Bump the minor-updates group across 1 directory with 7 updates

[dependabot]

Bumps the minor-updates group with 7 updates in the / directory:

Package	From	To
eslint-plugin-prettier	5.1.3	5.2.1
typescript	5.4.5	5.5.3
graphql	16.8.1	16.9.0
graphql-relay	0.10.1	0.10.2
pg	8.11.5	8.12.0
@tanstack/react-query	5.40.0	5.51.11
eslint-plugin-react	7.34.2	7.35.0

Updates eslint-plugin-prettier from 5.1.3 to 5.2.1

Release notes

Sourced from eslint-plugin-prettier's releases.

v5.2.1

Patch Changes

• #668 ac036cc Thanks @​OrlovAlexei! - build(deps): Bump synckit from 0.8.6 to 0.9.1

Changelog

Sourced from eslint-plugin-prettier's changelog.

5.2.1

Patch Changes

• #668 ac036cc Thanks @​OrlovAlexei! - build(deps): Bump synckit from 0.8.6 to 0.9.1

5.2.0

Minor Changes

• #652 f170011 Thanks @​Logicer16! - feat: support parsing html via @html-eslint/parser natively

Commits

• 51324d9 chore: fix CHANGELOG.md formatting issue
• 24288c7 chore: release eslint-plugin-prettier (#669)
• ac036cc build(deps): Bump synckit from 0.8.6 to 0.9.1 (#668)
• a1e6f4a build(deps): Bump braces from 3.0.2 to 3.0.3 (#665)
• de9751c build(deps): Bump pnpm/action-setup from 2 to 4 in the actions group (#661)
• 02c21a5 chore: release eslint-plugin-prettier (#653)
• f170011 feat: support parsing html via @html-eslint/parser natively (#652)
• See full diff in compare view

Updates typescript from 5.4.5 to 5.5.3

Release notes

Sourced from typescript's releases.

TypeScript 5.5.3

For release notes, check out the release announcement.

For the complete list of fixed issues, check out the

• fixed issues query for TypeScript v5.5.3 (Stable).
• fixed issues query for TypeScript v5.5.2 (Stable).
• fixed issues query for TypeScript v5.5.1 (RC).
• fixed issues query for TypeScript v5.5.0 (Beta).

Downloads are available on:

• npm
• NuGet package

TypeScript 5.5

For release notes, check out the release announcement.

For the complete list of fixed issues, check out the

• fixed issues query for TypeScript v5.5.2 (Stable).
• fixed issues query for TypeScript v5.5.1 (RC).
• fixed issues query for TypeScript v5.5.0 (Beta).

Downloads are available on:

• npm

TypeScript 5.5 RC

For release notes, check out the release announcement.

For the complete list of fixed issues, check out the

• fixed issues query for Typescript 5.5.0 (Beta).
• fixed issues query for Typescript 5.5.1 (RC).

Downloads are available on:

• NuGet package

TypeScript 5.5 Beta

For release notes, check out the release announcement.

For the complete list of fixed issues, check out the

• fixed issues query for Typescript 5.5.0 (Beta).

Downloads are available on:

• npm

... (truncated)

Commits

• f0e9921 Bump version to 5.5.3 and LKG
• 738bd60 Cherry-pick #58966 to release-5.5 (#59002)
• ce2e60e Update LKG
• f3b21a2 🤖 Pick PR #58931 (Defer creation of barebonesLibSourc...) into release-5.5 (#...
• 7b1620b 🤖 Pick PR #58811 (fix(58801): "Move to file" on globa...) into release-5.5 (#...
• 5367ae1 Bump version to 5.5.2 and LKG
• 02132e5 🤖 Pick PR #58895 (Fix global when typescript.js loade...) into release-5.5 (#...
• 45b1e3c 🤖 Pick PR #58872 (Fix declaration emit crash) into release-5.5 (#58874)
• 17933ee 🤖 Pick PR #58810 (Fixed declaration emit issue relate...) into release-5.5 (#...
• 552b07e 🤖 Pick PR #58786 (Fixed declaration emit crash relate...) into release-5.5 (#...
• Additional commits viewable in compare view

Updates graphql from 16.8.1 to 16.9.0

Release notes

Sourced from graphql's releases.

v16.9.0 (2024-06-21)

New Feature 🚀

• #4119 backport[v16]: Introduce "recommended" validation rules (@​benjie)
• #4122 backport[v16]: Enable passing values configuration to GraphQLEnumType as a thunk (@​benjie)
• #4124 backport[v16]: Implement OneOf Input Objects via @oneOf directive (@​benjie)

Committers: 1

• Benjie(@​benjie)

v16.8.2 (2024-06-12)

Bug Fix 🐞

• #4022 fix: remove globalThis check and align with what bundlers can accept (@​JoviDeCroock)

Internal 🏠

• #4104 Fix publish scripts (@​benjie)

Committers: 2

• Benjie(@​benjie)
• Jovi De Croock(@​JoviDeCroock)

Commits

• 556a01e 16.9.0
• 6a1614c backport[v16]: Enable passing values configuration to GraphQLEnumType as a th...
• 29144f7 backport[v16]: Implement OneOf Input Objects via @oneOf directive (#4124)
• c35130e Revert error extension symbol (#4123)
• 29c1bff feat: allow defining symbol error extensions (#3730)
• c985c27 backport[v16]: Introduce "recommended" validation rules (#4119)
• 08779a0 16.8.2
• c82609e Fix publish scripts (#4104)
• 0d12b06 fix: remove globalThis check and align with what bundlers can accept (#4022)
• See full diff in compare view

Maintainer changes

This version was pushed to npm by benjie, a new releaser for graphql since your current version.

Updates graphql-relay from 0.10.1 to 0.10.2

Release notes

Sourced from graphql-relay's releases.

v0.10.2 (2024-07-11)

Bug Fix 🐞

• #394 fix: fix output type for mutate and get payload (@​Eckzzo)

Docs 📝

• #395 Add publish instructions (@​benjie)

Committers: 2

• Benjie(@​benjie)
• Ivan Levenhagen(@​Eckzzo)

Commits

• 6600e95 0.10.2
• f8291b0 Add publish instructions (#395)
• 1a9f5b0 fix: fix output type for mutate and get payload (#394)
• See full diff in compare view

Updates pg from 8.11.5 to 8.12.0

Changelog

Sourced from pg's changelog.

[email protected]

• Add queryMode config option to force use of the extended query protocol on queries without any parameters.

[email protected]

• Emit release event when client is returned to the pool.

[email protected]

• Add support for stream factory.
• Better errors for SASL authentication.
• Use native crypto module for SASL authentication.

[email protected]

• Bump minimum required version of native bindings.
• Catch previously uncatchable errors thrown in pool.query.
• Prevent the pool from blocking the event loop if all clients are idle (and allowExitOnIdle is enabled).
• Support lock_timeout in client config.
• Fix errors thrown in callbacks from interfering with cleanup.

[email protected]

• Add connection lifetime limit config option.

[email protected]

• Add optional config to pool to allow process to exit if pool is idle.

[email protected]

• Convert to es6 class
• Add support for promises to cursor methods

[email protected]

• Better SASL error messages & more validation on bad configuration.
• Export DatabaseError.
• Add ParameterDescription support to protocol parsing.
• Fix typescript typedefs with --isolatedModules.

[email protected]

• Library has been converted to Typescript. The behavior is identical, but there could be subtle breaking changes due to class names changing or other small inconsistencies introduced by the conversion.

[email protected]

• Fix bug forwarding ssl key.
• Convert pg-query-stream internals to typescript.

... (truncated)

Commits

• 0f42880 Publish
• ff47a97 Add option to force use of Extended Queries (#3214)
• fe88e82 Add pg-native to monorepo (#3225)
• 0096856 reorder user-password-host-port-database appearences (#3207)
• See full diff in compare view

Updates @tanstack/react-query from 5.40.0 to 5.51.11

Release notes

Sourced from @​tanstack/react-query's releases.

v5.51.11

Version 5.51.11 - 7/20/24, 10:47 AM

Changes

Fix

• svelte-query: Correct data type when initialData is set (#7769) (b764009) by Lachlan Collins

Ci

• Enable autofix on push to release branch (b189e31) by Lachlan Collins

Docs

• typedoc: Use generateReferenceDocs function (#7765) (e4e65be) by Lachlan Collins
• typedoc: Update output filename (#7764) (144d3a8) by Lachlan Collins
• update the syntax highlighting for angular (#7762) (2786196) by @​mgechev
• Throw error or mutation doesn"t see any the 500 coming from API (#7754) (b970f67) by @​okazkayasi
• Update paginated-queries.md (#7759) (98d127a) by Andre Sander

Packages

• @​tanstack/react-query@​5.51.11
• @​tanstack/svelte-query@​5.51.11
• @​tanstack/react-query-devtools@​5.51.11
• @​tanstack/react-query-persist-client@​5.51.11
• @​tanstack/react-query-next-experimental@​5.51.11
• @​tanstack/svelte-query-devtools@​5.51.11
• @​tanstack/svelte-query-persist-client@​5.51.11

v5.51.10

Version 5.51.10 - 7/18/24, 12:03 PM

Changes

Fix

• eslint-plugin-query: get scope from sourceCode (#7760) (e61edd2) by Dominik Dorfmeister

Ci

• Remove git pre-commit hook (#7756) (ae8738a) by Lachlan Collins

Packages

• @​tanstack/eslint-plugin-query@​5.51.10

v5.51.9

Version 5.51.9 - 7/18/24, 7:35 AM (Manual Release)

... (truncated)

Commits

• c3dffbd release: v5.51.11
• b764009 fix(svelte-query): Correct data type when initialData is set (#7769)
• 70620ec release: v5.51.9
• c101251 release: v5.51.5
• a87c2fe fix(query-core): widen QueriesObserver queries type (#7446) (#7492)
• 5c50ca7 release: v5.51.4
• 95d814a chore(utils): Ensure consistent declaration style of utility functions and st...
• eb21d1e release: v5.51.3
• 28af03f chore(deps): Update dev and example dependencies (#7742)
• d10a456 chore(*): vitest v2 (#7735)
• Additional commits viewable in compare view

Updates eslint-plugin-react from 7.34.2 to 7.35.0

Release notes

Sourced from eslint-plugin-react's releases.

v7.35.0

Added

• support eslint v9 (#3759[] @​mdjermanovic)
• export flat configs from plugin root and fix flat config crash (#3694[] @​bradzacher @​mdjermanovic)
• add [jsx-props-no-spread-multi] (#3724[] @​SimonSchick)
• [forbid-component-props]: add propNamePattern to allow / disallow prop name patterns (#3774[] @​akulsr0)
• [jsx-handler-names]: support ignoring component names (#3772[] @​akulsr0)
• version settings: Allow react defaultVersion to be configurable (#3771[] @​onlywei)
• [jsx-closing-tag-location]: add line-aligned option (#3777 @​kimtaejin3)
• [no-danger]: add customComponentNames option (#3748[] @​akulsr0)

Fixed

• [no-invalid-html-attribute]: substitute placeholders in suggestion messages (#3759[] @​mdjermanovic)
• [sort-prop-types]: single line type ending without semicolon (#3784[] @​akulsr0)
• [require-default-props]: report when required props have default value (#3785[] @​akulsr0)

Changed

• [Refactor] variableUtil: Avoid creating a single flat variable scope for each lookup (#3782[] @​DanielRosenwasser)

#3759: jsx-eslint/eslint-plugin-react#3759 #3694: jsx-eslint/eslint-plugin-react#3694 #3771: jsx-eslint/eslint-plugin-react#3771

#1000: jsx-eslint/eslint-plugin-react#1000 #1002: jsx-eslint/eslint-plugin-react#1002 #1005: jsx-eslint/eslint-plugin-react#1005 #100: jsx-eslint/eslint-plugin-react#100 #1010: jsx-eslint/eslint-plugin-react#1010 #1013: jsx-eslint/eslint-plugin-react#1013 #1022: jsx-eslint/eslint-plugin-react#1022 #1029: jsx-eslint/eslint-plugin-react#1029 #102: jsx-eslint/eslint-plugin-react#102 #1034: jsx-eslint/eslint-plugin-react#1034 #1038: jsx-eslint/eslint-plugin-react#1038 #1041: jsx-eslint/eslint-plugin-react#1041 #1043: jsx-eslint/eslint-plugin-react#1043 #1046: jsx-eslint/eslint-plugin-react#1046 #1047: jsx-eslint/eslint-plugin-react#1047 #1050: jsx-eslint/eslint-plugin-react#1050 #1053: jsx-eslint/eslint-plugin-react#1053 #1057: jsx-eslint/eslint-plugin-react#1057 #105: jsx-eslint/eslint-plugin-react#105 #1061: jsx-eslint/eslint-plugin-react#1061 #1062: jsx-eslint/eslint-plugin-react#1062 #1070: jsx-eslint/eslint-plugin-react#1070 #1071: jsx-eslint/eslint-plugin-react#1071 #1073: jsx-eslint/eslint-plugin-react#1073 #1076: jsx-eslint/eslint-plugin-react#1076 #1079: jsx-eslint/eslint-plugin-react#1079 #1088: jsx-eslint/eslint-plugin-react#1088

... (truncated)

Changelog

Sourced from eslint-plugin-react's changelog.

7.35.0 - 2024.07.19

Added

• support eslint v9 (#3759[] @​mdjermanovic)
• export flat configs from plugin root and fix flat config crash (#3694[] @​bradzacher @​mdjermanovic)
• add [jsx-props-no-spread-multi] (#3724[] @​SimonSchick)
• [forbid-component-props]: add propNamePattern to allow / disallow prop name patterns (#3774[] @​akulsr0)
• [jsx-handler-names]: support ignoring component names (#3772[] @​akulsr0)
• version settings: Allow react defaultVersion to be configurable (#3771[] @​onlywei)
• [jsx-closing-tag-location]: add line-aligned option (#3777 @​kimtaejin3)
• [no-danger]: add customComponentNames option (#3748[] @​akulsr0)

Fixed

• [no-invalid-html-attribute]: substitute placeholders in suggestion messages (#3759[] @​mdjermanovic)
• [sort-prop-types]: single line type ending without semicolon (#3784[] @​akulsr0)
• [require-default-props]: report when required props have default value (#3785[] @​akulsr0)

Changed

• [Refactor] variableUtil: Avoid creating a single flat variable scope for each lookup (#3782[] @​DanielRosenwasser)

#3785: jsx-eslint/eslint-plugin-react#3785 #3784: jsx-eslint/eslint-plugin-react#3784 #3782: jsx-eslint/eslint-plugin-react#3782 #3777: jsx-eslint/eslint-plugin-react#3777 #3774: jsx-eslint/eslint-plugin-react#3774 #3772: jsx-eslint/eslint-plugin-react#3772 #3771: jsx-eslint/eslint-plugin-react#3771 #3759: jsx-eslint/eslint-plugin-react#3759 #3748: jsx-eslint/eslint-plugin-react#3748 #3724: jsx-eslint/eslint-plugin-react#3724 #3694: jsx-eslint/eslint-plugin-react#3694

7.34.4 - 2024.07.13

Fixed

• [prop-types]: fix className missing in prop validation false negative (#3749[] @​akulsr0)
• [sort-prop-types]: Check for undefined before accessing node.typeAnnotation.typeAnnotation (#3779[] @​tylerlaprade)

#3779: jsx-eslint/eslint-plugin-react#3779 #3749: jsx-eslint/eslint-plugin-react#3749

[7.34.3] - 2024.06.18

Fixed

• [prop-types]: null-check rootNode before calling getScope (#3762[] @​crnhrv)
• [boolean-prop-naming]: avoid a crash with a spread prop (#3733[] @​ljharb)
• [jsx-boolean-value]: assumeUndefinedIsFalse with never must not allow explicit true value (#3757[] @​6uliver)

... (truncated)

Commits

• c6fdccd Update CHANGELOG and bump version
• a4b0bbc [Fix] require-default-props: report when required props have default value
• a08cb93 [Fix] sort-prop-types: single line type ending without semicolon
• 4b3209b [meta] no point in supporting eslint 9.0 - 9.6 initially
• ca8b11e [Dev Deps] update @babel/core, @babel/eslint-parser
• 597553d [New] no-danger: add customComponentNames option
• c58f04b [New] jsx-closing-tag-location: add line-aligned option
• 00b89fe [New] version settings: Allow react defaultVersion to be configurable
• 4d2fd86 [Refactor] variableUtil: Avoid creating a single flat variable scope for ea...
• 6a83d67 [New] jsx-handler-names: support ignoring component names
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[github-actions]

Dependency Review

The following issues were found:

• ✅ 0 vulnerable package(s)
• ✅ 0 package(s) with incompatible licenses
• ✅ 0 package(s) with invalid SPDX license definitions
• ✅ 0 package(s) with unknown licenses.
• ⚠️ 2 packages with OpenSSF Scorecard issues.

See the Details below.

OpenSSF Scorecard

Scorecard details

Package	Version	Score	Details
npm/@tanstack/query-core	5.51.9	Unknown	Unknown
npm/@tanstack/react-query	5.51.11	Unknown	Unknown
npm/array.prototype.tosorted	1.1.4	Unknown	Unknown
npm/encoding	0.1.13	⚠️ 1.8	Details Check Score Reason Code-Review ⚠️ 1 Found 5/29 approved changesets -- score normalized to 1 Maintained ⚠️ 0 0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 9 license file detected Dangerous-Workflow ⚠️ -1 no workflows found Token-Permissions ⚠️ -1 No tokens found Binary-Artifacts 🟢 10 no binaries found in the repo Packaging ⚠️ -1 packaging workflow not detected Pinned-Dependencies ⚠️ -1 no dependencies found Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Signed-Releases ⚠️ -1 no releases found Fuzzing ⚠️ 0 project is not fuzzed Security-Policy ⚠️ 0 security policy file not detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Vulnerabilities ⚠️ 0 18 existing vulnerabilities detected
npm/eslint-plugin-prettier	5.2.1	🟢 4.6	Details Check Score Reason Code-Review 🟢 4 Found 8/19 approved changesets -- score normalized to 4 Maintained 🟢 5 5 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 5 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Packaging ⚠️ -1 packaging workflow not detected Binary-Artifacts 🟢 10 no binaries found in the repo Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Signed-Releases ⚠️ -1 no releases found Fuzzing ⚠️ 0 project is not fuzzed Security-Policy ⚠️ 0 security policy file not detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Vulnerabilities 🟢 9 1 existing vulnerabilities detected
npm/eslint-plugin-react	7.35.0	🟢 6	Details Check Score Reason Code-Review 🟢 5 Found 12/23 approved changesets -- score normalized to 5 Maintained 🟢 10 28 commit(s) and 22 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Security-Policy 🟢 10 security policy file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected Vulnerabilities 🟢 10 0 existing vulnerabilities detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Binary-Artifacts 🟢 10 no binaries found in the repo Signed-Releases ⚠️ -1 no releases found Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
npm/graphql	16.9.0	🟢 5.1	Details Check Score Reason Maintained 🟢 10 11 commit(s) and 19 issue activity found in the last 90 days -- score normalized to 10 Code-Review 🟢 3 Found 9/30 approved changesets -- score normalized to 3 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Branch-Protection ⚠️ -1 internal error: error during GetBranch(main): error during branchesHandler.query: internal error: githubv4.Query: Resource not accessible by integration Signed-Releases ⚠️ -1 no releases found Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected Binary-Artifacts 🟢 10 no binaries found in the repo Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Pinned-Dependencies 🟢 5 dependency not pinned by hash detected -- score normalized to 5 Security-Policy 🟢 10 security policy file detected Fuzzing ⚠️ 0 project is not fuzzed SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Vulnerabilities ⚠️ 0 30 existing vulnerabilities detected
npm/graphql-relay	0.10.2	🟢 5	Details Check Score Reason Code-Review ⚠️ 2 Found 8/27 approved changesets -- score normalized to 2 Maintained 🟢 5 5 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 5 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Packaging ⚠️ -1 packaging workflow not detected Binary-Artifacts 🟢 10 no binaries found in the repo Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Pinned-Dependencies 🟢 4 dependency not pinned by hash detected -- score normalized to 4 Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Fuzzing ⚠️ 0 project is not fuzzed Security-Policy 🟢 10 security policy file detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Vulnerabilities 🟢 10 0 existing vulnerabilities detected
npm/pg	8.12.0	🟢 5	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 14 issue activity found in the last 90 days -- score normalized to 10 Code-Review 🟢 7 Found 20/28 approved changesets -- score normalized to 7 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Binary-Artifacts 🟢 10 no binaries found in the repo Fuzzing ⚠️ 0 project is not fuzzed Security-Policy ⚠️ 0 security policy file not detected Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Vulnerabilities ⚠️ 0 42 existing vulnerabilities detected
npm/string.prototype.repeat	1.0.0	🟢 3	Details Check Score Reason Maintained ⚠️ 0 0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0 Code-Review ⚠️ 0 Found 1/17 approved changesets -- score normalized to 0 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Packaging ⚠️ -1 packaging workflow not detected Pinned-Dependencies ⚠️ -1 no dependencies found Token-Permissions ⚠️ -1 No tokens found Dangerous-Workflow ⚠️ -1 no workflows found Binary-Artifacts 🟢 10 no binaries found in the repo Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Vulnerabilities 🟢 10 0 existing vulnerabilities detected Fuzzing ⚠️ 0 project is not fuzzed Security-Policy ⚠️ 0 security policy file not detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
npm/synckit	0.9.1	Unknown	Unknown
npm/typescript	5.5.3	🟢 8.6	Details Check Score Reason Binary-Artifacts 🟢 10 no binaries found in the repo Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration CI-Tests 🟢 10 30 out of 30 merged PRs checked by a CI test -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Code-Review 🟢 9 Found 27/29 approved changesets -- score normalized to 9 Contributors 🟢 10 project has 35 contributing companies or organizations Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Dependency-Update-Tool 🟢 10 update tool detected Fuzzing 🟢 10 project is fuzzed License 🟢 10 license file detected Maintained 🟢 10 30 commit(s) and 7 issue activity found in the last 90 days -- score normalized to 10 Packaging ⚠️ -1 packaging workflow not detected Pinned-Dependencies 🟢 6 dependency not pinned by hash detected -- score normalized to 6 SAST 🟢 10 SAST tool is run on all commits Security-Policy 🟢 10 security policy file detected Signed-Releases ⚠️ 0 Project has not signed or included provenance with any releases. Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege Vulnerabilities 🟢 10 0 existing vulnerabilities detected
npm/@tanstack/query-core	5.40.0	Unknown	Unknown
npm/@tanstack/react-query	5.40.0	Unknown	Unknown
npm/array.prototype.toreversed	1.1.2	Unknown	Unknown
npm/array.prototype.tosorted	1.1.3	Unknown	Unknown
npm/encoding	0.1.13	⚠️ 1.8	Details Check Score Reason Code-Review ⚠️ 1 Found 5/29 approved changesets -- score normalized to 1 Maintained ⚠️ 0 0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 9 license file detected Dangerous-Workflow ⚠️ -1 no workflows found Token-Permissions ⚠️ -1 No tokens found Binary-Artifacts 🟢 10 no binaries found in the repo Packaging ⚠️ -1 packaging workflow not detected Pinned-Dependencies ⚠️ -1 no dependencies found Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Signed-Releases ⚠️ -1 no releases found Fuzzing ⚠️ 0 project is not fuzzed Security-Policy ⚠️ 0 security policy file not detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Vulnerabilities ⚠️ 0 18 existing vulnerabilities detected
npm/eslint-plugin-prettier	5.1.3	🟢 4.6	Details Check Score Reason Code-Review 🟢 4 Found 8/19 approved changesets -- score normalized to 4 Maintained 🟢 5 5 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 5 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Packaging ⚠️ -1 packaging workflow not detected Binary-Artifacts 🟢 10 no binaries found in the repo Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Signed-Releases ⚠️ -1 no releases found Fuzzing ⚠️ 0 project is not fuzzed Security-Policy ⚠️ 0 security policy file not detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Vulnerabilities 🟢 9 1 existing vulnerabilities detected
npm/eslint-plugin-react	7.34.2	🟢 6	Details Check Score Reason Code-Review 🟢 5 Found 12/23 approved changesets -- score normalized to 5 Maintained 🟢 10 28 commit(s) and 22 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Security-Policy 🟢 10 security policy file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected Vulnerabilities 🟢 10 0 existing vulnerabilities detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Binary-Artifacts 🟢 10 no binaries found in the repo Signed-Releases ⚠️ -1 no releases found Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
npm/graphql	16.8.1	🟢 5.1	Details Check Score Reason Maintained 🟢 10 11 commit(s) and 19 issue activity found in the last 90 days -- score normalized to 10 Code-Review 🟢 3 Found 9/30 approved changesets -- score normalized to 3 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Branch-Protection ⚠️ -1 internal error: error during GetBranch(main): error during branchesHandler.query: internal error: githubv4.Query: Resource not accessible by integration Signed-Releases ⚠️ -1 no releases found Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected Binary-Artifacts 🟢 10 no binaries found in the repo Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Pinned-Dependencies 🟢 5 dependency not pinned by hash detected -- score normalized to 5 Security-Policy 🟢 10 security policy file detected Fuzzing ⚠️ 0 project is not fuzzed SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Vulnerabilities ⚠️ 0 30 existing vulnerabilities detected
npm/graphql-relay	0.10.1	🟢 5	Details Check Score Reason Code-Review ⚠️ 2 Found 8/27 approved changesets -- score normalized to 2 Maintained 🟢 5 5 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 5 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Packaging ⚠️ -1 packaging workflow not detected Binary-Artifacts 🟢 10 no binaries found in the repo Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Pinned-Dependencies 🟢 4 dependency not pinned by hash detected -- score normalized to 4 Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Fuzzing ⚠️ 0 project is not fuzzed Security-Policy 🟢 10 security policy file detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Vulnerabilities 🟢 10 0 existing vulnerabilities detected
npm/iconv-lite	0.6.3	🟢 3.2	Details Check Score Reason Code-Review ⚠️ 1 Found 5/30 approved changesets -- score normalized to 1 Maintained ⚠️ 0 0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Token-Permissions ⚠️ -1 No tokens found Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ -1 no dependencies found Dangerous-Workflow ⚠️ -1 no workflows found Packaging ⚠️ -1 packaging workflow not detected Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Signed-Releases ⚠️ -1 no releases found Vulnerabilities 🟢 10 0 existing vulnerabilities detected Fuzzing ⚠️ 0 project is not fuzzed Security-Policy ⚠️ 0 security policy file not detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
npm/object.hasown	1.1.4	🟢 4.4	Details Check Score Reason Code-Review ⚠️ 0 Found 0/30 approved changesets -- score normalized to 0 Maintained ⚠️ 0 0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Binary-Artifacts 🟢 10 no binaries found in the repo Packaging ⚠️ -1 packaging workflow not detected Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 SAST ⚠️ 0 no SAST tool detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Fuzzing ⚠️ 0 project is not fuzzed Vulnerabilities 🟢 10 0 existing vulnerabilities detected Security-Policy 🟢 9 security policy file detected
npm/pg	8.11.5	🟢 5	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 14 issue activity found in the last 90 days -- score normalized to 10 Code-Review 🟢 7 Found 20/28 approved changesets -- score normalized to 7 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Binary-Artifacts 🟢 10 no binaries found in the repo Fuzzing ⚠️ 0 project is not fuzzed Security-Policy ⚠️ 0 security policy file not detected Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Vulnerabilities ⚠️ 0 42 existing vulnerabilities detected
npm/synckit	0.8.8	Unknown	Unknown
npm/typescript	5.4.5	🟢 8.6	Details Check Score Reason Binary-Artifacts 🟢 10 no binaries found in the repo Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration CI-Tests 🟢 10 30 out of 30 merged PRs checked by a CI test -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Code-Review 🟢 9 Found 27/29 approved changesets -- score normalized to 9 Contributors 🟢 10 project has 35 contributing companies or organizations Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Dependency-Update-Tool 🟢 10 update tool detected Fuzzing 🟢 10 project is fuzzed License 🟢 10 license file detected Maintained 🟢 10 30 commit(s) and 7 issue activity found in the last 90 days -- score normalized to 10 Packaging ⚠️ -1 packaging workflow not detected Pinned-Dependencies 🟢 6 dependency not pinned by hash detected -- score normalized to 6 SAST 🟢 10 SAST tool is run on all commits Security-Policy 🟢 10 security policy file detected Signed-Releases ⚠️ 0 Project has not signed or included provenance with any releases. Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege Vulnerabilities 🟢 10 0 existing vulnerabilities detected
npm/graphql	16.9.0	🟢 5.1	Details Check Score Reason Maintained 🟢 10 11 commit(s) and 19 issue activity found in the last 90 days -- score normalized to 10 Code-Review 🟢 3 Found 9/30 approved changesets -- score normalized to 3 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Branch-Protection ⚠️ -1 internal error: error during GetBranch(main): error during branchesHandler.query: internal error: githubv4.Query: Resource not accessible by integration Signed-Releases ⚠️ -1 no releases found Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected Binary-Artifacts 🟢 10 no binaries found in the repo Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Pinned-Dependencies 🟢 5 dependency not pinned by hash detected -- score normalized to 5 Security-Policy 🟢 10 security policy file detected Fuzzing ⚠️ 0 project is not fuzzed SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Vulnerabilities ⚠️ 0 30 existing vulnerabilities detected
npm/graphql	16.8.1	🟢 5.1	Details Check Score Reason Maintained 🟢 10 11 commit(s) and 19 issue activity found in the last 90 days -- score normalized to 10 Code-Review 🟢 3 Found 9/30 approved changesets -- score normalized to 3 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Branch-Protection ⚠️ -1 internal error: error during GetBranch(main): error during branchesHandler.query: internal error: githubv4.Query: Resource not accessible by integration Signed-Releases ⚠️ -1 no releases found Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected Binary-Artifacts 🟢 10 no binaries found in the repo Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Pinned-Dependencies 🟢 5 dependency not pinned by hash detected -- score normalized to 5 Security-Policy 🟢 10 security policy file detected Fuzzing ⚠️ 0 project is not fuzzed SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Vulnerabilities ⚠️ 0 30 existing vulnerabilities detected
npm/graphql	16.9.0	🟢 5.1	Details Check Score Reason Maintained 🟢 10 11 commit(s) and 19 issue activity found in the last 90 days -- score normalized to 10 Code-Review 🟢 3 Found 9/30 approved changesets -- score normalized to 3 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Branch-Protection ⚠️ -1 internal error: error during GetBranch(main): error during branchesHandler.query: internal error: githubv4.Query: Resource not accessible by integration Signed-Releases ⚠️ -1 no releases found Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected Binary-Artifacts 🟢 10 no binaries found in the repo Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Pinned-Dependencies 🟢 5 dependency not pinned by hash detected -- score normalized to 5 Security-Policy 🟢 10 security policy file detected Fuzzing ⚠️ 0 project is not fuzzed SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Vulnerabilities ⚠️ 0 30 existing vulnerabilities detected
npm/graphql	16.8.1	🟢 5.1	Details Check Score Reason Maintained 🟢 10 11 commit(s) and 19 issue activity found in the last 90 days -- score normalized to 10 Code-Review 🟢 3 Found 9/30 approved changesets -- score normalized to 3 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Branch-Protection ⚠️ -1 internal error: error during GetBranch(main): error during branchesHandler.query: internal error: githubv4.Query: Resource not accessible by integration Signed-Releases ⚠️ -1 no releases found Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected Binary-Artifacts 🟢 10 no binaries found in the repo Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Pinned-Dependencies 🟢 5 dependency not pinned by hash detected -- score normalized to 5 Security-Policy 🟢 10 security policy file detected Fuzzing ⚠️ 0 project is not fuzzed SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Vulnerabilities ⚠️ 0 30 existing vulnerabilities detected
npm/graphql	16.9.0	🟢 5.1	Details Check Score Reason Maintained 🟢 10 11 commit(s) and 19 issue activity found in the last 90 days -- score normalized to 10 Code-Review 🟢 3 Found 9/30 approved changesets -- score normalized to 3 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Branch-Protection ⚠️ -1 internal error: error during GetBranch(main): error during branchesHandler.query: internal error: githubv4.Query: Resource not accessible by integration Signed-Releases ⚠️ -1 no releases found Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected Binary-Artifacts 🟢 10 no binaries found in the repo Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Pinned-Dependencies 🟢 5 dependency not pinned by hash detected -- score normalized to 5 Security-Policy 🟢 10 security policy file detected Fuzzing ⚠️ 0 project is not fuzzed SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Vulnerabilities ⚠️ 0 30 existing vulnerabilities detected
npm/graphql	16.8.1	🟢 5.1	Details Check Score Reason Maintained 🟢 10 11 commit(s) and 19 issue activity found in the last 90 days -- score normalized to 10 Code-Review 🟢 3 Found 9/30 approved changesets -- score normalized to 3 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Branch-Protection ⚠️ -1 internal error: error during GetBranch(main): error during branchesHandler.query: internal error: githubv4.Query: Resource not accessible by integration Signed-Releases ⚠️ -1 no releases found Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected Binary-Artifacts 🟢 10 no binaries found in the repo Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Pinned-Dependencies 🟢 5 dependency not pinned by hash detected -- score normalized to 5 Security-Policy 🟢 10 security policy file detected Fuzzing ⚠️ 0 project is not fuzzed SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Vulnerabilities ⚠️ 0 30 existing vulnerabilities detected
npm/graphql	16.9.0	🟢 5.1	Details Check Score Reason Maintained 🟢 10 11 commit(s) and 19 issue activity found in the last 90 days -- score normalized to 10 Code-Review 🟢 3 Found 9/30 approved changesets -- score normalized to 3 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Branch-Protection ⚠️ -1 internal error: error during GetBranch(main): error during branchesHandler.query: internal error: githubv4.Query: Resource not accessible by integration Signed-Releases ⚠️ -1 no releases found Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected Binary-Artifacts 🟢 10 no binaries found in the repo Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Pinned-Dependencies 🟢 5 dependency not pinned by hash detected -- score normalized to 5 Security-Policy 🟢 10 security policy file detected Fuzzing ⚠️ 0 project is not fuzzed SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Vulnerabilities ⚠️ 0 30 existing vulnerabilities detected
npm/graphql	16.8.1	🟢 5.1	Details Check Score Reason Maintained 🟢 10 11 commit(s) and 19 issue activity found in the last 90 days -- score normalized to 10 Code-Review 🟢 3 Found 9/30 approved changesets -- score normalized to 3 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Branch-Protection ⚠️ -1 internal error: error during GetBranch(main): error during branchesHandler.query: internal error: githubv4.Query: Resource not accessible by integration Signed-Releases ⚠️ -1 no releases found Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected Binary-Artifacts 🟢 10 no binaries found in the repo Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Pinned-Dependencies 🟢 5 dependency not pinned by hash detected -- score normalized to 5 Security-Policy 🟢 10 security policy file detected Fuzzing ⚠️ 0 project is not fuzzed SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Vulnerabilities ⚠️ 0 30 existing vulnerabilities detected
npm/graphql	16.9.0	🟢 5.1	Details Check Score Reason Maintained 🟢 10 11 commit(s) and 19 issue activity found in the last 90 days -- score normalized to 10 Code-Review 🟢 3 Found 9/30 approved changesets -- score normalized to 3 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Branch-Protection ⚠️ -1 internal error: error during GetBranch(main): error during branchesHandler.query: internal error: githubv4.Query: Resource not accessible by integration Signed-Releases ⚠️ -1 no releases found Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected Binary-Artifacts 🟢 10 no binaries found in the repo Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Pinned-Dependencies 🟢 5 dependency not pinned by hash detected -- score normalized to 5 Security-Policy 🟢 10 security policy file detected Fuzzing ⚠️ 0 project is not fuzzed SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Vulnerabilities ⚠️ 0 30 existing vulnerabilities detected
npm/graphql	16.8.1	🟢 5.1	Details Check Score Reason Maintained 🟢 10 11 commit(s) and 19 issue activity found in the last 90 days -- score normalized to 10 Code-Review 🟢 3 Found 9/30 approved changesets -- score normalized to 3 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Branch-Protection ⚠️ -1 internal error: error during GetBranch(main): error during branchesHandler.query: internal error: githubv4.Query: Resource not accessible by integration Signed-Releases ⚠️ -1 no releases found Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected Binary-Artifacts 🟢 10 no binaries found in the repo Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Pinned-Dependencies 🟢 5 dependency not pinned by hash detected -- score normalized to 5 Security-Policy 🟢 10 security policy file detected Fuzzing ⚠️ 0 project is not fuzzed SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Vulnerabilities ⚠️ 0 30 existing vulnerabilities detected

Scanned Manifest Files

package-lock.json

• @tanstack/[email protected]
• @tanstack/[email protected]
• [email protected]
• [email protected]
• [email protected]
• [email protected]
• [email protected]
• [email protected]
• [email protected]
• [email protected]
• [email protected]
• [email protected]
• @tanstack/[email protected]
• @tanstack/[email protected]
• [email protected]
• [email protected]
• [email protected]
• [email protected]
• [email protected]
• [email protected]
• [email protected]
• [email protected]
• [email protected]
• [email protected]
• [email protected]
• [email protected]

packages/authx/package.json

• [email protected]
• [email protected]

packages/strategy-email/package.json

• [email protected]
• [email protected]

packages/strategy-openid/package.json

• [email protected]
• [email protected]

packages/strategy-password/package.json

• [email protected]
• [email protected]

packages/strategy-saml/package.json

• [email protected]
• [email protected]

[sonarcloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarCloud

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.