Bump the production-dependencies group across 1 directory with 14 updates #133

dependabot · 2025-02-06T20:51:15Z

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

github-actions · 2025-02-06T20:51:30Z

Dependency Review

The following issues were found:

✅ 0 vulnerable package(s)
✅ 0 package(s) with incompatible licenses
✅ 0 package(s) with invalid SPDX license definitions
⚠️ 1 package(s) with unknown licenses.

See the Details below.

License Issues

frontend/package.json

Package	Version	License	Issue Type
highcharts	^12.1.2	Null	Unknown License

OpenSSF Scorecard

Scorecard details

Package

Version

Score

Details

npm/@angular/animations

19.1.5

🟢 6.5

Details

Check	Score	Reason
Binary-Artifacts	🟢 10	no binaries found in the repo
Branch-Protection	🟢 6	branch protection is not maximal on development and all release branches
CI-Tests	🟢 10	2 out of 2 merged PRs checked by a CI test -- score normalized to 10
CII-Best-Practices	⚠️ 2	badge detected: InProgress
Code-Review	⚠️ 0	Found 0/30 approved changesets -- score normalized to 0
Contributors	🟢 10	project has 38 contributing companies or organizations
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Dependency-Update-Tool	🟢 10	update tool detected
Fuzzing	🟢 10	project is fuzzed
License	🟢 10	license file detected
Maintained	🟢 10	30 commit(s) and 16 issue activity found in the last 90 days -- score normalized to 10
Packaging	⚠️ -1	packaging workflow not detected
Pinned-Dependencies	🟢 10	all dependencies are pinned
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Security-Policy	🟢 10	security policy file detected
Signed-Releases	⚠️ -1	no releases found
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Vulnerabilities	⚠️ 0	72 existing vulnerabilities detected

npm/@angular/cdk

19.1.3

🟢 7.4

Details

Check	Score	Reason
Binary-Artifacts	🟢 10	no binaries found in the repo
Branch-Protection	🟢 6	branch protection is not maximal on development and all release branches
CI-Tests	🟢 10	18 out of 18 merged PRs checked by a CI test -- score normalized to 10
CII-Best-Practices	⚠️ 2	badge detected: in_progress
Code-Review	🟢 10	all changesets reviewed
Contributors	🟢 10	23 different organizations found -- score normalized to 10
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Dependency-Update-Tool	🟢 10	update tool detected
Fuzzing	⚠️ 0	project is not fuzzed
License	🟢 10	license file detected
Maintained	🟢 10	30 commit(s) out of 30 and 6 issue activity out of 30 found in the last 90 days -- score normalized to 10
Packaging	⚠️ -1	no published package detected
Pinned-Dependencies	🟢 10	all dependencies are pinned
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Security-Policy	🟢 10	security policy file detected
Signed-Releases	⚠️ -1	no releases found
Token-Permissions	🟢 8	detected GitHub workflow tokens with excessive permissions
Vulnerabilities	⚠️ 0	58 existing vulnerabilities detected

npm/@angular/common

19.1.5

🟢 6.5

Details

Check	Score	Reason
Binary-Artifacts	🟢 10	no binaries found in the repo
Branch-Protection	🟢 6	branch protection is not maximal on development and all release branches
CI-Tests	🟢 10	2 out of 2 merged PRs checked by a CI test -- score normalized to 10
CII-Best-Practices	⚠️ 2	badge detected: InProgress
Code-Review	⚠️ 0	Found 0/30 approved changesets -- score normalized to 0
Contributors	🟢 10	project has 38 contributing companies or organizations
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Dependency-Update-Tool	🟢 10	update tool detected
Fuzzing	🟢 10	project is fuzzed
License	🟢 10	license file detected
Maintained	🟢 10	30 commit(s) and 16 issue activity found in the last 90 days -- score normalized to 10
Packaging	⚠️ -1	packaging workflow not detected
Pinned-Dependencies	🟢 10	all dependencies are pinned
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Security-Policy	🟢 10	security policy file detected
Signed-Releases	⚠️ -1	no releases found
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Vulnerabilities	⚠️ 0	72 existing vulnerabilities detected

npm/@angular/compiler

19.1.5

🟢 6.5

Details

Check	Score	Reason
Binary-Artifacts	🟢 10	no binaries found in the repo
Branch-Protection	🟢 6	branch protection is not maximal on development and all release branches
CI-Tests	🟢 10	2 out of 2 merged PRs checked by a CI test -- score normalized to 10
CII-Best-Practices	⚠️ 2	badge detected: InProgress
Code-Review	⚠️ 0	Found 0/30 approved changesets -- score normalized to 0
Contributors	🟢 10	project has 38 contributing companies or organizations
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Dependency-Update-Tool	🟢 10	update tool detected
Fuzzing	🟢 10	project is fuzzed
License	🟢 10	license file detected
Maintained	🟢 10	30 commit(s) and 16 issue activity found in the last 90 days -- score normalized to 10
Packaging	⚠️ -1	packaging workflow not detected
Pinned-Dependencies	🟢 10	all dependencies are pinned
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Security-Policy	🟢 10	security policy file detected
Signed-Releases	⚠️ -1	no releases found
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Vulnerabilities	⚠️ 0	72 existing vulnerabilities detected

npm/@angular/core

19.1.5

🟢 6.5

Details

Check	Score	Reason
Binary-Artifacts	🟢 10	no binaries found in the repo
Branch-Protection	🟢 6	branch protection is not maximal on development and all release branches
CI-Tests	🟢 10	2 out of 2 merged PRs checked by a CI test -- score normalized to 10
CII-Best-Practices	⚠️ 2	badge detected: InProgress
Code-Review	⚠️ 0	Found 0/30 approved changesets -- score normalized to 0
Contributors	🟢 10	project has 38 contributing companies or organizations
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Dependency-Update-Tool	🟢 10	update tool detected
Fuzzing	🟢 10	project is fuzzed
License	🟢 10	license file detected
Maintained	🟢 10	30 commit(s) and 16 issue activity found in the last 90 days -- score normalized to 10
Packaging	⚠️ -1	packaging workflow not detected
Pinned-Dependencies	🟢 10	all dependencies are pinned
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Security-Policy	🟢 10	security policy file detected
Signed-Releases	⚠️ -1	no releases found
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Vulnerabilities	⚠️ 0	72 existing vulnerabilities detected

npm/@angular/forms

19.1.5

🟢 6.5

Details

Check	Score	Reason
Binary-Artifacts	🟢 10	no binaries found in the repo
Branch-Protection	🟢 6	branch protection is not maximal on development and all release branches
CI-Tests	🟢 10	2 out of 2 merged PRs checked by a CI test -- score normalized to 10
CII-Best-Practices	⚠️ 2	badge detected: InProgress
Code-Review	⚠️ 0	Found 0/30 approved changesets -- score normalized to 0
Contributors	🟢 10	project has 38 contributing companies or organizations
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Dependency-Update-Tool	🟢 10	update tool detected
Fuzzing	🟢 10	project is fuzzed
License	🟢 10	license file detected
Maintained	🟢 10	30 commit(s) and 16 issue activity found in the last 90 days -- score normalized to 10
Packaging	⚠️ -1	packaging workflow not detected
Pinned-Dependencies	🟢 10	all dependencies are pinned
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Security-Policy	🟢 10	security policy file detected
Signed-Releases	⚠️ -1	no releases found
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Vulnerabilities	⚠️ 0	72 existing vulnerabilities detected

npm/@angular/material

19.1.3

🟢 7.4

Details

Check	Score	Reason
Binary-Artifacts	🟢 10	no binaries found in the repo
Branch-Protection	🟢 6	branch protection is not maximal on development and all release branches
CI-Tests	🟢 10	18 out of 18 merged PRs checked by a CI test -- score normalized to 10
CII-Best-Practices	⚠️ 2	badge detected: in_progress
Code-Review	🟢 10	all changesets reviewed
Contributors	🟢 10	23 different organizations found -- score normalized to 10
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Dependency-Update-Tool	🟢 10	update tool detected
Fuzzing	⚠️ 0	project is not fuzzed
License	🟢 10	license file detected
Maintained	🟢 10	30 commit(s) out of 30 and 6 issue activity out of 30 found in the last 90 days -- score normalized to 10
Packaging	⚠️ -1	no published package detected
Pinned-Dependencies	🟢 10	all dependencies are pinned
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Security-Policy	🟢 10	security policy file detected
Signed-Releases	⚠️ -1	no releases found
Token-Permissions	🟢 8	detected GitHub workflow tokens with excessive permissions
Vulnerabilities	⚠️ 0	58 existing vulnerabilities detected

npm/@angular/platform-browser

19.1.5

🟢 6.5

Details

Check	Score	Reason
Binary-Artifacts	🟢 10	no binaries found in the repo
Branch-Protection	🟢 6	branch protection is not maximal on development and all release branches
CI-Tests	🟢 10	2 out of 2 merged PRs checked by a CI test -- score normalized to 10
CII-Best-Practices	⚠️ 2	badge detected: InProgress
Code-Review	⚠️ 0	Found 0/30 approved changesets -- score normalized to 0
Contributors	🟢 10	project has 38 contributing companies or organizations
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Dependency-Update-Tool	🟢 10	update tool detected
Fuzzing	🟢 10	project is fuzzed
License	🟢 10	license file detected
Maintained	🟢 10	30 commit(s) and 16 issue activity found in the last 90 days -- score normalized to 10
Packaging	⚠️ -1	packaging workflow not detected
Pinned-Dependencies	🟢 10	all dependencies are pinned
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Security-Policy	🟢 10	security policy file detected
Signed-Releases	⚠️ -1	no releases found
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Vulnerabilities	⚠️ 0	72 existing vulnerabilities detected

npm/@angular/platform-browser-dynamic

19.1.5

🟢 6.5

Details

Check	Score	Reason
Binary-Artifacts	🟢 10	no binaries found in the repo
Branch-Protection	🟢 6	branch protection is not maximal on development and all release branches
CI-Tests	🟢 10	2 out of 2 merged PRs checked by a CI test -- score normalized to 10
CII-Best-Practices	⚠️ 2	badge detected: InProgress
Code-Review	⚠️ 0	Found 0/30 approved changesets -- score normalized to 0
Contributors	🟢 10	project has 38 contributing companies or organizations
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Dependency-Update-Tool	🟢 10	update tool detected
Fuzzing	🟢 10	project is fuzzed
License	🟢 10	license file detected
Maintained	🟢 10	30 commit(s) and 16 issue activity found in the last 90 days -- score normalized to 10
Packaging	⚠️ -1	packaging workflow not detected
Pinned-Dependencies	🟢 10	all dependencies are pinned
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Security-Policy	🟢 10	security policy file detected
Signed-Releases	⚠️ -1	no releases found
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Vulnerabilities	⚠️ 0	72 existing vulnerabilities detected

npm/@angular/router

19.1.5

🟢 6.5

Details

Check	Score	Reason
Binary-Artifacts	🟢 10	no binaries found in the repo
Branch-Protection	🟢 6	branch protection is not maximal on development and all release branches
CI-Tests	🟢 10	2 out of 2 merged PRs checked by a CI test -- score normalized to 10
CII-Best-Practices	⚠️ 2	badge detected: InProgress
Code-Review	⚠️ 0	Found 0/30 approved changesets -- score normalized to 0
Contributors	🟢 10	project has 38 contributing companies or organizations
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Dependency-Update-Tool	🟢 10	update tool detected
Fuzzing	🟢 10	project is fuzzed
License	🟢 10	license file detected
Maintained	🟢 10	30 commit(s) and 16 issue activity found in the last 90 days -- score normalized to 10
Packaging	⚠️ -1	packaging workflow not detected
Pinned-Dependencies	🟢 10	all dependencies are pinned
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Security-Policy	🟢 10	security policy file detected
Signed-Releases	⚠️ -1	no releases found
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Vulnerabilities	⚠️ 0	72 existing vulnerabilities detected

npm/@octokit/openapi-types

23.0.1

🟢 7.1

Details

Check	Score	Reason
Binary-Artifacts	🟢 10	no binaries found in the repo
Maintained	🟢 8	9 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 8
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Security-Policy	🟢 9	security policy file detected
Code-Review	🟢 8	Found 6/7 approved changesets -- score normalized to 8
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Fuzzing	⚠️ 0	project is not fuzzed
License	🟢 10	license file detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Signed-Releases	⚠️ -1	no releases found
Vulnerabilities	🟢 10	0 existing vulnerabilities detected
Packaging	🟢 10	packaging workflow detected
Pinned-Dependencies	🟢 3	dependency not pinned by hash detected -- score normalized to 3
SAST	🟢 9	SAST tool detected but not run on all commits

npm/@octokit/types

13.8.0

🟢 7

Details

Check	Score	Reason
Maintained	🟢 6	6 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 6
Binary-Artifacts	🟢 10	no binaries found in the repo
Security-Policy	🟢 9	security policy file detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Code-Review	🟢 10	all changesets reviewed
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Pinned-Dependencies	🟢 3	dependency not pinned by hash detected -- score normalized to 3
Fuzzing	⚠️ 0	project is not fuzzed
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Packaging	🟢 10	packaging workflow detected
SAST	🟢 10	SAST tool is run on all commits
Vulnerabilities	🟢 8	2 existing vulnerabilities detected

npm/cronstrue

2.54.0

🟢 4.1

Details

Check	Score	Reason
Code-Review	🟢 3	Found 9/28 approved changesets -- score normalized to 3
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Maintained	🟢 9	8 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 9
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Security-Policy	⚠️ 0	security policy file not detected
Binary-Artifacts	🟢 10	no binaries found in the repo
Packaging	⚠️ -1	packaging workflow not detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
License	🟢 10	license file detected
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Fuzzing	⚠️ 0	project is not fuzzed
Signed-Releases	⚠️ 0	Project has not signed or included provenance with any releases.
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities	🟢 5	5 existing vulnerabilities detected

npm/highcharts

12.1.2

🟢 3.5

Details

Check	Score	Reason
Packaging	⚠️ -1	packaging workflow not detected
Dangerous-Workflow	⚠️ -1	no workflows found
Maintained	🟢 7	9 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 7
Token-Permissions	⚠️ -1	No tokens found
Code-Review	⚠️ 0	Found 1/28 approved changesets -- score normalized to 0
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Security-Policy	⚠️ 0	security policy file not detected
License	⚠️ 0	license file not detected
Vulnerabilities	🟢 10	0 existing vulnerabilities detected
Signed-Releases	⚠️ -1	no releases found
Binary-Artifacts	🟢 10	no binaries found in the repo
Branch-Protection	⚠️ 0	branch protection not enabled on development/release branches
Pinned-Dependencies	⚠️ -1	no dependencies found
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Fuzzing	⚠️ 0	project is not fuzzed

npm/ng2-charts

8.0.0

🟢 4

Details

Check	Score	Reason
Code-Review	⚠️ 0	Found 1/16 approved changesets -- score normalized to 0
Maintained	🟢 10	14 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
Packaging	⚠️ -1	packaging workflow not detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Binary-Artifacts	🟢 10	no binaries found in the repo
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Pinned-Dependencies	⚠️ 2	dependency not pinned by hash detected -- score normalized to 2
Fuzzing	⚠️ 0	project is not fuzzed
License	🟢 10	license file detected
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Signed-Releases	⚠️ 0	Project has not signed or included provenance with any releases.
Security-Policy	⚠️ 0	security policy file not detected
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities	🟢 5	5 existing vulnerabilities detected

npm/@angular/animations

^19.1.5

🟢 6.5

Details

Check	Score	Reason
Binary-Artifacts	🟢 10	no binaries found in the repo
Branch-Protection	🟢 6	branch protection is not maximal on development and all release branches
CI-Tests	🟢 10	2 out of 2 merged PRs checked by a CI test -- score normalized to 10
CII-Best-Practices	⚠️ 2	badge detected: InProgress
Code-Review	⚠️ 0	Found 0/30 approved changesets -- score normalized to 0
Contributors	🟢 10	project has 38 contributing companies or organizations
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Dependency-Update-Tool	🟢 10	update tool detected
Fuzzing	🟢 10	project is fuzzed
License	🟢 10	license file detected
Maintained	🟢 10	30 commit(s) and 16 issue activity found in the last 90 days -- score normalized to 10
Packaging	⚠️ -1	packaging workflow not detected
Pinned-Dependencies	🟢 10	all dependencies are pinned
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Security-Policy	🟢 10	security policy file detected
Signed-Releases	⚠️ -1	no releases found
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Vulnerabilities	⚠️ 0	72 existing vulnerabilities detected

npm/@angular/cdk

^19.1.3

🟢 7.4

Details

Check	Score	Reason
Binary-Artifacts	🟢 10	no binaries found in the repo
Branch-Protection	🟢 6	branch protection is not maximal on development and all release branches
CI-Tests	🟢 10	18 out of 18 merged PRs checked by a CI test -- score normalized to 10
CII-Best-Practices	⚠️ 2	badge detected: in_progress
Code-Review	🟢 10	all changesets reviewed
Contributors	🟢 10	23 different organizations found -- score normalized to 10
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Dependency-Update-Tool	🟢 10	update tool detected
Fuzzing	⚠️ 0	project is not fuzzed
License	🟢 10	license file detected
Maintained	🟢 10	30 commit(s) out of 30 and 6 issue activity out of 30 found in the last 90 days -- score normalized to 10
Packaging	⚠️ -1	no published package detected
Pinned-Dependencies	🟢 10	all dependencies are pinned
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Security-Policy	🟢 10	security policy file detected
Signed-Releases	⚠️ -1	no releases found
Token-Permissions	🟢 8	detected GitHub workflow tokens with excessive permissions
Vulnerabilities	⚠️ 0	58 existing vulnerabilities detected

npm/@angular/common

^19.1.5

🟢 6.5

Details

Check	Score	Reason
Binary-Artifacts	🟢 10	no binaries found in the repo
Branch-Protection	🟢 6	branch protection is not maximal on development and all release branches
CI-Tests	🟢 10	2 out of 2 merged PRs checked by a CI test -- score normalized to 10
CII-Best-Practices	⚠️ 2	badge detected: InProgress
Code-Review	⚠️ 0	Found 0/30 approved changesets -- score normalized to 0
Contributors	🟢 10	project has 38 contributing companies or organizations
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Dependency-Update-Tool	🟢 10	update tool detected
Fuzzing	🟢 10	project is fuzzed
License	🟢 10	license file detected
Maintained	🟢 10	30 commit(s) and 16 issue activity found in the last 90 days -- score normalized to 10
Packaging	⚠️ -1	packaging workflow not detected
Pinned-Dependencies	🟢 10	all dependencies are pinned
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Security-Policy	🟢 10	security policy file detected
Signed-Releases	⚠️ -1	no releases found
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Vulnerabilities	⚠️ 0	72 existing vulnerabilities detected

npm/@angular/compiler

^19.1.5

🟢 6.5

Details

Check	Score	Reason
Binary-Artifacts	🟢 10	no binaries found in the repo
Branch-Protection	🟢 6	branch protection is not maximal on development and all release branches
CI-Tests	🟢 10	2 out of 2 merged PRs checked by a CI test -- score normalized to 10
CII-Best-Practices	⚠️ 2	badge detected: InProgress
Code-Review	⚠️ 0	Found 0/30 approved changesets -- score normalized to 0
Contributors	🟢 10	project has 38 contributing companies or organizations
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Dependency-Update-Tool	🟢 10	update tool detected
Fuzzing	🟢 10	project is fuzzed
License	🟢 10	license file detected
Maintained	🟢 10	30 commit(s) and 16 issue activity found in the last 90 days -- score normalized to 10
Packaging	⚠️ -1	packaging workflow not detected
Pinned-Dependencies	🟢 10	all dependencies are pinned
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Security-Policy	🟢 10	security policy file detected
Signed-Releases	⚠️ -1	no releases found
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Vulnerabilities	⚠️ 0	72 existing vulnerabilities detected

npm/@angular/core

^19.1.5

🟢 6.5

Details

Check	Score	Reason
Binary-Artifacts	🟢 10	no binaries found in the repo
Branch-Protection	🟢 6	branch protection is not maximal on development and all release branches
CI-Tests	🟢 10	2 out of 2 merged PRs checked by a CI test -- score normalized to 10
CII-Best-Practices	⚠️ 2	badge detected: InProgress
Code-Review	⚠️ 0	Found 0/30 approved changesets -- score normalized to 0
Contributors	🟢 10	project has 38 contributing companies or organizations
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Dependency-Update-Tool	🟢 10	update tool detected
Fuzzing	🟢 10	project is fuzzed
License	🟢 10	license file detected
Maintained	🟢 10	30 commit(s) and 16 issue activity found in the last 90 days -- score normalized to 10
Packaging	⚠️ -1	packaging workflow not detected
Pinned-Dependencies	🟢 10	all dependencies are pinned
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Security-Policy	🟢 10	security policy file detected
Signed-Releases	⚠️ -1	no releases found
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Vulnerabilities	⚠️ 0	72 existing vulnerabilities detected

npm/@angular/forms

^19.1.5

🟢 6.5

Details

Check	Score	Reason
Binary-Artifacts	🟢 10	no binaries found in the repo
Branch-Protection	🟢 6	branch protection is not maximal on development and all release branches
CI-Tests	🟢 10	2 out of 2 merged PRs checked by a CI test -- score normalized to 10
CII-Best-Practices	⚠️ 2	badge detected: InProgress
Code-Review	⚠️ 0	Found 0/30 approved changesets -- score normalized to 0
Contributors	🟢 10	project has 38 contributing companies or organizations
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Dependency-Update-Tool	🟢 10	update tool detected
Fuzzing	🟢 10	project is fuzzed
License	🟢 10	license file detected
Maintained	🟢 10	30 commit(s) and 16 issue activity found in the last 90 days -- score normalized to 10
Packaging	⚠️ -1	packaging workflow not detected
Pinned-Dependencies	🟢 10	all dependencies are pinned
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Security-Policy	🟢 10	security policy file detected
Signed-Releases	⚠️ -1	no releases found
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Vulnerabilities	⚠️ 0	72 existing vulnerabilities detected

npm/@angular/material

^19.1.3

🟢 7.4

Details

Check	Score	Reason
Binary-Artifacts	🟢 10	no binaries found in the repo
Branch-Protection	🟢 6	branch protection is not maximal on development and all release branches
CI-Tests	🟢 10	18 out of 18 merged PRs checked by a CI test -- score normalized to 10
CII-Best-Practices	⚠️ 2	badge detected: in_progress
Code-Review	🟢 10	all changesets reviewed
Contributors	🟢 10	23 different organizations found -- score normalized to 10
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Dependency-Update-Tool	🟢 10	update tool detected
Fuzzing	⚠️ 0	project is not fuzzed
License	🟢 10	license file detected
Maintained	🟢 10	30 commit(s) out of 30 and 6 issue activity out of 30 found in the last 90 days -- score normalized to 10
Packaging	⚠️ -1	no published package detected
Pinned-Dependencies	🟢 10	all dependencies are pinned
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Security-Policy	🟢 10	security policy file detected
Signed-Releases	⚠️ -1	no releases found
Token-Permissions	🟢 8	detected GitHub workflow tokens with excessive permissions
Vulnerabilities	⚠️ 0	58 existing vulnerabilities detected

npm/@angular/platform-browser

^19.1.5

🟢 6.5

Details

Check	Score	Reason
Binary-Artifacts	🟢 10	no binaries found in the repo
Branch-Protection	🟢 6	branch protection is not maximal on development and all release branches
CI-Tests	🟢 10	2 out of 2 merged PRs checked by a CI test -- score normalized to 10
CII-Best-Practices	⚠️ 2	badge detected: InProgress
Code-Review	⚠️ 0	Found 0/30 approved changesets -- score normalized to 0
Contributors	🟢 10	project has 38 contributing companies or organizations
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Dependency-Update-Tool	🟢 10	update tool detected
Fuzzing	🟢 10	project is fuzzed
License	🟢 10	license file detected
Maintained	🟢 10	30 commit(s) and 16 issue activity found in the last 90 days -- score normalized to 10
Packaging	⚠️ -1	packaging workflow not detected
Pinned-Dependencies	🟢 10	all dependencies are pinned
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Security-Policy	🟢 10	security policy file detected
Signed-Releases	⚠️ -1	no releases found
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Vulnerabilities	⚠️ 0	72 existing vulnerabilities detected

npm/@angular/platform-browser-dynamic

^19.1.5

🟢 6.5

Details

Check	Score	Reason
Binary-Artifacts	🟢 10	no binaries found in the repo
Branch-Protection	🟢 6	branch protection is not maximal on development and all release branches
CI-Tests	🟢 10	2 out of 2 merged PRs checked by a CI test -- score normalized to 10
CII-Best-Practices	⚠️ 2	badge detected: InProgress
Code-Review	⚠️ 0	Found 0/30 approved changesets -- score normalized to 0
Contributors	🟢 10	project has 38 contributing companies or organizations
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Dependency-Update-Tool	🟢 10	update tool detected
Fuzzing	🟢 10	project is fuzzed
License	🟢 10	license file detected
Maintained	🟢 10	30 commit(s) and 16 issue activity found in the last 90 days -- score normalized to 10
Packaging	⚠️ -1	packaging workflow not detected
Pinned-Dependencies	🟢 10	all dependencies are pinned
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Security-Policy	🟢 10	security policy file detected
Signed-Releases	⚠️ -1	no releases found
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Vulnerabilities	⚠️ 0	72 existing vulnerabilities detected

npm/@angular/router

^19.1.5

🟢 6.5

Details

Check	Score	Reason
Binary-Artifacts	🟢 10	no binaries found in the repo
Branch-Protection	🟢 6	branch protection is not maximal on development and all release branches
CI-Tests	🟢 10	2 out of 2 merged PRs checked by a CI test -- score normalized to 10
CII-Best-Practices	⚠️ 2	badge detected: InProgress
Code-Review	⚠️ 0	Found 0/30 approved changesets -- score normalized to 0
Contributors	🟢 10	project has 38 contributing companies or organizations
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Dependency-Update-Tool	🟢 10	update tool detected
Fuzzing	🟢 10	project is fuzzed
License	🟢 10	license file detected
Maintained	🟢 10	30 commit(s) and 16 issue activity found in the last 90 days -- score normalized to 10
Packaging	⚠️ -1	packaging workflow not detected
Pinned-Dependencies	🟢 10	all dependencies are pinned
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Security-Policy	🟢 10	security policy file detected
Signed-Releases	⚠️ -1	no releases found
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Vulnerabilities	⚠️ 0	72 existing vulnerabilities detected

npm/@octokit/types

^13.8.0

🟢 7

Details

Check	Score	Reason
Maintained	🟢 6	6 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 6
Binary-Artifacts	🟢 10	no binaries found in the repo
Security-Policy	🟢 9	security policy file detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Code-Review	🟢 10	all changesets reviewed
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Pinned-Dependencies	🟢 3	dependency not pinned by hash detected -- score normalized to 3
Fuzzing	⚠️ 0	project is not fuzzed
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Packaging	🟢 10	packaging workflow detected
SAST	🟢 10	SAST tool is run on all commits
Vulnerabilities	🟢 8	2 existing vulnerabilities detected

npm/cronstrue

^2.54.0

🟢 4.1

Details

Check	Score	Reason
Code-Review	🟢 3	Found 9/28 approved changesets -- score normalized to 3
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Maintained	🟢 9	8 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 9
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Security-Policy	⚠️ 0	security policy file not detected
Binary-Artifacts	🟢 10	no binaries found in the repo
Packaging	⚠️ -1	packaging workflow not detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
License	🟢 10	license file detected
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Fuzzing	⚠️ 0	project is not fuzzed
Signed-Releases	⚠️ 0	Project has not signed or included provenance with any releases.
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities	🟢 5	5 existing vulnerabilities detected

npm/highcharts

^12.1.2

🟢 3.5

Details

Check	Score	Reason
Packaging	⚠️ -1	packaging workflow not detected
Dangerous-Workflow	⚠️ -1	no workflows found
Maintained	🟢 7	9 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 7
Token-Permissions	⚠️ -1	No tokens found
Code-Review	⚠️ 0	Found 1/28 approved changesets -- score normalized to 0
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Security-Policy	⚠️ 0	security policy file not detected
License	⚠️ 0	license file not detected
Vulnerabilities	🟢 10	0 existing vulnerabilities detected
Signed-Releases	⚠️ -1	no releases found
Binary-Artifacts	🟢 10	no binaries found in the repo
Branch-Protection	⚠️ 0	branch protection not enabled on development/release branches
Pinned-Dependencies	⚠️ -1	no dependencies found
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Fuzzing	⚠️ 0	project is not fuzzed

npm/ng2-charts

^8.0.0

🟢 4

Details

Check	Score	Reason
Code-Review	⚠️ 0	Found 1/16 approved changesets -- score normalized to 0
Maintained	🟢 10	14 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
Packaging	⚠️ -1	packaging workflow not detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Binary-Artifacts	🟢 10	no binaries found in the repo
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Pinned-Dependencies	⚠️ 2	dependency not pinned by hash detected -- score normalized to 2
Fuzzing	⚠️ 0	project is not fuzzed
License	🟢 10	license file detected
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Signed-Releases	⚠️ 0	Project has not signed or included provenance with any releases.
Security-Policy	⚠️ 0	security policy file not detected
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities	🟢 5	5 existing vulnerabilities detected

Scanned Files

frontend/package-lock.json
frontend/package.json

…ates Bumps the production-dependencies group with 14 updates in the /frontend directory: | Package | From | To | | --- | --- | --- | | [@angular/animations](https://github.com/angular/angular/tree/HEAD/packages/animations) | `19.1.4` | `19.1.5` | | [@angular/cdk](https://github.com/angular/components) | `19.1.2` | `19.1.3` | | [@angular/common](https://github.com/angular/angular/tree/HEAD/packages/common) | `19.1.4` | `19.1.5` | | [@angular/compiler](https://github.com/angular/angular/tree/HEAD/packages/compiler) | `19.1.4` | `19.1.5` | | [@angular/core](https://github.com/angular/angular/tree/HEAD/packages/core) | `19.1.4` | `19.1.5` | | [@angular/forms](https://github.com/angular/angular/tree/HEAD/packages/forms) | `19.1.4` | `19.1.5` | | [@angular/material](https://github.com/angular/components) | `19.1.2` | `19.1.3` | | [@angular/platform-browser](https://github.com/angular/angular/tree/HEAD/packages/platform-browser) | `19.1.4` | `19.1.5` | | [@angular/platform-browser-dynamic](https://github.com/angular/angular/tree/HEAD/packages/platform-browser-dynamic) | `19.1.4` | `19.1.5` | | [@angular/router](https://github.com/angular/angular/tree/HEAD/packages/router) | `19.1.4` | `19.1.5` | | [@octokit/types](https://github.com/octokit/types.ts) | `13.6.1` | `13.8.0` | | [cronstrue](https://github.com/bradymholt/cronstrue) | `2.51.0` | `2.54.0` | | [highcharts](https://github.com/highcharts/highcharts-dist) | `11.4.8` | `12.1.2` | | [ng2-charts](https://github.com/valor-software/ng2-charts) | `7.0.0` | `8.0.0` | Updates `@angular/animations` from 19.1.4 to 19.1.5 - [Release notes](https://github.com/angular/angular/releases) - [Changelog](https://github.com/angular/angular/blob/main/CHANGELOG.md) - [Commits](https://github.com/angular/angular/commits/19.1.5/packages/animations) Updates `@angular/cdk` from 19.1.2 to 19.1.3 - [Release notes](https://github.com/angular/components/releases) - [Changelog](https://github.com/angular/components/blob/main/CHANGELOG.md) - [Commits](angular/components@19.1.2...19.1.3) Updates `@angular/common` from 19.1.4 to 19.1.5 - [Release notes](https://github.com/angular/angular/releases) - [Changelog](https://github.com/angular/angular/blob/main/CHANGELOG.md) - [Commits](https://github.com/angular/angular/commits/19.1.5/packages/common) Updates `@angular/compiler` from 19.1.4 to 19.1.5 - [Release notes](https://github.com/angular/angular/releases) - [Changelog](https://github.com/angular/angular/blob/main/CHANGELOG.md) - [Commits](https://github.com/angular/angular/commits/19.1.5/packages/compiler) Updates `@angular/core` from 19.1.4 to 19.1.5 - [Release notes](https://github.com/angular/angular/releases) - [Changelog](https://github.com/angular/angular/blob/main/CHANGELOG.md) - [Commits](https://github.com/angular/angular/commits/19.1.5/packages/core) Updates `@angular/forms` from 19.1.4 to 19.1.5 - [Release notes](https://github.com/angular/angular/releases) - [Changelog](https://github.com/angular/angular/blob/main/CHANGELOG.md) - [Commits](https://github.com/angular/angular/commits/19.1.5/packages/forms) Updates `@angular/material` from 19.1.2 to 19.1.3 - [Release notes](https://github.com/angular/components/releases) - [Changelog](https://github.com/angular/components/blob/main/CHANGELOG.md) - [Commits](angular/components@19.1.2...19.1.3) Updates `@angular/platform-browser` from 19.1.4 to 19.1.5 - [Release notes](https://github.com/angular/angular/releases) - [Changelog](https://github.com/angular/angular/blob/main/CHANGELOG.md) - [Commits](https://github.com/angular/angular/commits/19.1.5/packages/platform-browser) Updates `@angular/platform-browser-dynamic` from 19.1.4 to 19.1.5 - [Release notes](https://github.com/angular/angular/releases) - [Changelog](https://github.com/angular/angular/blob/main/CHANGELOG.md) - [Commits](https://github.com/angular/angular/commits/19.1.5/packages/platform-browser-dynamic) Updates `@angular/router` from 19.1.4 to 19.1.5 - [Release notes](https://github.com/angular/angular/releases) - [Changelog](https://github.com/angular/angular/blob/main/CHANGELOG.md) - [Commits](https://github.com/angular/angular/commits/19.1.5/packages/router) Updates `@octokit/types` from 13.6.1 to 13.8.0 - [Release notes](https://github.com/octokit/types.ts/releases) - [Commits](octokit/types.ts@v13.6.1...v13.8.0) Updates `cronstrue` from 2.51.0 to 2.54.0 - [Release notes](https://github.com/bradymholt/cronstrue/releases) - [Changelog](https://github.com/bradymholt/cRonstrue/blob/main/CHANGELOG.md) - [Commits](bradymholt/cRonstrue@v2.51.0...v2.54.0) Updates `highcharts` from 11.4.8 to 12.1.2 - [Commits](highcharts/highcharts-dist@v11.4.8...v12.1.2) Updates `ng2-charts` from 7.0.0 to 8.0.0 - [Release notes](https://github.com/valor-software/ng2-charts/releases) - [Commits](valor-software/ng2-charts@v7.0.0...v8.0.0) --- updated-dependencies: - dependency-name: "@angular/animations" dependency-type: direct:production update-type: version-update:semver-patch dependency-group: production-dependencies - dependency-name: "@angular/cdk" dependency-type: direct:production update-type: version-update:semver-patch dependency-group: production-dependencies - dependency-name: "@angular/common" dependency-type: direct:production update-type: version-update:semver-patch dependency-group: production-dependencies - dependency-name: "@angular/compiler" dependency-type: direct:production update-type: version-update:semver-patch dependency-group: production-dependencies - dependency-name: "@angular/core" dependency-type: direct:production update-type: version-update:semver-patch dependency-group: production-dependencies - dependency-name: "@angular/forms" dependency-type: direct:production update-type: version-update:semver-patch dependency-group: production-dependencies - dependency-name: "@angular/material" dependency-type: direct:production update-type: version-update:semver-patch dependency-group: production-dependencies - dependency-name: "@angular/platform-browser" dependency-type: direct:production update-type: version-update:semver-patch dependency-group: production-dependencies - dependency-name: "@angular/platform-browser-dynamic" dependency-type: direct:production update-type: version-update:semver-patch dependency-group: production-dependencies - dependency-name: "@angular/router" dependency-type: direct:production update-type: version-update:semver-patch dependency-group: production-dependencies - dependency-name: "@octokit/types" dependency-type: direct:production update-type: version-update:semver-minor dependency-group: production-dependencies - dependency-name: cronstrue dependency-type: direct:production update-type: version-update:semver-minor dependency-group: production-dependencies - dependency-name: highcharts dependency-type: direct:production update-type: version-update:semver-major dependency-group: production-dependencies - dependency-name: ng2-charts dependency-type: direct:production update-type: version-update:semver-major dependency-group: production-dependencies ... Signed-off-by: dependabot[bot] <[email protected]>

dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Feb 6, 2025

dependabot bot force-pushed the dependabot/npm_and_yarn/frontend/production-dependencies-9e9f7ef291 branch from 4877588 to d7bafa3 Compare February 10, 2025 20:25

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump the production-dependencies group across 1 directory with 14 updates #133

Bump the production-dependencies group across 1 directory with 14 updates #133

dependabot bot commented on behalf of github Feb 6, 2025 •

edited

Loading

github-actions bot commented Feb 6, 2025 •

edited

Loading

Bump the production-dependencies group across 1 directory with 14 updates #133

Are you sure you want to change the base?

Bump the production-dependencies group across 1 directory with 14 updates #133

Conversation

dependabot bot commented on behalf of github Feb 6, 2025 • edited Loading

github-actions bot commented Feb 6, 2025 • edited Loading

Dependency Review

License Issues

frontend/package.json

OpenSSF Scorecard

Scanned Files

dependabot bot commented on behalf of github Feb 6, 2025 •

edited

Loading

github-actions bot commented Feb 6, 2025 •

edited

Loading