[Snyk] Upgrade vscode-ext-codicons from 1.4.0 to 1.5.0

[snyk-bot]

Snyk has created this PR to upgrade vscode-ext-codicons from 1.4.0 to 1.5.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 1 version ahead of your current version.
• The recommended version was released a year ago, on 2021-10-09.

Release notes

Package name: vscode-ext-codicons

• 1.5.0 - 2021-10-09
• 1.4.0 - 2021-05-08

from vscode-ext-codicons GitHub release notes

Commit messages

Package name: vscode-ext-codicons

• 7a04af7 Merge branch 'features/update-based-on-vscode-release-1_59-1_60-1_61'
• a165564 bump version (1.5.0)
• fa7e451 Add new codicons from releases 1.59, 1.60, 1.61 (Closes Interim fixes for OS X (issue #7) alefragnani/vscode-project-manager#9, Closes project switch does not work with network folder alefragnani/vscode-project-manager#10, Closes Running the contributed command:'projectManager.listProjects' failed. alefragnani/vscode-project-manager#11)
• df3cc9b Merge pull request Project switching does not work alefragnani/vscode-project-manager#7 from alefragnani/dependabot/npm_and_yarn/lodash-4.17.21
• dfc63a6 Merge pull request List command does not work if there is not open file alefragnani/vscode-project-manager#8 from alefragnani/dependabot/npm_and_yarn/glob-parent-5.1.2
• 5f1fb0b Bump glob-parent from 5.1.1 to 5.1.2
• f6f1335 Bump lodash from 4.17.20 to 4.17.21

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

[socket-security]

New dependency changes detected. Learn more about Socket for GitHub ↗︎

---

🚨 Potential security issues found in this pull request. To accept the risk, merge this PR and you will not be notified again.

Bot Commands

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of package-name@version specifiers. e.g. @SocketSecurity ignore [email protected] bar@* or ignore all packages with @SocketSecurity ignore-all

• @SocketSecurity ignore [email protected]
• @SocketSecurity ignore [email protected]

⚠️ No tests

Package does not have any tests. This is a strong signal of a poorly maintained or low quality package.

Add tests and publish a new version of the package. Consumers may look for an alternative package with better testing.

Package	Location	Source
[email protected] (upgraded)	package.json	package-lock.json, package.json
[email protected] (added)	package.json	package-lock.json, package.json

Pull request alert summary

Issue	Status
Critical CVE	✅ 0 issues
CVE	✅ 0 issues
Mild CVE	✅ 0 issues
Install scripts	✅ 0 issues
Native code	✅ 0 issues
Bin script confusion	✅ 0 issues
Bin script shell injection	✅ 0 issues
Filesystem access	✅ 0 issues
Network access	✅ 0 issues
Shell access	✅ 0 issues
Debug access	✅ 0 issues
Long strings	✅ 0 issues
High entropy strings	✅ 0 issues
URL strings	✅ 0 issues
Uses eval	✅ 0 issues
Dynamic require	✅ 0 issues
Environment variable access	✅ 0 issues
Missing dependency	✅ 0 issues
Unused dependency	✅ 0 issues
Peer dependency	✅ 0 issues
Uncaught optional dependency	✅ 0 issues
Unresolved require	✅ 0 issues
Extraneous dependency	✅ 0 issues
Obfuscated require	✅ 0 issues
Obfuscated code	✅ 0 issues
Minified code	✅ 0 issues
Bidirectional unicode control characters	✅ 0 issues
Zero width unicode chars	✅ 0 issues
Bad text encoding	✅ 0 issues
Unicode homoglyphs	✅ 0 issues
Invisible chars	✅ 0 issues
Suspicious strings	✅ 0 issues
Invalid package.json	✅ 0 issues
HTTP dependency	✅ 0 issues
Git dependency	✅ 0 issues
GitHub dependency	✅ 0 issues
File dependency	✅ 0 issues
No tests	⚠️ 2 issues
No repository	✅ 0 issues
Bad semver	✅ 0 issues
Bad dependency semver	✅ 0 issues
No v1	✅ 0 issues
No website	✅ 0 issues
No bug tracker	✅ 0 issues
No contributors or author data	✅ 0 issues
CommonJS depending on ESModule	✅ 0 issues
Empty package	✅ 0 issues
Trivial Package	✅ 0 issues
No README	✅ 0 issues
Deprecated	✅ 0 issues
Chronological version anomaly	✅ 0 issues
Semver anomaly	✅ 0 issues
New author	✅ 0 issues
Unstable ownership	✅ 0 issues
Non-existent author	✅ 0 issues
Unmaintained	✅ 0 issues
Unpublished package	✅ 0 issues
Major refactor	✅ 0 issues
Missing package tarball	✅ 0 issues
Unsafe copyright	✅ 0 issues
License change	✅ 0 issues
Non OSI license	✅ 0 issues
Deprecated license	✅ 0 issues
Missing license	✅ 0 issues
Non SPDX license	✅ 0 issues
Unclear license	✅ 0 issues
Mixed license	✅ 0 issues
Legal notice	✅ 0 issues
Modified license	✅ 0 issues
Modified license exception	✅ 0 issues
License exception	✅ 0 issues
Deprecated SPDX exception	✅ 0 issues
Potential typo squat	✅ 0 issues
Known Malware	✅ 0 issues
Telemetry	✅ 0 issues
Protestware/Troll package	✅ 0 issues

---

📊 Modified Dependency Overview:

⬆️ Updated Package	Version Diff	Added Capability Access	+/- Transitive Count	Publisher
[email protected]	1.4.0...1.5.0	None	+0/-0	alefragnani