chore(deps): bump shell-quote, @docusaurus/core and @docusaurus/preset-classic

[dependabot]

Bumps shell-quote to 1.8.4 and updates ancestor dependencies shell-quote, @docusaurus/core and @docusaurus/preset-classic. These dependencies need to be updated together.

Updates shell-quote from 1.7.2 to 1.8.4

Changelog

Sourced from shell-quote's changelog.

v1.8.4 - 2026-05-22

Commits

• [Fix] quote: validate object-token shapes 4378a6e
• [Dev Deps] update @ljharb/eslint-config, auto-changelog, eslint, npmignore 22ebec0
• [Tests] increase coverage 9f3caa3
• [readme] replace runkit CI badge with shields.io check-runs badge 3344a04
• [Dev Deps] update @ljharb/eslint-config 699c511

v1.8.3 - 2025-06-01

Fixed

• [Fix] remove unnecessary backslash escaping in single quotes [#15](https://github.com/ljharb/shell-quote/issues/15)

v1.8.2 - 2024-11-27

Fixed

• [Fix] quote: preserve empty strings [#18](https://github.com/ljharb/shell-quote/issues/18)

Commits

• [meta] fix changelog tags 0fb9fd8
• [actions] split out node 10-20, and 20+ 819bd84
• [Dev Deps] update @ljharb/eslint-config, auto-changelog, npmignore, tape fc56408
• [actions] update npm for windows tests fdeb0fd
• [Dev Deps] update @ljharb/eslint-config, aud, tape b8a4a3b
• [actions] prevent node 14 on ARM mac from failing 9eecafc
• [meta] exclude more files from the package 4044e7f
• [Tests] replace aud with npm audit 8cfdbd8
• [meta] add missing engines.node 843820e
• [Dev Deps] add missing peer dep 4c3b88d
• [Dev Deps] pin jackspeak since 2.1.2+ depends on npm aliases, which kill the install process in npm < 6 80322ed

v1.8.1 - 2023-04-07

Fixed

• [Fix] parse: preserve whitespace in comments [#6](https://github.com/ljharb/shell-quote/issues/6)
• [Fix] properly support the escape option [#5](https://github.com/ljharb/shell-quote/issues/5)

Commits

• [Refactor] parse: hoist getVar to module level b42ac73
• [Refactor] hoist some vars to module level 8f0c5c3
• [Refactor] parse: use slice over substr, cache some values fcb2e1a
• [Refactor] parse: a bit of cleanup 6780ec5
• [Refactor] parse: tweak the regex to not match nothing 227d474

... (truncated)

Commits

• ff166e2 v1.8.4
• 4378a6e [Fix] quote: validate object-token shapes
• 22ebec0 [Dev Deps] update @ljharb/eslint-config, auto-changelog, eslint, `npmig...
• 9f3caa3 [Tests] increase coverage
• 3344a04 [readme] replace runkit CI badge with shields.io check-runs badge
• 699c511 [Dev Deps] update @ljharb/eslint-config
• 487a9b4 v1.8.3
• 01faaff [Fix] remove unnecessary backslash escaping in single quotes
• b19fc77 v1.8.2
• 59d29ea [Fix] quote: preserve empty strings
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by ljharb, a new releaser for shell-quote since your current version.

Install script changes

This version adds prepublish script that runs during installation. Review the package contents before updating.

Updates @docusaurus/core from 2.0.0-beta.4 to 2.4.3

Release notes

Sourced from @​docusaurus/core's releases.

2.4.3 (2023-09-20)

🐛 Bug Fix

• docusaurus-plugin-content-docs
  • #9107 fix(content-docs): sidebar generator should return customProps for doc items (@​TheCatLady)
• docusaurus-theme-classic
  • #9108 feat(theme-classic): add description & keywords microdata to blog posts (@​TheCatLady)
  • #9099 fix(theme): only set classname on ul elements if they have an existing class (@​homotechsual)
  • #9243 fix(theme-common): ThemedComponent should display something when JS is disabled (@​slorber)
• docusaurus-theme-classic, docusaurus-theme-common
  • #9130 fix(theme): canonical url should be not change after hydration if url accessed with/without trailing slash (@​ori-shalom)

Committers: 4

• Mikey O'Toole (@​homotechsual)
• Ori Shalom (@​ori-shalom)
• Sébastien Lorber (@​slorber)
• @​TheCatLady

2.4.2 (2023-09-20)

Bad npm publish, please use 2.4.3

2.4.1 (2023-05-15)

🐛 Bug Fix

• docusaurus-theme-classic, docusaurus-theme-common
  • #8971 fix(theme): fix collapsible sidebar behavior when prefers-reduced-motion (@​slorber)
• docusaurus-theme-translations
  • #8933 fix(theme-translations): fix Turkish translation for aria label "Enter key" (@​LiberaTeMetuMortis)
• docusaurus
  • #8908 fix(core): Correct yarn upgrade command for yarn 2.x (@​andrewnicols)
• docusaurus-plugin-content-blog, docusaurus-theme-common, docusaurus-utils-common, docusaurus
  • #8909 fix(theme): add __ prefix to technical anchors, search crawlers (Algolia) should ignore them (@​slorber)
• docusaurus-theme-common
  • #8906 fix(theme-common): fix collapsible component with prefers-reduced-motion (@​slorber)
  • #8873 fix(theme-common): fix confusing theme error message: bad sidebar id suggestions (@​slorber)
• docusaurus-utils
  • #8874 fix(utils): handle Markdown links with spaces to route correctly (@​morsko1)
• docusaurus-theme-classic, docusaurus-theme-translations
  • #8842 fix(theme-translations): remove redundant navigation text in aria label (@​tarunrajput)
• create-docusaurus
  • #8831 fix(create): add missing await (@​SACHINnANYAKKARA)

💅 Polish

• docusaurus-theme-classic
  • #8862 refactor(theme): expose copy, success and word-wrap icons as standalone components (@​armano2)

... (truncated)

Changelog

Sourced from @​docusaurus/core's changelog.

2.4.3 (2023-09-20)

🐛 Bug Fix

• docusaurus-plugin-content-docs
  • #9107 fix(content-docs): sidebar generator should return customProps for doc items (@​TheCatLady)
• docusaurus-theme-classic
  • #9108 feat(theme-classic): add description & keywords microdata to blog posts (@​TheCatLady)
  • #9099 fix(theme): only set classname on ul elements if they have an existing class (@​homotechsual)
  • #9243 fix(theme-common): ThemedComponent should display something when JS is disabled (@​slorber)
• docusaurus-theme-classic, docusaurus-theme-common
  • #9130 fix(theme): canonical url should be not change after hydration if url accessed with/without trailing slash (@​ori-shalom)

Committers: 4

• Mikey O'Toole (@​homotechsual)
• Ori Shalom (@​ori-shalom)
• Sébastien Lorber (@​slorber)
• @​TheCatLady

2.4.2 (2023-09-20)

Bad npm publish, please use 2.4.3

2.4.1 (2023-05-15)

🐛 Bug Fix

• docusaurus-theme-classic, docusaurus-theme-common
  • #8971 fix(theme): fix collapsible sidebar behavior when prefers-reduced-motion (@​slorber)
• docusaurus-theme-translations
  • #8933 fix(theme-translations): fix Turkish translation for aria label "Enter key" (@​LiberaTeMetuMortis)
• docusaurus
  • #8908 fix(core): Correct yarn upgrade command for yarn 2.x (@​andrewnicols)
• docusaurus-plugin-content-blog, docusaurus-theme-common, docusaurus-utils-common, docusaurus
  • #8909 fix(theme): add __ prefix to technical anchors, search crawlers (Algolia) should ignore them (@​slorber)
• docusaurus-theme-common
  • #8906 fix(theme-common): fix collapsible component with prefers-reduced-motion (@​slorber)
  • #8873 fix(theme-common): fix confusing theme error message: bad sidebar id suggestions (@​slorber)
• docusaurus-utils
  • #8874 fix(utils): handle Markdown links with spaces to route correctly (@​morsko1)
• docusaurus-theme-classic, docusaurus-theme-translations
  • #8842 fix(theme-translations): remove redundant navigation text in aria label (@​tarunrajput)
• create-docusaurus
  • #8831 fix(create): add missing await (@​SACHINnANYAKKARA)

💅 Polish

• docusaurus-theme-classic
  • #8862 refactor(theme): expose copy, success and word-wrap icons as standalone components (@​armano2)

... (truncated)

Commits

• 56410aa v2.4.3
• 4ab5a93 chore: backport retro compatible commits for the Docusaurus v2.4.2 release (#...
• 4a2200a chore: backport retro compatible commits for the Docusaurus v2.4.1 release (#...
• 4fb67ef chore: backport retro compatible commits for the Docusaurus v2.4 release (#8809)
• c60387d chore: backport retro compatible commits for the Docusaurus v2.3.1 release (#...
• c84d779 chore: backport retro compatible commits for the Docusaurus v2.3 release (#8585)
• de97214 chore: backport retro compatible commits for the Docusaurus v2.2 release (#8264)
• 7743aa6 chore: release Docusaurus v2.1.0 (#8040)
• 26d2b9a chore: backport retro compatible commits for the Docusaurus v2.1 release (#8033)
• bb65b5c chore: release v2.0.1 (#7919)
• Additional commits viewable in compare view

Updates @docusaurus/preset-classic from 2.0.0-beta.4 to 2.4.3

Release notes

Sourced from @​docusaurus/preset-classic's releases.

2.4.3 (2023-09-20)

🐛 Bug Fix

• docusaurus-plugin-content-docs
  • #9107 fix(content-docs): sidebar generator should return customProps for doc items (@​TheCatLady)
• docusaurus-theme-classic
  • #9108 feat(theme-classic): add description & keywords microdata to blog posts (@​TheCatLady)
  • #9099 fix(theme): only set classname on ul elements if they have an existing class (@​homotechsual)
  • #9243 fix(theme-common): ThemedComponent should display something when JS is disabled (@​slorber)
• docusaurus-theme-classic, docusaurus-theme-common
  • #9130 fix(theme): canonical url should be not change after hydration if url accessed with/without trailing slash (@​ori-shalom)

Committers: 4

• Mikey O'Toole (@​homotechsual)
• Ori Shalom (@​ori-shalom)
• Sébastien Lorber (@​slorber)
• @​TheCatLady

2.4.2 (2023-09-20)

Bad npm publish, please use 2.4.3

2.4.1 (2023-05-15)

🐛 Bug Fix

• docusaurus-theme-classic, docusaurus-theme-common
  • #8971 fix(theme): fix collapsible sidebar behavior when prefers-reduced-motion (@​slorber)
• docusaurus-theme-translations
  • #8933 fix(theme-translations): fix Turkish translation for aria label "Enter key" (@​LiberaTeMetuMortis)
• docusaurus
  • #8908 fix(core): Correct yarn upgrade command for yarn 2.x (@​andrewnicols)
• docusaurus-plugin-content-blog, docusaurus-theme-common, docusaurus-utils-common, docusaurus
  • #8909 fix(theme): add __ prefix to technical anchors, search crawlers (Algolia) should ignore them (@​slorber)
• docusaurus-theme-common
  • #8906 fix(theme-common): fix collapsible component with prefers-reduced-motion (@​slorber)
  • #8873 fix(theme-common): fix confusing theme error message: bad sidebar id suggestions (@​slorber)
• docusaurus-utils
  • #8874 fix(utils): handle Markdown links with spaces to route correctly (@​morsko1)
• docusaurus-theme-classic, docusaurus-theme-translations
  • #8842 fix(theme-translations): remove redundant navigation text in aria label (@​tarunrajput)
• create-docusaurus
  • #8831 fix(create): add missing await (@​SACHINnANYAKKARA)

💅 Polish

• docusaurus-theme-classic
  • #8862 refactor(theme): expose copy, success and word-wrap icons as standalone components (@​armano2)

... (truncated)

Changelog

Sourced from @​docusaurus/preset-classic's changelog.

2.4.3 (2023-09-20)

🐛 Bug Fix

• docusaurus-plugin-content-docs
  • #9107 fix(content-docs): sidebar generator should return customProps for doc items (@​TheCatLady)
• docusaurus-theme-classic
  • #9108 feat(theme-classic): add description & keywords microdata to blog posts (@​TheCatLady)
  • #9099 fix(theme): only set classname on ul elements if they have an existing class (@​homotechsual)
  • #9243 fix(theme-common): ThemedComponent should display something when JS is disabled (@​slorber)
• docusaurus-theme-classic, docusaurus-theme-common
  • #9130 fix(theme): canonical url should be not change after hydration if url accessed with/without trailing slash (@​ori-shalom)

Committers: 4

• Mikey O'Toole (@​homotechsual)
• Ori Shalom (@​ori-shalom)
• Sébastien Lorber (@​slorber)
• @​TheCatLady

2.4.2 (2023-09-20)

Bad npm publish, please use 2.4.3

2.4.1 (2023-05-15)

🐛 Bug Fix

• docusaurus-theme-classic, docusaurus-theme-common
  • #8971 fix(theme): fix collapsible sidebar behavior when prefers-reduced-motion (@​slorber)
• docusaurus-theme-translations
  • #8933 fix(theme-translations): fix Turkish translation for aria label "Enter key" (@​LiberaTeMetuMortis)
• docusaurus
  • #8908 fix(core): Correct yarn upgrade command for yarn 2.x (@​andrewnicols)
• docusaurus-plugin-content-blog, docusaurus-theme-common, docusaurus-utils-common, docusaurus
  • #8909 fix(theme): add __ prefix to technical anchors, search crawlers (Algolia) should ignore them (@​slorber)
• docusaurus-theme-common
  • #8906 fix(theme-common): fix collapsible component with prefers-reduced-motion (@​slorber)
  • #8873 fix(theme-common): fix confusing theme error message: bad sidebar id suggestions (@​slorber)
• docusaurus-utils
  • #8874 fix(utils): handle Markdown links with spaces to route correctly (@​morsko1)
• docusaurus-theme-classic, docusaurus-theme-translations
  • #8842 fix(theme-translations): remove redundant navigation text in aria label (@​tarunrajput)
• create-docusaurus
  • #8831 fix(create): add missing await (@​SACHINnANYAKKARA)

💅 Polish

• docusaurus-theme-classic
  • #8862 refactor(theme): expose copy, success and word-wrap icons as standalone components (@​armano2)

... (truncated)

Commits

• 56410aa v2.4.3
• 4a2200a chore: backport retro compatible commits for the Docusaurus v2.4.1 release (#...
• 4fb67ef chore: backport retro compatible commits for the Docusaurus v2.4 release (#8809)
• c60387d chore: backport retro compatible commits for the Docusaurus v2.3.1 release (#...
• c84d779 chore: backport retro compatible commits for the Docusaurus v2.3 release (#8585)
• de97214 chore: backport retro compatible commits for the Docusaurus v2.2 release (#8264)
• 7743aa6 chore: release Docusaurus v2.1.0 (#8040)
• 26d2b9a chore: backport retro compatible commits for the Docusaurus v2.1 release (#8033)
• bb65b5c chore: release v2.0.1 (#7919)
• d255389 chore: prepare v2.0.0-rc.1 release (#7778)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.

[cloudflare-workers-and-pages]

Deploying docs with    Cloudflare Pages

Latest commit:	86a44cc
Status:	🚫  Build failed.

View logs

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	@​docusaurus/​preset-classic@​2.0.0-beta.4 ⏵ 2.4.3			+6
	@​docusaurus/​core@​2.0.0-beta.4 ⏵ 2.4.3			+1
	react@​17.0.1
	clsx@​1.1.1 ⏵ 1.2.1			-7
	react-dom@​17.0.1

View full report

[socket-security]

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action	Severity	Alert  (click "▶" to expand/collapse)
Warn		Obfuscated code: npm cheerio is 90.0% likely obfuscated Confidence: 0.90 Location: Package overview From: package-lock.json → npm/@easyops-cn/docusaurus-search-local@0.19.1 → npm/@docusaurus/preset-classic@2.4.3 → npm/cheerio@1.2.0 ℹ Read more on: This package | This alert | What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/cheerio@1.2.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Obfuscated code: npm copy-webpack-plugin is 90.0% likely obfuscated Confidence: 0.90 Location: Package overview From: package-lock.json → npm/@docusaurus/core@2.4.3 → npm/copy-webpack-plugin@11.0.0 ℹ Read more on: This package | This alert | What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/copy-webpack-plugin@11.0.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Obfuscated code: npm entities is 91.0% likely obfuscated Confidence: 0.91 Location: Package overview From: package-lock.json → npm/@easyops-cn/docusaurus-search-local@0.19.1 → npm/@docusaurus/core@2.4.3 → npm/@docusaurus/preset-classic@2.4.3 → npm/entities@4.5.0 ℹ Read more on: This package | This alert | What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/entities@4.5.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Obfuscated code: npm entities is 91.0% likely obfuscated Confidence: 0.91 Location: Package overview From: package-lock.json → npm/@easyops-cn/docusaurus-search-local@0.19.1 → npm/@docusaurus/preset-classic@2.4.3 → npm/entities@6.0.1 ℹ Read more on: This package | This alert | What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/entities@6.0.1. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Obfuscated code: npm htmlparser2 is 90.0% likely obfuscated Confidence: 0.90 Location: Package overview From: package-lock.json → npm/@easyops-cn/docusaurus-search-local@0.19.1 → npm/@docusaurus/preset-classic@2.4.3 → npm/htmlparser2@10.1.0 ℹ Read more on: This package | This alert | What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/htmlparser2@10.1.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Obfuscated code: npm js-yaml is 90.0% likely obfuscated Confidence: 0.90 Location: Package overview From: package-lock.json → npm/@easyops-cn/docusaurus-search-local@0.19.1 → npm/@docusaurus/core@2.4.3 → npm/@docusaurus/preset-classic@2.4.3 → npm/js-yaml@4.2.0 ℹ Read more on: This package | This alert | What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/js-yaml@4.2.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Obfuscated code: npm node-forge is 90.0% likely obfuscated Confidence: 0.90 Location: Package overview From: package-lock.json → npm/node-forge@1.4.0 ℹ Read more on: This package | This alert | What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/node-forge@1.4.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Obfuscated code: npm react-textarea-autosize is 90.0% likely obfuscated Confidence: 0.90 Location: Package overview From: package-lock.json → npm/@docusaurus/preset-classic@2.4.3 → npm/react-textarea-autosize@8.5.9 ℹ Read more on: This package | This alert | What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/react-textarea-autosize@8.5.9. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Obfuscated code: npm react is 90.0% likely obfuscated Confidence: 0.90 Location: Package overview From: package-lock.json → npm/react@17.0.1 ℹ Read more on: This package | This alert | What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/react@17.0.1. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report