Bump the dev-dependencies group across 1 directory with 5 updates

[dependabot]

Bumps the dev-dependencies group with 5 updates in the / directory:

Package	From	To
eslint	9.23.0	9.30.0
eslint-plugin-yml	1.17.0	1.18.0
markdownlint-cli	0.44.0	0.45.0
prettier	3.5.3	3.6.2
sort-package-json	3.0.0	3.3.1

Updates eslint from 9.23.0 to 9.30.0

Release notes

Sourced from eslint's releases.

v9.30.0

Features

• 52a5fca feat: Support basePath property in config objects (#19879) (Milos Djermanovic)
• 4ab4482 feat: add allowSeparateTypeImports option to no-duplicate-imports (#19872) (sethamus)
• b8a7e7a feat: throw error when column is negative in getIndexFromLoc (#19831) (루밀LuMir)

Bug Fixes

• 6a0f164 fix: handle null type loc in getIndexFromLoc method (#19862) (루밀LuMir)
• 3fbcd70 fix: update error message for no-restricted-properties (#19855) (Tanuj Kanti)
• 7ef4cf7 fix: remove unnecessary semicolon from fixes (#19857) (Francesco Trotta)
• 7dabc38 fix: use process.version in --env-info (#19865) (TKDev7)

Documentation

• 8662ed1 docs: adopt eslint-stylistic sub packages related changes (#19887) (ntnyq)
• 20158b0 docs: typo in comment for unused variables handling (#19870) (leopardracer)
• ebfb5b4 docs: Fixed Typo in configuration-files.md (#19873) (0-20)
• 4112fd0 docs: clarify that boolean is still allowed for rule meta.deprecated (#19866) (Bryan Mishkin)

Chores

• 2b6491c chore: upgrade to @eslint/[email protected] (#19889) (Francesco Trotta)
• 5a5d526 chore: package.json update for @​eslint/js release (Jenkins)
• eaf8a41 chore: Correct typos in linter tests (#19878) (kilavvy)

v9.29.0

Features

• f686fcb feat: add ecmaVersion: 2026, parsing using and await using (#19832) (Milos Djermanovic)
• 19cdd22 feat: prune suppressions for non-existent files (#19825) (TKDev7)
• b3d720f feat: add ES2025 globals (#19835) (fisker Cheung)
• 677a283 feat: add auto-accessor fields support to class-methods-use-this (#19789) (sethamus)
• dbba058 feat: allow global type declaration in no-var (#19714) (Remco Haszing)
• 342bd29 feat: ignore type annotations in no-restricted-globals (#19781) (sethamus)
• 786bcd1 feat: add allowProperties option to no-restricted-properties (#19772) (sethamus)
• 05b66d0 feat: add sourceCode.isGlobalReference(node) method (#19695) (Nitin Kumar)

Bug Fixes

• 85c082c fix: explicit matching behavior with negated patterns and arrays (#19845) (Milos Djermanovic)
• 9bda4a9 fix: fix LintOptions.filterCodeBlock types (#19837) (ntnyq)
• 7ab77a2 fix: correct breaking deprecation of FlatConfig type (#19826) (Logicer)
• 1ba3318 fix: add language and dialects to no-use-before-define (#19808) (Francesco Trotta)

Documentation

• 00e3e6a docs: add support for custom name parameter to includeIgnoreFile (#19795) (루밀LuMir)
• 3aed075 docs: Update README (GitHub Actions Bot)
• a2f888d docs: enhance documentation with links and fix typos (#19761) (루밀LuMir)
• 53c3235 docs: update to clarify prompt usage (#19748) (Jennifer Davis)

Chores

• 5c114c9 chore: upgrade @​eslint/js@​9.29.0 (#19851) (Milos Djermanovic)
• acf2201 chore: package.json update for @​eslint/js release (Jenkins)
• a806994 refactor: Remove eslintrc from flat config functionality (#19833) (Nicholas C. Zakas)

... (truncated)

Changelog

Sourced from eslint's changelog.

v9.30.0 - June 27, 2025

• 2b6491c chore: upgrade to @eslint/[email protected] (#19889) (Francesco Trotta)
• 5a5d526 chore: package.json update for @​eslint/js release (Jenkins)
• 52a5fca feat: Support basePath property in config objects (#19879) (Milos Djermanovic)
• 6a0f164 fix: handle null type loc in getIndexFromLoc method (#19862) (루밀LuMir)
• 8662ed1 docs: adopt eslint-stylistic sub packages related changes (#19887) (ntnyq)
• eaf8a41 chore: Correct typos in linter tests (#19878) (kilavvy)
• 4ab4482 feat: add allowSeparateTypeImports option to no-duplicate-imports (#19872) (sethamus)
• 3fbcd70 fix: update error message for no-restricted-properties (#19855) (Tanuj Kanti)
• 20158b0 docs: typo in comment for unused variables handling (#19870) (leopardracer)
• ebfb5b4 docs: Fixed Typo in configuration-files.md (#19873) (0-20)
• b8a7e7a feat: throw error when column is negative in getIndexFromLoc (#19831) (루밀LuMir)
• 7ef4cf7 fix: remove unnecessary semicolon from fixes (#19857) (Francesco Trotta)
• 7dabc38 fix: use process.version in --env-info (#19865) (TKDev7)
• 4112fd0 docs: clarify that boolean is still allowed for rule meta.deprecated (#19866) (Bryan Mishkin)

v9.29.0 - June 13, 2025

• 5c114c9 chore: upgrade @​eslint/js@​9.29.0 (#19851) (Milos Djermanovic)
• acf2201 chore: package.json update for @​eslint/js release (Jenkins)
• f686fcb feat: add ecmaVersion: 2026, parsing using and await using (#19832) (Milos Djermanovic)
• 85c082c fix: explicit matching behavior with negated patterns and arrays (#19845) (Milos Djermanovic)
• 00e3e6a docs: add support for custom name parameter to includeIgnoreFile (#19795) (루밀LuMir)
• 9bda4a9 fix: fix LintOptions.filterCodeBlock types (#19837) (ntnyq)
• a806994 refactor: Remove eslintrc from flat config functionality (#19833) (Nicholas C. Zakas)
• 19cdd22 feat: prune suppressions for non-existent files (#19825) (TKDev7)
• b3d720f feat: add ES2025 globals (#19835) (fisker Cheung)
• 677a283 feat: add auto-accessor fields support to class-methods-use-this (#19789) (sethamus)
• 3aed075 docs: Update README (GitHub Actions Bot)
• 7ab77a2 fix: correct breaking deprecation of FlatConfig type (#19826) (Logicer)
• a2f888d docs: enhance documentation with links and fix typos (#19761) (루밀LuMir)
• dbba058 feat: allow global type declaration in no-var (#19714) (Remco Haszing)
• 152ed51 test: switch to flat config mode in code path analysis tests (#19824) (Milos Djermanovic)
• b647239 chore: Update first-party dependencies faster with Renovate (#19822) (Nicholas C. Zakas)
• 7abe42e refactor: SafeEmitter -> SourceCodeVisitor (#19708) (Nicholas C. Zakas)
• 342bd29 feat: ignore type annotations in no-restricted-globals (#19781) (sethamus)
• e392895 perf: improve time complexity of getLocFromIndex (#19782) (루밀LuMir)
• 1ba3318 fix: add language and dialects to no-use-before-define (#19808) (Francesco Trotta)
• 786bcd1 feat: add allowProperties option to no-restricted-properties (#19772) (sethamus)
• 05b66d0 feat: add sourceCode.isGlobalReference(node) method (#19695) (Nitin Kumar)
• 53c3235 docs: update to clarify prompt usage (#19748) (Jennifer Davis)
• 0ed289c chore: remove accidentally committed file (#19807) (Francesco Trotta)

v9.28.0 - May 30, 2025

• 175b7b8 chore: upgrade to @eslint/[email protected] (#19802) (Francesco Trotta)
• 844f5a6 chore: package.json update for @​eslint/js release (Jenkins)
• b0674be feat: Customization of serialization for languageOptions (#19760) (Nicholas C. Zakas)
• 3ec2082 docs: Nested arrays in files config entry (#19799) (Nicholas C. Zakas)

... (truncated)

Commits

• ad1d639 9.30.0
• c02d70b Build: changelog update for 9.30.0
• 2b6491c chore: upgrade to @eslint/[email protected] (#19889)
• 5a5d526 chore: package.json update for @​eslint/js release
• 52a5fca feat: Support basePath property in config objects (#19879)
• 6a0f164 fix: handle null type loc in getIndexFromLoc method (#19862)
• 8662ed1 docs: adopt eslint-stylistic sub packages related changes (#19887)
• eaf8a41 chore: Correct typos in linter tests (#19878)
• 4ab4482 feat: add allowSeparateTypeImports option to no-duplicate-imports (#19872)
• 3fbcd70 fix: update error message for no-restricted-properties (#19855)
• Additional commits viewable in compare view

Updates eslint-plugin-yml from 1.17.0 to 1.18.0

Release notes

Sourced from eslint-plugin-yml's releases.

v1.18.0

Minor Changes

• #427 a61a2a4 Thanks @​ota-meshi! - feat: alignMultilineFlowScalar option to indent rule

Changelog

Sourced from eslint-plugin-yml's changelog.

1.18.0

Minor Changes

• #427 a61a2a4 Thanks @​ota-meshi! - feat: alignMultilineFlowScalar option to indent rule

Commits

• 0ec18a8 chore: release eslint-plugin-yml (#428)
• a61a2a4 feat: alignMultilineFlowScalars option to indent rule (#427)
• a0ab30c fix typo
• 7b320ab chore(deps): update typescript-eslint monorepo to ~8.31.0 (#425)
• 83972a2 chore(deps): update dependency @​eslint/json to ^0.12.0 (#424)
• cfb74bb chore(deps): update typescript-eslint monorepo to ~8.30.0 (#421)
• c3c85c3 chore(deps): update dependency stylelint-config-standard to v38 (#419)
• b463c5f chore(deps): update npm to v11.3.0 (#420)
• 4f65f16 chore(deps): update typescript-eslint monorepo to ~8.29.0 (#418)
• c747214 chore(deps): update typescript-eslint monorepo to ~8.28.0 (#417)
• Additional commits viewable in compare view

Updates markdownlint-cli from 0.44.0 to 0.45.0

Release notes

Sourced from markdownlint-cli's releases.

v0.45.0

• Update markdownlint dependency to 0.38.0
  • Add MD059/descriptive-link-text
  • Improve MD025/MD027/MD036/MD038/MD041/MD043/MD045/MD051/MD052
  • Remove support for end-of-life Node version 18
• Update all dependencies via Dependabot

Commits

• 192ad82 Bump version 0.45.0
• f6225d2 Bump nano-spawn from 0.2.0 to 1.0.1
• 1b8554a Add released Node version 24 to CI workflow.
• 836379f Remove optional constant fs.R_OK
• 1a19ddb Bump minimatch from 9.0.5 to 10.0.1
• 5033e1e Pass newly-required markdownItFactory option to markdownlint.
• b7e47f8 Bump markdownlint from 0.37.4 to 0.38.0
• c3fa9f5 Bump glob from 10.4.5 to 11.0.2
• b983f61 Remove support for end-of-life Node.js version 18.
• 8878ef0 Bump ignore from 7.0.3 to 7.0.4
• Additional commits viewable in compare view

Updates prettier from 3.5.3 to 3.6.2

Release notes

Sourced from prettier's releases.

3.6.2

What's Changed

• Add missing blank line around code block by @​fisker in prettier/prettier#17675

🔗 Changelog

3.6.1

• Fix "Warning: File descriptor 39 closed but not opened in unmanaged mode" error when running --experimental-cli

🔗 Changelog

3.6.0

diff

🔗 Release note "Prettier 3.6: Experimental fast CLI and new OXC and Hermes plugins!"

Changelog

Sourced from prettier's changelog.

3.6.2

diff

Markdown: Add missing blank line around code block (#17675 by @​fisker)

<!-- Input -->
1. Some text, and code block below, with newline after code block
---
foo: bar


Another
List

<!-- Prettier 3.6.1 -->


Some text, and code block below, with newline after code block
---
foo: bar


Another
List



<!-- Prettier 3.6.2 -->


Some text, and code block below, with newline after code block
---
foo: bar


Another
List

3.6.1

diff

TypeScript: Allow const without initializer (#17650, #17654 by @​fisker)

// Input
</tr></table> 

... (truncated)

Commits

• 7a8b05f Release 3.6.2
• 46526b4 Add missing blank line around code block (#17675)
• a04ec11 chore(deps): update babel to v7.27.7 (#17684)
• 32be5b6 chore(deps): update dependency flow-parser to v0.274.1 (#17676)
• b55e777 Update docs about "TypeScript Configuration Files" (#17677)
• b197c99 chore(deps): update dependency @​vitejs/plugin-react to v4.6.0 (#17674)
• 1185f83 chore(deps): update dependency @​angular/compiler to v20.0.5 (#17680)
• aa1316f chore(deps): update dependency browserslist to v4.25.1 (#17671)
• c468d33 chore(deps): update dependency oxc-parser to v0.75.0 (#17672)
• 3f46d91 chore(deps): update dependency vite to v7 (#17673)
• Additional commits viewable in compare view

Updates sort-package-json from 3.0.0 to 3.3.1

Release notes

Sourced from sort-package-json's releases.

v3.3.1

3.3.1 (2025-06-25)

Bug Fixes

• add engines key - support node 20+ (#372) (7dc1dfd)

v3.3.0

3.3.0 (2025-06-23)

Features

• support workspaces (#369) (41673db)

v3.2.2

3.2.2 (2025-06-23)

Bug Fixes

• husky deprecation (#370) (140fcaa)

v3.2.1

3.2.1 (2025-05-08)

Bug Fixes

• prevent sorting when npm-run-all2 is used (#361) (aa6774a), closes #359

v3.2.0

3.2.0 (2025-05-04)

Features

• sort dependencies with npm algorithm, sort npm Overrides key (#358) (27e4b7b)

v3.1.0

3.1.0 (2025-04-29)

Features

• allow sort scripts without run-s (#277) (9f1101b)

Commits

• 7dc1dfd fix: add engines key - support node 20+ (#372)
• 7d1dd62 chore: migrate type tests to TSTyche (#364)
• 41673db feat: support workspaces (#369)
• 140fcaa fix: husky deprecation (#370)
• 1c142c6 chore: remove ncp (#366)
• aa6774a fix: prevent sorting when npm-run-all2 is used (#361)
• 27e4b7b feat: sort dependencies with npm algorithm, sort npm Overrides key (#358)
• 9f1101b feat: allow sort scripts without run-s (#277)
• 819cd97 refactor: use Array#toSorted() (#352)
• 6e739b2 refactor: make CLI async (#286)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[github-actions]

Auto-merging this Dependabot PR.

[github-actions]

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

Scorecard details

Package	Version	Score	Details
npm/@eslint/config-array	0.21.0	Unknown	Unknown
npm/@eslint/config-helpers	0.3.0	Unknown	Unknown
npm/@eslint/core	0.14.0	Unknown	Unknown
npm/@eslint/core	0.15.1	Unknown	Unknown
npm/@eslint/js	9.30.0	🟢 7	Details Check Score Reason Code-Review 🟢 8 Found 25/30 approved changesets -- score normalized to 8 Maintained 🟢 10 30 commit(s) and 27 issue activity found in the last 90 days -- score normalized to 10 Packaging ⚠️ -1 packaging workflow not detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected License 🟢 10 license file detected Vulnerabilities 🟢 10 0 existing vulnerabilities detected Binary-Artifacts 🟢 10 no binaries found in the repo Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Signed-Releases ⚠️ -1 no releases found Security-Policy 🟢 10 security policy file detected Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed SAST 🟢 10 SAST tool is run on all commits
npm/@eslint/plugin-kit	0.3.3	Unknown	Unknown
npm/@isaacs/balanced-match	4.0.1	Unknown	Unknown
npm/@isaacs/brace-expansion	5.0.0	Unknown	Unknown
npm/acorn	8.15.0	🟢 5.3	Details Check Score Reason Code-Review 🟢 4 Found 13/30 approved changesets -- score normalized to 4 Packaging ⚠️ -1 packaging workflow not detected Maintained 🟢 10 21 commit(s) and 15 issue activity found in the last 90 days -- score normalized to 10 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege Binary-Artifacts 🟢 10 no binaries found in the repo CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy ⚠️ 0 security policy file not detected License ⚠️ 0 license file not detected Signed-Releases ⚠️ -1 no releases found Pinned-Dependencies 🟢 3 dependency not pinned by hash detected -- score normalized to 3 Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Fuzzing ⚠️ 0 project is not fuzzed SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Vulnerabilities 🟢 7 3 existing vulnerabilities detected
npm/eslint	9.30.0	🟢 7	Details Check Score Reason Code-Review 🟢 8 Found 25/30 approved changesets -- score normalized to 8 Maintained 🟢 10 30 commit(s) and 27 issue activity found in the last 90 days -- score normalized to 10 Packaging ⚠️ -1 packaging workflow not detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected License 🟢 10 license file detected Vulnerabilities 🟢 10 0 existing vulnerabilities detected Binary-Artifacts 🟢 10 no binaries found in the repo Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Signed-Releases ⚠️ -1 no releases found Security-Policy 🟢 10 security policy file detected Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed SAST 🟢 10 SAST tool is run on all commits
npm/eslint-plugin-yml	1.18.0	🟢 4.4	Details Check Score Reason Maintained 🟢 10 21 commit(s) and 4 issue activity found in the last 90 days -- score normalized to 10 Code-Review ⚠️ 0 Found 0/27 approved changesets -- score normalized to 0 Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy ⚠️ 0 security policy file not detected License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Fuzzing ⚠️ 0 project is not fuzzed Vulnerabilities 🟢 10 0 existing vulnerabilities detected Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Binary-Artifacts 🟢 10 no binaries found in the repo SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
npm/eslint-scope	8.4.0	Unknown	Unknown
npm/eslint-visitor-keys	4.2.1	Unknown	Unknown
npm/espree	10.4.0	Unknown	Unknown
npm/git-hooks-list	4.1.1	🟢 4.1	Details Check Score Reason Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Binary-Artifacts 🟢 10 no binaries found in the repo Code-Review ⚠️ 0 Found 0/27 approved changesets -- score normalized to 0 Maintained ⚠️ 0 0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0 Security-Policy 🟢 10 security policy file detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Fuzzing ⚠️ 0 project is not fuzzed Vulnerabilities 🟢 10 0 existing vulnerabilities detected License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
npm/glob	11.0.3	🟢 3.8	Details Check Score Reason Code-Review ⚠️ 0 Found 2/30 approved changesets -- score normalized to 0 Maintained 🟢 5 6 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 5 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected Binary-Artifacts 🟢 10 no binaries found in the repo Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Security-Policy ⚠️ 0 security policy file not detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Vulnerabilities 🟢 9 1 existing vulnerabilities detected
npm/ignore	7.0.5	🟢 4.3	Details Check Score Reason Binary-Artifacts 🟢 10 no binaries found in the repo Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Maintained 🟢 10 8 commit(s) and 4 issue activity found in the last 90 days -- score normalized to 10 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Code-Review ⚠️ 0 Found 1/15 approved changesets -- score normalized to 0 Packaging ⚠️ -1 packaging workflow not detected Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy ⚠️ 0 security policy file not detected Fuzzing ⚠️ 0 project is not fuzzed Vulnerabilities 🟢 10 0 existing vulnerabilities detected License 🟢 9 license file detected Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Signed-Releases ⚠️ -1 no releases found SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
npm/jackspeak	4.1.1	🟢 3.2	Details Check Score Reason Code-Review ⚠️ 0 Found 1/22 approved changesets -- score normalized to 0 Packaging ⚠️ -1 packaging workflow not detected Maintained ⚠️ 1 2 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 1 Binary-Artifacts 🟢 10 no binaries found in the repo Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 9 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Security-Policy ⚠️ 0 security policy file not detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Vulnerabilities 🟢 7 3 existing vulnerabilities detected
npm/katex	0.16.22	🟢 3.5	Details Check Score Reason Code-Review ⚠️ 2 Found 7/26 approved changesets -- score normalized to 2 Maintained 🟢 9 2 commit(s) and 9 issue activity found in the last 90 days -- score normalized to 9 Security-Policy 🟢 10 security policy file detected Dangerous-Workflow ⚠️ 0 dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Binary-Artifacts 🟢 10 no binaries found in the repo License 🟢 10 license file detected Packaging ⚠️ -1 packaging workflow not detected Fuzzing ⚠️ 0 project is not fuzzed Signed-Releases ⚠️ 0 Project has not signed or included provenance with any releases. Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 SAST 🟢 10 SAST tool is run on all commits Vulnerabilities ⚠️ 0 77 existing vulnerabilities detected
npm/lru-cache	11.1.0	🟢 3.7	Details Check Score Reason Code-Review ⚠️ 0 Found 1/30 approved changesets -- score normalized to 0 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected Binary-Artifacts 🟢 10 no binaries found in the repo Maintained ⚠️ 0 0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0 Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Security-Policy ⚠️ 0 security policy file not detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Vulnerabilities 🟢 9 1 existing vulnerabilities detected
npm/markdownlint	0.38.0	🟢 5.5	Details Check Score Reason Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected Code-Review ⚠️ 0 Found 0/17 approved changesets -- score normalized to 0 Maintained 🟢 10 30 commit(s) and 19 issue activity found in the last 90 days -- score normalized to 10 Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 1 dependency not pinned by hash detected -- score normalized to 1 Security-Policy ⚠️ 0 security policy file not detected License 🟢 10 license file detected Fuzzing ⚠️ 0 project is not fuzzed Vulnerabilities 🟢 10 0 existing vulnerabilities detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration SAST 🟢 9 SAST tool detected but not run on all commits
npm/markdownlint-cli	0.45.0	🟢 4.9	Details Check Score Reason Code-Review ⚠️ 2 Found 2/8 approved changesets -- score normalized to 2 Maintained 🟢 10 23 commit(s) and 6 issue activity found in the last 90 days -- score normalized to 10 Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Binary-Artifacts 🟢 10 no binaries found in the repo CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy ⚠️ 0 security policy file not detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Pinned-Dependencies ⚠️ 1 dependency not pinned by hash detected -- score normalized to 1 Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Packaging 🟢 10 packaging workflow detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Vulnerabilities 🟢 10 0 existing vulnerabilities detected
npm/micromark	4.0.2	🟢 4.3	Details Check Score Reason Code-Review ⚠️ 1 Found 4/30 approved changesets -- score normalized to 1 Maintained ⚠️ 2 2 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 2 Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Vulnerabilities 🟢 10 0 existing vulnerabilities detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Security-Policy 🟢 10 security policy file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
npm/micromark-core-commonmark	2.0.3	🟢 4.3	Details Check Score Reason Code-Review ⚠️ 1 Found 4/30 approved changesets -- score normalized to 1 Maintained ⚠️ 2 2 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 2 Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Vulnerabilities 🟢 10 0 existing vulnerabilities detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Security-Policy 🟢 10 security policy file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
npm/micromark-extension-directive	4.0.0	🟢 4.1	Details Check Score Reason Code-Review ⚠️ 0 Found 0/30 approved changesets -- score normalized to 0 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected Binary-Artifacts 🟢 10 no binaries found in the repo Maintained ⚠️ 0 0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0 SAST ⚠️ 0 no SAST tool detected Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Fuzzing ⚠️ 0 project is not fuzzed Vulnerabilities 🟢 10 0 existing vulnerabilities detected License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Security-Policy 🟢 10 security policy file detected
npm/micromark-extension-gfm-table	2.1.1	🟢 4.1	Details Check Score Reason Code-Review ⚠️ 0 Found 2/30 approved changesets -- score normalized to 0 Packaging ⚠️ -1 packaging workflow not detected Binary-Artifacts 🟢 10 no binaries found in the repo Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Maintained ⚠️ 0 0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Vulnerabilities 🟢 10 0 existing vulnerabilities detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Security-Policy 🟢 10 security policy file detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
npm/micromark-util-types	2.0.2	🟢 4.3	Details Check Score Reason Code-Review ⚠️ 1 Found 4/30 approved changesets -- score normalized to 1 Maintained ⚠️ 2 2 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 2 Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Vulnerabilities 🟢 10 0 existing vulnerabilities detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Security-Policy 🟢 10 security policy file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
npm/minimatch	10.0.3	🟢 4.5	Details Check Score Reason Code-Review ⚠️ 1 Found 3/30 approved changesets -- score normalized to 1 Packaging ⚠️ -1 packaging workflow not detected Maintained 🟢 6 6 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 6 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Security-Policy ⚠️ 0 security policy file not detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Vulnerabilities 🟢 10 0 existing vulnerabilities detected
npm/path-scurry	2.0.0	🟢 3.1	Details Check Score Reason Binary-Artifacts 🟢 10 no binaries found in the repo Packaging ⚠️ -1 packaging workflow not detected Code-Review ⚠️ 0 Found 0/30 approved changesets -- score normalized to 0 Maintained ⚠️ 0 0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected SAST ⚠️ 0 no SAST tool detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 9 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Security-Policy ⚠️ 0 security policy file not detected Vulnerabilities 🟢 7 3 existing vulnerabilities detected
npm/prettier	3.6.2	🟢 7	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 13 issue activity found in the last 90 days -- score normalized to 10 Code-Review 🟢 3 Found 7/19 approved changesets -- score normalized to 3 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Packaging ⚠️ -1 packaging workflow not detected Security-Policy 🟢 10 security policy file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected License 🟢 10 license file detected Token-Permissions 🟢 8 detected GitHub workflow tokens with excessive permissions Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Signed-Releases ⚠️ -1 no releases found Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 SAST 🟢 10 SAST tool is run on all commits Fuzzing ⚠️ 0 project is not fuzzed Vulnerabilities 🟢 7 3 existing vulnerabilities detected
npm/smol-toml	1.3.4	Unknown	Unknown
npm/sort-package-json	3.3.1	🟢 6	Details Check Score Reason Code-Review 🟢 9 Found 27/29 approved changesets -- score normalized to 9 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Maintained 🟢 10 8 commit(s) and 5 issue activity found in the last 90 days -- score normalized to 10 Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 1 dependency not pinned by hash detected -- score normalized to 1 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy ⚠️ 0 security policy file not detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Packaging 🟢 10 packaging workflow detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Vulnerabilities 🟢 9 1 existing vulnerabilities detected
npm/eslint	^9.30.0	🟢 7	Details Check Score Reason Code-Review 🟢 8 Found 25/30 approved changesets -- score normalized to 8 Maintained 🟢 10 30 commit(s) and 27 issue activity found in the last 90 days -- score normalized to 10 Packaging ⚠️ -1 packaging workflow not detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected License 🟢 10 license file detected Vulnerabilities 🟢 10 0 existing vulnerabilities detected Binary-Artifacts 🟢 10 no binaries found in the repo Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Signed-Releases ⚠️ -1 no releases found Security-Policy 🟢 10 security policy file detected Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed SAST 🟢 10 SAST tool is run on all commits
npm/eslint-plugin-yml	^1.18.0	🟢 4.4	Details Check Score Reason Maintained 🟢 10 21 commit(s) and 4 issue activity found in the last 90 days -- score normalized to 10 Code-Review ⚠️ 0 Found 0/27 approved changesets -- score normalized to 0 Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy ⚠️ 0 security policy file not detected License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Fuzzing ⚠️ 0 project is not fuzzed Vulnerabilities 🟢 10 0 existing vulnerabilities detected Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Binary-Artifacts 🟢 10 no binaries found in the repo SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
npm/markdownlint-cli	^0.45.0	🟢 4.9	Details Check Score Reason Code-Review ⚠️ 2 Found 2/8 approved changesets -- score normalized to 2 Maintained 🟢 10 23 commit(s) and 6 issue activity found in the last 90 days -- score normalized to 10 Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Binary-Artifacts 🟢 10 no binaries found in the repo CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy ⚠️ 0 security policy file not detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Pinned-Dependencies ⚠️ 1 dependency not pinned by hash detected -- score normalized to 1 Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Packaging 🟢 10 packaging workflow detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Vulnerabilities 🟢 10 0 existing vulnerabilities detected
npm/prettier	^3.6.2	🟢 7	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 13 issue activity found in the last 90 days -- score normalized to 10 Code-Review 🟢 3 Found 7/19 approved changesets -- score normalized to 3 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Packaging ⚠️ -1 packaging workflow not detected Security-Policy 🟢 10 security policy file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected License 🟢 10 license file detected Token-Permissions 🟢 8 detected GitHub workflow tokens with excessive permissions Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Signed-Releases ⚠️ -1 no releases found Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 SAST 🟢 10 SAST tool is run on all commits Fuzzing ⚠️ 0 project is not fuzzed Vulnerabilities 🟢 7 3 existing vulnerabilities detected
npm/sort-package-json	^3.3.1	🟢 6	Details Check Score Reason Code-Review 🟢 9 Found 27/29 approved changesets -- score normalized to 9 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Maintained 🟢 10 8 commit(s) and 5 issue activity found in the last 90 days -- score normalized to 10 Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 1 dependency not pinned by hash detected -- score normalized to 1 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy ⚠️ 0 security policy file not detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Packaging 🟢 10 packaging workflow detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Vulnerabilities 🟢 9 1 existing vulnerabilities detected

Scanned Files

• package-lock.json
• package.json

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.