Skip to content

chore(deps): bump p-limit from 3.1.0 to 4.0.0#1550

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/p-limit-4.0.0
Open

chore(deps): bump p-limit from 3.1.0 to 4.0.0#1550
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/p-limit-4.0.0

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github May 25, 2026
edited
Loading

Bumps p-limit from 3.1.0 to 4.0.0.

Release notes

Sourced from p-limit's releases.

v4.0.0

Breaking

  • Require Node.js 12.20 9e08401
  • This package is now pure ESM. Please read this.

sindresorhus/p-limit@v3.1.0...v4.0.0

Commits

Most Recent Ignore Conditions Applied to This Pull Request
Dependency Name Ignore Conditions
p-limit [>= 7.a, < 8]
p-limit [>= 6.a, < 7]
p-limit [>= 5.a, < 6]

@aws-cdk-automation aws-cdk-automation requested a review from a team May 25, 2026 09:22
@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented May 25, 2026
edited
Loading

Dependency Review

The following issues were found:
  • ✅ 0 vulnerable package(s)
  • ✅ 0 package(s) with incompatible licenses
  • ✅ 0 package(s) with invalid SPDX license definitions
  • ⚠️ 2 package(s) with unknown licenses.
See the Details below.

License Issues

packages/@aws-cdk/toolkit-lib/package.json

PackageVersionLicenseIssue Type
p-limit^4NullUnknown License

packages/aws-cdk/package.json

PackageVersionLicenseIssue Type
p-limit^4NullUnknown License

OpenSSF Scorecard

PackageVersionScoreDetails
npm/p-limit ^4 UnknownUnknown
npm/p-limit ^4 UnknownUnknown
npm/p-limit 4.0.0 🟢 3.8
Details
CheckScoreReason
Packaging⚠️ -1packaging workflow not detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Security-Policy🟢 10security policy file detected
Maintained⚠️ 21 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 2
Binary-Artifacts🟢 10no binaries found in the repo
Code-Review⚠️ 1Found 5/30 approved changesets -- score normalized to 1
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Branch-Protection⚠️ 0branch protection not enabled on development/release branches
Signed-Releases⚠️ -1no releases found
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
npm/yocto-queue 1.2.2 🟢 3.6
Details
CheckScoreReason
Code-Review⚠️ 1Found 3/17 approved changesets -- score normalized to 1
Maintained⚠️ 00 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Binary-Artifacts🟢 10no binaries found in the repo
Security-Policy🟢 10security policy file detected
Packaging⚠️ -1packaging workflow not detected
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Branch-Protection⚠️ 0branch protection not enabled on development/release branches
Signed-Releases⚠️ -1no releases found
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0

Scanned Files

  • packages/@aws-cdk/toolkit-lib/package.json
  • packages/aws-cdk/package.json
  • yarn.lock

@github-actions github-actions Bot added the p2 label May 25, 2026
@dependabot
chore(deps): bump p-limit from 3.1.0 to 4.0.0
826092f 
Bumps [p-limit](https://github.com/sindresorhus/p-limit) from 3.1.0 to 4.0.0.
- [Release notes](https://github.com/sindresorhus/p-limit/releases)
- [Commits](sindresorhus/p-limit@v3.1.0...v4.0.0)

---
updated-dependencies:
- dependency-name: p-limit
  dependency-version: 4.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/p-limit-4.0.0 branch from b7947b6 to 826092f Compare May 25, 2026 09:53
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@github-actions github-actions[bot] github-actions[bot] approved these changes

Assignees

No one assigned

Labels

auto-approve p2

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants