Bump the development-dependencies group in /frontend with 3 updates

[dependabot]

Bumps the development-dependencies group in /frontend with 3 updates: eslint, typescript and typescript-eslint.

Updates eslint from 9.23.0 to 9.24.0

Release notes

Sourced from eslint's releases.

v9.24.0

Features

• 556c25b feat: support loading TS config files using --experimental-strip-types (#19401) (Arya Emami)
• 72650ac feat: support TS syntax in init-declarations (#19540) (Nitin Kumar)
• 03fb0bc feat: normalize patterns to handle "./" prefix in files and ignores (#19568) (Pixel998)
• 071dcd3 feat: support TS syntax in no-dupe-class-members (#19558) (Nitin Kumar)
• cd72bcc feat: Introduce a way to suppress violations (#19159) (Iacovos Constantinou)
• 2a81578 feat: support TS syntax in no-loss-of-precision (#19560) (Nitin Kumar)
• 30ae4ed feat: add new options to class-methods-use-this (#19527) (sethamus)
• b79ade6 feat: support TypeScript syntax in no-array-constructor (#19493) (Tanuj Kanti)

Bug Fixes

• b23d1c5 fix: deduplicate variable names in no-loop-func error messages (#19595) (Nitin Kumar)
• fb8cdb8 fix: use any[] type for context.options (#19584) (Francesco Trotta)

Documentation

• f857820 docs: update documentation for --experimental-strip-types (#19594) (Nikolas Schröter)
• 803e4af docs: simplify gitignore path handling in includeIgnoreFile section (#19596) (Thomas Broyer)
• 6d979cc docs: Update README (GitHub Actions Bot)
• 82177e4 docs: Update README (GitHub Actions Bot)
• e849dc0 docs: replace existing var with const (#19578) (Sweta Tanwar)
• 0c65c62 docs: don't pass filename when linting rule examples (#19571) (Milos Djermanovic)
• 6be36c9 docs: Update custom-rules.md code example of fixer (#19555) (Yifan Pan)

Build Related

• 366e369 build: re-enable Prettier formatting for package.json files (#19569) (Francesco Trotta)

Chores

• ef67420 chore: upgrade @​eslint/js@​9.24.0 (#19602) (Milos Djermanovic)
• 4946847 chore: package.json update for @​eslint/js release (Jenkins)
• a995acb chore: correct 'flter'/'filter' typo in package script (#19587) (Josh Goldberg ✨)
• b9a5efa test: skip symlink test on Windows (#19503) (fisker Cheung)
• 46eea6d chore: remove Rule & FormatterFunction from shared/types.js (#19556) (Nitin Kumar)
• bdcc91d chore: modify .editorconfig to keep parity with prettier config (#19577) (Sweta Tanwar)
• 7790d83 chore: fix some typos in comment (#19576) (todaymoon)
• 76064a6 test: ignore package-lock.json for eslint-webpack-plugin (#19572) (Francesco Trotta)

Changelog

Sourced from eslint's changelog.

v9.24.0 - April 4, 2025

• ef67420 chore: upgrade @​eslint/js@​9.24.0 (#19602) (Milos Djermanovic)
• 4946847 chore: package.json update for @​eslint/js release (Jenkins)
• f857820 docs: update documentation for --experimental-strip-types (#19594) (Nikolas Schröter)
• 803e4af docs: simplify gitignore path handling in includeIgnoreFile section (#19596) (Thomas Broyer)
• 6d979cc docs: Update README (GitHub Actions Bot)
• b23d1c5 fix: deduplicate variable names in no-loop-func error messages (#19595) (Nitin Kumar)
• 556c25b feat: support loading TS config files using --experimental-strip-types (#19401) (Arya Emami)
• 82177e4 docs: Update README (GitHub Actions Bot)
• a995acb chore: correct 'flter'/'filter' typo in package script (#19587) (Josh Goldberg ✨)
• 72650ac feat: support TS syntax in init-declarations (#19540) (Nitin Kumar)
• 03fb0bc feat: normalize patterns to handle "./" prefix in files and ignores (#19568) (Pixel998)
• b9a5efa test: skip symlink test on Windows (#19503) (fisker Cheung)
• 46eea6d chore: remove Rule & FormatterFunction from shared/types.js (#19556) (Nitin Kumar)
• fb8cdb8 fix: use any[] type for context.options (#19584) (Francesco Trotta)
• 071dcd3 feat: support TS syntax in no-dupe-class-members (#19558) (Nitin Kumar)
• e849dc0 docs: replace existing var with const (#19578) (Sweta Tanwar)
• bdcc91d chore: modify .editorconfig to keep parity with prettier config (#19577) (Sweta Tanwar)
• 7790d83 chore: fix some typos in comment (#19576) (todaymoon)
• cd72bcc feat: Introduce a way to suppress violations (#19159) (Iacovos Constantinou)
• 2a81578 feat: support TS syntax in no-loss-of-precision (#19560) (Nitin Kumar)
• 366e369 build: re-enable Prettier formatting for package.json files (#19569) (Francesco Trotta)
• 30ae4ed feat: add new options to class-methods-use-this (#19527) (sethamus)
• b79ade6 feat: support TypeScript syntax in no-array-constructor (#19493) (Tanuj Kanti)
• 0c65c62 docs: don't pass filename when linting rule examples (#19571) (Milos Djermanovic)
• 76064a6 test: ignore package-lock.json for eslint-webpack-plugin (#19572) (Francesco Trotta)
• 6be36c9 docs: Update custom-rules.md code example of fixer (#19555) (Yifan Pan)

Commits

• d49f5b7 9.24.0
• 9b6ed8a Build: changelog update for 9.24.0
• ef67420 chore: upgrade @​eslint/js@​9.24.0 (#19602)
• 4946847 chore: package.json update for @​eslint/js release
• f857820 docs: update documentation for --experimental-strip-types (#19594)
• 803e4af docs: simplify gitignore path handling in includeIgnoreFile section (#19596)
• 6d979cc docs: Update README
• b23d1c5 fix: deduplicate variable names in no-loop-func error messages (#19595)
• 556c25b feat: support loading TS config files using --experimental-strip-types (#19...
• 82177e4 docs: Update README
• Additional commits viewable in compare view

Updates typescript from 5.8.2 to 5.8.3

Commits

• See full diff in compare view

Updates typescript-eslint from 8.28.0 to 8.29.1

Release notes

Sourced from typescript-eslint's releases.

v8.29.1

8.29.1 (2025-04-07)

🩹 Fixes

• eslint-plugin: [no-deprecated] report on deprecated imported variable used as property (#10998)
• typescript-estree: use token type of Numeric instead of Identifier for bigint literals (#11021)

❤️ Thank You

• Ronen Amiel

You can read about our versioning strategy and releases on our website.

v8.29.0

8.29.0 (2025-03-31)

🚀 Features

• eslint-plugin: [prefer-nullish-coalescing] create ignoreIfStatements option (#11000)

🩹 Fixes

• eslint-plugin: [no-unnecessary-condition] don't report on unnecessary optional array index access when noUncheckedIndexedAccess is enabled (#10961)
• eslint-plugin: [use-unknown-in-catch-callback-variable] remove fixable property (#10993)
• eslint-plugin: [prefer-for-of] fix false positive when using erasable type syntax within update expressions (#10981)
• eslint-plugin: support arbitrary extensions in definition files (#10957)
• eslint-plugin: [no-array-constructor] remove optional chaining exemption (#10963)

❤️ Thank You

• Dima Barabash @​dbarabashh
• Kim Sang Du @​developer-bandi
• Olivier Zalmanski @​OlivierZal
• Ronen Amiel
• Yannick Decat @​mho22
• zyoshoka @​zyoshoka

You can read about our versioning strategy and releases on our website.

Changelog

Sourced from typescript-eslint's changelog.

8.29.1 (2025-04-07)

This was a version bump only for typescript-eslint to align it with other projects, there were no code changes.

You can read about our versioning strategy and releases on our website.

8.29.0 (2025-03-31)

This was a version bump only for typescript-eslint to align it with other projects, there were no code changes.

You can read about our versioning strategy and releases on our website.

Commits

• ef7e6de chore(release): publish 8.29.1
• 3dd1835 chore(release): publish 8.29.0
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[github-actions]

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

Scorecard details

Package	Version	Score	Details
npm/@eslint/config-array	0.20.0	Unknown	Unknown
npm/@eslint/js	9.24.0	🟢 7	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 22 issue activity found in the last 90 days -- score normalized to 10 Code-Review 🟢 8 Found 24/29 approved changesets -- score normalized to 8 Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions License 🟢 10 license file detected Vulnerabilities 🟢 10 0 existing vulnerabilities detected Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Signed-Releases ⚠️ -1 no releases found Security-Policy 🟢 10 security policy file detected Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed SAST 🟢 10 SAST tool is run on all commits
npm/@typescript-eslint/eslint-plugin	8.29.1	🟢 5.2	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 22 issue activity found in the last 90 days -- score normalized to 10 Code-Review 🟢 7 Found 19/25 approved changesets -- score normalized to 7 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected License 🟢 10 license file detected Security-Policy 🟢 10 security policy file detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Signed-Releases ⚠️ -1 no releases found Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Vulnerabilities ⚠️ 0 34 existing vulnerabilities detected
npm/@typescript-eslint/parser	8.29.1	🟢 5.2	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 22 issue activity found in the last 90 days -- score normalized to 10 Code-Review 🟢 7 Found 19/25 approved changesets -- score normalized to 7 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected License 🟢 10 license file detected Security-Policy 🟢 10 security policy file detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Signed-Releases ⚠️ -1 no releases found Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Vulnerabilities ⚠️ 0 34 existing vulnerabilities detected
npm/@typescript-eslint/scope-manager	8.29.1	🟢 5.2	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 22 issue activity found in the last 90 days -- score normalized to 10 Code-Review 🟢 7 Found 19/25 approved changesets -- score normalized to 7 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected License 🟢 10 license file detected Security-Policy 🟢 10 security policy file detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Signed-Releases ⚠️ -1 no releases found Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Vulnerabilities ⚠️ 0 34 existing vulnerabilities detected
npm/@typescript-eslint/type-utils	8.29.1	🟢 5.2	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 22 issue activity found in the last 90 days -- score normalized to 10 Code-Review 🟢 7 Found 19/25 approved changesets -- score normalized to 7 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected License 🟢 10 license file detected Security-Policy 🟢 10 security policy file detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Signed-Releases ⚠️ -1 no releases found Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Vulnerabilities ⚠️ 0 34 existing vulnerabilities detected
npm/@typescript-eslint/types	8.29.1	🟢 5.2	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 22 issue activity found in the last 90 days -- score normalized to 10 Code-Review 🟢 7 Found 19/25 approved changesets -- score normalized to 7 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected License 🟢 10 license file detected Security-Policy 🟢 10 security policy file detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Signed-Releases ⚠️ -1 no releases found Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Vulnerabilities ⚠️ 0 34 existing vulnerabilities detected
npm/@typescript-eslint/typescript-estree	8.29.1	🟢 5.2	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 22 issue activity found in the last 90 days -- score normalized to 10 Code-Review 🟢 7 Found 19/25 approved changesets -- score normalized to 7 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected License 🟢 10 license file detected Security-Policy 🟢 10 security policy file detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Signed-Releases ⚠️ -1 no releases found Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Vulnerabilities ⚠️ 0 34 existing vulnerabilities detected
npm/@typescript-eslint/utils	8.29.1	🟢 5.2	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 22 issue activity found in the last 90 days -- score normalized to 10 Code-Review 🟢 7 Found 19/25 approved changesets -- score normalized to 7 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected License 🟢 10 license file detected Security-Policy 🟢 10 security policy file detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Signed-Releases ⚠️ -1 no releases found Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Vulnerabilities ⚠️ 0 34 existing vulnerabilities detected
npm/@typescript-eslint/visitor-keys	8.29.1	🟢 5.2	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 22 issue activity found in the last 90 days -- score normalized to 10 Code-Review 🟢 7 Found 19/25 approved changesets -- score normalized to 7 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected License 🟢 10 license file detected Security-Policy 🟢 10 security policy file detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Signed-Releases ⚠️ -1 no releases found Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Vulnerabilities ⚠️ 0 34 existing vulnerabilities detected
npm/eslint	9.24.0	🟢 7	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 22 issue activity found in the last 90 days -- score normalized to 10 Code-Review 🟢 8 Found 24/29 approved changesets -- score normalized to 8 Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions License 🟢 10 license file detected Vulnerabilities 🟢 10 0 existing vulnerabilities detected Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Signed-Releases ⚠️ -1 no releases found Security-Policy 🟢 10 security policy file detected Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed SAST 🟢 10 SAST tool is run on all commits
npm/typescript	5.8.3	🟢 8.4	Details Check Score Reason Code-Review 🟢 10 all changesets reviewed Maintained 🟢 10 30 commit(s) and 5 issue activity found in the last 90 days -- score normalized to 10 Packaging ⚠️ -1 packaging workflow not detected Dependency-Update-Tool 🟢 10 update tool detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege Security-Policy 🟢 10 security policy file detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Signed-Releases ⚠️ 0 Project has not signed or included provenance with any releases. Branch-Protection 🟢 6 branch protection is not maximal on development and all release branches License 🟢 10 license file detected Binary-Artifacts 🟢 10 no binaries found in the repo Vulnerabilities 🟢 10 0 existing vulnerabilities detected SAST 🟢 9 SAST tool detected but not run on all commits Pinned-Dependencies 🟢 6 dependency not pinned by hash detected -- score normalized to 6 Fuzzing 🟢 10 project is fuzzed CI-Tests 🟢 9 29 out of 30 merged PRs checked by a CI test -- score normalized to 9 Contributors 🟢 10 project has 36 contributing companies or organizations
npm/typescript-eslint	8.29.1	🟢 5.2	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 22 issue activity found in the last 90 days -- score normalized to 10 Code-Review 🟢 7 Found 19/25 approved changesets -- score normalized to 7 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected License 🟢 10 license file detected Security-Policy 🟢 10 security policy file detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Signed-Releases ⚠️ -1 no releases found Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Vulnerabilities ⚠️ 0 34 existing vulnerabilities detected
npm/eslint	9.24	🟢 7	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 22 issue activity found in the last 90 days -- score normalized to 10 Code-Review 🟢 8 Found 24/29 approved changesets -- score normalized to 8 Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions License 🟢 10 license file detected Vulnerabilities 🟢 10 0 existing vulnerabilities detected Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Signed-Releases ⚠️ -1 no releases found Security-Policy 🟢 10 security policy file detected Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed SAST 🟢 10 SAST tool is run on all commits
npm/typescript	~5.8.3	🟢 8.4	Details Check Score Reason Code-Review 🟢 10 all changesets reviewed Maintained 🟢 10 30 commit(s) and 5 issue activity found in the last 90 days -- score normalized to 10 Packaging ⚠️ -1 packaging workflow not detected Dependency-Update-Tool 🟢 10 update tool detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege Security-Policy 🟢 10 security policy file detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Signed-Releases ⚠️ 0 Project has not signed or included provenance with any releases. Branch-Protection 🟢 6 branch protection is not maximal on development and all release branches License 🟢 10 license file detected Binary-Artifacts 🟢 10 no binaries found in the repo Vulnerabilities 🟢 10 0 existing vulnerabilities detected SAST 🟢 9 SAST tool detected but not run on all commits Pinned-Dependencies 🟢 6 dependency not pinned by hash detected -- score normalized to 6 Fuzzing 🟢 10 project is fuzzed CI-Tests 🟢 9 29 out of 30 merged PRs checked by a CI test -- score normalized to 9 Contributors 🟢 10 project has 36 contributing companies or organizations
npm/typescript-eslint	8.29.1	🟢 5.2	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 22 issue activity found in the last 90 days -- score normalized to 10 Code-Review 🟢 7 Found 19/25 approved changesets -- score normalized to 7 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected License 🟢 10 license file detected Security-Policy 🟢 10 security policy file detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Signed-Releases ⚠️ -1 no releases found Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Vulnerabilities ⚠️ 0 34 existing vulnerabilities detected

Scanned Files

• frontend/package-lock.json
• frontend/package.json

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.