Skip to content

Bump the code-management group across 1 directory with 4 updates#27

Open
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/code-management-2f09e03564
Open

Bump the code-management group across 1 directory with 4 updates#27
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/code-management-2f09e03564

Conversation

@dependabot
Copy link
Copy Markdown

@dependabot dependabot Bot commented on behalf of github Mar 25, 2025
edited
Loading

Bumps the code-management group with 4 updates in the / directory: @demosjarco/prettier-config, eslint, eslint-plugin-prettier and prettier.

Updates @demosjarco/prettier-config from 1.0.1 to 1.0.2

Release notes

Sourced from @​demosjarco/prettier-config's releases.

v1.0.2

What's Changed

Full Changelog: demosjarco/prettier-config@v1.0.1...v1.0.2

Commits
  • e61aa93 1.0.2
  • afbfa4d Bump ossf/scorecard-action from 2.3.1 to 2.4.0
  • 5e2d7c0 Bump actions/setup-node from 4.0.2 to 4.2.0
  • 229185d Fix dependency-review perms
  • 5a98d88 Bump actions/checkout from 4.1.2 to 4.2.2
  • 44c589a Bump the sast group with 3 updates
  • 08f5504 Add dependabot grouping
  • de81ecb Fix json handling
  • db9ff12 Bump actions/setup-node from 3.8.1 to 4.0.2
  • c13b54f Bump actions/dependency-review-action from 3.1.0 to 4.2.3
  • Additional commits viewable in compare view

Updates eslint from 8.57.1 to 9.23.0

Release notes

Sourced from eslint's releases.

v9.23.0

Features

  • 557a0d2 feat: support TypeScript syntax in no-useless-constructor (#19535) (Josh Goldberg ✨)
  • 8320241 feat: support TypeScript syntax in default-param-last (#19431) (Josh Goldberg ✨)
  • 833c4a3 feat: defineConfig() supports "flat/" config prefix (#19533) (Nicholas C. Zakas)
  • 4a0df16 feat: circular autofix/conflicting rules detection (#19514) (Milos Djermanovic)
  • be56a68 feat: support TypeScript syntax in class-methods-use-this (#19498) (Josh Goldberg ✨)

Bug Fixes

  • 0e20aa7 fix: move deprecated RuleContext methods to subtype (#19531) (Francesco Trotta)
  • cc3bd00 fix: reporting variable used in catch block in no-useless-assignment (#19423) (Tanuj Kanti)
  • d46ff83 fix: no-dupe-keys false positive with proto setter (#19508) (Milos Djermanovic)
  • e732773 fix: navigation of search results on pressing Enter (#19502) (Tanuj Kanti)
  • f4e9c5f fix: allow RuleTester to test files inside node_modules/ (#19499) (fisker Cheung)

Documentation

  • 5405939 docs: show red underlines in TypeScript examples in rules docs (#19547) (Milos Djermanovic)
  • 48b53d6 docs: replace var with const in examples (#19539) (Nitin Kumar)
  • c39d7db docs: Update README (GitHub Actions Bot)
  • a4f8760 docs: revert accidental changes (#19542) (Francesco Trotta)
  • 280128f docs: add copy button (#19512) (xbinaryx)
  • cd83eaa docs: replace var with const in examples (#19530) (Nitin Kumar)
  • 7ff0cde docs: Update README (GitHub Actions Bot)
  • 996cfb9 docs: migrate sass to module system (#19518) (xbinaryx)
  • 17cb958 docs: replace var with let and const in rule examples (#19515) (Tanuj Kanti)
  • 83e24f5 docs: Replace var with let or const (#19511) (Jenna Toff)
  • a59d0c0 docs: Update docs for defineConfig (#19505) (Nicholas C. Zakas)
  • fe92927 docs: require-unicode-regexp add note for i flag and \w (#19510) (Chaemin-Lim)

Build Related

  • 2357edd build: exclude autogenerated files from Prettier formatting (#19548) (Francesco Trotta)

Chores

  • 0ac8ea4 chore: update dependencies for v9.23.0 release (#19554) (Francesco Trotta)
  • 20591c4 chore: package.json update for @​eslint/js release (Jenkins)
  • 901344f chore: update dependency @​eslint/json to ^0.11.0 (#19552) (renovate[bot])
  • 5228383 chore: fix update-readme formatting (#19544) (Milos Djermanovic)
  • 5439525 chore: format JSON files in Trunk (#19541) (Francesco Trotta)
  • 75adc99 chore: enabled Prettier in Trunk (#19354) (Josh Goldberg ✨)
  • 2395168 chore: added .git-blame-ignore-revs for Prettier via trunk fmt (#19538) (Josh Goldberg ✨)
  • 129882d chore: formatted files with Prettier via trunk fmt (#19355) (Josh Goldberg ✨)
  • 1738dbc chore: temporarily disable prettier in trunk (#19537) (Josh Goldberg ✨)
  • dc854fd chore: update dependency shelljs to ^0.9.0 (#19524) (renovate[bot])
  • 5d57496 chore: fix some comments (#19525) (jimmycathy)
  • 9c5c6ee test: fix an assertion failure (#19500) (fisker Cheung)
  • 7a699a6 chore: remove formatting-related lint rules internally (#19473) (Josh Goldberg ✨)
  • c99db89 test: replace WebdriverIO with Cypress (#19465) (Pixel998)

v9.22.0

Features

... (truncated)

Changelog

Sourced from eslint's changelog.

v9.23.0 - March 21, 2025

  • 0ac8ea4 chore: update dependencies for v9.23.0 release (#19554) (Francesco Trotta)
  • 20591c4 chore: package.json update for @​eslint/js release (Jenkins)
  • 901344f chore: update dependency @​eslint/json to ^0.11.0 (#19552) (renovate[bot])
  • 557a0d2 feat: support TypeScript syntax in no-useless-constructor (#19535) (Josh Goldberg ✨)
  • 2357edd build: exclude autogenerated files from Prettier formatting (#19548) (Francesco Trotta)
  • 5405939 docs: show red underlines in TypeScript examples in rules docs (#19547) (Milos Djermanovic)
  • 48b53d6 docs: replace var with const in examples (#19539) (Nitin Kumar)
  • 0e20aa7 fix: move deprecated RuleContext methods to subtype (#19531) (Francesco Trotta)
  • 5228383 chore: fix update-readme formatting (#19544) (Milos Djermanovic)
  • c39d7db docs: Update README (GitHub Actions Bot)
  • a4f8760 docs: revert accidental changes (#19542) (Francesco Trotta)
  • 5439525 chore: format JSON files in Trunk (#19541) (Francesco Trotta)
  • 75adc99 chore: enabled Prettier in Trunk (#19354) (Josh Goldberg ✨)
  • 2395168 chore: added .git-blame-ignore-revs for Prettier via trunk fmt (#19538) (Josh Goldberg ✨)
  • 129882d chore: formatted files with Prettier via trunk fmt (#19355) (Josh Goldberg ✨)
  • 1738dbc chore: temporarily disable prettier in trunk (#19537) (Josh Goldberg ✨)
  • 8320241 feat: support TypeScript syntax in default-param-last (#19431) (Josh Goldberg ✨)
  • 280128f docs: add copy button (#19512) (xbinaryx)
  • 833c4a3 feat: defineConfig() supports "flat/" config prefix (#19533) (Nicholas C. Zakas)
  • cc3bd00 fix: reporting variable used in catch block in no-useless-assignment (#19423) (Tanuj Kanti)
  • cd83eaa docs: replace var with const in examples (#19530) (Nitin Kumar)
  • 7ff0cde docs: Update README (GitHub Actions Bot)
  • 996cfb9 docs: migrate sass to module system (#19518) (xbinaryx)
  • dc854fd chore: update dependency shelljs to ^0.9.0 (#19524) (renovate[bot])
  • 4a0df16 feat: circular autofix/conflicting rules detection (#19514) (Milos Djermanovic)
  • 5d57496 chore: fix some comments (#19525) (jimmycathy)
  • 17cb958 docs: replace var with let and const in rule examples (#19515) (Tanuj Kanti)
  • 83e24f5 docs: Replace var with let or const (#19511) (Jenna Toff)
  • a59d0c0 docs: Update docs for defineConfig (#19505) (Nicholas C. Zakas)
  • d46ff83 fix: no-dupe-keys false positive with proto setter (#19508) (Milos Djermanovic)
  • e732773 fix: navigation of search results on pressing Enter (#19502) (Tanuj Kanti)
  • fe92927 docs: require-unicode-regexp add note for i flag and \w (#19510) (Chaemin-Lim)
  • f4e9c5f fix: allow RuleTester to test files inside node_modules/ (#19499) (fisker Cheung)
  • 9c5c6ee test: fix an assertion failure (#19500) (fisker Cheung)
  • be56a68 feat: support TypeScript syntax in class-methods-use-this (#19498) (Josh Goldberg ✨)
  • 7a699a6 chore: remove formatting-related lint rules internally (#19473) (Josh Goldberg ✨)
  • c99db89 test: replace WebdriverIO with Cypress (#19465) (Pixel998)

v9.22.0 - March 7, 2025

  • 97f788b chore: upgrade @​eslint/js@​9.22.0 (#19489) (Milos Djermanovic)
  • eed409a chore: package.json update for @​eslint/js release (Jenkins)
  • f9a56d3 chore: upgrade eslint-scope@8.3.0 (#19488) (Milos Djermanovic)
  • 7ddb095 feat: Export defineConfig, globalIgnores (#19487) (Nicholas C. Zakas)
  • 86c5f37 docs: Update README (GitHub Actions Bot)
  • 19c0127 fix: improve message for no-console suggestions (#19483) (Francesco Trotta)
  • fbdeff0 docs: Update README (GitHub Actions Bot)
  • c9e8510 docs: generate deprecation notice in TSDoc comments from rule metadata (#19461) (Francesco Trotta)

... (truncated)

Commits
  • 2aaadce 9.23.0
  • 4a1ca8e Build: changelog update for 9.23.0
  • 0ac8ea4 chore: update dependencies for v9.23.0 release (#19554)
  • 20591c4 chore: package.json update for @​eslint/js release
  • 901344f chore: update dependency @​eslint/json to ^0.11.0 (#19552)
  • 557a0d2 feat: support TypeScript syntax in no-useless-constructor (#19535)
  • 2357edd build: exclude autogenerated files from Prettier formatting (#19548)
  • 5405939 docs: show red underlines in TypeScript examples in rules docs (#19547)
  • 48b53d6 docs: replace var with const in examples (#19539)
  • 0e20aa7 fix: move deprecated RuleContext methods to subtype (#19531)
  • Additional commits viewable in compare view

Updates eslint-plugin-prettier from 5.2.3 to 5.2.4

Release notes

Sourced from eslint-plugin-prettier's releases.

v5.2.4

Patch Changes

Changelog

Sourced from eslint-plugin-prettier's changelog.

5.2.4

Patch Changes

Commits

Updates prettier from 3.5.1 to 3.5.3

Release notes

Sourced from prettier's releases.

3.5.3

🔗 Changelog

3.5.2

🔗 Changelog

Changelog

Sourced from prettier's changelog.

3.5.3

diff

Flow: Fix missing parentheses in ConditionalTypeAnnotation (#17196 by @​fisker)

// Input
type T<U> = 'a' | ('b' extends U ? 'c' : empty);
type T<U> = 'a' & ('b' extends U ? 'c' : empty);
// Prettier 3.5.2
type T<U> = "a" | "b" extends U ? "c" : empty;
type T<U> = "a" & "b" extends U ? "c" : empty;
// Prettier 3.5.3
type T<U> = "a" | ("b" extends U ? "c" : empty);
type T<U> = "a" & ("b" extends U ? "c" : empty);

3.5.2

diff

Remove module-sync condition (#17156 by @​fisker)

In Prettier 3.5.0, we added module-sync condition to package.json, so that require("prettier") can use ESM version, but turns out it doesn't work if CommonJS and ESM plugins both imports builtin plugins. To solve this problem, we decide simply remove the module-sync condition, so require("prettier") will still use the CommonJS version, we'll revisit until require(ESM) feature is more stable.

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
Bump the code-management group across 1 directory with 4 updates
731840b 
Bumps the code-management group with 4 updates in the / directory: [@demosjarco/prettier-config](https://github.com/demosjarco/prettier-config), [eslint](https://github.com/eslint/eslint), [eslint-plugin-prettier](https://github.com/prettier/eslint-plugin-prettier) and [prettier](https://github.com/prettier/prettier).


Updates `@demosjarco/prettier-config` from 1.0.1 to 1.0.2
- [Release notes](https://github.com/demosjarco/prettier-config/releases)
- [Commits](demosjarco/prettier-config@v1.0.1...v1.0.2)

Updates `eslint` from 8.57.1 to 9.23.0
- [Release notes](https://github.com/eslint/eslint/releases)
- [Changelog](https://github.com/eslint/eslint/blob/main/CHANGELOG.md)
- [Commits](eslint/eslint@v8.57.1...v9.23.0)

Updates `eslint-plugin-prettier` from 5.2.3 to 5.2.4
- [Release notes](https://github.com/prettier/eslint-plugin-prettier/releases)
- [Changelog](https://github.com/prettier/eslint-plugin-prettier/blob/main/CHANGELOG.md)
- [Commits](prettier/eslint-plugin-prettier@v5.2.3...v5.2.4)

Updates `prettier` from 3.5.1 to 3.5.3
- [Release notes](https://github.com/prettier/prettier/releases)
- [Changelog](https://github.com/prettier/prettier/blob/main/CHANGELOG.md)
- [Commits](prettier/prettier@3.5.1...3.5.3)

---
updated-dependencies:
- dependency-name: "@demosjarco/prettier-config"
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: code-management
- dependency-name: eslint
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: code-management
- dependency-name: eslint-plugin-prettier
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: code-management
- dependency-name: prettier
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: code-management
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Mar 25, 2025
@github-actions
Copy link
Copy Markdown

github-actions Bot commented Mar 25, 2025

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

Scorecard details
PackageVersionScoreDetails
npm/@demosjarco/prettier-config 1.0.2 🟢 6.3
Details
CheckScoreReason
Binary-Artifacts🟢 10no binaries found in the repo
Branch-Protection⚠️ 0branch protection not enabled on development/release branches
CI-Tests🟢 69 out of 13 merged PRs checked by a CI test -- score normalized to 6
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Code-Review⚠️ 0Found 0/16 approved changesets -- score normalized to 0
Contributors🟢 6project has 2 contributing companies or organizations -- score normalized to 6
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Dependency-Update-Tool🟢 10update tool detected
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Maintained🟢 68 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 6
Packaging🟢 10packaging workflow detected
Pinned-Dependencies🟢 10all dependencies are pinned
SAST⚠️ 2SAST tool is not run on all commits -- score normalized to 2
Security-Policy⚠️ 0security policy file not detected
Signed-Releases⚠️ -1no releases found
Token-Permissions🟢 10GitHub workflow tokens follow principle of least privilege
Vulnerabilities🟢 100 existing vulnerabilities detected
npm/@eslint/config-array 0.19.2 UnknownUnknown
npm/@eslint/config-helpers 0.2.0 UnknownUnknown
npm/@eslint/core 0.12.0 UnknownUnknown
npm/@eslint/eslintrc 3.3.1 🟢 6.3
Details
CheckScoreReason
Code-Review🟢 9Found 20/21 approved changesets -- score normalized to 9
Maintained🟢 65 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 6
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Binary-Artifacts🟢 10no binaries found in the repo
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
License🟢 10license file detected
Vulnerabilities🟢 100 existing vulnerabilities detected
Fuzzing⚠️ 0project is not fuzzed
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Signed-Releases⚠️ -1no releases found
Security-Policy🟢 10security policy file detected
Packaging🟢 10packaging workflow detected
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
npm/@eslint/js 9.23.0 🟢 7
Details
CheckScoreReason
Packaging⚠️ -1packaging workflow not detected
Maintained🟢 1030 commit(s) and 24 issue activity found in the last 90 days -- score normalized to 10
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Code-Review🟢 8Found 25/29 approved changesets -- score normalized to 8
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
License🟢 10license file detected
Vulnerabilities🟢 100 existing vulnerabilities detected
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Security-Policy🟢 10security policy file detected
Binary-Artifacts🟢 10no binaries found in the repo
Signed-Releases⚠️ -1no releases found
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Fuzzing⚠️ 0project is not fuzzed
SAST🟢 10SAST tool is run on all commits
npm/@eslint/object-schema 2.1.6 UnknownUnknown
npm/@eslint/plugin-kit 0.2.7 UnknownUnknown
npm/@humanfs/core 0.19.1 UnknownUnknown
npm/@humanfs/node 0.16.6 UnknownUnknown
npm/@humanwhocodes/retry 0.3.1 UnknownUnknown
npm/@humanwhocodes/retry 0.4.2 UnknownUnknown
npm/@pkgr/core 0.2.0 UnknownUnknown
npm/@types/json-schema 7.0.15 🟢 7
Details
CheckScoreReason
Maintained🟢 1030 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
Code-Review🟢 9Found 26/28 approved changesets -- score normalized to 9
Packaging⚠️ -1packaging workflow not detected
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 9license file detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Security-Policy🟢 10security policy file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Vulnerabilities🟢 100 existing vulnerabilities detected
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies🟢 8dependency not pinned by hash detected -- score normalized to 8
Fuzzing⚠️ 0project is not fuzzed
npm/eslint 9.23.0 🟢 7
Details
CheckScoreReason
Packaging⚠️ -1packaging workflow not detected
Maintained🟢 1030 commit(s) and 24 issue activity found in the last 90 days -- score normalized to 10
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Code-Review🟢 8Found 25/29 approved changesets -- score normalized to 8
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
License🟢 10license file detected
Vulnerabilities🟢 100 existing vulnerabilities detected
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Security-Policy🟢 10security policy file detected
Binary-Artifacts🟢 10no binaries found in the repo
Signed-Releases⚠️ -1no releases found
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Fuzzing⚠️ 0project is not fuzzed
SAST🟢 10SAST tool is run on all commits
npm/eslint-plugin-prettier 5.2.4 🟢 5.3
Details
CheckScoreReason
Code-Review🟢 4Found 8/19 approved changesets -- score normalized to 4
Maintained🟢 1012 commit(s) and 6 issue activity found in the last 90 days -- score normalized to 10
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Binary-Artifacts🟢 10no binaries found in the repo
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Packaging⚠️ -1packaging workflow not detected
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Security-Policy🟢 10security policy file detected
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities🟢 46 existing vulnerabilities detected
npm/eslint-scope 8.3.0 UnknownUnknown
npm/eslint-visitor-keys 4.2.0 UnknownUnknown
npm/espree 10.3.0 UnknownUnknown
npm/file-entry-cache 8.0.0 🟢 4.2
Details
CheckScoreReason
Binary-Artifacts🟢 10no binaries found in the repo
Packaging⚠️ -1packaging workflow not detected
Code-Review⚠️ 0Found 0/14 approved changesets -- score normalized to 0
Maintained🟢 810 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 8
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Fuzzing⚠️ 0project is not fuzzed
Vulnerabilities🟢 100 existing vulnerabilities detected
Security-Policy⚠️ 0security policy file not detected
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ 0branch protection not enabled on development/release branches
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
npm/flat-cache 4.0.1 🟢 4.1
Details
CheckScoreReason
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Code-Review⚠️ 1Found 2/14 approved changesets -- score normalized to 1
Binary-Artifacts🟢 10no binaries found in the repo
Maintained⚠️ 10 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 1
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Packaging⚠️ -1packaging workflow not detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Security-Policy⚠️ 0security policy file not detected
Vulnerabilities🟢 100 existing vulnerabilities detected
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ 0branch protection not enabled on development/release branches
SAST🟢 8SAST tool is not run on all commits -- score normalized to 8
npm/flatted 3.3.3 🟢 3.6
Details
CheckScoreReason
Packaging⚠️ -1packaging workflow not detected
Maintained⚠️ 12 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 1
Binary-Artifacts🟢 10no binaries found in the repo
Code-Review⚠️ 0Found 0/26 approved changesets -- score normalized to 0
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Security-Policy⚠️ 0security policy file not detected
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Branch-Protection⚠️ 0branch protection not enabled on development/release branches
Pinned-Dependencies🟢 3dependency not pinned by hash detected -- score normalized to 3
Signed-Releases⚠️ -1no releases found
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities🟢 91 existing vulnerabilities detected
npm/globals 14.0.0 🟢 5.4
Details
CheckScoreReason
Code-Review🟢 5Found 12/24 approved changesets -- score normalized to 5
Security-Policy🟢 10security policy file detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Maintained🟢 98 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 9
Packaging⚠️ -1packaging workflow not detected
Binary-Artifacts🟢 10no binaries found in the repo
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Fuzzing⚠️ 0project is not fuzzed
Vulnerabilities🟢 100 existing vulnerabilities detected
Branch-Protection⚠️ 0branch protection not enabled on development/release branches
Signed-Releases⚠️ -1no releases found
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
npm/prettier 3.5.3 🟢 7.3
Details
CheckScoreReason
Code-Review🟢 4Found 9/20 approved changesets -- score normalized to 4
Packaging⚠️ -1packaging workflow not detected
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Maintained🟢 1030 commit(s) and 7 issue activity found in the last 90 days -- score normalized to 10
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Security-Policy🟢 10security policy file detected
License🟢 10license file detected
Token-Permissions🟢 8detected GitHub workflow tokens with excessive permissions
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Signed-Releases⚠️ -1no releases found
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Fuzzing⚠️ 0project is not fuzzed
SAST🟢 10SAST tool is run on all commits
Vulnerabilities🟢 91 existing vulnerabilities detected
npm/synckit 0.10.3 UnknownUnknown
npm/@demosjarco/prettier-config ^1.0.2 🟢 6.3
Details
CheckScoreReason
Binary-Artifacts🟢 10no binaries found in the repo
Branch-Protection⚠️ 0branch protection not enabled on development/release branches
CI-Tests🟢 69 out of 13 merged PRs checked by a CI test -- score normalized to 6
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Code-Review⚠️ 0Found 0/16 approved changesets -- score normalized to 0
Contributors🟢 6project has 2 contributing companies or organizations -- score normalized to 6
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Dependency-Update-Tool🟢 10update tool detected
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Maintained🟢 68 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 6
Packaging🟢 10packaging workflow detected
Pinned-Dependencies🟢 10all dependencies are pinned
SAST⚠️ 2SAST tool is not run on all commits -- score normalized to 2
Security-Policy⚠️ 0security policy file not detected
Signed-Releases⚠️ -1no releases found
Token-Permissions🟢 10GitHub workflow tokens follow principle of least privilege
Vulnerabilities🟢 100 existing vulnerabilities detected
npm/eslint ^9.23.0 🟢 7
Details
CheckScoreReason
Packaging⚠️ -1packaging workflow not detected
Maintained🟢 1030 commit(s) and 24 issue activity found in the last 90 days -- score normalized to 10
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Code-Review🟢 8Found 25/29 approved changesets -- score normalized to 8
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
License🟢 10license file detected
Vulnerabilities🟢 100 existing vulnerabilities detected
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Security-Policy🟢 10security policy file detected
Binary-Artifacts🟢 10no binaries found in the repo
Signed-Releases⚠️ -1no releases found
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Fuzzing⚠️ 0project is not fuzzed
SAST🟢 10SAST tool is run on all commits
npm/eslint-plugin-prettier ^5.2.4 🟢 5.3
Details
CheckScoreReason
Code-Review🟢 4Found 8/19 approved changesets -- score normalized to 4
Maintained🟢 1012 commit(s) and 6 issue activity found in the last 90 days -- score normalized to 10
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Binary-Artifacts🟢 10no binaries found in the repo
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Packaging⚠️ -1packaging workflow not detected
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Security-Policy🟢 10security policy file detected
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities🟢 46 existing vulnerabilities detected
npm/prettier ^3.5.3 🟢 7.3
Details
CheckScoreReason
Code-Review🟢 4Found 9/20 approved changesets -- score normalized to 4
Packaging⚠️ -1packaging workflow not detected
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Maintained🟢 1030 commit(s) and 7 issue activity found in the last 90 days -- score normalized to 10
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Security-Policy🟢 10security policy file detected
License🟢 10license file detected
Token-Permissions🟢 8detected GitHub workflow tokens with excessive permissions
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Signed-Releases⚠️ -1no releases found
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Fuzzing⚠️ 0project is not fuzzed
SAST🟢 10SAST tool is run on all commits
Vulnerabilities🟢 91 existing vulnerabilities detected

Scanned Manifest Files

package-lock.json
  • @demosjarco/prettier-config@1.0.2
  • @eslint/config-array@0.19.2
  • @eslint/config-helpers@0.2.0
  • @eslint/core@0.12.0
  • @eslint/eslintrc@3.3.1
  • @eslint/js@9.23.0
  • @eslint/object-schema@2.1.6
  • @eslint/plugin-kit@0.2.7
  • @humanfs/core@0.19.1
  • @humanfs/node@0.16.6
  • @humanwhocodes/retry@0.3.1
  • @humanwhocodes/retry@0.4.2
  • @pkgr/core@0.2.0
  • @types/json-schema@7.0.15
  • eslint@9.23.0
  • eslint-plugin-prettier@5.2.4
  • eslint-scope@8.3.0
  • eslint-visitor-keys@4.2.0
  • espree@10.3.0
  • file-entry-cache@8.0.0
  • flat-cache@4.0.1
  • flatted@3.3.3
  • globals@14.0.0
  • prettier@3.5.3
  • synckit@0.10.3
  • @demosjarco/prettier-config@1.0.1
  • @eslint/eslintrc@2.1.4
  • @eslint/js@8.57.1
  • @humanwhocodes/config-array@0.13.0
  • @humanwhocodes/object-schema@2.0.3
  • @pkgr/core@0.1.1
  • @ungap/structured-clone@1.3.0
  • ansi-regex@5.0.1
  • doctrine@3.0.0
  • eslint@8.57.1
  • eslint-plugin-prettier@5.2.3
  • eslint-scope@7.2.2
  • espree@9.6.1
  • file-entry-cache@6.0.1
  • flat-cache@3.2.0
  • flatted@3.3.2
  • fs.realpath@1.0.0
  • glob@7.2.3
  • globals@13.24.0
  • inflight@1.0.6
  • inherits@2.0.4
  • is-path-inside@3.0.3
  • once@1.4.0
  • path-is-absolute@1.0.1
  • prettier@3.5.1
  • rimraf@3.0.2
  • strip-ansi@6.0.1
  • synckit@0.9.2
  • text-table@0.2.0
  • type-fest@0.20.2
  • wrappy@1.0.2
package.json
  • @demosjarco/prettier-config@^1.0.2
  • eslint@^9.23.0
  • eslint-plugin-prettier@^5.2.4
  • prettier@^3.5.3
  • @demosjarco/prettier-config@^1.0.1
  • eslint@^8.57.0
  • eslint-plugin-prettier@^5.1.3
  • prettier@^3.5.1

@socket-security
Copy link
Copy Markdown

socket-security Bot commented Mar 25, 2025

New, updated, and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package New capabilities Transitives Size Publisher
npm/@demosjarco/prettier-config@1.0.11.0.2 None 0 8.26 kB demosjarco
npm/eslint-plugin-prettier@5.2.35.2.4 None +5 240 kB
npm/eslint@8.57.19.23.0 Transitive: eval, shell, unsafe +85 10.3 MB eslintbot
npm/prettier@3.5.13.5.3 None 0 0 B

View full report↗︎

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code semver-major

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants