Bump @fortawesome/fontawesome-svg-core from 1.2.19 to 1.2.36

[dependabot]

Bumps @fortawesome/fontawesome-svg-core from 1.2.19 to 1.2.36.

Commits

• See full diff in compare view

You can trigger a rebase of this PR by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

> **Note** > Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

[mcmire]

This doesn't seem urgent since I don't see a security advisory.

[legobeat]

@dependabot recreate

[socket-security]

New dependency changes detected. Learn more about Socket for GitHub ↗︎

---

🚨 Potential security issues found in this pull request. To accept the risk, merge this PR and you will not be notified again.

Bot Commands

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of package-name@version specifiers. e.g. @SocketSecurity ignore foo@1.0.0 bar@* or ignore all packages with @SocketSecurity ignore-all

• @SocketSecurity ignore @fortawesome/fontawesome-common-types@0.2.36
• @SocketSecurity ignore @fortawesome/fontawesome-svg-core@1.2.36

📜 Install scripts

Install scripts are run when the package is installed. The majority of malware in npm is hidden in install scripts.

Packages should not be running non-essential scripts during install and there are often solutions to problems people solve with install scripts that can be run at publish time instead.

Package	Script field	Source
@fortawesome/fontawesome-common-types@0.2.36 (upgraded)	postinstall	package.json via @fortawesome/fontawesome-svg-core@1.2.36, @fortawesome/free-solid-svg-icons@5.9.0, @fortawesome/react-fontawesome@0.1.4
@fortawesome/fontawesome-svg-core@1.2.36 (upgraded)	postinstall	package.json via @fortawesome/react-fontawesome@0.1.4

🤔 AI warning

AI has found some unusual behaviors which could indicate a security risk

An AI system found a low-risk anomaly in this package. It may still be fine to use, but you should check that it is safe before proceeding.

Package	Location	Source
@fortawesome/fontawesome-svg-core@1.2.36 (upgraded)	package.json	package.json via @fortawesome/react-fontawesome@0.1.4

Pull request alert summary

Issue	Status
Critical CVE	✅ 0 issues
CVE	✅ 0 issues
Mild CVE	✅ 0 issues
Install scripts	⚠️ 2 issues
Native code	✅ 0 issues
Bin script confusion	✅ 0 issues
Bin script shell injection	✅ 0 issues
Filesystem access	✅ 0 issues
Network access	✅ 0 issues
Shell access	✅ 0 issues
Debug access	✅ 0 issues
Long strings	✅ 0 issues
High entropy strings	✅ 0 issues
URL strings	✅ 0 issues
Uses eval	✅ 0 issues
Dynamic require	✅ 0 issues
Environment variable access	✅ 0 issues
Missing dependency	✅ 0 issues
Unused dependency	✅ 0 issues
Peer dependency	✅ 0 issues
Uncaught optional dependency	✅ 0 issues
Unresolved require	✅ 0 issues
Extraneous dependency	✅ 0 issues
Obfuscated require	✅ 0 issues
Obfuscated code	✅ 0 issues
Minified code	✅ 0 issues
Bidirectional unicode control characters	✅ 0 issues
Zero width unicode chars	✅ 0 issues
Bad text encoding	✅ 0 issues
Unicode homoglyphs	✅ 0 issues
Invisible chars	✅ 0 issues
Suspicious strings	✅ 0 issues
Invalid package.json	✅ 0 issues
HTTP dependency	✅ 0 issues
Git dependency	✅ 0 issues
GitHub dependency	✅ 0 issues
File dependency	✅ 0 issues
No tests	✅ 0 issues
No repository	✅ 0 issues
Bad semver	✅ 0 issues
Bad dependency semver	✅ 0 issues
No v1	✅ 0 issues
No website	✅ 0 issues
No bug tracker	✅ 0 issues
No contributors or author data	✅ 0 issues
CommonJS depending on ESModule	✅ 0 issues
Empty package	✅ 0 issues
Trivial Package	✅ 0 issues
No README	✅ 0 issues
Deprecated	✅ 0 issues
Chronological version anomaly	✅ 0 issues
Semver anomaly	✅ 0 issues
New author	✅ 0 issues
Unstable ownership	✅ 0 issues
Non-existent author	✅ 0 issues
Unmaintained	✅ 0 issues
Unpublished package	✅ 0 issues
Major refactor	✅ 0 issues
Missing package tarball	✅ 0 issues
Unsafe copyright	✅ 0 issues
License change	✅ 0 issues
Non OSI license	✅ 0 issues
Deprecated license	✅ 0 issues
Missing license	✅ 0 issues
Non SPDX license	✅ 0 issues
Unclear license	✅ 0 issues
Mixed license	✅ 0 issues
Legal notice	✅ 0 issues
Modified license	✅ 0 issues
Modified license exception	✅ 0 issues
License exception	✅ 0 issues
Deprecated SPDX exception	✅ 0 issues
Potential typo squat	✅ 0 issues
Known Malware	✅ 0 issues
Telemetry	✅ 0 issues
Protestware/Troll package	✅ 0 issues
AI detected security risk	✅ 0 issues
AI warning	⚠️ 1 issue

---

📊 Modified Dependency Overview:

⬆️ Updated Package	Version Diff	Added Capability Access	+/- Transitive Count	Publisher
@fortawesome/fontawesome-svg-core@1.2.36	1.2.19...1.2.36	None	+1/-1	robmadole

[dependabot]

Superseded by #227.