Bump @playform/build from 0.3.0 to 0.3.1 by dependabot[bot] · Pull Request #624 · PlayForm/Delete

dependabot · 2026-04-06T03:22:47Z

⚠️ Dependabot is rebasing this PR ⚠️

Rebasing might not happen immediately, so don't worry if this takes some time.

Note: if you make any changes to this PR yourself, they will take precedence over the rebase.

Bumps @playform/build from 0.3.0 to 0.3.1.

Release notes

Sourced from @playform/build's releases.

v0.3.1

Full Changelog: PlayForm/Build@v0.3.0...v0.3.1

Build/v0.3.1

What's Changed

Bump @types/node from 25.2.3 to 25.3.0 by @dependabot[bot] in PlayForm/Build#333

Bump actions/upload-artifact from 6.0.0 to 7.0.0 by @dependabot[bot] in PlayForm/Build#334

Bump @types/node from 25.3.0 to 25.3.2 by @dependabot[bot] in PlayForm/Build#335

Bump @types/node from 25.3.2 to 25.3.3 by @dependabot[bot] in PlayForm/Build#336

Bump actions/setup-node from 6.2.0 to 6.3.0 by @dependabot[bot] in PlayForm/Build#337

Bump @types/node from 25.3.3 to 25.3.5 by @dependabot[bot] in PlayForm/Build#338

Bump @types/node from 25.3.5 to 25.4.0 by @dependabot[bot] in PlayForm/Build#339

Bump pnpm/action-setup from 4.2.0 to 4.3.0 by @dependabot[bot] in PlayForm/Build#340

Bump @types/node from 25.4.0 to 25.5.0 by @dependabot[bot] in PlayForm/Build#341

Bump esbuild from 0.27.3 to 0.27.4 by @dependabot[bot] in PlayForm/Build#342

Bump pnpm/action-setup from 4.3.0 to 4.4.0 by @dependabot[bot] in PlayForm/Build#343

Bump pnpm/action-setup from 4.4.0 to 5.0.0 by @dependabot[bot] in PlayForm/Build#344

Bump typescript from 5.9.3 to 6.0.2 by @dependabot[bot] in PlayForm/Build#345

Bump dependabot/fetch-metadata from 2.5.0 to 3.0.0 by @dependabot[bot] in PlayForm/Build#346

Bump esbuild from 0.27.4 to 0.27.5 by @dependabot[bot] in PlayForm/Build#347

Bump esbuild from 0.27.5 to 0.27.7 by @dependabot[bot] in PlayForm/Build#348

Bump @types/node from 25.5.0 to 25.5.2 by @dependabot[bot] in PlayForm/Build#349

Bump esbuild from 0.27.7 to 0.28.0 by @dependabot[bot] in PlayForm/Build#350

Full Changelog: PlayForm/Build@Build/v0.3.0...Build/v0.3.1

Changelog

Sourced from @playform/build's changelog.

0.3.1

Changed

Updated version to 0.3.1

Updated dependencies:

@types/node from 25.2.3 to 25.5.2

esbuild from 0.27.3 to 0.28.0

typescript from 5.9.3 to 6.0.2

Added

Added Documentation/ to .npmignore to exclude from published package

Added ignoreDeprecations option to tsconfig.json

Added rootDir option to tsconfig.json

Commits

10fdb5e 0.3.1
5fcaed3 squash!
See full diff in compare view

socket-security · 2026-04-06T03:23:04Z

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	@playform/build@0.3.0 ⏵ 0.3.1	^-1			⁺¹

View full report

socket-security · 2026-04-06T03:23:06Z

Caution

Review the following alerts detected in dependencies.

According to your organization's Security Policy, you must resolve all "Block" alerts before proceeding. Learn more about Socket for GitHub.

Action	Severity	Alert (click "▶" to expand/collapse)
Block		Embedded URLs or IPs: npm `@types/node` URLs: https://docs.libuv.org/en/v1.x/misc.html#c.uv_available_parallelism, https://linux.die.net/man/3/uname, https://en.wikipedia.org/wiki/Uname#Examples, https://nodejs.org/docs/latest-v25.x/api/errors.html#class-systemerror, https://nodejs.org/docs/latest-v25.x/api/process.html#processarch, https://github.com/nodejs/node/blob/HEAD/BUILDING.md#androidandroid-based-devices-eg-firefox-os, example.com, 127.0.0.1:8000, process.env.HOST, req.headers.host, https://nodejs.org/docs/latest-v25.x/api/http.html#built-in-proxy-support, https://nodejs.org/docs/latest-v25.x/api/net.html#socketconnectoptions-connectlistener, https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Operators/Equality, https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Operators/Inequality, https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Object/is, https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Classes, https://developer.mozilla.org/en-US/docs/Web/JavaScript/Guide/Regular_Expressions, https://nodejs.org/docs/latest-v25.x/api/errors.html#err_invalid_return_value, https://nodejs.org/docs/latest-v25.x/api/errors.html#class-error, https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Uint8Array, https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/String/length, https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/DataView, https://developer.mozilla.org/en-US/docs/Web/JavaScript/-, https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/ArrayBuffer, https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/JSON/stringify, https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/TypedArray/set, https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/String/indexOf, https://nodejs.org/docs/latest-v25.x/api/async_hooks.html#promise-execution-tracking, https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/TypedArray/subarray, https://nodejs.org/docs/latest-v25.x/api/process.html#a-note-on-process-io, https://github.com/nodejs/node/blob/v25.x/lib/console.js, https://nodejs.org/docs/latest-v25.x/api/util.html#utilinspectobject-options, ws://127.0.0.1:9229/166e272e-7a30-4d09-97ce-f1c012b43c34, https://nodejs.org/en/docs/inspector, app.js.map, 0.0.0.0, 192.168.1.1, 74.125.127.100, 127.0.0.1, 123.123.123.123, 10.0.0.1, 10.0.0.10, 10.0.0.3, 222.111.111.222, 192.168.1.0/24, 10.0.0.5, 127.000.000.001, 127.0.0.1/24, sqlTagStore.run, sql.run, https://www.sqlite.org/c3ref/changes.html, https://nodejs.org/docs/latest-v25.x/api/test.html#test-runner-execution-model, https://nodejs.org/docs/latest-v25.x/api/cli.html#--test-update-snapshots, xn--fsq.com, xn--maana-pta.com, ana.com, xn----dqo34k.com, https://developer.mozilla.org/en-US/docs/Web/JavaScript/Data_structures#String_type, https://developer.mozilla.org/en-US/docs/Web/JavaScript/Data_structures#Number_type, https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/BigInt, https://developer.mozilla.org/en-US/docs/Web/JavaScript/Data_structures#Boolean_type, encrypted.google.com, github.com, https://encrypted.google.com/, https://nodejs.org/docs/latest-v25.x/api/async_context.html, https://github.com/nodejs/node/blob/v25.x/lib/crypto.js, https://www.openssl.org/docs/man3.0/man1/openssl-spkac.html, https://nodejs.org/dist/latest-v25.x/docs/api/crypto.html#crypto-constants, https://www.openssl.org/docs/man1.0.2/ssl/SSL_CTX_set_options.html, https://www.openssl.org/docs/man1.0.2/ssl/SSL_CTX_set_options.html., https://en.wikipedia.org/wiki/Initialization_vector, https://www.rfc-editor.org/rfc/rfc2412.txt, https://www.rfc-editor.org/rfc/rfc3526.txt, https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-132.pdf, https://en.wikipedia.org/wiki/Fisher%E2%80%93Yates_shuffle#Modulo_bias, https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Number/isSafeInteger, https://www.w3.org/TR/capability-urls/, https://nodejs.org/docs/latest-v25.x/api/crypto.html#asymmetric-key-types, https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44532, https://www.rfc-editor.org/rfc/rfc2818.txt, https://www.rfc-editor.org/rfc/rfc5280.txt, https://www.rfc-editor.org/rfc/rfc9106.html, https://nodejs.org/docs/latest-v25.x/api/crypto.html#using-strings-as-inputs-to-cryptographic-apis, http://man7.org/linux/man-pages/man3/readdir.3.html, http://man7.org/linux/man-pages/man2/readlink.2.html, http://man7.org/linux/man-pages/man2/mkdir.2.html, https://docs.microsoft.com/en-us/windows/desktop/FileIO/naming-a-file, https://docs.microsoft.com/en-us/windows/desktop/FileIO/using-streams, http://man7.org/linux/man-pages/man2/fsync.2.html, http://man7.org/linux/man-pages/man2/pwrite.2.html, fs.read, fs.watch, https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Number/MAX_SAFE_INTEGER, http://man7.org/linux/man-pages/man2/fdatasync.2.html, http://man7.org/linux/man-pages/man3/opendir.3.html, 4.4.4.4, 4.4.4.4:1053, nodejs.org, https://nodejs.org/docs/latest-v20.x/api/errors.html#class-error, https://nodejs.org/docs/latest-v20.x/api/dns.html#error-codes, https://nodejs.org/docs/latest-v20.x/api/dns.html#dnspromiseslookuphostname-options, https://tools.ietf.org/html/rfc5952#section-6, https://man7.org/linux/man-pages/man5/resolv.conf.5.html, https://nodejs.org/docs/latest-v20.x/api/dns.html#dnspromisessetdefaultresultorderorder, https://nodejs.org/docs/latest-v20.x/api/cli.html#--dns-result-orderorder, https://nodejs.org/docs/latest-v20.x/api/worker_threads.html, example.org, 224.0.0.114, https://en.wikipedia.org/wiki/IPv6_address#Scoped_literal_IPv6_addresses, https://tools.ietf.org/html/rfc4007, 10.0.0.2, https://tc39.github.io/ecma262/#sec-asynciterable-interface, https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Iteration_protocols#The_iterable_protocol, https://developer.mozilla.org/en-US/docs/Web/API/ArrayBufferView, http://man7.org/linux/man-pages/man2/open.2.html, http://man7.org/linux/man-pages/man2/lstat.2.html, http://man7.org/linux/man-pages/man2/link.2.html, http://man7.org/linux/man-pages/man2/unlink.2.html, https://github.com/mdn/content/pull/38027, http://example.org:8000, https://example.org:80, https://example.org/foo/bar, https://example.org, http2stream.id, https://example.com, request.stream, http://example.com, http://example.com/status?name=ryan, https://nodejs.org/docs/latest-v25.x/api/errors.html#class-typeerror, response.stream, https://tools.ietf.org/html/rfc7540, https://http2.github.io/faq/#does-http2-require-encryption, 93.184.216.34, archive.org, https://nodejs.org/docs/latest-v25.x/api/util.html#utilpromisifyoriginal, https://tools.ietf.org/html/rfc8482, https://nodejs.org/docs/latest-v25.x/api/dns.html#error-codes, https://nodejs.org/docs/latest-v25.x/api/dns.html#dnspromiseslookuphostname-options, https://datatracker.ietf.org/doc/html/rfc5952#section-6, https://nodejs.org/docs/latest-v25.x/api/cli.html#--dns-result-orderorder, https://nodejs.org/docs/latest-v25.x/api/worker_threads.html, https://nodejs.org/docs/latest-v25.x/api/worker_threads.html#worker-threads, https://nodejs.org/docs/latest-v25.x/api/module.html#module-compile-cache, options.directory, module.id, https://github.com/nodejs/node/blob/v25.x/lib/child_process.js, subprocess.channel, https://nodejs.org/docs/latest-v25.x/api/net.html#class-netsocket, https://nodejs.org/docs/latest-v25.x/api/net.html#class-netserver, https://nodejs.org/docs/latest-v25.x/api/dgram.html#class-dgramsocket, test.sh, https://example.com/some/path?page=1&#x26, urlObject.host, urlObject.search, http://example.com/, http://example.com/one, http://example.com/two, https://tools.ietf.org/html/rfc5891#section-4.4, https://www.openssl.org/docs/man1.1.1/man3/SSL_CIPHER_get_name.html, https://tools.ietf.org/html/rfc5929, https://www.openssl.org/docs/man1.1.1/man3/SSL_export_keying_material.html, https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#exporter-labels, https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Error, https://developer.mozilla.org/en-US/docs/Web/JavaScript/Data_structures#Undefined_type, https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44531, options.ca, https://hg.mozilla.org/mozilla-central/raw-file/tip/security/nss/lib/ckfw/builtins/certdata.txt, https://nodejs.org/docs/latest-v25.x/api/stream.html#streamcomposestreams, readable.map, https://nodejs.org/docs/latest-v25.x/api/modules.md#loading-ecmascript-modules-using-require, process.report.directory, https://nodejs.org/docs/latest-v25.x/api/cli.html#program-entry-point, https://nodejs.org/docs/latest-v25.x/api/os.html#dlopen-constants, http://man7.org/linux/man-pages/man7/environ.7.html, process.pid, https://docs.libuv.org/en/v1.x/misc.html#c.uv_get_constrained_memory, https://nodejs.org/docs/latest-v25.x/api/process.html#processavailablememory, https://nodejs.org/api/cli.html#--permission, https://nodejs.org/api/permissions.html#permission-model, https://nodejs.org/download/release/v18.12.0/node-v18.12.0.tar.gz, https://nodejs.org/download/release/v18.12.0/node-v18.12.0-headers.tar.gz, https://nodejs.org/download/release/v18.12.0/win-x64/node.lib, https://nodejs.org/docs/latest-v25.x/api/report.html, process.report, https://nodejs.org/docs/latest-v25.x/api/v8.html, https://www.chromium.org/developers/how-tos/trace-event-profiling-tool, https://nodejs.org/docs/latest-v25.x/api/worker_threads.html#class-worker, https://github.com/nodejs/node/blob/v25.x/lib/trace_events.js, https://v8docs.nodesource.com/node-13.2/d5/dda/classv8_1_1_isolate.html#a6079122af17612ef54ef3348ce170866, https://nodejs.org/docs/latest-v25.x/api/cli.html#--heapsnapshot-near-heap-limitmax_count, https://chromedevtools.github.io/devtools-protocol/1-3/Runtime/#type-ScriptId, https://nodejs.org/docs/latest-v25.x/api/util.html#modifiers, https://github.com/microsoft/TypeScript/issues/12936, https://github.com/WebAssembly/wabt, https://github.com/nodejs/node/blob/v25.x/lib/wasi.js, https://nodejs.org/docs/latest-v25.x/api/vm.html#support-of-dynamic-import-in-compilation-apis, https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/eval, https://es5.github.io/#x10.4.2, https://tc39.es/ecma262/#sec-abstract-module-records, https://tc39.es/ecma262/#sec-cyclic-module-records, https://tc39.es/ecma262/#sec-getmodulenamespace, https://tc39.es/ecma262/#sec-moduleevaluation, https://tc39.es/ecma262/#sec-smr-Evaluate, https://heycam.github.io/webidl/#synthetic-module-records, https://developer.mozilla.org/en-US/docs/Web/API/Web_Workers_API, IO.read, https://chromedevtools.github.io/devtools-protocol/v8/, https://github.com/nodejs/node/blob/v25.x/src/node_sea.cc, https://developer.mozilla.org/en-US/docs/Web/API/Blob, https://nodejs.org/docs/latest-v25.x/api/child_process.html#optionsstdio, https://man7.org/linux/man-pages/man2/setuid.2.html, https://man7.org/linux/man-pages/man2/setgid.2.html, https://nodejs.org/dist/latest-v25.x/docs/api/repl.html#repl_customizing_repl_output, https://nodejs.org/dist/latest-v25.x/docs/api/readline.html#readline_use_of_the_completer_function, https://nodejs.org/dist/latest-v25.x/docs/api/repl.html#repl_class_replserver, https://nodejs.org/dist/latest-v25.x/docs/api/repl.html#repl_commands_and_special_keys, https://nodejs.org/dist/latest-v25.x/docs/api/repl.html#repl_assignment_of_the_underscore_variable Location: Package overview From: `?` → `npm/@playform/build@0.3.1` → `npm/@types/node@25.5.2` ℹ Read more on: This package \| This alert \| What are URL strings? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Review all remote URLs to ensure they are intentional, pointing to trusted sources, and not being used for data exfiltration or loading untrusted code at runtime. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore npm/@types/node@25.5.2`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Block		Embedded URLs or IPs: npm `esbuild` URLs: https://stackoverflow.com/questions/49580725, https://esbuild.github.io/api/#build, https://esbuild.github.io/api/#transform, https://esbuild.github.io/api/#analyze, https://esbuild.github.io/api/#browser, https://yarnpkg.com/configuration/yarnrc/#supportedArchitectures, https://nodejs.org/en/download/., https://nodejs.org/api/worker_threads.html, https://snapcraft.io/, https://nodejs.org/dist/, https://github.com/evanw/esbuild/issues/1711#issuecomment-1027554035, https://registry.npmjs.org/ Location: Package overview From: `?` → `npm/@playform/build@0.3.1` → `npm/esbuild@0.28.0` ℹ Read more on: This package \| This alert \| What are URL strings? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Review all remote URLs to ensure they are intentional, pointing to trusted sources, and not being used for data exfiltration or loading untrusted code at runtime. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore npm/esbuild@0.28.0`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
See 1 more row in the dashboard

View full report

Bumps [@playform/build](https://github.com/PlayForm/Build) from 0.3.0 to 0.3.1. - [Release notes](https://github.com/PlayForm/Build/releases) - [Changelog](https://github.com/PlayForm/Build/blob/Current/CHANGELOG.md) - [Commits](PlayForm/Build@v0.3.0...v0.3.1) --- updated-dependencies: - dependency-name: "@playform/build" dependency-version: 0.3.1 dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Apr 6, 2026

github-actions bot approved these changes Apr 6, 2026

View reviewed changes

github-actions bot assigned NikolaRHristov Apr 6, 2026

github-actions bot requested a review from NikolaRHristov April 6, 2026 03:23

dependabot bot force-pushed the dependabot/npm_and_yarn/playform/build-0.3.1 branch from afd7536 to 68ad93d Compare April 6, 2026 03:24

dependabot bot force-pushed the dependabot/npm_and_yarn/playform/build-0.3.1 branch from 68ad93d to 3e5b123 Compare April 6, 2026 03:25

github-actions bot merged commit 83a0cbf into Current Apr 6, 2026
8 of 10 checks passed

github-actions bot approved these changes Apr 6, 2026

View reviewed changes

github-actions bot deleted the dependabot/npm_and_yarn/playform/build-0.3.1 branch April 6, 2026 03:25

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Bump @playform/build from 0.3.0 to 0.3.1#624

Bump @playform/build from 0.3.0 to 0.3.1#624
github-actions[bot] merged 1 commit intoCurrentfrom
dependabot/npm_and_yarn/playform/build-0.3.1

dependabot bot commented on behalf of github Apr 6, 2026 •

edited

Loading

Uh oh!

socket-security bot commented Apr 6, 2026

Uh oh!

socket-security bot commented Apr 6, 2026

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Milestone

Development

Uh oh!

1 participant

Uh oh!

Conversation

dependabot bot commented on behalf of github Apr 6, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

v0.3.1

Build/v0.3.1

What's Changed

0.3.1

Changed

Added

Uh oh!

socket-security bot commented Apr 6, 2026

Uh oh!

socket-security bot commented Apr 6, 2026

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Milestone

Development

Uh oh!

1 participant

dependabot bot commented on behalf of github Apr 6, 2026 •

edited

Loading