chore(deps): lock file maintenance

[renovate[bot]]

This PR contains the following updates:

Update	Change
lockFileMaintenance	All locks refreshed

🔧 This Pull Request updates lock files to use the latest dependency versions.

---

Configuration

📅 Schedule: Branch creation - "before 5am on monday" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• [ ] If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[github-actions[bot]]

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

Scorecard details

Package	Version	Score	Details
composer/composer/pcre	3.3.1	:green_circle: 6	Details Check Score Reason Code-Review :warning: 1 Found 5/28 approved changesets -- score normalized to 1 Maintained :green_circle: 10 29 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices :warning: 0 no effort to earn an OpenSSF best practices badge detected License :green_circle: 10 license file detected Signed-Releases :warning: -1 no releases found Dangerous-Workflow :warning: -1 no workflows found Packaging :warning: -1 packaging workflow not detected Token-Permissions :warning: -1 No tokens found Pinned-Dependencies :warning: -1 no dependencies found Binary-Artifacts :green_circle: 10 no binaries found in the repo Branch-Protection :warning: -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Vulnerabilities :green_circle: 10 0 existing vulnerabilities detected Fuzzing :warning: 0 project is not fuzzed Security-Policy :green_circle: 9 security policy file detected SAST :warning: 0 SAST tool is not run on all commits -- score normalized to 0
npm/@babel/plugin-syntax-typescript	7.25.4	:green_circle: 6.3	Details Check Score Reason Code-Review :green_circle: 8 Found 26/30 approved changesets -- score normalized to 8 Maintained :green_circle: 10 30 commit(s) and 19 issue activity found in the last 90 days -- score normalized to 10 License :green_circle: 10 license file detected CII-Best-Practices :warning: 2 badge detected: InProgress Signed-Releases :warning: -1 no releases found Branch-Protection :warning: -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Dangerous-Workflow :green_circle: 10 no dangerous workflow patterns detected Security-Policy :green_circle: 10 security policy file detected Packaging :warning: -1 packaging workflow not detected Token-Permissions :green_circle: 9 detected GitHub workflow tokens with excessive permissions SAST :warning: 0 SAST tool is not run on all commits -- score normalized to 0 Binary-Artifacts :green_circle: 10 no binaries found in the repo Pinned-Dependencies :warning: 0 dependency not pinned by hash detected -- score normalized to 0 Fuzzing :warning: 0 project is not fuzzed Vulnerabilities :warning: 0 19 existing vulnerabilities detected
npm/@babel/plugin-transform-runtime	7.25.4	:green_circle: 6.3	Details Check Score Reason Code-Review :green_circle: 8 Found 26/30 approved changesets -- score normalized to 8 Maintained :green_circle: 10 30 commit(s) and 19 issue activity found in the last 90 days -- score normalized to 10 License :green_circle: 10 license file detected CII-Best-Practices :warning: 2 badge detected: InProgress Signed-Releases :warning: -1 no releases found Branch-Protection :warning: -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Dangerous-Workflow :green_circle: 10 no dangerous workflow patterns detected Security-Policy :green_circle: 10 security policy file detected Packaging :warning: -1 packaging workflow not detected Token-Permissions :green_circle: 9 detected GitHub workflow tokens with excessive permissions SAST :warning: 0 SAST tool is not run on all commits -- score normalized to 0 Binary-Artifacts :green_circle: 10 no binaries found in the repo Pinned-Dependencies :warning: 0 dependency not pinned by hash detected -- score normalized to 0 Fuzzing :warning: 0 project is not fuzzed Vulnerabilities :warning: 0 19 existing vulnerabilities detected
npm/@babel/runtime	7.25.4	:green_circle: 6.3	Details Check Score Reason Code-Review :green_circle: 8 Found 26/30 approved changesets -- score normalized to 8 Maintained :green_circle: 10 30 commit(s) and 19 issue activity found in the last 90 days -- score normalized to 10 License :green_circle: 10 license file detected CII-Best-Practices :warning: 2 badge detected: InProgress Signed-Releases :warning: -1 no releases found Branch-Protection :warning: -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Dangerous-Workflow :green_circle: 10 no dangerous workflow patterns detected Security-Policy :green_circle: 10 security policy file detected Packaging :warning: -1 packaging workflow not detected Token-Permissions :green_circle: 9 detected GitHub workflow tokens with excessive permissions SAST :warning: 0 SAST tool is not run on all commits -- score normalized to 0 Binary-Artifacts :green_circle: 10 no binaries found in the repo Pinned-Dependencies :warning: 0 dependency not pinned by hash detected -- score normalized to 0 Fuzzing :warning: 0 project is not fuzzed Vulnerabilities :warning: 0 19 existing vulnerabilities detected
npm/caniuse-lite	1.0.30001653	:green_circle: 4.3	Details Check Score Reason Code-Review :warning: 0 Found 0/28 approved changesets -- score normalized to 0 Maintained :green_circle: 10 28 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices :warning: 0 no effort to earn an OpenSSF best practices badge detected License :green_circle: 10 license file detected Signed-Releases :warning: -1 no releases found Packaging :warning: -1 packaging workflow not detected Dangerous-Workflow :green_circle: 10 no dangerous workflow patterns detected Token-Permissions :warning: 0 detected GitHub workflow tokens with excessive permissions Branch-Protection :warning: 0 branch protection not enabled on development/release branches Binary-Artifacts :green_circle: 10 no binaries found in the repo Pinned-Dependencies :warning: 0 dependency not pinned by hash detected -- score normalized to 0 Security-Policy :warning: 0 security policy file not detected Fuzzing :warning: 0 project is not fuzzed SAST :warning: 0 SAST tool is not run on all commits -- score normalized to 0 Vulnerabilities :green_circle: 9 1 existing vulnerabilities detected
npm/core-js	3.38.1	:green_circle: 5.3	Details Check Score Reason Code-Review :warning: 0 Found 1/30 approved changesets -- score normalized to 0 Maintained :green_circle: 10 30 commit(s) and 13 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices :warning: 0 no effort to earn an OpenSSF best practices badge detected License :green_circle: 10 license file detected Signed-Releases :warning: -1 no releases found Packaging :warning: -1 packaging workflow not detected Security-Policy :green_circle: 10 security policy file detected Token-Permissions :green_circle: 10 GitHub workflow tokens follow principle of least privilege Dangerous-Workflow :green_circle: 10 no dangerous workflow patterns detected Branch-Protection :warning: 0 branch protection not enabled on development/release branches SAST :warning: 0 SAST tool is not run on all commits -- score normalized to 0 Binary-Artifacts :green_circle: 10 no binaries found in the repo Pinned-Dependencies :green_circle: 5 dependency not pinned by hash detected -- score normalized to 5 Fuzzing :warning: 0 project is not fuzzed Vulnerabilities :warning: 0 17 existing vulnerabilities detected
npm/core-js-compat	3.38.1	:green_circle: 5.3	Details Check Score Reason Code-Review :warning: 0 Found 1/30 approved changesets -- score normalized to 0 Maintained :green_circle: 10 30 commit(s) and 13 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices :warning: 0 no effort to earn an OpenSSF best practices badge detected License :green_circle: 10 license file detected Signed-Releases :warning: -1 no releases found Packaging :warning: -1 packaging workflow not detected Security-Policy :green_circle: 10 security policy file detected Token-Permissions :green_circle: 10 GitHub workflow tokens follow principle of least privilege Dangerous-Workflow :green_circle: 10 no dangerous workflow patterns detected Branch-Protection :warning: 0 branch protection not enabled on development/release branches SAST :warning: 0 SAST tool is not run on all commits -- score normalized to 0 Binary-Artifacts :green_circle: 10 no binaries found in the repo Pinned-Dependencies :green_circle: 5 dependency not pinned by hash detected -- score normalized to 5 Fuzzing :warning: 0 project is not fuzzed Vulnerabilities :warning: 0 17 existing vulnerabilities detected
npm/electron-to-chromium	1.5.13	Unknown	Unknown
npm/eslint-module-utils	2.8.2	:green_circle: 5.9	Details Check Score Reason Code-Review :green_circle: 4 Found 13/29 approved changesets -- score normalized to 4 Maintained :green_circle: 10 2 commit(s) and 20 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices :warning: 0 no effort to earn an OpenSSF best practices badge detected License :green_circle: 10 license file detected Signed-Releases :warning: -1 no releases found Branch-Protection :warning: -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Packaging :warning: -1 packaging workflow not detected Dangerous-Workflow :green_circle: 10 no dangerous workflow patterns detected Token-Permissions :warning: 0 detected GitHub workflow tokens with excessive permissions Security-Policy :green_circle: 10 security policy file detected Binary-Artifacts :green_circle: 10 no binaries found in the repo Pinned-Dependencies :warning: 0 dependency not pinned by hash detected -- score normalized to 0 Vulnerabilities :green_circle: 10 0 existing vulnerabilities detected Fuzzing :warning: 0 project is not fuzzed SAST :warning: 0 SAST tool is not run on all commits -- score normalized to 0
npm/is-core-module	2.15.1	:green_circle: 5.4	Details Check Score Reason Code-Review :warning: 0 Found 0/30 approved changesets -- score normalized to 0 Maintained :green_circle: 10 13 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices :warning: 0 no effort to earn an OpenSSF best practices badge detected License :green_circle: 10 license file detected Pinned-Dependencies :warning: 0 dependency not pinned by hash detected -- score normalized to 0 SAST :warning: 0 no SAST tool detected Binary-Artifacts :green_circle: 10 no binaries found in the repo Signed-Releases :warning: -1 no releases found Packaging :warning: -1 packaging workflow not detected Dangerous-Workflow :green_circle: 10 no dangerous workflow patterns detected Token-Permissions :warning: 0 detected GitHub workflow tokens with excessive permissions Branch-Protection :warning: -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Fuzzing :warning: 0 project is not fuzzed Vulnerabilities :green_circle: 10 0 existing vulnerabilities detected Security-Policy :green_circle: 9 security policy file detected
npm/micromatch	4.0.8	:green_circle: 5.2	Details Check Score Reason Code-Review :warning: 2 Found 7/24 approved changesets -- score normalized to 2 Maintained :green_circle: 10 0 commit(s) and 12 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices :warning: 0 no effort to earn an OpenSSF best practices badge detected License :green_circle: 10 license file detected Dangerous-Workflow :green_circle: 10 no dangerous workflow patterns detected Packaging :warning: -1 packaging workflow not detected Token-Permissions :warning: 0 detected GitHub workflow tokens with excessive permissions Binary-Artifacts :green_circle: 10 no binaries found in the repo Pinned-Dependencies :warning: 0 dependency not pinned by hash detected -- score normalized to 0 Branch-Protection :warning: 0 branch protection not enabled on development/release branches Vulnerabilities :green_circle: 10 0 existing vulnerabilities detected Signed-Releases :warning: -1 no releases found Fuzzing :warning: 0 project is not fuzzed Security-Policy :green_circle: 10 security policy file detected SAST :warning: 0 SAST tool is not run on all commits -- score normalized to 0
npm/spdx-license-ids	3.0.20	:green_circle: 4.1	Details Check Score Reason Maintained :green_circle: 10 12 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10 Code-Review :warning: 0 Found 2/30 approved changesets -- score normalized to 0 CII-Best-Practices :warning: 0 no effort to earn an OpenSSF best practices badge detected Signed-Releases :warning: -1 no releases found Packaging :warning: -1 packaging workflow not detected Binary-Artifacts :green_circle: 10 no binaries found in the repo License :warning: 0 license file not detected Dangerous-Workflow :green_circle: 10 no dangerous workflow patterns detected Pinned-Dependencies :warning: 0 dependency not pinned by hash detected -- score normalized to 0 Token-Permissions :warning: 0 detected GitHub workflow tokens with excessive permissions Branch-Protection :warning: 0 branch protection not enabled on development/release branches Security-Policy :warning: 0 security policy file not detected Vulnerabilities :green_circle: 10 0 existing vulnerabilities detected Fuzzing :warning: 0 project is not fuzzed SAST :warning: 0 SAST tool is not run on all commits -- score normalized to 0
npm/tslib	2.7.0	:green_circle: 5.5	Details Check Score Reason Maintained :warning: 0 0 commit(s) out of 30 and 1 issue activity out of 30 found in the last 90 days -- score normalized to 0 Code-Review :green_circle: 7 GitHub code reviews found for 23 commits out of the last 30 -- score normalized to 7 CII-Best-Practices :warning: 0 no badge detected Vulnerabilities :green_circle: 10 no vulnerabilities detected Dangerous-Workflow :green_circle: 10 no dangerous workflow patterns detected Packaging :warning: -1 no published package detected Token-Permissions :warning: 0 non read-only tokens detected in GitHub workflows License :green_circle: 10 license file detected Binary-Artifacts :green_circle: 10 no binaries found in the repo Pinned-Dependencies :green_circle: 9 dependency not pinned by hash detected -- score normalized to 9 Signed-Releases :warning: -1 no releases found Security-Policy :green_circle: 10 security policy file detected Branch-Protection :warning: 0 branch protection not enabled on development/release branches Dependency-Update-Tool :warning: 0 no update tool detected Fuzzing :warning: -1 internal error: internal error: Client.Search.Code: Search.Code: GET https://api.github.com/search/code?q=github.com+microsoft+tslib+repo%3Agoogle%2Foss-fuzz+in%3Afile+filename%3Aproject.yaml: 400 []
npm/undici-types	6.19.8	:green_circle: 8.3	Details Check Score Reason Binary-Artifacts :green_circle: 8 binaries present in source code Branch-Protection :warning: -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration CI-Tests :green_circle: 10 30 out of 30 merged PRs checked by a CI test -- score normalized to 10 CII-Best-Practices :warning: 0 no effort to earn an OpenSSF best practices badge detected Code-Review :green_circle: 10 all changesets reviewed Contributors :green_circle: 10 project has 97 contributing companies or organizations Dangerous-Workflow :green_circle: 10 no dangerous workflow patterns detected Dependency-Update-Tool :green_circle: 10 update tool detected Fuzzing :green_circle: 10 project is fuzzed License :green_circle: 10 license file detected Maintained :green_circle: 10 30 commit(s) and 11 issue activity found in the last 90 days -- score normalized to 10 Packaging :green_circle: 10 packaging workflow detected Pinned-Dependencies :green_circle: 3 dependency not pinned by hash detected -- score normalized to 3 SAST :green_circle: 10 SAST tool is run on all commits Security-Policy :green_circle: 9 security policy file detected Signed-Releases :warning: -1 no releases found Token-Permissions :warning: 0 detected GitHub workflow tokens with excessive permissions Vulnerabilities :green_circle: 10 0 existing vulnerabilities detected

Scanned Manifest Files

composer.lock

• composer/pcre@3.3.1
• composer/pcre@3.2.0

package-lock.json

• micromatch@4.0.7
• @babel/plugin-syntax-typescript@7.25.4
• @babel/plugin-transform-runtime@7.25.4
• @babel/runtime@7.25.4
• caniuse-lite@1.0.30001653
• core-js@3.38.1
• core-js-compat@3.38.1
• electron-to-chromium@1.5.13
• eslint-module-utils@2.8.2
• is-core-module@2.15.1
• micromatch@4.0.8
• spdx-license-ids@3.0.20
• tslib@2.7.0
• undici-types@6.19.8
• @babel/plugin-syntax-typescript@7.24.7
• @babel/plugin-transform-runtime@7.24.7
• @babel/runtime@7.25.0
• caniuse-lite@1.0.30001651
• core-js@3.38.0
• core-js-compat@3.38.0
• electron-to-chromium@1.5.11
• eslint-module-utils@2.8.1
• is-core-module@2.15.0
• spdx-license-ids@3.0.18
• tslib@2.6.3
• undici-types@6.19.6