[Snyk] Upgrade lucide-react from 0.344.0 to 0.460.0

[RectiFlex]

Snyk has created this PR to upgrade lucide-react from 0.344.0 to 0.460.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 109 versions ahead of your current version.

• The recommended version was released on 21 days ago.

Issues fixed by the recommended upgrade:

	Issue	Score	Exploit Maturity
	Regular Expression Denial of Service (ReDoS) SNYK-JS-CROSSSPAWN-8303230	614	Proof of Concept
	Denial of Service (DoS) SNYK-JS-WS-7266574	614	Proof of Concept

Release notes

Package name: lucide-react

• 0.460.0 - 2024-11-15
  

  New icons 🎨

  • toilet (#2141) by @ EthanHazel
• 0.459.0 - 2024-11-15
• 0.458.0 - 2024-11-15
• 0.457.0 - 2024-11-15
• 0.456.0 - 2024-11-08
• 0.455.0 - 2024-11-08
• 0.454.0 - 2024-10-28
• 0.453.0 - 2024-10-15
• 0.452.0 - 2024-10-11
• 0.451.0 - 2024-10-08
• 0.449.0 - 2024-10-08
• 0.448.0 - 2024-10-08
• 0.447.0 - 2024-10-01
• 0.446.0 - 2024-09-25
• 0.445.0 - 2024-09-20
• 0.444.0 - 2024-09-20
• 0.443.0 - 2024-09-20
• 0.442.0 - 2024-09-20
• 0.441.0 - 2024-09-12
• 0.440.0 - 2024-09-12
• 0.439.0 - 2024-09-06
• 0.438.0 - 2024-09-01
• 0.437.0 - 2024-08-31
• 0.436.0 - 2024-08-25
• 0.435.0 - 2024-08-23
• 0.434.0 - 2024-08-23
• 0.433.0 - 2024-08-23
• 0.432.0 - 2024-08-23
• 0.429.0 - 2024-08-21
• 0.428.0 - 2024-08-16
• 0.427.0 - 2024-08-09
• 0.426.0 - 2024-08-08
• 0.425.0 - 2024-08-08
• 0.424.0 - 2024-08-02
• 0.423.0 - 2024-08-02
• 0.422.0 - 2024-08-02
• 0.421.0 - 2024-08-02
• 0.420.0 - 2024-08-02
• 0.419.0 - 2024-08-01
• 0.418.0 - 2024-07-31
• 0.417.0 - 2024-07-28
• 0.416.0 - 2024-07-25
• 0.415.0 - 2024-07-25
• 0.414.0 - 2024-07-22
• 0.413.0 - 2024-07-22
• 0.412.0 - 2024-07-20
• 0.411.0 - 2024-07-19
• 0.410.0 - 2024-07-19
• 0.409.0 - 2024-07-19
• 0.408.0 - 2024-07-12
• 0.407.0 - 2024-07-09
• 0.406.0 - 2024-07-09
• 0.405.0 - 2024-07-09
• 0.404.0 - 2024-07-09
• 0.403.0 - 2024-07-08
• 0.402.0 - 2024-07-08
• 0.401.0 - 2024-07-07
• 0.400.0 - 2024-07-01
• 0.399.0 - 2024-06-28
• 0.398.0 - 2024-06-28
• 0.397.0 - 2024-06-26
• 0.396.0 - 2024-06-21
• 0.395.0 - 2024-06-14
• 0.394.0 - 2024-06-10
• 0.391.0 - 2024-06-10
• 0.390.0 - 2024-06-06
• 0.387.0 - 2024-06-06
• 0.386.0 - 2024-06-06
• 0.385.0 - 2024-06-06
• 0.384.0 - 2024-06-06
• 0.383.0 - 2024-06-02
• 0.382.0 - 2024-06-02
• 0.381.0 - 2024-05-30
• 0.380.0 - 2024-05-30
• 0.379.0 - 2024-05-21
• 0.378.0 - 2024-05-03
• 0.377.0 - 2024-05-02
• 0.376.0 - 2024-04-26
• 0.375.0 - 2024-04-26
• 0.374.0 - 2024-04-26
• 0.373.0 - 2024-04-24
• 0.372.0 - 2024-04-19
• 0.371.0 - 2024-04-18
• 0.370.0 - 2024-04-17
• 0.369.0 - 2024-04-17
• 0.368.0 - 2024-04-12
• 0.367.0 - 2024-04-10
• 0.366.0 - 2024-04-09
• 0.365.0 - 2024-04-05
• 0.364.0 - 2024-04-01
• 0.363.0 - 2024-03-22
• 0.362.0 - 2024-03-22
• 0.361.0 - 2024-03-22
• 0.360.0 - 2024-03-21
• 0.359.0 - 2024-03-18
• 0.358.0 - 2024-03-14
• 0.357.0 - 2024-03-13
• 0.356.0 - 2024-03-11
• 0.355.0 - 2024-03-11
• 0.354.0 - 2024-03-09
• 0.353.0 - 2024-03-09
• 0.352.0 - 2024-03-08
• 0.351.0 - 2024-03-08
• 0.350.0 - 2024-03-07
• 0.349.0 - 2024-03-06
• 0.348.0 - 2024-03-06
• 0.347.0 - 2024-03-06
• 0.346.0 - 2024-03-06
• 0.345.0 - 2024-03-06
• 0.344.0 - 2024-03-01

from lucide-react GitHub release notes

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• This PR was automatically created by Snyk using the credentials of a real user.
• Max score is 1000. Note that the real score may have changed since the PR was raised.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

• 🧐 View latest project report
• 📜 Customise PR templates
• 🛠 Adjust upgrade PR settings
• 🔕 Ignore this dependency or unsubscribe from future upgrade PRs

Summary by Sourcery

Build:

• Upgrade lucide-react dependency from version 0.344.0 to 0.460.0 in package.json.

[stackblitz]

Run & review this pull request in StackBlitz Codeflow.

[sourcery-ai]

Reviewer's Guide by Sourcery

This PR upgrades the lucide-react package from version 0.344.0 to 0.460.0 to address two high-severity security vulnerabilities: a Regular Expression Denial of Service (ReDoS) in cross-spawn and a Denial of Service (DoS) in ws package.

No diagrams generated as the changes look simple and do not need a visual representation.

File-Level Changes

Change	Details	Files
Dependency version upgrade in package configuration files	Updated lucide-react from ^0.344.0 to ^0.460.0 Updated package-lock.json to reflect the new version	package.json package-lock.json
Security vulnerability fixes	Fixed Regular Expression Denial of Service (ReDoS) vulnerability in cross-spawn dependency (SNYK-JS-CROSSSPAWN-8303230) Fixed Denial of Service (DoS) vulnerability in ws dependency (SNYK-JS-WS-7266574)	package.json package-lock.json

---

Tips and commands

Interacting with Sourcery

• Trigger a new review: Comment @sourcery-ai review on the pull request.
• Continue discussions: Reply directly to Sourcery's review comments.
• Generate a GitHub issue from a review comment: Ask Sourcery to create an
  issue from a review comment by replying to it.
• Generate a pull request title: Write @sourcery-ai anywhere in the pull
  request title to generate a title at any time.
• Generate a pull request summary: Write @sourcery-ai summary anywhere in
  the pull request body to generate a PR summary at any time. You can also use
  this command to specify where the summary should be inserted.

Customizing Your Experience

Access your dashboard to:

• Enable or disable review features such as the Sourcery-generated pull request
  summary, the reviewer's guide, and others.
• Change the review language.
• Add, remove or edit custom review instructions.
• Adjust other review settings.

Getting Help

• Contact our support team for questions or feedback.
• Visit our documentation for detailed guides and information.
• Keep in touch with the Sourcery team by following us on X/Twitter, LinkedIn or GitHub.

[vercel]

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name	Status	Preview	Comments	Updated (UTC)
aicf	✅ Ready (Inspect)	Visit Preview	💬 Add feedback	Dec 7, 2024 3:34am

[sourcery-ai]

We have skipped reviewing this pull request. It seems to have been created by a bot ('[Snyk]' found in title). We assume it knows what it's doing!

[codeautopilot]

PR summary

This pull request upgrades the lucide-react package from version 0.344.0 to 0.460.0. The primary purpose of this upgrade is to keep dependencies up-to-date, which helps in addressing existing vulnerabilities and quickly identifying and fixing newly disclosed ones. The upgrade addresses two high-severity vulnerabilities: Regular Expression Denial of Service (ReDoS) and Denial of Service (DoS). The update also includes new icons and other improvements made in the package over 109 versions.

Suggestion

Before merging, ensure that the new version of lucide-react is compatible with the rest of the project and does not introduce breaking changes. It might be beneficial to run a full suite of tests to confirm that the upgrade does not affect existing functionality. Additionally, review the release notes for any deprecated features or changes that might require code adjustments. Consider updating other dependencies that have been modified in the package-lock.json to maintain consistency and security across the project.

Disclaimer: This comment was entirely generated using AI. Be aware that the information provided may be incorrect.

Current plan usage: 23.47%

Have feedback or need help?
Discord
Documentation
support@codeautopilot.com