build(deps): bump nth-check and gatsby-plugin-sharp #159

dependabot · 2024-05-13T06:08:07Z

Bumps nth-check to 2.1.1 and updates ancestor dependency gatsby-plugin-sharp. These dependencies need to be updated together.

Updates nth-check from 1.0.2 to 2.1.1

Release notes

Sourced from nth-check's releases.

v2.1.1

The ESM code had some issues that are now fixed aeeb067

fb55/nth-check@v2.1.0...v2.1.1

v2.1.0

What's Changed

nth-check is now a dual CommonJS and ESM module fb55/nth-check#206

With the new sequence and generate methods, it is now possible to generate a sequence of indices for a given formula fb55/nth-check#207

Full Changelog: fb55/nth-check@v2.0.1...v2.1.0

v2.0.1

Fixes:

Replace regex with hand-rolled parser for nth-expressions (#9) 9894c1d

Ensures parsing will always have linear time complexity.

Internal:

chore(ci): Use GitHub Actions, Dependabot (#10) e02b4dd

Bump dependencies

fb55/nth-check@v2.0.0...v2.0.1

v2.0.0

Port module to TS, Jest, ESLint

Breaking:

The main export is now a default export.

The module now throws regular Errors on invalid selectors instead of SyntaxErrors.

Commits

639fd2a 2.1.1
0eec65b fix(test): Add moduleNameMapper
aeeb067 fix: Fix ESM
432ebc6 2.1.0
3e8cd1e feat: Add generate and sequence methods (#207)
57a5c62 feat: Add ESM (#206)
1ce0c7c chore(deps-dev): Bump @types/node from 17.0.34 to 17.0.35 (#205)
eebb040 chore(deps-dev): Bump @typescript-eslint/parser from 5.24.0 to 5.25.0 (#204)
a316aaa chore(deps-dev): Bump @typescript-eslint/eslint-plugin (#203)
454c0de chore(deps-dev): Bump @typescript-eslint/eslint-plugin (#202)
Additional commits viewable in compare view

Updates gatsby-plugin-sharp from 4.17.0 to 4.25.1

Release notes

Sourced from gatsby-plugin-sharp's releases.

v4.24

Welcome to gatsby@4.24.0 release (September 2022 #2)

Key highlights of this release:

Gatsby 5 Alpha

Updating File System Routes on data changes

Bleeding Edge: Want to try new features as soon as possible? Install gatsby@next and let us know if you have any issues.

Previous release notes

Full changelog

v4.23

Welcome to gatsby@4.23.0 release (September 2022 #1)

Key highlights of this release:

Open RFCs

Bleeding Edge: Want to try new features as soon as possible? Install gatsby@next and let us know if you have any issues.

Previous release notes

Full changelog

v4.22

Welcome to gatsby@4.22.0 release (August 2022 #3)

Key highlights of this release:

Open RFCs

Bleeding Edge: Want to try new features as soon as possible? Install gatsby@next and let us know if you have any issues.

Previous release notes

Full changelog

v4.21

Welcome to gatsby@4.21.0 release (August 2022 #2)

Key highlights of this release:

gatsby-plugin-mdx v4

Open RFCs

Bleeding Edge: Want to try new features as soon as possible? Install gatsby@next and let us know if you have any issues.

... (truncated)

Changelog

Sourced from gatsby-plugin-sharp's changelog.

Changelog: gatsby-plugin-sharp

All notable changes to this project will be documented in this file. See Conventional Commits for commit guidelines.

5.13.1 (2024-01-23)

Note: Version bump only for package gatsby-plugin-sharp

5.13.0 (2023-12-18)

🧾 Release notes

Chores

upgrade sharp to latest v0.32.6 #38374 (ca15ef3)

5.12.3 (2023-10-26)

Note: Version bump only for package gatsby-plugin-sharp

5.12.2 (2023-10-20)

Note: Version bump only for package gatsby-plugin-sharp

5.12.1 (2023-10-09)

Chores

upgrade sharp to latest v0.32.6 #38374 #38617 (f1a4107)

5.12.0 (2023-08-24)

🧾 Release notes

Bug Fixes

update dependency semver to ^7.5.3 #38296 (11e64e2)

5.11.0 (2023-06-15)

🧾 Release notes

Chores

update semver #38171 (208cdef)

5.10.0 (2023-05-16)

🧾 Release notes

... (truncated)

Commits

50e3f94 chore(release): Publish
dcf88ed fix(gatsby-plugin-sharp): don't serve static assets that are not result of cu...
5e72a5d chore(release): Publish
2dc715d chore: remove tracedSVG (#37093) (#37127)
9f4c0b9 chore(release): Publish
87f280a chore(release): Publish next
ea00e12 chore(release): Publish next
6815536 chore(release): Publish next
53a4e5a chore(changelogs): update changelogs (#36605)
ba43263 chore(release): Publish next pre-minor
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the Security Alerts page.

Bumps [nth-check](https://github.com/fb55/nth-check) to 2.1.1 and updates ancestor dependency [gatsby-plugin-sharp](https://github.com/gatsbyjs/gatsby/tree/HEAD/packages/gatsby-plugin-sharp). These dependencies need to be updated together. Updates `nth-check` from 1.0.2 to 2.1.1 - [Release notes](https://github.com/fb55/nth-check/releases) - [Commits](fb55/nth-check@v1.0.2...v2.1.1) Updates `gatsby-plugin-sharp` from 4.17.0 to 4.25.1 - [Release notes](https://github.com/gatsbyjs/gatsby/releases) - [Changelog](https://github.com/gatsbyjs/gatsby/blob/master/packages/gatsby-plugin-sharp/CHANGELOG.md) - [Commits](https://github.com/gatsbyjs/gatsby/commits/gatsby-plugin-sharp@4.25.1/packages/gatsby-plugin-sharp) --- updated-dependencies: - dependency-name: nth-check dependency-type: indirect - dependency-name: gatsby-plugin-sharp dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com>

vercel · 2024-05-13T06:08:09Z

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name	Status	Preview	Updated (UTC)
sinbad	✅ Ready (Inspect)	Visit Preview	May 13, 2024 6:26am

github-actions · 2024-05-13T06:08:24Z

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

Scorecard details

Package

Version

Score

Details

npm/nth-check

1.0.2

🟢 6.5

Details

Check	Score	Reason
Maintained	🟢 10	29 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
Code-Review	⚠️ -1	Found no human activity in the last 30 changesets
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
Packaging	⚠️ -1	packaging workflow not detected
Binary-Artifacts	🟢 10	no binaries found in the repo
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Fuzzing	⚠️ 0	project is not fuzzed
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Security-Policy	⚠️ 0	security policy file not detected
SAST	🟢 10	SAST tool is run on all commits
Pinned-Dependencies	🟢 4	dependency not pinned by hash detected -- score normalized to 4
Vulnerabilities	🟢 10	0 existing vulnerabilities detected

npm/gatsby-plugin-sharp

4.17.0

🟢 6.3

Details

Check	Score	Reason
Code-Review	🟢 8	Found 20/24 approved changesets -- score normalized to 8
Maintained	🟢 10	12 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Signed-Releases	⚠️ -1	no releases found
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Packaging	⚠️ -1	packaging workflow not detected
Security-Policy	🟢 10	security policy file detected
Token-Permissions	🟢 10	GitHub workflow tokens follow principle of least privilege
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Binary-Artifacts	🟢 10	no binaries found in the repo
Fuzzing	⚠️ 0	project is not fuzzed
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Vulnerabilities	⚠️ 0	82 existing vulnerabilities detected

npm/@lmdb/lmdb-darwin-arm64

2.5.3

Unknown

npm/@lmdb/lmdb-darwin-x64

2.5.3

Unknown

npm/@lmdb/lmdb-linux-arm

2.5.3

Unknown

npm/@lmdb/lmdb-linux-arm64

2.5.3

Unknown

npm/@lmdb/lmdb-linux-x64

2.5.3

Unknown

npm/@lmdb/lmdb-win32-x64

2.5.3

Unknown

npm/@types/sharp

0.30.5

🟢 6.9

Details

Check	Score	Reason
Maintained	🟢 10	30 commit(s) and 4 issue activity found in the last 90 days -- score normalized to 10
Code-Review	🟢 8	Found 26/29 approved changesets -- score normalized to 8
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 9	license file detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Packaging	⚠️ -1	packaging workflow not detected
Security-Policy	🟢 10	security policy file detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Vulnerabilities	🟢 10	0 existing vulnerabilities detected
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Binary-Artifacts	🟢 10	no binaries found in the repo
Pinned-Dependencies	🟢 8	dependency not pinned by hash detected -- score normalized to 8
Fuzzing	⚠️ 0	project is not fuzzed

npm/gatsby-core-utils

3.25.0

🟢 6.3

Details

Check	Score	Reason
Code-Review	🟢 8	Found 20/24 approved changesets -- score normalized to 8
Maintained	🟢 10	12 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Signed-Releases	⚠️ -1	no releases found
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Packaging	⚠️ -1	packaging workflow not detected
Security-Policy	🟢 10	security policy file detected
Token-Permissions	🟢 10	GitHub workflow tokens follow principle of least privilege
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Binary-Artifacts	🟢 10	no binaries found in the repo
Fuzzing	⚠️ 0	project is not fuzzed
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Vulnerabilities	⚠️ 0	82 existing vulnerabilities detected

npm/gatsby-plugin-sharp

4.25.1

🟢 6.3

Details

Check	Score	Reason
Code-Review	🟢 8	Found 20/24 approved changesets -- score normalized to 8
Maintained	🟢 10	12 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Signed-Releases	⚠️ -1	no releases found
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Packaging	⚠️ -1	packaging workflow not detected
Security-Policy	🟢 10	security policy file detected
Token-Permissions	🟢 10	GitHub workflow tokens follow principle of least privilege
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Binary-Artifacts	🟢 10	no binaries found in the repo
Fuzzing	⚠️ 0	project is not fuzzed
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Vulnerabilities	⚠️ 0	82 existing vulnerabilities detected

npm/gatsby-plugin-utils

3.19.0

🟢 6.3

Details

Check	Score	Reason
Code-Review	🟢 8	Found 20/24 approved changesets -- score normalized to 8
Maintained	🟢 10	12 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Signed-Releases	⚠️ -1	no releases found
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Packaging	⚠️ -1	packaging workflow not detected
Security-Policy	🟢 10	security policy file detected
Token-Permissions	🟢 10	GitHub workflow tokens follow principle of least privilege
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Binary-Artifacts	🟢 10	no binaries found in the repo
Fuzzing	⚠️ 0	project is not fuzzed
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Vulnerabilities	⚠️ 0	82 existing vulnerabilities detected

npm/gatsby-sharp

0.19.0

🟢 6.3

Details

Check	Score	Reason
Code-Review	🟢 8	Found 20/24 approved changesets -- score normalized to 8
Maintained	🟢 10	12 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Signed-Releases	⚠️ -1	no releases found
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Packaging	⚠️ -1	packaging workflow not detected
Security-Policy	🟢 10	security policy file detected
Token-Permissions	🟢 10	GitHub workflow tokens follow principle of least privilege
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Binary-Artifacts	🟢 10	no binaries found in the repo
Fuzzing	⚠️ 0	project is not fuzzed
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Vulnerabilities	⚠️ 0	82 existing vulnerabilities detected

npm/lmdb

2.5.3

Unknown

npm/@types/q

1.5.5

🟢 6.9

Details

Check	Score	Reason
Maintained	🟢 10	30 commit(s) and 4 issue activity found in the last 90 days -- score normalized to 10
Code-Review	🟢 8	Found 26/29 approved changesets -- score normalized to 8
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 9	license file detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Packaging	⚠️ -1	packaging workflow not detected
Security-Policy	🟢 10	security policy file detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Vulnerabilities	🟢 10	0 existing vulnerabilities detected
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Binary-Artifacts	🟢 10	no binaries found in the repo
Pinned-Dependencies	🟢 8	dependency not pinned by hash detected -- score normalized to 8
Fuzzing	⚠️ 0	project is not fuzzed

npm/@types/sharp

0.30.4

🟢 6.9

Details

Check	Score	Reason
Maintained	🟢 10	30 commit(s) and 4 issue activity found in the last 90 days -- score normalized to 10
Code-Review	🟢 8	Found 26/29 approved changesets -- score normalized to 8
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 9	license file detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Packaging	⚠️ -1	packaging workflow not detected
Security-Policy	🟢 10	security policy file detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Vulnerabilities	🟢 10	0 existing vulnerabilities detected
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Binary-Artifacts	🟢 10	no binaries found in the repo
Pinned-Dependencies	🟢 8	dependency not pinned by hash detected -- score normalized to 8
Fuzzing	⚠️ 0	project is not fuzzed

npm/array.prototype.reduce

1.0.4

🟢 4.9

Details

Check	Score	Reason
Code-Review	⚠️ 0	Found 0/30 approved changesets -- score normalized to 0
Maintained	🟢 5	6 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 5
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Signed-Releases	⚠️ -1	no releases found
License	🟢 10	license file detected
Binary-Artifacts	🟢 10	no binaries found in the repo
SAST	⚠️ 0	no SAST tool detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Packaging	⚠️ -1	packaging workflow not detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Fuzzing	⚠️ 0	project is not fuzzed
Vulnerabilities	🟢 10	0 existing vulnerabilities detected
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Security-Policy	🟢 9	security policy file detected

npm/coa

2.0.2

🟢 3.4

Details

Check	Score	Reason
Maintained	⚠️ 0	0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Code-Review	🟢 3	Found 5/16 approved changesets -- score normalized to 3
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
Token-Permissions	⚠️ -1	No tokens found
Dangerous-Workflow	⚠️ -1	no workflows found
Binary-Artifacts	🟢 10	no binaries found in the repo
Pinned-Dependencies	⚠️ -1	no dependencies found
Packaging	⚠️ -1	packaging workflow not detected
Branch-Protection	⚠️ 0	branch protection not enabled on development/release branches
Fuzzing	⚠️ 0	project is not fuzzed
Vulnerabilities	🟢 10	0 existing vulnerabilities detected
Security-Policy	⚠️ 0	security policy file not detected
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

npm/css-select

2.1.0

🟢 6.5

Details

Check	Score	Reason
Code-Review	⚠️ -1	Found no human activity in the last 30 changesets
Maintained	🟢 10	27 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Packaging	⚠️ -1	packaging workflow not detected
Binary-Artifacts	🟢 10	no binaries found in the repo
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Signed-Releases	⚠️ -1	no releases found
Fuzzing	⚠️ 0	project is not fuzzed
Security-Policy	⚠️ 0	security policy file not detected
SAST	🟢 10	SAST tool is run on all commits
Vulnerabilities	🟢 10	0 existing vulnerabilities detected
Pinned-Dependencies	🟢 4	dependency not pinned by hash detected -- score normalized to 4

npm/css-select-base-adapter

0.1.1

🟢 3

Details

Check	Score	Reason
Code-Review	⚠️ 0	Found 0/8 approved changesets -- score normalized to 0
Maintained	⚠️ 0	0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
Dangerous-Workflow	⚠️ -1	no workflows found
Token-Permissions	⚠️ -1	No tokens found
SAST	⚠️ 0	no SAST tool detected
Packaging	⚠️ -1	packaging workflow not detected
Pinned-Dependencies	⚠️ -1	no dependencies found
Binary-Artifacts	🟢 10	no binaries found in the repo
Branch-Protection	⚠️ 0	branch protection not enabled on development/release branches
Vulnerabilities	🟢 10	0 existing vulnerabilities detected
Fuzzing	⚠️ 0	project is not fuzzed
Security-Policy	⚠️ 0	security policy file not detected

npm/css-tree

1.0.0-alpha.37

🟢 3.7

Details

Check	Score	Reason
Code-Review	⚠️ 1	Found 4/30 approved changesets -- score normalized to 1
Maintained	⚠️ 0	0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
Binary-Artifacts	🟢 10	no binaries found in the repo
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Packaging	⚠️ -1	packaging workflow not detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Fuzzing	⚠️ 0	project is not fuzzed
Security-Policy	⚠️ 0	security policy file not detected
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Branch-Protection	⚠️ 0	branch protection not enabled on development/release branches
Vulnerabilities	🟢 8	2 existing vulnerabilities detected
Pinned-Dependencies	🟢 5	dependency not pinned by hash detected -- score normalized to 5

npm/css-what

3.4.2

🟢 6.2

Details

Check	Score	Reason
Maintained	🟢 10	23 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
Code-Review	⚠️ -1	Found no human activity in the last 30 changesets
License	🟢 10	license file detected
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Binary-Artifacts	🟢 10	no binaries found in the repo
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Packaging	⚠️ -1	packaging workflow not detected
Fuzzing	⚠️ 0	project is not fuzzed
Security-Policy	⚠️ 0	security policy file not detected
SAST	🟢 10	SAST tool is run on all commits
Pinned-Dependencies	🟢 4	dependency not pinned by hash detected -- score normalized to 4
Vulnerabilities	🟢 8	2 existing vulnerabilities detected

npm/dom-serializer

0.2.2

🟢 7.1

Details

Check	Score	Reason
Code-Review	⚠️ -1	Found no human activity in the last 30 changesets
Maintained	🟢 10	21 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
Security-Policy	🟢 10	security policy file detected
Binary-Artifacts	🟢 10	no binaries found in the repo
Packaging	⚠️ -1	packaging workflow not detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Fuzzing	⚠️ 0	project is not fuzzed
SAST	🟢 10	SAST tool is run on all commits
Pinned-Dependencies	🟢 4	dependency not pinned by hash detected -- score normalized to 4
Vulnerabilities	🟢 9	1 existing vulnerabilities detected

npm/domelementtype

1.3.1

🟢 6.7

Details

Check	Score	Reason
Code-Review	🟢 3	GitHub code reviews found for 9 commits out of the last 30 -- score normalized to 3
Maintained	⚠️ 1	2 commit(s) out of 30 and 0 issue activity out of 8 found in the last 90 days -- score normalized to 1
CII-Best-Practices	⚠️ 0	no badge detected
Vulnerabilities	🟢 10	no vulnerabilities detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ 0	branch protection not enabled on development/release branches
License	🟢 10	license file detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Security-Policy	🟢 10	security policy file detected
Pinned-Dependencies	🟢 10	all dependencies are pinned
Token-Permissions	🟢 10	tokens are read-only in GitHub workflows
Packaging	⚠️ -1	no published package detected
Binary-Artifacts	🟢 10	no binaries found in the repo
Dependency-Update-Tool	🟢 10	update tool detected
Fuzzing	⚠️ 0	project is not fuzzed

npm/domutils

1.7.0

🟢 6.8

Details

Check	Score	Reason
Maintained	🟢 10	30 commit(s) out of 30 and 1 issue activity out of 30 found in the last 90 days -- score normalized to 10
Code-Review	🟢 10	all last 30 commits are reviewed through GitHub
CII-Best-Practices	⚠️ 0	no badge detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	🟢 3	branch protection is not maximal on development and all release branches
Token-Permissions	⚠️ 0	non read-only tokens detected in GitHub workflows
Binary-Artifacts	🟢 10	no binaries found in the repo
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
License	🟢 10	license file detected
Dependency-Update-Tool	🟢 10	update tool detected
Packaging	⚠️ -1	no published package detected
Pinned-Dependencies	🟢 7	dependency not pinned by hash detected -- score normalized to 7
Fuzzing	⚠️ 0	project is not fuzzed
Vulnerabilities	🟢 10	no vulnerabilities detected
Security-Policy	⚠️ 0	security policy file not detected

npm/es-array-method-boxes-properly

1.0.0

🟢 4.4

Details

Check	Score	Reason
Code-Review	⚠️ 0	Found 0/23 approved changesets -- score normalized to 0
Maintained	⚠️ 0	0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Packaging	⚠️ -1	packaging workflow not detected
Binary-Artifacts	🟢 10	no binaries found in the repo
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Fuzzing	⚠️ 0	project is not fuzzed
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Vulnerabilities	🟢 10	0 existing vulnerabilities detected
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Security-Policy	🟢 9	security policy file detected
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

npm/gatsby-core-utils

3.17.0

🟢 6.3

Details

Check	Score	Reason
Code-Review	🟢 8	Found 20/24 approved changesets -- score normalized to 8
Maintained	🟢 10	12 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Signed-Releases	⚠️ -1	no releases found
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Packaging	⚠️ -1	packaging workflow not detected
Security-Policy	🟢 10	security policy file detected
Token-Permissions	🟢 10	GitHub workflow tokens follow principle of least privilege
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Binary-Artifacts	🟢 10	no binaries found in the repo
Fuzzing	⚠️ 0	project is not fuzzed
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Vulnerabilities	⚠️ 0	82 existing vulnerabilities detected

npm/gatsby-plugin-utils

3.11.0

🟢 6.3

Details

Check	Score	Reason
Code-Review	🟢 8	Found 20/24 approved changesets -- score normalized to 8
Maintained	🟢 10	12 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Signed-Releases	⚠️ -1	no releases found
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Packaging	⚠️ -1	packaging workflow not detected
Security-Policy	🟢 10	security policy file detected
Token-Permissions	🟢 10	GitHub workflow tokens follow principle of least privilege
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Binary-Artifacts	🟢 10	no binaries found in the repo
Fuzzing	⚠️ 0	project is not fuzzed
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Vulnerabilities	⚠️ 0	82 existing vulnerabilities detected

npm/mdn-data

2.0.4

🟢 6.5

Details

Check	Score	Reason
Code-Review	🟢 8	Found 17/20 approved changesets -- score normalized to 8
Maintained	🟢 10	18 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Signed-Releases	⚠️ -1	no releases found
Binary-Artifacts	🟢 10	no binaries found in the repo
Packaging	⚠️ -1	packaging workflow not detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Fuzzing	⚠️ 0	project is not fuzzed
Vulnerabilities	🟢 10	0 existing vulnerabilities detected
Security-Policy	⚠️ 0	security policy file not detected
SAST	🟢 8	SAST tool detected but not run on all commits
Pinned-Dependencies	🟢 4	dependency not pinned by hash detected -- score normalized to 4

npm/mini-svg-data-uri

1.4.4

🟢 3.4

Details

Check	Score	Reason
Code-Review	🟢 3	Found 6/20 approved changesets -- score normalized to 3
Maintained	⚠️ 0	0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
Packaging	⚠️ -1	packaging workflow not detected
Dangerous-Workflow	⚠️ -1	no workflows found
Pinned-Dependencies	⚠️ -1	no dependencies found
Token-Permissions	⚠️ -1	No tokens found
Binary-Artifacts	🟢 10	no binaries found in the repo
Branch-Protection	⚠️ 0	branch protection not enabled on development/release branches
Fuzzing	⚠️ 0	project is not fuzzed
Vulnerabilities	🟢 10	0 existing vulnerabilities detected
Security-Policy	⚠️ 0	security policy file not detected
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

npm/object.getownpropertydescriptors

2.1.4

Unknown

npm/q

1.5.1

🟢 3.8

Details

Check	Score	Reason
Maintained	⚠️ 0	0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Code-Review	🟢 6	Found 10/15 approved changesets -- score normalized to 6
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
Token-Permissions	⚠️ -1	No tokens found
Dangerous-Workflow	⚠️ -1	no workflows found
Packaging	⚠️ -1	packaging workflow not detected
Branch-Protection	⚠️ 0	branch protection not enabled on development/release branches
Binary-Artifacts	🟢 10	no binaries found in the repo
Pinned-Dependencies	⚠️ -1	no dependencies found
Vulnerabilities	🟢 10	0 existing vulnerabilities detected
Fuzzing	⚠️ 0	project is not fuzzed
Security-Policy	⚠️ 0	security policy file not detected
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

npm/svgo

1.3.2

🟢 7.4

Details

Check	Score	Reason
Code-Review	🟢 7	Found 22/30 approved changesets -- score normalized to 7
Maintained	🟢 10	10 commit(s) and 11 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Signed-Releases	⚠️ -1	no releases found
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Packaging	⚠️ -1	packaging workflow not detected
Token-Permissions	🟢 9	detected GitHub workflow tokens with excessive permissions
Binary-Artifacts	🟢 10	no binaries found in the repo
Fuzzing	⚠️ 0	project is not fuzzed
Security-Policy	🟢 10	security policy file detected
SAST	🟢 7	SAST tool detected but not run on all commits
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Vulnerabilities	🟢 8	2 existing vulnerabilities detected

npm/unquote

1.1.1

🟢 3

Details

Check	Score	Reason
Code-Review	⚠️ 0	Found 0/6 approved changesets -- score normalized to 0
Maintained	⚠️ 0	0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
Packaging	⚠️ -1	packaging workflow not detected
SAST	⚠️ 0	no SAST tool detected
Binary-Artifacts	🟢 10	no binaries found in the repo
Token-Permissions	⚠️ -1	No tokens found
Pinned-Dependencies	⚠️ -1	no dependencies found
Dangerous-Workflow	⚠️ -1	no workflows found
Branch-Protection	⚠️ 0	branch protection not enabled on development/release branches
Fuzzing	⚠️ 0	project is not fuzzed
Vulnerabilities	🟢 10	0 existing vulnerabilities detected
Security-Policy	⚠️ 0	security policy file not detected

npm/util.promisify

1.0.0

🟢 4.4

Details

Check	Score	Reason
Code-Review	⚠️ 0	Found 2/25 approved changesets -- score normalized to 0
Maintained	⚠️ 0	0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Signed-Releases	⚠️ -1	no releases found
License	🟢 10	license file detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Binary-Artifacts	🟢 10	no binaries found in the repo
Packaging	⚠️ -1	packaging workflow not detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Fuzzing	⚠️ 0	project is not fuzzed
Vulnerabilities	🟢 10	0 existing vulnerabilities detected
Security-Policy	🟢 9	security policy file detected
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0

npm/gatsby-plugin-sharp

^4.25.1

🟢 6.3

Details

Check	Score	Reason
Code-Review	🟢 8	Found 20/24 approved changesets -- score normalized to 8
Maintained	🟢 10	12 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Signed-Releases	⚠️ -1	no releases found
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Packaging	⚠️ -1	packaging workflow not detected
Security-Policy	🟢 10	security policy file detected
Token-Permissions	🟢 10	GitHub workflow tokens follow principle of least privilege
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Binary-Artifacts	🟢 10	no binaries found in the repo
Fuzzing	⚠️ 0	project is not fuzzed
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Vulnerabilities	⚠️ 0	82 existing vulnerabilities detected

npm/gatsby-plugin-sharp

^4.16.1

🟢 6.3

Details

Check	Score	Reason
Code-Review	🟢 8	Found 20/24 approved changesets -- score normalized to 8
Maintained	🟢 10	12 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Signed-Releases	⚠️ -1	no releases found
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Packaging	⚠️ -1	packaging workflow not detected
Security-Policy	🟢 10	security policy file detected
Token-Permissions	🟢 10	GitHub workflow tokens follow principle of least privilege
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Binary-Artifacts	🟢 10	no binaries found in the repo
Fuzzing	⚠️ 0	project is not fuzzed
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Vulnerabilities	⚠️ 0	82 existing vulnerabilities detected

Scanned Manifest Files

package-lock.json

nth-check@1.0.2
gatsby-plugin-sharp@4.17.0
@lmdb/lmdb-darwin-arm64@2.5.3
@lmdb/lmdb-darwin-x64@2.5.3
@lmdb/lmdb-linux-arm@2.5.3
@lmdb/lmdb-linux-arm64@2.5.3
@lmdb/lmdb-linux-x64@2.5.3
@lmdb/lmdb-win32-x64@2.5.3
@types/sharp@0.30.5
array.prototype.reduce@1.0.4
es-array-method-boxes-properly@1.0.0
gatsby-core-utils@3.25.0
gatsby-plugin-sharp@4.25.1
gatsby-plugin-utils@3.19.0
gatsby-sharp@0.19.0
lmdb@2.5.3
object.getownpropertydescriptors@2.1.4
q@1.5.1
util.promisify@1.0.0
@types/q@1.5.5
@types/sharp@0.30.4
array.prototype.reduce@1.0.4
coa@2.0.2
css-select@2.1.0
css-select-base-adapter@0.1.1
css-tree@1.0.0-alpha.37
css-what@3.4.2
dom-serializer@0.2.2
domelementtype@1.3.1
domutils@1.7.0
es-array-method-boxes-properly@1.0.0
gatsby-core-utils@3.17.0
gatsby-plugin-utils@3.11.0
mdn-data@2.0.4
mini-svg-data-uri@1.4.4
object.getownpropertydescriptors@2.1.4
q@1.5.1
svgo@1.3.2
unquote@1.1.1
util.promisify@1.0.0

package.json

gatsby-plugin-sharp@^4.25.1
gatsby-plugin-sharp@^4.16.1

dependabot bot requested a review from prince-deriv as a code owner May 13, 2024 06:08

dependabot bot added the dependencies Pull requests that update a dependency file label May 13, 2024

dependabot bot mentioned this pull request May 13, 2024

chore(deps): bump gatsby-plugin-sharp from 4.17.0 to 4.25.1 #122

Closed

vercel bot deployed to Preview May 13, 2024 06:26 View deployment

prince-deriv approved these changes May 13, 2024

View reviewed changes

prince-deriv merged commit 13f34c8 into master May 13, 2024
4 checks passed

dependabot bot deleted the dependabot/npm_and_yarn/multi-64ce9378b0 branch May 13, 2024 06:39

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

build(deps): bump nth-check and gatsby-plugin-sharp #159

build(deps): bump nth-check and gatsby-plugin-sharp #159

dependabot bot commented on behalf of github May 13, 2024

vercel bot commented May 13, 2024 •

edited

Loading

github-actions bot commented May 13, 2024

build(deps): bump nth-check and gatsby-plugin-sharp #159

build(deps): bump nth-check and gatsby-plugin-sharp #159

Conversation

dependabot bot commented on behalf of github May 13, 2024

v2.1.1

v2.1.0

What's Changed

v2.0.1

v2.0.0

v4.24

v4.23

v4.22

v4.21

Changelog: gatsby-plugin-sharp

5.13.1 (2024-01-23)

5.13.0 (2023-12-18)

Chores

5.12.3 (2023-10-26)

5.12.2 (2023-10-20)

5.12.1 (2023-10-09)

Chores

5.12.0 (2023-08-24)

Bug Fixes

5.11.0 (2023-06-15)

Chores

5.10.0 (2023-05-16)

vercel bot commented May 13, 2024 • edited Loading

github-actions bot commented May 13, 2024

Dependency Review

OpenSSF Scorecard

Scanned Manifest Files

Changelog: `gatsby-plugin-sharp`

vercel bot commented May 13, 2024 •

edited

Loading