search

sjinks / wp-two-factor-provider-webauthn

WebAuthn Provider for Two Factor plugin
https://wordpress.org/plugins/two-factor-provider-webauthn/
MIT License
15 stars 7 forks source link

chore(deps): update devdependencies (non-major) #935

Closed renovate[bot] closed 2 days ago

renovate[bot] commented 1 week ago

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
@playwright/test (source) 1.48.2 -> 1.49.0 age adoption passing confidence
@types/node (source) 22.9.0 -> 22.9.3 age adoption passing confidence
eslint-plugin-playwright 2.0.1 -> 2.1.0 age adoption passing confidence
johnpbloch/wordpress-core (source) 6.7.0 -> 6.7.1 age adoption passing confidence
php-stubs/wordpress-stubs 6.6.2 -> 6.7.1 age adoption passing confidence
playwright-core (source) 1.48.2 -> 1.49.0 age adoption passing confidence
rollup (source) 4.27.2 -> 4.27.4 age adoption passing confidence
typescript (source) 5.6.3 -> 5.7.2 age adoption passing confidence
wp-phpunit/wp-phpunit (source) 6.7.0 -> 6.7.1 age adoption passing confidence

Release Notes

microsoft/playwright (@​playwright/test) ### [`v1.49.0`](https://redirect.github.com/microsoft/playwright/compare/v1.48.2...v1.49.0) [Compare Source](https://redirect.github.com/microsoft/playwright/compare/v1.48.2...v1.49.0)
playwright-community/eslint-plugin-playwright (eslint-plugin-playwright) ### [`v2.1.0`](https://redirect.github.com/playwright-community/eslint-plugin-playwright/releases/tag/v2.1.0) [Compare Source](https://redirect.github.com/playwright-community/eslint-plugin-playwright/compare/v2.0.1...v2.1.0) ##### Features - Add `test.fail.only` as a valid chain ([c067ad2](https://redirect.github.com/playwright-community/eslint-plugin-playwright/commit/c067ad203fba4617a9e04ee610dc0ee3d1b40f04))
johnpbloch/wordpress-core (johnpbloch/wordpress-core) ### [`v6.7.1`](https://redirect.github.com/johnpbloch/wordpress-core/compare/6.7.0...6.7.1) [Compare Source](https://redirect.github.com/johnpbloch/wordpress-core/compare/6.7.0...6.7.1)
php-stubs/wordpress-stubs (php-stubs/wordpress-stubs) ### [`v6.7.1`](https://redirect.github.com/php-stubs/wordpress-stubs/releases/tag/v6.7.1): Fixes for a modern world [Compare Source](https://redirect.github.com/php-stubs/wordpress-stubs/compare/v6.7.0...v6.7.1) ### [`v6.7.0`](https://redirect.github.com/php-stubs/wordpress-stubs/releases/tag/v6.7.0): Welcome to a modern world! [Compare Source](https://redirect.github.com/php-stubs/wordpress-stubs/compare/v6.6.2...v6.7.0)
rollup/rollup (rollup) ### [`v4.27.4`](https://redirect.github.com/rollup/rollup/blob/HEAD/CHANGELOG.md#4274) [Compare Source](https://redirect.github.com/rollup/rollup/compare/v4.27.3...v4.27.4) *2024-11-23* ##### Bug Fixes - Update bundled magic-string to support sourcemap debug ids ([#​5740](https://redirect.github.com/rollup/rollup/issues/5740)) ##### Pull Requests - [#​5740](https://redirect.github.com/rollup/rollup/pull/5740): chore(deps): lock file maintenance minor/patch updates ([@​renovate](https://redirect.github.com/renovate)\[bot]) ### [`v4.27.3`](https://redirect.github.com/rollup/rollup/blob/HEAD/CHANGELOG.md#4273) [Compare Source](https://redirect.github.com/rollup/rollup/compare/v4.27.2...v4.27.3) *2024-11-18* ##### Bug Fixes - Revert object property tree-shaking for now ([#​5736](https://redirect.github.com/rollup/rollup/issues/5736)) ##### Pull Requests - [#​5736](https://redirect.github.com/rollup/rollup/pull/5736): Revert object tree-shaking until some issues have been resolved ([@​lukastaegert](https://redirect.github.com/lukastaegert))
microsoft/TypeScript (typescript) ### [`v5.7.2`](https://redirect.github.com/microsoft/TypeScript/compare/v5.6.3...d701d908d534e68cfab24b6df15539014ac348a3) [Compare Source](https://redirect.github.com/microsoft/TypeScript/compare/v5.6.3...v5.7.2)
wp-phpunit/wp-phpunit (wp-phpunit/wp-phpunit) ### [`v6.7.1`](https://redirect.github.com/wp-phpunit/wp-phpunit/compare/6.7.0...6.7.1) [Compare Source](https://redirect.github.com/wp-phpunit/wp-phpunit/compare/6.7.0...6.7.1)

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

â™» Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

This PR was generated by Mend Renovate. View the repository job log.

github-actions[bot] commented 1 week ago

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

Scorecard details
PackageVersionScoreDetails
composer/johnpbloch/wordpress-core 6.7.1 UnknownUnknown
composer/php-stubs/wordpress-stubs 6.7.1 UnknownUnknown
composer/wp-phpunit/wp-phpunit 6.7.1 UnknownUnknown
npm/@playwright/test 1.49.0 :green_circle: 6.5
Details
CheckScoreReason
Maintained:green_circle: 1030 commit(s) out of 30 and 6 issue activity out of 30 found in the last 90 days -- score normalized to 10
Code-Review:green_circle: 9GitHub code reviews found for 29 commits out of the last 30 -- score normalized to 9
CII-Best-Practices:warning: 0no badge detected
Vulnerabilities:green_circle: 10no vulnerabilities detected
Signed-Releases:warning: -1no releases found
Security-Policy:green_circle: 10security policy file detected
License:green_circle: 10license file detected
Dangerous-Workflow:green_circle: 10no dangerous workflow patterns detected
Packaging:warning: -1no published package detected
Token-Permissions:warning: 0non read-only tokens detected in GitHub workflows
Binary-Artifacts:green_circle: 6binaries present in source code
Dependency-Update-Tool:green_circle: 10update tool detected
Fuzzing:warning: 0project is not fuzzed
Pinned-Dependencies:warning: 0dependency not pinned by hash detected -- score normalized to 0
Branch-Protection:green_circle: 3branch protection is not maximal on development and all release branches
npm/@rollup/rollup-android-arm-eabi 4.27.4 :green_circle: 6
Details
CheckScoreReason
Code-Review:warning: 2Found 7/24 approved changesets -- score normalized to 2
Packaging:warning: -1packaging workflow not detected
Maintained:green_circle: 1030 commit(s) and 15 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices:warning: 0no effort to earn an OpenSSF best practices badge detected
Dangerous-Workflow:green_circle: 10no dangerous workflow patterns detected
Security-Policy:green_circle: 10security policy file detected
License:green_circle: 9license file detected
Branch-Protection:green_circle: 8branch protection is not maximal on development and all release branches
Token-Permissions:warning: 0detected GitHub workflow tokens with excessive permissions
Signed-Releases:warning: -1no releases found
Binary-Artifacts:green_circle: 10no binaries found in the repo
Pinned-Dependencies:warning: 2dependency not pinned by hash detected -- score normalized to 2
SAST:warning: 0SAST tool is not run on all commits -- score normalized to 0
Fuzzing:warning: 0project is not fuzzed
Vulnerabilities:green_circle: 100 existing vulnerabilities detected
npm/@rollup/rollup-android-arm64 4.27.4 :green_circle: 6
Details
CheckScoreReason
Code-Review:warning: 2Found 7/24 approved changesets -- score normalized to 2
Packaging:warning: -1packaging workflow not detected
Maintained:green_circle: 1030 commit(s) and 15 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices:warning: 0no effort to earn an OpenSSF best practices badge detected
Dangerous-Workflow:green_circle: 10no dangerous workflow patterns detected
Security-Policy:green_circle: 10security policy file detected
License:green_circle: 9license file detected
Branch-Protection:green_circle: 8branch protection is not maximal on development and all release branches
Token-Permissions:warning: 0detected GitHub workflow tokens with excessive permissions
Signed-Releases:warning: -1no releases found
Binary-Artifacts:green_circle: 10no binaries found in the repo
Pinned-Dependencies:warning: 2dependency not pinned by hash detected -- score normalized to 2
SAST:warning: 0SAST tool is not run on all commits -- score normalized to 0
Fuzzing:warning: 0project is not fuzzed
Vulnerabilities:green_circle: 100 existing vulnerabilities detected
npm/@rollup/rollup-darwin-arm64 4.27.4 :green_circle: 6
Details
CheckScoreReason
Code-Review:warning: 2Found 7/24 approved changesets -- score normalized to 2
Packaging:warning: -1packaging workflow not detected
Maintained:green_circle: 1030 commit(s) and 15 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices:warning: 0no effort to earn an OpenSSF best practices badge detected
Dangerous-Workflow:green_circle: 10no dangerous workflow patterns detected
Security-Policy:green_circle: 10security policy file detected
License:green_circle: 9license file detected
Branch-Protection:green_circle: 8branch protection is not maximal on development and all release branches
Token-Permissions:warning: 0detected GitHub workflow tokens with excessive permissions
Signed-Releases:warning: -1no releases found
Binary-Artifacts:green_circle: 10no binaries found in the repo
Pinned-Dependencies:warning: 2dependency not pinned by hash detected -- score normalized to 2
SAST:warning: 0SAST tool is not run on all commits -- score normalized to 0
Fuzzing:warning: 0project is not fuzzed
Vulnerabilities:green_circle: 100 existing vulnerabilities detected
npm/@rollup/rollup-darwin-x64 4.27.4 :green_circle: 6
Details
CheckScoreReason
Code-Review:warning: 2Found 7/24 approved changesets -- score normalized to 2
Packaging:warning: -1packaging workflow not detected
Maintained:green_circle: 1030 commit(s) and 15 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices:warning: 0no effort to earn an OpenSSF best practices badge detected
Dangerous-Workflow:green_circle: 10no dangerous workflow patterns detected
Security-Policy:green_circle: 10security policy file detected
License:green_circle: 9license file detected
Branch-Protection:green_circle: 8branch protection is not maximal on development and all release branches
Token-Permissions:warning: 0detected GitHub workflow tokens with excessive permissions
Signed-Releases:warning: -1no releases found
Binary-Artifacts:green_circle: 10no binaries found in the repo
Pinned-Dependencies:warning: 2dependency not pinned by hash detected -- score normalized to 2
SAST:warning: 0SAST tool is not run on all commits -- score normalized to 0
Fuzzing:warning: 0project is not fuzzed
Vulnerabilities:green_circle: 100 existing vulnerabilities detected
npm/@rollup/rollup-freebsd-arm64 4.27.4 :green_circle: 6
Details
CheckScoreReason
Code-Review:warning: 2Found 7/24 approved changesets -- score normalized to 2
Packaging:warning: -1packaging workflow not detected
Maintained:green_circle: 1030 commit(s) and 15 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices:warning: 0no effort to earn an OpenSSF best practices badge detected
Dangerous-Workflow:green_circle: 10no dangerous workflow patterns detected
Security-Policy:green_circle: 10security policy file detected
License:green_circle: 9license file detected
Branch-Protection:green_circle: 8branch protection is not maximal on development and all release branches
Token-Permissions:warning: 0detected GitHub workflow tokens with excessive permissions
Signed-Releases:warning: -1no releases found
Binary-Artifacts:green_circle: 10no binaries found in the repo
Pinned-Dependencies:warning: 2dependency not pinned by hash detected -- score normalized to 2
SAST:warning: 0SAST tool is not run on all commits -- score normalized to 0
Fuzzing:warning: 0project is not fuzzed
Vulnerabilities:green_circle: 100 existing vulnerabilities detected
npm/@rollup/rollup-freebsd-x64 4.27.4 :green_circle: 6
Details
CheckScoreReason
Code-Review:warning: 2Found 7/24 approved changesets -- score normalized to 2
Packaging:warning: -1packaging workflow not detected
Maintained:green_circle: 1030 commit(s) and 15 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices:warning: 0no effort to earn an OpenSSF best practices badge detected
Dangerous-Workflow:green_circle: 10no dangerous workflow patterns detected
Security-Policy:green_circle: 10security policy file detected
License:green_circle: 9license file detected
Branch-Protection:green_circle: 8branch protection is not maximal on development and all release branches
Token-Permissions:warning: 0detected GitHub workflow tokens with excessive permissions
Signed-Releases:warning: -1no releases found
Binary-Artifacts:green_circle: 10no binaries found in the repo
Pinned-Dependencies:warning: 2dependency not pinned by hash detected -- score normalized to 2
SAST:warning: 0SAST tool is not run on all commits -- score normalized to 0
Fuzzing:warning: 0project is not fuzzed
Vulnerabilities:green_circle: 100 existing vulnerabilities detected
npm/@rollup/rollup-linux-arm-gnueabihf 4.27.4 :green_circle: 6
Details
CheckScoreReason
Code-Review:warning: 2Found 7/24 approved changesets -- score normalized to 2
Packaging:warning: -1packaging workflow not detected
Maintained:green_circle: 1030 commit(s) and 15 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices:warning: 0no effort to earn an OpenSSF best practices badge detected
Dangerous-Workflow:green_circle: 10no dangerous workflow patterns detected
Security-Policy:green_circle: 10security policy file detected
License:green_circle: 9license file detected
Branch-Protection:green_circle: 8branch protection is not maximal on development and all release branches
Token-Permissions:warning: 0detected GitHub workflow tokens with excessive permissions
Signed-Releases:warning: -1no releases found
Binary-Artifacts:green_circle: 10no binaries found in the repo
Pinned-Dependencies:warning: 2dependency not pinned by hash detected -- score normalized to 2
SAST:warning: 0SAST tool is not run on all commits -- score normalized to 0
Fuzzing:warning: 0project is not fuzzed
Vulnerabilities:green_circle: 100 existing vulnerabilities detected
npm/@rollup/rollup-linux-arm-musleabihf 4.27.4 :green_circle: 6
Details
CheckScoreReason
Code-Review:warning: 2Found 7/24 approved changesets -- score normalized to 2
Packaging:warning: -1packaging workflow not detected
Maintained:green_circle: 1030 commit(s) and 15 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices:warning: 0no effort to earn an OpenSSF best practices badge detected
Dangerous-Workflow:green_circle: 10no dangerous workflow patterns detected
Security-Policy:green_circle: 10security policy file detected
License:green_circle: 9license file detected
Branch-Protection:green_circle: 8branch protection is not maximal on development and all release branches
Token-Permissions:warning: 0detected GitHub workflow tokens with excessive permissions
Signed-Releases:warning: -1no releases found
Binary-Artifacts:green_circle: 10no binaries found in the repo
Pinned-Dependencies:warning: 2dependency not pinned by hash detected -- score normalized to 2
SAST:warning: 0SAST tool is not run on all commits -- score normalized to 0
Fuzzing:warning: 0project is not fuzzed
Vulnerabilities:green_circle: 100 existing vulnerabilities detected
npm/@rollup/rollup-linux-arm64-gnu 4.27.4 :green_circle: 6
Details
CheckScoreReason
Code-Review:warning: 2Found 7/24 approved changesets -- score normalized to 2
Packaging:warning: -1packaging workflow not detected
Maintained:green_circle: 1030 commit(s) and 15 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices:warning: 0no effort to earn an OpenSSF best practices badge detected
Dangerous-Workflow:green_circle: 10no dangerous workflow patterns detected
Security-Policy:green_circle: 10security policy file detected
License:green_circle: 9license file detected
Branch-Protection:green_circle: 8branch protection is not maximal on development and all release branches
Token-Permissions:warning: 0detected GitHub workflow tokens with excessive permissions
Signed-Releases:warning: -1no releases found
Binary-Artifacts:green_circle: 10no binaries found in the repo
Pinned-Dependencies:warning: 2dependency not pinned by hash detected -- score normalized to 2
SAST:warning: 0SAST tool is not run on all commits -- score normalized to 0
Fuzzing:warning: 0project is not fuzzed
Vulnerabilities:green_circle: 100 existing vulnerabilities detected
npm/@rollup/rollup-linux-arm64-musl 4.27.4 :green_circle: 6
Details
CheckScoreReason
Code-Review:warning: 2Found 7/24 approved changesets -- score normalized to 2
Packaging:warning: -1packaging workflow not detected
Maintained:green_circle: 1030 commit(s) and 15 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices:warning: 0no effort to earn an OpenSSF best practices badge detected
Dangerous-Workflow:green_circle: 10no dangerous workflow patterns detected
Security-Policy:green_circle: 10security policy file detected
License:green_circle: 9license file detected
Branch-Protection:green_circle: 8branch protection is not maximal on development and all release branches
Token-Permissions:warning: 0detected GitHub workflow tokens with excessive permissions
Signed-Releases:warning: -1no releases found
Binary-Artifacts:green_circle: 10no binaries found in the repo
Pinned-Dependencies:warning: 2dependency not pinned by hash detected -- score normalized to 2
SAST:warning: 0SAST tool is not run on all commits -- score normalized to 0
Fuzzing:warning: 0project is not fuzzed
Vulnerabilities:green_circle: 100 existing vulnerabilities detected
npm/@rollup/rollup-linux-powerpc64le-gnu 4.27.4 :green_circle: 6
Details
CheckScoreReason
Code-Review:warning: 2Found 7/24 approved changesets -- score normalized to 2
Packaging:warning: -1packaging workflow not detected
Maintained:green_circle: 1030 commit(s) and 15 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices:warning: 0no effort to earn an OpenSSF best practices badge detected
Dangerous-Workflow:green_circle: 10no dangerous workflow patterns detected
Security-Policy:green_circle: 10security policy file detected
License:green_circle: 9license file detected
Branch-Protection:green_circle: 8branch protection is not maximal on development and all release branches
Token-Permissions:warning: 0detected GitHub workflow tokens with excessive permissions
Signed-Releases:warning: -1no releases found
Binary-Artifacts:green_circle: 10no binaries found in the repo
Pinned-Dependencies:warning: 2dependency not pinned by hash detected -- score normalized to 2
SAST:warning: 0SAST tool is not run on all commits -- score normalized to 0
Fuzzing:warning: 0project is not fuzzed
Vulnerabilities:green_circle: 100 existing vulnerabilities detected
npm/@rollup/rollup-linux-riscv64-gnu 4.27.4 :green_circle: 6
Details
CheckScoreReason
Code-Review:warning: 2Found 7/24 approved changesets -- score normalized to 2
Packaging:warning: -1packaging workflow not detected
Maintained:green_circle: 1030 commit(s) and 15 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices:warning: 0no effort to earn an OpenSSF best practices badge detected
Dangerous-Workflow:green_circle: 10no dangerous workflow patterns detected
Security-Policy:green_circle: 10security policy file detected
License:green_circle: 9license file detected
Branch-Protection:green_circle: 8branch protection is not maximal on development and all release branches
Token-Permissions:warning: 0detected GitHub workflow tokens with excessive permissions
Signed-Releases:warning: -1no releases found
Binary-Artifacts:green_circle: 10no binaries found in the repo
Pinned-Dependencies:warning: 2dependency not pinned by hash detected -- score normalized to 2
SAST:warning: 0SAST tool is not run on all commits -- score normalized to 0
Fuzzing:warning: 0project is not fuzzed
Vulnerabilities:green_circle: 100 existing vulnerabilities detected
npm/@rollup/rollup-linux-s390x-gnu 4.27.4 :green_circle: 6
Details
CheckScoreReason
Code-Review:warning: 2Found 7/24 approved changesets -- score normalized to 2
Packaging:warning: -1packaging workflow not detected
Maintained:green_circle: 1030 commit(s) and 15 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices:warning: 0no effort to earn an OpenSSF best practices badge detected
Dangerous-Workflow:green_circle: 10no dangerous workflow patterns detected
Security-Policy:green_circle: 10security policy file detected
License:green_circle: 9license file detected
Branch-Protection:green_circle: 8branch protection is not maximal on development and all release branches
Token-Permissions:warning: 0detected GitHub workflow tokens with excessive permissions
Signed-Releases:warning: -1no releases found
Binary-Artifacts:green_circle: 10no binaries found in the repo
Pinned-Dependencies:warning: 2dependency not pinned by hash detected -- score normalized to 2
SAST:warning: 0SAST tool is not run on all commits -- score normalized to 0
Fuzzing:warning: 0project is not fuzzed
Vulnerabilities:green_circle: 100 existing vulnerabilities detected
npm/@rollup/rollup-linux-x64-gnu 4.27.4 :green_circle: 6
Details
CheckScoreReason
Code-Review:warning: 2Found 7/24 approved changesets -- score normalized to 2
Packaging:warning: -1packaging workflow not detected
Maintained:green_circle: 1030 commit(s) and 15 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices:warning: 0no effort to earn an OpenSSF best practices badge detected
Dangerous-Workflow:green_circle: 10no dangerous workflow patterns detected
Security-Policy:green_circle: 10security policy file detected
License:green_circle: 9license file detected
Branch-Protection:green_circle: 8branch protection is not maximal on development and all release branches
Token-Permissions:warning: 0detected GitHub workflow tokens with excessive permissions
Signed-Releases:warning: -1no releases found
Binary-Artifacts:green_circle: 10no binaries found in the repo
Pinned-Dependencies:warning: 2dependency not pinned by hash detected -- score normalized to 2
SAST:warning: 0SAST tool is not run on all commits -- score normalized to 0
Fuzzing:warning: 0project is not fuzzed
Vulnerabilities:green_circle: 100 existing vulnerabilities detected
npm/@rollup/rollup-linux-x64-musl 4.27.4 :green_circle: 6
Details
CheckScoreReason
Code-Review:warning: 2Found 7/24 approved changesets -- score normalized to 2
Packaging:warning: -1packaging workflow not detected
Maintained:green_circle: 1030 commit(s) and 15 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices:warning: 0no effort to earn an OpenSSF best practices badge detected
Dangerous-Workflow:green_circle: 10no dangerous workflow patterns detected
Security-Policy:green_circle: 10security policy file detected
License:green_circle: 9license file detected
Branch-Protection:green_circle: 8branch protection is not maximal on development and all release branches
Token-Permissions:warning: 0detected GitHub workflow tokens with excessive permissions
Signed-Releases:warning: -1no releases found
Binary-Artifacts:green_circle: 10no binaries found in the repo
Pinned-Dependencies:warning: 2dependency not pinned by hash detected -- score normalized to 2
SAST:warning: 0SAST tool is not run on all commits -- score normalized to 0
Fuzzing:warning: 0project is not fuzzed
Vulnerabilities:green_circle: 100 existing vulnerabilities detected
npm/@rollup/rollup-win32-arm64-msvc 4.27.4 :green_circle: 6
Details
CheckScoreReason
Code-Review:warning: 2Found 7/24 approved changesets -- score normalized to 2
Packaging:warning: -1packaging workflow not detected
Maintained:green_circle: 1030 commit(s) and 15 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices:warning: 0no effort to earn an OpenSSF best practices badge detected
Dangerous-Workflow:green_circle: 10no dangerous workflow patterns detected
Security-Policy:green_circle: 10security policy file detected
License:green_circle: 9license file detected
Branch-Protection:green_circle: 8branch protection is not maximal on development and all release branches
Token-Permissions:warning: 0detected GitHub workflow tokens with excessive permissions
Signed-Releases:warning: -1no releases found
Binary-Artifacts:green_circle: 10no binaries found in the repo
Pinned-Dependencies:warning: 2dependency not pinned by hash detected -- score normalized to 2
SAST:warning: 0SAST tool is not run on all commits -- score normalized to 0
Fuzzing:warning: 0project is not fuzzed
Vulnerabilities:green_circle: 100 existing vulnerabilities detected
npm/@rollup/rollup-win32-ia32-msvc 4.27.4 :green_circle: 6
Details
CheckScoreReason
Code-Review:warning: 2Found 7/24 approved changesets -- score normalized to 2
Packaging:warning: -1packaging workflow not detected
Maintained:green_circle: 1030 commit(s) and 15 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices:warning: 0no effort to earn an OpenSSF best practices badge detected
Dangerous-Workflow:green_circle: 10no dangerous workflow patterns detected
Security-Policy:green_circle: 10security policy file detected
License:green_circle: 9license file detected
Branch-Protection:green_circle: 8branch protection is not maximal on development and all release branches
Token-Permissions:warning: 0detected GitHub workflow tokens with excessive permissions
Signed-Releases:warning: -1no releases found
Binary-Artifacts:green_circle: 10no binaries found in the repo
Pinned-Dependencies:warning: 2dependency not pinned by hash detected -- score normalized to 2
SAST:warning: 0SAST tool is not run on all commits -- score normalized to 0
Fuzzing:warning: 0project is not fuzzed
Vulnerabilities:green_circle: 100 existing vulnerabilities detected
npm/@rollup/rollup-win32-x64-msvc 4.27.4 :green_circle: 6
Details
CheckScoreReason
Code-Review:warning: 2Found 7/24 approved changesets -- score normalized to 2
Packaging:warning: -1packaging workflow not detected
Maintained:green_circle: 1030 commit(s) and 15 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices:warning: 0no effort to earn an OpenSSF best practices badge detected
Dangerous-Workflow:green_circle: 10no dangerous workflow patterns detected
Security-Policy:green_circle: 10security policy file detected
License:green_circle: 9license file detected
Branch-Protection:green_circle: 8branch protection is not maximal on development and all release branches
Token-Permissions:warning: 0detected GitHub workflow tokens with excessive permissions
Signed-Releases:warning: -1no releases found
Binary-Artifacts:green_circle: 10no binaries found in the repo
Pinned-Dependencies:warning: 2dependency not pinned by hash detected -- score normalized to 2
SAST:warning: 0SAST tool is not run on all commits -- score normalized to 0
Fuzzing:warning: 0project is not fuzzed
Vulnerabilities:green_circle: 100 existing vulnerabilities detected
npm/@types/node 22.9.3 :green_circle: 6.9
Details
CheckScoreReason
Code-Review:green_circle: 8Found 24/30 approved changesets -- score normalized to 8
Packaging:warning: -1packaging workflow not detected
Maintained:green_circle: 1030 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices:warning: 0no effort to earn an OpenSSF best practices badge detected
Dangerous-Workflow:green_circle: 10no dangerous workflow patterns detected
Security-Policy:green_circle: 10security policy file detected
Token-Permissions:warning: 0detected GitHub workflow tokens with excessive permissions
License:green_circle: 9license file detected
Signed-Releases:warning: -1no releases found
Branch-Protection:warning: -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Vulnerabilities:green_circle: 100 existing vulnerabilities detected
SAST:warning: 0SAST tool is not run on all commits -- score normalized to 0
Binary-Artifacts:green_circle: 10no binaries found in the repo
Pinned-Dependencies:green_circle: 8dependency not pinned by hash detected -- score normalized to 8
Fuzzing:warning: 0project is not fuzzed
npm/eslint-plugin-playwright 2.1.0 UnknownUnknown
npm/playwright 1.49.0 :green_circle: 6.5
Details
CheckScoreReason
Maintained:green_circle: 1030 commit(s) out of 30 and 6 issue activity out of 30 found in the last 90 days -- score normalized to 10
Code-Review:green_circle: 9GitHub code reviews found for 29 commits out of the last 30 -- score normalized to 9
CII-Best-Practices:warning: 0no badge detected
Vulnerabilities:green_circle: 10no vulnerabilities detected
Signed-Releases:warning: -1no releases found
Security-Policy:green_circle: 10security policy file detected
License:green_circle: 10license file detected
Dangerous-Workflow:green_circle: 10no dangerous workflow patterns detected
Packaging:warning: -1no published package detected
Token-Permissions:warning: 0non read-only tokens detected in GitHub workflows
Binary-Artifacts:green_circle: 6binaries present in source code
Dependency-Update-Tool:green_circle: 10update tool detected
Fuzzing:warning: 0project is not fuzzed
Pinned-Dependencies:warning: 0dependency not pinned by hash detected -- score normalized to 0
Branch-Protection:green_circle: 3branch protection is not maximal on development and all release branches
npm/playwright-core 1.49.0 :green_circle: 6.5
Details
CheckScoreReason
Maintained:green_circle: 1030 commit(s) out of 30 and 6 issue activity out of 30 found in the last 90 days -- score normalized to 10
Code-Review:green_circle: 9GitHub code reviews found for 29 commits out of the last 30 -- score normalized to 9
CII-Best-Practices:warning: 0no badge detected
Vulnerabilities:green_circle: 10no vulnerabilities detected
Signed-Releases:warning: -1no releases found
Security-Policy:green_circle: 10security policy file detected
License:green_circle: 10license file detected
Dangerous-Workflow:green_circle: 10no dangerous workflow patterns detected
Packaging:warning: -1no published package detected
Token-Permissions:warning: 0non read-only tokens detected in GitHub workflows
Binary-Artifacts:green_circle: 6binaries present in source code
Dependency-Update-Tool:green_circle: 10update tool detected
Fuzzing:warning: 0project is not fuzzed
Pinned-Dependencies:warning: 0dependency not pinned by hash detected -- score normalized to 0
Branch-Protection:green_circle: 3branch protection is not maximal on development and all release branches
npm/rollup 4.27.4 :green_circle: 6
Details
CheckScoreReason
Code-Review:warning: 2Found 7/24 approved changesets -- score normalized to 2
Packaging:warning: -1packaging workflow not detected
Maintained:green_circle: 1030 commit(s) and 15 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices:warning: 0no effort to earn an OpenSSF best practices badge detected
Dangerous-Workflow:green_circle: 10no dangerous workflow patterns detected
Security-Policy:green_circle: 10security policy file detected
License:green_circle: 9license file detected
Branch-Protection:green_circle: 8branch protection is not maximal on development and all release branches
Token-Permissions:warning: 0detected GitHub workflow tokens with excessive permissions
Signed-Releases:warning: -1no releases found
Binary-Artifacts:green_circle: 10no binaries found in the repo
Pinned-Dependencies:warning: 2dependency not pinned by hash detected -- score normalized to 2
SAST:warning: 0SAST tool is not run on all commits -- score normalized to 0
Fuzzing:warning: 0project is not fuzzed
Vulnerabilities:green_circle: 100 existing vulnerabilities detected
npm/typescript 5.7.2 :green_circle: 8.5
Details
CheckScoreReason
Binary-Artifacts:green_circle: 10no binaries found in the repo
Branch-Protection:warning: -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
CI-Tests:green_circle: 1030 out of 30 merged PRs checked by a CI test -- score normalized to 10
CII-Best-Practices:warning: 0no effort to earn an OpenSSF best practices badge detected
Code-Review:green_circle: 10all changesets reviewed
Contributors:green_circle: 10project has 35 contributing companies or organizations
Dangerous-Workflow:green_circle: 10no dangerous workflow patterns detected
Dependency-Update-Tool:green_circle: 10update tool detected
Fuzzing:green_circle: 10project is fuzzed
License:green_circle: 10license file detected
Maintained:green_circle: 1030 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 10
Packaging:warning: -1packaging workflow not detected
Pinned-Dependencies:green_circle: 6dependency not pinned by hash detected -- score normalized to 6
SAST:green_circle: 10SAST tool is run on all commits
Security-Policy:green_circle: 10security policy file detected
Signed-Releases:warning: 0Project has not signed or included provenance with any releases.
Token-Permissions:green_circle: 10GitHub workflow tokens follow principle of least privilege
Vulnerabilities:green_circle: 82 existing vulnerabilities detected

Scanned Files