Bump the production-dependencies group across 1 directory with 6 updates

[dependabot]

Bumps the production-dependencies group with 6 updates in the /backend directory:

Package	From	To
cron	3.2.1	3.3.2
dotenv	16.4.5	16.4.7
eventsource	2.0.2	3.0.2
express-rate-limit	7.4.1	7.5.0
mysql2	3.11.4	3.12.0
octokit	4.0.2	4.0.3

Updates cron from 3.2.1 to 3.3.2

Release notes

Sourced from cron's releases.

v3.3.2

3.3.2 (2024-12-30)

🐛 Bug Fixes

• fix infinite loop on expressions resolving only inside a DST forward jump (#938) (efb8df5), closes kelektiv/node-cron#667 #919 #919

⚙️ Continuous Integrations

• action: update marocchino/sticky-pull-request-comment action to v2.9.0 (#930) (1e7bce9)
• renovate: pin GitHub action digests to semver (#926) (6541167)

♻️ Chores

• deps: lock file maintenance (70c3339)
• deps: lock file maintenance (afad454)
• deps: lock file maintenance (b1dbf69)
• deps: pin dependencies (#915) (dfcbd3c)
• deps: update dependency @​commitlint/cli to v19.6.1 (7999427)
• deps: update dependency @​semantic-release/release-notes-generator to v14.0.2 (93c9373)
• deps: update dependency @​types/node to v20.17.10 (9313ffd)
• deps: update dependency lint-staged to v15.2.11 (100c9ff)

v3.3.2-beta.1

3.3.2-beta.1 (2024-12-27)

🐛 Bug Fixes

• attempt to fix #805 (187dbe5)

⚙️ Continuous Integrations

• action: update marocchino/sticky-pull-request-comment action to v2.9.0 (#930) (1e7bce9)
• renovate: pin GitHub action digests to semver (#926) (6541167)

♻️ Chores

• deps: lock file maintenance (afad454)
• deps: lock file maintenance (b1dbf69)
• deps: pin dependencies (#915) (dfcbd3c)
• deps: update dependency @​commitlint/cli to v19.6.1 (7999427)
• deps: update dependency @​semantic-release/release-notes-generator to v14.0.2 (93c9373)
• deps: update dependency @​types/node to v20.17.10 (9313ffd)
• deps: update dependency lint-staged to v15.2.11 (100c9ff)

v3.3.1

3.3.1 (2024-12-12)

🐛 Bug Fixes

... (truncated)

Changelog

Sourced from cron's changelog.

3.3.2 (2024-12-30)

🐛 Bug Fixes

• fix infinite loop on expressions resolving only inside a DST forward jump (#938) (efb8df5), closes kelektiv/node-cron#667 #919 #919

⚙️ Continuous Integrations

• action: update marocchino/sticky-pull-request-comment action to v2.9.0 (#930) (1e7bce9)
• renovate: pin GitHub action digests to semver (#926) (6541167)

♻️ Chores

• deps: lock file maintenance (70c3339)
• deps: lock file maintenance (afad454)
• deps: lock file maintenance (b1dbf69)
• deps: pin dependencies (#915) (dfcbd3c)
• deps: update dependency @​commitlint/cli to v19.6.1 (7999427)
• deps: update dependency @​semantic-release/release-notes-generator to v14.0.2 (93c9373)
• deps: update dependency @​types/node to v20.17.10 (9313ffd)
• deps: update dependency lint-staged to v15.2.11 (100c9ff)

3.3.1 (2024-12-12)

🐛 Bug Fixes

• correct waitForCompletion behavior (#924) (f6270f8), closes #923 #923 #894

3.3.0 (2024-12-10)

✨ Features

• support async handling and add CronJob status tracking (#894) (b58fb6b), closes #713 #556

⚙️ Continuous Integrations

• action: update github/codeql-action action to v3.27.2 (#912) (d11ba30)
• action: update github/codeql-action action to v3.27.5 (#917) (2a4035e)
• action: update step-security/harden-runner action to v2.10.2 (#920) (26a8f9f)
• add pre-commit hook to lint and prettify (#911) (e1140d1), closes #907

♻️ Chores

• deps: lock file maintenance (94465ae)
• deps: lock file maintenance (23d67a4)
• deps: lock file maintenance (135fdf7)
• deps: lock file maintenance (edcff3b)
• deps: pin dependency lint-staged to 15.2.10 (#916) (5cf24da)
• deps: update dependency @​commitlint/cli to v19.6.0 (9d9ab94)
• deps: update dependency @​types/node to v20.17.7 (9181b6a)

... (truncated)

Commits

• 7ed34cb Release v3.3.2 [skip ci]
• efb8df5 fix: fix infinite loop on expressions resolving only inside a DST forward jum...
• 70c3339 chore(deps): lock file maintenance
• dfcbd3c chore(deps): pin dependencies (#915)
• afad454 chore(deps): lock file maintenance
• 93c9373 chore(deps): update dependency @​semantic-release/release-notes-generator to v...
• 7999427 chore(deps): update dependency @​commitlint/cli to v19.6.1
• 1e7bce9 ci(action): update marocchino/sticky-pull-request-comment action to v2.9.0 (#...
• b1dbf69 chore(deps): lock file maintenance
• 6541167 ci(renovate): pin GitHub action digests to semver (#926)
• Additional commits viewable in compare view

Updates dotenv from 16.4.5 to 16.4.7

Changelog

Sourced from dotenv's changelog.

16.4.7 (2024-12-03)

Changed

• Ignore .tap folder when publishing. (oops, sorry about that everyone. - @​motdotla) #848

16.4.6 (2024-12-02)

Changed

• Clean up stale dev dependencies #847
• Various README updates clarifying usage and alternative solutions using dotenvx

Commits

• a338d68 16.4.7
• daf3e3d changelog 🪵
• fb74f68 Merge pull request #848 from Spice-King/patch-1
• fe87ba2 Add .tap to .npmignore
• 0c9f764 16.4.6
• fd5f26b changelog 🪵
• bb19b6b Merge pull request #847 from motdotla/deps-updates
• 2f4e36b further dev dependency cleanup
• c2fdd01 send to codecov
• 6707487 add test coverage
• Additional commits viewable in compare view

Updates eventsource from 2.0.2 to 3.0.2

Release notes

Sourced from eventsource's releases.

v3.0.2

3.0.2 (2024-12-13)

Bug Fixes

• reference possibly missing event typings (d3b6849)

---

This release is also available on:

• npm package (@​latest dist-tag)

v3.0.1

3.0.1 (2024-12-07)

Bug Fixes

• run build prior to publishing (f86df19)

---

This release is also available on:

• npm package (@​latest dist-tag)

v3.0.0

3.0.0 (2024-12-07)

⚠ BREAKING CHANGES

• Drop support for Node.js versions below v18
• The module now uses a named export instead of a default export.
• UMD bundle dropped. Use a bundler.
• headers in init dict dropped, pass a custom fetch function instead.
• HTTP/HTTPS proxy support dropped. Pass a custom fetch function instead.
• https.* options dropped. Pass a custom fetch function that provides an agent/dispatcher instead.
• New default reconnect delay: 3 seconds instead of 1 second.
• Reconnecting after a redirect will now always use the original URL, even if the status code was HTTP 307.

Features

• modernize - use fetch, WebStreams, TypeScript, ESM (#330) (40655f7)

Bug Fixes

• dispatchEvent now emits entire event object (eb430c0)
• empty options no longer disable certificate checks (372d387)

---

This release is also available on:

• npm package (@​latest dist-tag)

Changelog

Sourced from eventsource's changelog.

3.0.2 (2024-12-13)

Bug Fixes

• reference possibly missing event typings (d3b6849)

3.0.1 (2024-12-07)

Bug Fixes

• run build prior to publishing (f86df19)

3.0.0 (2024-12-07)

⚠ BREAKING CHANGES

• Drop support for Node.js versions below v18
• The module now uses a named export instead of a default export.
• UMD bundle dropped. Use a bundler.
• headers in init dict dropped, pass a custom fetch function instead.
• HTTP/HTTPS proxy support dropped. Pass a custom fetch function instead.
• https.* options dropped. Pass a custom fetch function that provides an agent/dispatcher instead.
• New default reconnect delay: 3 seconds instead of 1 second.
• Reconnecting after a redirect will now always use the original URL, even if the status code was HTTP 307.

Features

• modernize - use fetch, WebStreams, TypeScript, ESM (#330) (40655f7)

Bug Fixes

• dispatchEvent now emits entire event object (eb430c0)
• empty options no longer disable certificate checks (372d387)

Commits

• 5e08e28 chore(release): 3.0.2 [skip ci]
• d3b6849 fix: reference possibly missing event typings
• 101028d ci: introduce renovatebot
• 84c7c63 ci: remove dependabot (replace with renovate)
• bcf0945 test: ensure target is set to EventSource instance
• eddb83c ci: update bun lockfile
• 2979b39 ci: remove unnecessary build step
• f1b5ff7 chore(release): 3.0.1 [skip ci]
• f86df19 fix: run build prior to publishing
• f7483f4 chore(release): 3.0.0 [skip ci]
• Additional commits viewable in compare view

Updates express-rate-limit from 7.4.1 to 7.5.0

Release notes

Sourced from express-rate-limit's releases.

v7.5.0

Added

• Implemented the combined RateLimit header according to the eighth draft of the IETF RateLimit header specificiation. Enable by setting standardHeaders: 'draft-8'.
• Added a new identifier option, used as the name for the quota policy in the draft-8 headers.
• Added a new headersDraftVersion validation check to identifies cases where an unsupported version string is passed to the standardHeaders option.

---

You can view the full changelog here.

Commits

• fe46b43 7.5.0
• 919bb8a docs: add changelog for v7.5.0
• 69a1c20 feat(headers): implement ietf draft-8 (#486)
• 413995b build(deps): bump cookie, express and socket.io (#483)
• See full diff in compare view

Updates mysql2 from 3.11.4 to 3.12.0

Release notes

Sourced from mysql2's releases.

v3.12.0

3.12.0 (2024-12-23)

Features

• PoolCluster: restoreNodeTimeout implementation (#3218) (9a38601)

v3.11.5

3.11.5 (2024-11-28)

Bug Fixes

• fix datetime fields returned without time part when time is 00:00:00 (#3204) (bded498)
• resolve circular dependencies (#3081) (d5a76e6)
• Deno v2 requires commonjs type explicitly (#3209) (cdc9415)

Changelog

Sourced from mysql2's changelog.

3.12.0 (2024-12-23)

Features

• PoolCluster: restoreNodeTimeout implementation (#3218) (9a38601)

3.11.5 (2024-11-28)

Bug Fixes

• 1040 datetime fields returned without time part when time is 00:00:00 (#3204) (bded498)
• circular dependencies (#3081) (d5a76e6)
• Deno v2 requires commonjs type explicitly (#3209) (cdc9415)

Commits

• 646ac6d chore(master): release 3.12.0 (#3268)
• e455b6b build(deps): bump lucide-react from 0.468.0 to 0.469.0 in /website (#3289)
• e3f5145 build(deps): bump sass from 1.82.0 to 1.83.0 in /website (#3284)
• 04f8dab build(deps): bump prism-react-renderer from 2.4.0 to 2.4.1 in /website (#3282)
• d97f80a build(deps-dev): bump @​types/node from 22.10.1 to 22.10.2 in /website (#3281)
• 0a022ab build(deps-dev): bump c8 from 10.1.2 to 10.1.3 (#3278)
• 29c8c85 build(deps-dev): bump lint-staged from 15.2.10 to 15.2.11 (#3277)
• 6eaa468 build(deps-dev): bump @​types/node from 22.10.1 to 22.10.2 (#3276)
• 605fa04 build(deps): bump lucide-react from 0.467.0 to 0.468.0 in /website (#3272)
• e60a584 build(deps-dev): bump eslint-plugin-react-hooks in /website (#3271)
• Additional commits viewable in compare view

Updates octokit from 4.0.2 to 4.0.3

Release notes

Sourced from octokit's releases.

v4.0.3

4.0.3 (2024-12-29)

Bug Fixes

• deps: bump @octokit/app and @octokit/types (#2763) (33d03d9)

Commits

• 33d03d9 fix(deps): bump @octokit/app and @octokit/types (#2763)
• 5c855e9 build(deps): lock file maintenance (#2780)
• 421dca6 build(deps): lock file maintenance (#2774)
• ababbba chore(deps): update dependency prettier to v3.4.2 (#2770)
• a9dac02 build(deps): lock file maintenance (#2771)
• 102cac6 build(deps): lock file maintenance (#2768)
• 06d49b2 chore(deps): update dependency prettier to v3.4.1 (#2766)
• 72f61d5 build(deps): lock file maintenance (#2764)
• 743a850 chore(deps): update dependency prettier to v3.4.0 (#2765)
• 60b50bd build(deps): lock file maintenance (#2760)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[github-actions]

Dependency Review

The following issues were found:

• ✅ 0 vulnerable package(s)
• ✅ 0 package(s) with incompatible licenses
• ✅ 0 package(s) with invalid SPDX license definitions
• ⚠️ 1 package(s) with unknown licenses.

See the Details below.

License Issues

backend/package.json

Package	Version	License	Issue Type
express-rate-limit	^7.5.0	Null	Unknown License

OpenSSF Scorecard

Scorecard details

Package	Version	Score	Details
npm/@octokit/app	15.1.1	🟢 6.6	Details Check Score Reason Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Security-Policy 🟢 9 security policy file detected Maintained 🟢 6 8 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 6 Binary-Artifacts 🟢 10 no binaries found in the repo Code-Review 🟢 10 all changesets reviewed Pinned-Dependencies 🟢 6 dependency not pinned by hash detected -- score normalized to 6 Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Fuzzing ⚠️ 0 project is not fuzzed Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Packaging 🟢 10 packaging workflow detected SAST 🟢 10 SAST tool is run on all commits Vulnerabilities ⚠️ 2 8 existing vulnerabilities detected
npm/@octokit/oauth-app	7.1.4	🟢 7.7	Details Check Score Reason Code-Review 🟢 10 all changesets reviewed Binary-Artifacts 🟢 10 no binaries found in the repo Security-Policy 🟢 9 security policy file detected Maintained 🟢 10 19 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Pinned-Dependencies 🟢 5 dependency not pinned by hash detected -- score normalized to 5 License 🟢 10 license file detected Fuzzing ⚠️ 0 project is not fuzzed Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Packaging 🟢 10 packaging workflow detected SAST 🟢 10 SAST tool is run on all commits Vulnerabilities 🟢 10 0 existing vulnerabilities detected
npm/@octokit/openapi-webhooks-types	8.5.1	Unknown	Unknown
npm/@octokit/plugin-paginate-rest	11.3.6	🟢 7.2	Details Check Score Reason Code-Review 🟢 10 all changesets reviewed Maintained 🟢 8 10 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 8 Security-Policy 🟢 9 security policy file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Binary-Artifacts 🟢 10 no binaries found in the repo CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions License 🟢 10 license file detected Fuzzing ⚠️ 0 project is not fuzzed Pinned-Dependencies 🟢 4 dependency not pinned by hash detected -- score normalized to 4 Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Signed-Releases ⚠️ -1 no releases found Packaging 🟢 10 packaging workflow detected SAST 🟢 10 SAST tool is run on all commits Vulnerabilities 🟢 8 2 existing vulnerabilities detected
npm/@octokit/types	13.6.2	🟢 7	Details Check Score Reason Maintained 🟢 6 6 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 6 Security-Policy 🟢 9 security policy file detected Code-Review 🟢 10 all changesets reviewed Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Binary-Artifacts 🟢 10 no binaries found in the repo CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Pinned-Dependencies 🟢 3 dependency not pinned by hash detected -- score normalized to 3 License 🟢 10 license file detected Fuzzing ⚠️ 0 project is not fuzzed Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Signed-Releases ⚠️ -1 no releases found Packaging 🟢 10 packaging workflow detected SAST 🟢 10 SAST tool is run on all commits Vulnerabilities 🟢 8 2 existing vulnerabilities detected
npm/@octokit/webhooks	13.4.1	🟢 7.4	Details Check Score Reason Code-Review ⚠️ -1 Found no human activity in the last 30 changesets Binary-Artifacts 🟢 10 no binaries found in the repo Security-Policy 🟢 9 security policy file detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Maintained 🟢 10 19 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 10 Pinned-Dependencies 🟢 5 dependency not pinned by hash detected -- score normalized to 5 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Fuzzing ⚠️ 0 project is not fuzzed Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Packaging 🟢 10 packaging workflow detected SAST 🟢 10 SAST tool is run on all commits Vulnerabilities 🟢 10 0 existing vulnerabilities detected
npm/@types/aws-lambda	8.10.146	🟢 6.9	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 4 issue activity found in the last 90 days -- score normalized to 10 Code-Review 🟢 8 Found 26/29 approved changesets -- score normalized to 8 Packaging ⚠️ -1 packaging workflow not detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 9 license file detected Security-Policy 🟢 10 security policy file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Vulnerabilities 🟢 10 0 existing vulnerabilities detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies 🟢 8 dependency not pinned by hash detected -- score normalized to 8 Fuzzing ⚠️ 0 project is not fuzzed
npm/cron	3.3.2	🟢 7.6	Details Check Score Reason Binary-Artifacts 🟢 10 no binaries found in the repo Branch-Protection ⚠️ 1 branch protection is not maximal on development and all release branches CI-Tests 🟢 10 10 out of 10 merged PRs checked by a CI test -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Code-Review ⚠️ 1 Found 4/25 approved changesets -- score normalized to 1 Contributors 🟢 10 project has 11 contributing companies or organizations Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Dependency-Update-Tool 🟢 10 update tool detected Fuzzing 🟢 10 project is fuzzed License 🟢 10 license file detected Maintained 🟢 10 30 commit(s) and 19 issue activity found in the last 90 days -- score normalized to 10 Packaging 🟢 10 packaging workflow detected Pinned-Dependencies 🟢 10 all dependencies are pinned SAST 🟢 10 SAST tool is run on all commits Security-Policy 🟢 10 security policy file detected Signed-Releases ⚠️ -1 no releases found Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Vulnerabilities 🟢 10 0 existing vulnerabilities detected
npm/dotenv	16.4.7	🟢 4.7	Details Check Score Reason Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Code-Review 🟢 3 Found 5/15 approved changesets -- score normalized to 3 Maintained 🟢 10 21 commit(s) and 7 issue activity found in the last 90 days -- score normalized to 10 Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy ⚠️ 0 security policy file not detected License 🟢 10 license file detected Fuzzing ⚠️ 0 project is not fuzzed Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Signed-Releases ⚠️ -1 no releases found SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Vulnerabilities 🟢 10 0 existing vulnerabilities detected
npm/eventsource	3.0.2	🟢 5.1	Details Check Score Reason Maintained 🟢 10 23 commit(s) and 25 issue activity found in the last 90 days -- score normalized to 10 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Code-Review ⚠️ 0 Found 2/29 approved changesets -- score normalized to 0 Binary-Artifacts 🟢 10 no binaries found in the repo Security-Policy 🟢 10 security policy file detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Pinned-Dependencies 🟢 5 dependency not pinned by hash detected -- score normalized to 5 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Signed-Releases ⚠️ 0 Project has not signed or included provenance with any releases. Packaging 🟢 10 packaging workflow detected Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Vulnerabilities 🟢 10 0 existing vulnerabilities detected
npm/eventsource-parser	3.0.0	Unknown	Unknown
npm/express-rate-limit	7.5.0	Unknown	Unknown
npm/mysql2	3.12.0	🟢 6.4	Details Check Score Reason Security-Policy 🟢 10 security policy file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Maintained 🟢 10 30 commit(s) and 8 issue activity found in the last 90 days -- score normalized to 10 Code-Review 🟢 5 Found 1/2 approved changesets -- score normalized to 5 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Binary-Artifacts 🟢 10 no binaries found in the repo Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions License 🟢 10 license file detected Pinned-Dependencies 🟢 4 dependency not pinned by hash detected -- score normalized to 4 Fuzzing ⚠️ 0 project is not fuzzed Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Packaging 🟢 10 packaging workflow detected SAST 🟢 9 SAST tool detected but not run on all commits Vulnerabilities 🟢 9 1 existing vulnerabilities detected
npm/octokit	4.0.3	🟢 7.6	Details Check Score Reason Code-Review 🟢 10 all changesets reviewed Maintained 🟢 10 17 commit(s) and 9 issue activity found in the last 90 days -- score normalized to 10 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Security-Policy 🟢 9 security policy file detected Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies 🟢 4 dependency not pinned by hash detected -- score normalized to 4 Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Fuzzing ⚠️ 0 project is not fuzzed Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Packaging 🟢 10 packaging workflow detected SAST 🟢 10 SAST tool is run on all commits Vulnerabilities 🟢 10 0 existing vulnerabilities detected
npm/cron	^3.3.2	🟢 7.6	Details Check Score Reason Binary-Artifacts 🟢 10 no binaries found in the repo Branch-Protection ⚠️ 1 branch protection is not maximal on development and all release branches CI-Tests 🟢 10 10 out of 10 merged PRs checked by a CI test -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Code-Review ⚠️ 1 Found 4/25 approved changesets -- score normalized to 1 Contributors 🟢 10 project has 11 contributing companies or organizations Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Dependency-Update-Tool 🟢 10 update tool detected Fuzzing 🟢 10 project is fuzzed License 🟢 10 license file detected Maintained 🟢 10 30 commit(s) and 19 issue activity found in the last 90 days -- score normalized to 10 Packaging 🟢 10 packaging workflow detected Pinned-Dependencies 🟢 10 all dependencies are pinned SAST 🟢 10 SAST tool is run on all commits Security-Policy 🟢 10 security policy file detected Signed-Releases ⚠️ -1 no releases found Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Vulnerabilities 🟢 10 0 existing vulnerabilities detected
npm/dotenv	^16.4.7	🟢 4.7	Details Check Score Reason Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Code-Review 🟢 3 Found 5/15 approved changesets -- score normalized to 3 Maintained 🟢 10 21 commit(s) and 7 issue activity found in the last 90 days -- score normalized to 10 Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy ⚠️ 0 security policy file not detected License 🟢 10 license file detected Fuzzing ⚠️ 0 project is not fuzzed Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Signed-Releases ⚠️ -1 no releases found SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Vulnerabilities 🟢 10 0 existing vulnerabilities detected
npm/eventsource	^3.0.2	🟢 5.1	Details Check Score Reason Maintained 🟢 10 23 commit(s) and 25 issue activity found in the last 90 days -- score normalized to 10 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Code-Review ⚠️ 0 Found 2/29 approved changesets -- score normalized to 0 Binary-Artifacts 🟢 10 no binaries found in the repo Security-Policy 🟢 10 security policy file detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Pinned-Dependencies 🟢 5 dependency not pinned by hash detected -- score normalized to 5 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Signed-Releases ⚠️ 0 Project has not signed or included provenance with any releases. Packaging 🟢 10 packaging workflow detected Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Vulnerabilities 🟢 10 0 existing vulnerabilities detected
npm/express-rate-limit	^7.5.0	Unknown	Unknown
npm/mysql2	^3.12.0	🟢 6.4	Details Check Score Reason Security-Policy 🟢 10 security policy file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Maintained 🟢 10 30 commit(s) and 8 issue activity found in the last 90 days -- score normalized to 10 Code-Review 🟢 5 Found 1/2 approved changesets -- score normalized to 5 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Binary-Artifacts 🟢 10 no binaries found in the repo Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions License 🟢 10 license file detected Pinned-Dependencies 🟢 4 dependency not pinned by hash detected -- score normalized to 4 Fuzzing ⚠️ 0 project is not fuzzed Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Packaging 🟢 10 packaging workflow detected SAST 🟢 9 SAST tool detected but not run on all commits Vulnerabilities 🟢 9 1 existing vulnerabilities detected
npm/octokit	^4.0.3	🟢 7.6	Details Check Score Reason Code-Review 🟢 10 all changesets reviewed Maintained 🟢 10 17 commit(s) and 9 issue activity found in the last 90 days -- score normalized to 10 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Security-Policy 🟢 9 security policy file detected Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies 🟢 4 dependency not pinned by hash detected -- score normalized to 4 Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Fuzzing ⚠️ 0 project is not fuzzed Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Packaging 🟢 10 packaging workflow detected SAST 🟢 10 SAST tool is run on all commits Vulnerabilities 🟢 10 0 existing vulnerabilities detected

Scanned Files

• backend/package-lock.json
• backend/package.json

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.