Bump the production-dependencies group across 1 directory with 14 updates by dependabot[bot] · Pull Request #112 · austenstone/github-value

dependabot · 2025-01-20T20:44:44Z

Bumps the production-dependencies group with 14 updates in the /frontend directory:

Package	From	To
@angular/animations	`18.2.12`	`19.1.2`
@angular/cdk	`18.2.13`	`19.1.0`
@angular/common	`18.2.12`	`19.1.2`
@angular/compiler	`18.2.12`	`19.1.2`
@angular/core	`18.2.12`	`19.1.2`
@angular/forms	`18.2.12`	`19.1.2`
@angular/material	`18.2.13`	`19.1.0`
@angular/platform-browser	`18.2.12`	`19.1.2`
@angular/platform-browser-dynamic	`18.2.12`	`19.1.2`
@angular/router	`18.2.12`	`19.1.2`
@octokit/types	`13.6.1`	`13.7.0`
cronstrue	`2.51.0`	`2.53.0`
highcharts	`11.4.8`	`12.1.2`
ng2-charts	`7.0.0`	`8.0.0`

Updates @angular/animations from 18.2.12 to 19.1.2

Release notes

Sourced from @angular/animations's releases.

v19.1.2

19.1.2 (2025-01-20)

compiler

Commit Description

update @ng/component URL to be relative (#59620)

compiler-cli

Commit Description

disable tree shaking during HMR (#59595)

core

Commit Description

animation sometimes renderer not being destroyed during HMR (#59574)

change Resource to use explicit undefined in its typings (#59024)

cleanup _ejsa when app is destroyed (#59492)

cleanup stash listener when app is destroyed (#59598)

handle shadow DOM encapsulated component with HMR (#59597)

HMR not matching component that injects ViewContainerRef (#59596)

treat exceptions in equal as part of computation (#55818)

v19.1.1

19.1.1 (2025-01-16)

core

Commit Description

run HMR replacement in the zone (#59562)

platform-browser

Commit Description

roll back HMR fix (#59557)

v19.1.0

19.1.0 (2025-01-15)

common

Commit Description

expose component instance in NgComponentOutlet (#58698)

compiler

Commit Description

allow $any in two-way bindings (#59362)

use chunk origin in template HMR request URL (#59459)

compiler-cli

Commit Description

check event side of two-way bindings (#59002)

... (truncated)

Changelog

Sourced from @angular/animations's changelog.

19.1.2 (2025-01-20)

compiler

Commit Type Description

8dcd889987 fix update @ng/component URL to be relative (#59620)

compiler-cli

Commit Type Description

95a05bb202 fix disable tree shaking during HMR (#59595)

core

Commit Type Description

a4eb74c79c fix animation sometimes renderer not being destroyed during HMR (#59574)

906413aba3 fix change Resource to use explicit undefined in its typings (#59024)

4eb541837c fix cleanup _ejsa when app is destroyed (#59492)

5497102769 fix cleanup stash listener when app is destroyed (#59598)

266a8f2f2e fix handle shadow DOM encapsulated component with HMR (#59597)

6f7716268a fix HMR not matching component that injects ViewContainerRef (#59596)

d12a186d53 fix treat exceptions in equal as part of computation (#55818)

19.1.1 (2025-01-16)

core

Commit Type Description

357795cb96 fix run HMR replacement in the zone (#59562)

platform-browser

Commit Type Description

eb0b1851f4 fix roll back HMR fix (#59557)

19.1.0 (2025-01-15)

common

Commit Type Description

e4c50b3bea feat expose component instance in NgComponentOutlet (#58698)

compiler

Commit Type Description

ceadd28ea1 fix allow $any in two-way bindings (#59362)

aed49ddaaa fix use chunk origin in template HMR request URL (#59459)

compiler-cli

Commit Type Description

c5c20e9d86 fix check event side of two-way bindings (#59002)

... (truncated)

Commits

a4eb74c fix(core): animation sometimes renderer not being destroyed during HMR (#59574)
bfaeefe refactor(animations): drop warning functions in production (#59408)
0e23f20 fix(platform-browser): styles not replaced during HMR when using animations r...
2f5f898 docs(animations): update position parameter to be a decimal (#57927)
d010e11 feat(core): add event listener options to renderer (#59092)
0513fbc docs: set syntax highlighting of code examples MD code blocks (#59026)
8d6ea5b docs: fix missing alert block styles in the API reference (#59020)
09df589 refactor(core): Migrate all packages with the explicit-standalone-flag sche...
84b6896 refactor(platform-server): Add an ssr benchmark setup. (#57647)
9dbe6fc refactor: update license text to point to angular.dev (#57901)
See full diff in compare view

Updates @angular/cdk from 18.2.13 to 19.1.0

Release notes

Sourced from @angular/cdk's releases.

v19.1.0

19.1.0 "denim-firefly" (2025-01-16)

material-luxon-adapter

Commit Description

infer first day of week from locale (#30285)

material-experimental

Commit Description

column-resize: Add support for "lazy" rather than live updating during resizing. (#30120)

cdk-experimental

Commit Description

column-resize: Support column size persistance hooks (#30136)

column-resize: Previous size was being sent for persistance rather than newly updated size in non-live resize mode. (#30161)

material

Commit Description

schematics: Add CSS output to custom theme schematic (#30004)

api-theme: fix nav items hover/focus contrast (#1004)

checkbox: ensure focus indicator has the correct shape (#30332)

docs: change twitter logo (#1245)

menu: lazy content not detached after animation (#30301)

select: match disabled placeholder color with label (#29870)

select: remove color transition w/ no animations module (#30304)

slider: active vs inactive tick mark count (#30319)

slider: tick mark positioning (#30329)

sort: avoid center align for sort header

tabs: tab nav bar animation not working when navigating forwards (#30313)

theme: unselected theme picker

tooltip: deprecate matTooltipAnimations (#30310)

button: Remove unused inject. (#30320)

table: Optimize expensive css selector (#30305)

tooltip: Use afterNextRender to invoke aria describer to align layout updates with other components using afterNextRender. (#30265)

cdk

Commit Description

dialog: expose cdk dialog docs (#1144)

menu: expose cdk menu docs (#1142)

menu: avoid resetting the scroll position when using the mouse (#30249)

menu: not responding to position changes (#30234)

scrolling: avoid SSR error in CdkVirtualScrollableWindow (#30259)

table: Use afterNextRender for sticky styling. Fixes a performance regression dating back to #28393 and removes need for coalesced sticky styler. (#30242)

Commit Description

add 404 page (#902)

add button to copy link to example (#922)

add cdk/testing docs (#678)

... (truncated)

Changelog

Sourced from @angular/cdk's changelog.

19.1.0 "denim-firefly" (2025-01-16)

cdk

Commit Type Description

62a672af0d feat dialog: expose cdk dialog docs (#1144)

a0a16fc70e feat menu: expose cdk menu docs (#1142)

2be0afcfb5 fix menu: avoid resetting the scroll position when using the mouse (#30249)

e421765d8d fix menu: not responding to position changes (#30234)

5c75bbecb2 fix scrolling: avoid SSR error in CdkVirtualScrollableWindow (#30259)

d721f0c2bc perf table: Use afterNextRender for sticky styling. Fixes a performance regression dating back to #28393 and removes need for coalesced sticky styler. (#30242)

material

Commit Type Description

f47f5f9a1e feat schematics: Add CSS output to custom theme schematic (#30004)

057ed370aa fix api-theme: fix nav items hover/focus contrast (#1004)

5138fe7b38 fix checkbox: ensure focus indicator has the correct shape (#30332)

3163040850 fix docs: change twitter logo (#1245)

781e91e798 fix menu: lazy content not detached after animation (#30301)

a3d9e4b45d fix select: match disabled placeholder color with label (#29870)

027c3ad267 fix select: remove color transition w/ no animations module (#30304)

4f676d4030 fix slider: active vs inactive tick mark count (#30319)

eae073032c fix slider: tick mark positioning (#30329)

0c099ff024 fix sort: avoid center align for sort header

6ca21fd740 fix tabs: tab nav bar animation not working when navigating forwards (#30313)

a0b5546111 fix theme: unselected theme picker

884740d605 fix tooltip: deprecate matTooltipAnimations (#30310)

ab497c44e7 perf button: Remove unused inject. (#30320)

ab44d45c56 perf table: Optimize expensive css selector (#30305)

980f9ba7bb perf tooltip: Use afterNextRender to invoke aria describer to align layout updates with other components using afterNextRender. (#30265)

cdk-experimental

Commit Type Description

75c8aa8767 feat column-resize: Support column size persistance hooks (#30136)

50d906b3e3 fix column-resize: Previous size was being sent for persistance rather than newly updated size in non-live resize mode. (#30161)

material-experimental

Commit Type Description

8685c01a92 feat column-resize: Add support for "lazy" rather than live updating during resizing. (#30120)

material-luxon-adapter

Commit Type Description

e52a369a1b fix infer first day of week from locale (#30285)

Commit Type Description

f5abaa31a1 feat add 404 page (#902)

5c5903e82c feat add button to copy link to example (#922)

76f9d98d22 feat add cdk/testing docs (#678)

39ab48f4be feat add cookie popup (#988)

cfdc032c09 feat add CSP and recommended security headers to site

... (truncated)

Commits

7a3eb6c release: cut the v19.1.0 release
0f12ed2 Revert "test(material/timepicker): updates timepicker.spec.ts (#30335)" (#30342)
5138fe7 fix(material/checkbox): ensure focus indicator has the correct shape (#30332)
eae0730 fix(material/slider): tick mark positioning (#30329)
0df6e03 test(material/timepicker): updates timepicker.spec.ts (#30335)
ab497c4 perf(material/button): Remove unused inject. (#30320)
4f676d4 fix(material/slider): active vs inactive tick mark count (#30319)
9490f1a refactor: move material.aio GHA to the root (#30288)
ab44d45 perf(material/table): Optimize expensive css selector (#30305)
6c8c976 test(material/slider): Ensure tick marks are rendered correctly (#30317)
Additional commits viewable in compare view

Updates @angular/common from 18.2.12 to 19.1.2

Release notes

Sourced from @angular/common's releases.

v19.1.2

19.1.2 (2025-01-20)

compiler

Commit Description

update @ng/component URL to be relative (#59620)

compiler-cli

Commit Description

disable tree shaking during HMR (#59595)

core

Commit Description

animation sometimes renderer not being destroyed during HMR (#59574)

change Resource to use explicit undefined in its typings (#59024)

cleanup _ejsa when app is destroyed (#59492)

cleanup stash listener when app is destroyed (#59598)

handle shadow DOM encapsulated component with HMR (#59597)

HMR not matching component that injects ViewContainerRef (#59596)

treat exceptions in equal as part of computation (#55818)

v19.1.1

19.1.1 (2025-01-16)

core

Commit Description

run HMR replacement in the zone (#59562)

platform-browser

Commit Description

roll back HMR fix (#59557)

v19.1.0

19.1.0 (2025-01-15)

common

Commit Description

expose component instance in NgComponentOutlet (#58698)

compiler

Commit Description

allow $any in two-way bindings (#59362)

use chunk origin in template HMR request URL (#59459)

compiler-cli

Commit Description

check event side of two-way bindings (#59002)

... (truncated)

Changelog

Sourced from @angular/common's changelog.

19.1.2 (2025-01-20)

compiler

Commit Type Description

8dcd889987 fix update @ng/component URL to be relative (#59620)

compiler-cli

Commit Type Description

95a05bb202 fix disable tree shaking during HMR (#59595)

core

Commit Type Description

a4eb74c79c fix animation sometimes renderer not being destroyed during HMR (#59574)

906413aba3 fix change Resource to use explicit undefined in its typings (#59024)

4eb541837c fix cleanup _ejsa when app is destroyed (#59492)

5497102769 fix cleanup stash listener when app is destroyed (#59598)

266a8f2f2e fix handle shadow DOM encapsulated component with HMR (#59597)

6f7716268a fix HMR not matching component that injects ViewContainerRef (#59596)

d12a186d53 fix treat exceptions in equal as part of computation (#55818)

19.1.1 (2025-01-16)

core

Commit Type Description

357795cb96 fix run HMR replacement in the zone (#59562)

platform-browser

Commit Type Description

eb0b1851f4 fix roll back HMR fix (#59557)

19.1.0 (2025-01-15)

common

Commit Type Description

e4c50b3bea feat expose component instance in NgComponentOutlet (#58698)

compiler

Commit Type Description

ceadd28ea1 fix allow $any in two-way bindings (#59362)

aed49ddaaa fix use chunk origin in template HMR request URL (#59459)

compiler-cli

Commit Type Description

c5c20e9d86 fix check event side of two-way bindings (#59002)

... (truncated)

Commits

810ed6a refactor(common): prevent duplicating Content-Type header (#59518)
e2b7359 refactor(common): drop error message in production (#59471)
95c0e51 docs: update class & style binding recommendation (#59240)
6a0dd96 Revert "refactor: initialize headers map directly in HttpHeaders class (#5926...
3e7ba3d docs: set syntax highlighting to the remaining Markdown code examples blocks ...
51a4839 refactor(common): tree-shake lcpObserver in NgOptimizedImage (#59481)
f6e7516 refactor(common): tree-shake transfer cache interceptor stuff (#59439)
f73f39c refactor: initialize headers map directly in HttpHeaders class (#59268)
411b4f5 refactor(common): prevent duplicating Accept header (#59467)
de12b52 refactor(common): drop enums by changing to const enum (#59468)
Additional commits viewable in compare view

Updates @angular/compiler from 18.2.12 to 19.1.2

Release notes

Sourced from @angular/compiler's releases.

v19.1.2

19.1.2 (2025-01-20)

compiler

Commit Description

update @ng/component URL to be relative (#59620)

compiler-cli

Commit Description

disable tree shaking during HMR (#59595)

core

Commit Description

animation sometimes renderer not being destroyed during HMR (#59574)

change Resource to use explicit undefined in its typings (#59024)

cleanup _ejsa when app is destroyed (#59492)

cleanup stash listener when app is destroyed (#59598)

handle shadow DOM encapsulated component with HMR (#59597)

HMR not matching component that injects ViewContainerRef (#59596)

treat exceptions in equal as part of computation (#55818)

v19.1.1

19.1.1 (2025-01-16)

core

Commit Description

run HMR replacement in the zone (#59562)

platform-browser

Commit Description

roll back HMR fix (#59557)

v19.1.0

19.1.0 (2025-01-15)

common

Commit Description

expose component instance in NgComponentOutlet (#58698)

compiler

Commit Description

allow $any in two-way bindings (#59362)

use chunk origin in template HMR request URL (#59459)

compiler-cli

Commit Description

check event side of two-way bindings (#59002)

... (truncated)

Changelog

Sourced from @angular/compiler's changelog.

19.1.2 (2025-01-20)

compiler

Commit Type Description

8dcd889987 fix update @ng/component URL to be relative (#59620)

compiler-cli
Description has been truncated

Commit Type Description

95a05bb202 fix disable tree shaking during HMR (#59595)

…ates Bumps the production-dependencies group with 14 updates in the /frontend directory: | Package | From | To | | --- | --- | --- | | [@angular/animations](https://github.com/angular/angular/tree/HEAD/packages/animations) | `18.2.12` | `19.1.2` | | [@angular/cdk](https://github.com/angular/components) | `18.2.13` | `19.1.0` | | [@angular/common](https://github.com/angular/angular/tree/HEAD/packages/common) | `18.2.12` | `19.1.2` | | [@angular/compiler](https://github.com/angular/angular/tree/HEAD/packages/compiler) | `18.2.12` | `19.1.2` | | [@angular/core](https://github.com/angular/angular/tree/HEAD/packages/core) | `18.2.12` | `19.1.2` | | [@angular/forms](https://github.com/angular/angular/tree/HEAD/packages/forms) | `18.2.12` | `19.1.2` | | [@angular/material](https://github.com/angular/components) | `18.2.13` | `19.1.0` | | [@angular/platform-browser](https://github.com/angular/angular/tree/HEAD/packages/platform-browser) | `18.2.12` | `19.1.2` | | [@angular/platform-browser-dynamic](https://github.com/angular/angular/tree/HEAD/packages/platform-browser-dynamic) | `18.2.12` | `19.1.2` | | [@angular/router](https://github.com/angular/angular/tree/HEAD/packages/router) | `18.2.12` | `19.1.2` | | [@octokit/types](https://github.com/octokit/types.ts) | `13.6.1` | `13.7.0` | | [cronstrue](https://github.com/bradymholt/cronstrue) | `2.51.0` | `2.53.0` | | [highcharts](https://github.com/highcharts/highcharts-dist) | `11.4.8` | `12.1.2` | | [ng2-charts](https://github.com/valor-software/ng2-charts) | `7.0.0` | `8.0.0` | Updates `@angular/animations` from 18.2.12 to 19.1.2 - [Release notes](https://github.com/angular/angular/releases) - [Changelog](https://github.com/angular/angular/blob/main/CHANGELOG.md) - [Commits](https://github.com/angular/angular/commits/19.1.2/packages/animations) Updates `@angular/cdk` from 18.2.13 to 19.1.0 - [Release notes](https://github.com/angular/components/releases) - [Changelog](https://github.com/angular/components/blob/main/CHANGELOG.md) - [Commits](angular/components@18.2.13...19.1.0) Updates `@angular/common` from 18.2.12 to 19.1.2 - [Release notes](https://github.com/angular/angular/releases) - [Changelog](https://github.com/angular/angular/blob/main/CHANGELOG.md) - [Commits](https://github.com/angular/angular/commits/19.1.2/packages/common) Updates `@angular/compiler` from 18.2.12 to 19.1.2 - [Release notes](https://github.com/angular/angular/releases) - [Changelog](https://github.com/angular/angular/blob/main/CHANGELOG.md) - [Commits](https://github.com/angular/angular/commits/19.1.2/packages/compiler) Updates `@angular/core` from 18.2.12 to 19.1.2 - [Release notes](https://github.com/angular/angular/releases) - [Changelog](https://github.com/angular/angular/blob/main/CHANGELOG.md) - [Commits](https://github.com/angular/angular/commits/19.1.2/packages/core) Updates `@angular/forms` from 18.2.12 to 19.1.2 - [Release notes](https://github.com/angular/angular/releases) - [Changelog](https://github.com/angular/angular/blob/main/CHANGELOG.md) - [Commits](https://github.com/angular/angular/commits/19.1.2/packages/forms) Updates `@angular/material` from 18.2.13 to 19.1.0 - [Release notes](https://github.com/angular/components/releases) - [Changelog](https://github.com/angular/components/blob/main/CHANGELOG.md) - [Commits](angular/components@18.2.13...19.1.0) Updates `@angular/platform-browser` from 18.2.12 to 19.1.2 - [Release notes](https://github.com/angular/angular/releases) - [Changelog](https://github.com/angular/angular/blob/main/CHANGELOG.md) - [Commits](https://github.com/angular/angular/commits/19.1.2/packages/platform-browser) Updates `@angular/platform-browser-dynamic` from 18.2.12 to 19.1.2 - [Release notes](https://github.com/angular/angular/releases) - [Changelog](https://github.com/angular/angular/blob/main/CHANGELOG.md) - [Commits](https://github.com/angular/angular/commits/19.1.2/packages/platform-browser-dynamic) Updates `@angular/router` from 18.2.12 to 19.1.2 - [Release notes](https://github.com/angular/angular/releases) - [Changelog](https://github.com/angular/angular/blob/main/CHANGELOG.md) - [Commits](https://github.com/angular/angular/commits/19.1.2/packages/router) Updates `@octokit/types` from 13.6.1 to 13.7.0 - [Release notes](https://github.com/octokit/types.ts/releases) - [Commits](octokit/types.ts@v13.6.1...v13.7.0) Updates `cronstrue` from 2.51.0 to 2.53.0 - [Release notes](https://github.com/bradymholt/cronstrue/releases) - [Changelog](https://github.com/bradymholt/cRonstrue/blob/main/CHANGELOG.md) - [Commits](bradymholt/cRonstrue@v2.51.0...v2.53.0) Updates `highcharts` from 11.4.8 to 12.1.2 - [Commits](highcharts/highcharts-dist@v11.4.8...v12.1.2) Updates `ng2-charts` from 7.0.0 to 8.0.0 - [Release notes](https://github.com/valor-software/ng2-charts/releases) - [Commits](valor-software/ng2-charts@v7.0.0...v8.0.0) --- updated-dependencies: - dependency-name: "@angular/animations" dependency-type: direct:production update-type: version-update:semver-major dependency-group: production-dependencies - dependency-name: "@angular/cdk" dependency-type: direct:production update-type: version-update:semver-major dependency-group: production-dependencies - dependency-name: "@angular/common" dependency-type: direct:production update-type: version-update:semver-major dependency-group: production-dependencies - dependency-name: "@angular/compiler" dependency-type: direct:production update-type: version-update:semver-major dependency-group: production-dependencies - dependency-name: "@angular/core" dependency-type: direct:production update-type: version-update:semver-major dependency-group: production-dependencies - dependency-name: "@angular/forms" dependency-type: direct:production update-type: version-update:semver-major dependency-group: production-dependencies - dependency-name: "@angular/material" dependency-type: direct:production update-type: version-update:semver-major dependency-group: production-dependencies - dependency-name: "@angular/platform-browser" dependency-type: direct:production update-type: version-update:semver-major dependency-group: production-dependencies - dependency-name: "@angular/platform-browser-dynamic" dependency-type: direct:production update-type: version-update:semver-major dependency-group: production-dependencies - dependency-name: "@angular/router" dependency-type: direct:production update-type: version-update:semver-major dependency-group: production-dependencies - dependency-name: "@octokit/types" dependency-type: direct:production update-type: version-update:semver-minor dependency-group: production-dependencies - dependency-name: cronstrue dependency-type: direct:production update-type: version-update:semver-minor dependency-group: production-dependencies - dependency-name: highcharts dependency-type: direct:production update-type: version-update:semver-major dependency-group: production-dependencies - dependency-name: ng2-charts dependency-type: direct:production update-type: version-update:semver-major dependency-group: production-dependencies ... Signed-off-by: dependabot[bot] <support@github.com>

github-actions · 2025-01-20T20:45:19Z

Dependency Review

The following issues were found:

✅ 0 vulnerable package(s)
✅ 0 package(s) with incompatible licenses
✅ 0 package(s) with invalid SPDX license definitions
⚠️ 1 package(s) with unknown licenses.

See the Details below.

License Issues

frontend/package.json

Package	Version	License	Issue Type
highcharts	^12.1.2	Null	Unknown License

OpenSSF Scorecard

Scorecard details

Package

Version

Score

Details

npm/@angular/animations

19.1.2

🟢 6.5

Details

Check	Score	Reason
Binary-Artifacts	🟢 10	no binaries found in the repo
Branch-Protection	🟢 6	branch protection is not maximal on development and all release branches
CI-Tests	🟢 10	4 out of 4 merged PRs checked by a CI test -- score normalized to 10
CII-Best-Practices	⚠️ 2	badge detected: InProgress
Code-Review	⚠️ 0	Found 1/30 approved changesets -- score normalized to 0
Contributors	🟢 10	project has 38 contributing companies or organizations
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Dependency-Update-Tool	🟢 10	update tool detected
Fuzzing	🟢 10	project is fuzzed
License	🟢 10	license file detected
Maintained	🟢 10	30 commit(s) and 14 issue activity found in the last 90 days -- score normalized to 10
Packaging	⚠️ -1	packaging workflow not detected
Pinned-Dependencies	🟢 10	all dependencies are pinned
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Security-Policy	🟢 10	security policy file detected
Signed-Releases	⚠️ -1	no releases found
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Vulnerabilities	⚠️ 0	71 existing vulnerabilities detected

npm/@angular/cdk

19.1.0

🟢 7.4

Details

Check	Score	Reason
Binary-Artifacts	🟢 10	no binaries found in the repo
Branch-Protection	🟢 6	branch protection is not maximal on development and all release branches
CI-Tests	🟢 10	29 out of 29 merged PRs checked by a CI test -- score normalized to 10
CII-Best-Practices	⚠️ 2	badge detected: in_progress
Code-Review	🟢 10	all changesets reviewed
Contributors	🟢 10	23 different organizations found -- score normalized to 10
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Dependency-Update-Tool	🟢 10	update tool detected
Fuzzing	⚠️ 0	project is not fuzzed
License	🟢 10	license file detected
Maintained	🟢 10	30 commit(s) out of 30 and 3 issue activity out of 30 found in the last 90 days -- score normalized to 10
Packaging	⚠️ -1	no published package detected
Pinned-Dependencies	🟢 10	all dependencies are pinned
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Security-Policy	🟢 10	security policy file detected
Signed-Releases	⚠️ -1	no releases found
Token-Permissions	🟢 8	detected GitHub workflow tokens with excessive permissions
Vulnerabilities	⚠️ 0	54 existing vulnerabilities detected

npm/@angular/common

19.1.2

🟢 6.5

Details

Check	Score	Reason
Binary-Artifacts	🟢 10	no binaries found in the repo
Branch-Protection	🟢 6	branch protection is not maximal on development and all release branches
CI-Tests	🟢 10	4 out of 4 merged PRs checked by a CI test -- score normalized to 10
CII-Best-Practices	⚠️ 2	badge detected: InProgress
Code-Review	⚠️ 0	Found 1/30 approved changesets -- score normalized to 0
Contributors	🟢 10	project has 38 contributing companies or organizations
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Dependency-Update-Tool	🟢 10	update tool detected
Fuzzing	🟢 10	project is fuzzed
License	🟢 10	license file detected
Maintained	🟢 10	30 commit(s) and 14 issue activity found in the last 90 days -- score normalized to 10
Packaging	⚠️ -1	packaging workflow not detected
Pinned-Dependencies	🟢 10	all dependencies are pinned
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Security-Policy	🟢 10	security policy file detected
Signed-Releases	⚠️ -1	no releases found
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Vulnerabilities	⚠️ 0	71 existing vulnerabilities detected

npm/@angular/compiler

19.1.2

🟢 6.5

Details

Check	Score	Reason
Binary-Artifacts	🟢 10	no binaries found in the repo
Branch-Protection	🟢 6	branch protection is not maximal on development and all release branches
CI-Tests	🟢 10	4 out of 4 merged PRs checked by a CI test -- score normalized to 10
CII-Best-Practices	⚠️ 2	badge detected: InProgress
Code-Review	⚠️ 0	Found 1/30 approved changesets -- score normalized to 0
Contributors	🟢 10	project has 38 contributing companies or organizations
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Dependency-Update-Tool	🟢 10	update tool detected
Fuzzing	🟢 10	project is fuzzed
License	🟢 10	license file detected
Maintained	🟢 10	30 commit(s) and 14 issue activity found in the last 90 days -- score normalized to 10
Packaging	⚠️ -1	packaging workflow not detected
Pinned-Dependencies	🟢 10	all dependencies are pinned
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Security-Policy	🟢 10	security policy file detected
Signed-Releases	⚠️ -1	no releases found
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Vulnerabilities	⚠️ 0	71 existing vulnerabilities detected

npm/@angular/core

19.1.2

🟢 6.5

Details

Check	Score	Reason
Binary-Artifacts	🟢 10	no binaries found in the repo
Branch-Protection	🟢 6	branch protection is not maximal on development and all release branches
CI-Tests	🟢 10	4 out of 4 merged PRs checked by a CI test -- score normalized to 10
CII-Best-Practices	⚠️ 2	badge detected: InProgress
Code-Review	⚠️ 0	Found 1/30 approved changesets -- score normalized to 0
Contributors	🟢 10	project has 38 contributing companies or organizations
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Dependency-Update-Tool	🟢 10	update tool detected
Fuzzing	🟢 10	project is fuzzed
License	🟢 10	license file detected
Maintained	🟢 10	30 commit(s) and 14 issue activity found in the last 90 days -- score normalized to 10
Packaging	⚠️ -1	packaging workflow not detected
Pinned-Dependencies	🟢 10	all dependencies are pinned
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Security-Policy	🟢 10	security policy file detected
Signed-Releases	⚠️ -1	no releases found
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Vulnerabilities	⚠️ 0	71 existing vulnerabilities detected

npm/@angular/forms

19.1.2

🟢 6.5

Details

Check	Score	Reason
Binary-Artifacts	🟢 10	no binaries found in the repo
Branch-Protection	🟢 6	branch protection is not maximal on development and all release branches
CI-Tests	🟢 10	4 out of 4 merged PRs checked by a CI test -- score normalized to 10
CII-Best-Practices	⚠️ 2	badge detected: InProgress
Code-Review	⚠️ 0	Found 1/30 approved changesets -- score normalized to 0
Contributors	🟢 10	project has 38 contributing companies or organizations
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Dependency-Update-Tool	🟢 10	update tool detected
Fuzzing	🟢 10	project is fuzzed
License	🟢 10	license file detected
Maintained	🟢 10	30 commit(s) and 14 issue activity found in the last 90 days -- score normalized to 10
Packaging	⚠️ -1	packaging workflow not detected
Pinned-Dependencies	🟢 10	all dependencies are pinned
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Security-Policy	🟢 10	security policy file detected
Signed-Releases	⚠️ -1	no releases found
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Vulnerabilities	⚠️ 0	71 existing vulnerabilities detected

npm/@angular/material

19.1.0

🟢 7.4

Details

Check	Score	Reason
Binary-Artifacts	🟢 10	no binaries found in the repo
Branch-Protection	🟢 6	branch protection is not maximal on development and all release branches
CI-Tests	🟢 10	29 out of 29 merged PRs checked by a CI test -- score normalized to 10
CII-Best-Practices	⚠️ 2	badge detected: in_progress
Code-Review	🟢 10	all changesets reviewed
Contributors	🟢 10	23 different organizations found -- score normalized to 10
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Dependency-Update-Tool	🟢 10	update tool detected
Fuzzing	⚠️ 0	project is not fuzzed
License	🟢 10	license file detected
Maintained	🟢 10	30 commit(s) out of 30 and 3 issue activity out of 30 found in the last 90 days -- score normalized to 10
Packaging	⚠️ -1	no published package detected
Pinned-Dependencies	🟢 10	all dependencies are pinned
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Security-Policy	🟢 10	security policy file detected
Signed-Releases	⚠️ -1	no releases found
Token-Permissions	🟢 8	detected GitHub workflow tokens with excessive permissions
Vulnerabilities	⚠️ 0	54 existing vulnerabilities detected

npm/@angular/platform-browser

19.1.2

🟢 6.5

Details

Check	Score	Reason
Binary-Artifacts	🟢 10	no binaries found in the repo
Branch-Protection	🟢 6	branch protection is not maximal on development and all release branches
CI-Tests	🟢 10	4 out of 4 merged PRs checked by a CI test -- score normalized to 10
CII-Best-Practices	⚠️ 2	badge detected: InProgress
Code-Review	⚠️ 0	Found 1/30 approved changesets -- score normalized to 0
Contributors	🟢 10	project has 38 contributing companies or organizations
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Dependency-Update-Tool	🟢 10	update tool detected
Fuzzing	🟢 10	project is fuzzed
License	🟢 10	license file detected
Maintained	🟢 10	30 commit(s) and 14 issue activity found in the last 90 days -- score normalized to 10
Packaging	⚠️ -1	packaging workflow not detected
Pinned-Dependencies	🟢 10	all dependencies are pinned
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Security-Policy	🟢 10	security policy file detected
Signed-Releases	⚠️ -1	no releases found
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Vulnerabilities	⚠️ 0	71 existing vulnerabilities detected

npm/@angular/platform-browser-dynamic

19.1.2

🟢 6.5

Details

Check	Score	Reason
Binary-Artifacts	🟢 10	no binaries found in the repo
Branch-Protection	🟢 6	branch protection is not maximal on development and all release branches
CI-Tests	🟢 10	4 out of 4 merged PRs checked by a CI test -- score normalized to 10
CII-Best-Practices	⚠️ 2	badge detected: InProgress
Code-Review	⚠️ 0	Found 1/30 approved changesets -- score normalized to 0
Contributors	🟢 10	project has 38 contributing companies or organizations
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Dependency-Update-Tool	🟢 10	update tool detected
Fuzzing	🟢 10	project is fuzzed
License	🟢 10	license file detected
Maintained	🟢 10	30 commit(s) and 14 issue activity found in the last 90 days -- score normalized to 10
Packaging	⚠️ -1	packaging workflow not detected
Pinned-Dependencies	🟢 10	all dependencies are pinned
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Security-Policy	🟢 10	security policy file detected
Signed-Releases	⚠️ -1	no releases found
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Vulnerabilities	⚠️ 0	71 existing vulnerabilities detected

npm/@angular/router

19.1.2

🟢 6.5

Details

Check	Score	Reason
Binary-Artifacts	🟢 10	no binaries found in the repo
Branch-Protection	🟢 6	branch protection is not maximal on development and all release branches
CI-Tests	🟢 10	4 out of 4 merged PRs checked by a CI test -- score normalized to 10
CII-Best-Practices	⚠️ 2	badge detected: InProgress
Code-Review	⚠️ 0	Found 1/30 approved changesets -- score normalized to 0
Contributors	🟢 10	project has 38 contributing companies or organizations
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Dependency-Update-Tool	🟢 10	update tool detected
Fuzzing	🟢 10	project is fuzzed
License	🟢 10	license file detected
Maintained	🟢 10	30 commit(s) and 14 issue activity found in the last 90 days -- score normalized to 10
Packaging	⚠️ -1	packaging workflow not detected
Pinned-Dependencies	🟢 10	all dependencies are pinned
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Security-Policy	🟢 10	security policy file detected
Signed-Releases	⚠️ -1	no releases found
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Vulnerabilities	⚠️ 0	71 existing vulnerabilities detected

npm/@octokit/openapi-types

23.0.1

🟢 7

Details

Check	Score	Reason
Code-Review	🟢 8	Found 6/7 approved changesets -- score normalized to 8
Maintained	🟢 7	8 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 7
Security-Policy	🟢 9	security policy file detected
Binary-Artifacts	🟢 10	no binaries found in the repo
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Fuzzing	⚠️ 0	project is not fuzzed
License	🟢 10	license file detected
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Signed-Releases	⚠️ -1	no releases found
Packaging	🟢 10	packaging workflow detected
Vulnerabilities	🟢 10	0 existing vulnerabilities detected
Pinned-Dependencies	🟢 3	dependency not pinned by hash detected -- score normalized to 3
SAST	🟢 9	SAST tool detected but not run on all commits

npm/@octokit/types

13.7.0

🟢 7.1

Details

Check	Score	Reason
Security-Policy	🟢 9	security policy file detected
Code-Review	🟢 10	all changesets reviewed
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Maintained	🟢 7	7 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 7
Binary-Artifacts	🟢 10	no binaries found in the repo
Pinned-Dependencies	🟢 3	dependency not pinned by hash detected -- score normalized to 3
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Fuzzing	⚠️ 0	project is not fuzzed
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Packaging	🟢 10	packaging workflow detected
SAST	🟢 10	SAST tool is run on all commits
Vulnerabilities	🟢 8	2 existing vulnerabilities detected

npm/cronstrue

2.53.0

🟢 3.8

Details

Check	Score	Reason
Code-Review	🟢 3	Found 9/28 approved changesets -- score normalized to 3
Maintained	🟢 6	5 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 6
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Binary-Artifacts	🟢 10	no binaries found in the repo
Packaging	⚠️ -1	packaging workflow not detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Security-Policy	⚠️ 0	security policy file not detected
License	🟢 10	license file detected
Fuzzing	⚠️ 0	project is not fuzzed
Signed-Releases	⚠️ 0	Project has not signed or included provenance with any releases.
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities	🟢 5	5 existing vulnerabilities detected

npm/highcharts

12.1.2

🟢 3.5

Details

Check	Score	Reason
Packaging	⚠️ -1	packaging workflow not detected
Token-Permissions	⚠️ -1	No tokens found
Dangerous-Workflow	⚠️ -1	no workflows found
Maintained	🟢 7	9 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 7
Code-Review	⚠️ 0	Found 1/28 approved changesets -- score normalized to 0
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Security-Policy	⚠️ 0	security policy file not detected
License	⚠️ 0	license file not detected
Vulnerabilities	🟢 10	0 existing vulnerabilities detected
Signed-Releases	⚠️ -1	no releases found
Binary-Artifacts	🟢 10	no binaries found in the repo
Branch-Protection	⚠️ 0	branch protection not enabled on development/release branches
Pinned-Dependencies	⚠️ -1	no dependencies found
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Fuzzing	⚠️ 0	project is not fuzzed

npm/ng2-charts

8.0.0

🟢 4.3

Details

Check	Score	Reason
Maintained	🟢 10	14 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Packaging	⚠️ -1	packaging workflow not detected
Code-Review	⚠️ 0	Found 1/16 approved changesets -- score normalized to 0
Binary-Artifacts	🟢 10	no binaries found in the repo
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Pinned-Dependencies	⚠️ 2	dependency not pinned by hash detected -- score normalized to 2
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Fuzzing	⚠️ 0	project is not fuzzed
License	🟢 10	license file detected
Signed-Releases	⚠️ 0	Project has not signed or included provenance with any releases.
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Security-Policy	⚠️ 0	security policy file not detected
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities	🟢 8	2 existing vulnerabilities detected

npm/zone.js

0.15.0

🟢 6.5

Details

Check	Score	Reason
Binary-Artifacts	🟢 10	no binaries found in the repo
Branch-Protection	🟢 6	branch protection is not maximal on development and all release branches
CI-Tests	🟢 10	4 out of 4 merged PRs checked by a CI test -- score normalized to 10
CII-Best-Practices	⚠️ 2	badge detected: InProgress
Code-Review	⚠️ 0	Found 1/30 approved changesets -- score normalized to 0
Contributors	🟢 10	project has 38 contributing companies or organizations
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Dependency-Update-Tool	🟢 10	update tool detected
Fuzzing	🟢 10	project is fuzzed
License	🟢 10	license file detected
Maintained	🟢 10	30 commit(s) and 14 issue activity found in the last 90 days -- score normalized to 10
Packaging	⚠️ -1	packaging workflow not detected
Pinned-Dependencies	🟢 10	all dependencies are pinned
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Security-Policy	🟢 10	security policy file detected
Signed-Releases	⚠️ -1	no releases found
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Vulnerabilities	⚠️ 0	71 existing vulnerabilities detected

npm/@angular/animations

^19.1.2

🟢 6.5

Details

Check	Score	Reason
Binary-Artifacts	🟢 10	no binaries found in the repo
Branch-Protection	🟢 6	branch protection is not maximal on development and all release branches
CI-Tests	🟢 10	4 out of 4 merged PRs checked by a CI test -- score normalized to 10
CII-Best-Practices	⚠️ 2	badge detected: InProgress
Code-Review	⚠️ 0	Found 1/30 approved changesets -- score normalized to 0
Contributors	🟢 10	project has 38 contributing companies or organizations
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Dependency-Update-Tool	🟢 10	update tool detected
Fuzzing	🟢 10	project is fuzzed
License	🟢 10	license file detected
Maintained	🟢 10	30 commit(s) and 14 issue activity found in the last 90 days -- score normalized to 10
Packaging	⚠️ -1	packaging workflow not detected
Pinned-Dependencies	🟢 10	all dependencies are pinned
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Security-Policy	🟢 10	security policy file detected
Signed-Releases	⚠️ -1	no releases found
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Vulnerabilities	⚠️ 0	71 existing vulnerabilities detected

npm/@angular/cdk

^19.1.0

🟢 7.4

Details

Check	Score	Reason
Binary-Artifacts	🟢 10	no binaries found in the repo
Branch-Protection	🟢 6	branch protection is not maximal on development and all release branches
CI-Tests	🟢 10	29 out of 29 merged PRs checked by a CI test -- score normalized to 10
CII-Best-Practices	⚠️ 2	badge detected: in_progress
Code-Review	🟢 10	all changesets reviewed
Contributors	🟢 10	23 different organizations found -- score normalized to 10
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Dependency-Update-Tool	🟢 10	update tool detected
Fuzzing	⚠️ 0	project is not fuzzed
License	🟢 10	license file detected
Maintained	🟢 10	30 commit(s) out of 30 and 3 issue activity out of 30 found in the last 90 days -- score normalized to 10
Packaging	⚠️ -1	no published package detected
Pinned-Dependencies	🟢 10	all dependencies are pinned
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Security-Policy	🟢 10	security policy file detected
Signed-Releases	⚠️ -1	no releases found
Token-Permissions	🟢 8	detected GitHub workflow tokens with excessive permissions
Vulnerabilities	⚠️ 0	54 existing vulnerabilities detected

npm/@angular/common

^19.1.2

🟢 6.5

Details

Check	Score	Reason
Binary-Artifacts	🟢 10	no binaries found in the repo
Branch-Protection	🟢 6	branch protection is not maximal on development and all release branches
CI-Tests	🟢 10	4 out of 4 merged PRs checked by a CI test -- score normalized to 10
CII-Best-Practices	⚠️ 2	badge detected: InProgress
Code-Review	⚠️ 0	Found 1/30 approved changesets -- score normalized to 0
Contributors	🟢 10	project has 38 contributing companies or organizations
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Dependency-Update-Tool	🟢 10	update tool detected
Fuzzing	🟢 10	project is fuzzed
License	🟢 10	license file detected
Maintained	🟢 10	30 commit(s) and 14 issue activity found in the last 90 days -- score normalized to 10
Packaging	⚠️ -1	packaging workflow not detected
Pinned-Dependencies	🟢 10	all dependencies are pinned
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Security-Policy	🟢 10	security policy file detected
Signed-Releases	⚠️ -1	no releases found
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Vulnerabilities	⚠️ 0	71 existing vulnerabilities detected

npm/@angular/compiler

^19.1.2

🟢 6.5

Details

Check	Score	Reason
Binary-Artifacts	🟢 10	no binaries found in the repo
Branch-Protection	🟢 6	branch protection is not maximal on development and all release branches
CI-Tests	🟢 10	4 out of 4 merged PRs checked by a CI test -- score normalized to 10
CII-Best-Practices	⚠️ 2	badge detected: InProgress
Code-Review	⚠️ 0	Found 1/30 approved changesets -- score normalized to 0
Contributors	🟢 10	project has 38 contributing companies or organizations
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Dependency-Update-Tool	🟢 10	update tool detected
Fuzzing	🟢 10	project is fuzzed
License	🟢 10	license file detected
Maintained	🟢 10	30 commit(s) and 14 issue activity found in the last 90 days -- score normalized to 10
Packaging	⚠️ -1	packaging workflow not detected
Pinned-Dependencies	🟢 10	all dependencies are pinned
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Security-Policy	🟢 10	security policy file detected
Signed-Releases	⚠️ -1	no releases found
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Vulnerabilities	⚠️ 0	71 existing vulnerabilities detected

npm/@angular/core

^19.1.2

🟢 6.5

Details

Check	Score	Reason
Binary-Artifacts	🟢 10	no binaries found in the repo
Branch-Protection	🟢 6	branch protection is not maximal on development and all release branches
CI-Tests	🟢 10	4 out of 4 merged PRs checked by a CI test -- score normalized to 10
CII-Best-Practices	⚠️ 2	badge detected: InProgress
Code-Review	⚠️ 0	Found 1/30 approved changesets -- score normalized to 0
Contributors	🟢 10	project has 38 contributing companies or organizations
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Dependency-Update-Tool	🟢 10	update tool detected
Fuzzing	🟢 10	project is fuzzed
License	🟢 10	license file detected
Maintained	🟢 10	30 commit(s) and 14 issue activity found in the last 90 days -- score normalized to 10
Packaging	⚠️ -1	packaging workflow not detected
Pinned-Dependencies	🟢 10	all dependencies are pinned
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Security-Policy	🟢 10	security policy file detected
Signed-Releases	⚠️ -1	no releases found
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Vulnerabilities	⚠️ 0	71 existing vulnerabilities detected

npm/@angular/forms

^19.1.2

🟢 6.5

Details

Check	Score	Reason
Binary-Artifacts	🟢 10	no binaries found in the repo
Branch-Protection	🟢 6	branch protection is not maximal on development and all release branches
CI-Tests	🟢 10	4 out of 4 merged PRs checked by a CI test -- score normalized to 10
CII-Best-Practices	⚠️ 2	badge detected: InProgress
Code-Review	⚠️ 0	Found 1/30 approved changesets -- score normalized to 0
Contributors	🟢 10	project has 38 contributing companies or organizations
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Dependency-Update-Tool	🟢 10	update tool detected
Fuzzing	🟢 10	project is fuzzed
License	🟢 10	license file detected
Maintained	🟢 10	30 commit(s) and 14 issue activity found in the last 90 days -- score normalized to 10
Packaging	⚠️ -1	packaging workflow not detected
Pinned-Dependencies	🟢 10	all dependencies are pinned
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Security-Policy	🟢 10	security policy file detected
Signed-Releases	⚠️ -1	no releases found
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Vulnerabilities	⚠️ 0	71 existing vulnerabilities detected

npm/@angular/material

^19.1.0

🟢 7.4

Details

Check	Score	Reason
Binary-Artifacts	🟢 10	no binaries found in the repo
Branch-Protection	🟢 6	branch protection is not maximal on development and all release branches
CI-Tests	🟢 10	29 out of 29 merged PRs checked by a CI test -- score normalized to 10
CII-Best-Practices	⚠️ 2	badge detected: in_progress
Code-Review	🟢 10	all changesets reviewed
Contributors	🟢 10	23 different organizations found -- score normalized to 10
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Dependency-Update-Tool	🟢 10	update tool detected
Fuzzing	⚠️ 0	project is not fuzzed
License	🟢 10	license file detected
Maintained	🟢 10	30 commit(s) out of 30 and 3 issue activity out of 30 found in the last 90 days -- score normalized to 10
Packaging	⚠️ -1	no published package detected
Pinned-Dependencies	🟢 10	all dependencies are pinned
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Security-Policy	🟢 10	security policy file detected
Signed-Releases	⚠️ -1	no releases found
Token-Permissions	🟢 8	detected GitHub workflow tokens with excessive permissions
Vulnerabilities	⚠️ 0	54 existing vulnerabilities detected

npm/@angular/platform-browser

^19.1.2

🟢 6.5

Details

Check	Score	Reason
Binary-Artifacts	🟢 10	no binaries found in the repo
Branch-Protection	🟢 6	branch protection is not maximal on development and all release branches
CI-Tests	🟢 10	4 out of 4 merged PRs checked by a CI test -- score normalized to 10
CII-Best-Practices	⚠️ 2	badge detected: InProgress
Code-Review	⚠️ 0	Found 1/30 approved changesets -- score normalized to 0
Contributors	🟢 10	project has 38 contributing companies or organizations
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Dependency-Update-Tool	🟢 10	update tool detected
Fuzzing	🟢 10	project is fuzzed
License	🟢 10	license file detected
Maintained	🟢 10	30 commit(s) and 14 issue activity found in the last 90 days -- score normalized to 10
Packaging	⚠️ -1	packaging workflow not detected
Pinned-Dependencies	🟢 10	all dependencies are pinned
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Security-Policy	🟢 10	security policy file detected
Signed-Releases	⚠️ -1	no releases found
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Vulnerabilities	⚠️ 0	71 existing vulnerabilities detected

npm/@angular/platform-browser-dynamic

^19.1.2

🟢 6.5

Details

Check	Score	Reason
Binary-Artifacts	🟢 10	no binaries found in the repo
Branch-Protection	🟢 6	branch protection is not maximal on development and all release branches
CI-Tests	🟢 10	4 out of 4 merged PRs checked by a CI test -- score normalized to 10
CII-Best-Practices	⚠️ 2	badge detected: InProgress
Code-Review	⚠️ 0	Found 1/30 approved changesets -- score normalized to 0
Contributors	🟢 10	project has 38 contributing companies or organizations
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Dependency-Update-Tool	🟢 10	update tool detected
Fuzzing	🟢 10	project is fuzzed
License	🟢 10	license file detected
Maintained	🟢 10	30 commit(s) and 14 issue activity found in the last 90 days -- score normalized to 10
Packaging	⚠️ -1	packaging workflow not detected
Pinned-Dependencies	🟢 10	all dependencies are pinned
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Security-Policy	🟢 10	security policy file detected
Signed-Releases	⚠️ -1	no releases found
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Vulnerabilities	⚠️ 0	71 existing vulnerabilities detected

npm/@angular/router

^19.1.2

🟢 6.5

Details

Check	Score	Reason
Binary-Artifacts	🟢 10	no binaries found in the repo
Branch-Protection	🟢 6	branch protection is not maximal on development and all release branches
CI-Tests	🟢 10	4 out of 4 merged PRs checked by a CI test -- score normalized to 10
CII-Best-Practices	⚠️ 2	badge detected: InProgress
Code-Review	⚠️ 0	Found 1/30 approved changesets -- score normalized to 0
Contributors	🟢 10	project has 38 contributing companies or organizations
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Dependency-Update-Tool	🟢 10	update tool detected
Fuzzing	🟢 10	project is fuzzed
License	🟢 10	license file detected
Maintained	🟢 10	30 commit(s) and 14 issue activity found in the last 90 days -- score normalized to 10
Packaging	⚠️ -1	packaging workflow not detected
Pinned-Dependencies	🟢 10	all dependencies are pinned
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Security-Policy	🟢 10	security policy file detected
Signed-Releases	⚠️ -1	no releases found
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Vulnerabilities	⚠️ 0	71 existing vulnerabilities detected

npm/@octokit/types

^13.7.0

🟢 7.1

Details

Check	Score	Reason
Security-Policy	🟢 9	security policy file detected
Code-Review	🟢 10	all changesets reviewed
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Maintained	🟢 7	7 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 7
Binary-Artifacts	🟢 10	no binaries found in the repo
Pinned-Dependencies	🟢 3	dependency not pinned by hash detected -- score normalized to 3
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Fuzzing	⚠️ 0	project is not fuzzed
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Packaging	🟢 10	packaging workflow detected
SAST	🟢 10	SAST tool is run on all commits
Vulnerabilities	🟢 8	2 existing vulnerabilities detected

npm/cronstrue

^2.53.0

🟢 3.8

Details

Check	Score	Reason
Code-Review	🟢 3	Found 9/28 approved changesets -- score normalized to 3
Maintained	🟢 6	5 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 6
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Binary-Artifacts	🟢 10	no binaries found in the repo
Packaging	⚠️ -1	packaging workflow not detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Security-Policy	⚠️ 0	security policy file not detected
License	🟢 10	license file detected
Fuzzing	⚠️ 0	project is not fuzzed
Signed-Releases	⚠️ 0	Project has not signed or included provenance with any releases.
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities	🟢 5	5 existing vulnerabilities detected

npm/highcharts

^12.1.2

🟢 3.5

Details

Check	Score	Reason
Packaging	⚠️ -1	packaging workflow not detected
Token-Permissions	⚠️ -1	No tokens found
Dangerous-Workflow	⚠️ -1	no workflows found
Maintained	🟢 7	9 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 7
Code-Review	⚠️ 0	Found 1/28 approved changesets -- score normalized to 0
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Security-Policy	⚠️ 0	security policy file not detected
License	⚠️ 0	license file not detected
Vulnerabilities	🟢 10	0 existing vulnerabilities detected
Signed-Releases	⚠️ -1	no releases found
Binary-Artifacts	🟢 10	no binaries found in the repo
Branch-Protection	⚠️ 0	branch protection not enabled on development/release branches
Pinned-Dependencies	⚠️ -1	no dependencies found
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Fuzzing	⚠️ 0	project is not fuzzed

npm/ng2-charts

^8.0.0

🟢 4.3

Details

Check	Score	Reason
Maintained	🟢 10	14 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Packaging	⚠️ -1	packaging workflow not detected
Code-Review	⚠️ 0	Found 1/16 approved changesets -- score normalized to 0
Binary-Artifacts	🟢 10	no binaries found in the repo
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Pinned-Dependencies	⚠️ 2	dependency not pinned by hash detected -- score normalized to 2
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Fuzzing	⚠️ 0	project is not fuzzed
License	🟢 10	license file detected
Signed-Releases	⚠️ 0	Project has not signed or included provenance with any releases.
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Security-Policy	⚠️ 0	security policy file not detected
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities	🟢 8	2 existing vulnerabilities detected

Scanned Files

frontend/package-lock.json
frontend/package.json

dependabot · 2025-01-27T20:32:58Z

Superseded by #114.

dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Jan 20, 2025

dependabot bot mentioned this pull request Jan 20, 2025

Bump the production-dependencies group across 1 directory with 14 updates #107

Closed

dependabot bot closed this Jan 27, 2025

dependabot bot deleted the dependabot/npm_and_yarn/frontend/production-dependencies-be5962080a branch January 27, 2025 20:33

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Bump the production-dependencies group across 1 directory with 14 updates#112

Bump the production-dependencies group across 1 directory with 14 updates#112
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/frontend/production-dependencies-be5962080a

dependabot bot commented on behalf of github Jan 20, 2025 •

edited

Loading

Uh oh!

github-actions bot commented Jan 20, 2025

Uh oh!

dependabot bot commented on behalf of github Jan 27, 2025

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Commit	Description
	animation sometimes renderer not being destroyed during HMR (#59574)
	change `Resource` to use explicit `undefined` in its typings (#59024)
	cleanup `_ejsa` when app is destroyed (#59492)
	cleanup stash listener when app is destroyed (#59598)
	handle shadow DOM encapsulated component with HMR (#59597)
	HMR not matching component that injects ViewContainerRef (#59596)
	treat exceptions in `equal` as part of computation (#55818)

Commit	Description
	allow $any in two-way bindings (#59362)
	use chunk origin in template HMR request URL (#59459)

Commit	Type	Description
a4eb74c79c	fix	animation sometimes renderer not being destroyed during HMR (#59574)
906413aba3	fix	change `Resource` to use explicit `undefined` in its typings (#59024)
4eb541837c	fix	cleanup `_ejsa` when app is destroyed (#59492)
5497102769	fix	cleanup stash listener when app is destroyed (#59598)
266a8f2f2e	fix	handle shadow DOM encapsulated component with HMR (#59597)
6f7716268a	fix	HMR not matching component that injects ViewContainerRef (#59596)
d12a186d53	fix	treat exceptions in `equal` as part of computation (#55818)

Commit	Type	Description
ceadd28ea1	fix	allow $any in two-way bindings (#59362)
aed49ddaaa	fix	use chunk origin in template HMR request URL (#59459)

Commit	Description
	column-resize: Support column size persistance hooks (#30136)
	column-resize: Previous size was being sent for persistance rather than newly updated size in non-live resize mode. (#30161)

Commit	Description
	schematics: Add CSS output to custom theme schematic (#30004)
	api-theme: fix nav items hover/focus contrast (#1004)
	checkbox: ensure focus indicator has the correct shape (#30332)
	docs: change twitter logo (#1245)
	menu: lazy content not detached after animation (#30301)
	select: match disabled placeholder color with label (#29870)
	select: remove color transition w/ no animations module (#30304)
	slider: active vs inactive tick mark count (#30319)
	slider: tick mark positioning (#30329)
	sort: avoid center align for sort header
	tabs: tab nav bar animation not working when navigating forwards (#30313)
	theme: unselected theme picker
	tooltip: deprecate matTooltipAnimations (#30310)
	button: Remove unused inject. (#30320)
	table: Optimize expensive css selector (#30305)
	tooltip: Use afterNextRender to invoke aria describer to align layout updates with other components using afterNextRender. (#30265)

Commit	Description
	dialog: expose cdk dialog docs (#1144)
	menu: expose cdk menu docs (#1142)
	menu: avoid resetting the scroll position when using the mouse (#30249)
	menu: not responding to position changes (#30234)
	scrolling: avoid SSR error in CdkVirtualScrollableWindow (#30259)
	table: Use afterNextRender for sticky styling. Fixes a performance regression dating back to #28393 and removes need for coalesced sticky styler. (#30242)

Commit	Description
	add 404 page (#902)
	add button to copy link to example (#922)
	add cdk/testing docs (#678)

Commit	Type	Description
62a672af0d	feat	dialog: expose cdk dialog docs (#1144)
a0a16fc70e	feat	menu: expose cdk menu docs (#1142)
2be0afcfb5	fix	menu: avoid resetting the scroll position when using the mouse (#30249)
e421765d8d	fix	menu: not responding to position changes (#30234)
5c75bbecb2	fix	scrolling: avoid SSR error in CdkVirtualScrollableWindow (#30259)
d721f0c2bc	perf	table: Use afterNextRender for sticky styling. Fixes a performance regression dating back to #28393 and removes need for coalesced sticky styler. (#30242)

Commit	Type	Description
f47f5f9a1e	feat	schematics: Add CSS output to custom theme schematic (#30004)
057ed370aa	fix	api-theme: fix nav items hover/focus contrast (#1004)
5138fe7b38	fix	checkbox: ensure focus indicator has the correct shape (#30332)
3163040850	fix	docs: change twitter logo (#1245)
781e91e798	fix	menu: lazy content not detached after animation (#30301)
a3d9e4b45d	fix	select: match disabled placeholder color with label (#29870)
027c3ad267	fix	select: remove color transition w/ no animations module (#30304)
4f676d4030	fix	slider: active vs inactive tick mark count (#30319)
eae073032c	fix	slider: tick mark positioning (#30329)
0c099ff024	fix	sort: avoid center align for sort header
6ca21fd740	fix	tabs: tab nav bar animation not working when navigating forwards (#30313)
a0b5546111	fix	theme: unselected theme picker
884740d605	fix	tooltip: deprecate matTooltipAnimations (#30310)
ab497c44e7	perf	button: Remove unused inject. (#30320)
ab44d45c56	perf	table: Optimize expensive css selector (#30305)
980f9ba7bb	perf	tooltip: Use afterNextRender to invoke aria describer to align layout updates with other components using afterNextRender. (#30265)

Commit	Type	Description
75c8aa8767	feat	column-resize: Support column size persistance hooks (#30136)
50d906b3e3	fix	column-resize: Previous size was being sent for persistance rather than newly updated size in non-live resize mode. (#30161)

Commit	Type	Description
f5abaa31a1	feat	add 404 page (#902)
5c5903e82c	feat	add button to copy link to example (#922)
76f9d98d22	feat	add cdk/testing docs (#678)
39ab48f4be	feat	add cookie popup (#988)
cfdc032c09	feat	add CSP and recommended security headers to site

Uh oh!

Conversation

dependabot bot commented on behalf of github Jan 20, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

v19.1.2

19.1.2 (2025-01-20)

compiler

compiler-cli

core

v19.1.1

19.1.1 (2025-01-16)

core

platform-browser

v19.1.0

19.1.0 (2025-01-15)

common

compiler

compiler-cli

19.1.2 (2025-01-20)

compiler

compiler-cli

core

19.1.1 (2025-01-16)

core

platform-browser

19.1.0 (2025-01-15)

common

compiler

compiler-cli

v19.1.0

19.1.0 "denim-firefly" (2025-01-16)

material-luxon-adapter

material-experimental

cdk-experimental

material

cdk

19.1.0 "denim-firefly" (2025-01-16)

cdk

material

cdk-experimental

material-experimental

material-luxon-adapter

v19.1.2

19.1.2 (2025-01-20)

compiler

compiler-cli

core

v19.1.1

19.1.1 (2025-01-16)

core

platform-browser

v19.1.0

19.1.0 (2025-01-15)

common

compiler

compiler-cli

19.1.2 (2025-01-20)

compiler

compiler-cli

core

19.1.1 (2025-01-16)

core

platform-browser

19.1.0 (2025-01-15)

common

compiler

compiler-cli

v19.1.2

19.1.2 (2025-01-20)

compiler

compiler-cli

core

v19.1.1

19.1.1 (2025-01-16)

core

platform-browser

v19.1.0

19.1.0 (2025-01-15)

common

compiler

dependabot bot commented on behalf of github Jan 20, 2025 •

edited

Loading