Bump the dev-dependencies group across 1 directory with 4 updates

[dependabot]

Bumps the dev-dependencies group with 4 updates in the / directory: eslint, eslint-plugin-yml, markdownlint-cli and sort-package-json.

Updates eslint from 9.23.0 to 9.27.0

Release notes

Sourced from eslint's releases.

v9.27.0

Features

• d71e37f feat: Allow flags to be set in ESLINT_FLAGS env variable (#19717) (Nicholas C. Zakas)
• ba456e0 feat: Externalize MCP server (#19699) (Nicholas C. Zakas)
• 07c1a7e feat: add allowRegexCharacters to no-useless-escape (#19705) (sethamus)
• 7bc6c71 feat: add no-unassigned-vars rule (#19618) (Jacob Bandes-Storch)
• ee40364 feat: convert no-array-constructor suggestions to autofixes (#19621) (sethamus)
• 32957cd feat: support TS syntax in max-params (#19557) (Nitin Kumar)

Bug Fixes

• 5687ce7 fix: correct mismatched removed rules (#19734) (루밀LuMir)
• dc5ed33 fix: correct types and tighten type definitions in SourceCode class (#19731) (루밀LuMir)
• de1b5de fix: correct service property name in Linter.ESLintParseResult type (#19713) (Francesco Trotta)
• 60c3e2c fix: sort keys in eslint-suppressions.json to avoid git churn (#19711) (Ron Waldon-Howe)
• 9da90ca fix: add allowReserved to Linter.ParserOptions type (#19710) (Francesco Trotta)
• fbb8be9 fix: add info to ESLint.DeprecatedRuleUse type (#19701) (Francesco Trotta)

Documentation

• 25de550 docs: Update description of frozen rules to mention TypeScript (#19736) (Nicholas C. Zakas)
• bd5def6 docs: Clean up configuration files docs (#19735) (Nicholas C. Zakas)
• 4d0c60d docs: Add Neovim to editor integrations (#19729) (Maria José Solano)
• 71317eb docs: Update README (GitHub Actions Bot)
• 4c289e6 docs: Update README (GitHub Actions Bot)
• f0f0d46 docs: clarify that unused suppressions cause non-zero exit code (#19698) (Milos Djermanovic)
• 8ed3273 docs: fix internal usages of ConfigData type (#19688) (Francesco Trotta)
• eb316a8 docs: add fmt and check sections to Package.json Conventions (#19686) (루밀LuMir)
• a3a2559 docs: fix wording in Combine Configs (#19685) (Milos Djermanovic)
• c8d17e1 docs: Update README (GitHub Actions Bot)

Chores

• f8f1560 chore: upgrade @​eslint/js@​9.27.0 (#19739) (Milos Djermanovic)
• ecaef73 chore: package.json update for @​eslint/js release (Jenkins)
• 596fdc6 chore: update dependency @​arethetypeswrong/cli to ^0.18.0 (#19732) (renovate[bot])
• f791da0 chore: remove unbalanced curly brace from .editorconfig (#19730) (Maria José Solano)
• e86edee refactor: Consolidate Config helpers (#19675) (Nicholas C. Zakas)
• cf36352 chore: remove shared types (#19718) (Francesco Trotta)
• f60f276 refactor: Easier RuleContext creation (#19709) (Nicholas C. Zakas)
• 58a171e chore: update dependency @​eslint/plugin-kit to ^0.3.1 (#19712) (renovate[bot])
• 3a075a2 chore: update dependency @​eslint/core to ^0.14.0 (#19715) (renovate[bot])
• 44bac9d ci: run tests in Node.js 24 (#19702) (Francesco Trotta)
• 35304dd chore: add missing funding field to packages (#19684) (루밀LuMir)
• f305beb test: mock process.emitWarning to prevent output disruption (#19687) (Francesco Trotta)

v9.26.0

Features

• e9754e7 feat: add reportGlobalThis to no-shadow-restricted-names (#19670) (sethamus)
• 0fa2b7a feat: add suggestions for eqeqeq rule (#19640) (Nitin Kumar)
• dcbdcc9 feat: Add MCP server (#19592) (Nicholas C. Zakas)
• 2dfd83e feat: add ignoreDirectives option in no-unused-expressions (#19645) (sethamus)

... (truncated)

Changelog

Sourced from eslint's changelog.

v9.27.0 - May 16, 2025

• f8f1560 chore: upgrade @​eslint/js@​9.27.0 (#19739) (Milos Djermanovic)
• ecaef73 chore: package.json update for @​eslint/js release (Jenkins)
• 25de550 docs: Update description of frozen rules to mention TypeScript (#19736) (Nicholas C. Zakas)
• bd5def6 docs: Clean up configuration files docs (#19735) (Nicholas C. Zakas)
• d71e37f feat: Allow flags to be set in ESLINT_FLAGS env variable (#19717) (Nicholas C. Zakas)
• 5687ce7 fix: correct mismatched removed rules (#19734) (루밀LuMir)
• 596fdc6 chore: update dependency @​arethetypeswrong/cli to ^0.18.0 (#19732) (renovate[bot])
• ba456e0 feat: Externalize MCP server (#19699) (Nicholas C. Zakas)
• dc5ed33 fix: correct types and tighten type definitions in SourceCode class (#19731) (루밀LuMir)
• 4d0c60d docs: Add Neovim to editor integrations (#19729) (Maria José Solano)
• f791da0 chore: remove unbalanced curly brace from .editorconfig (#19730) (Maria José Solano)
• e86edee refactor: Consolidate Config helpers (#19675) (Nicholas C. Zakas)
• 07c1a7e feat: add allowRegexCharacters to no-useless-escape (#19705) (sethamus)
• cf36352 chore: remove shared types (#19718) (Francesco Trotta)
• f60f276 refactor: Easier RuleContext creation (#19709) (Nicholas C. Zakas)
• 71317eb docs: Update README (GitHub Actions Bot)
• de1b5de fix: correct service property name in Linter.ESLintParseResult type (#19713) (Francesco Trotta)
• 58a171e chore: update dependency @​eslint/plugin-kit to ^0.3.1 (#19712) (renovate[bot])
• 3a075a2 chore: update dependency @​eslint/core to ^0.14.0 (#19715) (renovate[bot])
• 60c3e2c fix: sort keys in eslint-suppressions.json to avoid git churn (#19711) (Ron Waldon-Howe)
• 4c289e6 docs: Update README (GitHub Actions Bot)
• 9da90ca fix: add allowReserved to Linter.ParserOptions type (#19710) (Francesco Trotta)
• 7bc6c71 feat: add no-unassigned-vars rule (#19618) (Jacob Bandes-Storch)
• ee40364 feat: convert no-array-constructor suggestions to autofixes (#19621) (sethamus)
• fbb8be9 fix: add info to ESLint.DeprecatedRuleUse type (#19701) (Francesco Trotta)
• f0f0d46 docs: clarify that unused suppressions cause non-zero exit code (#19698) (Milos Djermanovic)
• 44bac9d ci: run tests in Node.js 24 (#19702) (Francesco Trotta)
• 32957cd feat: support TS syntax in max-params (#19557) (Nitin Kumar)
• 35304dd chore: add missing funding field to packages (#19684) (루밀LuMir)
• 8ed3273 docs: fix internal usages of ConfigData type (#19688) (Francesco Trotta)
• f305beb test: mock process.emitWarning to prevent output disruption (#19687) (Francesco Trotta)
• eb316a8 docs: add fmt and check sections to Package.json Conventions (#19686) (루밀LuMir)
• a3a2559 docs: fix wording in Combine Configs (#19685) (Milos Djermanovic)
• c8d17e1 docs: Update README (GitHub Actions Bot)

v9.26.0 - May 2, 2025

• 5b247c8 chore: upgrade to @eslint/[email protected] (#19681) (Francesco Trotta)
• d6fa4ac chore: package.json update for @​eslint/js release (Jenkins)
• e9754e7 feat: add reportGlobalThis to no-shadow-restricted-names (#19670) (sethamus)
• 0fa2b7a feat: add suggestions for eqeqeq rule (#19640) (Nitin Kumar)
• dd98d63 docs: Update README (GitHub Actions Bot)
• 96e84de fix: check cache file existence before deletion (#19648) (sethamus)
• c25e858 docs: Update README (GitHub Actions Bot)
• 0958690 chore: disambiguate internal types LanguageOptions and Rule (#19669) (Francesco Trotta)
• dcbdcc9 feat: Add MCP server (#19592) (Nicholas C. Zakas)
• b2397e9 docs: Update README (GitHub Actions Bot)
• d683aeb fix: don't crash on tests with circular references in RuleTester (#19664) (Milos Djermanovic)

... (truncated)

Commits

• b9080cf 9.27.0
• b7a5c66 Build: changelog update for 9.27.0
• f8f1560 chore: upgrade @​eslint/js@​9.27.0 (#19739)
• ecaef73 chore: package.json update for @​eslint/js release
• 25de550 docs: Update description of frozen rules to mention TypeScript (#19736)
• bd5def6 docs: Clean up configuration files docs (#19735)
• d71e37f feat: Allow flags to be set in ESLINT_FLAGS env variable (#19717)
• 5687ce7 fix: correct mismatched removed rules (#19734)
• 596fdc6 chore: update dependency @​arethetypeswrong/cli to ^0.18.0 (#19732)
• ba456e0 feat: Externalize MCP server (#19699)
• Additional commits viewable in compare view

Updates eslint-plugin-yml from 1.17.0 to 1.18.0

Release notes

Sourced from eslint-plugin-yml's releases.

v1.18.0

Minor Changes

• #427 a61a2a4 Thanks @​ota-meshi! - feat: alignMultilineFlowScalar option to indent rule

Changelog

Sourced from eslint-plugin-yml's changelog.

1.18.0

Minor Changes

• #427 a61a2a4 Thanks @​ota-meshi! - feat: alignMultilineFlowScalar option to indent rule

Commits

• 0ec18a8 chore: release eslint-plugin-yml (#428)
• a61a2a4 feat: alignMultilineFlowScalars option to indent rule (#427)
• a0ab30c fix typo
• 7b320ab chore(deps): update typescript-eslint monorepo to ~8.31.0 (#425)
• 83972a2 chore(deps): update dependency @​eslint/json to ^0.12.0 (#424)
• cfb74bb chore(deps): update typescript-eslint monorepo to ~8.30.0 (#421)
• c3c85c3 chore(deps): update dependency stylelint-config-standard to v38 (#419)
• b463c5f chore(deps): update npm to v11.3.0 (#420)
• 4f65f16 chore(deps): update typescript-eslint monorepo to ~8.29.0 (#418)
• c747214 chore(deps): update typescript-eslint monorepo to ~8.28.0 (#417)
• Additional commits viewable in compare view

Updates markdownlint-cli from 0.44.0 to 0.45.0

Release notes

Sourced from markdownlint-cli's releases.

v0.45.0

• Update markdownlint dependency to 0.38.0
  • Add MD059/descriptive-link-text
  • Improve MD025/MD027/MD036/MD038/MD041/MD043/MD045/MD051/MD052
  • Remove support for end-of-life Node version 18
• Update all dependencies via Dependabot

Commits

• 192ad82 Bump version 0.45.0
• f6225d2 Bump nano-spawn from 0.2.0 to 1.0.1
• 1b8554a Add released Node version 24 to CI workflow.
• 836379f Remove optional constant fs.R_OK
• 1a19ddb Bump minimatch from 9.0.5 to 10.0.1
• 5033e1e Pass newly-required markdownItFactory option to markdownlint.
• b7e47f8 Bump markdownlint from 0.37.4 to 0.38.0
• c3fa9f5 Bump glob from 10.4.5 to 11.0.2
• b983f61 Remove support for end-of-life Node.js version 18.
• 8878ef0 Bump ignore from 7.0.3 to 7.0.4
• Additional commits viewable in compare view

Updates sort-package-json from 3.0.0 to 3.2.1

Release notes

Sourced from sort-package-json's releases.

v3.2.1

3.2.1 (2025-05-08)

Bug Fixes

• prevent sorting when npm-run-all2 is used (#361) (aa6774a), closes #359

v3.2.0

3.2.0 (2025-05-04)

Features

• sort dependencies with npm algorithm, sort npm Overrides key (#358) (27e4b7b)

v3.1.0

3.1.0 (2025-04-29)

Features

• allow sort scripts without run-s (#277) (9f1101b)

Commits

• aa6774a fix: prevent sorting when npm-run-all2 is used (#361)
• 27e4b7b feat: sort dependencies with npm algorithm, sort npm Overrides key (#358)
• 9f1101b feat: allow sort scripts without run-s (#277)
• 819cd97 refactor: use Array#toSorted() (#352)
• 6e739b2 refactor: make CLI async (#286)
• b3be166 test: switch nyc to c8 (#341)
• acd24cf refactor: replace get-stdin with native alternative (#345)
• c583a38 chore: update git-hooks-list to v4 (#339)
• 26857d5 chore: update husky to v9 (#338)
• 553dfe1 refactor(cli): use util.parseArgs to parse arguments (#283)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[github-actions]

Auto-merging this Dependabot PR.

[github-actions]

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

Scorecard details

Package	Version	Score	Details
npm/@eslint/config-array	0.20.0	Unknown	Unknown
npm/@eslint/config-helpers	0.2.2	Unknown	Unknown
npm/@eslint/core	0.14.0	Unknown	Unknown
npm/@eslint/js	9.27.0	🟢 6.9	Details Check Score Reason Code-Review 🟢 7 Found 21/28 approved changesets -- score normalized to 7 Packaging ⚠️ -1 packaging workflow not detected Maintained 🟢 10 30 commit(s) and 26 issue activity found in the last 90 days -- score normalized to 10 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions License 🟢 10 license file detected Vulnerabilities 🟢 10 0 existing vulnerabilities detected Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Security-Policy 🟢 10 security policy file detected Fuzzing ⚠️ 0 project is not fuzzed SAST 🟢 10 SAST tool is run on all commits
npm/@eslint/plugin-kit	0.3.1	Unknown	Unknown
npm/eslint	9.27.0	🟢 6.9	Details Check Score Reason Code-Review 🟢 7 Found 21/28 approved changesets -- score normalized to 7 Packaging ⚠️ -1 packaging workflow not detected Maintained 🟢 10 30 commit(s) and 26 issue activity found in the last 90 days -- score normalized to 10 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions License 🟢 10 license file detected Vulnerabilities 🟢 10 0 existing vulnerabilities detected Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Security-Policy 🟢 10 security policy file detected Fuzzing ⚠️ 0 project is not fuzzed SAST 🟢 10 SAST tool is run on all commits
npm/eslint-plugin-yml	1.18.0	🟢 4.4	Details Check Score Reason Maintained 🟢 10 26 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 10 Code-Review ⚠️ 0 Found 1/27 approved changesets -- score normalized to 0 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Packaging ⚠️ -1 packaging workflow not detected Security-Policy ⚠️ 0 security policy file not detected License 🟢 10 license file detected Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Signed-Releases ⚠️ -1 no releases found Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Vulnerabilities 🟢 10 0 existing vulnerabilities detected Fuzzing ⚠️ 0 project is not fuzzed Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
npm/git-hooks-list	4.1.1	🟢 5	Details Check Score Reason Code-Review ⚠️ 0 Found 0/27 approved changesets -- score normalized to 0 Packaging ⚠️ -1 packaging workflow not detected Maintained 🟢 10 22 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Binary-Artifacts 🟢 10 no binaries found in the repo CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy 🟢 10 security policy file detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Vulnerabilities 🟢 10 0 existing vulnerabilities detected License 🟢 10 license file detected Fuzzing ⚠️ 0 project is not fuzzed Signed-Releases ⚠️ -1 no releases found Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
npm/glob	11.0.2	🟢 3.5	Details Check Score Reason Maintained ⚠️ 1 2 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 1 Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Code-Review ⚠️ 0 Found 2/30 approved changesets -- score normalized to 0 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 1 dependency not pinned by hash detected -- score normalized to 1 Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Security-Policy ⚠️ 0 security policy file not detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Vulnerabilities 🟢 9 1 existing vulnerabilities detected
npm/ignore	7.0.4	🟢 4	Details Check Score Reason Maintained 🟢 6 5 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 6 Binary-Artifacts 🟢 10 no binaries found in the repo Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Packaging ⚠️ -1 packaging workflow not detected Code-Review ⚠️ 0 Found 1/12 approved changesets -- score normalized to 0 Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy ⚠️ 0 security policy file not detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 9 license file detected Vulnerabilities 🟢 10 0 existing vulnerabilities detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
npm/jackspeak	4.1.0	🟢 3.5	Details Check Score Reason Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Maintained 🟢 3 4 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 3 Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Packaging ⚠️ -1 packaging workflow not detected Code-Review ⚠️ 0 Found 1/22 approved changesets -- score normalized to 0 Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 9 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Security-Policy ⚠️ 0 security policy file not detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Vulnerabilities 🟢 8 2 existing vulnerabilities detected
npm/katex	0.16.22	🟢 3.5	Details Check Score Reason Code-Review ⚠️ 2 Found 7/26 approved changesets -- score normalized to 2 Security-Policy 🟢 10 security policy file detected Dangerous-Workflow ⚠️ 0 dangerous workflow patterns detected Maintained 🟢 9 3 commit(s) and 8 issue activity found in the last 90 days -- score normalized to 9 Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Binary-Artifacts 🟢 10 no binaries found in the repo License 🟢 10 license file detected Fuzzing ⚠️ 0 project is not fuzzed Packaging ⚠️ -1 packaging workflow not detected Signed-Releases ⚠️ 0 Project has not signed or included provenance with any releases. Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 SAST 🟢 10 SAST tool is run on all commits Vulnerabilities ⚠️ 0 74 existing vulnerabilities detected
npm/lru-cache	11.1.0	🟢 4.5	Details Check Score Reason Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Code-Review ⚠️ 0 Found 1/30 approved changesets -- score normalized to 0 Packaging ⚠️ -1 packaging workflow not detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Binary-Artifacts 🟢 10 no binaries found in the repo Maintained 🟢 7 8 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 7 Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Security-Policy ⚠️ 0 security policy file not detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Vulnerabilities 🟢 10 0 existing vulnerabilities detected
npm/markdownlint	0.38.0	🟢 5.5	Details Check Score Reason Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected Code-Review ⚠️ 0 Found 0/17 approved changesets -- score normalized to 0 Maintained 🟢 10 30 commit(s) and 15 issue activity found in the last 90 days -- score normalized to 10 Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy ⚠️ 0 security policy file not detected Binary-Artifacts 🟢 10 no binaries found in the repo License 🟢 10 license file detected Fuzzing ⚠️ 0 project is not fuzzed Vulnerabilities 🟢 10 0 existing vulnerabilities detected Pinned-Dependencies ⚠️ 1 dependency not pinned by hash detected -- score normalized to 1 Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration SAST 🟢 9 SAST tool detected but not run on all commits
npm/markdownlint-cli	0.45.0	🟢 4.9	Details Check Score Reason Code-Review ⚠️ 2 Found 2/9 approved changesets -- score normalized to 2 Maintained 🟢 10 11 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 10 Binary-Artifacts 🟢 10 no binaries found in the repo CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Security-Policy ⚠️ 0 security policy file not detected License 🟢 10 license file detected Fuzzing ⚠️ 0 project is not fuzzed Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Pinned-Dependencies ⚠️ 1 dependency not pinned by hash detected -- score normalized to 1 Packaging 🟢 10 packaging workflow detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Vulnerabilities 🟢 10 0 existing vulnerabilities detected
npm/micromark	4.0.2	🟢 5.1	Details Check Score Reason Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Maintained 🟢 10 7 commit(s) and 5 issue activity found in the last 90 days -- score normalized to 10 Code-Review ⚠️ 1 Found 4/30 approved changesets -- score normalized to 1 Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Vulnerabilities 🟢 10 0 existing vulnerabilities detected License 🟢 10 license file detected Fuzzing ⚠️ 0 project is not fuzzed Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Signed-Releases ⚠️ -1 no releases found Security-Policy 🟢 10 security policy file detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
npm/micromark-core-commonmark	2.0.3	🟢 5.1	Details Check Score Reason Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Maintained 🟢 10 7 commit(s) and 5 issue activity found in the last 90 days -- score normalized to 10 Code-Review ⚠️ 1 Found 4/30 approved changesets -- score normalized to 1 Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Vulnerabilities 🟢 10 0 existing vulnerabilities detected License 🟢 10 license file detected Fuzzing ⚠️ 0 project is not fuzzed Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Signed-Releases ⚠️ -1 no releases found Security-Policy 🟢 10 security policy file detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
npm/micromark-extension-directive	4.0.0	🟢 4.5	Details Check Score Reason Code-Review ⚠️ 0 Found 0/30 approved changesets -- score normalized to 0 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Maintained 🟢 5 5 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 5 Binary-Artifacts 🟢 10 no binaries found in the repo Packaging ⚠️ -1 packaging workflow not detected SAST ⚠️ 0 no SAST tool detected Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Vulnerabilities 🟢 10 0 existing vulnerabilities detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Security-Policy 🟢 10 security policy file detected
npm/micromark-extension-gfm-table	2.1.1	🟢 4.1	Details Check Score Reason Code-Review ⚠️ 0 Found 2/30 approved changesets -- score normalized to 0 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected Maintained ⚠️ 0 0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0 Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Binary-Artifacts 🟢 10 no binaries found in the repo CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Vulnerabilities 🟢 10 0 existing vulnerabilities detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Security-Policy 🟢 10 security policy file detected Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Signed-Releases ⚠️ -1 no releases found SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
npm/micromark-util-types	2.0.2	🟢 5.1	Details Check Score Reason Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Maintained 🟢 10 7 commit(s) and 5 issue activity found in the last 90 days -- score normalized to 10 Code-Review ⚠️ 1 Found 4/30 approved changesets -- score normalized to 1 Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Vulnerabilities 🟢 10 0 existing vulnerabilities detected License 🟢 10 license file detected Fuzzing ⚠️ 0 project is not fuzzed Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Signed-Releases ⚠️ -1 no releases found Security-Policy 🟢 10 security policy file detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
npm/minimatch	10.0.1	🟢 3.7	Details Check Score Reason Binary-Artifacts 🟢 10 no binaries found in the repo Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Code-Review ⚠️ 1 Found 3/30 approved changesets -- score normalized to 1 Maintained ⚠️ 0 0 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 0 Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Fuzzing ⚠️ 0 project is not fuzzed Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Security-Policy ⚠️ 0 security policy file not detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Vulnerabilities 🟢 8 2 existing vulnerabilities detected
npm/path-scurry	2.0.0	🟢 3.2	Details Check Score Reason Code-Review ⚠️ 0 Found 0/30 approved changesets -- score normalized to 0 Binary-Artifacts 🟢 10 no binaries found in the repo Maintained ⚠️ 0 0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0 Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions SAST ⚠️ 0 no SAST tool detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 9 license file detected Signed-Releases ⚠️ -1 no releases found Fuzzing ⚠️ 0 project is not fuzzed Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Security-Policy ⚠️ 0 security policy file not detected Vulnerabilities 🟢 8 2 existing vulnerabilities detected
npm/smol-toml	1.3.4	Unknown	Unknown
npm/sort-package-json	3.2.1	🟢 5.7	Details Check Score Reason Code-Review 🟢 9 Found 26/27 approved changesets -- score normalized to 9 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Binary-Artifacts 🟢 10 no binaries found in the repo Maintained 🟢 10 20 commit(s) and 9 issue activity found in the last 90 days -- score normalized to 10 Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Pinned-Dependencies ⚠️ 1 dependency not pinned by hash detected -- score normalized to 1 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy ⚠️ 0 security policy file not detected License 🟢 10 license file detected Fuzzing ⚠️ 0 project is not fuzzed Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Packaging 🟢 10 packaging workflow detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Vulnerabilities 🟢 6 4 existing vulnerabilities detected
npm/eslint	^9.27.0	🟢 6.9	Details Check Score Reason Code-Review 🟢 7 Found 21/28 approved changesets -- score normalized to 7 Packaging ⚠️ -1 packaging workflow not detected Maintained 🟢 10 30 commit(s) and 26 issue activity found in the last 90 days -- score normalized to 10 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions License 🟢 10 license file detected Vulnerabilities 🟢 10 0 existing vulnerabilities detected Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Security-Policy 🟢 10 security policy file detected Fuzzing ⚠️ 0 project is not fuzzed SAST 🟢 10 SAST tool is run on all commits
npm/eslint-plugin-yml	^1.18.0	🟢 4.4	Details Check Score Reason Maintained 🟢 10 26 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 10 Code-Review ⚠️ 0 Found 1/27 approved changesets -- score normalized to 0 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Packaging ⚠️ -1 packaging workflow not detected Security-Policy ⚠️ 0 security policy file not detected License 🟢 10 license file detected Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Signed-Releases ⚠️ -1 no releases found Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Vulnerabilities 🟢 10 0 existing vulnerabilities detected Fuzzing ⚠️ 0 project is not fuzzed Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
npm/markdownlint-cli	^0.45.0	🟢 4.9	Details Check Score Reason Code-Review ⚠️ 2 Found 2/9 approved changesets -- score normalized to 2 Maintained 🟢 10 11 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 10 Binary-Artifacts 🟢 10 no binaries found in the repo CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Security-Policy ⚠️ 0 security policy file not detected License 🟢 10 license file detected Fuzzing ⚠️ 0 project is not fuzzed Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Pinned-Dependencies ⚠️ 1 dependency not pinned by hash detected -- score normalized to 1 Packaging 🟢 10 packaging workflow detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Vulnerabilities 🟢 10 0 existing vulnerabilities detected
npm/sort-package-json	^3.2.1	🟢 5.7	Details Check Score Reason Code-Review 🟢 9 Found 26/27 approved changesets -- score normalized to 9 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Binary-Artifacts 🟢 10 no binaries found in the repo Maintained 🟢 10 20 commit(s) and 9 issue activity found in the last 90 days -- score normalized to 10 Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Pinned-Dependencies ⚠️ 1 dependency not pinned by hash detected -- score normalized to 1 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy ⚠️ 0 security policy file not detected License 🟢 10 license file detected Fuzzing ⚠️ 0 project is not fuzzed Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Packaging 🟢 10 packaging workflow detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Vulnerabilities 🟢 6 4 existing vulnerabilities detected

Scanned Files

• package-lock.json
• package.json

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.