Skip to content

build(deps-dev): bump the dev-dependencies group with 5 updates#179

Closed
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/dev-dependencies-b66686367d
Closed

build(deps-dev): bump the dev-dependencies group with 5 updates#179
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/dev-dependencies-b66686367d

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 8, 2026

Copy link
Copy Markdown
Contributor

Bumps the dev-dependencies group with 5 updates:

Package From To
@types/node 26.0.1 26.1.0
@vitest/coverage-v8 4.1.9 4.1.10
knip 6.23.0 6.25.0
typescript-eslint 8.62.1 8.63.0
vitest 4.1.9 4.1.10

Updates @types/node from 26.0.1 to 26.1.0

Commits

Updates @vitest/coverage-v8 from 4.1.9 to 4.1.10

Release notes

Sourced from @​vitest/coverage-v8's releases.

v4.1.10

   🐞 Bug Fixes

    View changes on GitHub
Commits

Updates knip from 6.23.0 to 6.25.0

Release notes

Sourced from knip's releases.

Release 6.25.0

  • fix: derive package name from package.json under Yarn nodeLinker: pnpm store (#1852) (3764605ed150b975fb6c88c4c4aa47f5bf9ae149) - thanks @​blowery!
  • Pick up types used in module augmentations via path aliases (resolve #1850) (9cc5a4132793990b5fcf9eae6f3db37426d979c0)
  • feat: add support for packageExtensions in yarn and pnpm (#1847) (61d3164cdac6e9252b3c52ce3bb2909949b4690e) - thanks @​trueberryless!
  • fix(ci): do not run integration on forks (#1855) (d23c10d1ae764c0b70addaafc79f01c543cc5efa) - thanks @​trueberryless!
  • chore(ci): improve security through specific permissions (#1856) (1eb42e639f9ec12d6d2ef88e1aaf07397b5bf226) - thanks @​trueberryless!
  • chore(ci): add concurrency blocks (#1857) (3bf3d115cf677fadcfe8fa72ce0e68cfd435d399) - thanks @​trueberryless!
  • fix(next): resolve src/ entry patterns like Next.js does (#1859) (6e6a5094e924a5cd104867f3907dbbb378f871b3) - thanks @​dayongkr!
  • Fix Bun test defaults (#1860) (2ac4c0427d2ac03939661f6dc236d15d11414fd5) - thanks @​jakeleventhal!
  • Extend agentic guidelines re. plugins (da606eb522f01187def8747d7ddb917c6735157d)
  • Support rspack and path aliases in require.context (d231d67a5e8713c2f48f9d695ae12a9dbfa0260e)
  • Support path aliases in import.meta.glob (resolve #1821) (fc7bb1ecc194e69f9f493bff5b33a4cc807fd788)
  • Register MDX compiler in Storybook plugin (6f1813809608cd36e44af22583805e686c51c5bd)
  • Resolve TypeDoc customCss and customJs files (105687daf682884257a2d40f26967d80ea4abef8)
  • Resolve inline Babel presets/plugins in Jest transform (38e4a4a4a06d902cf55457155f666c3b91e05f28)
  • Mark graphql-codegen generated outputs as entries (125536921f1845eeec1347091b238bb615f329e0)
  • Add Fumadocs plugin (77c2142fcc6ad6fdee651c5dc60a74c158cd8de3)
  • Support next.config.mts in Next.js plugin (0f27e772935bba5eaeca73ee75ce028412c4a1cc)
  • Add script command parser built on unbash (195510c6c912ade9cd7846302d2f9256ede9852c)
  • Gate Bun test entries on an actual bun test invocation (92903ec29bb8b86586e3d7e846236d8c38787ea9)
  • Detect Node.js test runner via script command parser (a0bfe7ba2958a1270604764a9ebf09425ce857d4)
  • Extract shared command walker for bash-parser and plugins (13014753d5031cf1de8081b3d148212a5894dde0)
  • Normalize aliased glob patterns to posix for Win (23b4a744330d0dddd2b1517f2f2d72c9d373a0b9)
  • Resolve inherited tsconfig paths from the extended config's directory (resolve #1866) (e3f0e5c69641bb7dfab06585251c98e3b3def049)
  • Handle var interpolations in shell cmd scripts (resolve #1867) (9422d06adb07fd29a3388ee6b037cda47fe28d1a)
  • Update query snapshot (5e192e996fd680c41674c9503437ee148b0f1870)
  • Add support for Prettier overrides (#1869) (5dc7f1235ff201c461a71f8a757c611441f1607a) - thanks @​remcohaszing!
  • Handle Serverless esbuild inject entries (#1865) (46111ef2f42c2ea89a43d8944b5efdcde7db2884) - thanks @​jakeleventhal!
  • docs: add links to Discord and Contributing in issue templates (#1868) (5ab3483e30733edc234e9913b3bf4bf05de45470) - thanks @​trueberryless!
  • Add eve (Vercel framework) plugin (#1864) (20cd970d2039835dd9bad79ee2e7f3a82cef1b6e) - thanks @​jakeleventhal!
  • Add circular dependencies as opt-in cycles issue type (resolve #1734) (#1812) (1b0ed6b3906d726b37a89b495fb22331ec2a0fbb)
  • chore(ci): remove redundant tag triggers (#1863) (c61d0086e4e669a8aeee230dc5ac3606832ea893) - thanks @​trueberryless!
  • Fix up docs a bit (89a2d8d6ac27ee866a15a8bcf5a49da3cba91b08)

Release 6.24.0

  • chore: update year in license (#1833) (32bc844dfd3895884b11fea5ef94bf3fa1974946) - thanks @​trueberryless!
  • ci: pin github actions (#1835) (82a8d0913105a637e9eeccfe3b785be90c873e2a) - thanks @​trueberryless!
  • Assume Node 24+/Bun and remove compilation step (d9ef038429bec06c37fdb520e5c7353c8cae6ce7)
  • Don't report working-directory scripts as unlisted binaries (resolve #1834) (aea7923438f0a8f459458578526f358b02497f77)
  • Add pnpm run lint to CI workflow (ec9aa1cabb58c97b8ecc4815e6cdd6421fe2a89e)
  • feat: add settings for Zed editor to use oxlint and oxfmt (#1836) (111f2e0a17999e3ffdf4c097cd42ba08acd48508) - thanks @​trueberryless!
  • fix: remove format_on_save: true settings from Zed settings to respect user settings (#1838) (dc2a64043035d426eb99a9d1e0eb873d02a09e7d) - thanks @​trueberryless!
  • feat: add Renovate for GitHub actions only (#1839) (ffce88c86f95822ee2a7cf8407e987a3ec79b097) - thanks @​trueberryless!
  • Ignore import() in JSDoc examples (#1844) (6f090f90f04e8202700ed68977faa1dc626ff235) - thanks @​cyphercodes!
  • Don't report types used only in module augmentations as unused (resolve #1843) (7901abd3c4b496f212445bff9768efc9548ded61)
  • Restore CI intent (0d739beab2e224385f449d62d6cc7d904107946e)
  • feat: add less, stylus compilers and astro, svelte, vue import resolution (#1845) (5525759f33a5664e4882aebe239e9c17eeb29f92) - thanks @​trueberryless!
  • Don't report built-in compiler dependencies as unused (3c9d4adf369f0064399d9da7b4f11f0467180bf5)
  • feat: add scss handling to stencil plugin (#1846) (acba6b85ab05f70385228872fafea2b08290d0f6) - thanks @​johnjenkins!
  • fix(reporters): always print the issue-type title for a single group (#1848) (cf997b2408cc0814c2d310d1e8c8680340153fa1) - thanks @​morgan-coded!

... (truncated)

Commits
  • f29ca18 Release knip@6.25.0
  • 89a2d8d Fix up docs a bit
  • 1b0ed6b Add circular dependencies as opt-in cycles issue type (resolve #1734) (#1812)
  • 20cd970 Add eve (Vercel framework) plugin (#1864)
  • 46111ef Handle Serverless esbuild inject entries (#1865)
  • 5dc7f12 Add support for Prettier overrides (#1869)
  • 9422d06 Handle var interpolations in shell cmd scripts (resolve #1867)
  • e3f0e5c Resolve inherited tsconfig paths from the extended config's directory (resolv...
  • 23b4a74 Normalize aliased glob patterns to posix for Win
  • 1301475 Extract shared command walker for bash-parser and plugins
  • Additional commits viewable in compare view

Updates typescript-eslint from 8.62.1 to 8.63.0

Release notes

Sourced from typescript-eslint's releases.

v8.63.0

8.63.0 (2026-07-06)

🚀 Features

  • eslint-plugin: [no-misused-promises] detect async usage of a sync dispose usage (#12426)

🩹 Fixes

  • eslint-plugin: [method-signature-style] suggest converting readonly function properties instead of emitting invalid syntax (#12447, #12446)
  • eslint-plugin: [no-unnecessary-type-assertion] handle optional-chained calls to overloaded functions (#12491, #12485)
  • eslint-plugin: [no-base-to-string] don't flag a shadowed String() call (#12492)
  • scope-manager: export ClassStaticBlockScope (#12460)

❤️ Thank You

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

Changelog

Sourced from typescript-eslint's changelog.

8.63.0 (2026-07-06)

This was a version bump only for typescript-eslint to align it with other projects, there were no code changes.

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

Commits

Updates vitest from 4.1.9 to 4.1.10

Release notes

Sourced from vitest's releases.

v4.1.10

   🐞 Bug Fixes

    View changes on GitHub
Commits
  • db616d2 chore: release v4.1.10 (#10718)
  • bae52b5 fix(vm): fix external module resolve error with deps optimizer query for enco...
  • See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the dev-dependencies group with 5 updates:

| Package | From | To |
| --- | --- | --- |
| [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) | `26.0.1` | `26.1.0` |
| [@vitest/coverage-v8](https://github.com/vitest-dev/vitest/tree/HEAD/packages/coverage-v8) | `4.1.9` | `4.1.10` |
| [knip](https://github.com/webpro-nl/knip/tree/HEAD/packages/knip) | `6.23.0` | `6.25.0` |
| [typescript-eslint](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/typescript-eslint) | `8.62.1` | `8.63.0` |
| [vitest](https://github.com/vitest-dev/vitest/tree/HEAD/packages/vitest) | `4.1.9` | `4.1.10` |


Updates `@types/node` from 26.0.1 to 26.1.0
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

Updates `@vitest/coverage-v8` from 4.1.9 to 4.1.10
- [Release notes](https://github.com/vitest-dev/vitest/releases)
- [Changelog](https://github.com/vitest-dev/vitest/blob/main/docs/releases.md)
- [Commits](https://github.com/vitest-dev/vitest/commits/v4.1.10/packages/coverage-v8)

Updates `knip` from 6.23.0 to 6.25.0
- [Release notes](https://github.com/webpro-nl/knip/releases)
- [Commits](https://github.com/webpro-nl/knip/commits/knip@6.25.0/packages/knip)

Updates `typescript-eslint` from 8.62.1 to 8.63.0
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/typescript-eslint/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.63.0/packages/typescript-eslint)

Updates `vitest` from 4.1.9 to 4.1.10
- [Release notes](https://github.com/vitest-dev/vitest/releases)
- [Changelog](https://github.com/vitest-dev/vitest/blob/main/docs/releases.md)
- [Commits](https://github.com/vitest-dev/vitest/commits/v4.1.10/packages/vitest)

---
updated-dependencies:
- dependency-name: "@types/node"
  dependency-version: 26.1.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: dev-dependencies
- dependency-name: "@vitest/coverage-v8"
  dependency-version: 4.1.10
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: dev-dependencies
- dependency-name: knip
  dependency-version: 6.25.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: dev-dependencies
- dependency-name: typescript-eslint
  dependency-version: 8.63.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: dev-dependencies
- dependency-name: vitest
  dependency-version: 4.1.10
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: dev-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Jul 8, 2026
@github-actions

github-actions Bot commented Jul 8, 2026

Copy link
Copy Markdown

⚠️ Deprecation Warning: The deny-licenses option is deprecated for possible removal in the next major release. For more information, see issue 997.

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

Scorecard details
PackageVersionScoreDetails
npm/@oxc-project/types 0.138.0 UnknownUnknown
npm/@rolldown/binding-android-arm64 1.1.4 UnknownUnknown
npm/@rolldown/binding-darwin-arm64 1.1.4 UnknownUnknown
npm/@rolldown/binding-darwin-x64 1.1.4 UnknownUnknown
npm/@rolldown/binding-freebsd-x64 1.1.4 UnknownUnknown
npm/@rolldown/binding-linux-arm-gnueabihf 1.1.4 UnknownUnknown
npm/@rolldown/binding-linux-arm64-gnu 1.1.4 UnknownUnknown
npm/@rolldown/binding-linux-arm64-musl 1.1.4 UnknownUnknown
npm/@rolldown/binding-linux-ppc64-gnu 1.1.4 UnknownUnknown
npm/@rolldown/binding-linux-s390x-gnu 1.1.4 UnknownUnknown
npm/@rolldown/binding-linux-x64-gnu 1.1.4 UnknownUnknown
npm/@rolldown/binding-linux-x64-musl 1.1.4 UnknownUnknown
npm/@rolldown/binding-openharmony-arm64 1.1.4 UnknownUnknown
npm/@rolldown/binding-wasm32-wasi 1.1.4 UnknownUnknown
npm/@rolldown/binding-win32-arm64-msvc 1.1.4 UnknownUnknown
npm/@rolldown/binding-win32-x64-msvc 1.1.4 UnknownUnknown
npm/@types/node 26.1.0 🟢 6.5
Details
CheckScoreReason
Code-Review🟢 8Found 26/29 approved changesets -- score normalized to 8
Maintained🟢 1030 commit(s) and 4 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Security-Policy🟢 10security policy file detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Packaging⚠️ -1packaging workflow not detected
License🟢 9license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
Pinned-Dependencies🟢 8dependency not pinned by hash detected -- score normalized to 8
Binary-Artifacts🟢 10no binaries found in the repo
Fuzzing⚠️ 0project is not fuzzed
npm/@typescript-eslint/eslint-plugin 8.63.0 🟢 6.5
Details
CheckScoreReason
Packaging⚠️ -1packaging workflow not detected
Security-Policy🟢 10security policy file detected
Code-Review🟢 8Found 21/24 approved changesets -- score normalized to 8
Maintained🟢 1030 commit(s) and 22 issue activity found in the last 90 days -- score normalized to 10
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies🟢 8dependency not pinned by hash detected -- score normalized to 8
Fuzzing⚠️ 0project is not fuzzed
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
npm/@typescript-eslint/parser 8.63.0 🟢 6.5
Details
CheckScoreReason
Packaging⚠️ -1packaging workflow not detected
Security-Policy🟢 10security policy file detected
Code-Review🟢 8Found 21/24 approved changesets -- score normalized to 8
Maintained🟢 1030 commit(s) and 22 issue activity found in the last 90 days -- score normalized to 10
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies🟢 8dependency not pinned by hash detected -- score normalized to 8
Fuzzing⚠️ 0project is not fuzzed
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
npm/@typescript-eslint/project-service 8.63.0 🟢 6.5
Details
CheckScoreReason
Packaging⚠️ -1packaging workflow not detected
Security-Policy🟢 10security policy file detected
Code-Review🟢 8Found 21/24 approved changesets -- score normalized to 8
Maintained🟢 1030 commit(s) and 22 issue activity found in the last 90 days -- score normalized to 10
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies🟢 8dependency not pinned by hash detected -- score normalized to 8
Fuzzing⚠️ 0project is not fuzzed
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
npm/@typescript-eslint/scope-manager 8.63.0 🟢 6.5
Details
CheckScoreReason
Packaging⚠️ -1packaging workflow not detected
Security-Policy🟢 10security policy file detected
Code-Review🟢 8Found 21/24 approved changesets -- score normalized to 8
Maintained🟢 1030 commit(s) and 22 issue activity found in the last 90 days -- score normalized to 10
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies🟢 8dependency not pinned by hash detected -- score normalized to 8
Fuzzing⚠️ 0project is not fuzzed
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
npm/@typescript-eslint/tsconfig-utils 8.63.0 🟢 6.5
Details
CheckScoreReason
Packaging⚠️ -1packaging workflow not detected
Security-Policy🟢 10security policy file detected
Code-Review🟢 8Found 21/24 approved changesets -- score normalized to 8
Maintained🟢 1030 commit(s) and 22 issue activity found in the last 90 days -- score normalized to 10
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies🟢 8dependency not pinned by hash detected -- score normalized to 8
Fuzzing⚠️ 0project is not fuzzed
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
npm/@typescript-eslint/type-utils 8.63.0 🟢 6.5
Details
CheckScoreReason
Packaging⚠️ -1packaging workflow not detected
Security-Policy🟢 10security policy file detected
Code-Review🟢 8Found 21/24 approved changesets -- score normalized to 8
Maintained🟢 1030 commit(s) and 22 issue activity found in the last 90 days -- score normalized to 10
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies🟢 8dependency not pinned by hash detected -- score normalized to 8
Fuzzing⚠️ 0project is not fuzzed
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
npm/@typescript-eslint/types 8.63.0 🟢 6.5
Details
CheckScoreReason
Packaging⚠️ -1packaging workflow not detected
Security-Policy🟢 10security policy file detected
Code-Review🟢 8Found 21/24 approved changesets -- score normalized to 8
Maintained🟢 1030 commit(s) and 22 issue activity found in the last 90 days -- score normalized to 10
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies🟢 8dependency not pinned by hash detected -- score normalized to 8
Fuzzing⚠️ 0project is not fuzzed
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
npm/@typescript-eslint/typescript-estree 8.63.0 🟢 6.5
Details
CheckScoreReason
Packaging⚠️ -1packaging workflow not detected
Security-Policy🟢 10security policy file detected
Code-Review🟢 8Found 21/24 approved changesets -- score normalized to 8
Maintained🟢 1030 commit(s) and 22 issue activity found in the last 90 days -- score normalized to 10
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies🟢 8dependency not pinned by hash detected -- score normalized to 8
Fuzzing⚠️ 0project is not fuzzed
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
npm/@typescript-eslint/utils 8.63.0 🟢 6.5
Details
CheckScoreReason
Packaging⚠️ -1packaging workflow not detected
Security-Policy🟢 10security policy file detected
Code-Review🟢 8Found 21/24 approved changesets -- score normalized to 8
Maintained🟢 1030 commit(s) and 22 issue activity found in the last 90 days -- score normalized to 10
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies🟢 8dependency not pinned by hash detected -- score normalized to 8
Fuzzing⚠️ 0project is not fuzzed
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
npm/@typescript-eslint/visitor-keys 8.63.0 🟢 6.5
Details
CheckScoreReason
Packaging⚠️ -1packaging workflow not detected
Security-Policy🟢 10security policy file detected
Code-Review🟢 8Found 21/24 approved changesets -- score normalized to 8
Maintained🟢 1030 commit(s) and 22 issue activity found in the last 90 days -- score normalized to 10
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies🟢 8dependency not pinned by hash detected -- score normalized to 8
Fuzzing⚠️ 0project is not fuzzed
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
npm/@vitest/coverage-v8 4.1.10 UnknownUnknown
npm/@vitest/expect 4.1.10 UnknownUnknown
npm/@vitest/mocker 4.1.10 UnknownUnknown
npm/@vitest/pretty-format 4.1.10 UnknownUnknown
npm/@vitest/runner 4.1.10 UnknownUnknown
npm/@vitest/snapshot 4.1.10 UnknownUnknown
npm/@vitest/spy 4.1.10 UnknownUnknown
npm/@vitest/utils 4.1.10 UnknownUnknown
npm/knip 6.25.0 UnknownUnknown
npm/nanoid 3.3.15 🟢 6.5
Details
CheckScoreReason
Code-Review⚠️ 0Found 1/30 approved changesets -- score normalized to 0
Maintained🟢 1030 commit(s) and 8 issue activity found in the last 90 days -- score normalized to 10
Packaging⚠️ -1packaging workflow not detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Binary-Artifacts🟢 10no binaries found in the repo
Security-Policy🟢 10security policy file detected
Pinned-Dependencies🟢 10all dependencies are pinned
Token-Permissions🟢 9detected GitHub workflow tokens with excessive permissions
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Fuzzing⚠️ 0project is not fuzzed
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ 0branch protection not enabled on development/release branches
SAST🟢 6SAST tool is not run on all commits -- score normalized to 6
npm/picomatch 4.0.5 🟢 5.3
Details
CheckScoreReason
Packaging⚠️ -1packaging workflow not detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Code-Review🟢 3Found 6/20 approved changesets -- score normalized to 3
Maintained⚠️ 20 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 2
Token-Permissions🟢 10GitHub workflow tokens follow principle of least privilege
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies🟢 3dependency not pinned by hash detected -- score normalized to 3
License🟢 10license file detected
Fuzzing⚠️ 0project is not fuzzed
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ 0branch protection not enabled on development/release branches
Security-Policy🟢 10security policy file detected
SAST⚠️ 2SAST tool is not run on all commits -- score normalized to 2
npm/postcss 8.5.16 🟢 7.3
Details
CheckScoreReason
Code-Review⚠️ 2Found 8/28 approved changesets -- score normalized to 2
Security-Policy🟢 10security policy file detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Packaging⚠️ -1packaging workflow not detected
Maintained🟢 1030 commit(s) and 9 issue activity found in the last 90 days -- score normalized to 10
Token-Permissions🟢 9detected GitHub workflow tokens with excessive permissions
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies🟢 10all dependencies are pinned
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Fuzzing🟢 10project is fuzzed
Signed-Releases⚠️ -1no releases found
Branch-Protection🟢 3branch protection is not maximal on development and all release branches
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
npm/rolldown 1.1.4 UnknownUnknown
npm/typescript-eslint 8.63.0 🟢 6.5
Details
CheckScoreReason
Packaging⚠️ -1packaging workflow not detected
Security-Policy🟢 10security policy file detected
Code-Review🟢 8Found 21/24 approved changesets -- score normalized to 8
Maintained🟢 1030 commit(s) and 22 issue activity found in the last 90 days -- score normalized to 10
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies🟢 8dependency not pinned by hash detected -- score normalized to 8
Fuzzing⚠️ 0project is not fuzzed
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
npm/vite 8.1.3 🟢 6.8
Details
CheckScoreReason
Maintained🟢 1030 commit(s) and 15 issue activity found in the last 90 days -- score normalized to 10
Security-Policy🟢 10security policy file detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Code-Review🟢 5Found 14/27 approved changesets -- score normalized to 5
Token-Permissions🟢 5detected GitHub workflow tokens with excessive permissions
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Packaging⚠️ -1packaging workflow not detected
Binary-Artifacts🟢 4binaries present in source code
Pinned-Dependencies🟢 8dependency not pinned by hash detected -- score normalized to 8
License🟢 10license file detected
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Fuzzing⚠️ 0project is not fuzzed
Signed-Releases⚠️ -1no releases found
SAST🟢 10SAST tool is run on all commits
npm/vitest 4.1.10 UnknownUnknown

Scanned Files

  • package-lock.json

@dependabot @github

dependabot Bot commented on behalf of github Jul 15, 2026

Copy link
Copy Markdown
Contributor Author

Looks like these dependencies are updatable in another way, so this is no longer needed.

@dependabot dependabot Bot closed this Jul 15, 2026
@dependabot dependabot Bot deleted the dependabot/npm_and_yarn/dev-dependencies-b66686367d branch July 15, 2026 01:14
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants