Bump esbuild and vite

[dependabot]

Removes esbuild. It's no longer used after updating ancestor dependency vite. These dependencies need to be updated together.

Removes esbuild

Updates vite from 5.4.21 to 8.0.10

Release notes

Sourced from vite's releases.

v8.0.10

Please refer to CHANGELOG.md for details.

v8.0.9

Please refer to CHANGELOG.md for details.

v8.0.8

Please refer to CHANGELOG.md for details.

v8.0.7

Please refer to CHANGELOG.md for details.

v8.0.6

Please refer to CHANGELOG.md for details.

v8.0.5

Please refer to CHANGELOG.md for details.

v8.0.4

Please refer to CHANGELOG.md for details.

create-vite@8.0.3

Please refer to CHANGELOG.md for details.

v8.0.3

Please refer to CHANGELOG.md for details.

create-vite@8.0.2

Please refer to CHANGELOG.md for details.

v8.0.2

Please refer to CHANGELOG.md for details.

create-vite@8.0.1

Please refer to CHANGELOG.md for details.

v8.0.1

Please refer to CHANGELOG.md for details.

plugin-legacy@8.0.1

Please refer to CHANGELOG.md for details.

create-vite@8.0.0

Please refer to CHANGELOG.md for details.

plugin-legacy@8.0.0

Please refer to CHANGELOG.md for details.

v8.0.0

Please refer to CHANGELOG.md for details.

... (truncated)

Changelog

Sourced from vite's changelog.

8.0.10 (2026-04-23)

Features

• update rolldown to 1.0.0-rc.17 (#22299) (a4d06d9)

Bug Fixes

• hmrClient.logger.debug and hmrClient.logger.error looked different from other HMR logs (#22147) (a4d828f)
• css: show filename in CSS minification warnings for .css?inline (#22292) (83f0a78)
• optimizer: allow user transform.target to override default in optimizeDeps (#22273) (5c7cec6)
• remove format sniffing module resolution from JS resolver (#22297) (b8a21cc)

Code Refactoring

• enable some typecheck rules (#22278) (9437518)
• typecheck client directory (#22284) (40a0847)

8.0.9 (2026-04-20)

Features

• update rolldown to 1.0.0-rc.16 (#22248) (2947edd)

Bug Fixes

• allow binding when strictPort is set but wildcard port is in use (#22150) (dfc8aa5)
• build: emptyOutDir should happen for watch rebuilds (#22207) (ee52267)
• bundled-dev: reject requests to HMR patch files in non potentially trustworthy origins (#22269) (868f141)
• css: use unique key for cssEntriesMap to prevent same-basename collision (#22039) (374bb5d)
• deps: update all non-major dependencies (#22219) (4cd0d67)
• deps: update all non-major dependencies (#22268) (c28e9c1)
• detect Deno workspace root (fix #22237) (#22238) (1b793c0)
• dev: handle errors in watchChange hook (#22188) (fc08bda)
• optimizer: handle more chars that will be sanitized (#22208) (3f24533)
• skip fallback sourcemap generation for ?raw imports (#22148) (3ec9cda)

Documentation

• align the descriptions in READMEs (#22231) (44c42b9)
• fix reuses wording in dev environment comment (#22173) (9163412)
• fix wording in sass error comment (#22214) (bc5c6a7)
• update build CLI defaults (#22261) (605bb97)

Miscellaneous Chores

• deps: update dependency dotenv-expand to v13 (#22271) (0a3887d)

8.0.8 (2026-04-09)

Features

• update rolldown to 1.0.0-rc.15 (#22201) (6baf587)

... (truncated)

Commits

• 32c2978 release: v8.0.10
• a4d06d9 feat: update rolldown to 1.0.0-rc.17 (#22299)
• a4d828f fix: hmrClient.logger.debug and hmrClient.logger.error looked different f...
• 83f0a78 fix(css): show filename in CSS minification warnings for .css?inline (#22292)
• b8a21cc fix: remove format sniffing module resolution from JS resolver (#22297)
• 40a0847 refactor: typecheck client directory (#22284)
• 5c7cec6 fix(optimizer): allow user transform.target to override default in optimizeDe...
• 9437518 refactor: enable some typecheck rules (#22278)
• ce729f5 release: v8.0.9
• 605bb97 docs: update build CLI defaults (#22261)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.

[dependabot]

Labels

The following labels could not be found: dependencies, npm. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

[deepsource-io]

DeepSource Code Review

We reviewed changes in de82911...b96ac7f on this pull request. Below is the summary for the review, and you can see the individual issues we found as inline review comments.

See full review on DeepSource ↗

PR Report Card

Overall Grade

Security   Reliability   Complexity   Hygiene

Code Review Summary

Analyzer	Status	Updated (UTC)	Details
JavaScript		May 1, 2026 2:06p.m.	Review ↗
Secrets		May 1, 2026 2:06p.m.	Review ↗
Code coverage		May 1, 2026 2:06p.m.	Review ↗

---

Important

AI Review is run only on demand for your team. We're only showing results of static analysis review right now. To trigger AI Review, comment @deepsourcebot review on this thread.

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	vite@​8.0.9 ⏵ 8.0.10	+1		+1

View full report

[socket-security]

Caution

Review the following alerts detected in dependencies.

According to your organization's Security Policy, you must resolve all "Block" alerts before proceeding. Learn more about Socket for GitHub.

Action	Severity	Alert  (click "▶" to expand/collapse)
Block		Potential code anomaly (AI signal): npm @emnapi/core is 100.0% likely to have a medium risk anomaly Notes: No explicit evidence of overt malware (network exfiltration, credential theft, backdoors, or filesystem/process activity) appears in this fragment. However, the module contains high-sensitivity dynamic execution capabilities: napi_run_script performs eval-like execution of a JavaScript string obtained from WebAssembly, and emnapiCreateFunction can use the Function constructor for wrapper generation. Combined with wasm-driven indirect callback dispatch and reflective object mutation, this runtime is security-sensitive and should only be used with fully trusted WebAssembly and tightly controlled inputs. Confidence: 1.00 Severity: 0.60 From: package-lock.json → npm/vite@8.0.10 → npm/@emnapi/core@1.10.0 ℹ Read more on: This package | This alert | What is an AI-detected potential code anomaly? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: An AI system found a low-risk anomaly in this package. It may still be fine to use, but you should check that it is safe before proceeding. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@emnapi/core@1.10.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Block		Potential code anomaly (AI signal): npm @emnapi/core is 100.0% likely to have a medium risk anomaly Notes: Primary concern is direct dynamic code execution. napi_run_script uses eval() on a string originating from wasm-provided input, and ee uses new Function(...) to construct wrapper functions. If the wasm module or its inputs are attacker-controlled, this provides JavaScript code execution in the host context. Aside from these dynamic execution sinks, the remaining code mainly performs wasm memory/table management and worker async orchestration typical of such runtimes, with no clear hardcoded exfiltration or backdoor behavior in this fragment. Confidence: 1.00 Severity: 0.60 From: package-lock.json → npm/vite@8.0.10 → npm/@emnapi/core@1.10.0 ℹ Read more on: This package | This alert | What is an AI-detected potential code anomaly? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: An AI system found a low-risk anomaly in this package. It may still be fine to use, but you should check that it is safe before proceeding. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@emnapi/core@1.10.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Block		Potential code anomaly (AI signal): npm @emnapi/core is 100.0% likely to have a medium risk anomaly Notes: This module appears to be a legitimate wasm-to-JS/Node-API bridge/runtime, but it contains high-impact dynamic execution capabilities: napi_run_script uses eval() on a string originating from the WASM/handle side, and the binding layer can generate functions via new Function(). It also performs indirect host callback invocation based on runtime handles selected by worker/work-queue control. No explicit exfiltration/backdoor behavior is visible in the provided fragment, so malware likelihood is low, but security risk is moderate-to-high due to host-context code execution if the WASM module or its inputs are not fully trusted. Confidence: 1.00 Severity: 0.60 From: package-lock.json → npm/vite@8.0.10 → npm/@emnapi/core@1.10.0 ℹ Read more on: This package | This alert | What is an AI-detected potential code anomaly? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: An AI system found a low-risk anomaly in this package. It may still be fine to use, but you should check that it is safe before proceeding. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@emnapi/core@1.10.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Block		Potential code anomaly (AI signal): npm @rolldown/binding-wasm32-wasi is 100.0% likely to have a medium risk anomaly Notes: This loader establishes a Node.js WASI/worker environment that: 1) passes the entire host process.env into the WASI instance (exposing all environment variables, including secrets, to loaded modules); 2) preopens the filesystem root (granting broad file read/write access under the host’s root directory); and 3) implements importScripts via synchronous fs.readFileSync + eval (allowing any local JS file to be executed in the loader context). If an untrusted or compromised WASM module or script is provided, it can read sensitive environment variables, access or modify arbitrary files, and execute arbitrary JavaScript—posing a moderate security risk. Recommended mitigations: restrict WASI preopens to a minimal directory, limit or sanitize environment variables passed into WASI, and replace or sandbox the eval-based importScripts mechanism. Confidence: 1.00 Severity: 0.60 From: package-lock.json → npm/vite@8.0.10 → npm/@rolldown/binding-wasm32-wasi@1.0.0-rc.17 ℹ Read more on: This package | This alert | What is an AI-detected potential code anomaly? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: An AI system found a low-risk anomaly in this package. It may still be fine to use, but you should check that it is safe before proceeding. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@rolldown/binding-wasm32-wasi@1.0.0-rc.17. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Block		Potential code anomaly (AI signal): npm @rolldown/binding-wasm32-wasi is 100.0% likely to have a medium risk anomaly Notes: The JS loader is not itself executing obvious malicious JavaScript (no eval, no external network calls, no hard-coded credentials). However it intentionally grants a WebAssembly module broad privileges: it passes the full process.env into WASI and the worker, and preopens the host filesystem root so the wasm can access the filesystem. It also forwards worker messages into a filesystem proxy function. These design choices make running an untrusted or tampered-with wasm binary dangerous: a malicious wasm could read environment variables, enumerate and modify host files, and exfiltrate data via any network capability inside the wasm or worker. Therefore the module should be treated as high-risk if the wasm artifact (local file or npm package) is not from a trusted source. Recommended mitigations: avoid preopening the root (limit to specific directories), avoid passing full process.env, validate integrity of the wasm binary (signing/checksums), and avoid installing untrusted package replacements. Confidence: 1.00 Severity: 0.60 From: package-lock.json → npm/vite@8.0.10 → npm/@rolldown/binding-wasm32-wasi@1.0.0-rc.17 ℹ Read more on: This package | This alert | What is an AI-detected potential code anomaly? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: An AI system found a low-risk anomaly in this package. It may still be fine to use, but you should check that it is safe before proceeding. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@rolldown/binding-wasm32-wasi@1.0.0-rc.17. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Block		Potential code anomaly (AI signal): npm rolldown is 100.0% likely to have a medium risk anomaly Notes: No direct signs of classic malware behavior (e.g., exfiltration/persistence/backdoors) are visible in this JS wrapper. However, it has meaningful security/supply-chain risk characteristics: it can load and execute native code from an environment-controlled path (NAPI_RS_NATIVE_LIBRARY_PATH), and in WebContainer it may execute pnpm to install a binding at runtime before requiring it. The actual maliciousness probability is therefore low-to-moderate for this wrapper, but the execution impact is high if the environment or package supply chain is compromised. Confidence: 1.00 Severity: 0.60 From: package-lock.json → npm/vite@8.0.10 → npm/rolldown@1.0.0-rc.17 ℹ Read more on: This package | This alert | What is an AI-detected potential code anomaly? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: An AI system found a low-risk anomaly in this package. It may still be fine to use, but you should check that it is safe before proceeding. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/rolldown@1.0.0-rc.17. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Block		Embedded URLs or IPs: npm rolldown URLs: https://github.com/streamich/memfs, https://rolldown.rs/., Function.prototype.name, Class.prototype.name, https://github.com/webpack/enhanced-resolve#resolver-options, https://webpack.js.org/configuration/resolve/, https://github.com/defunctzombie/package-browser-field-spec, https://github.com/webpack/enhanced-resolve/pull/285, https://webpack.js.org/configuration/module/#resolvefullyspecified, https://nodejs.org/api/module.html#modulebuiltinmodules, https://github.com/vitejs/vite/pull/20252, https://github.com/nodejs/node/issues/58827, https://nodejs.org/docs/latest/api/esm.html#resolution-algorithm-specification, https://github.com/dividab/tsconfig-paths-webpack-plugin#options, https://www.typescriptlang.org/tsconfig/#experimentalDecorators, https://www.typescriptlang.org/tsconfig/#emitDecoratorMetadata, https://www.typescriptlang.org/tsconfig/#stripInternal, https://oxc.rs/docs/guide/usage/transformer/jsx, https://github.com/facebook/react/tree/v18.3.1/packages/react-refresh, https://oxc.rs/docs/guide/usage/transformer/plugins#styled-components, https://oxc.rs/docs/guide/usage/transformer/typescript, https://oxc.rs/docs/guide/usage/transformer/lowering#target, https://oxc.rs/docs/guide/usage/transformer/global-variable-replacement#define, https://oxc.rs/docs/guide/usage/transformer/global-variable-replacement#inject, https://oxc.rs/docs/guide/usage/transformer/plugins, https://www.typescriptlang.org/docs/handbook/release-notes/typescript-5-5.html#isolated-declarations, https://www.typescriptlang.org/tsconfig/#declaration, https://github.com/npm/cli/issues/4828, https://developer.mozilla.org/en-US/docs/Glossary/IIFE, https://github.com/umdjs/umd, https://github.com/tc39/ecma426/blob/main/proposals/debug-id.md, https://cdn.jsdelivr.net/npm/d3@7, comments.legal, https://rolldown.rs/in-depth/directives, https://rolldown.rs/guide/troubleshooting#avoiding-direct-eval, https://rolldown.rs/reference/OutputOptions.globals, https://rolldown.rs/reference/OutputOptions.name, https://rolldown.rs/reference/OutputOptions.exports, https://rolldown.rs/in-depth/non-esm-output-formats#import-meta, https://rolldown.rs/reference/OutputOptions.cleanDir, https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Operators/Property_accessors, output.name, https://oxc.rs/docs/guide/usage/transformer/global-variable-replacement.html#inject, https://rolldown.rs/apis/plugin-api/hook-filters, https://rolldown.rs/apis/plugin-api/inter-plugin-communication#custom-resolver-options, https://oxc.rs/docs/guide/usage/minifier/dead-code-elimination#define-pure-functions, https://oxc.rs/docs/guide/usage/minifier/dead-code-elimination#ignoring-global-variable-access-side-effects, https://oxc.rs/docs/guide/usage/minifier/dead-code-elimination#ignoring-invalid-import-statement-side-effects, exports.property, https://rolldown.rs/apis/plugin-api, https://api.example.com, https://esbuild.github.io/api/#loader, https://rolldown.rs/in-depth/module-types, https://github.com/rolldown/rolldown/issues/7258, https://github.com/rolldown/rolldown/tree/main/examples/native-magic-string, https://rolldown.rs/in-depth/lazy-barrel-optimization, https://rollupjs.org/plugin-development/#generatebundle:~:text=DANGER,this.emitFile. Location: Package overview From: package-lock.json → npm/vite@8.0.10 → npm/rolldown@1.0.0-rc.17 ℹ Read more on: This package | This alert | What are URL strings? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Review all remote URLs to ensure they are intentional, pointing to trusted sources, and not being used for data exfiltration or loading untrusted code at runtime. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/rolldown@1.0.0-rc.17. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Block		Embedded URLs or IPs: npm vite URLs: https://github.com/rollup/plugins/tree/master/packages/alias#entries, https://github.com/micromatch/anymatch, https://nodejs.org/api/fs.html#fs_class_fs_stats, example.com, foo.example.com, foo.bar.example.com, http://jsonplaceholder.typicode.com, https://github.com/SuperchupuDev/tinyglobby, https://esbuild.github.io/api/#target, https://esbuild.github.io/content-types/#javascript, license.md, https://rollupjs.org/configuration-options/#watch, http://127.0.0.1:8080, config.server.watch, server.environments.client.hot, import.meta.hot, 127.0.0.1, 0.0.0.0, https://example.com, https://vite.dev/config/server-options.html#server-hmr, http://vite.dev, https://html.spec.whatwg.org/multipage/parsing.html#named-character-reference-state, http://www.w3.org/1999/xhtml, http://www.w3.org/1998/Math/MathML, http://www.w3.org/2000/svg, http://www.w3.org/1999/xlink, http://www.w3.org/XML/1998/namespace, http://www.w3.org/2000/xmlns/, https://dom.spec.whatwg.org/#concept-document-limited-quirks, http://www.ibm.com/data/dtd/v11/ibmxhtml1-transitional.dtd, https://en.wikipedia.org/wiki/Combining_Diacritical_Marks, https://en.wikipedia.org/wiki/Combining_Diacritical_Marks_for_Symbols, https://mathiasbynens.be/notes/javascript-unicode, http://eev.ee/blog/2015/09/12/dark-corners-of-unicode/, https://en.wikipedia.org/wiki/CamelCase, https://en.wikipedia.org/wiki/Latin-1_Supplement_, https://en.wikipedia.org/wiki/Latin_Extended-A, _.map Location: Package overview From: package-lock.json → npm/vite@8.0.10 ℹ Read more on: This package | This alert | What are URL strings? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Review all remote URLs to ensure they are intentional, pointing to trusted sources, and not being used for data exfiltration or loading untrusted code at runtime. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/vite@8.0.10. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report

[github-actions]

Infisical secrets check: 🚨 Secrets leaked!

Caution

The Infisical CLI tool found secrets leaked in your repository.
Please review the scan results and take the necessary actions.
Secrets found: 6

💻 Scan logs

2026-05-01T14:06:50Z INF scanning for exposed secrets...
2:06PM INF 83 commits scanned.
2026-05-01T14:06:50Z INF scan completed in 224ms
2026-05-01T14:06:50Z WRN leaks found: 6

---

🔎 Detected secrets in your GIT history

RuleID	Commit	File	SymlinkFile	Secret	Match	StartLine	EndLine	StartColumn	EndColumn	Author	Message	Date	Email	Fingerprint	Tags	Link
generic-api-key	2e15220	src/pages/Integrations.tsx		REDACTED	"apiKey: ""REDACTED"""	12	12	8	43	deepsource-autofix[bot]	"style: format code with Prettier (#35)\n\nThis commit fixes the style issues introduced in f85b623 according to the output\nfrom Prettier.\n\nDetails: None\n\nCo-authored-by: deepsource-autofix[bot] <62050782+deepsource-autofix[bot]@users.noreply.github.com>\nCo-authored-by: gstraccini[bot] <150967461+gstraccini[bot]@users.noreply.github.com>\nCo-authored-by: Guilherme Branco Stracini guilherme@guilhermebranco.com.br"	2025-09-04T11:22:37Z	62050782+deepsource-autofix[bot]@users.noreply.github.com	2e15220:src/pages/Integrations.tsx:generic-api-key:12		gstraccini-bot-portal/src/pages/Integrations.tsx Line 12 in 2e15220 apiKey: "sonar_12345678901234567890",
generic-api-key	2e15220	src/mockData.ts		REDACTED	"apiKey: ""REDACTED"""	505	505	6	41	deepsource-autofix[bot]	"style: format code with Prettier (#35)\n\nThis commit fixes the style issues introduced in f85b623 according to the output\nfrom Prettier.\n\nDetails: None\n\nCo-authored-by: deepsource-autofix[bot] <62050782+deepsource-autofix[bot]@users.noreply.github.com>\nCo-authored-by: gstraccini[bot] <150967461+gstraccini[bot]@users.noreply.github.com>\nCo-authored-by: Guilherme Branco Stracini guilherme@guilhermebranco.com.br"	2025-09-04T11:22:37Z	62050782+deepsource-autofix[bot]@users.noreply.github.com	2e15220:src/mockData.ts:generic-api-key:505		gstraccini-bot-portal/src/mockData.ts Line 505 in 2e15220 apiKey: "sonar_12345678901234567890",
generic-api-key	2e15220	src/pages/RepositoryDetail.tsx		REDACTED	"apiKey: ""REDACTED"""	124	124	8	43	deepsource-autofix[bot]	"style: format code with Prettier (#35)\n\nThis commit fixes the style issues introduced in f85b623 according to the output\nfrom Prettier.\n\nDetails: None\n\nCo-authored-by: deepsource-autofix[bot] <62050782+deepsource-autofix[bot]@users.noreply.github.com>\nCo-authored-by: gstraccini[bot] <150967461+gstraccini[bot]@users.noreply.github.com>\nCo-authored-by: Guilherme Branco Stracini guilherme@guilhermebranco.com.br"	2025-09-04T11:22:37Z	62050782+deepsource-autofix[bot]@users.noreply.github.com	2e15220:src/pages/RepositoryDetail.tsx:generic-api-key:124		gstraccini-bot-portal/src/pages/RepositoryDetail.tsx Line 124 in 2e15220 apiKey: "sonar_12345678901234567890",
generic-api-key	2e15220	src/pages/RepositoryDetail.tsx		REDACTED	"apiKey: ""REDACTED"""	160	160	8	44	deepsource-autofix[bot]	"style: format code with Prettier (#35)\n\nThis commit fixes the style issues introduced in f85b623 according to the output\nfrom Prettier.\n\nDetails: None\n\nCo-authored-by: deepsource-autofix[bot] <62050782+deepsource-autofix[bot]@users.noreply.github.com>\nCo-authored-by: gstraccini[bot] <150967461+gstraccini[bot]@users.noreply.github.com>\nCo-authored-by: Guilherme Branco Stracini guilherme@guilhermebranco.com.br"	2025-09-04T11:22:37Z	62050782+deepsource-autofix[bot]@users.noreply.github.com	2e15220:src/pages/RepositoryDetail.tsx:generic-api-key:160		gstraccini-bot-portal/src/pages/RepositoryDetail.tsx Line 160 in 2e15220 apiKey: "codacy_12345678901234567890",
generic-api-key	2e15220	src/pages/RepositoryDetail.tsx		REDACTED	"apiKey: ""REDACTED"""	178	178	8	42	deepsource-autofix[bot]	"style: format code with Prettier (#35)\n\nThis commit fixes the style issues introduced in f85b623 according to the output\nfrom Prettier.\n\nDetails: None\n\nCo-authored-by: deepsource-autofix[bot] <62050782+deepsource-autofix[bot]@users.noreply.github.com>\nCo-authored-by: gstraccini[bot] <150967461+gstraccini[bot]@users.noreply.github.com>\nCo-authored-by: Guilherme Branco Stracini guilherme@guilhermebranco.com.br"	2025-09-04T11:22:37Z	62050782+deepsource-autofix[bot]@users.noreply.github.com	2e15220:src/pages/RepositoryDetail.tsx:generic-api-key:178		gstraccini-bot-portal/src/pages/RepositoryDetail.tsx Line 178 in 2e15220 apiKey: "snyk_12345678901234567890",
generic-api-key	2e15220	src/pages/Settings.tsx		REDACTED	"apiKey: ""REDACTED"""	127	127	8	43	deepsource-autofix[bot]	"style: format code with Prettier (#35)\n\nThis commit fixes the style issues introduced in f85b623 according to the output\nfrom Prettier.\n\nDetails: None\n\nCo-authored-by: deepsource-autofix[bot] <62050782+deepsource-autofix[bot]@users.noreply.github.com>\nCo-authored-by: gstraccini[bot] <150967461+gstraccini[bot]@users.noreply.github.com>\nCo-authored-by: Guilherme Branco Stracini guilherme@guilhermebranco.com.br"	2025-09-04T11:22:37Z	62050782+deepsource-autofix[bot]@users.noreply.github.com	2e15220:src/pages/Settings.tsx:generic-api-key:127		gstraccini-bot-portal/src/pages/Settings.tsx Line 127 in 2e15220 apiKey: "sonar_12345678901234567890",

Warning

The above table only displays the first 10 leaked secrets.
You can find the full report here: secrets.csv

---

🐾 Secrets fingerprint

2e1522054d3009edd4cc682e479341776b266eb0:src/pages/Integrations.tsx:generic-api-key:12
2e1522054d3009edd4cc682e479341776b266eb0:src/mockData.ts:generic-api-key:505
2e1522054d3009edd4cc682e479341776b266eb0:src/pages/RepositoryDetail.tsx:generic-api-key:124
2e1522054d3009edd4cc682e479341776b266eb0:src/pages/RepositoryDetail.tsx:generic-api-key:160
2e1522054d3009edd4cc682e479341776b266eb0:src/pages/RepositoryDetail.tsx:generic-api-key:178
2e1522054d3009edd4cc682e479341776b266eb0:src/pages/Settings.tsx:generic-api-key:127

Tip

If you want to ignore these leaked secrets, add the above fingerprint content to a file named .infisicalignore at the repository root level.

[guibranco]

Automatically approved by gstraccini[bot]

[guibranco]

@dependabot recreate

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.