Skip to content

chore(deps)(deps): bump the minor-and-patch group with 4 updates#10

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/minor-and-patch-af2bb14ec8
Open

chore(deps)(deps): bump the minor-and-patch group with 4 updates#10
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/minor-and-patch-af2bb14ec8

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 6, 2026

Copy link
Copy Markdown
Contributor

Bumps the minor-and-patch group with 4 updates: next, next-intl, eslint-config-next and tsx.

Updates next from 15.5.19 to 15.5.20

Release notes

Sourced from next's releases.

v15.5.20

Contains no changes except publishing @next/swc-wasm-web which was accidentally not published since 15.5.15.

Commits

Updates next-intl from 4.13.0 to 4.13.1

Release notes

Sourced from next-intl's releases.

v4.13.1

4.13.1 (2026-06-30)

Bug Fixes

Changelog

Sourced from next-intl's changelog.

4.13.1 (2026-06-30)

Bug Fixes

Commits
  • 976ca1f v4.13.1
  • 4025d1f fix: Handle ICU escape sequences around < consistently in dev and productio...
  • 90691ed docs: Add hooks hint to extraction.mdx (#2348)
  • 30d1004 docs: Handle malformed tweet entities from API (#2343)
  • 030afd3 docs: Add copy-to-clipboard for details section permalinks (#2342)
  • See full diff in compare view

Updates eslint-config-next from 15.5.19 to 15.5.20

Release notes

Sourced from eslint-config-next's releases.

v15.5.20

Contains no changes except publishing @next/swc-wasm-web which was accidentally not published since 15.5.15.

Commits

Updates tsx from 4.22.4 to 4.23.0

Release notes

Sourced from tsx's releases.

v4.23.0

4.23.0 (2026-07-03)

Bug Fixes

Features


This release is also available on:

v4.22.5

4.22.5 (2026-07-02)

Bug Fixes

  • isolate hook state per async module.register() registration (a305f36)

This release is also available on:

Commits
  • 1dfad37 docs: cite esbuild's extension-resolution model in node notes
  • 257bbbb fix: avoid redundant filesystem probes during module resolution
  • c178197 feat: add multi-scenario startup benchmark suite
  • 51800ac docs: add Node internals knowledge base (notes/node)
  • a305f36 fix: isolate hook state per async module.register() registration
  • ca501a9 chore: upgrade skills-npm to v1.2.0
  • 596cd1f test: cover __dirname, __filename, & require.cache in CJS TS file
  • 75d9bf0 test: lock in lenient ESM for ambiguous and CJS-typed packages
  • 1472f3e test: cover ESM-syntax dependency with omitted "type" field
  • See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the minor-and-patch group with 4 updates: [next](https://github.com/vercel/next.js), [next-intl](https://github.com/amannn/next-intl), [eslint-config-next](https://github.com/vercel/next.js/tree/HEAD/packages/eslint-config-next) and [tsx](https://github.com/privatenumber/tsx).


Updates `next` from 15.5.19 to 15.5.20
- [Release notes](https://github.com/vercel/next.js/releases)
- [Commits](vercel/next.js@v15.5.19...v15.5.20)

Updates `next-intl` from 4.13.0 to 4.13.1
- [Release notes](https://github.com/amannn/next-intl/releases)
- [Changelog](https://github.com/amannn/next-intl/blob/main/CHANGELOG.md)
- [Commits](amannn/next-intl@v4.13.0...v4.13.1)

Updates `eslint-config-next` from 15.5.19 to 15.5.20
- [Release notes](https://github.com/vercel/next.js/releases)
- [Commits](https://github.com/vercel/next.js/commits/v15.5.20/packages/eslint-config-next)

Updates `tsx` from 4.22.4 to 4.23.0
- [Release notes](https://github.com/privatenumber/tsx/releases)
- [Changelog](https://github.com/privatenumber/tsx/blob/master/release.config.cjs)
- [Commits](privatenumber/tsx@v4.22.4...v4.23.0)

---
updated-dependencies:
- dependency-name: next
  dependency-version: 15.5.20
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
- dependency-name: next-intl
  dependency-version: 4.13.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
- dependency-name: eslint-config-next
  dependency-version: 15.5.20
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
- dependency-name: tsx
  dependency-version: 4.23.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot @github

dependabot Bot commented on behalf of github Jul 6, 2026

Copy link
Copy Markdown
Contributor Author

Labels

The following labels could not be found: automated, dependencies. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

@github-actions

github-actions Bot commented Jul 6, 2026

Copy link
Copy Markdown

⚠️ Deprecation Warning: The deny-licenses option is deprecated for possible removal in the next major release. For more information, see issue 997.

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

Scorecard details
PackageVersionScoreDetails
npm/@formatjs/icu-messageformat-parser 3.5.12 🟢 3.8
Details
CheckScoreReason
Maintained🟢 1030 commit(s) and 10 issue activity found in the last 90 days -- score normalized to 10
Code-Review⚠️ 0Found 1/28 approved changesets -- score normalized to 0
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
License⚠️ 0license file not detected
Signed-Releases⚠️ 0Project has not signed or included provenance with any releases.
Fuzzing⚠️ 0project is not fuzzed
Branch-Protection🟢 3branch protection is not maximal on development and all release branches
Packaging🟢 10packaging workflow detected
Security-Policy⚠️ 0security policy file not detected
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
npm/@next/env 15.5.20 🟢 6.2
Details
CheckScoreReason
Code-Review🟢 9Found 27/30 approved changesets -- score normalized to 9
Maintained🟢 1030 commit(s) and 4 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
License🟢 10license file detected
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Signed-Releases⚠️ -1no releases found
Security-Policy🟢 10security policy file detected
Packaging🟢 10packaging workflow detected
Binary-Artifacts⚠️ 0binaries present in source code
Fuzzing🟢 10project is fuzzed
Pinned-Dependencies🟢 3dependency not pinned by hash detected -- score normalized to 3
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
npm/@next/eslint-plugin-next 15.5.20 🟢 6.2
Details
CheckScoreReason
Code-Review🟢 9Found 27/30 approved changesets -- score normalized to 9
Maintained🟢 1030 commit(s) and 4 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
License🟢 10license file detected
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Signed-Releases⚠️ -1no releases found
Security-Policy🟢 10security policy file detected
Packaging🟢 10packaging workflow detected
Binary-Artifacts⚠️ 0binaries present in source code
Fuzzing🟢 10project is fuzzed
Pinned-Dependencies🟢 3dependency not pinned by hash detected -- score normalized to 3
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
npm/@next/swc-darwin-arm64 15.5.20 🟢 6.2
Details
CheckScoreReason
Code-Review🟢 9Found 27/30 approved changesets -- score normalized to 9
Maintained🟢 1030 commit(s) and 4 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
License🟢 10license file detected
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Signed-Releases⚠️ -1no releases found
Security-Policy🟢 10security policy file detected
Packaging🟢 10packaging workflow detected
Binary-Artifacts⚠️ 0binaries present in source code
Fuzzing🟢 10project is fuzzed
Pinned-Dependencies🟢 3dependency not pinned by hash detected -- score normalized to 3
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
npm/@next/swc-darwin-x64 15.5.20 🟢 6.2
Details
CheckScoreReason
Code-Review🟢 9Found 27/30 approved changesets -- score normalized to 9
Maintained🟢 1030 commit(s) and 4 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
License🟢 10license file detected
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Signed-Releases⚠️ -1no releases found
Security-Policy🟢 10security policy file detected
Packaging🟢 10packaging workflow detected
Binary-Artifacts⚠️ 0binaries present in source code
Fuzzing🟢 10project is fuzzed
Pinned-Dependencies🟢 3dependency not pinned by hash detected -- score normalized to 3
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
npm/@next/swc-linux-arm64-gnu 15.5.20 🟢 6.2
Details
CheckScoreReason
Code-Review🟢 9Found 27/30 approved changesets -- score normalized to 9
Maintained🟢 1030 commit(s) and 4 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
License🟢 10license file detected
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Signed-Releases⚠️ -1no releases found
Security-Policy🟢 10security policy file detected
Packaging🟢 10packaging workflow detected
Binary-Artifacts⚠️ 0binaries present in source code
Fuzzing🟢 10project is fuzzed
Pinned-Dependencies🟢 3dependency not pinned by hash detected -- score normalized to 3
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
npm/@next/swc-linux-arm64-musl 15.5.20 🟢 6.2
Details
CheckScoreReason
Code-Review🟢 9Found 27/30 approved changesets -- score normalized to 9
Maintained🟢 1030 commit(s) and 4 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
License🟢 10license file detected
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Signed-Releases⚠️ -1no releases found
Security-Policy🟢 10security policy file detected
Packaging🟢 10packaging workflow detected
Binary-Artifacts⚠️ 0binaries present in source code
Fuzzing🟢 10project is fuzzed
Pinned-Dependencies🟢 3dependency not pinned by hash detected -- score normalized to 3
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
npm/@next/swc-linux-x64-gnu 15.5.20 🟢 6.2
Details
CheckScoreReason
Code-Review🟢 9Found 27/30 approved changesets -- score normalized to 9
Maintained🟢 1030 commit(s) and 4 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
License🟢 10license file detected
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Signed-Releases⚠️ -1no releases found
Security-Policy🟢 10security policy file detected
Packaging🟢 10packaging workflow detected
Binary-Artifacts⚠️ 0binaries present in source code
Fuzzing🟢 10project is fuzzed
Pinned-Dependencies🟢 3dependency not pinned by hash detected -- score normalized to 3
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
npm/@next/swc-linux-x64-musl 15.5.20 🟢 6.2
Details
CheckScoreReason
Code-Review🟢 9Found 27/30 approved changesets -- score normalized to 9
Maintained🟢 1030 commit(s) and 4 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
License🟢 10license file detected
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Signed-Releases⚠️ -1no releases found
Security-Policy🟢 10security policy file detected
Packaging🟢 10packaging workflow detected
Binary-Artifacts⚠️ 0binaries present in source code
Fuzzing🟢 10project is fuzzed
Pinned-Dependencies🟢 3dependency not pinned by hash detected -- score normalized to 3
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
npm/@next/swc-win32-arm64-msvc 15.5.20 🟢 6.2
Details
CheckScoreReason
Code-Review🟢 9Found 27/30 approved changesets -- score normalized to 9
Maintained🟢 1030 commit(s) and 4 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
License🟢 10license file detected
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Signed-Releases⚠️ -1no releases found
Security-Policy🟢 10security policy file detected
Packaging🟢 10packaging workflow detected
Binary-Artifacts⚠️ 0binaries present in source code
Fuzzing🟢 10project is fuzzed
Pinned-Dependencies🟢 3dependency not pinned by hash detected -- score normalized to 3
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
npm/@next/swc-win32-x64-msvc 15.5.20 🟢 6.2
Details
CheckScoreReason
Code-Review🟢 9Found 27/30 approved changesets -- score normalized to 9
Maintained🟢 1030 commit(s) and 4 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
License🟢 10license file detected
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Signed-Releases⚠️ -1no releases found
Security-Policy🟢 10security policy file detected
Packaging🟢 10packaging workflow detected
Binary-Artifacts⚠️ 0binaries present in source code
Fuzzing🟢 10project is fuzzed
Pinned-Dependencies🟢 3dependency not pinned by hash detected -- score normalized to 3
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
npm/eslint-config-next 15.5.20 🟢 6.2
Details
CheckScoreReason
Code-Review🟢 9Found 27/30 approved changesets -- score normalized to 9
Maintained🟢 1030 commit(s) and 4 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
License🟢 10license file detected
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Signed-Releases⚠️ -1no releases found
Security-Policy🟢 10security policy file detected
Packaging🟢 10packaging workflow detected
Binary-Artifacts⚠️ 0binaries present in source code
Fuzzing🟢 10project is fuzzed
Pinned-Dependencies🟢 3dependency not pinned by hash detected -- score normalized to 3
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
npm/icu-minify 4.13.1 🟢 4.2
Details
CheckScoreReason
Code-Review⚠️ 1Found 5/30 approved changesets -- score normalized to 1
Maintained🟢 1027 commit(s) and 20 issue activity found in the last 90 days -- score normalized to 10
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Binary-Artifacts🟢 9binaries present in source code
Security-Policy⚠️ 0security policy file not detected
License🟢 10license file detected
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Fuzzing⚠️ 0project is not fuzzed
Branch-Protection⚠️ 0branch protection not enabled on development/release branches
Signed-Releases⚠️ -1no releases found
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
Packaging🟢 10packaging workflow detected
npm/intl-messageformat 11.2.9 🟢 3.8
Details
CheckScoreReason
Maintained🟢 1030 commit(s) and 10 issue activity found in the last 90 days -- score normalized to 10
Code-Review⚠️ 0Found 1/28 approved changesets -- score normalized to 0
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
License⚠️ 0license file not detected
Signed-Releases⚠️ 0Project has not signed or included provenance with any releases.
Fuzzing⚠️ 0project is not fuzzed
Branch-Protection🟢 3branch protection is not maximal on development and all release branches
Packaging🟢 10packaging workflow detected
Security-Policy⚠️ 0security policy file not detected
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
npm/next 15.5.20 🟢 6.2
Details
CheckScoreReason
Code-Review🟢 9Found 27/30 approved changesets -- score normalized to 9
Maintained🟢 1030 commit(s) and 4 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
License🟢 10license file detected
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Signed-Releases⚠️ -1no releases found
Security-Policy🟢 10security policy file detected
Packaging🟢 10packaging workflow detected
Binary-Artifacts⚠️ 0binaries present in source code
Fuzzing🟢 10project is fuzzed
Pinned-Dependencies🟢 3dependency not pinned by hash detected -- score normalized to 3
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
npm/next-intl 4.13.1 🟢 4.2
Details
CheckScoreReason
Code-Review⚠️ 1Found 5/30 approved changesets -- score normalized to 1
Maintained🟢 1027 commit(s) and 20 issue activity found in the last 90 days -- score normalized to 10
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Binary-Artifacts🟢 9binaries present in source code
Security-Policy⚠️ 0security policy file not detected
License🟢 10license file detected
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Fuzzing⚠️ 0project is not fuzzed
Branch-Protection⚠️ 0branch protection not enabled on development/release branches
Signed-Releases⚠️ -1no releases found
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
Packaging🟢 10packaging workflow detected
npm/next-intl-swc-plugin-extractor 4.13.1 🟢 4.2
Details
CheckScoreReason
Code-Review⚠️ 1Found 5/30 approved changesets -- score normalized to 1
Maintained🟢 1027 commit(s) and 20 issue activity found in the last 90 days -- score normalized to 10
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Binary-Artifacts🟢 9binaries present in source code
Security-Policy⚠️ 0security policy file not detected
License🟢 10license file detected
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Fuzzing⚠️ 0project is not fuzzed
Branch-Protection⚠️ 0branch protection not enabled on development/release branches
Signed-Releases⚠️ -1no releases found
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
Packaging🟢 10packaging workflow detected
npm/tsx 4.23.0 UnknownUnknown
npm/use-intl 4.13.1 🟢 4.2
Details
CheckScoreReason
Code-Review⚠️ 1Found 5/30 approved changesets -- score normalized to 1
Maintained🟢 1027 commit(s) and 20 issue activity found in the last 90 days -- score normalized to 10
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Binary-Artifacts🟢 9binaries present in source code
Security-Policy⚠️ 0security policy file not detected
License🟢 10license file detected
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Fuzzing⚠️ 0project is not fuzzed
Branch-Protection⚠️ 0branch protection not enabled on development/release branches
Signed-Releases⚠️ -1no releases found
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
Packaging🟢 10packaging workflow detected

Scanned Files

  • package-lock.json

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants