chore(deps): lock file maintenance

[renovate[bot]]

This PR contains the following updates:

Update	Change
lockFileMaintenance	All locks refreshed

🔧 This Pull Request updates lock files to use the latest dependency versions.

---

Configuration

📅 Schedule: Branch creation - "before 5am on monday" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• [ ] If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[github-actions[bot]]

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

Scorecard details

Package	Version	Score	Details
composer/guzzlehttp/promises	2.0.4	:green_circle: 4	Details Check Score Reason Code-Review :warning: 0 Found 1/30 approved changesets -- score normalized to 0 Maintained :warning: 1 2 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 1 CII-Best-Practices :warning: 0 no effort to earn an OpenSSF best practices badge detected License :green_circle: 10 license file detected Signed-Releases :warning: -1 no releases found Dangerous-Workflow :warning: -1 no workflows found Token-Permissions :warning: -1 No tokens found Binary-Artifacts :green_circle: 10 no binaries found in the repo Pinned-Dependencies :warning: -1 no dependencies found Packaging :warning: -1 packaging workflow not detected Vulnerabilities :green_circle: 10 0 existing vulnerabilities detected Fuzzing :warning: 0 project is not fuzzed Security-Policy :green_circle: 10 security policy file detected SAST :warning: 0 SAST tool is not run on all commits -- score normalized to 0 Branch-Protection :warning: 0 branch protection not enabled on development/release branches
composer/phpstan/phpdoc-parser	1.33.0	:green_circle: 5.3	Details Check Score Reason Code-Review :warning: 1 Found 4/30 approved changesets -- score normalized to 1 Maintained :green_circle: 10 30 commit(s) and 10 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices :warning: 0 no effort to earn an OpenSSF best practices badge detected License :green_circle: 10 license file detected Signed-Releases :warning: -1 no releases found Token-Permissions :warning: -1 No tokens found Dangerous-Workflow :warning: -1 no workflows found Packaging :warning: -1 packaging workflow not detected Pinned-Dependencies :warning: -1 no dependencies found Binary-Artifacts :green_circle: 10 no binaries found in the repo Branch-Protection :warning: 0 branch protection not enabled on development/release branches Vulnerabilities :green_circle: 10 0 existing vulnerabilities detected Fuzzing :warning: 0 project is not fuzzed Security-Policy :green_circle: 10 security policy file detected SAST :warning: 0 SAST tool is not run on all commits -- score normalized to 0
npm/@babel/parser	7.25.8	:green_circle: 6.2	Details Check Score Reason Code-Review :green_circle: 7 Found 23/29 approved changesets -- score normalized to 7 Maintained :green_circle: 10 30 commit(s) and 17 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices :warning: 2 badge detected: InProgress License :green_circle: 10 license file detected Signed-Releases :warning: -1 no releases found Branch-Protection :warning: -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Packaging :warning: -1 packaging workflow not detected Security-Policy :green_circle: 10 security policy file detected Dangerous-Workflow :green_circle: 10 no dangerous workflow patterns detected Token-Permissions :green_circle: 9 detected GitHub workflow tokens with excessive permissions SAST :warning: 0 SAST tool is not run on all commits -- score normalized to 0 Binary-Artifacts :green_circle: 10 no binaries found in the repo Pinned-Dependencies :warning: 0 dependency not pinned by hash detected -- score normalized to 0 Fuzzing :warning: 0 project is not fuzzed Vulnerabilities :warning: 0 21 existing vulnerabilities detected
npm/@babel/types	7.25.8	:green_circle: 6.2	Details Check Score Reason Code-Review :green_circle: 7 Found 23/29 approved changesets -- score normalized to 7 Maintained :green_circle: 10 30 commit(s) and 17 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices :warning: 2 badge detected: InProgress License :green_circle: 10 license file detected Signed-Releases :warning: -1 no releases found Branch-Protection :warning: -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Packaging :warning: -1 packaging workflow not detected Security-Policy :green_circle: 10 security policy file detected Dangerous-Workflow :green_circle: 10 no dangerous workflow patterns detected Token-Permissions :green_circle: 9 detected GitHub workflow tokens with excessive permissions SAST :warning: 0 SAST tool is not run on all commits -- score normalized to 0 Binary-Artifacts :green_circle: 10 no binaries found in the repo Pinned-Dependencies :warning: 0 dependency not pinned by hash detected -- score normalized to 0 Fuzzing :warning: 0 project is not fuzzed Vulnerabilities :warning: 0 21 existing vulnerabilities detected
npm/acorn	8.13.0	:green_circle: 5.3	Details Check Score Reason Code-Review :green_circle: 3 Found 8/26 approved changesets -- score normalized to 3 Maintained :green_circle: 10 6 commit(s) and 7 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices :warning: 0 no effort to earn an OpenSSF best practices badge detected Signed-Releases :warning: -1 no releases found Token-Permissions :green_circle: 10 GitHub workflow tokens follow principle of least privilege Packaging :warning: -1 packaging workflow not detected Dangerous-Workflow :green_circle: 10 no dangerous workflow patterns detected License :warning: 0 license file not detected Binary-Artifacts :green_circle: 10 no binaries found in the repo Branch-Protection :warning: 0 branch protection not enabled on development/release branches Vulnerabilities :green_circle: 10 0 existing vulnerabilities detected Security-Policy :warning: 0 security policy file not detected Pinned-Dependencies :warning: 0 dependency not pinned by hash detected -- score normalized to 0 Fuzzing :warning: 0 project is not fuzzed SAST :warning: 0 SAST tool is not run on all commits -- score normalized to 0
npm/axe-core	4.10.1	:green_circle: 6	Details Check Score Reason Code-Review :green_circle: 10 all changesets reviewed Maintained :green_circle: 10 26 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices :warning: 0 no effort to earn an OpenSSF best practices badge detected License :green_circle: 10 license file detected Signed-Releases :warning: -1 no releases found Branch-Protection :warning: -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Packaging :warning: -1 packaging workflow not detected Dangerous-Workflow :green_circle: 10 no dangerous workflow patterns detected Security-Policy :green_circle: 10 security policy file detected Token-Permissions :warning: 0 detected GitHub workflow tokens with excessive permissions Binary-Artifacts :green_circle: 10 no binaries found in the repo Pinned-Dependencies :green_circle: 5 dependency not pinned by hash detected -- score normalized to 5 Fuzzing :warning: 0 project is not fuzzed SAST :warning: 0 SAST tool is not run on all commits -- score normalized to 0 Vulnerabilities :warning: 1 9 existing vulnerabilities detected
npm/caniuse-lite	1.0.30001669	:green_circle: 4.4	Details Check Score Reason Code-Review :warning: 0 Found 0/28 approved changesets -- score normalized to 0 Maintained :green_circle: 10 23 commit(s) and 5 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices :warning: 0 no effort to earn an OpenSSF best practices badge detected License :green_circle: 10 license file detected Signed-Releases :warning: -1 no releases found Packaging :warning: -1 packaging workflow not detected Dangerous-Workflow :green_circle: 10 no dangerous workflow patterns detected Token-Permissions :warning: 0 detected GitHub workflow tokens with excessive permissions Branch-Protection :warning: 0 branch protection not enabled on development/release branches Security-Policy :warning: 0 security policy file not detected Binary-Artifacts :green_circle: 10 no binaries found in the repo Pinned-Dependencies :warning: 0 dependency not pinned by hash detected -- score normalized to 0 Fuzzing :warning: 0 project is not fuzzed SAST :warning: 0 SAST tool is not run on all commits -- score normalized to 0 Vulnerabilities :green_circle: 10 0 existing vulnerabilities detected
npm/electron-to-chromium	1.5.41	Unknown	Unknown
npm/es-iterator-helpers	1.1.0	:green_circle: 4.9	Details Check Score Reason Code-Review :warning: 0 Found 1/30 approved changesets -- score normalized to 0 Maintained :green_circle: 5 6 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 5 CII-Best-Practices :warning: 0 no effort to earn an OpenSSF best practices badge detected Signed-Releases :warning: -1 no releases found License :green_circle: 10 license file detected Dangerous-Workflow :green_circle: 10 no dangerous workflow patterns detected Packaging :warning: -1 packaging workflow not detected Binary-Artifacts :green_circle: 10 no binaries found in the repo Pinned-Dependencies :warning: 0 dependency not pinned by hash detected -- score normalized to 0 Token-Permissions :warning: 0 detected GitHub workflow tokens with excessive permissions Vulnerabilities :green_circle: 10 0 existing vulnerabilities detected Fuzzing :warning: 0 project is not fuzzed Branch-Protection :warning: -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Security-Policy :green_circle: 9 security policy file detected SAST :warning: 0 SAST tool is not run on all commits -- score normalized to 0
npm/iterator.prototype	1.1.3	:green_circle: 5.9	Details Check Score Reason Code-Review :warning: 0 Found 0/24 approved changesets -- score normalized to 0 Maintained :green_circle: 4 5 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 4 CII-Best-Practices :warning: 0 no effort to earn an OpenSSF best practices badge detected License :green_circle: 10 license file detected Signed-Releases :warning: -1 no releases found Dangerous-Workflow :green_circle: 10 no dangerous workflow patterns detected Packaging :warning: -1 packaging workflow not detected Pinned-Dependencies :warning: 0 dependency not pinned by hash detected -- score normalized to 0 Binary-Artifacts :green_circle: 10 no binaries found in the repo SAST :warning: 0 no SAST tool detected Token-Permissions :green_circle: 10 GitHub workflow tokens follow principle of least privilege Branch-Protection :warning: -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Fuzzing :warning: 0 project is not fuzzed Vulnerabilities :green_circle: 10 0 existing vulnerabilities detected Security-Policy :green_circle: 9 security policy file detected
npm/picocolors	1.1.1	:green_circle: 4.5	Details Check Score Reason Code-Review :green_circle: 5 Found 11/21 approved changesets -- score normalized to 5 Maintained :green_circle: 6 5 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 6 CII-Best-Practices :warning: 0 no effort to earn an OpenSSF best practices badge detected License :green_circle: 10 license file detected Signed-Releases :warning: -1 no releases found Binary-Artifacts :green_circle: 10 no binaries found in the repo Dangerous-Workflow :green_circle: 10 no dangerous workflow patterns detected Packaging :warning: -1 packaging workflow not detected Token-Permissions :warning: 0 detected GitHub workflow tokens with excessive permissions Pinned-Dependencies :warning: 0 dependency not pinned by hash detected -- score normalized to 0 Branch-Protection :warning: 0 branch protection not enabled on development/release branches Security-Policy :warning: 0 security policy file not detected Fuzzing :warning: 0 project is not fuzzed Vulnerabilities :green_circle: 10 0 existing vulnerabilities detected SAST :warning: 0 SAST tool is not run on all commits -- score normalized to 0
npm/string.prototype.includes	2.0.1	:green_circle: 4.4	Details Check Score Reason Code-Review :warning: 1 Found 2/15 approved changesets -- score normalized to 1 Maintained :green_circle: 9 11 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 9 CII-Best-Practices :warning: 0 no effort to earn an OpenSSF best practices badge detected License :green_circle: 10 license file detected Signed-Releases :warning: -1 no releases found Binary-Artifacts :green_circle: 10 no binaries found in the repo Dangerous-Workflow :green_circle: 10 no dangerous workflow patterns detected Packaging :warning: -1 packaging workflow not detected Pinned-Dependencies :warning: 0 dependency not pinned by hash detected -- score normalized to 0 Token-Permissions :warning: 0 detected GitHub workflow tokens with excessive permissions Security-Policy :warning: 0 security policy file not detected Vulnerabilities :green_circle: 10 0 existing vulnerabilities detected Fuzzing :warning: 0 project is not fuzzed Branch-Protection :warning: 0 branch protection not enabled on development/release branches SAST :warning: 0 SAST tool is not run on all commits -- score normalized to 0
npm/synckit	0.9.2	Unknown	Unknown
npm/terser	5.36.0	:green_circle: 6.3	Details Check Score Reason Code-Review :warning: 1 Found 4/29 approved changesets -- score normalized to 1 Maintained :green_circle: 10 30 commit(s) and 6 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices :warning: 0 no effort to earn an OpenSSF best practices badge detected License :green_circle: 9 license file detected Signed-Releases :warning: -1 no releases found Packaging :warning: -1 packaging workflow not detected Dangerous-Workflow :green_circle: 10 no dangerous workflow patterns detected Security-Policy :green_circle: 10 security policy file detected Token-Permissions :green_circle: 10 GitHub workflow tokens follow principle of least privilege Branch-Protection :warning: 0 branch protection not enabled on development/release branches SAST :warning: 0 SAST tool is not run on all commits -- score normalized to 0 Binary-Artifacts :green_circle: 10 no binaries found in the repo Pinned-Dependencies :green_circle: 5 dependency not pinned by hash detected -- score normalized to 5 Fuzzing :warning: 0 project is not fuzzed Vulnerabilities :green_circle: 10 0 existing vulnerabilities detected
npm/tslib	2.8.0	:green_circle: 5.5	Details Check Score Reason Maintained :warning: 0 0 commit(s) out of 30 and 1 issue activity out of 30 found in the last 90 days -- score normalized to 0 Code-Review :green_circle: 7 GitHub code reviews found for 23 commits out of the last 30 -- score normalized to 7 CII-Best-Practices :warning: 0 no badge detected Vulnerabilities :green_circle: 10 no vulnerabilities detected Dangerous-Workflow :green_circle: 10 no dangerous workflow patterns detected Packaging :warning: -1 no published package detected Token-Permissions :warning: 0 non read-only tokens detected in GitHub workflows License :green_circle: 10 license file detected Binary-Artifacts :green_circle: 10 no binaries found in the repo Pinned-Dependencies :green_circle: 9 dependency not pinned by hash detected -- score normalized to 9 Signed-Releases :warning: -1 no releases found Security-Policy :green_circle: 10 security policy file detected Branch-Protection :warning: 0 branch protection not enabled on development/release branches Dependency-Update-Tool :warning: 0 no update tool detected Fuzzing :warning: -1 internal error: internal error: Client.Search.Code: Search.Code: GET https://api.github.com/search/code?q=github.com+microsoft+tslib+repo%3Agoogle%2Foss-fuzz+in%3Afile+filename%3Aproject.yaml: 400 []

Scanned Manifest Files

composer.lock

• guzzlehttp/promises@2.0.4
• phpstan/phpdoc-parser@1.33.0
• guzzlehttp/promises@2.0.3
• phpstan/phpdoc-parser@1.32.0

package-lock.json

• @babel/parser@7.25.8
• @babel/types@7.25.8
• acorn@8.13.0
• axe-core@4.10.1
• caniuse-lite@1.0.30001669
• electron-to-chromium@1.5.41
• es-iterator-helpers@1.1.0
• iterator.prototype@1.1.3
• picocolors@1.1.1
• string.prototype.includes@2.0.1
• synckit@0.9.2
• terser@5.36.0
• tslib@2.8.0
• @babel/parser@7.25.7
• @babel/preset-env@7.25.8
• @babel/types@7.25.7
• acorn@8.12.1
• axe-core@4.10.0
• caniuse-lite@1.0.30001667
• electron-to-chromium@1.5.32
• es-iterator-helpers@1.0.19
• iterator.prototype@1.1.2
• picocolors@1.1.0
• string.prototype.includes@2.0.0
• synckit@0.9.1
• terser@5.34.1
• tslib@2.7.0