Skip to content

chore(deps): lock file maintenance#912

Merged
renovate[bot] merged 1 commit into
masterfrom
renovate/lock-file-maintenance
Aug 11, 2025
Merged

chore(deps): lock file maintenance#912
renovate[bot] merged 1 commit into
masterfrom
renovate/lock-file-maintenance

Conversation

@renovate

@renovate renovate Bot commented Aug 11, 2025

Copy link
Copy Markdown
Contributor

This PR contains the following updates:

Update Change
lockFileMaintenance All locks refreshed

🔧 This Pull Request updates lock files to use the latest dependency versions.


Configuration

📅 Schedule: Branch creation - "before 5am on monday" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.


  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Aug 11, 2025
@github-actions

Copy link
Copy Markdown

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

Scorecard details
PackageVersionScoreDetails
npm/@emnapi/core 1.4.5 🟢 4.3
Details
CheckScoreReason
Maintained🟢 1015 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 10
Code-Review⚠️ 0Found 1/25 approved changesets -- score normalized to 0
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
License🟢 10license file detected
Security-Policy⚠️ 0security policy file not detected
Fuzzing⚠️ 0project is not fuzzed
Branch-Protection⚠️ 0branch protection not enabled on development/release branches
Signed-Releases⚠️ 0Project has not signed or included provenance with any releases.
Vulnerabilities🟢 100 existing vulnerabilities detected
Packaging🟢 10packaging workflow detected
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
npm/@emnapi/runtime 1.4.5 🟢 4.3
Details
CheckScoreReason
Maintained🟢 1015 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 10
Code-Review⚠️ 0Found 1/25 approved changesets -- score normalized to 0
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
License🟢 10license file detected
Security-Policy⚠️ 0security policy file not detected
Fuzzing⚠️ 0project is not fuzzed
Branch-Protection⚠️ 0branch protection not enabled on development/release branches
Signed-Releases⚠️ 0Project has not signed or included provenance with any releases.
Vulnerabilities🟢 100 existing vulnerabilities detected
Packaging🟢 10packaging workflow detected
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
npm/@emnapi/wasi-threads 1.0.4 🟢 4.3
Details
CheckScoreReason
Maintained🟢 1015 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 10
Code-Review⚠️ 0Found 1/25 approved changesets -- score normalized to 0
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
License🟢 10license file detected
Security-Policy⚠️ 0security policy file not detected
Fuzzing⚠️ 0project is not fuzzed
Branch-Protection⚠️ 0branch protection not enabled on development/release branches
Signed-Releases⚠️ 0Project has not signed or included provenance with any releases.
Vulnerabilities🟢 100 existing vulnerabilities detected
Packaging🟢 10packaging workflow detected
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
npm/@eslint/config-helpers 0.3.1 UnknownUnknown
npm/@eslint/core 0.15.2 UnknownUnknown
npm/@eslint/js 9.33.0 🟢 6.4
Details
CheckScoreReason
Code-Review🟢 7Found 22/30 approved changesets -- score normalized to 7
Maintained🟢 1030 commit(s) and 22 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Packaging⚠️ -1packaging workflow not detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
License🟢 10license file detected
Vulnerabilities🟢 100 existing vulnerabilities detected
Branch-Protection🟢 5branch protection is not maximal on development and all release branches
Security-Policy🟢 4security policy file detected
Signed-Releases⚠️ -1no releases found
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Fuzzing⚠️ 0project is not fuzzed
SAST🟢 10SAST tool is run on all commits
npm/@eslint/plugin-kit 0.3.5 UnknownUnknown
npm/@napi-rs/wasm-runtime 0.2.12 🟢 5.2
Details
CheckScoreReason
Code-Review⚠️ 2Found 7/24 approved changesets -- score normalized to 2
Maintained🟢 1030 commit(s) and 15 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Security-Policy⚠️ 0security policy file not detected
Binary-Artifacts🟢 10no binaries found in the repo
License🟢 9license file detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Fuzzing⚠️ 0project is not fuzzed
Packaging🟢 10packaging workflow detected
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Signed-Releases⚠️ -1no releases found
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities🟢 91 existing vulnerabilities detected
npm/@tybys/wasm-util 0.10.0 UnknownUnknown
npm/@typescript-eslint/eslint-plugin 8.39.0 🟢 5.3
Details
CheckScoreReason
Packaging⚠️ -1packaging workflow not detected
Code-Review🟢 8Found 24/30 approved changesets -- score normalized to 8
Maintained🟢 1030 commit(s) and 26 issue activity found in the last 90 days -- score normalized to 10
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Security-Policy🟢 10security policy file detected
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Signed-Releases⚠️ -1no releases found
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Fuzzing⚠️ 0project is not fuzzed
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities⚠️ 033 existing vulnerabilities detected
npm/@typescript-eslint/parser 8.39.0 🟢 5.3
Details
CheckScoreReason
Packaging⚠️ -1packaging workflow not detected
Code-Review🟢 8Found 24/30 approved changesets -- score normalized to 8
Maintained🟢 1030 commit(s) and 26 issue activity found in the last 90 days -- score normalized to 10
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Security-Policy🟢 10security policy file detected
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Signed-Releases⚠️ -1no releases found
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Fuzzing⚠️ 0project is not fuzzed
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities⚠️ 033 existing vulnerabilities detected
npm/@typescript-eslint/project-service 8.39.0 🟢 5.3
Details
CheckScoreReason
Packaging⚠️ -1packaging workflow not detected
Code-Review🟢 8Found 24/30 approved changesets -- score normalized to 8
Maintained🟢 1030 commit(s) and 26 issue activity found in the last 90 days -- score normalized to 10
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Security-Policy🟢 10security policy file detected
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Signed-Releases⚠️ -1no releases found
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Fuzzing⚠️ 0project is not fuzzed
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities⚠️ 033 existing vulnerabilities detected
npm/@typescript-eslint/scope-manager 8.39.0 🟢 5.3
Details
CheckScoreReason
Packaging⚠️ -1packaging workflow not detected
Code-Review🟢 8Found 24/30 approved changesets -- score normalized to 8
Maintained🟢 1030 commit(s) and 26 issue activity found in the last 90 days -- score normalized to 10
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Security-Policy🟢 10security policy file detected
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Signed-Releases⚠️ -1no releases found
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Fuzzing⚠️ 0project is not fuzzed
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities⚠️ 033 existing vulnerabilities detected
npm/@typescript-eslint/tsconfig-utils 8.39.0 🟢 5.3
Details
CheckScoreReason
Packaging⚠️ -1packaging workflow not detected
Code-Review🟢 8Found 24/30 approved changesets -- score normalized to 8
Maintained🟢 1030 commit(s) and 26 issue activity found in the last 90 days -- score normalized to 10
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Security-Policy🟢 10security policy file detected
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Signed-Releases⚠️ -1no releases found
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Fuzzing⚠️ 0project is not fuzzed
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities⚠️ 033 existing vulnerabilities detected
npm/@typescript-eslint/type-utils 8.39.0 🟢 5.3
Details
CheckScoreReason
Packaging⚠️ -1packaging workflow not detected
Code-Review🟢 8Found 24/30 approved changesets -- score normalized to 8
Maintained🟢 1030 commit(s) and 26 issue activity found in the last 90 days -- score normalized to 10
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Security-Policy🟢 10security policy file detected
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Signed-Releases⚠️ -1no releases found
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Fuzzing⚠️ 0project is not fuzzed
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities⚠️ 033 existing vulnerabilities detected
npm/@typescript-eslint/types 8.39.0 🟢 5.3
Details
CheckScoreReason
Packaging⚠️ -1packaging workflow not detected
Code-Review🟢 8Found 24/30 approved changesets -- score normalized to 8
Maintained🟢 1030 commit(s) and 26 issue activity found in the last 90 days -- score normalized to 10
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Security-Policy🟢 10security policy file detected
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Signed-Releases⚠️ -1no releases found
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Fuzzing⚠️ 0project is not fuzzed
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities⚠️ 033 existing vulnerabilities detected
npm/@typescript-eslint/typescript-estree 8.39.0 🟢 5.3
Details
CheckScoreReason
Packaging⚠️ -1packaging workflow not detected
Code-Review🟢 8Found 24/30 approved changesets -- score normalized to 8
Maintained🟢 1030 commit(s) and 26 issue activity found in the last 90 days -- score normalized to 10
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Security-Policy🟢 10security policy file detected
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Signed-Releases⚠️ -1no releases found
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Fuzzing⚠️ 0project is not fuzzed
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities⚠️ 033 existing vulnerabilities detected
npm/@typescript-eslint/utils 8.39.0 🟢 5.3
Details
CheckScoreReason
Packaging⚠️ -1packaging workflow not detected
Code-Review🟢 8Found 24/30 approved changesets -- score normalized to 8
Maintained🟢 1030 commit(s) and 26 issue activity found in the last 90 days -- score normalized to 10
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Security-Policy🟢 10security policy file detected
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Signed-Releases⚠️ -1no releases found
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Fuzzing⚠️ 0project is not fuzzed
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities⚠️ 033 existing vulnerabilities detected
npm/@typescript-eslint/visitor-keys 8.39.0 🟢 5.3
Details
CheckScoreReason
Packaging⚠️ -1packaging workflow not detected
Code-Review🟢 8Found 24/30 approved changesets -- score normalized to 8
Maintained🟢 1030 commit(s) and 26 issue activity found in the last 90 days -- score normalized to 10
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Security-Policy🟢 10security policy file detected
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Signed-Releases⚠️ -1no releases found
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Fuzzing⚠️ 0project is not fuzzed
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities⚠️ 033 existing vulnerabilities detected
npm/@unrs/resolver-binding-android-arm-eabi 1.11.1 UnknownUnknown
npm/@unrs/resolver-binding-android-arm64 1.11.1 UnknownUnknown
npm/@unrs/resolver-binding-darwin-arm64 1.11.1 UnknownUnknown
npm/@unrs/resolver-binding-darwin-x64 1.11.1 UnknownUnknown
npm/@unrs/resolver-binding-freebsd-x64 1.11.1 UnknownUnknown
npm/@unrs/resolver-binding-linux-arm-gnueabihf 1.11.1 UnknownUnknown
npm/@unrs/resolver-binding-linux-arm-musleabihf 1.11.1 UnknownUnknown
npm/@unrs/resolver-binding-linux-arm64-gnu 1.11.1 UnknownUnknown
npm/@unrs/resolver-binding-linux-arm64-musl 1.11.1 UnknownUnknown
npm/@unrs/resolver-binding-linux-ppc64-gnu 1.11.1 UnknownUnknown
npm/@unrs/resolver-binding-linux-riscv64-gnu 1.11.1 UnknownUnknown
npm/@unrs/resolver-binding-linux-riscv64-musl 1.11.1 UnknownUnknown
npm/@unrs/resolver-binding-linux-s390x-gnu 1.11.1 UnknownUnknown
npm/@unrs/resolver-binding-linux-x64-gnu 1.11.1 UnknownUnknown
npm/@unrs/resolver-binding-linux-x64-musl 1.11.1 UnknownUnknown
npm/@unrs/resolver-binding-wasm32-wasi 1.11.1 UnknownUnknown
npm/@unrs/resolver-binding-win32-arm64-msvc 1.11.1 UnknownUnknown
npm/@unrs/resolver-binding-win32-ia32-msvc 1.11.1 UnknownUnknown
npm/@unrs/resolver-binding-win32-x64-msvc 1.11.1 UnknownUnknown
npm/eslint 9.33.0 🟢 6.4
Details
CheckScoreReason
Code-Review🟢 7Found 22/30 approved changesets -- score normalized to 7
Maintained🟢 1030 commit(s) and 22 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Packaging⚠️ -1packaging workflow not detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
License🟢 10license file detected
Vulnerabilities🟢 100 existing vulnerabilities detected
Branch-Protection🟢 5branch protection is not maximal on development and all release branches
Security-Policy🟢 4security policy file detected
Signed-Releases⚠️ -1no releases found
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Fuzzing⚠️ 0project is not fuzzed
SAST🟢 10SAST tool is run on all commits
npm/eslint-plugin-prettier 5.5.4 🟢 6
Details
CheckScoreReason
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Binary-Artifacts🟢 10no binaries found in the repo
Code-Review⚠️ 2Found 4/16 approved changesets -- score normalized to 2
Packaging⚠️ -1packaging workflow not detected
Maintained🟢 1014 commit(s) and 10 issue activity found in the last 90 days -- score normalized to 10
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Pinned-Dependencies🟢 8dependency not pinned by hash detected -- score normalized to 8
License🟢 10license file detected
Fuzzing⚠️ 0project is not fuzzed
Signed-Releases⚠️ -1no releases found
Security-Policy🟢 10security policy file detected
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities🟢 73 existing vulnerabilities detected
npm/napi-postinstall 0.3.3 UnknownUnknown
npm/tslib 2.8.1 🟢 5.5
Details
CheckScoreReason
Maintained⚠️ 00 commit(s) out of 30 and 1 issue activity out of 30 found in the last 90 days -- score normalized to 0
Code-Review🟢 7GitHub code reviews found for 23 commits out of the last 30 -- score normalized to 7
CII-Best-Practices⚠️ 0no badge detected
Vulnerabilities🟢 10no vulnerabilities detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Packaging⚠️ -1no published package detected
Token-Permissions⚠️ 0non read-only tokens detected in GitHub workflows
License🟢 10license file detected
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies🟢 9dependency not pinned by hash detected -- score normalized to 9
Signed-Releases⚠️ -1no releases found
Security-Policy🟢 10security policy file detected
Branch-Protection⚠️ 0branch protection not enabled on development/release branches
Dependency-Update-Tool⚠️ 0no update tool detected
Fuzzing⚠️ -1internal error: internal error: Client.Search.Code: Search.Code: GET https://api.github.com/search/code?q=github.com+microsoft+tslib+repo%3Agoogle%2Foss-fuzz+in%3Afile+filename%3Aproject.yaml: 400 []
npm/typescript 5.9.2 🟢 8.3
Details
CheckScoreReason
Code-Review🟢 10all changesets reviewed
Packaging⚠️ -1packaging workflow not detected
Maintained🟢 1030 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Security-Policy🟢 10security policy file detected
Dependency-Update-Tool🟢 10update tool detected
Token-Permissions🟢 9detected GitHub workflow tokens with excessive permissions
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Signed-Releases⚠️ 0Project has not signed or included provenance with any releases.
License🟢 10license file detected
Branch-Protection🟢 8branch protection is not maximal on development and all release branches
Binary-Artifacts🟢 10no binaries found in the repo
SAST🟢 9SAST tool detected but not run on all commits
Pinned-Dependencies🟢 6dependency not pinned by hash detected -- score normalized to 6
Fuzzing🟢 10project is fuzzed
Vulnerabilities🟢 82 existing vulnerabilities detected
CI-Tests🟢 929 out of 30 merged PRs checked by a CI test -- score normalized to 9
Contributors🟢 10project has 35 contributing companies or organizations
npm/typescript-eslint 8.39.0 🟢 5.3
Details
CheckScoreReason
Packaging⚠️ -1packaging workflow not detected
Code-Review🟢 8Found 24/30 approved changesets -- score normalized to 8
Maintained🟢 1030 commit(s) and 26 issue activity found in the last 90 days -- score normalized to 10
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Security-Policy🟢 10security policy file detected
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Signed-Releases⚠️ -1no releases found
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Fuzzing⚠️ 0project is not fuzzed
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities⚠️ 033 existing vulnerabilities detected

Scanned Files

  • package-lock.json

@renovate renovate Bot merged commit ca2e137 into master Aug 11, 2025
6 checks passed
@renovate renovate Bot deleted the renovate/lock-file-maintenance branch August 11, 2025 05:08
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants