build(deps): bump the minor-and-patch group with 13 updates

[dependabot]

Bumps the minor-and-patch group with 13 updates:

Package	From	To
@redhat-cloud-services/frontend-components	7.1.1	7.2.0
@redhat-cloud-services/frontend-components-notifications	6.3.1	6.4.0
@currents/playwright	1.22.1	1.22.2
@typescript-eslint/eslint-plugin	8.57.2	8.58.0
@typescript-eslint/parser	8.57.2	8.58.0
@vitest/coverage-v8	4.1.1	4.1.2
eslint-plugin-testing-library	7.16.1	7.16.2
mini-css-extract-plugin	2.10.1	2.10.2
stylelint	17.5.0	17.6.0
typescript-eslint	8.57.2	8.58.0
vitest	4.1.1	4.1.2
vitest-canvas-mock	1.1.3	1.1.4
webpack-bundle-analyzer	5.2.0	5.3.0

Updates @redhat-cloud-services/frontend-components from 7.1.1 to 7.2.0

Commits

• 2fe1e59 chore(release): publish
• 6c27dfc Merge pull request #2291 from LightOfHeaven1994/labels-as-chips
• eec9da1 feat(Chips): replace deprecated Chip component with Label
• See full diff in compare view

Updates @redhat-cloud-services/frontend-components-notifications from 6.3.1 to 6.4.0

Commits

• 2fe1e59 chore(release): publish
• 6c27dfc Merge pull request #2291 from LightOfHeaven1994/labels-as-chips
• eec9da1 feat(Chips): replace deprecated Chip component with Label
• See full diff in compare view

Updates @currents/playwright from 1.22.1 to 1.22.2

Changelog

Sourced from @​currents/playwright's changelog.

1.22.2 (2026-03-25)

Bug Fixes

• bump axios from 1.13.5 to 1.13.6 (36076c2)
• or8n strip --project from task creation [CSR-4003] (#752) (a698fd0)

Commits

• See full diff in compare view

Updates @typescript-eslint/eslint-plugin from 8.57.2 to 8.58.0

Release notes

Sourced from @​typescript-eslint/eslint-plugin's releases.

v8.58.0

8.58.0 (2026-03-30)

🚀 Features

• support TypeScript 6 (#12124)

🩹 Fixes

• eslint-plugin: crash in no-unnecessary-type-arguments (#12163)
• eslint-plugin: [no-extraneous-class] handle index signatures (#12142)
• eslint-plugin: [prefer-regexp-exec] avoid fixing unknown RegExp flags (#12161)

❤️ Thank You

• ej shafran @​ej-shafran
• Evyatar Daud @​StyleShit
• GG ZIBLAKING
• milkboy2564 @​SeolJaeHyeok
• teee32 @​teee32

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

Changelog

Sourced from @​typescript-eslint/eslint-plugin's changelog.

8.58.0 (2026-03-30)

🚀 Features

• support TypeScript 6 (#12124)

🩹 Fixes

• eslint-plugin: [prefer-regexp-exec] avoid fixing unknown RegExp flags (#12161)
• eslint-plugin: [no-extraneous-class] handle index signatures (#12142)
• eslint-plugin: crash in no-unnecessary-type-arguments (#12163)

❤️ Thank You

• ej shafran @​ej-shafran
• Evyatar Daud @​StyleShit
• GG ZIBLAKING
• milkboy2564 @​SeolJaeHyeok
• teee32 @​teee32

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

Commits

• 4933417 chore(release): publish 8.58.0
• 5a9bd36 fix(eslint-plugin): [prefer-regexp-exec] avoid fixing unknown RegExp flags (#...
• edb90eb fix(eslint-plugin): [no-extraneous-class] handle index signatures (#12142)
• 8cde2d0 feat: support TypeScript 6 (#12124)
• 1bf86c9 fix(eslint-plugin): crash in no-unnecessary-type-arguments (#12163)
• e9cc25a docs(eslint-plugin): fix typo (#12155)
• See full diff in compare view

Updates @typescript-eslint/parser from 8.57.2 to 8.58.0

Release notes

Sourced from @​typescript-eslint/parser's releases.

v8.58.0

8.58.0 (2026-03-30)

🚀 Features

• support TypeScript 6 (#12124)

🩹 Fixes

• eslint-plugin: crash in no-unnecessary-type-arguments (#12163)
• eslint-plugin: [no-extraneous-class] handle index signatures (#12142)
• eslint-plugin: [prefer-regexp-exec] avoid fixing unknown RegExp flags (#12161)

❤️ Thank You

• ej shafran @​ej-shafran
• Evyatar Daud @​StyleShit
• GG ZIBLAKING
• milkboy2564 @​SeolJaeHyeok
• teee32 @​teee32

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

Changelog

Sourced from @​typescript-eslint/parser's changelog.

8.58.0 (2026-03-30)

🚀 Features

• support TypeScript 6 (#12124)

❤️ Thank You

• Evyatar Daud @​StyleShit

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

Commits

• 4933417 chore(release): publish 8.58.0
• 8cde2d0 feat: support TypeScript 6 (#12124)
• See full diff in compare view

Updates @vitest/coverage-v8 from 4.1.1 to 4.1.2

Release notes

Sourced from @​vitest/coverage-v8's releases.

v4.1.2

This release bumps Vitest's flatted version and removes version pinning to resolve flatted's CVE related issues (vitest-dev/vitest#9975).

   🐞 Bug Fixes

• Don't resolve setupFiles from parent directory  -  by @​hi-ogawa in vitest-dev/vitest#9960 (7aa93)
• Ensure sequential mock/unmock resolution  -  by @​hi-ogawa and Claude Opus 4.6 in vitest-dev/vitest#9830 (7c065)
• browser: Take failure screenshot if toMatchScreenshot can't capture a stable screenshot  -  by @​macarie in vitest-dev/vitest#9847 (faace)
• coverage: Correct coverageConfigDefaults values and types  -  by @​Arthie in vitest-dev/vitest#9940 (b3c99)
• pretty-format: Fix output limit over counting  -  by @​hi-ogawa in vitest-dev/vitest#9965 (d3b7a)
• Disable colors if agent is detected  -  by @​sheremet-va and @​AriPerkkio in vitest-dev/vitest#9851 (6f97b)

    View changes on GitHub

Commits

• fc6f482 chore: release v4.1.2
• See full diff in compare view

Updates eslint-plugin-testing-library from 7.16.1 to 7.16.2

Release notes

Sourced from eslint-plugin-testing-library's releases.

v7.16.2

7.16.2 (2026-03-24)

Bug Fixes

• detect userEvent imported from custom module (#1264) (8ef0782), closes #1253

Commits

• 8ef0782 fix: detect userEvent imported from custom module (#1264)
• 66b22c3 test: add coverage for userEvent custom module detection
• 8194593 Merge branch 'main' into pr/fix-user-event-custom-module
• 9d1cb2b fix: detect userEvent helpers from custom module set via utils-module
• 9ce8966 build(deps): bump flatted from 3.4.1 to 3.4.2 in the npm_and_yarn group acros...
• d9d511e build(deps): bump flatted in the npm_and_yarn group across 1 directory
• a092d05 chore(deps): update dependency lint-staged to v16.4.0 (#1255)
• 50e2e5e chore(deps): update dependency tsdown to v0.21.4 (#1262)
• caeb752 chore(deps): update codecov/codecov-action action to v5.5.3 (#1259)
• 2b5a514 chore(deps): update dependency tsdown to v0.21.4
• Additional commits viewable in compare view

Updates mini-css-extract-plugin from 2.10.1 to 2.10.2

Release notes

Sourced from mini-css-extract-plugin's releases.

v2.10.2

All notable changes to this project will be documented in this file. See standard-version for commit guidelines.

2.10.2 (2026-03-26)

Bug Fixes

• use matchResource for importModule when available (#1162) (143693e)

Changelog

Sourced from mini-css-extract-plugin's changelog.

2.10.2 (2026-03-26)

Bug Fixes

• use matchResource for importModule when available (#1162) (143693e)

Commits

• d50f981 chore(release): 2.10.2
• b02c8ac test: more (#1163)
• 143693e fix: use matchResource for importModule when available (#1162)
• See full diff in compare view

Updates stylelint from 17.5.0 to 17.6.0

Release notes

Sourced from stylelint's releases.

17.6.0

It adds support for extending units in languageOptions, which then apply to rules like declaration-property-value-no-unknown, and fixes 2 bugs.

• Added: support for extending units to languageOptions (#9166) (@​jeddy3).
• Fixed: missing ruleMetadata when linting multiple files with overrides (#9154) (@​kovsu).
• Fixed: custom-property-no-missing-var-function false positives for timeline-scope and animation-timeline (#9164) (@​splincode).

Changelog

Sourced from stylelint's changelog.

17.6.0 - 2026-03-26

It adds support for extending units in languageOptions, which then apply to rules like declaration-property-value-no-unknown, and fixes 2 bugs.

• Added: support for extending units to languageOptions (#9166) (@​jeddy3).
• Fixed: missing ruleMetadata when linting multiple files with overrides (#9154) (@​kovsu).
• Fixed: custom-property-no-missing-var-function false positives for timeline-scope and animation-timeline (#9164) (@​splincode).

Commits

• f74ceaf Release 17.6.0 (#9180)
• 895f7f2 Add support for extending units to languageOptions (#9166)
• dd7231b Refactor to replace imurmurhash with node:crypto (#9177)
• 5b6b024 Bump picomatch (#9178)
• 7e25378 Bump @​csstools/css-syntax-patches-for-csstree from 1.0.29 to 1.1.1 in the css...
• 9edeff4 Group csstree and @csstools/css-syntax-patches-for-csstree in dependabot ...
• 2f7c0ca Bump actions/download-artifact from 8.0.0 to 8.0.1 (#9167)
• 59f310d Bump write-file-atomic from 7.0.0 to 7.0.1 (#9169)
• ab2ffcb Bump @​vscode/windows-process-tree from 0.6.3 to 0.7.0 (#9170)
• a9f3e5b Bump lint-staged from 16.3.3 to 16.4.0 (#9171)
• Additional commits viewable in compare view

Updates typescript-eslint from 8.57.2 to 8.58.0

Release notes

Sourced from typescript-eslint's releases.

v8.58.0

8.58.0 (2026-03-30)

🚀 Features

• support TypeScript 6 (#12124)

🩹 Fixes

• eslint-plugin: crash in no-unnecessary-type-arguments (#12163)
• eslint-plugin: [no-extraneous-class] handle index signatures (#12142)
• eslint-plugin: [prefer-regexp-exec] avoid fixing unknown RegExp flags (#12161)

❤️ Thank You

• ej shafran @​ej-shafran
• Evyatar Daud @​StyleShit
• GG ZIBLAKING
• milkboy2564 @​SeolJaeHyeok
• teee32 @​teee32

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

Changelog

Sourced from typescript-eslint's changelog.

8.58.0 (2026-03-30)

🚀 Features

• support TypeScript 6 (#12124)

❤️ Thank You

• Evyatar Daud @​StyleShit

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

Commits

• 4933417 chore(release): publish 8.58.0
• 8cde2d0 feat: support TypeScript 6 (#12124)
• See full diff in compare view

Updates vitest from 4.1.1 to 4.1.2

Release notes

Sourced from vitest's releases.

v4.1.2

This release bumps Vitest's flatted version and removes version pinning to resolve flatted's CVE related issues (vitest-dev/vitest#9975).

   🐞 Bug Fixes

• Don't resolve setupFiles from parent directory  -  by @​hi-ogawa in vitest-dev/vitest#9960 (7aa93)
• Ensure sequential mock/unmock resolution  -  by @​hi-ogawa and Claude Opus 4.6 in vitest-dev/vitest#9830 (7c065)
• browser: Take failure screenshot if toMatchScreenshot can't capture a stable screenshot  -  by @​macarie in vitest-dev/vitest#9847 (faace)
• coverage: Correct coverageConfigDefaults values and types  -  by @​Arthie in vitest-dev/vitest#9940 (b3c99)
• pretty-format: Fix output limit over counting  -  by @​hi-ogawa in vitest-dev/vitest#9965 (d3b7a)
• Disable colors if agent is detected  -  by @​sheremet-va and @​AriPerkkio in vitest-dev/vitest#9851 (6f97b)

    View changes on GitHub

Commits

• fc6f482 chore: release v4.1.2
• 6f97b55 feat: disable colors if agent is detected (#9851)
• b3c992c fix(coverage): correct coverageConfigDefaults values and types (#9940)
• 7c06598 fix: ensure sequential mock/unmock resolution (#9830)
• f54abad chore: add typo-checker skill and fix typos (#9963)
• 7aa9377 fix: don't resolve setupFiles from parent directory (#9960)
• See full diff in compare view

Updates vitest-canvas-mock from 1.1.3 to 1.1.4

Release notes

Sourced from vitest-canvas-mock's releases.

v1.1.4

Patch Changes

• 5dcbbc6: Publish with updated README

Changelog

Sourced from vitest-canvas-mock's changelog.

1.1.4

Patch Changes

• 5dcbbc6: Publish with updated README

Commits

• dcec98e Merge pull request #28 from wobsoriano/changeset-release/main
• 21e6d15 Version Packages
• 5dcbbc6 chore: README update changeset
• c419652 chore: update README
• 1caf37c Clarify credit to original author in README
• f57c744 Merge pull request #27 from wobsoriano/vite-plus-migrate
• c7a6cea ci: use vp instead of pnpm
• ef7d744 ci: remove typecheck
• 1b55a2a chore: clean up
• e29a124 chore: Migrate to vite plus
• Additional commits viewable in compare view

Updates webpack-bundle-analyzer from 5.2.0 to 5.3.0

Release notes

Sourced from webpack-bundle-analyzer's releases.

v5.3.0

Minor Changes

• Use new ECMA features in code. (by @​alexander-akait in #713)

• Added propTypes to client components. (by @​alexander-akait in #713)

Patch Changes

• Fix a race condition in writeStats that could lead to incorrect content in stats.json. (by @​alexander-akait in #713)

• Apply prettier and update dependencies. (by @​alexander-akait in #713)

Changelog

Sourced from webpack-bundle-analyzer's changelog.

5.3.0

Minor Changes

• Use new ECMA features in code. (by @​alexander-akait in #713)

• Added propTypes to client components. (by @​alexander-akait in #713)

Patch Changes

• Fix a race condition in writeStats that could lead to incorrect content in stats.json. (by @​alexander-akait in #713)

• Apply prettier and update dependencies. (by @​alexander-akait in #713)

Commits

• 9ba43c7 chore(release): new release (#714)
• 8a91940 ci: trusted publishers (#713)
• b3f44b0 fix: race condition in writeStats (#711)
• 3710653 refactor: adding typescript jsdocs types (#710)
• 77599a4 refactor: improve prop types and fix mobx (#709)
• 26b83f6 test: refactor infra (#708)
• 2588e54 ci: add codecov and fix test (#705)
• be761ef update eslint and apply eslint-config-webpack (#701)
• 1c23a2a refactor: more ES6 code and code improvements (#700)
• 4af64e3 chore: improve package.json (#695)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for webpack-bundle-analyzer since your current version.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[github-actions]

Dependency Review

The following issues were found:

• ✅ 0 vulnerable package(s)
• ✅ 0 package(s) with incompatible licenses
• ✅ 0 package(s) with invalid SPDX license definitions
• ✅ 0 package(s) with unknown licenses.
• ⚠️ 1 packages with OpenSSF Scorecard issues.

See the Details below.

Snapshot Warnings

⚠️: No snapshots were found for the head SHA 636d755.

Ensure that dependencies are being submitted on PR branches and consider enabling retry-on-snapshot-warnings. See the documentation for more information and troubleshooting advice.

OpenSSF Scorecard

Scorecard details

Package	Version	Score	Details
npm/@currents/playwright	1.22.2	Unknown	Unknown
npm/@discoveryjs/json-ext	0.6.3	🟢 4.1	Details Check Score Reason Code-Review ⚠️ 0 Found 1/30 approved changesets -- score normalized to 0 Maintained 🟢 10 16 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 10 Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Binary-Artifacts 🟢 10 no binaries found in the repo Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy ⚠️ 0 security policy file not detected License 🟢 10 license file detected Fuzzing ⚠️ 0 project is not fuzzed Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Signed-Releases ⚠️ -1 no releases found Pinned-Dependencies 🟢 4 dependency not pinned by hash detected -- score normalized to 4 SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
npm/@redhat-cloud-services/frontend-components	7.2.0	🟢 6	Details Check Score Reason Code-Review 🟢 5 Found 11/21 approved changesets -- score normalized to 5 Maintained 🟢 10 30 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Binary-Artifacts 🟢 10 no binaries found in the repo License 🟢 10 license file detected Fuzzing ⚠️ 0 project is not fuzzed Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md Signed-Releases ⚠️ -1 no releases found Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Security-Policy ⚠️ 0 security policy file not detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
npm/@redhat-cloud-services/frontend-components-notifications	6.4.0	🟢 6	Details Check Score Reason Code-Review 🟢 5 Found 11/21 approved changesets -- score normalized to 5 Maintained 🟢 10 30 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Binary-Artifacts 🟢 10 no binaries found in the repo License 🟢 10 license file detected Fuzzing ⚠️ 0 project is not fuzzed Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md Signed-Releases ⚠️ -1 no releases found Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Security-Policy ⚠️ 0 security policy file not detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
npm/@typescript-eslint/eslint-plugin	8.58.0	Unknown	Unknown
npm/@typescript-eslint/parser	8.58.0	Unknown	Unknown
npm/@typescript-eslint/project-service	8.58.0	Unknown	Unknown
npm/@typescript-eslint/scope-manager	8.58.0	Unknown	Unknown
npm/@typescript-eslint/tsconfig-utils	8.58.0	Unknown	Unknown
npm/@typescript-eslint/type-utils	8.58.0	Unknown	Unknown
npm/@typescript-eslint/types	8.58.0	Unknown	Unknown
npm/@typescript-eslint/typescript-estree	8.58.0	Unknown	Unknown
npm/@typescript-eslint/utils	8.58.0	Unknown	Unknown
npm/@typescript-eslint/visitor-keys	8.58.0	Unknown	Unknown
npm/@vitest/coverage-v8	4.1.2	Unknown	Unknown
npm/@vitest/expect	4.1.2	Unknown	Unknown
npm/@vitest/mocker	4.1.2	Unknown	Unknown
npm/@vitest/pretty-format	4.1.2	Unknown	Unknown
npm/@vitest/runner	4.1.2	Unknown	Unknown
npm/@vitest/snapshot	4.1.2	Unknown	Unknown
npm/@vitest/spy	4.1.2	Unknown	Unknown
npm/@vitest/utils	4.1.2	Unknown	Unknown
npm/axios	1.14.0	🟢 5.5	Details Check Score Reason Code-Review ⚠️ 2 Found 7/24 approved changesets -- score normalized to 2 Maintained 🟢 10 30 commit(s) and 13 issue activity found in the last 90 days -- score normalized to 10 Security-Policy 🟢 4 security policy file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Binary-Artifacts 🟢 10 no binaries found in the repo Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Pinned-Dependencies ⚠️ 2 dependency not pinned by hash detected -- score normalized to 2 License 🟢 10 license file detected Fuzzing ⚠️ 0 project is not fuzzed Signed-Releases ⚠️ -1 no releases found Branch-Protection 🟢 3 branch protection is not maximal on development and all release branches Packaging 🟢 10 packaging workflow detected SAST 🟢 7 SAST tool is not run on all commits -- score normalized to 7
npm/commander	14.0.3	🟢 7	Details Check Score Reason Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Code-Review 🟢 8 Found 8/9 approved changesets -- score normalized to 8 Maintained 🟢 10 7 commit(s) and 11 issue activity found in the last 90 days -- score normalized to 10 Packaging ⚠️ -1 packaging workflow not detected Security-Policy 🟢 10 security policy file detected Token-Permissions 🟢 9 detected GitHub workflow tokens with excessive permissions Pinned-Dependencies ⚠️ 1 dependency not pinned by hash detected -- score normalized to 1 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Binary-Artifacts 🟢 10 no binaries found in the repo License 🟢 10 license file detected Fuzzing ⚠️ 0 project is not fuzzed Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Signed-Releases ⚠️ -1 no releases found SAST 🟢 10 SAST tool is run on all commits
npm/escape-string-regexp	5.0.0	🟢 3.7	Details Check Score Reason Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Security-Policy 🟢 10 security policy file detected Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Packaging ⚠️ -1 packaging workflow not detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Maintained ⚠️ 0 0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0 Code-Review ⚠️ 2 Found 6/30 approved changesets -- score normalized to 2 Binary-Artifacts 🟢 10 no binaries found in the repo CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Signed-Releases ⚠️ -1 no releases found SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
npm/eslint-plugin-testing-library	7.16.2	🟢 6.3	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 10 Packaging ⚠️ -1 packaging workflow not detected Code-Review 🟢 10 all changesets reviewed Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Binary-Artifacts 🟢 10 no binaries found in the repo Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Pinned-Dependencies 🟢 8 dependency not pinned by hash detected -- score normalized to 8 License 🟢 10 license file detected Fuzzing ⚠️ 0 project is not fuzzed Signed-Releases ⚠️ -1 no releases found Branch-Protection 🟢 4 branch protection is not maximal on development and all release branches Security-Policy ⚠️ 0 security policy file not detected SAST 🟢 8 SAST tool is not run on all commits -- score normalized to 8
npm/html-escaper	3.0.3	⚠️ 2	Details Check Score Reason Code-Review ⚠️ 0 Found 0/27 approved changesets -- score normalized to 0 Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow ⚠️ -1 no workflows found Maintained ⚠️ 0 0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0 Pinned-Dependencies ⚠️ -1 no dependencies found Token-Permissions ⚠️ -1 No tokens found Binary-Artifacts 🟢 10 no binaries found in the repo CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy ⚠️ 0 security policy file not detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
npm/mini-css-extract-plugin	2.10.2	Unknown	Unknown
npm/proxy-from-env	2.1.0	🟢 3.9	Details Check Score Reason Binary-Artifacts 🟢 10 no binaries found in the repo Packaging ⚠️ -1 packaging workflow not detected Code-Review ⚠️ 1 Found 4/30 approved changesets -- score normalized to 1 Maintained 🟢 10 19 commit(s) and 7 issue activity found in the last 90 days -- score normalized to 10 Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy ⚠️ 0 security policy file not detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Signed-Releases ⚠️ -1 no releases found SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
npm/stylelint	17.6.0	🟢 7.4	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 26 issue activity found in the last 90 days -- score normalized to 10 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected Code-Review 🟢 10 all changesets reviewed Token-Permissions 🟢 8 detected GitHub workflow tokens with excessive permissions Binary-Artifacts 🟢 10 no binaries found in the repo CII-Best-Practices ⚠️ 2 badge detected: InProgress Pinned-Dependencies 🟢 7 dependency not pinned by hash detected -- score normalized to 7 Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection 🟢 4 branch protection is not maximal on development and all release branches Security-Policy 🟢 4 security policy file detected SAST 🟢 7 SAST tool is not run on all commits -- score normalized to 7
npm/tinyrainbow	3.1.0	Unknown	Unknown
npm/ts-api-utils	2.5.0	Unknown	Unknown
npm/typescript-eslint	8.58.0	🟢 5.8	Details Check Score Reason Code-Review 🟢 7 Found 21/27 approved changesets -- score normalized to 7 Packaging ⚠️ -1 packaging workflow not detected Maintained 🟢 10 30 commit(s) and 18 issue activity found in the last 90 days -- score normalized to 10 Security-Policy 🟢 10 security policy file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md Signed-Releases ⚠️ -1 no releases found Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
npm/vitest	4.1.2	Unknown	Unknown
npm/vitest-canvas-mock	1.1.4	Unknown	Unknown
npm/webpack-bundle-analyzer	5.3.0	Unknown	Unknown
npm/write-file-atomic	7.0.1	🟢 6.1	Details Check Score Reason Code-Review 🟢 10 all changesets reviewed Security-Policy 🟢 10 security policy file detected Binary-Artifacts 🟢 10 no binaries found in the repo Maintained 🟢 4 5 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 4 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md SAST 🟢 8 SAST tool detected but not run on all commits

Scanned Files

• package-lock.json