What is a critical CVE?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at [email protected].

Suggestion: Remove or replace dependencies that include known critical CVEs. Consumers can use dependency overrides or npm audit fix --force to remove vulnerable dependencies.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/[email protected]. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Block Critical
[email protected] has a Critical CVE.

CVE: GHSA-vjh7-7g9h-fjfh Elliptic's private key extraction in ECDSA upon signing a malformed input (e.g. a string) (CRITICAL)

Affected versions: < 6.6.1

Patched version: 6.6.1

From: pnpm-lock.yamlnpm/@nomiclabs/[email protected]npm/[email protected]

ℹ Read more on: This package | This alert | What is a critical CVE?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at [email protected].

Suggestion: Remove or replace dependencies that include known critical CVEs. Consumers can use dependency overrides or npm audit fix --force to remove vulnerable dependencies.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/[email protected]. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
[email protected] has a License Policy Violation.

License: CC-BY-4.0 (npm metadata)

License: CC-BY-4.0 (package/LICENSE)

License: CC-BY-4.0 (package/package.json)

From: pnpm-lock.yamlnpm/[email protected]

ℹ Read more on: This package | This alert | What is a license policy violation?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at [email protected].

Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/[email protected]. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
[email protected] has a License Policy Violation.

License: WTFPL (npm metadata)

License: WTFPL (package/LICENSE.txt)

License: WTFPL (package/package.json)

From: packages/hardhat-chai-matchers/package.jsonnpm/[email protected]

ℹ Read more on: This package | This alert | What is a license policy violation?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at [email protected].

Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/[email protected]. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
[email protected] has a License Policy Violation.

License: OFL-1.1 (package/docs/assets/fonts/LICENSE.txt)

From: pnpm-lock.yamlnpm/@nomiclabs/[email protected]npm/[email protected]

ℹ Read more on: This package | This alert | What is a license policy violation?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at [email protected].

Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/[email protected]. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
[email protected] has a License Policy Violation.

License: GPL-3.0-only (package/mock/contracts/EtherRouter/EtherRouter.sol)

License: GPL-3.0-only (package/mock/contracts/EtherRouter/Resolver.sol)

From: pnpm-lock.yamlnpm/[email protected]npm/[email protected]

ℹ Read more on: This package | This alert | What is a license policy violation?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at [email protected].

Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/[email protected]. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
[email protected] has a License Policy Violation.

License: CC-BY-SA-4.0 (package/LICENSE)

From: pnpm-lock.yamlnpm/[email protected]

ℹ Read more on: This package | This alert | What is a license policy violation?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at [email protected].

Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/[email protected]. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
[email protected] has a License Policy Violation.

License: WTFPL (package/LICENSE)

From: pnpm-lock.yamlnpm/@nomiclabs/[email protected]npm/[email protected]

ℹ Read more on: This package | This alert | What is a license policy violation?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at [email protected].

Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/[email protected]. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn Medium
[email protected] is Deprecated.

Reason: Package no longer supported. Contact Support at https://www.npmjs.com/support for more info.

From: pnpm-lock.yamlnpm/[email protected]npm/[email protected]

ℹ Read more on: This package | This alert | What is a deprecated package?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at [email protected].

Suggestion: Research the state of the package and determine if there are non-deprecated versions that can be used, or if it should be replaced with a new, supported solution.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/[email protected]. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn Medium
[email protected] is Deprecated.

Reason: This module has been superseded by the multiformats module

From: pnpm-lock.yamlnpm/@nomiclabs/[email protected]npm/[email protected]

ℹ Read more on: This package | This alert | What is a deprecated package?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at [email protected].

Suggestion: Research the state of the package and determine if there are non-deprecated versions that can be used, or if it should be replaced with a new, supported solution.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/[email protected]. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn Medium
[email protected] is Deprecated.

Reason: This version is no longer supported. Please see https://eslint.org/version-support for other options.

From: packages/eslint-plugin-hardhat-internal-rules/package.jsonnpm/[email protected]

ℹ Read more on: This package | This alert | What is a deprecated package?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at [email protected].

Suggestion: Research the state of the package and determine if there are non-deprecated versions that can be used, or if it should be replaced with a new, supported solution.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/[email protected]. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn Medium
[email protected] is Deprecated.

Reason: This library has been deprecated and usage is discouraged.

From: pnpm-lock.yamlnpm/[email protected]

ℹ Read more on: This package | This alert | What is a deprecated package?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at [email protected].

Suggestion: Research the state of the package and determine if there are non-deprecated versions that can be used, or if it should be replaced with a new, supported solution.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/[email protected]. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn Medium
[email protected] is Deprecated.

Reason: ganache-cli is now ganache; visit https://trfl.io/g7 for details

From: packages/common/package.jsonnpm/[email protected]

ℹ Read more on: This package | This alert | What is a deprecated package?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at [email protected].

Suggestion: Research the state of the package and determine if there are non-deprecated versions that can be used, or if it should be replaced with a new, supported solution.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/[email protected]. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn Medium
[email protected] is Deprecated.

Reason: this library is no longer supported

From: pnpm-lock.yamlnpm/[email protected]

ℹ Read more on: This package | This alert | What is a deprecated package?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at [email protected].

Suggestion: Research the state of the package and determine if there are non-deprecated versions that can be used, or if it should be replaced with a new, supported solution.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/[email protected]. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report

@github-actions
Copy link

github-actions bot commented Jun 10, 2025

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

PackageVersionScoreDetails
npm/prettier 3.5.3 🟢 7.4
Details
CheckScoreReason
Maintained🟢 1030 commit(s) and 12 issue activity found in the last 90 days -- score normalized to 10
Code-Review🟢 6Found 9/15 approved changesets -- score normalized to 6
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Security-Policy🟢 10security policy file detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Packaging⚠️ -1packaging workflow not detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Token-Permissions🟢 8detected GitHub workflow tokens with excessive permissions
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Fuzzing⚠️ 0project is not fuzzed
SAST🟢 10SAST tool is run on all commits
Vulnerabilities🟢 82 existing vulnerabilities detected

Scanned Files

  • packages/hardhat-foundry/package.json

@Dargon789 Dargon789 merged commit 4276395 into main Jun 10, 2025
15 of 22 checks passed
@Dargon789 Dargon789 deleted the snyk-upgrade-c1c36de93c7db4f4a564ef30a252eeb0 branch June 10, 2025 22:16
@github-actions github-actions bot locked as resolved and limited conversation to collaborators Sep 9, 2025
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

No reviews

Assignees

No one assigned

Labels

status:ready

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@Dargon789 @snyk-bot