Manually update dependencies

[alexandratran]

Description

Manually resolve dependency conflicts that dependabot PRs are unable to resolve automatically.

Checklist

Complete this checklist before merging your PR:

• If this PR contains a major change to the documentation content, I have added an entry to the top of the "What's new?" page.
• The proposed changes have been reviewed and approved by a member of the documentation team.

[vercel]

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name	Status	Preview	Comments	Updated (UTC)
metamask-docs	❌ Failed (Inspect)			Jul 16, 2025 10:44pm

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	@​typescript-eslint/​parser@​8.30.1 ⏵ 8.37.0
	@​types/​react@​18.3.9 ⏵ 18.3.23	+1		+1	-1
	docusaurus-plugin-sass@​0.2.5 ⏵ 0.2.6	+1		+2
	stylelint-config-standard@​34.0.0 ⏵ 36.0.1	+1		+1
	eslint-plugin-react@​7.37.4 ⏵ 7.37.5	+1
	prism-react-renderer@​2.4.0 ⏵ 2.4.1
	launchdarkly-js-client-sdk@​3.4.0 ⏵ 3.8.1			+1
	@​sentry/​browser@​8.51.0 ⏵ 8.55.0	+1		+1
	@​metamask/​sdk@​0.32.0 ⏵ 0.32.1	+1			+1
	@​eslint/​js@​9.20.0 ⏵ 9.31.0			+4
	ethers@​6.13.5 ⏵ 6.15.0	+1
	react-player@​2.16.0 ⏵ 2.16.1				+4
	dotenv@​16.4.7 ⏵ 16.6.1	+1		+1
	@​rjsf/​utils@​5.24.8 ⏵ 5.24.12	+1		+1	-2
	@​rjsf/​core@​5.24.10 ⏵ 5.24.12				-1
	prettier@​3.3.3 ⏵ 3.6.2	+1
	eslint@​9.20.0 ⏵ 9.31.0
	stylelint@​15.11.0 ⏵ 16.21.1
	@​apidevtools/​json-schema-ref-parser@​14.1.0 ⏵ 14.1.1	+1			+2

View full report

[socket-security]

Caution

Review the following alerts detected in dependencies.

According to your organization's Security Policy, you must resolve all "Block" alerts before proceeding. It is recommended to resolve "Warn" alerts too. Learn more about Socket for GitHub.

Action	Severity	Alert (click for details)
Block		@parcel/[email protected] has Native code. Location: Package overview From: package-lock.json → npm/[email protected] → npm/@parcel/[email protected] ℹ Read more on: This package | This alert | Why is native code a concern? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at [email protected]. Suggestion: Verify that the inclusion of native code is expected and necessary for this package's functionality. If it is unnecessary or unexpected, consider using alternative packages without native code to mitigate potential risks. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@parcel/[email protected]. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Block		@parcel/[email protected] has Shell access. Module: child_process Location: Package overview From: package-lock.json → npm/[email protected] → npm/@parcel/[email protected] ℹ Read more on: This package | This alert | What is shell access? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at [email protected]. Suggestion: Packages should avoid accessing the shell which can reduce portability, and make it easier for malicious shell access to be introduced. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@parcel/[email protected]. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Block		[email protected] has Network access. Module: globalThis["fetch"] Location: Package overview From: package-lock.json → npm/[email protected] ℹ Read more on: This package | This alert | What is network access? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at [email protected]. Suggestion: Packages should remove all network access that is functionally unnecessary. Consumers should audit network access to ensure legitimate use. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/[email protected]. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Block		[email protected] has a New author. New Author: ljharb Previous Author: cwmma From: package-lock.json → npm/[email protected] → npm/[email protected] ℹ Read more on: This package | This alert | What is new author? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at [email protected]. Suggestion: Scrutinize new collaborator additions to packages because they now have the ability to publish code into your dependency tree. Packages should avoid frequent or unnecessary additions or changes to publishing rights. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/[email protected]. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Block		[email protected] has a New author. New Author: wesleytodd Previous Author: ulisesgascon From: package-lock.json → npm/@docusaurus/[email protected] → npm/[email protected] ℹ Read more on: This package | This alert | What is new author? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at [email protected]. Suggestion: Scrutinize new collaborator additions to packages because they now have the ability to publish code into your dependency tree. Packages should avoid frequent or unnecessary additions or changes to publishing rights. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/[email protected]. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Block		[email protected] has a New author. New Author: ljharb Previous Author: cwmma From: package-lock.json → npm/[email protected] → npm/[email protected] ℹ Read more on: This package | This alert | What is new author? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at [email protected]. Suggestion: Scrutinize new collaborator additions to packages because they now have the ability to publish code into your dependency tree. Packages should avoid frequent or unnecessary additions or changes to publishing rights. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/[email protected]. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Block		[email protected] has a New author. New Author: ljharb Previous Author: fanatid From: package-lock.json → npm/[email protected] → npm/[email protected] ℹ Read more on: This package | This alert | What is new author? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at [email protected]. Suggestion: Scrutinize new collaborator additions to packages because they now have the ability to publish code into your dependency tree. Packages should avoid frequent or unnecessary additions or changes to publishing rights. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/[email protected]. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Block		[email protected] has a New author. New Author: blakeembrey Previous Author: wesleytodd From: package-lock.json → npm/@docusaurus/[email protected] → npm/[email protected] ℹ Read more on: This package | This alert | What is new author? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at [email protected]. Suggestion: Scrutinize new collaborator additions to packages because they now have the ability to publish code into your dependency tree. Packages should avoid frequent or unnecessary additions or changes to publishing rights. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/[email protected]. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Block		[email protected] has a New author. New Author: ljharb Previous Author: dcousens From: package-lock.json → npm/[email protected] → npm/@metamask/[email protected] → npm/[email protected] ℹ Read more on: This package | This alert | What is new author? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at [email protected]. Suggestion: Scrutinize new collaborator additions to packages because they now have the ability to publish code into your dependency tree. Packages should avoid frequent or unnecessary additions or changes to publishing rights. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/[email protected]. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Block		[email protected] has a New author. New Author: evilebottnawi Previous Author: sokra From: package-lock.json → npm/[email protected] → npm/[email protected] → npm/@docusaurus/[email protected] → npm/@docusaurus/[email protected] → npm/@docusaurus/[email protected] → npm/@docusaurus/[email protected] → npm/@docusaurus/[email protected] → npm/@docusaurus/[email protected] → npm/@docusaurus/[email protected] → npm/@docusaurus/[email protected] → npm/@docusaurus/[email protected] → npm/@docusaurus/[email protected] → npm/[email protected] ℹ Read more on: This package | This alert | What is new author? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at [email protected]. Suggestion: Scrutinize new collaborator additions to packages because they now have the ability to publish code into your dependency tree. Packages should avoid frequent or unnecessary additions or changes to publishing rights. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/[email protected]. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		@parcel/[email protected] has Install scripts. Install script: install Source: node scripts/build-from-source.js From: package-lock.json → npm/[email protected] → npm/@parcel/[email protected] ℹ Read more on: This package | This alert | What is an install script? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at [email protected]. Suggestion: Packages should not be running non-essential scripts during install and there are often solutions to problems people solve with install scripts that can be run at publish time instead. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@parcel/[email protected]. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report