Bump the minor-updates group across 1 directory with 4 updates

[dependabot]

Bumps the minor-updates group with 4 updates in the / directory: graphql, graphql-relay, pg and @tanstack/react-query.

Updates graphql from 16.8.1 to 16.9.0

Release notes

Sourced from graphql's releases.

v16.9.0 (2024-06-21)

New Feature 🚀

• #4119 backport[v16]: Introduce "recommended" validation rules (@​benjie)
• #4122 backport[v16]: Enable passing values configuration to GraphQLEnumType as a thunk (@​benjie)
• #4124 backport[v16]: Implement OneOf Input Objects via @oneOf directive (@​benjie)

Committers: 1

• Benjie(@​benjie)

v16.8.2 (2024-06-12)

Bug Fix 🐞

• #4022 fix: remove globalThis check and align with what bundlers can accept (@​JoviDeCroock)

Internal 🏠

• #4104 Fix publish scripts (@​benjie)

Committers: 2

• Benjie(@​benjie)
• Jovi De Croock(@​JoviDeCroock)

Commits

• 556a01e 16.9.0
• 6a1614c backport[v16]: Enable passing values configuration to GraphQLEnumType as a th...
• 29144f7 backport[v16]: Implement OneOf Input Objects via @oneOf directive (#4124)
• c35130e Revert error extension symbol (#4123)
• 29c1bff feat: allow defining symbol error extensions (#3730)
• c985c27 backport[v16]: Introduce "recommended" validation rules (#4119)
• 08779a0 16.8.2
• c82609e Fix publish scripts (#4104)
• 0d12b06 fix: remove globalThis check and align with what bundlers can accept (#4022)
• See full diff in compare view

Maintainer changes

This version was pushed to npm by benjie, a new releaser for graphql since your current version.

Updates graphql-relay from 0.10.1 to 0.10.2

Release notes

Sourced from graphql-relay's releases.

v0.10.2 (2024-07-11)

Bug Fix 🐞

• #394 fix: fix output type for mutate and get payload (@​Eckzzo)

Docs 📝

• #395 Add publish instructions (@​benjie)

Committers: 2

• Benjie(@​benjie)
• Ivan Levenhagen(@​Eckzzo)

Commits

• 6600e95 0.10.2
• f8291b0 Add publish instructions (#395)
• 1a9f5b0 fix: fix output type for mutate and get payload (#394)
• See full diff in compare view

Updates pg from 8.11.5 to 8.12.0

Changelog

Sourced from pg's changelog.

[email protected]

• Add queryMode config option to force use of the extended query protocol on queries without any parameters.

[email protected]

• Emit release event when client is returned to the pool.

[email protected]

• Add support for stream factory.
• Better errors for SASL authentication.
• Use native crypto module for SASL authentication.

[email protected]

• Bump minimum required version of native bindings.
• Catch previously uncatchable errors thrown in pool.query.
• Prevent the pool from blocking the event loop if all clients are idle (and allowExitOnIdle is enabled).
• Support lock_timeout in client config.
• Fix errors thrown in callbacks from interfering with cleanup.

[email protected]

• Add connection lifetime limit config option.

[email protected]

• Add optional config to pool to allow process to exit if pool is idle.

[email protected]

• Convert to es6 class
• Add support for promises to cursor methods

[email protected]

• Better SASL error messages & more validation on bad configuration.
• Export DatabaseError.
• Add ParameterDescription support to protocol parsing.
• Fix typescript typedefs with --isolatedModules.

[email protected]

• Library has been converted to Typescript. The behavior is identical, but there could be subtle breaking changes due to class names changing or other small inconsistencies introduced by the conversion.

[email protected]

• Fix bug forwarding ssl key.
• Convert pg-query-stream internals to typescript.

... (truncated)

Commits

• 0f42880 Publish
• ff47a97 Add option to force use of Extended Queries (#3214)
• fe88e82 Add pg-native to monorepo (#3225)
• 0096856 reorder user-password-host-port-database appearences (#3207)
• See full diff in compare view

Updates @tanstack/react-query from 5.40.0 to 5.51.15

Release notes

Sourced from @​tanstack/react-query's releases.

v5.51.15

Version 5.51.15 - 7/26/24, 11:47 AM (Manual Release)

Changes

Other

• (cd68280) by Ryan Kuruppu

Packages

• @​tanstack/eslint-plugin-query@​5.51.15
• @​tanstack/query-async-storage-persister@​5.51.15
• @​tanstack/query-broadcast-client-experimental@​5.51.15
• @​tanstack/query-core@​5.51.15
• @​tanstack/query-devtools@​5.51.15
• @​tanstack/query-persist-client-core@​5.51.15
• @​tanstack/query-sync-storage-persister@​5.51.15
• @​tanstack/react-query@​5.51.15
• @​tanstack/react-query-devtools@​5.51.15
• @​tanstack/react-query-persist-client@​5.51.15
• @​tanstack/react-query-next-experimental@​5.51.15
• @​tanstack/solid-query@​5.51.15
• @​tanstack/solid-query-devtools@​5.51.15
• @​tanstack/solid-query-persist-client@​5.51.15
• @​tanstack/svelte-query@​5.51.15
• @​tanstack/svelte-query-devtools@​5.51.15
• @​tanstack/svelte-query-persist-client@​5.51.15
• @​tanstack/vue-query@​5.51.15
• @​tanstack/vue-query-devtools@​5.51.15
• @​tanstack/angular-query-devtools-experimental@​5.51.15
• @​tanstack/angular-query-experimental@​5.51.15

v5.51.14

Version 5.51.14 - 7/26/24, 8:47 AM

Changes

Fix

• query-core: abort fetch loop for infinite queries if getNextPageParam returns null or undefined (#7799) (3ef7887) by Dominik Dorfmeister

Refactor

• react-query: add error message for skipToken in useSuspenseQueries and useSuspenseInfiniteQuery (#7797) (34a5672) by Lich

Chore

• Update @tanstack/config to v0.11.0 (#7795) (bd3296b) by Lachlan Collins
• svelte-query: Tweak provider tests (#7794) (1814f56) by Lachlan Collins

... (truncated)

Commits

• ec8e800 release: v5.51.15
• fec324f release: v5.51.14
• 34a5672 refactor(react-query): add error message for skipToken in useSuspenseQueries...
• bd3296b chore: Update @tanstack/config to v0.11.0 (#7795)
• c3dffbd release: v5.51.11
• b764009 fix(svelte-query): Correct data type when initialData is set (#7769)
• 70620ec release: v5.51.9
• c101251 release: v5.51.5
• a87c2fe fix(query-core): widen QueriesObserver queries type (#7446) (#7492)
• 5c50ca7 release: v5.51.4
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[github-actions]

Dependency Review

The following issues were found:

• ✅ 0 vulnerable package(s)
• ✅ 0 package(s) with incompatible licenses
• ✅ 0 package(s) with invalid SPDX license definitions
• ✅ 0 package(s) with unknown licenses.
• ⚠️ 2 packages with OpenSSF Scorecard issues.

See the Details below.

OpenSSF Scorecard

Scorecard details

Package	Version	Score	Details
npm/@tanstack/query-core	5.51.15	Unknown	Unknown
npm/@tanstack/react-query	5.51.15	Unknown	Unknown
npm/encoding	0.1.13	⚠️ 1.8	Details Check Score Reason Code-Review ⚠️ 1 Found 5/29 approved changesets -- score normalized to 1 Maintained ⚠️ 0 0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 9 license file detected Dangerous-Workflow ⚠️ -1 no workflows found Packaging ⚠️ -1 packaging workflow not detected Pinned-Dependencies ⚠️ -1 no dependencies found Token-Permissions ⚠️ -1 No tokens found Binary-Artifacts 🟢 10 no binaries found in the repo Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Signed-Releases ⚠️ -1 no releases found Fuzzing ⚠️ 0 project is not fuzzed Security-Policy ⚠️ 0 security policy file not detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Vulnerabilities ⚠️ 0 18 existing vulnerabilities detected
npm/graphql	16.9.0	🟢 5.1	Details Check Score Reason Code-Review 🟢 3 Found 9/30 approved changesets -- score normalized to 3 Maintained 🟢 10 11 commit(s) and 19 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during GetBranch(main): error during branchesHandler.query: internal error: githubv4.Query: Resource not accessible by integration Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Binary-Artifacts 🟢 10 no binaries found in the repo Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Security-Policy 🟢 10 security policy file detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Pinned-Dependencies 🟢 5 dependency not pinned by hash detected -- score normalized to 5 Fuzzing ⚠️ 0 project is not fuzzed Vulnerabilities ⚠️ 0 30 existing vulnerabilities detected
npm/graphql-relay	0.10.2	🟢 5	Details Check Score Reason Maintained 🟢 5 5 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 5 Code-Review ⚠️ 2 Found 8/27 approved changesets -- score normalized to 2 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies 🟢 4 dependency not pinned by hash detected -- score normalized to 4 Fuzzing ⚠️ 0 project is not fuzzed Security-Policy 🟢 10 security policy file detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Vulnerabilities 🟢 10 0 existing vulnerabilities detected
npm/pg	8.12.0	🟢 5	Details Check Score Reason Code-Review 🟢 7 Found 20/28 approved changesets -- score normalized to 7 Maintained 🟢 10 30 commit(s) and 15 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Binary-Artifacts 🟢 10 no binaries found in the repo Fuzzing ⚠️ 0 project is not fuzzed Security-Policy ⚠️ 0 security policy file not detected Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Vulnerabilities ⚠️ 0 42 existing vulnerabilities detected
npm/@tanstack/query-core	5.40.0	Unknown	Unknown
npm/@tanstack/react-query	5.40.0	Unknown	Unknown
npm/encoding	0.1.13	⚠️ 1.8	Details Check Score Reason Code-Review ⚠️ 1 Found 5/29 approved changesets -- score normalized to 1 Maintained ⚠️ 0 0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 9 license file detected Dangerous-Workflow ⚠️ -1 no workflows found Packaging ⚠️ -1 packaging workflow not detected Pinned-Dependencies ⚠️ -1 no dependencies found Token-Permissions ⚠️ -1 No tokens found Binary-Artifacts 🟢 10 no binaries found in the repo Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Signed-Releases ⚠️ -1 no releases found Fuzzing ⚠️ 0 project is not fuzzed Security-Policy ⚠️ 0 security policy file not detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Vulnerabilities ⚠️ 0 18 existing vulnerabilities detected
npm/graphql	16.8.1	🟢 5.1	Details Check Score Reason Code-Review 🟢 3 Found 9/30 approved changesets -- score normalized to 3 Maintained 🟢 10 11 commit(s) and 19 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during GetBranch(main): error during branchesHandler.query: internal error: githubv4.Query: Resource not accessible by integration Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Binary-Artifacts 🟢 10 no binaries found in the repo Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Security-Policy 🟢 10 security policy file detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Pinned-Dependencies 🟢 5 dependency not pinned by hash detected -- score normalized to 5 Fuzzing ⚠️ 0 project is not fuzzed Vulnerabilities ⚠️ 0 30 existing vulnerabilities detected
npm/graphql-relay	0.10.1	🟢 5	Details Check Score Reason Maintained 🟢 5 5 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 5 Code-Review ⚠️ 2 Found 8/27 approved changesets -- score normalized to 2 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies 🟢 4 dependency not pinned by hash detected -- score normalized to 4 Fuzzing ⚠️ 0 project is not fuzzed Security-Policy 🟢 10 security policy file detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Vulnerabilities 🟢 10 0 existing vulnerabilities detected
npm/iconv-lite	0.6.3	🟢 3.2	Details Check Score Reason Code-Review ⚠️ 1 Found 5/30 approved changesets -- score normalized to 1 Maintained ⚠️ 0 0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Dangerous-Workflow ⚠️ -1 no workflows found Packaging ⚠️ -1 packaging workflow not detected Token-Permissions ⚠️ -1 No tokens found Pinned-Dependencies ⚠️ -1 no dependencies found Binary-Artifacts 🟢 10 no binaries found in the repo Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Vulnerabilities 🟢 10 0 existing vulnerabilities detected Fuzzing ⚠️ 0 project is not fuzzed Security-Policy ⚠️ 0 security policy file not detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
npm/pg	8.11.5	🟢 5	Details Check Score Reason Code-Review 🟢 7 Found 20/28 approved changesets -- score normalized to 7 Maintained 🟢 10 30 commit(s) and 15 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Binary-Artifacts 🟢 10 no binaries found in the repo Fuzzing ⚠️ 0 project is not fuzzed Security-Policy ⚠️ 0 security policy file not detected Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Vulnerabilities ⚠️ 0 42 existing vulnerabilities detected
npm/graphql	16.9.0	🟢 5.1	Details Check Score Reason Code-Review 🟢 3 Found 9/30 approved changesets -- score normalized to 3 Maintained 🟢 10 11 commit(s) and 19 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during GetBranch(main): error during branchesHandler.query: internal error: githubv4.Query: Resource not accessible by integration Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Binary-Artifacts 🟢 10 no binaries found in the repo Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Security-Policy 🟢 10 security policy file detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Pinned-Dependencies 🟢 5 dependency not pinned by hash detected -- score normalized to 5 Fuzzing ⚠️ 0 project is not fuzzed Vulnerabilities ⚠️ 0 30 existing vulnerabilities detected
npm/graphql	16.8.1	🟢 5.1	Details Check Score Reason Code-Review 🟢 3 Found 9/30 approved changesets -- score normalized to 3 Maintained 🟢 10 11 commit(s) and 19 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during GetBranch(main): error during branchesHandler.query: internal error: githubv4.Query: Resource not accessible by integration Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Binary-Artifacts 🟢 10 no binaries found in the repo Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Security-Policy 🟢 10 security policy file detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Pinned-Dependencies 🟢 5 dependency not pinned by hash detected -- score normalized to 5 Fuzzing ⚠️ 0 project is not fuzzed Vulnerabilities ⚠️ 0 30 existing vulnerabilities detected
npm/graphql	16.9.0	🟢 5.1	Details Check Score Reason Code-Review 🟢 3 Found 9/30 approved changesets -- score normalized to 3 Maintained 🟢 10 11 commit(s) and 19 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during GetBranch(main): error during branchesHandler.query: internal error: githubv4.Query: Resource not accessible by integration Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Binary-Artifacts 🟢 10 no binaries found in the repo Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Security-Policy 🟢 10 security policy file detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Pinned-Dependencies 🟢 5 dependency not pinned by hash detected -- score normalized to 5 Fuzzing ⚠️ 0 project is not fuzzed Vulnerabilities ⚠️ 0 30 existing vulnerabilities detected
npm/graphql	16.8.1	🟢 5.1	Details Check Score Reason Code-Review 🟢 3 Found 9/30 approved changesets -- score normalized to 3 Maintained 🟢 10 11 commit(s) and 19 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during GetBranch(main): error during branchesHandler.query: internal error: githubv4.Query: Resource not accessible by integration Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Binary-Artifacts 🟢 10 no binaries found in the repo Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Security-Policy 🟢 10 security policy file detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Pinned-Dependencies 🟢 5 dependency not pinned by hash detected -- score normalized to 5 Fuzzing ⚠️ 0 project is not fuzzed Vulnerabilities ⚠️ 0 30 existing vulnerabilities detected
npm/graphql	16.9.0	🟢 5.1	Details Check Score Reason Code-Review 🟢 3 Found 9/30 approved changesets -- score normalized to 3 Maintained 🟢 10 11 commit(s) and 19 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during GetBranch(main): error during branchesHandler.query: internal error: githubv4.Query: Resource not accessible by integration Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Binary-Artifacts 🟢 10 no binaries found in the repo Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Security-Policy 🟢 10 security policy file detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Pinned-Dependencies 🟢 5 dependency not pinned by hash detected -- score normalized to 5 Fuzzing ⚠️ 0 project is not fuzzed Vulnerabilities ⚠️ 0 30 existing vulnerabilities detected
npm/graphql	16.8.1	🟢 5.1	Details Check Score Reason Code-Review 🟢 3 Found 9/30 approved changesets -- score normalized to 3 Maintained 🟢 10 11 commit(s) and 19 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during GetBranch(main): error during branchesHandler.query: internal error: githubv4.Query: Resource not accessible by integration Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Binary-Artifacts 🟢 10 no binaries found in the repo Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Security-Policy 🟢 10 security policy file detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Pinned-Dependencies 🟢 5 dependency not pinned by hash detected -- score normalized to 5 Fuzzing ⚠️ 0 project is not fuzzed Vulnerabilities ⚠️ 0 30 existing vulnerabilities detected
npm/graphql	16.9.0	🟢 5.1	Details Check Score Reason Code-Review 🟢 3 Found 9/30 approved changesets -- score normalized to 3 Maintained 🟢 10 11 commit(s) and 19 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during GetBranch(main): error during branchesHandler.query: internal error: githubv4.Query: Resource not accessible by integration Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Binary-Artifacts 🟢 10 no binaries found in the repo Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Security-Policy 🟢 10 security policy file detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Pinned-Dependencies 🟢 5 dependency not pinned by hash detected -- score normalized to 5 Fuzzing ⚠️ 0 project is not fuzzed Vulnerabilities ⚠️ 0 30 existing vulnerabilities detected
npm/graphql	16.8.1	🟢 5.1	Details Check Score Reason Code-Review 🟢 3 Found 9/30 approved changesets -- score normalized to 3 Maintained 🟢 10 11 commit(s) and 19 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during GetBranch(main): error during branchesHandler.query: internal error: githubv4.Query: Resource not accessible by integration Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Binary-Artifacts 🟢 10 no binaries found in the repo Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Security-Policy 🟢 10 security policy file detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Pinned-Dependencies 🟢 5 dependency not pinned by hash detected -- score normalized to 5 Fuzzing ⚠️ 0 project is not fuzzed Vulnerabilities ⚠️ 0 30 existing vulnerabilities detected
npm/graphql	16.9.0	🟢 5.1	Details Check Score Reason Code-Review 🟢 3 Found 9/30 approved changesets -- score normalized to 3 Maintained 🟢 10 11 commit(s) and 19 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during GetBranch(main): error during branchesHandler.query: internal error: githubv4.Query: Resource not accessible by integration Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Binary-Artifacts 🟢 10 no binaries found in the repo Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Security-Policy 🟢 10 security policy file detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Pinned-Dependencies 🟢 5 dependency not pinned by hash detected -- score normalized to 5 Fuzzing ⚠️ 0 project is not fuzzed Vulnerabilities ⚠️ 0 30 existing vulnerabilities detected
npm/graphql	16.8.1	🟢 5.1	Details Check Score Reason Code-Review 🟢 3 Found 9/30 approved changesets -- score normalized to 3 Maintained 🟢 10 11 commit(s) and 19 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during GetBranch(main): error during branchesHandler.query: internal error: githubv4.Query: Resource not accessible by integration Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Binary-Artifacts 🟢 10 no binaries found in the repo Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Security-Policy 🟢 10 security policy file detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Pinned-Dependencies 🟢 5 dependency not pinned by hash detected -- score normalized to 5 Fuzzing ⚠️ 0 project is not fuzzed Vulnerabilities ⚠️ 0 30 existing vulnerabilities detected

Scanned Manifest Files

package-lock.json

• @tanstack/[email protected]
• @tanstack/[email protected]
• [email protected]
• [email protected]
• [email protected]
• [email protected]
• @tanstack/[email protected]
• @tanstack/[email protected]
• [email protected]
• [email protected]
• [email protected]
• [email protected]
• [email protected]

packages/authx/package.json

• [email protected]
• [email protected]

packages/strategy-email/package.json

• [email protected]
• [email protected]

packages/strategy-openid/package.json

• [email protected]
• [email protected]

packages/strategy-password/package.json

• [email protected]
• [email protected]

packages/strategy-saml/package.json

• [email protected]
• [email protected]

[sonarcloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarCloud

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.