Skip to content

chore(deps-dev): bump @microsoft/vally-cli from 0.4.0 to 0.5.0 in the npm-dependencies group across 1 directory#1656

Closed
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/npm-dependencies-cd60f218ae
Closed

chore(deps-dev): bump @microsoft/vally-cli from 0.4.0 to 0.5.0 in the npm-dependencies group across 1 directory#1656
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/npm-dependencies-cd60f218ae

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github May 25, 2026
edited
Loading

Bumps the npm-dependencies group with 1 update in the / directory: @microsoft/vally-cli.

Updates @microsoft/vally-cli from 0.4.0 to 0.5.0

@dependabot dependabot Bot added dependencies Dependency updates npm NPM package configuration labels May 25, 2026
@dependabot dependabot Bot requested a review from a team as a code owner May 25, 2026 07:38
@dependabot dependabot Bot added dependencies Dependency updates npm NPM package configuration labels May 25, 2026
@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented May 25, 2026
edited
Loading

Dependency Review

The following issues were found:
  • ✅ 0 vulnerable package(s)
  • ✅ 0 package(s) with incompatible licenses
  • ✅ 0 package(s) with invalid SPDX license definitions
  • ✅ 0 package(s) with unknown licenses.
  • ⚠️ 2 packages with OpenSSF Scorecard issues.
See the Details below.

OpenSSF Scorecard

Scorecard details
PackageVersionScoreDetails
npm/@github/copilot 1.0.56 UnknownUnknown
npm/@github/copilot-darwin-arm64 1.0.56 UnknownUnknown
npm/@github/copilot-darwin-x64 1.0.56 UnknownUnknown
npm/@github/copilot-linux-arm64 1.0.56 UnknownUnknown
npm/@github/copilot-linux-x64 1.0.56 UnknownUnknown
npm/@github/copilot-linuxmusl-arm64 1.0.56 UnknownUnknown
npm/@github/copilot-linuxmusl-x64 1.0.56 UnknownUnknown
npm/@github/copilot-sdk 1.0.0-beta.5 UnknownUnknown
npm/@github/copilot-win32-arm64 1.0.56 UnknownUnknown
npm/@github/copilot-win32-x64 1.0.56 UnknownUnknown
npm/@hono/node-server 2.0.4 UnknownUnknown
npm/@microsoft/vally 0.5.0 UnknownUnknown
npm/@microsoft/vally-cli 0.5.0 UnknownUnknown
npm/@microsoft/vally-server 0.5.0 UnknownUnknown
npm/better-sqlite3 12.10.0 UnknownUnknown
npm/bindings 1.5.0 ⚠️ 2.3
Details
CheckScoreReason
Code-Review⚠️ 2Found 7/25 approved changesets -- score normalized to 2
Token-Permissions⚠️ -1No tokens found
Maintained⚠️ 00 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Dangerous-Workflow⚠️ -1no workflows found
Pinned-Dependencies⚠️ -1no dependencies found
Packaging⚠️ -1packaging workflow not detected
Binary-Artifacts🟢 10no binaries found in the repo
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Security-Policy⚠️ 0security policy file not detected
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Branch-Protection⚠️ 0branch protection not enabled on development/release branches
Signed-Releases⚠️ -1no releases found
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
npm/file-uri-to-path 1.0.0 ⚠️ 2.8
Details
CheckScoreReason
Maintained⚠️ 00 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Packaging⚠️ -1packaging workflow not detected
Code-Review⚠️ 0Found 2/22 approved changesets -- score normalized to 0
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Security-Policy⚠️ 0security policy file not detected
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Branch-Protection⚠️ 0branch protection not enabled on development/release branches
Signed-Releases⚠️ -1no releases found
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
npm/hono 4.12.23 UnknownUnknown

Scanned Files

  • package-lock.json

@codecov-commenter
Copy link
Copy Markdown

codecov-commenter commented May 25, 2026
edited
Loading

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 85.32%. Comparing base (d2868d5) to head (2fc1f0a).

Additional details and impacted files

Impacted file tree graph

@@            Coverage Diff             @@
##             main    #1656      +/-   ##
==========================================
- Coverage   85.33%   85.32%   -0.01%     
==========================================
  Files          90       90              
  Lines       13004    13004              
==========================================
- Hits        11097    11096       -1     
- Misses       1907     1908       +1
Flag Coverage Δ
pester 83.89% <ø> (-0.02%) ⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.
see 1 file with indirect coverage changes

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@dependabot dependabot Bot changed the title chore(deps-dev): bump @microsoft/vally-cli from 0.4.0 to 0.5.0 in the npm-dependencies group chore(deps-dev): bump @microsoft/vally-cli from 0.4.0 to 0.5.0 in the npm-dependencies group across 1 directory May 26, 2026
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/npm-dependencies-cd60f218ae branch 4 times, most recently from b082db5 to d0eef43 Compare May 29, 2026 23:45
@dependabot
chore(deps-dev): bump @microsoft/vally-cli
2fc1f0a 
Bumps the npm-dependencies group with 1 update in the / directory: @microsoft/vally-cli.


Updates `@microsoft/vally-cli` from 0.4.0 to 0.5.0

---
updated-dependencies:
- dependency-name: "@microsoft/vally-cli"
  dependency-version: 0.5.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/npm-dependencies-cd60f218ae branch from d0eef43 to 2fc1f0a Compare May 30, 2026 17:32
@WilliamBerryiii
Copy link
Copy Markdown
Member

WilliamBerryiii commented May 31, 2026

@dependabot rebase

@dependabot @github
Copy link
Copy Markdown
Contributor Author

dependabot Bot commented on behalf of github May 31, 2026

Looks like this PR is already up-to-date with main! If you'd still like to recreate it from scratch, overwriting any edits, you can request @dependabot recreate.

@dependabot @github
Copy link
Copy Markdown
Contributor Author

dependabot Bot commented on behalf of github Jun 1, 2026

Looks like @microsoft/vally-cli is updatable in another way, so this is no longer needed.

@dependabot dependabot Bot closed this Jun 1, 2026
@dependabot dependabot Bot deleted the dependabot/npm_and_yarn/npm-dependencies-cd60f218ae branch June 1, 2026 18:37
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@WilliamBerryiii WilliamBerryiii WilliamBerryiii approved these changes

Assignees

No one assigned

Labels

dependencies Dependency updates npm NPM package configuration

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@codecov-commenter @WilliamBerryiii