Sync from inner source [auto]

[well-architected-sync-bot]

Sync Contributions from the GitHub Inner Source Community

This PR merges the deployed contributions from GitHub inner source.

Source Details

• Original Repository: github/github-well-architected-internal
• Original SHA: 35446b317011eea563e262313eb5e6abd3e2d738

Next Steps

1. This PR will be merged automatically after 30 seconds.

[github-actions]

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

Snapshot Warnings

⚠️: No snapshots were found for the head SHA 9fba150.

Ensure that dependencies are being submitted on PR branches and consider enabling retry-on-snapshot-warnings. See the documentation for more information and troubleshooting advice.

OpenSSF Scorecard

Package	Version	Score	Details
npm/serialize-javascript	7.0.3	🟢 4.4	Details Check Score Reason Code-Review 🟢 3 Found 7/20 approved changesets -- score normalized to 3 Packaging ⚠️ -1 packaging workflow not detected Maintained 🟢 7 6 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 7 Binary-Artifacts 🟢 10 no binaries found in the repo Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Pinned-Dependencies 🟢 3 dependency not pinned by hash detected -- score normalized to 3 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 9 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md Security-Policy ⚠️ 0 security policy file not detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0

Scanned Files

• package-lock.json