@loopback/testlab - npm Package Compare versions

Comparing version 6.1.1 to 6.1.2

package.json

 {
   "name": "@loopback/testlab",
   "description": "A collection of test utilities we use to write LoopBack tests.",
-  "version": "6.1.1",
+  "version": "6.1.2",
   "license": "MIT",
@@ -41,3 +41,3 @@ "main": "dist/index.js",
     "@types/shot": "^4.0.1",
-    "@types/sinon": "^10.0.15",
+    "@types/sinon": "^10.0.16",
     "@types/supertest": "^2.0.12",
@@ -50,10 +50,10 @@ "express": "^4.18.2",
     "supertest": "^6.3.3",
-    "tslib": "^2.6.0"
+    "tslib": "^2.6.1"
   },
   "devDependencies": {
-    "@loopback/build": "^10.1.1",
-    "@loopback/eslint-config": "^14.0.2",
-    "@types/node": "^16.18.38"
+    "@loopback/build": "^10.1.2",
+    "@loopback/eslint-config": "^14.0.3",
+    "@types/node": "^16.18.40"
   },
-  "gitHead": "be0c53e30bbe9edf7753c4fcd7ab3199f7cd3b8c"
+  "gitHead": "0e9d6114999bd4d53969071e49bec5f6680ae9ad"
 }

New alerts

Network access

Supply chain risk

This module accesses the network.

Found 3 instances in 1 package

Uses eval

Supply chain risk

Package uses dynamic code execution (e.g., eval()), which is a dangerous practice. This can prevent the code from running in certain environments and increases the risk that the code may contain exploits or malicious behavior.

Found 1 instance in 1 package

Environment variable access

Supply chain risk

Package accesses environment variables, which may be a sign of credential stuffing or data theft.

Found 1 instance in 1 package

Filesystem access

Supply chain risk

Accesses the file system, and could potentially read sensitive data.

Found 2 instances in 1 package

Long strings

Supply chain risk

Contains long string literals, which may be a sign of obfuscated or packed code.

Found 1 instance in 1 package

URL strings

Supply chain risk

Package contains fragments of external URLs or IP addresses, which the package may be accessing at runtime.

Found 1 instance in 1 package

Fixed alerts

Network access

Supply chain risk

This module accesses the network.

Found 3 instances in 1 package

Uses eval

Supply chain risk

Package uses dynamic code execution (e.g., eval()), which is a dangerous practice. This can prevent the code from running in certain environments and increases the risk that the code may contain exploits or malicious behavior.

Found 1 instance in 1 package

Environment variable access

Supply chain risk

Package accesses environment variables, which may be a sign of credential stuffing or data theft.

Found 1 instance in 1 package

Filesystem access

Supply chain risk

Accesses the file system, and could potentially read sensitive data.

Found 2 instances in 1 package

Long strings

Supply chain risk

Contains long string literals, which may be a sign of obfuscated or packed code.

Found 1 instance in 1 package

URL strings

Supply chain risk

Package contains fragments of external URLs or IP addresses, which the package may be accessing at runtime.

Found 1 instance in 1 package

No metric changes

Dependency changes

• Updated

  @types/sinon@^10.0.16

• Updated

  tslib@^2.6.1