Bump the npm group across 2 directories with 2 updates by dependabot[bot] · Pull Request #708 · poad/aws-cloudformation-stack-status-checker

dependabot · 2025-10-31T21:13:16Z

Bumps the npm group with 2 updates in the / directory: @aws-sdk/client-cloudformation and @types/node.
Bumps the npm group with 1 update in the /test directory: @types/node.

Updates @aws-sdk/client-cloudformation from 3.918.0 to 3.919.0

Release notes

Sourced from @aws-sdk/client-cloudformation's releases.

v3.919.0

3.919.0(2025-10-28)

Chores

middleware-recursion-detection: update version of lambda invoke store (#7462) (9fa89eb9)

clients: remove QLDB, RoboMaker, LookoutMetrics, LookoutVision, IoTFleetHub, and AppTest (#7461) (45f629d4)

New Features

client-marketplace-deployment: Update endpoint ruleset parameters casing (18bd6edc)

client-lambda: Added SerializedRequestEntityTooLargeException to Lambda Invoke API (2a5606e9)

client-codeconnections: Update endpoint ruleset parameters casing (e739472b)

client-cloudwatch-events: Update endpoint ruleset parameters casing (bf6a5663)

client-ec2: This released the DescribeCapacityReservationTopology API. (245f5dab)

client-s3-control: Update endpoint ruleset parameters casing (cdf2915d)

client-apigatewayv2: Update endpoint ruleset parameters casing (8a36bd0d)

client-security-ir: Update endpoint ruleset parameters casing (cc4df02c)

client-sagemaker: Amazon SageMaker now supports deleting training and processing jobs in a terminal status. (92883b1f)

client-kafkaconnect: Update endpoint ruleset parameters casing (9f896714)

client-detective: Update endpoint ruleset parameters casing (c6c310dd)

client-cloud9: Update endpoint ruleset parameters casing (2cb95dc7)

client-elastic-transcoder: Update endpoint ruleset parameters casing (375a9fcf)

client-gameliftstreams: Add stream group expiration date and expired status (99d415d2)

client-transcribe-streaming: Update endpoint ruleset parameters casing (c892afe7)

client-backupsearch: Update endpoint ruleset parameters casing (98c2e078)

client-inspector-scan: Update endpoint ruleset parameters casing (1e525549)

client-trustedadvisor: Update endpoint ruleset parameters casing (6c5435e1)

client-organizations: Added Account State field to the ListDelegatedAdministrators API response. (5f7f0d5c)

client-workspaces: Added IPv6 address support for WorkSpaces using Dual-Stack subnets (4b295a24)

client-xray: Update endpoint ruleset parameters casing (7d35139e)

client-sagemaker-featurestore-runtime: Update endpoint ruleset parameters casing (6af9add4)

client-efs: Update endpoint ruleset parameters casing (f7e8466e)

client-kinesis-video: Update endpoint ruleset parameters casing (75e04a62)

client-resource-groups: Update endpoint ruleset parameters casing (eda189bd)

client-cleanroomsml: Update endpoint ruleset parameters casing (c378bd51)

client-support-app: Update endpoint ruleset parameters casing (84b25410)

client-bcm-pricing-calculator: Update endpoint ruleset parameters casing (f2aa1e6f)

client-mediapackage-vod: Update endpoint ruleset parameters casing (36b8888f)

client-codeguru-security: Update endpoint ruleset parameters casing (7cca7312)

client-cloudsearch-domain: Update endpoint ruleset parameters casing (f311d049)

client-glacier: Update endpoint ruleset parameters casing (db8370c0)

client-bedrock-runtime: Update endpoint ruleset parameters casing (b87ba266)

client-kendra: Update endpoint ruleset parameters casing (778c08c6)

client-sqs: Update endpoint ruleset parameters casing (250af94a)

client-ecs: Amazon ECS supports native linear and canary service deployments, allowing you to shift traffic in increments for more control. (7866b599)

client-partnercentral-selling: Update endpoint ruleset parameters casing (0083cb03)

client-workspaces-instances: Update endpoint ruleset parameters casing (fec9d0c3)

client-opensearch: Update endpoint ruleset parameters casing (abf96a51)

client-groundstation: Enable use of AzEl ephemerides (657d6a01)

... (truncated)

Changelog

Sourced from @aws-sdk/client-cloudformation's changelog.

3.919.0 (2025-10-28)

Note: Version bump only for package @aws-sdk/client-cloudformation

Commits

6865eb6 Publish v3.919.0
See full diff in compare view

Updates @types/node from 24.9.1 to 24.9.2

Commits

See full diff in compare view

Updates @types/node from 24.9.1 to 24.9.2

Commits

See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the npm group with 2 updates in the / directory: [@aws-sdk/client-cloudformation](https://github.com/aws/aws-sdk-js-v3/tree/HEAD/clients/client-cloudformation) and [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node). Bumps the npm group with 1 update in the /test directory: [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node). Updates `@aws-sdk/client-cloudformation` from 3.918.0 to 3.919.0 - [Release notes](https://github.com/aws/aws-sdk-js-v3/releases) - [Changelog](https://github.com/aws/aws-sdk-js-v3/blob/main/clients/client-cloudformation/CHANGELOG.md) - [Commits](https://github.com/aws/aws-sdk-js-v3/commits/v3.919.0/clients/client-cloudformation) Updates `@types/node` from 24.9.1 to 24.9.2 - [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases) - [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node) Updates `@types/node` from 24.9.1 to 24.9.2 - [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases) - [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node) --- updated-dependencies: - dependency-name: "@aws-sdk/client-cloudformation" dependency-version: 3.919.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: npm - dependency-name: "@types/node" dependency-version: 24.9.2 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: npm - dependency-name: "@types/node" dependency-version: 24.9.2 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: npm ... Signed-off-by: dependabot[bot] <support@github.com>

github-actions · 2025-10-31T21:13:41Z

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

Scorecard details

Package

Version

Score

Details

npm/@aws-sdk/client-cloudformation

^3.919.0

🟢 4.2

Details

Check	Score	Reason
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Code-Review	⚠️ 0	Found 0/30 approved changesets -- score normalized to 0
Maintained	🟢 10	30 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
License	🟢 10	license file detected
Signed-Releases	⚠️ 0	Project has not signed or included provenance with any releases.
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Security-Policy	🟢 10	security policy file detected
Packaging	🟢 10	packaging workflow detected
SAST	⚠️ 0	no SAST tool detected
Binary-Artifacts	🟢 8	binaries present in source code
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Vulnerabilities	⚠️ 0	32 existing vulnerabilities detected
Fuzzing	⚠️ 0	project is not fuzzed

npm/@types/node

^24.9.2

🟢 7

Details

Check	Score	Reason
Code-Review	🟢 9	Found 27/30 approved changesets -- score normalized to 9
Maintained	🟢 10	30 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 10
Packaging	⚠️ -1	packaging workflow not detected
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Security-Policy	🟢 10	security policy file detected
License	🟢 9	license file detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Vulnerabilities	🟢 10	0 existing vulnerabilities detected
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Binary-Artifacts	🟢 10	no binaries found in the repo
Pinned-Dependencies	🟢 8	dependency not pinned by hash detected -- score normalized to 8
Fuzzing	⚠️ 0	project is not fuzzed

npm/@aws-sdk/client-cloudformation

3.919.0

🟢 4.2

Details

Check	Score	Reason
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Code-Review	⚠️ 0	Found 0/30 approved changesets -- score normalized to 0
Maintained	🟢 10	30 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
License	🟢 10	license file detected
Signed-Releases	⚠️ 0	Project has not signed or included provenance with any releases.
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Security-Policy	🟢 10	security policy file detected
Packaging	🟢 10	packaging workflow detected
SAST	⚠️ 0	no SAST tool detected
Binary-Artifacts	🟢 8	binaries present in source code
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Vulnerabilities	⚠️ 0	32 existing vulnerabilities detected
Fuzzing	⚠️ 0	project is not fuzzed

npm/@aws-sdk/client-sso

3.919.0

🟢 4.2

Details

Check	Score	Reason
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Code-Review	⚠️ 0	Found 0/30 approved changesets -- score normalized to 0
Maintained	🟢 10	30 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
License	🟢 10	license file detected
Signed-Releases	⚠️ 0	Project has not signed or included provenance with any releases.
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Security-Policy	🟢 10	security policy file detected
Packaging	🟢 10	packaging workflow detected
SAST	⚠️ 0	no SAST tool detected
Binary-Artifacts	🟢 8	binaries present in source code
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Vulnerabilities	⚠️ 0	32 existing vulnerabilities detected
Fuzzing	⚠️ 0	project is not fuzzed

npm/@aws-sdk/credential-provider-ini

3.919.0

🟢 4.2

Details

Check	Score	Reason
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Code-Review	⚠️ 0	Found 0/30 approved changesets -- score normalized to 0
Maintained	🟢 10	30 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
License	🟢 10	license file detected
Signed-Releases	⚠️ 0	Project has not signed or included provenance with any releases.
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Security-Policy	🟢 10	security policy file detected
Packaging	🟢 10	packaging workflow detected
SAST	⚠️ 0	no SAST tool detected
Binary-Artifacts	🟢 8	binaries present in source code
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Vulnerabilities	⚠️ 0	32 existing vulnerabilities detected
Fuzzing	⚠️ 0	project is not fuzzed

npm/@aws-sdk/credential-provider-node

3.919.0

🟢 4.2

Details

Check	Score	Reason
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Code-Review	⚠️ 0	Found 0/30 approved changesets -- score normalized to 0
Maintained	🟢 10	30 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
License	🟢 10	license file detected
Signed-Releases	⚠️ 0	Project has not signed or included provenance with any releases.
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Security-Policy	🟢 10	security policy file detected
Packaging	🟢 10	packaging workflow detected
SAST	⚠️ 0	no SAST tool detected
Binary-Artifacts	🟢 8	binaries present in source code
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Vulnerabilities	⚠️ 0	32 existing vulnerabilities detected
Fuzzing	⚠️ 0	project is not fuzzed

npm/@aws-sdk/credential-provider-sso

3.919.0

🟢 4.2

Details

Check	Score	Reason
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Code-Review	⚠️ 0	Found 0/30 approved changesets -- score normalized to 0
Maintained	🟢 10	30 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
License	🟢 10	license file detected
Signed-Releases	⚠️ 0	Project has not signed or included provenance with any releases.
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Security-Policy	🟢 10	security policy file detected
Packaging	🟢 10	packaging workflow detected
SAST	⚠️ 0	no SAST tool detected
Binary-Artifacts	🟢 8	binaries present in source code
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Vulnerabilities	⚠️ 0	32 existing vulnerabilities detected
Fuzzing	⚠️ 0	project is not fuzzed

npm/@aws-sdk/credential-provider-web-identity

3.919.0

🟢 4.2

Details

Check	Score	Reason
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Code-Review	⚠️ 0	Found 0/30 approved changesets -- score normalized to 0
Maintained	🟢 10	30 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
License	🟢 10	license file detected
Signed-Releases	⚠️ 0	Project has not signed or included provenance with any releases.
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Security-Policy	🟢 10	security policy file detected
Packaging	🟢 10	packaging workflow detected
SAST	⚠️ 0	no SAST tool detected
Binary-Artifacts	🟢 8	binaries present in source code
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Vulnerabilities	⚠️ 0	32 existing vulnerabilities detected
Fuzzing	⚠️ 0	project is not fuzzed

npm/@aws-sdk/middleware-recursion-detection

3.919.0

🟢 4.2

Details

Check	Score	Reason
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Code-Review	⚠️ 0	Found 0/30 approved changesets -- score normalized to 0
Maintained	🟢 10	30 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
License	🟢 10	license file detected
Signed-Releases	⚠️ 0	Project has not signed or included provenance with any releases.
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Security-Policy	🟢 10	security policy file detected
Packaging	🟢 10	packaging workflow detected
SAST	⚠️ 0	no SAST tool detected
Binary-Artifacts	🟢 8	binaries present in source code
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Vulnerabilities	⚠️ 0	32 existing vulnerabilities detected
Fuzzing	⚠️ 0	project is not fuzzed

npm/@aws-sdk/nested-clients

3.919.0

🟢 4.2

Details

Check	Score	Reason
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Code-Review	⚠️ 0	Found 0/30 approved changesets -- score normalized to 0
Maintained	🟢 10	30 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
License	🟢 10	license file detected
Signed-Releases	⚠️ 0	Project has not signed or included provenance with any releases.
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Security-Policy	🟢 10	security policy file detected
Packaging	🟢 10	packaging workflow detected
SAST	⚠️ 0	no SAST tool detected
Binary-Artifacts	🟢 8	binaries present in source code
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Vulnerabilities	⚠️ 0	32 existing vulnerabilities detected
Fuzzing	⚠️ 0	project is not fuzzed

npm/@aws-sdk/token-providers

3.919.0

🟢 4.2

Details

Check	Score	Reason
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Code-Review	⚠️ 0	Found 0/30 approved changesets -- score normalized to 0
Maintained	🟢 10	30 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
License	🟢 10	license file detected
Signed-Releases	⚠️ 0	Project has not signed or included provenance with any releases.
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Security-Policy	🟢 10	security policy file detected
Packaging	🟢 10	packaging workflow detected
SAST	⚠️ 0	no SAST tool detected
Binary-Artifacts	🟢 8	binaries present in source code
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Vulnerabilities	⚠️ 0	32 existing vulnerabilities detected
Fuzzing	⚠️ 0	project is not fuzzed

npm/@aws/lambda-invoke-store

0.1.1

Unknown

npm/@smithy/abort-controller

4.2.4

Unknown

npm/@smithy/config-resolver

4.4.1

Unknown

npm/@smithy/core

3.17.2

Unknown

npm/@smithy/credential-provider-imds

4.2.4

Unknown

npm/@smithy/fetch-http-handler

5.3.5

Unknown

npm/@smithy/hash-node

4.2.4

Unknown

npm/@smithy/invalid-dependency

4.2.4

Unknown

npm/@smithy/middleware-content-length

4.2.4

Unknown

npm/@smithy/middleware-endpoint

4.3.6

Unknown

npm/@smithy/middleware-retry

4.4.6

Unknown

npm/@smithy/middleware-serde

4.2.4

Unknown

npm/@smithy/middleware-stack

4.2.4

Unknown

npm/@smithy/node-config-provider

4.3.4

Unknown

npm/@smithy/node-http-handler

4.4.4

Unknown

npm/@smithy/property-provider

4.2.4

Unknown

npm/@smithy/protocol-http

5.3.4

Unknown

npm/@smithy/querystring-builder

4.2.4

Unknown

npm/@smithy/querystring-parser

4.2.4

Unknown

npm/@smithy/service-error-classification

4.2.4

Unknown

npm/@smithy/shared-ini-file-loader

4.3.4

Unknown

npm/@smithy/signature-v4

5.3.4

Unknown

npm/@smithy/smithy-client

4.9.2

Unknown

npm/@smithy/types

4.8.1

Unknown

npm/@smithy/url-parser

4.2.4

Unknown

npm/@smithy/util-defaults-mode-browser

4.3.5

Unknown

npm/@smithy/util-defaults-mode-node

4.2.7

Unknown

npm/@smithy/util-endpoints

3.2.4

Unknown

npm/@smithy/util-middleware

4.2.4

Unknown

npm/@smithy/util-retry

4.2.4

Unknown

npm/@smithy/util-stream

4.5.5

Unknown

npm/@smithy/util-waiter

4.2.4

Unknown

npm/electron-to-chromium

1.5.244

Unknown

npm/@types/node

^24.9.2

🟢 7

Details

Check	Score	Reason
Code-Review	🟢 9	Found 27/30 approved changesets -- score normalized to 9
Maintained	🟢 10	30 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 10
Packaging	⚠️ -1	packaging workflow not detected
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Security-Policy	🟢 10	security policy file detected
License	🟢 9	license file detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Vulnerabilities	🟢 10	0 existing vulnerabilities detected
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Binary-Artifacts	🟢 10	no binaries found in the repo
Pinned-Dependencies	🟢 8	dependency not pinned by hash detected -- score normalized to 8
Fuzzing	⚠️ 0	project is not fuzzed

Scanned Files

package.json
pnpm-lock.yaml
test/package.json

dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Oct 31, 2025

github-actions Bot approved these changes Oct 31, 2025

View reviewed changes

github-actions Bot enabled auto-merge (squash) October 31, 2025 21:13

github-actions Bot merged commit 9797730 into main Oct 31, 2025
7 checks passed

github-actions Bot deleted the dependabot/npm_and_yarn/npm-78be6d7e0b branch October 31, 2025 21:14

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump the npm group across 2 directories with 2 updates#708

Bump the npm group across 2 directories with 2 updates#708
github-actions[bot] merged 1 commit into
mainfrom
dependabot/npm_and_yarn/npm-78be6d7e0b

dependabot Bot commented on behalf of github Oct 31, 2025

Uh oh!

github-actions Bot commented Oct 31, 2025

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

dependabot Bot commented on behalf of github Oct 31, 2025

v3.919.0

3.919.0(2025-10-28)

Chores

New Features

3.919.0 (2025-10-28)

Uh oh!

github-actions Bot commented Oct 31, 2025

Dependency Review

OpenSSF Scorecard

Scanned Files

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants