Bump the production-dependencies group across 1 directory with 13 updates by dependabot[bot] · Pull Request #93 · austenstone/github-value

dependabot · 2024-12-16T21:04:53Z

Bumps the production-dependencies group with 13 updates in the /frontend directory:

Package	From	To
@angular/animations	`18.2.12`	`19.0.4`
@angular/cdk	`18.2.13`	`19.0.3`
@angular/common	`18.2.12`	`19.0.4`
@angular/compiler	`18.2.12`	`19.0.4`
@angular/core	`18.2.12`	`19.0.4`
@angular/forms	`18.2.12`	`19.0.4`
@angular/material	`18.2.13`	`19.0.3`
@angular/platform-browser	`18.2.12`	`19.0.4`
@angular/platform-browser-dynamic	`18.2.12`	`19.0.4`
@angular/router	`18.2.12`	`19.0.4`
@octokit/types	`13.6.1`	`13.6.2`
cronstrue	`2.51.0`	`2.52.0`
highcharts	`11.4.8`	`12.0.2`

Updates @angular/animations from 18.2.12 to 19.0.4

Release notes

Sourced from @angular/animations's releases.

v19.0.4

19.0.4 (2024-12-12)

compiler-cli

Commit Description

consider pre-release versions when detecting feature support (#59061)

error in unused standalone imports diagnostic (#59064)

core

Commit Description

Fix a bug where snapshotted functions are being run twice if they return a nullish/falsey value. (#59073)

platform-browser

Commit Description

collect external component styles from server rendering (#59031)

v19.0.3

19.0.3 (2024-12-04)

v19.0.2

19.0.2 (2024-12-04)

compiler-cli

Commit Description

account for multiple generated namespace imports in HMR (#58924)

core

Commit Description

Explicitly manage TracingSnapshot lifecycle and dispose of it once it's been used. (#58929)

migrations

Commit Description

class content being deleted in some edge cases (#58959)

correctly strip away parameters surrounded by comments in inject migration (#58959)

don't migrate classes with parameters that can't be injected (#58959)

inject migration aggressively removing imports (#58959)

inject migration dropping code if everything except super is removed (#58959)

preserve type literals and tuples in inject migrations (#58959)

platform-server

Commit Description

remove peer dependency on animations (#58997)

v19.0.1

19.0.1 (2024-11-26)

compiler-cli

... (truncated)

Changelog

Sourced from @angular/animations's changelog.

19.0.4 (2024-12-12)

compiler-cli

Commit Type Description

7e612171709 fix consider pre-release versions when detecting feature support (#59061)

cd764a31152 fix error in unused standalone imports diagnostic (#59064)

core

Commit Type Description

34ded10fa60 fix Fix a bug where snapshotted functions are being run twice if they return a nullish/falsey value. (#59073)

platform-browser

Commit Type Description

ae0802d63c5 fix collect external component styles from server rendering (#59031)

19.1.0-next.2 (2024-12-04)

19.0.3 (2024-12-04)

19.1.0-next.1 (2024-12-04)

compiler-cli

Commit Type Description

f280467398 fix account for multiple generated namespace imports in HMR (#58924)

core

Commit Type Description

e894a5daea feat set kind field on template and effect nodes (#58865)

3b765367f3 fix Explicitly manage TracingSnapshot lifecycle and dispose of it once it's been used. (#58929)

migrations

Commit Type Description

e31e52e177 fix class content being deleted in some edge cases (#58959)

508d3a1b3b fix correctly strip away parameters surrounded by comments in inject migration (#58959)

7191aa6e09 fix don't migrate classes with parameters that can't be injected (#58959)

a4924af6d5 fix inject migration aggressively removing imports (#58959)

35165d152d fix inject migration dropping code if everything except super is removed (#58959)

68e5ba7a3a fix preserve type literals and tuples in inject migrations (#58959)

platform-server

Commit Type Description

... (truncated)

Commits

5f3ba06 docs: set syntax highlighting of code examples MD code blocks (#59026)
b8a2ae0 docs: fix missing alert block styles in the API reference (#59020)
09df589 refactor(core): Migrate all packages with the explicit-standalone-flag sche...
84b6896 refactor(platform-server): Add an ssr benchmark setup. (#57647)
9dbe6fc refactor: update license text to point to angular.dev (#57901)
See full diff in compare view

Updates @angular/cdk from 18.2.13 to 19.0.3

Release notes

Sourced from @angular/cdk's releases.

v19.0.3

19.0.3 "polonium-popsicle" (2024-12-11)

material

Commit Description

expansion: switch away from animations module (#30119)

menu: decouple menu lifecycle from animations (#30148)

paginator: ignore clicks on disabled buttons (#30138)

select: add opt-in input that allows selection of nullable options (#30142)

timepicker: deserialize ControlValueAccessor values correctly (#30149)

timepicker: disable toggle if timepicker is disabled (#30137)

v19.0.2

19.0.2 "plastic-rhino" (2024-12-04)

youtube-player

Commit Description

update to latest typings (#30126)

material

Commit Description

button-toggle: unable to tab into ngModel-based group on first render (#30103)

core: optgroup label color not inferred correctly (#30085)

schematics: avoid parsing stylesheets that don't include Material

schematics: error if stylesheet contains syntax errors

sort: simplify animations (#30057)

tabs: ink bar not showing when same tab is re-selected (#30121)

cdk

Commit Description

accordion: improve accessibility in example code (#30087)

menu: disable flexible dimensions (#30086)

v19.0.1

19.0.1 "mercury-mailbox" (2024-11-27)

material

Commit Description

button-toggle: animate checkbox (#30025)

chips: emit state changes when chip grid is disabled (#30033)

datepicker: adds comparison ids and aria-describedby spans (#30040)

slider: update documentation (#30029)

timepicker: make disabled input public (#30063)

docs

Commit Description

update errorState example to cover handle missing state (#30059)

... (truncated)

Changelog

Sourced from @angular/cdk's changelog.

19.0.3 "polonium-popsicle" (2024-12-11)

material

Commit Type Description

7b64c451e6 fix expansion: switch away from animations module (#30119)

d18c3395d8 fix menu: decouple menu lifecycle from animations (#30148)

3ea8cf5c31 fix paginator: ignore clicks on disabled buttons (#30138)

fbaf286f9c fix select: add opt-in input that allows selection of nullable options (#30142)

600a8b04f9 fix timepicker: deserialize ControlValueAccessor values correctly (#30149)

4b69162998 fix timepicker: disable toggle if timepicker is disabled (#30137)

19.1.0-next.1 "plastic-monkey" (2024-12-04)

cdk

Commit Type Description

de6c491892 fix accordion: improve accessibility in example code (#30087)

85d26391e4 fix menu: disable flexible dimensions (#30086)

material

Commit Type Description

f0a767ca0f fix button-toggle: unable to tab into ngModel-based group on first render (#30103)

6962c85837 fix core: optgroup label color not inferred correctly (#30085)

4ef3baaf08 fix schematics: avoid parsing stylesheets that don't include Material

c89192639c fix schematics: error if stylesheet contains syntax errors

a08eeebf6b fix sort: simplify animations (#30057)

a028b5d842 fix tabs: ink bar not showing when same tab is re-selected (#30121)

youtube-player

Commit Type Description

8a55d9a09e fix update to latest typings (#30126)

docs

Commit Type Description

d7fc560140 fix add example for adding icon in meta section using matListI… (#30068)

19.0.2 "plastic-rhino" (2024-12-04)

cdk

Commit Type Description

460f971b27 fix accordion: improve accessibility in example code (#30087)

6306a12c12 fix menu: disable flexible dimensions (#30086)

material

Commit Type Description

... (truncated)

Commits

431b031 release: cut the v19.0.3 release
aba043b Revert "docs: archive changelog before v17" (#30168)
d18c339 fix(material/menu): decouple menu lifecycle from animations (#30148)
fbaf286 fix(material/select): add opt-in input that allows selection of nullable opti...
600a8b0 fix(material/timepicker): deserialize ControlValueAccessor values correctly (...
f8cf936 docs: archive changelog before v17 (#30147)
3ea8cf5 fix(material/paginator): ignore clicks on disabled buttons (#30138)
4b69162 fix(material/timepicker): disable toggle if timepicker is disabled (#30137)
1f854a2 ci: update to latest version of dev-infra actions (#30133)
7b64c45 fix(material/expansion): switch away from animations module (#30119)
Additional commits viewable in compare view

Updates @angular/common from 18.2.12 to 19.0.4

Release notes

Sourced from @angular/common's releases.

v19.0.4

19.0.4 (2024-12-12)

compiler-cli

Commit Description

consider pre-release versions when detecting feature support (#59061)

error in unused standalone imports diagnostic (#59064)

core

Commit Description

Fix a bug where snapshotted functions are being run twice if they return a nullish/falsey value. (#59073)

platform-browser

Commit Description

collect external component styles from server rendering (#59031)

v19.0.3

19.0.3 (2024-12-04)

v19.0.2

19.0.2 (2024-12-04)

compiler-cli

Commit Description

account for multiple generated namespace imports in HMR (#58924)

core

Commit Description

Explicitly manage TracingSnapshot lifecycle and dispose of it once it's been used. (#58929)

migrations

Commit Description

class content being deleted in some edge cases (#58959)

correctly strip away parameters surrounded by comments in inject migration (#58959)

don't migrate classes with parameters that can't be injected (#58959)

inject migration aggressively removing imports (#58959)

inject migration dropping code if everything except super is removed (#58959)

preserve type literals and tuples in inject migrations (#58959)

platform-server

Commit Description

remove peer dependency on animations (#58997)

v19.0.1

19.0.1 (2024-11-26)

compiler-cli

... (truncated)

Changelog

Sourced from @angular/common's changelog.

19.0.4 (2024-12-12)

compiler-cli

Commit Type Description

7e612171709 fix consider pre-release versions when detecting feature support (#59061)

cd764a31152 fix error in unused standalone imports diagnostic (#59064)

core

Commit Type Description

34ded10fa60 fix Fix a bug where snapshotted functions are being run twice if they return a nullish/falsey value. (#59073)

platform-browser

Commit Type Description

ae0802d63c5 fix collect external component styles from server rendering (#59031)

19.1.0-next.2 (2024-12-04)

19.0.3 (2024-12-04)

19.1.0-next.1 (2024-12-04)

compiler-cli

Commit Type Description

f280467398 fix account for multiple generated namespace imports in HMR (#58924)

core

Commit Type Description

e894a5daea feat set kind field on template and effect nodes (#58865)

3b765367f3 fix Explicitly manage TracingSnapshot lifecycle and dispose of it once it's been used. (#58929)

migrations

Commit Type Description

e31e52e177 fix class content being deleted in some edge cases (#58959)

508d3a1b3b fix correctly strip away parameters surrounded by comments in inject migration (#58959)

7191aa6e09 fix don't migrate classes with parameters that can't be injected (#58959)

a4924af6d5 fix inject migration aggressively removing imports (#58959)

35165d152d fix inject migration dropping code if everything except super is removed (#58959)

68e5ba7a3a fix preserve type literals and tuples in inject migrations (#58959)

platform-server

Commit Type Description

... (truncated)

Commits

326337e refactor: replace ɵPendingTasks with ɵPendingTasksInternal (#59138)
ffae7df refactor(http): Don't log fetch warning in tests. (#59049)
0c40bb2 refactor(docs-infra): convert code-example-s that have only region param to @...
5f3ba06 docs: set syntax highlighting of code examples MD code blocks (#59026)
0df7b1e refactor(common): remove standalone: true (#58949)
b8a2ae0 docs: fix missing alert block styles in the API reference (#59020)
ea0bf74 refactor(core): use ApplicationRef.whenStable instead of a custom util func...
7dfb127 refactor: add @__PURE__ next to @pureOrBreakMyCode for improved bundler c...
da9c0c5 refactor: cleanup initializers that use ctor params (#58349)
24c6373 feat(common): add optional rounded transform support in cloudinary image load...
Additional commits viewable in compare view

Updates @angular/compiler from 18.2.12 to 19.0.4

Release notes

Sourced from @angular/compiler's releases.

v19.0.4

19.0.4 (2024-12-12)

compiler-cli

Commit Description

consider pre-release versions when detecting feature support (#59061)

error in unused standalone imports diagnostic (#59064)

core

Commit Description

Fix a bug where snapshotted functions are being run twice if they return a nullish/falsey value. (#59073)

platform-browser

Commit Description

collect external component styles from server rendering (#59031)

v19.0.3

19.0.3 (2024-12-04)

v19.0.2

19.0.2 (2024-12-04)

compiler-cli

Commit Description

account for multiple generated namespace imports in HMR (#58924)

core

Commit Description

Explicitly manage TracingSnapshot lifecycle and dispose of it once it's been used. (#58929)

migrations

Commit Description

class content being deleted in some edge cases (#58959)

correctly strip away parameters surrounded by comments in inject migration (#58959)

don't migrate classes with parameters that can't be injected (#58959)

inject migration aggressively removing imports (#58959)

inject migration dropping code if everything except super is removed (#58959)

preserve type literals and tuples in inject migrations (#58959)

platform-server

Commit Description

remove peer dependency on animations (#58997)

v19.0.1

19.0.1 (2024-11-26)

compiler-cli

... (truncated)

Changelog

Sourced from @angular/compiler's changelog.

19.0.4 (2024-12-12)

compiler-cli

Commit Type Description

7e612171709 fix consider pre-release versions when detecting feature support (#59061)

cd764a31152 fix error in unused standalone imports diagnostic (#59064)

core

Commit Type Description

34ded10fa60 fix Fix a bug where snapshotted functions are being run twice if they return a nullish/falsey value. (#59073)

platform-browser

Commit Type Description

ae0802d63c5 fix collect external component styles from server rendering (#59031)

19.1.0-next.2 (2024-12-04)

19.0.3 (2024-12-04)

19.1.0-next.1 (2024-12-04)

compiler-cli

Commit Type Description

f280467398 fix account for multiple generated namespace imports in HMR (#58924)

core

Commit Type Description

e894a5daea feat set kind field on template and effect nodes (#58865)

3b765367f3 fix Explicitly manage TracingSnapshot lifecycle and dispose of it once it's been used. (#58929)

migrations

Commit Type Description

e31e52e177 fix class content being deleted in some edge cases (#58959)

508d3a1b3b fix correctly strip away parameters surrounded by comments in inject migration (#58959)

7191aa6e09 fix don't migrate classes with parameters that can't be injected (#58959)

a4924af6d5 fix inject migration aggressively removing imports (#58959)

35165d152d fix inject migration dropping code if everything except super is removed (#58959)

68e5ba7a3a fix preserve type literals and tuples in inject migrations (#58959)

platform-server

Commit Type Description

... (truncated)

Commits

b58123b refactor(compiler): remove circular dep in the output ast (#59083)
5f3ba06 docs: set syntax highlighting of code examples MD code blocks (#59026)
b182806 refactor(compiler): remove allowInvalidAssignmentEvents flag (#58988)
9f99196 fix(compiler-cli): account for multiple generated namespace imports in HMR (#...
d23a5d5 refactor(core): Consolidates shouldTrigger* methods down to one (#58833)
d6da631 refactor(compiler): Adds ingest and flags for defer details (#58833)
4852e57 docs: capitalize webpack with a lowercase W (#56812)
fb1fa8b fix(compiler-cli): more accurate diagnostics for host binding parser errors (...
806a61b fix(compiler): fix multiline selectors (#58681)
e5d3abb fix(compiler): resolve :host:host-context(.foo) (#58681)
Additional commits viewable in compare view

Updates @angular/core from 18.2.12 to 19.0.4

Release notes

Sourced from @angular/core's releases.

v19.0.4

19.0.4 (2024-12-12)

compiler-cli

Commit Description

consider pre-release versions when detecting feature support (#59061)

error in unused standalone imports diagnostic (#59064)

core

Commit Description

Fix a bug where snapshotted functions are being run twice if they return a nullish/falsey value. (#59073)

platform-browser

Commit Description

collect external component styles from server rendering (#59031)

v19.0.3

19.0.3 (2024-12-04)

v19.0.2

19.0.2 (2024-12-04)

compiler-cli

Commit Description

account for multiple generated namespace imports in HMR (#58924)

core

Commit Description

Explicitly manage TracingSnapshot lifecycle and dispose of it once it's been used. (

…ates Bumps the production-dependencies group with 13 updates in the /frontend directory: | Package | From | To | | --- | --- | --- | | [@angular/animations](https://github.com/angular/angular/tree/HEAD/packages/animations) | `18.2.12` | `19.0.4` | | [@angular/cdk](https://github.com/angular/components) | `18.2.13` | `19.0.3` | | [@angular/common](https://github.com/angular/angular/tree/HEAD/packages/common) | `18.2.12` | `19.0.4` | | [@angular/compiler](https://github.com/angular/angular/tree/HEAD/packages/compiler) | `18.2.12` | `19.0.4` | | [@angular/core](https://github.com/angular/angular/tree/HEAD/packages/core) | `18.2.12` | `19.0.4` | | [@angular/forms](https://github.com/angular/angular/tree/HEAD/packages/forms) | `18.2.12` | `19.0.4` | | [@angular/material](https://github.com/angular/components) | `18.2.13` | `19.0.3` | | [@angular/platform-browser](https://github.com/angular/angular/tree/HEAD/packages/platform-browser) | `18.2.12` | `19.0.4` | | [@angular/platform-browser-dynamic](https://github.com/angular/angular/tree/HEAD/packages/platform-browser-dynamic) | `18.2.12` | `19.0.4` | | [@angular/router](https://github.com/angular/angular/tree/HEAD/packages/router) | `18.2.12` | `19.0.4` | | [@octokit/types](https://github.com/octokit/types.ts) | `13.6.1` | `13.6.2` | | [cronstrue](https://github.com/bradymholt/cronstrue) | `2.51.0` | `2.52.0` | | [highcharts](https://github.com/highcharts/highcharts-dist) | `11.4.8` | `12.0.2` | Updates `@angular/animations` from 18.2.12 to 19.0.4 - [Release notes](https://github.com/angular/angular/releases) - [Changelog](https://github.com/angular/angular/blob/main/CHANGELOG.md) - [Commits](https://github.com/angular/angular/commits/19.0.4/packages/animations) Updates `@angular/cdk` from 18.2.13 to 19.0.3 - [Release notes](https://github.com/angular/components/releases) - [Changelog](https://github.com/angular/components/blob/main/CHANGELOG.md) - [Commits](angular/components@18.2.13...19.0.3) Updates `@angular/common` from 18.2.12 to 19.0.4 - [Release notes](https://github.com/angular/angular/releases) - [Changelog](https://github.com/angular/angular/blob/main/CHANGELOG.md) - [Commits](https://github.com/angular/angular/commits/19.0.4/packages/common) Updates `@angular/compiler` from 18.2.12 to 19.0.4 - [Release notes](https://github.com/angular/angular/releases) - [Changelog](https://github.com/angular/angular/blob/main/CHANGELOG.md) - [Commits](https://github.com/angular/angular/commits/19.0.4/packages/compiler) Updates `@angular/core` from 18.2.12 to 19.0.4 - [Release notes](https://github.com/angular/angular/releases) - [Changelog](https://github.com/angular/angular/blob/main/CHANGELOG.md) - [Commits](https://github.com/angular/angular/commits/19.0.4/packages/core) Updates `@angular/forms` from 18.2.12 to 19.0.4 - [Release notes](https://github.com/angular/angular/releases) - [Changelog](https://github.com/angular/angular/blob/main/CHANGELOG.md) - [Commits](https://github.com/angular/angular/commits/19.0.4/packages/forms) Updates `@angular/material` from 18.2.13 to 19.0.3 - [Release notes](https://github.com/angular/components/releases) - [Changelog](https://github.com/angular/components/blob/main/CHANGELOG.md) - [Commits](angular/components@18.2.13...19.0.3) Updates `@angular/platform-browser` from 18.2.12 to 19.0.4 - [Release notes](https://github.com/angular/angular/releases) - [Changelog](https://github.com/angular/angular/blob/main/CHANGELOG.md) - [Commits](https://github.com/angular/angular/commits/19.0.4/packages/platform-browser) Updates `@angular/platform-browser-dynamic` from 18.2.12 to 19.0.4 - [Release notes](https://github.com/angular/angular/releases) - [Changelog](https://github.com/angular/angular/blob/main/CHANGELOG.md) - [Commits](https://github.com/angular/angular/commits/19.0.4/packages/platform-browser-dynamic) Updates `@angular/router` from 18.2.12 to 19.0.4 - [Release notes](https://github.com/angular/angular/releases) - [Changelog](https://github.com/angular/angular/blob/main/CHANGELOG.md) - [Commits](https://github.com/angular/angular/commits/19.0.4/packages/router) Updates `@octokit/types` from 13.6.1 to 13.6.2 - [Release notes](https://github.com/octokit/types.ts/releases) - [Commits](octokit/types.ts@v13.6.1...v13.6.2) Updates `cronstrue` from 2.51.0 to 2.52.0 - [Release notes](https://github.com/bradymholt/cronstrue/releases) - [Changelog](https://github.com/bradymholt/cRonstrue/blob/main/CHANGELOG.md) - [Commits](bradymholt/cRonstrue@v2.51.0...v2.52.0) Updates `highcharts` from 11.4.8 to 12.0.2 - [Commits](highcharts/highcharts-dist@v11.4.8...v12.0.2) --- updated-dependencies: - dependency-name: "@angular/animations" dependency-type: direct:production update-type: version-update:semver-major dependency-group: production-dependencies - dependency-name: "@angular/cdk" dependency-type: direct:production update-type: version-update:semver-major dependency-group: production-dependencies - dependency-name: "@angular/common" dependency-type: direct:production update-type: version-update:semver-major dependency-group: production-dependencies - dependency-name: "@angular/compiler" dependency-type: direct:production update-type: version-update:semver-major dependency-group: production-dependencies - dependency-name: "@angular/core" dependency-type: direct:production update-type: version-update:semver-major dependency-group: production-dependencies - dependency-name: "@angular/forms" dependency-type: direct:production update-type: version-update:semver-major dependency-group: production-dependencies - dependency-name: "@angular/material" dependency-type: direct:production update-type: version-update:semver-major dependency-group: production-dependencies - dependency-name: "@angular/platform-browser" dependency-type: direct:production update-type: version-update:semver-major dependency-group: production-dependencies - dependency-name: "@angular/platform-browser-dynamic" dependency-type: direct:production update-type: version-update:semver-major dependency-group: production-dependencies - dependency-name: "@angular/router" dependency-type: direct:production update-type: version-update:semver-major dependency-group: production-dependencies - dependency-name: "@octokit/types" dependency-type: direct:production update-type: version-update:semver-patch dependency-group: production-dependencies - dependency-name: cronstrue dependency-type: direct:production update-type: version-update:semver-minor dependency-group: production-dependencies - dependency-name: highcharts dependency-type: direct:production update-type: version-update:semver-major dependency-group: production-dependencies ... Signed-off-by: dependabot[bot] <support@github.com>

github-actions · 2024-12-16T21:05:07Z

Dependency Review

The following issues were found:

✅ 0 vulnerable package(s)
✅ 0 package(s) with incompatible licenses
✅ 0 package(s) with invalid SPDX license definitions
⚠️ 1 package(s) with unknown licenses.

See the Details below.

License Issues

frontend/package.json

Package	Version	License	Issue Type
highcharts	^12.0.2	Null	Unknown License

OpenSSF Scorecard

Scorecard details

Package

Version

Score

Details

npm/@angular/animations

19.0.4

🟢 6.5

Details

Check	Score	Reason
Binary-Artifacts	🟢 10	no binaries found in the repo
Branch-Protection	🟢 6	branch protection is not maximal on development and all release branches
CI-Tests	🟢 10	1 out of 1 merged PRs checked by a CI test -- score normalized to 10
CII-Best-Practices	⚠️ 2	badge detected: InProgress
Code-Review	⚠️ 0	Found 0/30 approved changesets -- score normalized to 0
Contributors	🟢 10	project has 38 contributing companies or organizations
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Dependency-Update-Tool	🟢 10	update tool detected
Fuzzing	🟢 10	project is fuzzed
License	🟢 10	license file detected
Maintained	🟢 10	30 commit(s) and 19 issue activity found in the last 90 days -- score normalized to 10
Packaging	⚠️ -1	packaging workflow not detected
Pinned-Dependencies	🟢 10	all dependencies are pinned
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Security-Policy	🟢 10	security policy file detected
Signed-Releases	⚠️ -1	no releases found
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Vulnerabilities	⚠️ 0	68 existing vulnerabilities detected

npm/@angular/cdk

19.0.3

🟢 7.4

Details

Check	Score	Reason
Binary-Artifacts	🟢 10	no binaries found in the repo
Branch-Protection	🟢 6	branch protection is not maximal on development and all release branches
CI-Tests	🟢 10	29 out of 29 merged PRs checked by a CI test -- score normalized to 10
CII-Best-Practices	⚠️ 2	badge detected: in_progress
Code-Review	🟢 10	all changesets reviewed
Contributors	🟢 10	21 different organizations found -- score normalized to 10
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Dependency-Update-Tool	🟢 10	update tool detected
Fuzzing	⚠️ 0	project is not fuzzed
License	🟢 10	license file detected
Maintained	🟢 10	30 commit(s) out of 30 and 10 issue activity out of 30 found in the last 90 days -- score normalized to 10
Packaging	⚠️ -1	no published package detected
Pinned-Dependencies	🟢 10	all dependencies are pinned
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Security-Policy	🟢 10	security policy file detected
Signed-Releases	⚠️ -1	no releases found
Token-Permissions	🟢 8	detected GitHub workflow tokens with excessive permissions
Vulnerabilities	⚠️ 0	50 existing vulnerabilities detected

npm/@angular/common

19.0.4

🟢 6.5

Details

Check	Score	Reason
Binary-Artifacts	🟢 10	no binaries found in the repo
Branch-Protection	🟢 6	branch protection is not maximal on development and all release branches
CI-Tests	🟢 10	1 out of 1 merged PRs checked by a CI test -- score normalized to 10
CII-Best-Practices	⚠️ 2	badge detected: InProgress
Code-Review	⚠️ 0	Found 0/30 approved changesets -- score normalized to 0
Contributors	🟢 10	project has 38 contributing companies or organizations
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Dependency-Update-Tool	🟢 10	update tool detected
Fuzzing	🟢 10	project is fuzzed
License	🟢 10	license file detected
Maintained	🟢 10	30 commit(s) and 19 issue activity found in the last 90 days -- score normalized to 10
Packaging	⚠️ -1	packaging workflow not detected
Pinned-Dependencies	🟢 10	all dependencies are pinned
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Security-Policy	🟢 10	security policy file detected
Signed-Releases	⚠️ -1	no releases found
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Vulnerabilities	⚠️ 0	68 existing vulnerabilities detected

npm/@angular/compiler

19.0.4

🟢 6.5

Details

Check	Score	Reason
Binary-Artifacts	🟢 10	no binaries found in the repo
Branch-Protection	🟢 6	branch protection is not maximal on development and all release branches
CI-Tests	🟢 10	1 out of 1 merged PRs checked by a CI test -- score normalized to 10
CII-Best-Practices	⚠️ 2	badge detected: InProgress
Code-Review	⚠️ 0	Found 0/30 approved changesets -- score normalized to 0
Contributors	🟢 10	project has 38 contributing companies or organizations
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Dependency-Update-Tool	🟢 10	update tool detected
Fuzzing	🟢 10	project is fuzzed
License	🟢 10	license file detected
Maintained	🟢 10	30 commit(s) and 19 issue activity found in the last 90 days -- score normalized to 10
Packaging	⚠️ -1	packaging workflow not detected
Pinned-Dependencies	🟢 10	all dependencies are pinned
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Security-Policy	🟢 10	security policy file detected
Signed-Releases	⚠️ -1	no releases found
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Vulnerabilities	⚠️ 0	68 existing vulnerabilities detected

npm/@angular/core

19.0.4

🟢 6.5

Details

Check	Score	Reason
Binary-Artifacts	🟢 10	no binaries found in the repo
Branch-Protection	🟢 6	branch protection is not maximal on development and all release branches
CI-Tests	🟢 10	1 out of 1 merged PRs checked by a CI test -- score normalized to 10
CII-Best-Practices	⚠️ 2	badge detected: InProgress
Code-Review	⚠️ 0	Found 0/30 approved changesets -- score normalized to 0
Contributors	🟢 10	project has 38 contributing companies or organizations
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Dependency-Update-Tool	🟢 10	update tool detected
Fuzzing	🟢 10	project is fuzzed
License	🟢 10	license file detected
Maintained	🟢 10	30 commit(s) and 19 issue activity found in the last 90 days -- score normalized to 10
Packaging	⚠️ -1	packaging workflow not detected
Pinned-Dependencies	🟢 10	all dependencies are pinned
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Security-Policy	🟢 10	security policy file detected
Signed-Releases	⚠️ -1	no releases found
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Vulnerabilities	⚠️ 0	68 existing vulnerabilities detected

npm/@angular/forms

19.0.4

🟢 6.5

Details

Check	Score	Reason
Binary-Artifacts	🟢 10	no binaries found in the repo
Branch-Protection	🟢 6	branch protection is not maximal on development and all release branches
CI-Tests	🟢 10	1 out of 1 merged PRs checked by a CI test -- score normalized to 10
CII-Best-Practices	⚠️ 2	badge detected: InProgress
Code-Review	⚠️ 0	Found 0/30 approved changesets -- score normalized to 0
Contributors	🟢 10	project has 38 contributing companies or organizations
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Dependency-Update-Tool	🟢 10	update tool detected
Fuzzing	🟢 10	project is fuzzed
License	🟢 10	license file detected
Maintained	🟢 10	30 commit(s) and 19 issue activity found in the last 90 days -- score normalized to 10
Packaging	⚠️ -1	packaging workflow not detected
Pinned-Dependencies	🟢 10	all dependencies are pinned
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Security-Policy	🟢 10	security policy file detected
Signed-Releases	⚠️ -1	no releases found
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Vulnerabilities	⚠️ 0	68 existing vulnerabilities detected

npm/@angular/material

19.0.3

🟢 7.4

Details

Check	Score	Reason
Binary-Artifacts	🟢 10	no binaries found in the repo
Branch-Protection	🟢 6	branch protection is not maximal on development and all release branches
CI-Tests	🟢 10	29 out of 29 merged PRs checked by a CI test -- score normalized to 10
CII-Best-Practices	⚠️ 2	badge detected: in_progress
Code-Review	🟢 10	all changesets reviewed
Contributors	🟢 10	21 different organizations found -- score normalized to 10
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Dependency-Update-Tool	🟢 10	update tool detected
Fuzzing	⚠️ 0	project is not fuzzed
License	🟢 10	license file detected
Maintained	🟢 10	30 commit(s) out of 30 and 10 issue activity out of 30 found in the last 90 days -- score normalized to 10
Packaging	⚠️ -1	no published package detected
Pinned-Dependencies	🟢 10	all dependencies are pinned
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Security-Policy	🟢 10	security policy file detected
Signed-Releases	⚠️ -1	no releases found
Token-Permissions	🟢 8	detected GitHub workflow tokens with excessive permissions
Vulnerabilities	⚠️ 0	50 existing vulnerabilities detected

npm/@angular/platform-browser

19.0.4

🟢 6.5

Details

Check	Score	Reason
Binary-Artifacts	🟢 10	no binaries found in the repo
Branch-Protection	🟢 6	branch protection is not maximal on development and all release branches
CI-Tests	🟢 10	1 out of 1 merged PRs checked by a CI test -- score normalized to 10
CII-Best-Practices	⚠️ 2	badge detected: InProgress
Code-Review	⚠️ 0	Found 0/30 approved changesets -- score normalized to 0
Contributors	🟢 10	project has 38 contributing companies or organizations
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Dependency-Update-Tool	🟢 10	update tool detected
Fuzzing	🟢 10	project is fuzzed
License	🟢 10	license file detected
Maintained	🟢 10	30 commit(s) and 19 issue activity found in the last 90 days -- score normalized to 10
Packaging	⚠️ -1	packaging workflow not detected
Pinned-Dependencies	🟢 10	all dependencies are pinned
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Security-Policy	🟢 10	security policy file detected
Signed-Releases	⚠️ -1	no releases found
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Vulnerabilities	⚠️ 0	68 existing vulnerabilities detected

npm/@angular/platform-browser-dynamic

19.0.4

🟢 6.5

Details

Check	Score	Reason
Binary-Artifacts	🟢 10	no binaries found in the repo
Branch-Protection	🟢 6	branch protection is not maximal on development and all release branches
CI-Tests	🟢 10	1 out of 1 merged PRs checked by a CI test -- score normalized to 10
CII-Best-Practices	⚠️ 2	badge detected: InProgress
Code-Review	⚠️ 0	Found 0/30 approved changesets -- score normalized to 0
Contributors	🟢 10	project has 38 contributing companies or organizations
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Dependency-Update-Tool	🟢 10	update tool detected
Fuzzing	🟢 10	project is fuzzed
License	🟢 10	license file detected
Maintained	🟢 10	30 commit(s) and 19 issue activity found in the last 90 days -- score normalized to 10
Packaging	⚠️ -1	packaging workflow not detected
Pinned-Dependencies	🟢 10	all dependencies are pinned
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Security-Policy	🟢 10	security policy file detected
Signed-Releases	⚠️ -1	no releases found
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Vulnerabilities	⚠️ 0	68 existing vulnerabilities detected

npm/@angular/router

19.0.4

🟢 6.5

Details

Check	Score	Reason
Binary-Artifacts	🟢 10	no binaries found in the repo
Branch-Protection	🟢 6	branch protection is not maximal on development and all release branches
CI-Tests	🟢 10	1 out of 1 merged PRs checked by a CI test -- score normalized to 10
CII-Best-Practices	⚠️ 2	badge detected: InProgress
Code-Review	⚠️ 0	Found 0/30 approved changesets -- score normalized to 0
Contributors	🟢 10	project has 38 contributing companies or organizations
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Dependency-Update-Tool	🟢 10	update tool detected
Fuzzing	🟢 10	project is fuzzed
License	🟢 10	license file detected
Maintained	🟢 10	30 commit(s) and 19 issue activity found in the last 90 days -- score normalized to 10
Packaging	⚠️ -1	packaging workflow not detected
Pinned-Dependencies	🟢 10	all dependencies are pinned
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Security-Policy	🟢 10	security policy file detected
Signed-Releases	⚠️ -1	no releases found
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Vulnerabilities	⚠️ 0	68 existing vulnerabilities detected

npm/@octokit/types

13.6.2

🟢 7.3

Details

Check	Score	Reason
Maintained	🟢 9	9 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 9
Binary-Artifacts	🟢 10	no binaries found in the repo
Code-Review	🟢 10	all changesets reviewed
Security-Policy	🟢 9	security policy file detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Pinned-Dependencies	🟢 3	dependency not pinned by hash detected -- score normalized to 3
License	🟢 10	license file detected
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Signed-Releases	⚠️ -1	no releases found
Fuzzing	⚠️ 0	project is not fuzzed
Packaging	🟢 10	packaging workflow detected
SAST	🟢 10	SAST tool is run on all commits
Vulnerabilities	🟢 8	2 existing vulnerabilities detected

npm/cronstrue

2.52.0

🟢 3.6

Details

Check	Score	Reason
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Code-Review	⚠️ 2	Found 8/28 approved changesets -- score normalized to 2
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Maintained	🟢 5	4 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 5
Packaging	⚠️ -1	packaging workflow not detected
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Binary-Artifacts	🟢 10	no binaries found in the repo
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
License	🟢 10	license file detected
Security-Policy	⚠️ 0	security policy file not detected
Fuzzing	⚠️ 0	project is not fuzzed
Signed-Releases	⚠️ 0	Project has not signed or included provenance with any releases.
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities	🟢 5	5 existing vulnerabilities detected

npm/highcharts

12.0.2

🟢 3.3

Details

Check	Score	Reason
Maintained	🟢 5	6 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 5
Packaging	⚠️ -1	packaging workflow not detected
Code-Review	⚠️ 0	Found 1/28 approved changesets -- score normalized to 0
Token-Permissions	⚠️ -1	No tokens found
Dangerous-Workflow	⚠️ -1	no workflows found
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Security-Policy	⚠️ 0	security policy file not detected
Vulnerabilities	🟢 10	0 existing vulnerabilities detected
Signed-Releases	⚠️ -1	no releases found
License	⚠️ 0	license file not detected
Branch-Protection	⚠️ 0	branch protection not enabled on development/release branches
Binary-Artifacts	🟢 10	no binaries found in the repo
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Pinned-Dependencies	⚠️ -1	no dependencies found
Fuzzing	⚠️ 0	project is not fuzzed

npm/zone.js

0.15.0

🟢 6.5

Details

Check	Score	Reason
Binary-Artifacts	🟢 10	no binaries found in the repo
Branch-Protection	🟢 6	branch protection is not maximal on development and all release branches
CI-Tests	🟢 10	1 out of 1 merged PRs checked by a CI test -- score normalized to 10
CII-Best-Practices	⚠️ 2	badge detected: InProgress
Code-Review	⚠️ 0	Found 0/30 approved changesets -- score normalized to 0
Contributors	🟢 10	project has 38 contributing companies or organizations
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Dependency-Update-Tool	🟢 10	update tool detected
Fuzzing	🟢 10	project is fuzzed
License	🟢 10	license file detected
Maintained	🟢 10	30 commit(s) and 19 issue activity found in the last 90 days -- score normalized to 10
Packaging	⚠️ -1	packaging workflow not detected
Pinned-Dependencies	🟢 10	all dependencies are pinned
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Security-Policy	🟢 10	security policy file detected
Signed-Releases	⚠️ -1	no releases found
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Vulnerabilities	⚠️ 0	68 existing vulnerabilities detected

npm/@angular/animations

^19.0.4

🟢 6.5

Details

Check	Score	Reason
Binary-Artifacts	🟢 10	no binaries found in the repo
Branch-Protection	🟢 6	branch protection is not maximal on development and all release branches
CI-Tests	🟢 10	1 out of 1 merged PRs checked by a CI test -- score normalized to 10
CII-Best-Practices	⚠️ 2	badge detected: InProgress
Code-Review	⚠️ 0	Found 0/30 approved changesets -- score normalized to 0
Contributors	🟢 10	project has 38 contributing companies or organizations
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Dependency-Update-Tool	🟢 10	update tool detected
Fuzzing	🟢 10	project is fuzzed
License	🟢 10	license file detected
Maintained	🟢 10	30 commit(s) and 19 issue activity found in the last 90 days -- score normalized to 10
Packaging	⚠️ -1	packaging workflow not detected
Pinned-Dependencies	🟢 10	all dependencies are pinned
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Security-Policy	🟢 10	security policy file detected
Signed-Releases	⚠️ -1	no releases found
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Vulnerabilities	⚠️ 0	68 existing vulnerabilities detected

npm/@angular/cdk

^19.0.3

🟢 7.4

Details

Check	Score	Reason
Binary-Artifacts	🟢 10	no binaries found in the repo
Branch-Protection	🟢 6	branch protection is not maximal on development and all release branches
CI-Tests	🟢 10	29 out of 29 merged PRs checked by a CI test -- score normalized to 10
CII-Best-Practices	⚠️ 2	badge detected: in_progress
Code-Review	🟢 10	all changesets reviewed
Contributors	🟢 10	21 different organizations found -- score normalized to 10
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Dependency-Update-Tool	🟢 10	update tool detected
Fuzzing	⚠️ 0	project is not fuzzed
License	🟢 10	license file detected
Maintained	🟢 10	30 commit(s) out of 30 and 10 issue activity out of 30 found in the last 90 days -- score normalized to 10
Packaging	⚠️ -1	no published package detected
Pinned-Dependencies	🟢 10	all dependencies are pinned
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Security-Policy	🟢 10	security policy file detected
Signed-Releases	⚠️ -1	no releases found
Token-Permissions	🟢 8	detected GitHub workflow tokens with excessive permissions
Vulnerabilities	⚠️ 0	50 existing vulnerabilities detected

npm/@angular/common

^19.0.4

🟢 6.5

Details

Check	Score	Reason
Binary-Artifacts	🟢 10	no binaries found in the repo
Branch-Protection	🟢 6	branch protection is not maximal on development and all release branches
CI-Tests	🟢 10	1 out of 1 merged PRs checked by a CI test -- score normalized to 10
CII-Best-Practices	⚠️ 2	badge detected: InProgress
Code-Review	⚠️ 0	Found 0/30 approved changesets -- score normalized to 0
Contributors	🟢 10	project has 38 contributing companies or organizations
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Dependency-Update-Tool	🟢 10	update tool detected
Fuzzing	🟢 10	project is fuzzed
License	🟢 10	license file detected
Maintained	🟢 10	30 commit(s) and 19 issue activity found in the last 90 days -- score normalized to 10
Packaging	⚠️ -1	packaging workflow not detected
Pinned-Dependencies	🟢 10	all dependencies are pinned
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Security-Policy	🟢 10	security policy file detected
Signed-Releases	⚠️ -1	no releases found
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Vulnerabilities	⚠️ 0	68 existing vulnerabilities detected

npm/@angular/compiler

^19.0.4

🟢 6.5

Details

Check	Score	Reason
Binary-Artifacts	🟢 10	no binaries found in the repo
Branch-Protection	🟢 6	branch protection is not maximal on development and all release branches
CI-Tests	🟢 10	1 out of 1 merged PRs checked by a CI test -- score normalized to 10
CII-Best-Practices	⚠️ 2	badge detected: InProgress
Code-Review	⚠️ 0	Found 0/30 approved changesets -- score normalized to 0
Contributors	🟢 10	project has 38 contributing companies or organizations
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Dependency-Update-Tool	🟢 10	update tool detected
Fuzzing	🟢 10	project is fuzzed
License	🟢 10	license file detected
Maintained	🟢 10	30 commit(s) and 19 issue activity found in the last 90 days -- score normalized to 10
Packaging	⚠️ -1	packaging workflow not detected
Pinned-Dependencies	🟢 10	all dependencies are pinned
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Security-Policy	🟢 10	security policy file detected
Signed-Releases	⚠️ -1	no releases found
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Vulnerabilities	⚠️ 0	68 existing vulnerabilities detected

npm/@angular/core

^19.0.4

🟢 6.5

Details

Check	Score	Reason
Binary-Artifacts	🟢 10	no binaries found in the repo
Branch-Protection	🟢 6	branch protection is not maximal on development and all release branches
CI-Tests	🟢 10	1 out of 1 merged PRs checked by a CI test -- score normalized to 10
CII-Best-Practices	⚠️ 2	badge detected: InProgress
Code-Review	⚠️ 0	Found 0/30 approved changesets -- score normalized to 0
Contributors	🟢 10	project has 38 contributing companies or organizations
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Dependency-Update-Tool	🟢 10	update tool detected
Fuzzing	🟢 10	project is fuzzed
License	🟢 10	license file detected
Maintained	🟢 10	30 commit(s) and 19 issue activity found in the last 90 days -- score normalized to 10
Packaging	⚠️ -1	packaging workflow not detected
Pinned-Dependencies	🟢 10	all dependencies are pinned
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Security-Policy	🟢 10	security policy file detected
Signed-Releases	⚠️ -1	no releases found
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Vulnerabilities	⚠️ 0	68 existing vulnerabilities detected

npm/@angular/forms

^19.0.4

🟢 6.5

Details

Check	Score	Reason
Binary-Artifacts	🟢 10	no binaries found in the repo
Branch-Protection	🟢 6	branch protection is not maximal on development and all release branches
CI-Tests	🟢 10	1 out of 1 merged PRs checked by a CI test -- score normalized to 10
CII-Best-Practices	⚠️ 2	badge detected: InProgress
Code-Review	⚠️ 0	Found 0/30 approved changesets -- score normalized to 0
Contributors	🟢 10	project has 38 contributing companies or organizations
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Dependency-Update-Tool	🟢 10	update tool detected
Fuzzing	🟢 10	project is fuzzed
License	🟢 10	license file detected
Maintained	🟢 10	30 commit(s) and 19 issue activity found in the last 90 days -- score normalized to 10
Packaging	⚠️ -1	packaging workflow not detected
Pinned-Dependencies	🟢 10	all dependencies are pinned
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Security-Policy	🟢 10	security policy file detected
Signed-Releases	⚠️ -1	no releases found
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Vulnerabilities	⚠️ 0	68 existing vulnerabilities detected

npm/@angular/material

^19.0.3

🟢 7.4

Details

Check	Score	Reason
Binary-Artifacts	🟢 10	no binaries found in the repo
Branch-Protection	🟢 6	branch protection is not maximal on development and all release branches
CI-Tests	🟢 10	29 out of 29 merged PRs checked by a CI test -- score normalized to 10
CII-Best-Practices	⚠️ 2	badge detected: in_progress
Code-Review	🟢 10	all changesets reviewed
Contributors	🟢 10	21 different organizations found -- score normalized to 10
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Dependency-Update-Tool	🟢 10	update tool detected
Fuzzing	⚠️ 0	project is not fuzzed
License	🟢 10	license file detected
Maintained	🟢 10	30 commit(s) out of 30 and 10 issue activity out of 30 found in the last 90 days -- score normalized to 10
Packaging	⚠️ -1	no published package detected
Pinned-Dependencies	🟢 10	all dependencies are pinned
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Security-Policy	🟢 10	security policy file detected
Signed-Releases	⚠️ -1	no releases found
Token-Permissions	🟢 8	detected GitHub workflow tokens with excessive permissions
Vulnerabilities	⚠️ 0	50 existing vulnerabilities detected

npm/@angular/platform-browser

^19.0.4

🟢 6.5

Details

Check	Score	Reason
Binary-Artifacts	🟢 10	no binaries found in the repo
Branch-Protection	🟢 6	branch protection is not maximal on development and all release branches
CI-Tests	🟢 10	1 out of 1 merged PRs checked by a CI test -- score normalized to 10
CII-Best-Practices	⚠️ 2	badge detected: InProgress
Code-Review	⚠️ 0	Found 0/30 approved changesets -- score normalized to 0
Contributors	🟢 10	project has 38 contributing companies or organizations
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Dependency-Update-Tool	🟢 10	update tool detected
Fuzzing	🟢 10	project is fuzzed
License	🟢 10	license file detected
Maintained	🟢 10	30 commit(s) and 19 issue activity found in the last 90 days -- score normalized to 10
Packaging	⚠️ -1	packaging workflow not detected
Pinned-Dependencies	🟢 10	all dependencies are pinned
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Security-Policy	🟢 10	security policy file detected
Signed-Releases	⚠️ -1	no releases found
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Vulnerabilities	⚠️ 0	68 existing vulnerabilities detected

npm/@angular/platform-browser-dynamic

^19.0.4

🟢 6.5

Details

Check	Score	Reason
Binary-Artifacts	🟢 10	no binaries found in the repo
Branch-Protection	🟢 6	branch protection is not maximal on development and all release branches
CI-Tests	🟢 10	1 out of 1 merged PRs checked by a CI test -- score normalized to 10
CII-Best-Practices	⚠️ 2	badge detected: InProgress
Code-Review	⚠️ 0	Found 0/30 approved changesets -- score normalized to 0
Contributors	🟢 10	project has 38 contributing companies or organizations
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Dependency-Update-Tool	🟢 10	update tool detected
Fuzzing	🟢 10	project is fuzzed
License	🟢 10	license file detected
Maintained	🟢 10	30 commit(s) and 19 issue activity found in the last 90 days -- score normalized to 10
Packaging	⚠️ -1	packaging workflow not detected
Pinned-Dependencies	🟢 10	all dependencies are pinned
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Security-Policy	🟢 10	security policy file detected
Signed-Releases	⚠️ -1	no releases found
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Vulnerabilities	⚠️ 0	68 existing vulnerabilities detected

npm/@angular/router

^19.0.4

🟢 6.5

Details

Check	Score	Reason
Binary-Artifacts	🟢 10	no binaries found in the repo
Branch-Protection	🟢 6	branch protection is not maximal on development and all release branches
CI-Tests	🟢 10	1 out of 1 merged PRs checked by a CI test -- score normalized to 10
CII-Best-Practices	⚠️ 2	badge detected: InProgress
Code-Review	⚠️ 0	Found 0/30 approved changesets -- score normalized to 0
Contributors	🟢 10	project has 38 contributing companies or organizations
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Dependency-Update-Tool	🟢 10	update tool detected
Fuzzing	🟢 10	project is fuzzed
License	🟢 10	license file detected
Maintained	🟢 10	30 commit(s) and 19 issue activity found in the last 90 days -- score normalized to 10
Packaging	⚠️ -1	packaging workflow not detected
Pinned-Dependencies	🟢 10	all dependencies are pinned
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Security-Policy	🟢 10	security policy file detected
Signed-Releases	⚠️ -1	no releases found
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Vulnerabilities	⚠️ 0	68 existing vulnerabilities detected

npm/@octokit/types

^13.6.2

🟢 7.3

Details

Check	Score	Reason
Maintained	🟢 9	9 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 9
Binary-Artifacts	🟢 10	no binaries found in the repo
Code-Review	🟢 10	all changesets reviewed
Security-Policy	🟢 9	security policy file detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Pinned-Dependencies	🟢 3	dependency not pinned by hash detected -- score normalized to 3
License	🟢 10	license file detected
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Signed-Releases	⚠️ -1	no releases found
Fuzzing	⚠️ 0	project is not fuzzed
Packaging	🟢 10	packaging workflow detected
SAST	🟢 10	SAST tool is run on all commits
Vulnerabilities	🟢 8	2 existing vulnerabilities detected

npm/cronstrue

^2.52.0

🟢 3.6

Details

Check	Score	Reason
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Code-Review	⚠️ 2	Found 8/28 approved changesets -- score normalized to 2
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Maintained	🟢 5	4 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 5
Packaging	⚠️ -1	packaging workflow not detected
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Binary-Artifacts	🟢 10	no binaries found in the repo
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
License	🟢 10	license file detected
Security-Policy	⚠️ 0	security policy file not detected
Fuzzing	⚠️ 0	project is not fuzzed
Signed-Releases	⚠️ 0	Project has not signed or included provenance with any releases.
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities	🟢 5	5 existing vulnerabilities detected

npm/highcharts

^12.0.2

🟢 3.3

Details

Check	Score	Reason
Maintained	🟢 5	6 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 5
Packaging	⚠️ -1	packaging workflow not detected
Code-Review	⚠️ 0	Found 1/28 approved changesets -- score normalized to 0
Token-Permissions	⚠️ -1	No tokens found
Dangerous-Workflow	⚠️ -1	no workflows found
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Security-Policy	⚠️ 0	security policy file not detected
Vulnerabilities	🟢 10	0 existing vulnerabilities detected
Signed-Releases	⚠️ -1	no releases found
License	⚠️ 0	license file not detected
Branch-Protection	⚠️ 0	branch protection not enabled on development/release branches
Binary-Artifacts	🟢 10	no binaries found in the repo
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Pinned-Dependencies	⚠️ -1	no dependencies found
Fuzzing	⚠️ 0	project is not fuzzed

Scanned Files

frontend/package-lock.json
frontend/package.json

dependabot · 2024-12-23T20:57:34Z

Superseded by #97.

dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Dec 16, 2024

dependabot bot closed this Dec 23, 2024

dependabot bot deleted the dependabot/npm_and_yarn/frontend/production-dependencies-61b26cb21f branch December 23, 2024 20:57

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Bump the production-dependencies group across 1 directory with 13 updates#93

Bump the production-dependencies group across 1 directory with 13 updates#93
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/frontend/production-dependencies-61b26cb21f

dependabot bot commented on behalf of github Dec 16, 2024 •

edited

Loading

Uh oh!

github-actions bot commented Dec 16, 2024

Uh oh!

dependabot bot commented on behalf of github Dec 23, 2024

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Commit	Description
	consider pre-release versions when detecting feature support (#59061)
	error in unused standalone imports diagnostic (#59064)

Commit	Description
	class content being deleted in some edge cases (#58959)
	correctly strip away parameters surrounded by comments in inject migration (#58959)
	don't migrate classes with parameters that can't be injected (#58959)
	inject migration aggressively removing imports (#58959)
	inject migration dropping code if everything except super is removed (#58959)
	preserve type literals and tuples in inject migrations (#58959)

Commit	Type	Description
7e612171709	fix	consider pre-release versions when detecting feature support (#59061)
cd764a31152	fix	error in unused standalone imports diagnostic (#59064)

Commit	Type	Description
e894a5daea	feat	set kind field on template and effect nodes (#58865)
3b765367f3	fix	Explicitly manage TracingSnapshot lifecycle and dispose of it once it's been used. (#58929)

Commit	Type	Description
e31e52e177	fix	class content being deleted in some edge cases (#58959)
508d3a1b3b	fix	correctly strip away parameters surrounded by comments in inject migration (#58959)
7191aa6e09	fix	don't migrate classes with parameters that can't be injected (#58959)
a4924af6d5	fix	inject migration aggressively removing imports (#58959)
35165d152d	fix	inject migration dropping code if everything except super is removed (#58959)
68e5ba7a3a	fix	preserve type literals and tuples in inject migrations (#58959)

Commit	Description
	expansion: switch away from animations module (#30119)
	menu: decouple menu lifecycle from animations (#30148)
	paginator: ignore clicks on disabled buttons (#30138)
	select: add opt-in input that allows selection of nullable options (#30142)
	timepicker: deserialize ControlValueAccessor values correctly (#30149)
	timepicker: disable toggle if timepicker is disabled (#30137)

Commit	Description
	button-toggle: unable to tab into ngModel-based group on first render (#30103)
	core: optgroup label color not inferred correctly (#30085)
	schematics: avoid parsing stylesheets that don't include Material
	schematics: error if stylesheet contains syntax errors
	sort: simplify animations (#30057)
	tabs: ink bar not showing when same tab is re-selected (#30121)

Commit	Description
	accordion: improve accessibility in example code (#30087)
	menu: disable flexible dimensions (#30086)

Commit	Description
	button-toggle: animate checkbox (#30025)
	chips: emit state changes when chip grid is disabled (#30033)
	datepicker: adds comparison ids and aria-describedby spans (#30040)
	slider: update documentation (#30029)
	timepicker: make disabled input public (#30063)

Commit	Type	Description
7b64c451e6	fix	expansion: switch away from animations module (#30119)
d18c3395d8	fix	menu: decouple menu lifecycle from animations (#30148)
3ea8cf5c31	fix	paginator: ignore clicks on disabled buttons (#30138)
fbaf286f9c	fix	select: add opt-in input that allows selection of nullable options (#30142)
600a8b04f9	fix	timepicker: deserialize ControlValueAccessor values correctly (#30149)
4b69162998	fix	timepicker: disable toggle if timepicker is disabled (#30137)

Commit	Type	Description
de6c491892	fix	accordion: improve accessibility in example code (#30087)
85d26391e4	fix	menu: disable flexible dimensions (#30086)

Commit	Type	Description
f0a767ca0f	fix	button-toggle: unable to tab into ngModel-based group on first render (#30103)
6962c85837	fix	core: optgroup label color not inferred correctly (#30085)
4ef3baaf08	fix	schematics: avoid parsing stylesheets that don't include Material
c89192639c	fix	schematics: error if stylesheet contains syntax errors
a08eeebf6b	fix	sort: simplify animations (#30057)
a028b5d842	fix	tabs: ink bar not showing when same tab is re-selected (#30121)

Commit	Type	Description
460f971b27	fix	accordion: improve accessibility in example code (#30087)
6306a12c12	fix	menu: disable flexible dimensions (#30086)

Uh oh!

Conversation

dependabot bot commented on behalf of github Dec 16, 2024 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

v19.0.4

19.0.4 (2024-12-12)

compiler-cli

core

platform-browser

v19.0.3

19.0.3 (2024-12-04)

v19.0.2

19.0.2 (2024-12-04)

compiler-cli

core

migrations

platform-server

v19.0.1

19.0.1 (2024-11-26)

compiler-cli

19.0.4 (2024-12-12)

compiler-cli

core

platform-browser

19.1.0-next.2 (2024-12-04)

19.0.3 (2024-12-04)

19.1.0-next.1 (2024-12-04)

compiler-cli

core

migrations

platform-server

v19.0.3

19.0.3 "polonium-popsicle" (2024-12-11)

material

v19.0.2

19.0.2 "plastic-rhino" (2024-12-04)

youtube-player

material

cdk

v19.0.1

19.0.1 "mercury-mailbox" (2024-11-27)

material

docs

19.0.3 "polonium-popsicle" (2024-12-11)

material

19.1.0-next.1 "plastic-monkey" (2024-12-04)

cdk

material

youtube-player

docs

19.0.2 "plastic-rhino" (2024-12-04)

cdk

material

v19.0.4

19.0.4 (2024-12-12)

compiler-cli

core

platform-browser

v19.0.3

19.0.3 (2024-12-04)

v19.0.2

19.0.2 (2024-12-04)

compiler-cli

core

migrations

platform-server

v19.0.1

19.0.1 (2024-11-26)

compiler-cli

19.0.4 (2024-12-12)

compiler-cli

core

platform-browser

19.1.0-next.2 (2024-12-04)

19.0.3 (2024-12-04)

19.1.0-next.1 (2024-12-04)

compiler-cli

core

migrations

platform-server

dependabot bot commented on behalf of github Dec 16, 2024 •

edited

Loading