chore(deps): bump postcss, @docusaurus/core and @docusaurus/preset-classic

[dependabot]

Bumps postcss to 8.5.15 and updates ancestor dependencies postcss, @docusaurus/core and @docusaurus/preset-classic. These dependencies need to be updated together.

Updates postcss from 8.3.6 to 8.5.15

Release notes

Sourced from postcss's releases.

8.5.15

• Fixed declaration parsing performance (by @​homanp).

8.5.14

• Fixed custom syntax regression (by @​43081j).

8.5.13

• Fixed postcss-scss commend regression.

8.5.12

• Fixed reading any file via user-generated CSS.
• Added opts.unsafeMap to disable checks.

8.5.11

• Fixed nested brackets parsing performance (by @​offset).

8.5.10

• Fixed XSS via unescaped </style> in non-bundler cases (by @​TharVid).

8.5.9

• Speed up source map encoding paring in case of the error.

8.5.8

• Fixed Processor#version.

8.5.7

• Improved source map annotation cleaning performance (by CodeAnt AI).

8.5.6

• Fixed ContainerWithChildren type discriminating (by @​Goodwine).

8.5.5

• Fixed package.json→exports compatibility with some tools (by @​JounQin).

8.5.4

• Fixed Parcel compatibility issue (by @​git-sumitchaudhary).

8.5.3

• Added more details to Unknown word error (by @​hiepxanh).
• Fixed types (by @​romainmenke).
• Fixed docs (by @​catnipan).

8.5.2

• Fixed end position of rules with semicolon (by @​romainmenke).

8.5.1

• Fixed backwards compatibility for complex cases (by @​romainmenke).

8.5 “Duke Alloces”

... (truncated)

Changelog

Sourced from postcss's changelog.

8.5.15

• Fixed declaration parsing performance (by @​homanp).

8.5.14

• Fixed custom syntax regression (by @​43081j).

8.5.13

• Fixed postcss-scss commend regression.

8.5.12

• Fixed reading any file via user-generated CSS.
• Added opts.unsafeMap to disable checks.

8.5.11

• Fixed nested brackets parsing performance (by @​offset).

8.5.10

• Fixed XSS via unescaped </style> in non-bundler cases (by @​TharVid).

8.5.9

• Speed up source map encoding paring in case of the error.

8.5.8

• Fixed Processor#version.

8.5.7

• Improved source map annotation cleaning performance (by CodeAnt AI).

8.5.6

• Fixed ContainerWithChildren type discriminating (by @​Goodwine).

8.5.5

• Fixed package.json→exports compatibility with some tools (by @​JounQin).

8.5.4

• Fixed Parcel compatibility issue (by @​git-sumitchaudhary).

8.5.3

... (truncated)

Commits

• eae46db Release 8.5.15 version
• 79508ff Update CI actions
• b128e21 Speed up declaration parsing by avoiding creating new array on each token
• 9825dca Fix code format
• 55789c8 Update dependencies
• 84fbbe9 Install older pnpm action for old Node.js
• 9f860bd Revert pnpm action for old Node.js
• 0877198 Update CI actions
• b2d1a33 Fix linter warnings
• 0700dac Merge pull request #2088 from rootvector2/add-oss-fuzz-harness
• Additional commits viewable in compare view

Updates @docusaurus/core from 2.0.0-beta.4 to 2.4.3

Release notes

Sourced from @​docusaurus/core's releases.

2.4.3 (2023-09-20)

🐛 Bug Fix

• docusaurus-plugin-content-docs
  • #9107 fix(content-docs): sidebar generator should return customProps for doc items (@​TheCatLady)
• docusaurus-theme-classic
  • #9108 feat(theme-classic): add description & keywords microdata to blog posts (@​TheCatLady)
  • #9099 fix(theme): only set classname on ul elements if they have an existing class (@​homotechsual)
  • #9243 fix(theme-common): ThemedComponent should display something when JS is disabled (@​slorber)
• docusaurus-theme-classic, docusaurus-theme-common
  • #9130 fix(theme): canonical url should be not change after hydration if url accessed with/without trailing slash (@​ori-shalom)

Committers: 4

• Mikey O'Toole (@​homotechsual)
• Ori Shalom (@​ori-shalom)
• Sébastien Lorber (@​slorber)
• @​TheCatLady

2.4.2 (2023-09-20)

Bad npm publish, please use 2.4.3

2.4.1 (2023-05-15)

🐛 Bug Fix

• docusaurus-theme-classic, docusaurus-theme-common
  • #8971 fix(theme): fix collapsible sidebar behavior when prefers-reduced-motion (@​slorber)
• docusaurus-theme-translations
  • #8933 fix(theme-translations): fix Turkish translation for aria label "Enter key" (@​LiberaTeMetuMortis)
• docusaurus
  • #8908 fix(core): Correct yarn upgrade command for yarn 2.x (@​andrewnicols)
• docusaurus-plugin-content-blog, docusaurus-theme-common, docusaurus-utils-common, docusaurus
  • #8909 fix(theme): add __ prefix to technical anchors, search crawlers (Algolia) should ignore them (@​slorber)
• docusaurus-theme-common
  • #8906 fix(theme-common): fix collapsible component with prefers-reduced-motion (@​slorber)
  • #8873 fix(theme-common): fix confusing theme error message: bad sidebar id suggestions (@​slorber)
• docusaurus-utils
  • #8874 fix(utils): handle Markdown links with spaces to route correctly (@​morsko1)
• docusaurus-theme-classic, docusaurus-theme-translations
  • #8842 fix(theme-translations): remove redundant navigation text in aria label (@​tarunrajput)
• create-docusaurus
  • #8831 fix(create): add missing await (@​SACHINnANYAKKARA)

💅 Polish

• docusaurus-theme-classic
  • #8862 refactor(theme): expose copy, success and word-wrap icons as standalone components (@​armano2)

... (truncated)

Changelog

Sourced from @​docusaurus/core's changelog.

2.4.3 (2023-09-20)

🐛 Bug Fix

• docusaurus-plugin-content-docs
  • #9107 fix(content-docs): sidebar generator should return customProps for doc items (@​TheCatLady)
• docusaurus-theme-classic
  • #9108 feat(theme-classic): add description & keywords microdata to blog posts (@​TheCatLady)
  • #9099 fix(theme): only set classname on ul elements if they have an existing class (@​homotechsual)
  • #9243 fix(theme-common): ThemedComponent should display something when JS is disabled (@​slorber)
• docusaurus-theme-classic, docusaurus-theme-common
  • #9130 fix(theme): canonical url should be not change after hydration if url accessed with/without trailing slash (@​ori-shalom)

Committers: 4

• Mikey O'Toole (@​homotechsual)
• Ori Shalom (@​ori-shalom)
• Sébastien Lorber (@​slorber)
• @​TheCatLady

2.4.2 (2023-09-20)

Bad npm publish, please use 2.4.3

2.4.1 (2023-05-15)

🐛 Bug Fix

• docusaurus-theme-classic, docusaurus-theme-common
  • #8971 fix(theme): fix collapsible sidebar behavior when prefers-reduced-motion (@​slorber)
• docusaurus-theme-translations
  • #8933 fix(theme-translations): fix Turkish translation for aria label "Enter key" (@​LiberaTeMetuMortis)
• docusaurus
  • #8908 fix(core): Correct yarn upgrade command for yarn 2.x (@​andrewnicols)
• docusaurus-plugin-content-blog, docusaurus-theme-common, docusaurus-utils-common, docusaurus
  • #8909 fix(theme): add __ prefix to technical anchors, search crawlers (Algolia) should ignore them (@​slorber)
• docusaurus-theme-common
  • #8906 fix(theme-common): fix collapsible component with prefers-reduced-motion (@​slorber)
  • #8873 fix(theme-common): fix confusing theme error message: bad sidebar id suggestions (@​slorber)
• docusaurus-utils
  • #8874 fix(utils): handle Markdown links with spaces to route correctly (@​morsko1)
• docusaurus-theme-classic, docusaurus-theme-translations
  • #8842 fix(theme-translations): remove redundant navigation text in aria label (@​tarunrajput)
• create-docusaurus
  • #8831 fix(create): add missing await (@​SACHINnANYAKKARA)

💅 Polish

• docusaurus-theme-classic
  • #8862 refactor(theme): expose copy, success and word-wrap icons as standalone components (@​armano2)

... (truncated)

Commits

• 56410aa v2.4.3
• 4ab5a93 chore: backport retro compatible commits for the Docusaurus v2.4.2 release (#...
• 4a2200a chore: backport retro compatible commits for the Docusaurus v2.4.1 release (#...
• 4fb67ef chore: backport retro compatible commits for the Docusaurus v2.4 release (#8809)
• c60387d chore: backport retro compatible commits for the Docusaurus v2.3.1 release (#...
• c84d779 chore: backport retro compatible commits for the Docusaurus v2.3 release (#8585)
• de97214 chore: backport retro compatible commits for the Docusaurus v2.2 release (#8264)
• 7743aa6 chore: release Docusaurus v2.1.0 (#8040)
• 26d2b9a chore: backport retro compatible commits for the Docusaurus v2.1 release (#8033)
• bb65b5c chore: release v2.0.1 (#7919)
• Additional commits viewable in compare view

Updates @docusaurus/preset-classic from 2.0.0-beta.4 to 2.4.3

Release notes

Sourced from @​docusaurus/preset-classic's releases.

2.4.3 (2023-09-20)

🐛 Bug Fix

• docusaurus-plugin-content-docs
  • #9107 fix(content-docs): sidebar generator should return customProps for doc items (@​TheCatLady)
• docusaurus-theme-classic
  • #9108 feat(theme-classic): add description & keywords microdata to blog posts (@​TheCatLady)
  • #9099 fix(theme): only set classname on ul elements if they have an existing class (@​homotechsual)
  • #9243 fix(theme-common): ThemedComponent should display something when JS is disabled (@​slorber)
• docusaurus-theme-classic, docusaurus-theme-common
  • #9130 fix(theme): canonical url should be not change after hydration if url accessed with/without trailing slash (@​ori-shalom)

Committers: 4

• Mikey O'Toole (@​homotechsual)
• Ori Shalom (@​ori-shalom)
• Sébastien Lorber (@​slorber)
• @​TheCatLady

2.4.2 (2023-09-20)

Bad npm publish, please use 2.4.3

2.4.1 (2023-05-15)

🐛 Bug Fix

• docusaurus-theme-classic, docusaurus-theme-common
  • #8971 fix(theme): fix collapsible sidebar behavior when prefers-reduced-motion (@​slorber)
• docusaurus-theme-translations
  • #8933 fix(theme-translations): fix Turkish translation for aria label "Enter key" (@​LiberaTeMetuMortis)
• docusaurus
  • #8908 fix(core): Correct yarn upgrade command for yarn 2.x (@​andrewnicols)
• docusaurus-plugin-content-blog, docusaurus-theme-common, docusaurus-utils-common, docusaurus
  • #8909 fix(theme): add __ prefix to technical anchors, search crawlers (Algolia) should ignore them (@​slorber)
• docusaurus-theme-common
  • #8906 fix(theme-common): fix collapsible component with prefers-reduced-motion (@​slorber)
  • #8873 fix(theme-common): fix confusing theme error message: bad sidebar id suggestions (@​slorber)
• docusaurus-utils
  • #8874 fix(utils): handle Markdown links with spaces to route correctly (@​morsko1)
• docusaurus-theme-classic, docusaurus-theme-translations
  • #8842 fix(theme-translations): remove redundant navigation text in aria label (@​tarunrajput)
• create-docusaurus
  • #8831 fix(create): add missing await (@​SACHINnANYAKKARA)

💅 Polish

• docusaurus-theme-classic
  • #8862 refactor(theme): expose copy, success and word-wrap icons as standalone components (@​armano2)

... (truncated)

Changelog

Sourced from @​docusaurus/preset-classic's changelog.

2.4.3 (2023-09-20)

🐛 Bug Fix

• docusaurus-plugin-content-docs
  • #9107 fix(content-docs): sidebar generator should return customProps for doc items (@​TheCatLady)
• docusaurus-theme-classic
  • #9108 feat(theme-classic): add description & keywords microdata to blog posts (@​TheCatLady)
  • #9099 fix(theme): only set classname on ul elements if they have an existing class (@​homotechsual)
  • #9243 fix(theme-common): ThemedComponent should display something when JS is disabled (@​slorber)
• docusaurus-theme-classic, docusaurus-theme-common
  • #9130 fix(theme): canonical url should be not change after hydration if url accessed with/without trailing slash (@​ori-shalom)

Committers: 4

• Mikey O'Toole (@​homotechsual)
• Ori Shalom (@​ori-shalom)
• Sébastien Lorber (@​slorber)
• @​TheCatLady

2.4.2 (2023-09-20)

Bad npm publish, please use 2.4.3

2.4.1 (2023-05-15)

🐛 Bug Fix

• docusaurus-theme-classic, docusaurus-theme-common
  • #8971 fix(theme): fix collapsible sidebar behavior when prefers-reduced-motion (@​slorber)
• docusaurus-theme-translations
  • #8933 fix(theme-translations): fix Turkish translation for aria label "Enter key" (@​LiberaTeMetuMortis)
• docusaurus
  • #8908 fix(core): Correct yarn upgrade command for yarn 2.x (@​andrewnicols)
• docusaurus-plugin-content-blog, docusaurus-theme-common, docusaurus-utils-common, docusaurus
  • #8909 fix(theme): add __ prefix to technical anchors, search crawlers (Algolia) should ignore them (@​slorber)
• docusaurus-theme-common
  • #8906 fix(theme-common): fix collapsible component with prefers-reduced-motion (@​slorber)
  • #8873 fix(theme-common): fix confusing theme error message: bad sidebar id suggestions (@​slorber)
• docusaurus-utils
  • #8874 fix(utils): handle Markdown links with spaces to route correctly (@​morsko1)
• docusaurus-theme-classic, docusaurus-theme-translations
  • #8842 fix(theme-translations): remove redundant navigation text in aria label (@​tarunrajput)
• create-docusaurus
  • #8831 fix(create): add missing await (@​SACHINnANYAKKARA)

💅 Polish

• docusaurus-theme-classic
  • #8862 refactor(theme): expose copy, success and word-wrap icons as standalone components (@​armano2)

... (truncated)

Commits

• 56410aa v2.4.3
• 4a2200a chore: backport retro compatible commits for the Docusaurus v2.4.1 release (#...
• 4fb67ef chore: backport retro compatible commits for the Docusaurus v2.4 release (#8809)
• c60387d chore: backport retro compatible commits for the Docusaurus v2.3.1 release (#...
• c84d779 chore: backport retro compatible commits for the Docusaurus v2.3 release (#8585)
• de97214 chore: backport retro compatible commits for the Docusaurus v2.2 release (#8264)
• 7743aa6 chore: release Docusaurus v2.1.0 (#8040)
• 26d2b9a chore: backport retro compatible commits for the Docusaurus v2.1 release (#8033)
• bb65b5c chore: release v2.0.1 (#7919)
• d255389 chore: prepare v2.0.0-rc.1 release (#7778)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.

[cloudflare-workers-and-pages]

Deploying docs with    Cloudflare Pages

Latest commit:	7064af2
Status:	🚫  Build failed.

View logs

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	@​docusaurus/​preset-classic@​2.0.0-beta.4 ⏵ 2.4.3			+6
	@​docusaurus/​core@​2.0.0-beta.4 ⏵ 2.4.3			+1
	react@​17.0.1
	clsx@​1.1.1 ⏵ 1.2.1			-7
	react-dom@​17.0.1

View full report

[socket-security]

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action	Severity	Alert  (click "▶" to expand/collapse)
Warn		Obfuscated code: npm cheerio is 90.0% likely obfuscated Confidence: 0.90 Location: Package overview From: package-lock.json → npm/@easyops-cn/docusaurus-search-local@0.19.1 → npm/@docusaurus/preset-classic@2.4.3 → npm/cheerio@1.2.0 ℹ Read more on: This package | This alert | What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/cheerio@1.2.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Obfuscated code: npm copy-webpack-plugin is 90.0% likely obfuscated Confidence: 0.90 Location: Package overview From: package-lock.json → npm/@docusaurus/core@2.4.3 → npm/copy-webpack-plugin@11.0.0 ℹ Read more on: This package | This alert | What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/copy-webpack-plugin@11.0.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Obfuscated code: npm entities is 91.0% likely obfuscated Confidence: 0.91 Location: Package overview From: package-lock.json → npm/@easyops-cn/docusaurus-search-local@0.19.1 → npm/@docusaurus/core@2.4.3 → npm/@docusaurus/preset-classic@2.4.3 → npm/entities@4.5.0 ℹ Read more on: This package | This alert | What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/entities@4.5.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Obfuscated code: npm entities is 91.0% likely obfuscated Confidence: 0.91 Location: Package overview From: package-lock.json → npm/@easyops-cn/docusaurus-search-local@0.19.1 → npm/@docusaurus/preset-classic@2.4.3 → npm/entities@6.0.1 ℹ Read more on: This package | This alert | What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/entities@6.0.1. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Obfuscated code: npm htmlparser2 is 90.0% likely obfuscated Confidence: 0.90 Location: Package overview From: package-lock.json → npm/@easyops-cn/docusaurus-search-local@0.19.1 → npm/@docusaurus/preset-classic@2.4.3 → npm/htmlparser2@10.1.0 ℹ Read more on: This package | This alert | What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/htmlparser2@10.1.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Obfuscated code: npm js-yaml is 90.0% likely obfuscated Confidence: 0.90 Location: Package overview From: package-lock.json → npm/@easyops-cn/docusaurus-search-local@0.19.1 → npm/@docusaurus/core@2.4.3 → npm/@docusaurus/preset-classic@2.4.3 → npm/js-yaml@4.2.0 ℹ Read more on: This package | This alert | What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/js-yaml@4.2.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Obfuscated code: npm node-forge is 90.0% likely obfuscated Confidence: 0.90 Location: Package overview From: package-lock.json → npm/node-forge@1.4.0 ℹ Read more on: This package | This alert | What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/node-forge@1.4.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Obfuscated code: npm react-textarea-autosize is 90.0% likely obfuscated Confidence: 0.90 Location: Package overview From: package-lock.json → npm/@docusaurus/preset-classic@2.4.3 → npm/react-textarea-autosize@8.5.9 ℹ Read more on: This package | This alert | What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/react-textarea-autosize@8.5.9. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Obfuscated code: npm react is 90.0% likely obfuscated Confidence: 0.90 Location: Package overview From: package-lock.json → npm/react@17.0.1 ℹ Read more on: This package | This alert | What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/react@17.0.1. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report