Skip to content

fix(deps): update npm - website - website/package.json #1131

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

fix(deps): update npm - website - website/package.json #1131

wants to merge 1 commit into from

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Jul 31, 2025
edited
Loading

This PR contains the following updates:

Package Change Age Confidence
axios (source) ^1.10.0 -> ^1.11.0 age confidence
eslint (source) ^9.31.0 -> ^9.33.0 age confidence
react (source) ^19.1.0 -> ^19.1.1 age confidence
react-dom (source) ^19.1.0 -> ^19.1.1 age confidence
react-player ^3.2.0 -> ^3.3.1 age confidence
react-slick (source) ^0.30.3 -> ^0.31.0 age confidence

Release Notes

axios/axios (axios)

v1.11.0

Compare Source

Bug Fixes
Contributors to this release
eslint/eslint (eslint)

v9.33.0

Compare Source

v9.32.0

Compare Source

facebook/react (react)

v19.1.1

Compare Source

facebook/react (react-dom)

v19.1.1

Compare Source

cookpete/react-player (react-player)

v3.3.1

Compare Source

  • fix: merge circular dependency #1964

v3.3.0

Compare Source

16 July 2025

v3.2.1

Compare Source

15 July 2025

akiran/react-slick (react-slick)

v0.31.0

Compare Source

  • Fixed extra clones issue
  • Extra height of slider in vertical mode when number of slides is less than or equal to slidesToShow issue

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@netlify Netlify
Copy link

netlify bot commented Jul 31, 2025
edited
Loading

Deploy Preview for endearing-brigadeiros-63f9d0 ready!

Name Link
🔨 Latest commit 3b1370a
🔍 Latest deploy log https://app.netlify.com/projects/endearing-brigadeiros-63f9d0/deploys/689b38b1126c120008e16b93
😎 Deploy Preview https://deploy-preview-1131--endearing-brigadeiros-63f9d0.netlify.app
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify project configuration.

@github-actions github-actions bot added the fix label Jul 31, 2025
@github-actions GitHub Actions
Copy link

github-actions bot commented Jul 31, 2025
edited
Loading

Dependency Review

The following issues were found:
  • ✅ 0 vulnerable package(s)
  • ✅ 0 package(s) with incompatible licenses
  • ✅ 0 package(s) with invalid SPDX license definitions
  • ⚠️ 9 package(s) with unknown licenses.
See the Details below.

License Issues

website/yarn.lock

PackageVersionLicenseIssue Type
tiktok-video-element0.1.1NullUnknown License
twitch-video-element0.1.4NullUnknown License
cloudflare-video-element1.3.4NullUnknown License
dash-video-element0.1.6NullUnknown License
hls-video-element1.5.7NullUnknown License
spotify-audio-element1.0.3NullUnknown License
vimeo-video-element1.5.4NullUnknown License
wistia-video-element1.3.4NullUnknown License
youtube-video-element1.6.2NullUnknown License
Allowed Licenses: MIT, MIT-0, Apache-2.0, BSD-3-Clause, BSD-3-Clause-Clear, ISC, BSD-2-Clause, Unlicense, CC0-1.0, 0BSD, X11, MPL-2.0, MPL-1.0, MPL-1.1, MPL-2.0, OFL-1.1, Zlib
Excluded from license check: pkg:npm/caniuse-lite

OpenSSF Scorecard

Scorecard details
PackageVersionScoreDetails
npm/axios ^1.11.0 🟢 5.6
Details
CheckScoreReason
Maintained🟢 1027 commit(s) and 25 issue activity found in the last 90 days -- score normalized to 10
Security-Policy🟢 4security policy file detected
Packaging⚠️ -1packaging workflow not detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Code-Review🟢 7Found 17/22 approved changesets -- score normalized to 7
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Binary-Artifacts🟢 10no binaries found in the repo
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Pinned-Dependencies⚠️ 2dependency not pinned by hash detected -- score normalized to 2
License🟢 10license file detected
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Fuzzing⚠️ 0project is not fuzzed
Signed-Releases⚠️ -1no releases found
SAST🟢 9SAST tool detected but not run on all commits
Vulnerabilities⚠️ 043 existing vulnerabilities detected
npm/eslint ^9.33.0 🟢 6.4
Details
CheckScoreReason
Code-Review🟢 7Found 22/30 approved changesets -- score normalized to 7
Maintained🟢 1030 commit(s) and 22 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Packaging⚠️ -1packaging workflow not detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
License🟢 10license file detected
Vulnerabilities🟢 100 existing vulnerabilities detected
Branch-Protection🟢 5branch protection is not maximal on development and all release branches
Security-Policy🟢 4security policy file detected
Signed-Releases⚠️ -1no releases found
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Fuzzing⚠️ 0project is not fuzzed
SAST🟢 10SAST tool is run on all commits
npm/react ^19.1.1 🟢 6.3
Details
CheckScoreReason
Maintained🟢 1030 commit(s) and 9 issue activity found in the last 90 days -- score normalized to 10
Code-Review🟢 8Found 26/30 approved changesets -- score normalized to 8
Security-Policy🟢 10security policy file detected
CII-Best-Practices⚠️ 2badge detected: InProgress
License🟢 10license file detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Signed-Releases⚠️ -1no releases found
Packaging⚠️ -1packaging workflow not detected
Token-Permissions🟢 10GitHub workflow tokens follow principle of least privilege
Binary-Artifacts🟢 9binaries present in source code
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Fuzzing⚠️ 0project is not fuzzed
Vulnerabilities⚠️ 0224 existing vulnerabilities detected
npm/react-dom ^19.1.1 🟢 6.3
Details
CheckScoreReason
Maintained🟢 1030 commit(s) and 9 issue activity found in the last 90 days -- score normalized to 10
Code-Review🟢 8Found 26/30 approved changesets -- score normalized to 8
Security-Policy🟢 10security policy file detected
CII-Best-Practices⚠️ 2badge detected: InProgress
License🟢 10license file detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Signed-Releases⚠️ -1no releases found
Packaging⚠️ -1packaging workflow not detected
Token-Permissions🟢 10GitHub workflow tokens follow principle of least privilege
Binary-Artifacts🟢 9binaries present in source code
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Fuzzing⚠️ 0project is not fuzzed
Vulnerabilities⚠️ 0224 existing vulnerabilities detected
npm/react-player ^3.3.1 🟢 4.4
Details
CheckScoreReason
Code-Review⚠️ 1Found 3/30 approved changesets -- score normalized to 1
Maintained🟢 1018 commit(s) and 21 issue activity found in the last 90 days -- score normalized to 10
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Binary-Artifacts🟢 10no binaries found in the repo
Packaging⚠️ -1packaging workflow not detected
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Pinned-Dependencies🟢 5dependency not pinned by hash detected -- score normalized to 5
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Security-Policy⚠️ 0security policy file not detected
License🟢 10license file detected
Fuzzing⚠️ 0project is not fuzzed
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ 0branch protection not enabled on development/release branches
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities🟢 64 existing vulnerabilities detected
npm/react-slick ^0.31.0 🟢 3.8
Details
CheckScoreReason
Code-Review⚠️ 2Found 3/15 approved changesets -- score normalized to 2
Maintained⚠️ 01 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Dangerous-Workflow⚠️ -1no workflows found
Packaging⚠️ -1packaging workflow not detected
Token-Permissions⚠️ -1No tokens found
Pinned-Dependencies⚠️ -1no dependencies found
Binary-Artifacts🟢 10no binaries found in the repo
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Security-Policy⚠️ 0security policy file not detected
Fuzzing⚠️ 0project is not fuzzed
Vulnerabilities🟢 100 existing vulnerabilities detected
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
npm/@eslint/config-helpers 0.3.1 UnknownUnknown
npm/@eslint/core 0.15.2 UnknownUnknown
npm/@eslint/js 9.33.0 🟢 6.4
Details
CheckScoreReason
Code-Review🟢 7Found 22/30 approved changesets -- score normalized to 7
Maintained🟢 1030 commit(s) and 22 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Packaging⚠️ -1packaging workflow not detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
License🟢 10license file detected
Vulnerabilities🟢 100 existing vulnerabilities detected
Branch-Protection🟢 5branch protection is not maximal on development and all release branches
Security-Policy🟢 4security policy file detected
Signed-Releases⚠️ -1no releases found
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Fuzzing⚠️ 0project is not fuzzed
SAST🟢 10SAST tool is run on all commits
npm/@eslint/plugin-kit 0.3.5 UnknownUnknown
npm/@mux/mux-player 3.5.3 🟢 5
Details
CheckScoreReason
Maintained🟢 1030 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
Code-Review🟢 6Found 15/22 approved changesets -- score normalized to 6
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Binary-Artifacts🟢 10no binaries found in the repo
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Security-Policy⚠️ 0security policy file not detected
Pinned-Dependencies🟢 3dependency not pinned by hash detected -- score normalized to 3
License🟢 10license file detected
Fuzzing⚠️ 0project is not fuzzed
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Packaging🟢 10packaging workflow detected
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities⚠️ 013 existing vulnerabilities detected
npm/@mux/mux-player-react 3.5.3 🟢 5
Details
CheckScoreReason
Maintained🟢 1030 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
Code-Review🟢 6Found 15/22 approved changesets -- score normalized to 6
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Binary-Artifacts🟢 10no binaries found in the repo
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Security-Policy⚠️ 0security policy file not detected
Pinned-Dependencies🟢 3dependency not pinned by hash detected -- score normalized to 3
License🟢 10license file detected
Fuzzing⚠️ 0project is not fuzzed
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Packaging🟢 10packaging workflow detected
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities⚠️ 013 existing vulnerabilities detected
npm/axios 1.11.0 🟢 5.6
Details
CheckScoreReason
Maintained🟢 1027 commit(s) and 25 issue activity found in the last 90 days -- score normalized to 10
Security-Policy🟢 4security policy file detected
Packaging⚠️ -1packaging workflow not detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Code-Review🟢 7Found 17/22 approved changesets -- score normalized to 7
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Binary-Artifacts🟢 10no binaries found in the repo
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Pinned-Dependencies⚠️ 2dependency not pinned by hash detected -- score normalized to 2
License🟢 10license file detected
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Fuzzing⚠️ 0project is not fuzzed
Signed-Releases⚠️ -1no releases found
SAST🟢 9SAST tool detected but not run on all commits
Vulnerabilities⚠️ 043 existing vulnerabilities detected
npm/cloudflare-video-element 1.3.4 UnknownUnknown
npm/dash-video-element 0.1.6 UnknownUnknown
npm/eslint 9.33.0 🟢 6.4
Details
CheckScoreReason
Code-Review🟢 7Found 22/30 approved changesets -- score normalized to 7
Maintained🟢 1030 commit(s) and 22 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Packaging⚠️ -1packaging workflow not detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
License🟢 10license file detected
Vulnerabilities🟢 100 existing vulnerabilities detected
Branch-Protection🟢 5branch protection is not maximal on development and all release branches
Security-Policy🟢 4security policy file detected
Signed-Releases⚠️ -1no releases found
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Fuzzing⚠️ 0project is not fuzzed
SAST🟢 10SAST tool is run on all commits
npm/form-data 4.0.4 🟢 5.9
Details
CheckScoreReason
Packaging⚠️ -1packaging workflow not detected
Binary-Artifacts🟢 10no binaries found in the repo
Maintained🟢 1012 commit(s) and 8 issue activity found in the last 90 days -- score normalized to 10
Code-Review⚠️ 0Found 2/29 approved changesets -- score normalized to 0
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Token-Permissions🟢 10GitHub workflow tokens follow principle of least privilege
Security-Policy⚠️ 0security policy file not detected
Vulnerabilities🟢 100 existing vulnerabilities detected
License🟢 10license file detected
Fuzzing⚠️ 0project is not fuzzed
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
npm/hls-video-element 1.5.7 UnknownUnknown
npm/react 19.1.1 🟢 6.3
Details
CheckScoreReason
Maintained🟢 1030 commit(s) and 9 issue activity found in the last 90 days -- score normalized to 10
Code-Review🟢 8Found 26/30 approved changesets -- score normalized to 8
Security-Policy🟢 10security policy file detected
CII-Best-Practices⚠️ 2badge detected: InProgress
License🟢 10license file detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Signed-Releases⚠️ -1no releases found
Packaging⚠️ -1packaging workflow not detected
Token-Permissions🟢 10GitHub workflow tokens follow principle of least privilege
Binary-Artifacts🟢 9binaries present in source code
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Fuzzing⚠️ 0project is not fuzzed
Vulnerabilities⚠️ 0224 existing vulnerabilities detected
npm/react-dom 19.1.1 🟢 6.3
Details
CheckScoreReason
Maintained🟢 1030 commit(s) and 9 issue activity found in the last 90 days -- score normalized to 10
Code-Review🟢 8Found 26/30 approved changesets -- score normalized to 8
Security-Policy🟢 10security policy file detected
CII-Best-Practices⚠️ 2badge detected: InProgress
License🟢 10license file detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Signed-Releases⚠️ -1no releases found
Packaging⚠️ -1packaging workflow not detected
Token-Permissions🟢 10GitHub workflow tokens follow principle of least privilege
Binary-Artifacts🟢 9binaries present in source code
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Fuzzing⚠️ 0project is not fuzzed
Vulnerabilities⚠️ 0224 existing vulnerabilities detected
npm/react-player 3.3.1 🟢 4.4
Details
CheckScoreReason
Code-Review⚠️ 1Found 3/30 approved changesets -- score normalized to 1
Maintained🟢 1018 commit(s) and 21 issue activity found in the last 90 days -- score normalized to 10
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Binary-Artifacts🟢 10no binaries found in the repo
Packaging⚠️ -1packaging workflow not detected
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Pinned-Dependencies🟢 5dependency not pinned by hash detected -- score normalized to 5
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Security-Policy⚠️ 0security policy file not detected
License🟢 10license file detected
Fuzzing⚠️ 0project is not fuzzed
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ 0branch protection not enabled on development/release branches
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities🟢 64 existing vulnerabilities detected
npm/react-slick 0.31.0 🟢 3.8
Details
CheckScoreReason
Code-Review⚠️ 2Found 3/15 approved changesets -- score normalized to 2
Maintained⚠️ 01 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Dangerous-Workflow⚠️ -1no workflows found
Packaging⚠️ -1packaging workflow not detected
Token-Permissions⚠️ -1No tokens found
Pinned-Dependencies⚠️ -1no dependencies found
Binary-Artifacts🟢 10no binaries found in the repo
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Security-Policy⚠️ 0security policy file not detected
Fuzzing⚠️ 0project is not fuzzed
Vulnerabilities🟢 100 existing vulnerabilities detected
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
npm/spotify-audio-element 1.0.3 UnknownUnknown
npm/tiktok-video-element 0.1.1 UnknownUnknown
npm/twitch-video-element 0.1.4 UnknownUnknown
npm/vimeo-video-element 1.5.4 UnknownUnknown
npm/wistia-video-element 1.3.4 UnknownUnknown
npm/youtube-video-element 1.6.2 UnknownUnknown

Scanned Files

  • website/package.json
  • website/yarn.lock

@codecov Codecov
Copy link

codecov bot commented Jul 31, 2025
edited
Loading

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 83.29%. Comparing base (aaea93a) to head (3b1370a).

Additional details and impacted files 
@@           Coverage Diff           @@
##             main    #1131   +/-   ##
=======================================
  Coverage   83.29%   83.29%           
=======================================
  Files          59       59           
  Lines        2449     2449           
  Branches      280      280           
=======================================
  Hits         2040     2040           
  Misses        365      365           
  Partials       44       44

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@renovate renovate bot force-pushed the renovate/website-manager branch 6 times, most recently from d98a715 to 3245afe Compare August 7, 2025 08:44
@renovate renovate bot force-pushed the renovate/website-manager branch from 3245afe to e079605 Compare August 8, 2025 21:46
@renovate renovate bot force-pushed the renovate/website-manager branch from e079605 to 3b1370a Compare August 12, 2025 12:50
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
fix
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants