chore(deps-dev): bump jest-environment-jsdom from 29.7.0 to 30.2.0

[dependabot]

Bumps jest-environment-jsdom from 29.7.0 to 30.2.0.

Release notes

Sourced from jest-environment-jsdom's releases.

30.2.0

Chore & Maintenance

• [*] Update example repo for testing React Native projects (#15832)
• [*] Update jest-watch-typeahead to v3 (#15830)

Features

• [jest-environment-jsdom-abstract] Add support for JSDOM v27 (#15834)

Fixes

• [babel-jest] Export the TransformerConfig interface (#15820)
• [jest-config] Fix jest.config.ts with TS loader specified in docblock pragma (#15839)

30.1.3

Fixes

• Fix unstable_mockModule with node: prefixed core modules.

30.1.2

Fixes

• [jest-snapshot-utils] Correct snapshot header regexp to work with newline across OSes (#15803)

30.1.1

Fixes

• [jest-snapshot-utils] Fix deprecated goo.gl snapshot warning not handling Windows end-of-line sequences (#15800)

30.1.0

Features

• [jest-leak-detector] Configurable GC aggressiveness regarding to V8 heap snapshot generation (#15793)
• [jest-runtime] Reduce redundant ReferenceError messages
• [jest-core] Include test modules that failed to load when --onlyFailures is active

Fixes

• `[jest-snapshot-utils] Fix deprecated goo.gl snapshot guide link not getting replaced with fully canonical URL (#15787)
• [jest-circus] Fix it.concurrent not working with describe.skip (#15765)
• [jest-snapshot] Fix mangled inline snapshot updates when used with Prettier 3 and CRLF line endings
• [jest-runtime] Importing from @jest/globals in more than one file no longer breaks relative paths (#15772)

Chore

• [expect] Update docblock for toContain() to display info on substring check (#15789)

30.0.2

What's Changed

... (truncated)

Changelog

Sourced from jest-environment-jsdom's changelog.

30.2.0

Chore & Maintenance

• [*] Update example repo for testing React Native projects (#15832)
• [*] Update jest-watch-typeahead to v3 (#15830)

Features

• [jest-environment-jsdom-abstract] Add support for JSDOM v27 (#15834)

Fixes

• [jest-matcher-utils] Fix infinite recursion with self-referential getters in deepCyclicCopyReplaceable (#15831)
• [babel-jest] Export the TransformerConfig interface (#15820)
• [jest-config] Fix jest.config.ts with TS loader specified in docblock pragma (#15839)

30.1.3

Fixes

• Fix unstable_mockModule with node: prefixed core modules.

30.1.2

Fixes

• [jest-snapshot-utils] Correct snapshot header regexp to work with newline across OSes (#15803)

30.1.1

Fixes

• [jest-snapshot-utils] Fix deprecated goo.gl snapshot warning not handling Windows end-of-line sequences (#15800)
• [jest-snapshot-utils] Improve messaging about goo.gl snapshot link change (#15821)

30.1.0

Features

• [jest-leak-detector] Configurable GC aggressiveness regarding to V8 heap snapshot generation (#15793)
• [jest-runtime] Reduce redundant ReferenceError messages
• [jest-core] Include test modules that failed to load when --onlyFailures is active

Fixes

• [jest-snapshot-utils] Fix deprecated goo.gl snapshot guide link not getting replaced with fully canonical URL (#15787)
• [jest-circus] Fix it.concurrent not working with describe.skip (#15765)
• [jest-snapshot] Fix mangled inline snapshot updates when used with Prettier 3 and CRLF line endings
• [jest-runtime] Importing from @jest/globals in more than one file no longer breaks relative paths (#15772)

... (truncated)

Commits

• 855864e v30.2.0
• ebfa31c v30.1.2
• d347c0f v30.1.1
• 4d5f41d v30.1.0
• 22236cf v30.0.5
• f4296d2 v30.0.4
• 393acbf v30.0.2
• 5ce865b v30.0.1
• 469f665 v30.0.0
• ce14203 v30.0.0-rc.1
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot]

Labels

The following labels could not be found: dependabot. Please create it before Dependabot can add it to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

[github-actions]

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

Scorecard details

Package	Version	Score	Details
npm/@asamuzakjp/css-color	3.2.0	Unknown	Unknown
npm/@csstools/color-helpers	5.1.0	🟢 7.2	Details Check Score Reason Code-Review ⚠️ 0 Found 0/25 approved changesets -- score normalized to 0 Maintained 🟢 10 30 commit(s) and 8 issue activity found in the last 90 days -- score normalized to 10 Security-Policy 🟢 10 security policy file detected Packaging ⚠️ -1 packaging workflow not detected Token-Permissions 🟢 9 detected GitHub workflow tokens with excessive permissions Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection 🟢 3 branch protection is not maximal on development and all release branches Pinned-Dependencies 🟢 9 dependency not pinned by hash detected -- score normalized to 9 Binary-Artifacts 🟢 10 no binaries found in the repo Fuzzing ⚠️ 0 project is not fuzzed SAST 🟢 10 SAST tool is run on all commits Vulnerabilities 🟢 9 1 existing vulnerabilities detected
npm/@csstools/css-calc	2.1.4	🟢 7.2	Details Check Score Reason Code-Review ⚠️ 0 Found 0/25 approved changesets -- score normalized to 0 Maintained 🟢 10 30 commit(s) and 8 issue activity found in the last 90 days -- score normalized to 10 Security-Policy 🟢 10 security policy file detected Packaging ⚠️ -1 packaging workflow not detected Token-Permissions 🟢 9 detected GitHub workflow tokens with excessive permissions Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection 🟢 3 branch protection is not maximal on development and all release branches Pinned-Dependencies 🟢 9 dependency not pinned by hash detected -- score normalized to 9 Binary-Artifacts 🟢 10 no binaries found in the repo Fuzzing ⚠️ 0 project is not fuzzed SAST 🟢 10 SAST tool is run on all commits Vulnerabilities 🟢 9 1 existing vulnerabilities detected
npm/@csstools/css-color-parser	3.1.0	🟢 7.2	Details Check Score Reason Code-Review ⚠️ 0 Found 0/25 approved changesets -- score normalized to 0 Maintained 🟢 10 30 commit(s) and 8 issue activity found in the last 90 days -- score normalized to 10 Security-Policy 🟢 10 security policy file detected Packaging ⚠️ -1 packaging workflow not detected Token-Permissions 🟢 9 detected GitHub workflow tokens with excessive permissions Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection 🟢 3 branch protection is not maximal on development and all release branches Pinned-Dependencies 🟢 9 dependency not pinned by hash detected -- score normalized to 9 Binary-Artifacts 🟢 10 no binaries found in the repo Fuzzing ⚠️ 0 project is not fuzzed SAST 🟢 10 SAST tool is run on all commits Vulnerabilities 🟢 9 1 existing vulnerabilities detected
npm/@csstools/css-parser-algorithms	3.0.5	🟢 7.2	Details Check Score Reason Code-Review ⚠️ 0 Found 0/25 approved changesets -- score normalized to 0 Maintained 🟢 10 30 commit(s) and 8 issue activity found in the last 90 days -- score normalized to 10 Security-Policy 🟢 10 security policy file detected Packaging ⚠️ -1 packaging workflow not detected Token-Permissions 🟢 9 detected GitHub workflow tokens with excessive permissions Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection 🟢 3 branch protection is not maximal on development and all release branches Pinned-Dependencies 🟢 9 dependency not pinned by hash detected -- score normalized to 9 Binary-Artifacts 🟢 10 no binaries found in the repo Fuzzing ⚠️ 0 project is not fuzzed SAST 🟢 10 SAST tool is run on all commits Vulnerabilities 🟢 9 1 existing vulnerabilities detected
npm/@csstools/css-tokenizer	3.0.4	🟢 7.2	Details Check Score Reason Code-Review ⚠️ 0 Found 0/25 approved changesets -- score normalized to 0 Maintained 🟢 10 30 commit(s) and 8 issue activity found in the last 90 days -- score normalized to 10 Security-Policy 🟢 10 security policy file detected Packaging ⚠️ -1 packaging workflow not detected Token-Permissions 🟢 9 detected GitHub workflow tokens with excessive permissions Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection 🟢 3 branch protection is not maximal on development and all release branches Pinned-Dependencies 🟢 9 dependency not pinned by hash detected -- score normalized to 9 Binary-Artifacts 🟢 10 no binaries found in the repo Fuzzing ⚠️ 0 project is not fuzzed SAST 🟢 10 SAST tool is run on all commits Vulnerabilities 🟢 9 1 existing vulnerabilities detected
npm/@jest/environment-jsdom-abstract	30.2.0	Unknown	Unknown
npm/@types/jsdom	21.1.7	🟢 6.9	Details Check Score Reason Code-Review 🟢 8 Found 25/30 approved changesets -- score normalized to 8 Maintained 🟢 10 30 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10 Packaging ⚠️ -1 packaging workflow not detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 9 license file detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Security-Policy 🟢 10 security policy file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md Vulnerabilities 🟢 10 0 existing vulnerabilities detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies 🟢 8 dependency not pinned by hash detected -- score normalized to 8 Fuzzing ⚠️ 0 project is not fuzzed
npm/cssstyle	4.6.0	🟢 6.1	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 11 issue activity found in the last 90 days -- score normalized to 10 Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Code-Review 🟢 7 Found 21/27 approved changesets -- score normalized to 7 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies 🟢 3 dependency not pinned by hash detected -- score normalized to 3 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Fuzzing ⚠️ 0 project is not fuzzed Packaging 🟢 10 packaging workflow detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Security-Policy 🟢 10 security policy file detected Vulnerabilities 🟢 10 0 existing vulnerabilities detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
npm/data-urls	5.0.0	🟢 5	Details Check Score Reason Maintained 🟢 5 6 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 5 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Code-Review ⚠️ 0 Found 1/26 approved changesets -- score normalized to 0 Binary-Artifacts 🟢 10 no binaries found in the repo Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Pinned-Dependencies 🟢 3 dependency not pinned by hash detected -- score normalized to 3 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Packaging 🟢 10 packaging workflow detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Vulnerabilities 🟢 10 0 existing vulnerabilities detected Security-Policy 🟢 10 security policy file detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
npm/html-encoding-sniffer	4.0.0	🟢 5.3	Details Check Score Reason Code-Review ⚠️ 1 Found 3/21 approved changesets -- score normalized to 1 Maintained 🟢 7 7 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 7 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies 🟢 3 dependency not pinned by hash detected -- score normalized to 3 Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Packaging 🟢 10 packaging workflow detected Vulnerabilities 🟢 10 0 existing vulnerabilities detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Security-Policy 🟢 10 security policy file detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
npm/jest-environment-jsdom	30.2.0	Unknown	Unknown
npm/jsdom	26.1.0	🟢 6.7	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 14 issue activity found in the last 90 days -- score normalized to 10 Code-Review ⚠️ 1 Found 2/17 approved changesets -- score normalized to 1 Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege License 🟢 10 license file detected Binary-Artifacts 🟢 10 no binaries found in the repo Signed-Releases ⚠️ -1 no releases found Pinned-Dependencies 🟢 3 dependency not pinned by hash detected -- score normalized to 3 Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md Security-Policy 🟢 10 security policy file detected Fuzzing ⚠️ 0 project is not fuzzed Vulnerabilities 🟢 8 2 existing vulnerabilities detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
npm/rrweb-cssom	0.8.0	Unknown	Unknown
npm/tldts	6.1.86	🟢 3.9	Details Check Score Reason Code-Review ⚠️ 0 Found 0/28 approved changesets -- score normalized to 0 Maintained 🟢 10 27 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 10 Binary-Artifacts 🟢 10 no binaries found in the repo Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy ⚠️ 0 security policy file not detected License 🟢 10 license file detected Fuzzing ⚠️ 0 project is not fuzzed Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md Signed-Releases ⚠️ -1 no releases found SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Vulnerabilities ⚠️ 1 9 existing vulnerabilities detected
npm/tldts-core	6.1.86	🟢 3.9	Details Check Score Reason Code-Review ⚠️ 0 Found 0/28 approved changesets -- score normalized to 0 Maintained 🟢 10 27 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 10 Binary-Artifacts 🟢 10 no binaries found in the repo Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy ⚠️ 0 security policy file not detected License 🟢 10 license file detected Fuzzing ⚠️ 0 project is not fuzzed Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md Signed-Releases ⚠️ -1 no releases found SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Vulnerabilities ⚠️ 1 9 existing vulnerabilities detected
npm/tough-cookie	5.1.2	🟢 6.1	Details Check Score Reason Maintained 🟢 6 8 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 6 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Code-Review 🟢 10 all changesets reviewed CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Packaging ⚠️ -1 packaging workflow not detected Security-Policy 🟢 9 security policy file detected Binary-Artifacts 🟢 10 no binaries found in the repo Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Pinned-Dependencies 🟢 3 dependency not pinned by hash detected -- score normalized to 3 License 🟢 10 license file detected Fuzzing ⚠️ 0 project is not fuzzed Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Vulnerabilities 🟢 8 2 existing vulnerabilities detected
npm/tr46	5.1.1	🟢 4.2	Details Check Score Reason Code-Review ⚠️ 1 Found 5/26 approved changesets -- score normalized to 1 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Binary-Artifacts 🟢 10 no binaries found in the repo Packaging ⚠️ -1 packaging workflow not detected Maintained ⚠️ 0 0 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 0 Pinned-Dependencies 🟢 3 dependency not pinned by hash detected -- score normalized to 3 Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Vulnerabilities 🟢 9 1 existing vulnerabilities detected Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Security-Policy 🟢 10 security policy file detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
npm/w3c-xmlserializer	5.0.0	🟢 4	Details Check Score Reason Packaging ⚠️ -1 packaging workflow not detected Maintained ⚠️ 0 0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Binary-Artifacts 🟢 10 no binaries found in the repo Code-Review ⚠️ 2 Found 5/25 approved changesets -- score normalized to 2 Pinned-Dependencies 🟢 3 dependency not pinned by hash detected -- score normalized to 3 Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Security-Policy 🟢 10 security policy file detected Vulnerabilities 🟢 5 5 existing vulnerabilities detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
npm/whatwg-encoding	3.1.1	🟢 3.6	Details Check Score Reason Code-Review ⚠️ 1 Found 4/26 approved changesets -- score normalized to 1 Pinned-Dependencies ⚠️ -1 no dependencies found Binary-Artifacts 🟢 10 no binaries found in the repo Packaging ⚠️ -1 packaging workflow not detected Token-Permissions ⚠️ -1 No tokens found Dangerous-Workflow ⚠️ -1 no workflows found Maintained ⚠️ 0 project is archived CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Vulnerabilities 🟢 10 0 existing vulnerabilities detected License ⚠️ 0 license file not detected Fuzzing ⚠️ 0 project is not fuzzed Signed-Releases ⚠️ -1 no releases found Security-Policy 🟢 10 security policy file detected Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
npm/whatwg-mimetype	4.0.0	🟢 5	Details Check Score Reason Code-Review ⚠️ 0 Found 1/27 approved changesets -- score normalized to 0 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Maintained 🟢 5 7 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 5 Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Pinned-Dependencies 🟢 3 dependency not pinned by hash detected -- score normalized to 3 Binary-Artifacts 🟢 10 no binaries found in the repo CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Packaging 🟢 10 packaging workflow detected Signed-Releases ⚠️ -1 no releases found Vulnerabilities 🟢 10 0 existing vulnerabilities detected Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Security-Policy 🟢 10 security policy file detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
npm/whatwg-url	14.2.0	🟢 5.1	Details Check Score Reason Code-Review ⚠️ 0 Found 1/25 approved changesets -- score normalized to 0 Maintained 🟢 6 8 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 6 Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 2 dependency not pinned by hash detected -- score normalized to 2 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Packaging 🟢 10 packaging workflow detected Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Signed-Releases ⚠️ -1 no releases found Security-Policy 🟢 10 security policy file detected Vulnerabilities 🟢 10 0 existing vulnerabilities detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
npm/xml-name-validator	5.0.0	🟢 4	Details Check Score Reason Maintained ⚠️ 0 0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0 Packaging ⚠️ -1 packaging workflow not detected Binary-Artifacts 🟢 10 no binaries found in the repo Code-Review ⚠️ 1 Found 3/25 approved changesets -- score normalized to 1 Pinned-Dependencies 🟢 3 dependency not pinned by hash detected -- score normalized to 3 Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Vulnerabilities 🟢 6 4 existing vulnerabilities detected Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Security-Policy 🟢 10 security policy file detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0

Scanned Files

• package-lock.json

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud