Skip to content

Bump the npm group across 2 directories with 12 updates#50

Merged
github-actions[bot] merged 1 commit into
mainfrom
dependabot/npm_and_yarn/npm-c59e533c26
Dec 8, 2025
Merged

Bump the npm group across 2 directories with 12 updates#50
github-actions[bot] merged 1 commit into
mainfrom
dependabot/npm_and_yarn/npm-c59e533c26

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Dec 8, 2025

Copy link
Copy Markdown
Contributor

Bumps the npm group with 3 updates in the / directory: pnpm, typescript-eslint and @hono/node-server.
Bumps the npm group with 2 updates in the /example directory: typescript-eslint and @hono/node-server.

Updates pnpm from 10.24.0 to 10.25.0

Release notes

Sourced from pnpm's releases.

pnpm 10.25

Minor Changes

  • Allow loading certificates from cert, ca, and key for specific registry URLs. E.g., //registry.example.com/:ca=-----BEGIN CERTIFICATE-----.... Previously this was only working via certfile, cafile, and keyfile.

    These properties are supported in .npmrc, but were ignored by pnpm, this will make pnpm read and use them as well.

    Related PR: #10230.

  • Added a new flag called --bare to pnpm init for creating a package.json with the bare minimum of required fields #10226.

Patch Changes

  • Improved reporting of ignored dependency scripts #10276.
  • pnpm install should build any dependencies that were added to onlyBuiltDependencies and were not built yet #10256.
  • pnpm publish -r --force should allow to run publish over already existing versions in the registry #10272.
  • Don't fail with a ERR_PNPM_MISSING_TIME error if a package that is excluded from trust policy checks is missing the time field in the metadata.

Platinum Sponsors

Gold Sponsors

... (truncated)

Changelog

Sourced from pnpm's changelog.

10.25.0

Minor Changes

  • Allow loading certificates from cert, ca, and key for specific registry URLs. E.g., //registry.example.com/:ca=-----BEGIN CERTIFICATE-----.... Previously this was only working via certfile, cafile, and keyfile.

    These properties are supported in .npmrc, but were ignored by pnpm, this will make pnpm read and use them as well.

    Related PR: #10230.

  • Added a new flag called --bare to pnpm init for creating a package.json with the bare minimum of required fields #10226.

Patch Changes

  • Improved reporting of ignored dependency scripts #10276.
  • pnpm install should build any dependencies that were added to onlyBuiltDependencies and were not built yet #10256.
  • pnpm publish -r --force should allow to run publish over already existing versions in the registry #10272.
  • Don't fail with a ERR_PNPM_MISSING_TIME error if a package that is excluded from trust policy checks is missing the time field in the metadata.
Commits

Updates typescript-eslint from 8.48.1 to 8.49.0

Release notes

Sourced from typescript-eslint's releases.

v8.49.0

8.49.0 (2025-12-08)

🚀 Features

  • eslint-plugin: use Intl.Segmenter instead of graphemer (#11804)

🩹 Fixes

  • deps: update dependency prettier to v3.7.2 (#11820)

❤️ Thank You

You can read about our versioning strategy and releases on our website.

Changelog

Sourced from typescript-eslint's changelog.

8.49.0 (2025-12-08)

This was a version bump only for typescript-eslint to align it with other projects, there were no code changes.

You can read about our versioning strategy and releases on our website.

Commits

Updates @hono/node-server from 1.19.6 to 1.19.7

Release notes

Sourced from @​hono/node-server's releases.

v1.19.7

What's Changed

New Contributors

Full Changelog: honojs/node-server@v1.19.6...v1.19.7

Commits
  • 0a4826c 1.19.7
  • b253386 chore: add configVersion to bun.lock (#291)
  • 38e17b5 fix: Fix for hono issue 4563 - incorrect content-length after following symli...
  • See full diff in compare view

Updates @typescript-eslint/eslint-plugin from 8.48.1 to 8.49.0

Release notes

Sourced from @​typescript-eslint/eslint-plugin's releases.

v8.49.0

8.49.0 (2025-12-08)

🚀 Features

  • eslint-plugin: use Intl.Segmenter instead of graphemer (#11804)

🩹 Fixes

  • deps: update dependency prettier to v3.7.2 (#11820)

❤️ Thank You

You can read about our versioning strategy and releases on our website.

Changelog

Sourced from @​typescript-eslint/eslint-plugin's changelog.

8.49.0 (2025-12-08)

🚀 Features

  • eslint-plugin: use Intl.Segmenter instead of graphemer (#11804)

🩹 Fixes

  • deps: update dependency prettier to v3.7.2 (#11820)

❤️ Thank You

You can read about our versioning strategy and releases on our website.

Commits
  • 864595a chore(release): publish 8.49.0
  • 32b7e89 chore(deps): update dependency @​vitest/eslint-plugin to v1.5.1 (#11816)
  • 56149a2 feat(eslint-plugin): use Intl.Segmenter instead of graphemer (#11804)
  • 34a49a4 fix(deps): update dependency prettier to v3.7.2 (#11820)
  • d2d7ace docs: fixes bad link to jest docs in unbound-method rule page (#11823)
  • See full diff in compare view

Updates @typescript-eslint/parser from 8.48.1 to 8.49.0

Release notes

Sourced from @​typescript-eslint/parser's releases.

v8.49.0

8.49.0 (2025-12-08)

🚀 Features

  • eslint-plugin: use Intl.Segmenter instead of graphemer (#11804)

🩹 Fixes

  • deps: update dependency prettier to v3.7.2 (#11820)

❤️ Thank You

You can read about our versioning strategy and releases on our website.

Changelog

Sourced from @​typescript-eslint/parser's changelog.

8.49.0 (2025-12-08)

This was a version bump only for parser to align it with other projects, there were no code changes.

You can read about our versioning strategy and releases on our website.

Commits

Updates @typescript-eslint/project-service from 8.48.1 to 8.49.0

Release notes

Sourced from @​typescript-eslint/project-service's releases.

v8.49.0

8.49.0 (2025-12-08)

🚀 Features

  • eslint-plugin: use Intl.Segmenter instead of graphemer (#11804)

🩹 Fixes

  • deps: update dependency prettier to v3.7.2 (#11820)

❤️ Thank You

You can read about our versioning strategy and releases on our website.

Changelog

Sourced from @​typescript-eslint/project-service's changelog.

8.49.0 (2025-12-08)

This was a version bump only for project-service to align it with other projects, there were no code changes.

You can read about our versioning strategy and releases on our website.

Commits

Updates @typescript-eslint/scope-manager from 8.48.1 to 8.49.0

Release notes

Sourced from @​typescript-eslint/scope-manager's releases.

v8.49.0

8.49.0 (2025-12-08)

🚀 Features

  • eslint-plugin: use Intl.Segmenter instead of graphemer (#11804)

🩹 Fixes

  • deps: update dependency prettier to v3.7.2 (#11820)

❤️ Thank You

You can read about our versioning strategy and releases on our website.

Changelog

Sourced from @​typescript-eslint/scope-manager's changelog.

8.49.0 (2025-12-08)

This was a version bump only for scope-manager to align it with other projects, there were no code changes.

You can read about our versioning strategy and releases on our website.

Commits

Updates @typescript-eslint/tsconfig-utils from 8.48.1 to 8.49.0

Release notes

Sourced from @​typescript-eslint/tsconfig-utils's releases.

v8.49.0

8.49.0 (2025-12-08)

🚀 Features

  • eslint-plugin: use Intl.Segmenter instead of graphemer (#11804)

🩹 Fixes

  • deps: update dependency prettier to v3.7.2 (#11820)

❤️ Thank You

You can read about our versioning strategy and releases on our website.

Changelog

Sourced from @​typescript-eslint/tsconfig-utils's changelog.

8.49.0 (2025-12-08)

This was a version bump only for tsconfig-utils to align it with other projects, there were no code changes.

You can read about our versioning strategy and releases on our website.

Commits

Updates @typescript-eslint/type-utils from 8.48.1 to 8.49.0

Release notes

Sourced from @​typescript-eslint/type-utils's releases.

v8.49.0

8.49.0 (2025-12-08)

🚀 Features

  • eslint-plugin: use Intl.Segmenter instead of graphemer (#11804)

🩹 Fixes

  • deps: update dependency prettier to v3.7.2 (#11820)

❤️ Thank You

You can read about our versioning strategy and releases on our website.

Changelog

Sourced from @​typescript-eslint/type-utils's changelog.

8.49.0 (2025-12-08)

This was a version bump only for type-utils to align it with other projects, there were no code changes.

You can read about our versioning strategy and releases on our website.

Commits

Updates @typescript-eslint/typescript-estree from 8.48.1 to 8.49.0

Release notes

Sourced from @​typescript-eslint/typescript-estree's releases.

v8.49.0

8.49.0 (2025-12-08)

🚀 Features

  • eslint-plugin: use Intl.Segmenter instead of graphemer (#11804)

🩹 Fixes

  • deps: update dependency prettier to v3.7.2 (#11820)

❤️ Thank You

You can read about our versioning strategy and releases on our website.

Changelog

Sourced from @​typescript-eslint/typescript-estree's changelog.

8.49.0 (2025-12-08)

🩹 Fixes

  • deps: update dependency prettier to v3.7.2 (#11820)

❤️ Thank You

You can read about our versioning strategy and releases on our website.

Commits

Updates @typescript-eslint/utils from 8.48.1 to 8.49.0

Release notes

Sourced from @​typescript-eslint/utils's releases.

v8.49.0

8.49.0 (2025-12-08)

🚀 Features

  • eslint-plugin: use Intl.Segmenter instead of graphemer (#11804)

🩹 Fixes

  • deps: update dependency prettier to v3.7.2 (#11820)

❤️ Thank You

You can read about our versioning strategy and releases on our website.

Changelog

Sourced from @​typescript-eslint/utils's changelog.

8.49.0 (2025-12-08)

🩹 Fixes

  • deps: update dependency prettier to v3.7.2 (#11820)

❤️ Thank You

You can read about our versioning strategy and releases on our website.

Commits

Updates @typescript-eslint/visitor-keys from 8.48.1 to 8.49.0

Release notes

Sourced from @​typescript-eslint/visitor-keys's releases.

v8.49.0

8.49.0 (2025-12-08)

🚀 Features

  • eslint-plugin: use Intl.Segmenter instead of graphemer (#11804)

🩹 Fixes

  • deps: update dependency prettier to v3.7.2 (#11820)

❤️ Thank You

You can read about our versioning strategy and releases on our website.

Changelog

Sourced from @​typescript-eslint/visitor-keys's changelog.

8.49.0 (2025-12-08)

This was a version bump only for visitor-keys to align it with other projects, there were no code changes.

You can read about our versioning strategy and releases on our website.

Commits

Updates typescript-eslint from 8.48.1 to 8.49.0

Release notes

Sourced from typescript-eslint's releases.

v8.49.0

8.49.0 (2025-12-08)

🚀 Features

  • eslint-plugin: use Intl.Segmenter instead of graphemer (#11804)

🩹 Fixes

  • deps: update dependency prettier to v3.7.2 (#11820)

❤️ Thank You

You can read about our versioning strategy and releases on our website.

Changelog

Sourced from typescript-eslint's changelog.

8.49.0 (2025-12-08)

This was a version bump only for typescript-eslint to align it with other projects, there were no code changes.

You can read about our versioning strategy and releases on our website.

Commits

Updates @hono/node-server from 1.19.6 to 1.19.7

Release notes

Sourced from @​hono/node-server's releases.

v1.19.7

What's Changed

New Contributors

Full Changelog: honojs/node-server@v1.19.6...v1.19.7

Commits
  • 0a4826c 1.19.7
  • b253386 chore: add configVersion to bun.lock (#291)
  • 38e17b5 fix: Fix for hono issue 4563 - incorrect content-length after following symli...
  • See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the npm group with 3 updates in the / directory: [pnpm](https://github.com/pnpm/pnpm/tree/HEAD/pnpm), [typescript-eslint](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/typescript-eslint) and [@hono/node-server](https://github.com/honojs/node-server).
Bumps the npm group with 2 updates in the /example directory: [typescript-eslint](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/typescript-eslint) and [@hono/node-server](https://github.com/honojs/node-server).


Updates `pnpm` from 10.24.0 to 10.25.0
- [Release notes](https://github.com/pnpm/pnpm/releases)
- [Changelog](https://github.com/pnpm/pnpm/blob/v10.25.0/pnpm/CHANGELOG.md)
- [Commits](https://github.com/pnpm/pnpm/commits/v10.25.0/pnpm)

Updates `typescript-eslint` from 8.48.1 to 8.49.0
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/typescript-eslint/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.49.0/packages/typescript-eslint)

Updates `@hono/node-server` from 1.19.6 to 1.19.7
- [Release notes](https://github.com/honojs/node-server/releases)
- [Commits](honojs/node-server@v1.19.6...v1.19.7)

Updates `@typescript-eslint/eslint-plugin` from 8.48.1 to 8.49.0
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/eslint-plugin/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.49.0/packages/eslint-plugin)

Updates `@typescript-eslint/parser` from 8.48.1 to 8.49.0
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/parser/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.49.0/packages/parser)

Updates `@typescript-eslint/project-service` from 8.48.1 to 8.49.0
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/project-service/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.49.0/packages/project-service)

Updates `@typescript-eslint/scope-manager` from 8.48.1 to 8.49.0
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/scope-manager/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.49.0/packages/scope-manager)

Updates `@typescript-eslint/tsconfig-utils` from 8.48.1 to 8.49.0
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/tsconfig-utils/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.49.0/packages/tsconfig-utils)

Updates `@typescript-eslint/type-utils` from 8.48.1 to 8.49.0
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/type-utils/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.49.0/packages/type-utils)

Updates `@typescript-eslint/typescript-estree` from 8.48.1 to 8.49.0
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/typescript-estree/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.49.0/packages/typescript-estree)

Updates `@typescript-eslint/utils` from 8.48.1 to 8.49.0
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/utils/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.49.0/packages/utils)

Updates `@typescript-eslint/visitor-keys` from 8.48.1 to 8.49.0
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/visitor-keys/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.49.0/packages/visitor-keys)

Updates `typescript-eslint` from 8.48.1 to 8.49.0
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/typescript-eslint/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.49.0/packages/typescript-eslint)

Updates `@hono/node-server` from 1.19.6 to 1.19.7
- [Release notes](https://github.com/honojs/node-server/releases)
- [Commits](honojs/node-server@v1.19.6...v1.19.7)

---
updated-dependencies:
- dependency-name: pnpm
  dependency-version: 10.25.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm
- dependency-name: typescript-eslint
  dependency-version: 8.49.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm
- dependency-name: "@hono/node-server"
  dependency-version: 1.19.7
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: npm
- dependency-name: "@typescript-eslint/eslint-plugin"
  dependency-version: 8.49.0
  dependency-type: indirect
  update-type: version-update:semver-minor
  dependency-group: npm
- dependency-name: "@typescript-eslint/parser"
  dependency-version: 8.49.0
  dependency-type: indirect
  update-type: version-update:semver-minor
  dependency-group: npm
- dependency-name: "@typescript-eslint/project-service"
  dependency-version: 8.49.0
  dependency-type: indirect
  update-type: version-update:semver-minor
  dependency-group: npm
- dependency-name: "@typescript-eslint/scope-manager"
  dependency-version: 8.49.0
  dependency-type: indirect
  update-type: version-update:semver-minor
  dependency-group: npm
- dependency-name: "@typescript-eslint/tsconfig-utils"
  dependency-version: 8.49.0
  dependency-type: indirect
  update-type: version-update:semver-minor
  dependency-group: npm
- dependency-name: "@typescript-eslint/type-utils"
  dependency-version: 8.49.0
  dependency-type: indirect
  update-type: version-update:semver-minor
  dependency-group: npm
- dependency-name: "@typescript-eslint/typescript-estree"
  dependency-version: 8.49.0
  dependency-type: indirect
  update-type: version-update:semver-minor
  dependency-group: npm
- dependency-name: "@typescript-eslint/utils"
  dependency-version: 8.49.0
  dependency-type: indirect
  update-type: version-update:semver-minor
  dependency-group: npm
- dependency-name: "@typescript-eslint/visitor-keys"
  dependency-version: 8.49.0
  dependency-type: indirect
  update-type: version-update:semver-minor
  dependency-group: npm
- dependency-name: typescript-eslint
  dependency-version: 8.49.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm
- dependency-name: "@hono/node-server"
  dependency-version: 1.19.7
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: npm
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot assigned poad Dec 8, 2025
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Dec 8, 2025
@github-actions

github-actions Bot commented Dec 8, 2025

Copy link
Copy Markdown
Contributor

Dependency Review

The following issues were found:
  • ✅ 0 vulnerable package(s)
  • ✅ 0 package(s) with incompatible licenses
  • ✅ 0 package(s) with invalid SPDX license definitions
  • ⚠️ 1 package(s) with unknown licenses.
See the Details below.

License Issues

pnpm-lock.yaml

PackageVersionLicenseIssue Type
@hono/node-server1.19.7NullUnknown License

OpenSSF Scorecard

Scorecard details
PackageVersionScoreDetails
npm/@hono/node-server ^1.19.7 UnknownUnknown
npm/typescript-eslint ^8.49.0 🟢 5.3
Details
CheckScoreReason
Code-Review🟢 8Found 20/25 approved changesets -- score normalized to 8
Maintained🟢 1030 commit(s) and 23 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Security-Policy🟢 10security policy file detected
Packaging⚠️ -1packaging workflow not detected
License🟢 10license file detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Signed-Releases⚠️ -1no releases found
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Fuzzing⚠️ 0project is not fuzzed
Vulnerabilities⚠️ 037 existing vulnerabilities detected
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
npm/@hono/node-server 1.19.7 UnknownUnknown
npm/@typescript-eslint/eslint-plugin 8.49.0 🟢 5.3
Details
CheckScoreReason
Code-Review🟢 8Found 20/25 approved changesets -- score normalized to 8
Maintained🟢 1030 commit(s) and 23 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Security-Policy🟢 10security policy file detected
Packaging⚠️ -1packaging workflow not detected
License🟢 10license file detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Signed-Releases⚠️ -1no releases found
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Fuzzing⚠️ 0project is not fuzzed
Vulnerabilities⚠️ 037 existing vulnerabilities detected
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
npm/@typescript-eslint/parser 8.49.0 🟢 5.3
Details
CheckScoreReason
Code-Review🟢 8Found 20/25 approved changesets -- score normalized to 8
Maintained🟢 1030 commit(s) and 23 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Security-Policy🟢 10security policy file detected
Packaging⚠️ -1packaging workflow not detected
License🟢 10license file detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Signed-Releases⚠️ -1no releases found
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Fuzzing⚠️ 0project is not fuzzed
Vulnerabilities⚠️ 037 existing vulnerabilities detected
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
npm/@typescript-eslint/project-service 8.49.0 🟢 5.3
Details
CheckScoreReason
Code-Review🟢 8Found 20/25 approved changesets -- score normalized to 8
Maintained🟢 1030 commit(s) and 23 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Security-Policy🟢 10security policy file detected
Packaging⚠️ -1packaging workflow not detected
License🟢 10license file detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Signed-Releases⚠️ -1no releases found
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Fuzzing⚠️ 0project is not fuzzed
Vulnerabilities⚠️ 037 existing vulnerabilities detected
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
npm/@typescript-eslint/scope-manager 8.49.0 🟢 5.3
Details
CheckScoreReason
Code-Review🟢 8Found 20/25 approved changesets -- score normalized to 8
Maintained🟢 1030 commit(s) and 23 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Security-Policy🟢 10security policy file detected
Packaging⚠️ -1packaging workflow not detected
License🟢 10license file detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Signed-Releases⚠️ -1no releases found
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Fuzzing⚠️ 0project is not fuzzed
Vulnerabilities⚠️ 037 existing vulnerabilities detected
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
npm/@typescript-eslint/tsconfig-utils 8.49.0 🟢 5.3
Details
CheckScoreReason
Code-Review🟢 8Found 20/25 approved changesets -- score normalized to 8
Maintained🟢 1030 commit(s) and 23 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Security-Policy🟢 10security policy file detected
Packaging⚠️ -1packaging workflow not detected
License🟢 10license file detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Signed-Releases⚠️ -1no releases found
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Fuzzing⚠️ 0project is not fuzzed
Vulnerabilities⚠️ 037 existing vulnerabilities detected
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
npm/@typescript-eslint/type-utils 8.49.0 🟢 5.3
Details
CheckScoreReason
Code-Review🟢 8Found 20/25 approved changesets -- score normalized to 8
Maintained🟢 1030 commit(s) and 23 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Security-Policy🟢 10security policy file detected
Packaging⚠️ -1packaging workflow not detected
License🟢 10license file detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Signed-Releases⚠️ -1no releases found
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Fuzzing⚠️ 0project is not fuzzed
Vulnerabilities⚠️ 037 existing vulnerabilities detected
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
npm/@typescript-eslint/types 8.49.0 🟢 5.3
Details
CheckScoreReason
Code-Review🟢 8Found 20/25 approved changesets -- score normalized to 8
Maintained🟢 1030 commit(s) and 23 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Security-Policy🟢 10security policy file detected
Packaging⚠️ -1packaging workflow not detected
License🟢 10license file detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Signed-Releases⚠️ -1no releases found
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Fuzzing⚠️ 0project is not fuzzed
Vulnerabilities⚠️ 037 existing vulnerabilities detected
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
npm/@typescript-eslint/typescript-estree 8.49.0 🟢 5.3
Details
CheckScoreReason
Code-Review🟢 8Found 20/25 approved changesets -- score normalized to 8
Maintained🟢 1030 commit(s) and 23 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Security-Policy🟢 10security policy file detected
Packaging⚠️ -1packaging workflow not detected
License🟢 10license file detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Signed-Releases⚠️ -1no releases found
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Fuzzing⚠️ 0project is not fuzzed
Vulnerabilities⚠️ 037 existing vulnerabilities detected
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
npm/@typescript-eslint/utils 8.49.0 🟢 5.3
Details
CheckScoreReason
Code-Review🟢 8Found 20/25 approved changesets -- score normalized to 8
Maintained🟢 1030 commit(s) and 23 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Security-Policy🟢 10security policy file detected
Packaging⚠️ -1packaging workflow not detected
License🟢 10license file detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Signed-Releases⚠️ -1no releases found
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Fuzzing⚠️ 0project is not fuzzed
Vulnerabilities⚠️ 037 existing vulnerabilities detected
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
npm/@typescript-eslint/visitor-keys 8.49.0 🟢 5.3
Details
CheckScoreReason
Code-Review🟢 8Found 20/25 approved changesets -- score normalized to 8
Maintained🟢 1030 commit(s) and 23 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Security-Policy🟢 10security policy file detected
Packaging⚠️ -1packaging workflow not detected
License🟢 10license file detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Signed-Releases⚠️ -1no releases found
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Fuzzing⚠️ 0project is not fuzzed
Vulnerabilities⚠️ 037 existing vulnerabilities detected
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
npm/pnpm 10.25.0 🟢 6.6
Details
CheckScoreReason
Packaging⚠️ -1packaging workflow not detected
Maintained🟢 1030 commit(s) and 6 issue activity found in the last 90 days -- score normalized to 10
Security-Policy🟢 10security policy file detected
Code-Review🟢 5Found 15/29 approved changesets -- score normalized to 5
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
License🟢 10license file detected
Token-Permissions🟢 9detected GitHub workflow tokens with excessive permissions
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Signed-Releases⚠️ 0Project has not signed or included provenance with any releases.
Binary-Artifacts🟢 10no binaries found in the repo
SAST🟢 9SAST tool detected but not run on all commits
Pinned-Dependencies🟢 10all dependencies are pinned
Fuzzing⚠️ 0project is not fuzzed
Vulnerabilities⚠️ 0124 existing vulnerabilities detected
npm/typescript-eslint 8.49.0 🟢 5.3
Details
CheckScoreReason
Code-Review🟢 8Found 20/25 approved changesets -- score normalized to 8
Maintained🟢 1030 commit(s) and 23 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Security-Policy🟢 10security policy file detected
Packaging⚠️ -1packaging workflow not detected
License🟢 10license file detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Signed-Releases⚠️ -1no releases found
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Fuzzing⚠️ 0project is not fuzzed
Vulnerabilities⚠️ 037 existing vulnerabilities detected
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
npm/typescript-eslint ^8.49.0 🟢 5.3
Details
CheckScoreReason
Code-Review🟢 8Found 20/25 approved changesets -- score normalized to 8
Maintained🟢 1030 commit(s) and 23 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Security-Policy🟢 10security policy file detected
Packaging⚠️ -1packaging workflow not detected
License🟢 10license file detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Signed-Releases⚠️ -1no releases found
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Fuzzing⚠️ 0project is not fuzzed
Vulnerabilities⚠️ 037 existing vulnerabilities detected
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0

Scanned Files

  • example/package.json
  • package/package.json
  • pnpm-lock.yaml

@github-actions github-actions Bot enabled auto-merge (squash) December 8, 2025 18:57
@github-actions github-actions Bot merged commit d70968a into main Dec 8, 2025
4 checks passed
@github-actions github-actions Bot deleted the dependabot/npm_and_yarn/npm-c59e533c26 branch December 8, 2025 18:58
@github-actions github-actions Bot mentioned this pull request Jan 8, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant