dependabot[bot] commented 3 months ago

Bumps nock from 13.5.4 to 13.5.5.

Release notes

v13.5.5

13.5.5 (2024-08-20)

Bug Fixes

backport: memory leaks due to timer references outliving the timers (#2773) (#2773) (66eb7f4)

Commits

66eb7f4 fix(backport): memory leaks due to timer references outliving the timers (#27...
e92cdfa chore(deps-dev): bump eslint-plugin-mocha from 10.4.1 to 10.5.0
623c933 chore(deps-dev): bump typescript from 5.4.3 to 5.5.4
2b7836d ci: exclude nodejs 10, 12 and 14 tests running on macos (#2753)
565e99a chore(deps-dev): bump braces from 3.0.2 to 3.0.3 (#2752)
d013ed2 chore(deps-dev): bump typescript from 5.3.3 to 5.4.3
7a4badb chore(deps-dev): bump semantic-release from 23.0.2 to 23.0.6
db0f76a chore(deps-dev): bump eslint-plugin-mocha from 10.2.0 to 10.4.1
e44812b chore(deps-dev): bump eslint from 8.56.0 to 8.57.0 (#2597)
3659e82 chore(deps-dev): bump prettier from 3.2.4 to 3.2.5 (#2596)
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

github-actions[bot] commented 3 months ago

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

Package

Version

Score

Details

npm/nock

13.5.5

:green_circle: 4.1

Details

Check	Score	Reason
Code-Review	:green_circle: 9	Found 9/10 approved changesets -- score normalized to 9
Maintained	:green_circle: 5	4 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 5
CII-Best-Practices	:warning: 0	no effort to earn an OpenSSF best practices badge detected
License	:green_circle: 10	license file detected
Signed-Releases	:warning: -1	no releases found
Branch-Protection	:warning: -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Dangerous-Workflow	:warning: 0	dangerous workflow patterns detected
Binary-Artifacts	:green_circle: 10	no binaries found in the repo
Token-Permissions	:warning: 0	detected GitHub workflow tokens with excessive permissions
Pinned-Dependencies	:green_circle: 3	dependency not pinned by hash detected -- score normalized to 3
Fuzzing	:warning: 0	project is not fuzzed
Security-Policy	:warning: 0	security policy file not detected
Packaging	:green_circle: 10	packaging workflow detected
SAST	:warning: 0	SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities	:green_circle: 6	4 existing vulnerabilities detected