Skip to content

chore(deps-dev): bump tmp from 0.2.5 to 0.2.7 in /tools/headlamp-plugin#357

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/tools/headlamp-plugin/tmp-0.2.6
Open

chore(deps-dev): bump tmp from 0.2.5 to 0.2.7 in /tools/headlamp-plugin#357
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/tools/headlamp-plugin/tmp-0.2.6

Conversation

@dependabot
Copy link
Copy Markdown

@dependabot dependabot Bot commented on behalf of github May 27, 2026
edited
Loading

Bumps tmp from 0.2.5 to 0.2.7.

Commits

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels May 27, 2026
@github-actions
Copy link
Copy Markdown

github-actions Bot commented May 27, 2026
edited
Loading

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

Scorecard details
PackageVersionScoreDetails
npm/@vitest/coverage-istanbul 3.2.6 UnknownUnknown
npm/@vitest/expect 4.1.8 UnknownUnknown
npm/@vitest/mocker 4.1.8 UnknownUnknown
npm/@vitest/pretty-format 4.1.8 UnknownUnknown
npm/@vitest/runner 4.1.8 UnknownUnknown
npm/@vitest/snapshot 4.1.8 UnknownUnknown
npm/@vitest/spy 4.1.8 UnknownUnknown
npm/@vitest/utils 4.1.8 UnknownUnknown
npm/chai 6.2.2 🟢 6.8
Details
CheckScoreReason
Code-Review🟢 5Found 3/6 approved changesets -- score normalized to 5
Binary-Artifacts🟢 10no binaries found in the repo
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Maintained🟢 1028 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
Token-Permissions🟢 10GitHub workflow tokens follow principle of least privilege
Pinned-Dependencies🟢 8dependency not pinned by hash detected -- score normalized to 8
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Security-Policy⚠️ 0security policy file not detected
License🟢 10license file detected
Fuzzing⚠️ 0project is not fuzzed
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Packaging🟢 10packaging workflow detected
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
npm/obug 2.1.1 UnknownUnknown
npm/std-env 4.1.0 UnknownUnknown
npm/tinyexec 1.2.4 UnknownUnknown
npm/tinyrainbow 3.1.0 UnknownUnknown
npm/tmp 0.2.7 🟢 4
Details
CheckScoreReason
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Packaging⚠️ -1packaging workflow not detected
Maintained🟢 56 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 5
Code-Review⚠️ 1Found 2/18 approved changesets -- score normalized to 1
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies🟢 3dependency not pinned by hash detected -- score normalized to 3
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Security-Policy⚠️ 0security policy file not detected
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
npm/vitest 4.1.8 UnknownUnknown

Scanned Files

  • tools/headlamp-plugin/package-lock.json

@dependabot
chore(deps-dev): bump tmp from 0.2.5 to 0.2.7 in /tools/headlamp-plugin
febf7a9 
Bumps [tmp](https://github.com/raszi/node-tmp) from 0.2.5 to 0.2.7.
- [Changelog](https://github.com/raszi/node-tmp/blob/master/CHANGELOG.md)
- [Commits](raszi/node-tmp@v0.2.5...v0.2.7)

---
updated-dependencies:
- dependency-name: tmp
  dependency-version: 0.2.6
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot changed the title build(deps-dev): bump tmp from 0.2.5 to 0.2.6 in /tools/headlamp-plugin chore(deps-dev): bump tmp from 0.2.5 to 0.2.7 in /tools/headlamp-plugin Jun 2, 2026
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/tools/headlamp-plugin/tmp-0.2.6 branch from 316f809 to febf7a9 Compare June 2, 2026 13:32
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@pallakatos pallakatos Awaiting requested review from pallakatos pallakatos is a code owner

@lachie83 lachie83 Awaiting requested review from lachie83 lachie83 is a code owner

@johnsonshi johnsonshi Awaiting requested review from johnsonshi johnsonshi is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants