Skip to content

Bump the npm group across 2 directories with 4 updates#693

Merged
github-actions[bot] merged 1 commit into
mainfrom
dependabot/npm_and_yarn/npm-582df629ab
Oct 13, 2025
Merged

Bump the npm group across 2 directories with 4 updates#693
github-actions[bot] merged 1 commit into
mainfrom
dependabot/npm_and_yarn/npm-582df629ab

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Oct 13, 2025

Copy link
Copy Markdown
Contributor

Bumps the npm group with 4 updates in the / directory: @aws-sdk/client-cloudformation, @types/node, ts-jest and aws-cdk.
Bumps the npm group with 2 updates in the /test directory: @types/node and aws-cdk.

Updates @aws-sdk/client-cloudformation from 3.906.0 to 3.908.0

Release notes

Sourced from @​aws-sdk/client-cloudformation's releases.

v3.908.0

3.908.0(2025-10-10)

Chores
  • codegen: sync for bowser removal, lstat fixes (#7418) (511167d5)
Documentation Changes
  • client-rds: Updated the text in the Important section of the ModifyDBClusterParameterGroup page. (23a42361)
New Features
  • clients: update client endpoints as of 2025-10-10 (b5e87b16)
  • client-lambda: Add InvokedViaFunctionUrl context key to limit invocations to only FURL invokes. (cf1e3beb)
  • client-bedrock-agentcore-control: Bedrock AgentCore release for Gateway, and Memory including Self-Managed Strategies support for Memory. (dd8408b9)
  • client-odb: This release adds APIs that allow you to specify CIDR ranges in your ODB peering connection. (72de496b)
  • client-cloudfront: Added new viewer security policy, TLSv1.2_2025, for CloudFront. (bbe5fc55)
  • client-bedrock-agentcore: Bedrock AgentCore release for Runtime, and Memory. (9ad809ec)
  • client-glue: Addition of AuditContext in GetTable/GetTables Request (cf3d8e19)
Bug Fixes
  • codegen: apply reserved word escaping to union shape in Json serializer (#7419) (9ee6cdcd)

For list of updated packages, view updated-packages.md in assets-3.908.0.zip

v3.907.0

3.907.0(2025-10-09)

Chores
  • util-user-agent-browser: remove bowser from default UA provider (#7413) (a94d95f7)
  • ci: run publish for codegen (#7415) (b2f1ac0c)
New Features
  • clients: update client endpoints as of 2025-10-09 (98148915)
  • client-wafv2: This release adds the ability to throw WafLimitsExceededException when the maximum number of Application Load Balancer (ALB) associations per AWS WAF v2 WebACL is exceeded. (33438d9d)
  • client-quicksight: This release adds support for ActionConnector and Flow, which are new resources associated with Amazon Quick Suite. Additional updates include expanded Data Source options, further branding customization, and new capabilities that can be restricted by Admins. (72c12a09)
Tests
  • core: modify request compression threshold values (#7414) (6b45d720)

... (truncated)

Changelog

Sourced from @​aws-sdk/client-cloudformation's changelog.

3.908.0 (2025-10-10)

Note: Version bump only for package @​aws-sdk/client-cloudformation

3.907.0 (2025-10-09)

Note: Version bump only for package @​aws-sdk/client-cloudformation

Commits

Updates @types/node from 24.7.0 to 24.7.1

Commits

Updates ts-jest from 29.4.4 to 29.4.5

Release notes

Sourced from ts-jest's releases.

v29.4.5

Please refer to CHANGELOG.md for details.

Changelog

Sourced from ts-jest's changelog.

29.4.5 (2025-10-10)

Bug Fixes

  • allow filtering modern module warning message with diagnostic code (c290d4d), , closes #5013
Commits
  • 9d5248a chore(release): 29.4.5
  • ca8b623 refactor: improve message about using Node16/18/Next
  • c290d4d fix: allow filtering modern module warning message with diagnostic code
  • 1ff2dda build: replace conventional-changelog-cli dep
  • 1c08db3 ci: run npm ci --ignore-scripts for workflows
  • 9f60d2c ci: enhance security for Renovate PRs
  • 1c1077f build(deps): Update dependency @​formatjs/ts-transformer to ^3.14.2
  • 9037f2f build(deps): Update dependency @​types/node to v20.19.20
  • 6ed0e1c build(deps): Update dependency semver to ^7.7.3
  • 4a06f8c build(deps): Update github/codeql-action digest to a8d1ac4
  • Additional commits viewable in compare view

Updates aws-cdk from 2.1029.4 to 2.1030.0

Release notes

Sourced from aws-cdk's releases.

aws-cdk@v2.1030.0

2.1030.0 (2025-10-09)

Features

  • cli: allow users to enable all feature flags that do not impact their application (#798) (05954dd)
  • cli: auto-detect language for single-language custom templates (#819) (e46adaf)

Bug Fixes

  • cli: metadata path in generated templates is invalid for migrate command (#909) (d530564), closes #902
Commits
  • e46adaf feat(cli): auto-detect language for single-language custom templates (#819)
  • d530564 fix(cli): metadata path in generated templates is invalid for migrate command...
  • 3177fd0 chore(cli-lib-alpha): stop releasing deprecated package (#905)
  • 9855c8f refactor(toolkit-lib): standardize confirmation requests to use ConfirmationR...
  • 05954dd feat(cli): allow users to enable all feature flags that do not impact their a...
  • ab4a08f chore(cli): add cdk flags to readme command list (#899)
  • See full diff in compare view

Updates @types/node from 24.7.0 to 24.7.1

Commits

Updates aws-cdk from 2.1029.4 to 2.1030.0

Release notes

Sourced from aws-cdk's releases.

aws-cdk@v2.1030.0

2.1030.0 (2025-10-09)

Features

  • cli: allow users to enable all feature flags that do not impact their application (#798) (05954dd)
  • cli: auto-detect language for single-language custom templates (#819) (e46adaf)

Bug Fixes

  • cli: metadata path in generated templates is invalid for migrate command (#909) (d530564), closes #902
Commits
  • e46adaf feat(cli): auto-detect language for single-language custom templates (#819)
  • d530564 fix(cli): metadata path in generated templates is invalid for migrate command...
  • 3177fd0 chore(cli-lib-alpha): stop releasing deprecated package (#905)
  • 9855c8f refactor(toolkit-lib): standardize confirmation requests to use ConfirmationR...
  • 05954dd feat(cli): allow users to enable all feature flags that do not impact their a...
  • ab4a08f chore(cli): add cdk flags to readme command list (#899)
  • See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
Bump the npm group across 2 directories with 4 updates
f19dfaa 
Bumps the npm group with 4 updates in the / directory: [@aws-sdk/client-cloudformation](https://github.com/aws/aws-sdk-js-v3/tree/HEAD/clients/client-cloudformation), [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node), [ts-jest](https://github.com/kulshekhar/ts-jest) and [aws-cdk](https://github.com/aws/aws-cdk-cli/tree/HEAD/packages/aws-cdk).
Bumps the npm group with 2 updates in the /test directory: [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) and [aws-cdk](https://github.com/aws/aws-cdk-cli/tree/HEAD/packages/aws-cdk).


Updates `@aws-sdk/client-cloudformation` from 3.906.0 to 3.908.0
- [Release notes](https://github.com/aws/aws-sdk-js-v3/releases)
- [Changelog](https://github.com/aws/aws-sdk-js-v3/blob/main/clients/client-cloudformation/CHANGELOG.md)
- [Commits](https://github.com/aws/aws-sdk-js-v3/commits/v3.908.0/clients/client-cloudformation)

Updates `@types/node` from 24.7.0 to 24.7.1
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

Updates `ts-jest` from 29.4.4 to 29.4.5
- [Release notes](https://github.com/kulshekhar/ts-jest/releases)
- [Changelog](https://github.com/kulshekhar/ts-jest/blob/main/CHANGELOG.md)
- [Commits](kulshekhar/ts-jest@v29.4.4...v29.4.5)

Updates `aws-cdk` from 2.1029.4 to 2.1030.0
- [Release notes](https://github.com/aws/aws-cdk-cli/releases)
- [Commits](https://github.com/aws/aws-cdk-cli/commits/aws-cdk@v2.1030.0/packages/aws-cdk)

Updates `@types/node` from 24.7.0 to 24.7.1
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

Updates `aws-cdk` from 2.1029.4 to 2.1030.0
- [Release notes](https://github.com/aws/aws-cdk-cli/releases)
- [Commits](https://github.com/aws/aws-cdk-cli/commits/aws-cdk@v2.1030.0/packages/aws-cdk)

---
updated-dependencies:
- dependency-name: "@aws-sdk/client-cloudformation"
  dependency-version: 3.908.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: npm
- dependency-name: "@types/node"
  dependency-version: 24.7.1
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: npm
- dependency-name: ts-jest
  dependency-version: 29.4.5
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: npm
- dependency-name: aws-cdk
  dependency-version: 2.1030.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm
- dependency-name: "@types/node"
  dependency-version: 24.7.1
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: npm
- dependency-name: aws-cdk
  dependency-version: 2.1030.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Oct 13, 2025
@github-actions github-actions Bot enabled auto-merge (squash) October 13, 2025 21:14
@github-actions

github-actions Bot commented Oct 13, 2025

Copy link
Copy Markdown

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

Scorecard details
PackageVersionScoreDetails
npm/@aws-sdk/client-cloudformation ^3.908.0 🟢 4.7
Details
CheckScoreReason
Maintained🟢 1030 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 10
Code-Review⚠️ 2Found 8/30 approved changesets -- score normalized to 2
Packaging⚠️ -1packaging workflow not detected
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Signed-Releases⚠️ 0Project has not signed or included provenance with any releases.
Security-Policy🟢 10security policy file detected
SAST🟢 10SAST tool is run on all commits
Binary-Artifacts🟢 8binaries present in source code
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Vulnerabilities⚠️ 030 existing vulnerabilities detected
Fuzzing⚠️ 0project is not fuzzed
npm/@types/node ^24.7.1 🟢 6.9
Details
CheckScoreReason
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Packaging⚠️ -1packaging workflow not detected
Maintained🟢 1030 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 10
Code-Review🟢 8Found 25/29 approved changesets -- score normalized to 8
License🟢 9license file detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Security-Policy🟢 10security policy file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Vulnerabilities🟢 100 existing vulnerabilities detected
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies🟢 8dependency not pinned by hash detected -- score normalized to 8
Fuzzing⚠️ 0project is not fuzzed
npm/ts-jest ^29.4.5 🟢 6.3
Details
CheckScoreReason
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Maintained🟢 1030 commit(s) and 8 issue activity found in the last 90 days -- score normalized to 10
Code-Review⚠️ -1Found no human activity in the last 30 changesets
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Binary-Artifacts🟢 10no binaries found in the repo
Packaging⚠️ -1packaging workflow not detected
Security-Policy⚠️ 0security policy file not detected
Pinned-Dependencies🟢 7dependency not pinned by hash detected -- score normalized to 7
License🟢 10license file detected
Fuzzing⚠️ 0project is not fuzzed
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
SAST🟢 10SAST tool is run on all commits
Vulnerabilities🟢 73 existing vulnerabilities detected
npm/@aws-sdk/client-cloudformation 3.908.0 🟢 4.7
Details
CheckScoreReason
Maintained🟢 1030 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 10
Code-Review⚠️ 2Found 8/30 approved changesets -- score normalized to 2
Packaging⚠️ -1packaging workflow not detected
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Signed-Releases⚠️ 0Project has not signed or included provenance with any releases.
Security-Policy🟢 10security policy file detected
SAST🟢 10SAST tool is run on all commits
Binary-Artifacts🟢 8binaries present in source code
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Vulnerabilities⚠️ 030 existing vulnerabilities detected
Fuzzing⚠️ 0project is not fuzzed
npm/@aws-sdk/client-sso 3.908.0 🟢 4.7
Details
CheckScoreReason
Maintained🟢 1030 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 10
Code-Review⚠️ 2Found 8/30 approved changesets -- score normalized to 2
Packaging⚠️ -1packaging workflow not detected
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Signed-Releases⚠️ 0Project has not signed or included provenance with any releases.
Security-Policy🟢 10security policy file detected
SAST🟢 10SAST tool is run on all commits
Binary-Artifacts🟢 8binaries present in source code
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Vulnerabilities⚠️ 030 existing vulnerabilities detected
Fuzzing⚠️ 0project is not fuzzed
npm/@aws-sdk/core 3.908.0 🟢 4.7
Details
CheckScoreReason
Maintained🟢 1030 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 10
Code-Review⚠️ 2Found 8/30 approved changesets -- score normalized to 2
Packaging⚠️ -1packaging workflow not detected
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Signed-Releases⚠️ 0Project has not signed or included provenance with any releases.
Security-Policy🟢 10security policy file detected
SAST🟢 10SAST tool is run on all commits
Binary-Artifacts🟢 8binaries present in source code
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Vulnerabilities⚠️ 030 existing vulnerabilities detected
Fuzzing⚠️ 0project is not fuzzed
npm/@aws-sdk/credential-provider-env 3.908.0 🟢 4.7
Details
CheckScoreReason
Maintained🟢 1030 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 10
Code-Review⚠️ 2Found 8/30 approved changesets -- score normalized to 2
Packaging⚠️ -1packaging workflow not detected
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Signed-Releases⚠️ 0Project has not signed or included provenance with any releases.
Security-Policy🟢 10security policy file detected
SAST🟢 10SAST tool is run on all commits
Binary-Artifacts🟢 8binaries present in source code
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Vulnerabilities⚠️ 030 existing vulnerabilities detected
Fuzzing⚠️ 0project is not fuzzed
npm/@aws-sdk/credential-provider-http 3.908.0 🟢 4.7
Details
CheckScoreReason
Maintained🟢 1030 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 10
Code-Review⚠️ 2Found 8/30 approved changesets -- score normalized to 2
Packaging⚠️ -1packaging workflow not detected
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Signed-Releases⚠️ 0Project has not signed or included provenance with any releases.
Security-Policy🟢 10security policy file detected
SAST🟢 10SAST tool is run on all commits
Binary-Artifacts🟢 8binaries present in source code
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Vulnerabilities⚠️ 030 existing vulnerabilities detected
Fuzzing⚠️ 0project is not fuzzed
npm/@aws-sdk/credential-provider-ini 3.908.0 🟢 4.7
Details
CheckScoreReason
Maintained🟢 1030 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 10
Code-Review⚠️ 2Found 8/30 approved changesets -- score normalized to 2
Packaging⚠️ -1packaging workflow not detected
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Signed-Releases⚠️ 0Project has not signed or included provenance with any releases.
Security-Policy🟢 10security policy file detected
SAST🟢 10SAST tool is run on all commits
Binary-Artifacts🟢 8binaries present in source code
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Vulnerabilities⚠️ 030 existing vulnerabilities detected
Fuzzing⚠️ 0project is not fuzzed
npm/@aws-sdk/credential-provider-node 3.908.0 🟢 4.7
Details
CheckScoreReason
Maintained🟢 1030 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 10
Code-Review⚠️ 2Found 8/30 approved changesets -- score normalized to 2
Packaging⚠️ -1packaging workflow not detected
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Signed-Releases⚠️ 0Project has not signed or included provenance with any releases.
Security-Policy🟢 10security policy file detected
SAST🟢 10SAST tool is run on all commits
Binary-Artifacts🟢 8binaries present in source code
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Vulnerabilities⚠️ 030 existing vulnerabilities detected
Fuzzing⚠️ 0project is not fuzzed
npm/@aws-sdk/credential-provider-process 3.908.0 🟢 4.7
Details
CheckScoreReason
Maintained🟢 1030 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 10
Code-Review⚠️ 2Found 8/30 approved changesets -- score normalized to 2
Packaging⚠️ -1packaging workflow not detected
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Signed-Releases⚠️ 0Project has not signed or included provenance with any releases.
Security-Policy🟢 10security policy file detected
SAST🟢 10SAST tool is run on all commits
Binary-Artifacts🟢 8binaries present in source code
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Vulnerabilities⚠️ 030 existing vulnerabilities detected
Fuzzing⚠️ 0project is not fuzzed
npm/@aws-sdk/credential-provider-sso 3.908.0 🟢 4.7
Details
CheckScoreReason
Maintained🟢 1030 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 10
Code-Review⚠️ 2Found 8/30 approved changesets -- score normalized to 2
Packaging⚠️ -1packaging workflow not detected
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Signed-Releases⚠️ 0Project has not signed or included provenance with any releases.
Security-Policy🟢 10security policy file detected
SAST🟢 10SAST tool is run on all commits
Binary-Artifacts🟢 8binaries present in source code
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Vulnerabilities⚠️ 030 existing vulnerabilities detected
Fuzzing⚠️ 0project is not fuzzed
npm/@aws-sdk/credential-provider-web-identity 3.908.0 🟢 4.7
Details
CheckScoreReason
Maintained🟢 1030 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 10
Code-Review⚠️ 2Found 8/30 approved changesets -- score normalized to 2
Packaging⚠️ -1packaging workflow not detected
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Signed-Releases⚠️ 0Project has not signed or included provenance with any releases.
Security-Policy🟢 10security policy file detected
SAST🟢 10SAST tool is run on all commits
Binary-Artifacts🟢 8binaries present in source code
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Vulnerabilities⚠️ 030 existing vulnerabilities detected
Fuzzing⚠️ 0project is not fuzzed
npm/@aws-sdk/middleware-user-agent 3.908.0 🟢 4.7
Details
CheckScoreReason
Maintained🟢 1030 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 10
Code-Review⚠️ 2Found 8/30 approved changesets -- score normalized to 2
Packaging⚠️ -1packaging workflow not detected
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Signed-Releases⚠️ 0Project has not signed or included provenance with any releases.
Security-Policy🟢 10security policy file detected
SAST🟢 10SAST tool is run on all commits
Binary-Artifacts🟢 8binaries present in source code
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Vulnerabilities⚠️ 030 existing vulnerabilities detected
Fuzzing⚠️ 0project is not fuzzed
npm/@aws-sdk/nested-clients 3.908.0 🟢 4.7
Details
CheckScoreReason
Maintained🟢 1030 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 10
Code-Review⚠️ 2Found 8/30 approved changesets -- score normalized to 2
Packaging⚠️ -1packaging workflow not detected
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Signed-Releases⚠️ 0Project has not signed or included provenance with any releases.
Security-Policy🟢 10security policy file detected
SAST🟢 10SAST tool is run on all commits
Binary-Artifacts🟢 8binaries present in source code
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Vulnerabilities⚠️ 030 existing vulnerabilities detected
Fuzzing⚠️ 0project is not fuzzed
npm/@aws-sdk/token-providers 3.908.0 🟢 4.7
Details
CheckScoreReason
Maintained🟢 1030 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 10
Code-Review⚠️ 2Found 8/30 approved changesets -- score normalized to 2
Packaging⚠️ -1packaging workflow not detected
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Signed-Releases⚠️ 0Project has not signed or included provenance with any releases.
Security-Policy🟢 10security policy file detected
SAST🟢 10SAST tool is run on all commits
Binary-Artifacts🟢 8binaries present in source code
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Vulnerabilities⚠️ 030 existing vulnerabilities detected
Fuzzing⚠️ 0project is not fuzzed
npm/@aws-sdk/util-user-agent-browser 3.907.0 🟢 4.7
Details
CheckScoreReason
Maintained🟢 1030 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 10
Code-Review⚠️ 2Found 8/30 approved changesets -- score normalized to 2
Packaging⚠️ -1packaging workflow not detected
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Signed-Releases⚠️ 0Project has not signed or included provenance with any releases.
Security-Policy🟢 10security policy file detected
SAST🟢 10SAST tool is run on all commits
Binary-Artifacts🟢 8binaries present in source code
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Vulnerabilities⚠️ 030 existing vulnerabilities detected
Fuzzing⚠️ 0project is not fuzzed
npm/@aws-sdk/util-user-agent-node 3.908.0 🟢 4.7
Details
CheckScoreReason
Maintained🟢 1030 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 10
Code-Review⚠️ 2Found 8/30 approved changesets -- score normalized to 2
Packaging⚠️ -1packaging workflow not detected
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Signed-Releases⚠️ 0Project has not signed or included provenance with any releases.
Security-Policy🟢 10security policy file detected
SAST🟢 10SAST tool is run on all commits
Binary-Artifacts🟢 8binaries present in source code
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Vulnerabilities⚠️ 030 existing vulnerabilities detected
Fuzzing⚠️ 0project is not fuzzed
npm/@types/node 24.7.1 🟢 6.9
Details
CheckScoreReason
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Packaging⚠️ -1packaging workflow not detected
Maintained🟢 1030 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 10
Code-Review🟢 8Found 25/29 approved changesets -- score normalized to 8
License🟢 9license file detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Security-Policy🟢 10security policy file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Vulnerabilities🟢 100 existing vulnerabilities detected
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies🟢 8dependency not pinned by hash detected -- score normalized to 8
Fuzzing⚠️ 0project is not fuzzed
npm/@types/node 24.7.2 🟢 6.9
Details
CheckScoreReason
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Packaging⚠️ -1packaging workflow not detected
Maintained🟢 1030 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 10
Code-Review🟢 8Found 25/29 approved changesets -- score normalized to 8
License🟢 9license file detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Security-Policy🟢 10security policy file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Vulnerabilities🟢 100 existing vulnerabilities detected
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies🟢 8dependency not pinned by hash detected -- score normalized to 8
Fuzzing⚠️ 0project is not fuzzed
npm/aws-cdk 2.1030.0 UnknownUnknown
npm/ts-jest 29.4.5 🟢 6.3
Details
CheckScoreReason
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Maintained🟢 1030 commit(s) and 8 issue activity found in the last 90 days -- score normalized to 10
Code-Review⚠️ -1Found no human activity in the last 30 changesets
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Binary-Artifacts🟢 10no binaries found in the repo
Packaging⚠️ -1packaging workflow not detected
Security-Policy⚠️ 0security policy file not detected
Pinned-Dependencies🟢 7dependency not pinned by hash detected -- score normalized to 7
License🟢 10license file detected
Fuzzing⚠️ 0project is not fuzzed
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
SAST🟢 10SAST tool is run on all commits
Vulnerabilities🟢 73 existing vulnerabilities detected
npm/@types/node ^24.7.1 🟢 6.9
Details
CheckScoreReason
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Packaging⚠️ -1packaging workflow not detected
Maintained🟢 1030 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 10
Code-Review🟢 8Found 25/29 approved changesets -- score normalized to 8
License🟢 9license file detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Security-Policy🟢 10security policy file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Vulnerabilities🟢 100 existing vulnerabilities detected
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies🟢 8dependency not pinned by hash detected -- score normalized to 8
Fuzzing⚠️ 0project is not fuzzed
npm/aws-cdk ^2.1030.0 UnknownUnknown

Scanned Files

  • package.json
  • pnpm-lock.yaml
  • test/package.json

@github-actions github-actions Bot merged commit c34b1ef into main Oct 13, 2025
7 checks passed
@github-actions github-actions Bot deleted the dependabot/npm_and_yarn/npm-582df629ab branch October 13, 2025 21:15
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@github-actions github-actions[bot] github-actions[bot] approved these changes

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants