Bump the dev-dependencies group across 1 directory with 6 updates

[dependabot]

Bumps the dev-dependencies group with 6 updates in the / directory:

Package	From	To
@prettier/plugin-xml	3.4.1	3.4.2
eslint	9.23.0	9.31.0
eslint-plugin-yml	1.17.0	1.18.0
markdownlint-cli	0.44.0	0.45.0
prettier	3.5.3	3.6.2
sort-package-json	3.0.0	3.4.0

Updates @prettier/plugin-xml from 3.4.1 to 3.4.2

Changelog

Sourced from @​prettier/plugin-xml's changelog.

[3.4.2] - 2025-07-08

Changed

• Exclude .ts and .tsx as XML extensions.

Commits

• See full diff in compare view

Updates eslint from 9.23.0 to 9.31.0

Release notes

Sourced from eslint's releases.

v9.31.0

Features

• 35cf44c feat: output full actual location in rule tester if different (#19904) (ST-DDT)
• a6a6325 feat: support explicit resource management in no-loop-func (#19895) (Milos Djermanovic)
• 4682cdc feat: support explicit resource management in no-undef-init (#19894) (Milos Djermanovic)
• 5848216 feat: support explicit resource management in init-declarations (#19893) (Milos Djermanovic)
• bb370b8 feat: support explicit resource management in no-const-assign (#19892) (Milos Djermanovic)

Bug Fixes

• 07fac6c fix: retry on EMFILE when writing autofix results (#19926) (TKDev7)
• 28cc7ab fix: Remove incorrect RuleContext types (#19910) (Nicholas C. Zakas)

Documentation

• 664cb44 docs: Update README (GitHub Actions Bot)
• 40dbe2a docs: fix mismatch between globalIgnores() code and text (#19914) (MaoShizhong)
• 5a0069d docs: Update README (GitHub Actions Bot)
• fef04b5 docs: Update working on issues info (#19902) (Nicholas C. Zakas)

Chores

• 3ddd454 chore: upgrade to @eslint/[email protected] (#19935) (Francesco Trotta)
• d5054e5 chore: package.json update for @​eslint/js release (Jenkins)
• 0f4a378 chore: update eslint (#19933) (renovate[bot])
• 76c2340 chore: bump mocha to v11 (#19917) (루밀LuMir)

v9.30.1

Bug Fixes

• e91bb87 fix: allow separate default and named type imports (#19899) (xbinaryx)

Documentation

• ab7c625 docs: Update README (GitHub Actions Bot)
• dae1e5b docs: update jsdoc's link (#19896) (JamesVanWaza)

Chores

• b035f74 chore: upgrade to @eslint/[email protected] (#19906) (Francesco Trotta)
• b3dbc16 chore: package.json update for @​eslint/js release (Jenkins)

v9.30.0

Features

• 52a5fca feat: Support basePath property in config objects (#19879) (Milos Djermanovic)
• 4ab4482 feat: add allowSeparateTypeImports option to no-duplicate-imports (#19872) (sethamus)
• b8a7e7a feat: throw error when column is negative in getIndexFromLoc (#19831) (루밀LuMir)

Bug Fixes

• 6a0f164 fix: handle null type loc in getIndexFromLoc method (#19862) (루밀LuMir)
• 3fbcd70 fix: update error message for no-restricted-properties (#19855) (Tanuj Kanti)
• 7ef4cf7 fix: remove unnecessary semicolon from fixes (#19857) (Francesco Trotta)
• 7dabc38 fix: use process.version in --env-info (#19865) (TKDev7)

Documentation

• 8662ed1 docs: adopt eslint-stylistic sub packages related changes (#19887) (ntnyq)

... (truncated)

Changelog

Sourced from eslint's changelog.

v9.31.0 - July 11, 2025

• 3ddd454 chore: upgrade to @eslint/[email protected] (#19935) (Francesco Trotta)
• d5054e5 chore: package.json update for @​eslint/js release (Jenkins)
• 0f4a378 chore: update eslint (#19933) (renovate[bot])
• 664cb44 docs: Update README (GitHub Actions Bot)
• 07fac6c fix: retry on EMFILE when writing autofix results (#19926) (TKDev7)
• 35cf44c feat: output full actual location in rule tester if different (#19904) (ST-DDT)
• 40dbe2a docs: fix mismatch between globalIgnores() code and text (#19914) (MaoShizhong)
• 76c2340 chore: bump mocha to v11 (#19917) (루밀LuMir)
• 28cc7ab fix: Remove incorrect RuleContext types (#19910) (Nicholas C. Zakas)
• a6a6325 feat: support explicit resource management in no-loop-func (#19895) (Milos Djermanovic)
• 4682cdc feat: support explicit resource management in no-undef-init (#19894) (Milos Djermanovic)
• 5848216 feat: support explicit resource management in init-declarations (#19893) (Milos Djermanovic)
• bb370b8 feat: support explicit resource management in no-const-assign (#19892) (Milos Djermanovic)
• 5a0069d docs: Update README (GitHub Actions Bot)
• fef04b5 docs: Update working on issues info (#19902) (Nicholas C. Zakas)

v9.30.1 - July 1, 2025

• b035f74 chore: upgrade to @eslint/[email protected] (#19906) (Francesco Trotta)
• b3dbc16 chore: package.json update for @​eslint/js release (Jenkins)
• e91bb87 fix: allow separate default and named type imports (#19899) (xbinaryx)
• ab7c625 docs: Update README (GitHub Actions Bot)
• dae1e5b docs: update jsdoc's link (#19896) (JamesVanWaza)

v9.30.0 - June 27, 2025

• 2b6491c chore: upgrade to @eslint/[email protected] (#19889) (Francesco Trotta)
• 5a5d526 chore: package.json update for @​eslint/js release (Jenkins)
• 52a5fca feat: Support basePath property in config objects (#19879) (Milos Djermanovic)
• 6a0f164 fix: handle null type loc in getIndexFromLoc method (#19862) (루밀LuMir)
• 8662ed1 docs: adopt eslint-stylistic sub packages related changes (#19887) (ntnyq)
• eaf8a41 chore: Correct typos in linter tests (#19878) (kilavvy)
• 4ab4482 feat: add allowSeparateTypeImports option to no-duplicate-imports (#19872) (sethamus)
• 3fbcd70 fix: update error message for no-restricted-properties (#19855) (Tanuj Kanti)
• 20158b0 docs: typo in comment for unused variables handling (#19870) (leopardracer)
• ebfb5b4 docs: Fixed Typo in configuration-files.md (#19873) (0-20)
• b8a7e7a feat: throw error when column is negative in getIndexFromLoc (#19831) (루밀LuMir)
• 7ef4cf7 fix: remove unnecessary semicolon from fixes (#19857) (Francesco Trotta)
• 7dabc38 fix: use process.version in --env-info (#19865) (TKDev7)
• 4112fd0 docs: clarify that boolean is still allowed for rule meta.deprecated (#19866) (Bryan Mishkin)

v9.29.0 - June 13, 2025

• 5c114c9 chore: upgrade @​eslint/js@​9.29.0 (#19851) (Milos Djermanovic)
• acf2201 chore: package.json update for @​eslint/js release (Jenkins)
• f686fcb feat: add ecmaVersion: 2026, parsing using and await using (#19832) (Milos Djermanovic)
• 85c082c fix: explicit matching behavior with negated patterns and arrays (#19845) (Milos Djermanovic)
• 00e3e6a docs: add support for custom name parameter to includeIgnoreFile (#19795) (루밀LuMir)

... (truncated)

Commits

• 14053ed 9.31.0
• 2b77bd0 Build: changelog update for 9.31.0
• 3ddd454 chore: upgrade to @eslint/[email protected] (#19935)
• d5054e5 chore: package.json update for @​eslint/js release
• 0f4a378 chore: update eslint (#19933)
• 664cb44 docs: Update README
• 07fac6c fix: retry on EMFILE when writing autofix results (#19926)
• 35cf44c feat: output full actual location in rule tester if different (#19904)
• 40dbe2a docs: fix mismatch between globalIgnores() code and text (#19914)
• 76c2340 chore: bump mocha to v11 (#19917)
• Additional commits viewable in compare view

Updates eslint-plugin-yml from 1.17.0 to 1.18.0

Release notes

Sourced from eslint-plugin-yml's releases.

v1.18.0

Minor Changes

• #427 a61a2a4 Thanks @​ota-meshi! - feat: alignMultilineFlowScalar option to indent rule

Changelog

Sourced from eslint-plugin-yml's changelog.

1.18.0

Minor Changes

• #427 a61a2a4 Thanks @​ota-meshi! - feat: alignMultilineFlowScalar option to indent rule

Commits

• 0ec18a8 chore: release eslint-plugin-yml (#428)
• a61a2a4 feat: alignMultilineFlowScalars option to indent rule (#427)
• a0ab30c fix typo
• 7b320ab chore(deps): update typescript-eslint monorepo to ~8.31.0 (#425)
• 83972a2 chore(deps): update dependency @​eslint/json to ^0.12.0 (#424)
• cfb74bb chore(deps): update typescript-eslint monorepo to ~8.30.0 (#421)
• c3c85c3 chore(deps): update dependency stylelint-config-standard to v38 (#419)
• b463c5f chore(deps): update npm to v11.3.0 (#420)
• 4f65f16 chore(deps): update typescript-eslint monorepo to ~8.29.0 (#418)
• c747214 chore(deps): update typescript-eslint monorepo to ~8.28.0 (#417)
• Additional commits viewable in compare view

Updates markdownlint-cli from 0.44.0 to 0.45.0

Release notes

Sourced from markdownlint-cli's releases.

v0.45.0

• Update markdownlint dependency to 0.38.0
  • Add MD059/descriptive-link-text
  • Improve MD025/MD027/MD036/MD038/MD041/MD043/MD045/MD051/MD052
  • Remove support for end-of-life Node version 18
• Update all dependencies via Dependabot

Commits

• 192ad82 Bump version 0.45.0
• f6225d2 Bump nano-spawn from 0.2.0 to 1.0.1
• 1b8554a Add released Node version 24 to CI workflow.
• 836379f Remove optional constant fs.R_OK
• 1a19ddb Bump minimatch from 9.0.5 to 10.0.1
• 5033e1e Pass newly-required markdownItFactory option to markdownlint.
• b7e47f8 Bump markdownlint from 0.37.4 to 0.38.0
• c3fa9f5 Bump glob from 10.4.5 to 11.0.2
• b983f61 Remove support for end-of-life Node.js version 18.
• 8878ef0 Bump ignore from 7.0.3 to 7.0.4
• Additional commits viewable in compare view

Updates prettier from 3.5.3 to 3.6.2

Release notes

Sourced from prettier's releases.

3.6.2

What's Changed

• Add missing blank line around code block by @​fisker in prettier/prettier#17675

🔗 Changelog

3.6.1

• Fix "Warning: File descriptor 39 closed but not opened in unmanaged mode" error when running --experimental-cli

🔗 Changelog

3.6.0

diff

🔗 Release note "Prettier 3.6: Experimental fast CLI and new OXC and Hermes plugins!"

Changelog

Sourced from prettier's changelog.

3.6.2

diff

Markdown: Add missing blank line around code block (#17675 by @​fisker)

<!-- Input -->
1. Some text, and code block below, with newline after code block
---
foo: bar


Another
List

<!-- Prettier 3.6.1 -->


Some text, and code block below, with newline after code block
---
foo: bar


Another
List



<!-- Prettier 3.6.2 -->


Some text, and code block below, with newline after code block
---
foo: bar


Another
List

3.6.1

diff

TypeScript: Allow const without initializer (#17650, #17654 by @​fisker)

// Input
</tr></table> 

... (truncated)

Commits

• 7a8b05f Release 3.6.2
• 46526b4 Add missing blank line around code block (#17675)
• a04ec11 chore(deps): update babel to v7.27.7 (#17684)
• 32be5b6 chore(deps): update dependency flow-parser to v0.274.1 (#17676)
• b55e777 Update docs about "TypeScript Configuration Files" (#17677)
• b197c99 chore(deps): update dependency @​vitejs/plugin-react to v4.6.0 (#17674)
• 1185f83 chore(deps): update dependency @​angular/compiler to v20.0.5 (#17680)
• aa1316f chore(deps): update dependency browserslist to v4.25.1 (#17671)
• c468d33 chore(deps): update dependency oxc-parser to v0.75.0 (#17672)
• 3f46d91 chore(deps): update dependency vite to v7 (#17673)
• Additional commits viewable in compare view

Updates sort-package-json from 3.0.0 to 3.4.0

Release notes

Sourced from sort-package-json's releases.

v3.4.0

3.4.0 (2025-07-02)

Features

• remove workspaces array sort (#373) (a038956)

v3.3.1

3.3.1 (2025-06-25)

Bug Fixes

• add engines key - support node 20+ (#372) (7dc1dfd)

v3.3.0

3.3.0 (2025-06-23)

Features

• support workspaces (#369) (41673db)

v3.2.2

3.2.2 (2025-06-23)

Bug Fixes

• husky deprecation (#370) (140fcaa)

v3.2.1

3.2.1 (2025-05-08)

Bug Fixes

• prevent sorting when npm-run-all2 is used (#361) (aa6774a), closes #359

v3.2.0

3.2.0 (2025-05-04)

Features

• sort dependencies with npm algorithm, sort npm Overrides key (#358) (27e4b7b)

v3.1.0

3.1.0 (2025-04-29)

... (truncated)

Commits

• a038956 feat: remove workspaces array sort (#373)
• 7dc1dfd fix: add engines key - support node 20+ (#372)
• 7d1dd62 chore: migrate type tests to TSTyche (#364)
• 41673db feat: support workspaces (#369)
• 140fcaa fix: husky deprecation (#370)
• 1c142c6 chore: remove ncp (#366)
• aa6774a fix: prevent sorting when npm-run-all2 is used (#361)
• 27e4b7b feat: sort dependencies with npm algorithm, sort npm Overrides key (#358)
• 9f1101b feat: allow sort scripts without run-s (#277)
• 819cd97 refactor: use Array#toSorted() (#352)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[github-actions]

Auto-merging this Dependabot PR.

[github-actions]

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

Scorecard details

Package	Version	Score	Details
npm/@eslint/config-array	0.21.0	Unknown	Unknown
npm/@eslint/config-helpers	0.3.0	Unknown	Unknown
npm/@eslint/core	0.15.1	Unknown	Unknown
npm/@eslint/js	9.31.0	🟢 6.8	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 24 issue activity found in the last 90 days -- score normalized to 10 Code-Review 🟢 6 Found 20/30 approved changesets -- score normalized to 6 Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions License 🟢 10 license file detected Vulnerabilities 🟢 10 0 existing vulnerabilities detected Binary-Artifacts 🟢 10 no binaries found in the repo Security-Policy 🟢 10 security policy file detected Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Signed-Releases ⚠️ -1 no releases found Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed SAST 🟢 10 SAST tool is run on all commits
npm/@eslint/plugin-kit	0.3.3	Unknown	Unknown
npm/@isaacs/balanced-match	4.0.1	Unknown	Unknown
npm/@isaacs/brace-expansion	5.0.0	Unknown	Unknown
npm/@prettier/plugin-xml	3.4.2	🟢 5.6	Details Check Score Reason Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Binary-Artifacts 🟢 10 no binaries found in the repo Maintained 🟢 10 30 commit(s) and 4 issue activity found in the last 90 days -- score normalized to 10 Packaging ⚠️ -1 packaging workflow not detected Code-Review 🟢 3 Found 2/6 approved changesets -- score normalized to 3 Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Security-Policy 🟢 10 security policy file detected Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Vulnerabilities 🟢 8 2 existing vulnerabilities detected
npm/acorn	8.15.0	🟢 5.3	Details Check Score Reason Maintained 🟢 10 24 commit(s) and 17 issue activity found in the last 90 days -- score normalized to 10 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Code-Review 🟢 4 Found 14/30 approved changesets -- score normalized to 4 Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege Packaging ⚠️ -1 packaging workflow not detected Binary-Artifacts 🟢 10 no binaries found in the repo CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy ⚠️ 0 security policy file not detected License ⚠️ 0 license file not detected Pinned-Dependencies 🟢 3 dependency not pinned by hash detected -- score normalized to 3 Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Signed-Releases ⚠️ -1 no releases found Fuzzing ⚠️ 0 project is not fuzzed SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Vulnerabilities 🟢 7 3 existing vulnerabilities detected
npm/eslint	9.31.0	🟢 6.8	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 24 issue activity found in the last 90 days -- score normalized to 10 Code-Review 🟢 6 Found 20/30 approved changesets -- score normalized to 6 Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions License 🟢 10 license file detected Vulnerabilities 🟢 10 0 existing vulnerabilities detected Binary-Artifacts 🟢 10 no binaries found in the repo Security-Policy 🟢 10 security policy file detected Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Signed-Releases ⚠️ -1 no releases found Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed SAST 🟢 10 SAST tool is run on all commits
npm/eslint-plugin-yml	1.18.0	🟢 4.4	Details Check Score Reason Code-Review ⚠️ 0 Found 0/28 approved changesets -- score normalized to 0 Packaging ⚠️ -1 packaging workflow not detected Maintained 🟢 10 21 commit(s) and 4 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Security-Policy ⚠️ 0 security policy file not detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions License 🟢 10 license file detected Fuzzing ⚠️ 0 project is not fuzzed Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Signed-Releases ⚠️ -1 no releases found Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Vulnerabilities 🟢 10 0 existing vulnerabilities detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
npm/eslint-scope	8.4.0	Unknown	Unknown
npm/eslint-visitor-keys	4.2.1	Unknown	Unknown
npm/espree	10.4.0	Unknown	Unknown
npm/git-hooks-list	4.1.1	🟢 4.1	Details Check Score Reason Code-Review ⚠️ 0 Found 0/27 approved changesets -- score normalized to 0 Maintained ⚠️ 0 0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0 Packaging ⚠️ -1 packaging workflow not detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy 🟢 10 security policy file detected Binary-Artifacts 🟢 10 no binaries found in the repo Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Vulnerabilities 🟢 10 0 existing vulnerabilities detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
npm/glob	11.0.3	🟢 3.9	Details Check Score Reason Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Maintained 🟢 6 6 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 6 Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Binary-Artifacts 🟢 10 no binaries found in the repo Code-Review ⚠️ 0 Found 2/30 approved changesets -- score normalized to 0 Packaging ⚠️ -1 packaging workflow not detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 License 🟢 10 license file detected Fuzzing ⚠️ 0 project is not fuzzed Signed-Releases ⚠️ -1 no releases found Security-Policy ⚠️ 0 security policy file not detected Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Vulnerabilities 🟢 9 1 existing vulnerabilities detected
npm/ignore	7.0.5	🟢 4.3	Details Check Score Reason Packaging ⚠️ -1 packaging workflow not detected Code-Review ⚠️ 0 Found 1/15 approved changesets -- score normalized to 0 Maintained 🟢 10 8 commit(s) and 4 issue activity found in the last 90 days -- score normalized to 10 Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Binary-Artifacts 🟢 10 no binaries found in the repo CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy ⚠️ 0 security policy file not detected Fuzzing ⚠️ 0 project is not fuzzed Vulnerabilities 🟢 10 0 existing vulnerabilities detected License 🟢 9 license file detected Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Signed-Releases ⚠️ -1 no releases found SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
npm/jackspeak	4.1.1	🟢 3.2	Details Check Score Reason Code-Review ⚠️ 0 Found 1/22 approved changesets -- score normalized to 0 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected Binary-Artifacts 🟢 10 no binaries found in the repo Maintained ⚠️ 1 2 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 1 Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 9 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Security-Policy ⚠️ 0 security policy file not detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Vulnerabilities 🟢 7 3 existing vulnerabilities detected
npm/katex	0.16.22	🟢 3.5	Details Check Score Reason Code-Review ⚠️ 2 Found 7/26 approved changesets -- score normalized to 2 Security-Policy 🟢 10 security policy file detected Maintained 🟢 9 2 commit(s) and 9 issue activity found in the last 90 days -- score normalized to 9 Dangerous-Workflow ⚠️ 0 dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Binary-Artifacts 🟢 10 no binaries found in the repo Packaging ⚠️ -1 packaging workflow not detected License 🟢 10 license file detected Fuzzing ⚠️ 0 project is not fuzzed Signed-Releases ⚠️ 0 Project has not signed or included provenance with any releases. Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 SAST 🟢 10 SAST tool is run on all commits Vulnerabilities ⚠️ 0 77 existing vulnerabilities detected
npm/lru-cache	11.1.0	🟢 3.7	Details Check Score Reason Maintained ⚠️ 0 0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0 Code-Review ⚠️ 0 Found 1/30 approved changesets -- score normalized to 0 Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Binary-Artifacts 🟢 10 no binaries found in the repo CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 License 🟢 10 license file detected Fuzzing ⚠️ 0 project is not fuzzed Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Security-Policy ⚠️ 0 security policy file not detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Vulnerabilities 🟢 9 1 existing vulnerabilities detected
npm/markdownlint	0.38.0	🟢 5.5	Details Check Score Reason Code-Review ⚠️ 0 Found 0/17 approved changesets -- score normalized to 0 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Maintained 🟢 10 30 commit(s) and 21 issue activity found in the last 90 days -- score normalized to 10 Packaging ⚠️ -1 packaging workflow not detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Binary-Artifacts 🟢 10 no binaries found in the repo Security-Policy ⚠️ 0 security policy file not detected Pinned-Dependencies ⚠️ 1 dependency not pinned by hash detected -- score normalized to 1 Fuzzing ⚠️ 0 project is not fuzzed Vulnerabilities 🟢 10 0 existing vulnerabilities detected License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration SAST 🟢 9 SAST tool detected but not run on all commits
npm/markdownlint-cli	0.45.0	🟢 4.9	Details Check Score Reason Code-Review ⚠️ 2 Found 2/8 approved changesets -- score normalized to 2 Maintained 🟢 10 26 commit(s) and 6 issue activity found in the last 90 days -- score normalized to 10 Binary-Artifacts 🟢 10 no binaries found in the repo Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy ⚠️ 0 security policy file not detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Pinned-Dependencies ⚠️ 1 dependency not pinned by hash detected -- score normalized to 1 Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Packaging 🟢 10 packaging workflow detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Vulnerabilities 🟢 10 0 existing vulnerabilities detected
npm/micromark	4.0.2	🟢 4.2	Details Check Score Reason Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Maintained ⚠️ 1 1 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 1 Code-Review ⚠️ 1 Found 4/30 approved changesets -- score normalized to 1 Packaging ⚠️ -1 packaging workflow not detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Vulnerabilities 🟢 10 0 existing vulnerabilities detected License 🟢 10 license file detected Fuzzing ⚠️ 0 project is not fuzzed Security-Policy 🟢 10 security policy file detected Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Signed-Releases ⚠️ -1 no releases found SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
npm/micromark-core-commonmark	2.0.3	🟢 4.2	Details Check Score Reason Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Maintained ⚠️ 1 1 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 1 Code-Review ⚠️ 1 Found 4/30 approved changesets -- score normalized to 1 Packaging ⚠️ -1 packaging workflow not detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Vulnerabilities 🟢 10 0 existing vulnerabilities detected License 🟢 10 license file detected Fuzzing ⚠️ 0 project is not fuzzed Security-Policy 🟢 10 security policy file detected Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Signed-Releases ⚠️ -1 no releases found SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
npm/micromark-extension-directive	4.0.0	🟢 4.1	Details Check Score Reason Maintained ⚠️ 0 0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected SAST ⚠️ 0 no SAST tool detected Code-Review ⚠️ 0 Found 0/30 approved changesets -- score normalized to 0 Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Binary-Artifacts 🟢 10 no binaries found in the repo Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Vulnerabilities 🟢 10 0 existing vulnerabilities detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Security-Policy 🟢 10 security policy file detected
npm/micromark-extension-gfm-table	2.1.1	🟢 4.1	Details Check Score Reason Packaging ⚠️ -1 packaging workflow not detected Code-Review ⚠️ 0 Found 2/30 approved changesets -- score normalized to 0 Maintained ⚠️ 0 0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0 Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Binary-Artifacts 🟢 10 no binaries found in the repo CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed Vulnerabilities 🟢 10 0 existing vulnerabilities detected License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Security-Policy 🟢 10 security policy file detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
npm/micromark-util-types	2.0.2	🟢 4.2	Details Check Score Reason Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Maintained ⚠️ 1 1 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 1 Code-Review ⚠️ 1 Found 4/30 approved changesets -- score normalized to 1 Packaging ⚠️ -1 packaging workflow not detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Vulnerabilities 🟢 10 0 existing vulnerabilities detected License 🟢 10 license file detected Fuzzing ⚠️ 0 project is not fuzzed Security-Policy 🟢 10 security policy file detected Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Signed-Releases ⚠️ -1 no releases found SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
npm/minimatch	10.0.3	🟢 4.5	Details Check Score Reason Code-Review ⚠️ 1 Found 3/30 approved changesets -- score normalized to 1 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected Maintained 🟢 6 6 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 6 Binary-Artifacts 🟢 10 no binaries found in the repo Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Fuzzing ⚠️ 0 project is not fuzzed Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Signed-Releases ⚠️ -1 no releases found Security-Policy ⚠️ 0 security policy file not detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Vulnerabilities 🟢 10 0 existing vulnerabilities detected
npm/path-scurry	2.0.0	🟢 3.1	Details Check Score Reason Code-Review ⚠️ 0 Found 0/30 approved changesets -- score normalized to 0 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Binary-Artifacts 🟢 10 no binaries found in the repo SAST ⚠️ 0 no SAST tool detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Maintained ⚠️ 0 0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0 Packaging ⚠️ -1 packaging workflow not detected Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 9 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Security-Policy ⚠️ 0 security policy file not detected Vulnerabilities 🟢 7 3 existing vulnerabilities detected
npm/prettier	3.6.2	🟢 7	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 8 issue activity found in the last 90 days -- score normalized to 10 Code-Review 🟢 3 Found 4/13 approved changesets -- score normalized to 3 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy 🟢 10 security policy file detected Packaging ⚠️ -1 packaging workflow not detected License 🟢 10 license file detected Token-Permissions 🟢 8 detected GitHub workflow tokens with excessive permissions Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Signed-Releases ⚠️ -1 no releases found Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 SAST 🟢 10 SAST tool is run on all commits Fuzzing ⚠️ 0 project is not fuzzed Vulnerabilities 🟢 7 3 existing vulnerabilities detected
npm/smol-toml	1.3.4	Unknown	Unknown
npm/sort-package-json	3.4.0	🟢 6	Details Check Score Reason Code-Review 🟢 9 Found 27/29 approved changesets -- score normalized to 9 Binary-Artifacts 🟢 10 no binaries found in the repo Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Maintained 🟢 10 9 commit(s) and 5 issue activity found in the last 90 days -- score normalized to 10 Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Pinned-Dependencies ⚠️ 1 dependency not pinned by hash detected -- score normalized to 1 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy ⚠️ 0 security policy file not detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Packaging 🟢 10 packaging workflow detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Vulnerabilities 🟢 9 1 existing vulnerabilities detected
npm/@prettier/plugin-xml	^3.4.2	🟢 5.6	Details Check Score Reason Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Binary-Artifacts 🟢 10 no binaries found in the repo Maintained 🟢 10 30 commit(s) and 4 issue activity found in the last 90 days -- score normalized to 10 Packaging ⚠️ -1 packaging workflow not detected Code-Review 🟢 3 Found 2/6 approved changesets -- score normalized to 3 Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Security-Policy 🟢 10 security policy file detected Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Vulnerabilities 🟢 8 2 existing vulnerabilities detected
npm/eslint	^9.31.0	🟢 6.8	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 24 issue activity found in the last 90 days -- score normalized to 10 Code-Review 🟢 6 Found 20/30 approved changesets -- score normalized to 6 Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions License 🟢 10 license file detected Vulnerabilities 🟢 10 0 existing vulnerabilities detected Binary-Artifacts 🟢 10 no binaries found in the repo Security-Policy 🟢 10 security policy file detected Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Signed-Releases ⚠️ -1 no releases found Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed SAST 🟢 10 SAST tool is run on all commits
npm/eslint-plugin-yml	^1.18.0	🟢 4.4	Details Check Score Reason Code-Review ⚠️ 0 Found 0/28 approved changesets -- score normalized to 0 Packaging ⚠️ -1 packaging workflow not detected Maintained 🟢 10 21 commit(s) and 4 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Security-Policy ⚠️ 0 security policy file not detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions License 🟢 10 license file detected Fuzzing ⚠️ 0 project is not fuzzed Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Signed-Releases ⚠️ -1 no releases found Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Vulnerabilities 🟢 10 0 existing vulnerabilities detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
npm/markdownlint-cli	^0.45.0	🟢 4.9	Details Check Score Reason Code-Review ⚠️ 2 Found 2/8 approved changesets -- score normalized to 2 Maintained 🟢 10 26 commit(s) and 6 issue activity found in the last 90 days -- score normalized to 10 Binary-Artifacts 🟢 10 no binaries found in the repo Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy ⚠️ 0 security policy file not detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Pinned-Dependencies ⚠️ 1 dependency not pinned by hash detected -- score normalized to 1 Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Packaging 🟢 10 packaging workflow detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Vulnerabilities 🟢 10 0 existing vulnerabilities detected
npm/prettier	^3.6.2	🟢 7	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 8 issue activity found in the last 90 days -- score normalized to 10 Code-Review 🟢 3 Found 4/13 approved changesets -- score normalized to 3 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy 🟢 10 security policy file detected Packaging ⚠️ -1 packaging workflow not detected License 🟢 10 license file detected Token-Permissions 🟢 8 detected GitHub workflow tokens with excessive permissions Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Signed-Releases ⚠️ -1 no releases found Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 SAST 🟢 10 SAST tool is run on all commits Fuzzing ⚠️ 0 project is not fuzzed Vulnerabilities 🟢 7 3 existing vulnerabilities detected
npm/sort-package-json	^3.4.0	🟢 6	Details Check Score Reason Code-Review 🟢 9 Found 27/29 approved changesets -- score normalized to 9 Binary-Artifacts 🟢 10 no binaries found in the repo Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Maintained 🟢 10 9 commit(s) and 5 issue activity found in the last 90 days -- score normalized to 10 Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Pinned-Dependencies ⚠️ 1 dependency not pinned by hash detected -- score normalized to 1 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy ⚠️ 0 security policy file not detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Packaging 🟢 10 packaging workflow detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Vulnerabilities 🟢 9 1 existing vulnerabilities detected

Scanned Files

• package-lock.json
• package.json

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.