Skip to content

SDK regeneration#350

Open
fern-api[bot] wants to merge 1 commit into
masterfrom
fern-bot/2026-05-27T11-27-15Z
Open

SDK regeneration#350
fern-api[bot] wants to merge 1 commit into
masterfrom
fern-bot/2026-05-27T11-27-15Z

Conversation

@fern-api

@fern-api fern-api Bot commented May 27, 2026

Copy link
Copy Markdown
Contributor

Automated SDK generation by Fern

@socket-security

socket-security Bot commented May 27, 2026

Copy link
Copy Markdown

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security
Vulnerability Quality Maintenance License
Updatednpm/​webpack@​5.105.4 ⏵ 5.108.380 -21009399 +1100
Updatednpm/​ts-jest@​29.4.6 ⏵ 29.4.119710094 +191100
Updatednpm/​ts-loader@​9.5.4 ⏵ 9.6.299 +110010093 -1100
Updatednpm/​form-data@​4.0.5 ⏵ 4.0.699 +1100 +16100 +195100

View full report

@socket-security

socket-security Bot commented May 27, 2026

Copy link
Copy Markdown

Caution

Review the following alerts detected in dependencies.

According to your organization's Security Policy, you must resolve all "Block" alerts before proceeding. It is recommended to resolve "Warn" alerts too. Learn more about Socket for GitHub.

Action Severity Alert  (click "▶" to expand/collapse)
Block Medium
Recently published: npm caniuse-lite published 7 hours ago

Location: Package overview

From: ?npm/webpack@5.108.3npm/@jest/globals@29.7.0npm/jest@29.7.0npm/caniuse-lite@1.0.30001800

ℹ Read more on: This package | This alert | What are recently published artifacts?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should either be allowlisted to allow recently-published versions, or an older version should be used instead.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/caniuse-lite@1.0.30001800. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Block Medium
Recently published: npm electron-to-chromium published 7 hours ago

Location: Package overview

From: ?npm/webpack@5.108.3npm/@jest/globals@29.7.0npm/jest@29.7.0npm/electron-to-chromium@1.5.382

ℹ Read more on: This package | This alert | What are recently published artifacts?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should either be allowlisted to allow recently-published versions, or an older version should be used instead.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/electron-to-chromium@1.5.382. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Block Medium
Recently published: npm webpack published 19 hours ago

Location: Package overview

From: package.jsonnpm/webpack@5.108.3

ℹ Read more on: This package | This alert | What are recently published artifacts?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should either be allowlisted to allow recently-published versions, or an older version should be used instead.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/webpack@5.108.3. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
Obfuscated code: npm webpack is 90.0% likely obfuscated

Confidence: 0.90

Location: Package overview

From: package.jsonnpm/webpack@5.108.3

ℹ Read more on: This package | This alert | What is obfuscated code?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/webpack@5.108.3. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
Obfuscated code: npm yargs is 90.0% likely obfuscated

Confidence: 0.90

Location: Package overview

From: ?npm/jest@29.7.0npm/msw@2.11.2npm/yargs@17.7.3

ℹ Read more on: This package | This alert | What is obfuscated code?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/yargs@17.7.3. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn Medium
Dynamic code execution: npm minimizer-webpack-plugin

Eval Type: Function

Location: Package overview

From: ?npm/webpack@5.108.3npm/minimizer-webpack-plugin@5.6.1

ℹ Read more on: This package | This alert | What is dynamic code execution?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Avoid packages that use dynamic code execution like eval(), since this could potentially execute any code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/minimizer-webpack-plugin@5.6.1. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn Medium
System shell access: npm webpack in module child_process

Module: child_process

Location: Package overview

From: package.jsonnpm/webpack@5.108.3

ℹ Read more on: This package | This alert | What is shell access?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should avoid accessing the shell which can reduce portability, and make it easier for malicious shell access to be introduced.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/webpack@5.108.3. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report

@fern-api fern-api Bot changed the title 🌿 Fern Regeneration -- May 27, 2026 SDK regeneration Jun 12, 2026
@fern-api fern-api Bot force-pushed the fern-bot/2026-05-27T11-27-15Z branch 4 times, most recently from 70fd997 to f16ce7d Compare June 16, 2026 22:52
@fern-api fern-api Bot force-pushed the fern-bot/2026-05-27T11-27-15Z branch from f16ce7d to 82589b0 Compare June 29, 2026 18:19
Generated by Fern
CLI Version: unknown
Generators:
  - fernapi/fern-typescript-node-sdk: 3.53.13
@fern-api fern-api Bot force-pushed the fern-bot/2026-05-27T11-27-15Z branch from 82589b0 to 6fe700e Compare June 30, 2026 17:20
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants