Skip to content

Bump the npm group across 3 directories with 13 updates#210

Merged
github-actions[bot] merged 2 commits into
mainfrom
dependabot/npm_and_yarn/npm-7d48e76d25
Jun 3, 2026
Merged

Bump the npm group across 3 directories with 13 updates#210
github-actions[bot] merged 2 commits into
mainfrom
dependabot/npm_and_yarn/npm-7d48e76d25

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 3, 2026

Copy link
Copy Markdown
Contributor

Bumps the npm group with 3 updates in the / directory: @aws-lambda-powertools/logger, hono and typescript-eslint.
Bumps the npm group with 3 updates in the /example directory: @aws-lambda-powertools/logger, hono and typescript-eslint.
Bumps the npm group with 2 updates in the /package directory: @aws-lambda-powertools/logger and typescript-eslint.

Updates @aws-lambda-powertools/logger from 2.33.0 to 2.33.1

Release notes

Sourced from @​aws-lambda-powertools/logger's releases.

v2.33.1

Summary

This release is mainly composed of bug fixes across the HTTP event handler, Metrics, Logger, and Parser utilities, along with the removal of Node.js 20 support now that the runtime has reached end-of-life on AWS Lambda.

In the HTTP event handler, we have fixed response header corruption where multi-attribute headers like Set-Cookie (with Expires dates) and other comma-containing values were being incorrectly split into multiple headers. The HTTP event handler also now correctly preserves PATCH request bodies on ALB events and returns the proper 204 response for CORS preflight requests that omit the Access-Control-Request-Headers header.

In Metrics, dimension limits are now enforced per-array rather than across the merged set, preventing CloudWatch EMF rejections when default and request-scoped dimensions overlap. Logger now flushes the log buffer when critical() is called with flushOnErrorLog enabled, matching the behaviour of error().

[!IMPORTANT] Node.js 20 is no longer supported. Node.js 20 reached end-of-life on AWS Lambda, so this release drops support for it. If you are still on Node.js 20, we recommend upgrading to Node.js 22 before updating Powertools.

⭐ Congratulations to @​vishwakt and @​nanookclaw for their first PRs merged in the project 🎉

Changes

  • chore(deps): fix npm audit vulnerabilities (#5269) by @​svozza
  • fix(event-handler): allow cors preflight without request headers (#5267) by @​vishwakt
  • fix(event-handler): preserve ALB PATCH bodies (#5259) by @​nanookclaw
  • fix(event-handler): restrict v1/alb comma header splitting to an allowlist (#5257) by @​vishwakt
  • fix(parser): cognito validationData may be null (#5250) by @​bdellegrazie
  • fix(metrics): enforce dimension limits per-array (#5229) by @​vishwakt
  • improv(docs): fixed the docs to mention middy support for v7.x (#5238) by @​sdangol
  • fix(metrics): account for all dimensions in setDefaultDimensions() li… (#5228) by @​vishwakt
  • fix(logger): flush log buffer on critical() when flushOnErrorLog is e… (#5227) by @​vishwakt
  • fix(metrics): clear state in publishStoredMetrics even when throwOnEmptyMetrics throws (#5213) by @​svozza
  • chore: drop Node.js 20 support (#5218) by @​svozza
  • fix(commons): prevent deepMerge from mutating source objects (#5202) by @​svozza
  • fix(commons): correctly handle shared references in deepMerge (#5195) by @​svozza
  • ci(maintenance): Remove release comment automation (#5193) by @​dreamorosi
  • fix(logger): correctly serialize shared object references in JSON replacer (#5186) by @​svozza

🔧 Maintenance

... (truncated)

Changelog

Sourced from @​aws-lambda-powertools/logger's changelog.

2.33.1 (2026-05-25)

Bug Fixes

  • commons prevent deepMerge from mutating source objects (#5202) (9994787)
  • commons correctly handle shared references in deepMerge (#5195) (6b1a811)
  • logger flush log buffer on critical() when flushOnErrorLog is e… (#5227) (853b44f)
  • logger correctly serialize shared object references in JSON replacer (#5186) (097e440)
  • metrics enforce dimension limits per-array (#5229) (8791ee2)
  • metrics account for all dimensions in setDefaultDimensions() li… (#5228) (54eb80a)
  • metrics clear state in publishStoredMetrics even when throwOnEmptyMetrics throws (#5213) (a37913f)
  • parser cognito validationData may be null (#5250) (b3c1293)
  • event-handler allow cors preflight without request headers (#5267) (5adc3f4)
  • event-handler preserve ALB PATCH bodies (#5259) (9e1a687)
  • event-handler restrict v1/alb comma header splitting to an allowlist (#5257) (ca4bb13)

Maintenance

  • validation bump ajv from 8.18.0 to 8.20.0 (#5214) (4a9edca)
Commits
  • a3d3147 chore(ci): bump version to 2.33.1 (#5288)
  • 56eacb7 chore(deps-dev): bump protobufjs from 8.4.0 to 8.4.2 (#5285)
  • ba4d364 chore(deps): bump actions/stale from 10.2.0 to 10.3.0 (#5279)
  • 30621d6 chore(deps): bump idna from 3.10 to 3.15 in /docs (#5274)
  • b756cfc chore(deps-dev): bump protobufjs from 8.3.0 to 8.4.0 (#5270)
  • 3fdc9d9 chore(deps): bump pymdown-extensions from 10.21.2 to 10.21.3 in /docs (#5275)
  • 3cf427f chore(deps-dev): bump the vitest group across 1 directory with 2 updates (#5277)
  • 7325ba2 chore(deps-dev): bump @​valkey/valkey-glide from 2.3.1 to 2.4.0 (#5271)
  • 519b88d chore(deps-dev): bump lint-staged from 17.0.4 to 17.0.5 (#5272)
  • 1a84635 chore(deps): bump @​types/node from 25.8.0 to 25.9.1 (#5276)
  • Additional commits viewable in compare view

Updates hono from 4.12.22 to 4.12.23

Release notes

Sourced from hono's releases.

v4.12.23

What's Changed

Full Changelog: honojs/hono@v4.12.22...v4.12.23

Commits
  • 83bfb3b 4.12.23
  • bcd290a fix(utils/ipaddr): do not compress a single 0 group to :: (#4971)
  • c968177 feat(compress): add contentTypeFilter option and `COMPRESSIBLE_CONTENT_TYPE_R...
  • 0265a54 docs(contribution): add AI Usage Policy (#4970)
  • c84c5d2 feat(context): export the Context class publicly (#4543)
  • 82dad62 fix(serve-static): normalize all backslashes in file paths, not just the firs...
  • See full diff in compare view

Updates typescript-eslint from 8.59.4 to 8.60.0

Release notes

Sourced from typescript-eslint's releases.

v8.60.0

8.60.0 (2026-05-25)

🚀 Features

  • rule-tester: added updates of RuleTester from upstream (#12291)

🩹 Fixes

  • playground TS version selector is not working (#12326, #12325)

❤️ Thank You

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

Changelog

Sourced from typescript-eslint's changelog.

8.60.0 (2026-05-25)

This was a version bump only for typescript-eslint to align it with other projects, there were no code changes.

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

Commits

Updates @aws-lambda-powertools/commons from 2.33.0 to 2.33.1

Release notes

Sourced from @​aws-lambda-powertools/commons's releases.

v2.33.1

Summary

This release is mainly composed of bug fixes across the HTTP event handler, Metrics, Logger, and Parser utilities, along with the removal of Node.js 20 support now that the runtime has reached end-of-life on AWS Lambda.

In the HTTP event handler, we have fixed response header corruption where multi-attribute headers like Set-Cookie (with Expires dates) and other comma-containing values were being incorrectly split into multiple headers. The HTTP event handler also now correctly preserves PATCH request bodies on ALB events and returns the proper 204 response for CORS preflight requests that omit the Access-Control-Request-Headers header.

In Metrics, dimension limits are now enforced per-array rather than across the merged set, preventing CloudWatch EMF rejections when default and request-scoped dimensions overlap. Logger now flushes the log buffer when critical() is called with flushOnErrorLog enabled, matching the behaviour of error().

[!IMPORTANT] Node.js 20 is no longer supported. Node.js 20 reached end-of-life on AWS Lambda, so this release drops support for it. If you are still on Node.js 20, we recommend upgrading to Node.js 22 before updating Powertools.

⭐ Congratulations to @​vishwakt and @​nanookclaw for their first PRs merged in the project 🎉

Changes

  • chore(deps): fix npm audit vulnerabilities (#5269) by @​svozza
  • fix(event-handler): allow cors preflight without request headers (#5267) by @​vishwakt
  • fix(event-handler): preserve ALB PATCH bodies (#5259) by @​nanookclaw
  • fix(event-handler): restrict v1/alb comma header splitting to an allowlist (#5257) by @​vishwakt
  • fix(parser): cognito validationData may be null (#5250) by @​bdellegrazie
  • fix(metrics): enforce dimension limits per-array (#5229) by @​vishwakt
  • improv(docs): fixed the docs to mention middy support for v7.x (#5238) by @​sdangol
  • fix(metrics): account for all dimensions in setDefaultDimensions() li… (#5228) by @​vishwakt
  • fix(logger): flush log buffer on critical() when flushOnErrorLog is e… (#5227) by @​vishwakt
  • fix(metrics): clear state in publishStoredMetrics even when throwOnEmptyMetrics throws (#5213) by @​svozza
  • chore: drop Node.js 20 support (#5218) by @​svozza
  • fix(commons): prevent deepMerge from mutating source objects (#5202) by @​svozza
  • fix(commons): correctly handle shared references in deepMerge (#5195) by @​svozza
  • ci(maintenance): Remove release comment automation (#5193) by @​dreamorosi
  • fix(logger): correctly serialize shared object references in JSON replacer (#5186) by @​svozza

🔧 Maintenance

... (truncated)

Changelog

Sourced from @​aws-lambda-powertools/commons's changelog.

2.33.1 (2026-05-25)

Bug Fixes

  • commons prevent deepMerge from mutating source objects (#5202) (9994787)
  • commons correctly handle shared references in deepMerge (#5195) (6b1a811)
  • logger flush log buffer on critical() when flushOnErrorLog is e… (#5227) (853b44f)
  • logger correctly serialize shared object references in JSON replacer (#5186) (097e440)
  • metrics enforce dimension limits per-array (#5229) (8791ee2)
  • metrics account for all dimensions in setDefaultDimensions() li… (#5228) (54eb80a)
  • metrics clear state in publishStoredMetrics even when throwOnEmptyMetrics throws (#5213) (a37913f)
  • parser cognito validationData may be null (#5250) (b3c1293)
  • event-handler allow cors preflight without request headers (#5267) (5adc3f4)
  • event-handler preserve ALB PATCH bodies (#5259) (9e1a687)
  • event-handler restrict v1/alb comma header splitting to an allowlist (#5257) (ca4bb13)

Maintenance

  • validation bump ajv from 8.18.0 to 8.20.0 (#5214) (4a9edca)
Commits
  • a3d3147 chore(ci): bump version to 2.33.1 (#5288)
  • 56eacb7 chore(deps-dev): bump protobufjs from 8.4.0 to 8.4.2 (#5285)
  • ba4d364 chore(deps): bump actions/stale from 10.2.0 to 10.3.0 (#5279)
  • 30621d6 chore(deps): bump idna from 3.10 to 3.15 in /docs (#5274)
  • b756cfc chore(deps-dev): bump protobufjs from 8.3.0 to 8.4.0 (#5270)
  • 3fdc9d9 chore(deps): bump pymdown-extensions from 10.21.2 to 10.21.3 in /docs (#5275)
  • 3cf427f chore(deps-dev): bump the vitest group across 1 directory with 2 updates (#5277)
  • 7325ba2 chore(deps-dev): bump @​valkey/valkey-glide from 2.3.1 to 2.4.0 (#5271)
  • 519b88d chore(deps-dev): bump lint-staged from 17.0.4 to 17.0.5 (#5272)
  • 1a84635 chore(deps): bump @​types/node from 25.8.0 to 25.9.1 (#5276)
  • Additional commits viewable in compare view

Updates @typescript-eslint/eslint-plugin from 8.59.4 to 8.60.0

Release notes

Sourced from @​typescript-eslint/eslint-plugin's releases.

v8.60.0

8.60.0 (2026-05-25)

🚀 Features

  • rule-tester: added updates of RuleTester from upstream (#12291)

🩹 Fixes

  • playground TS version selector is not working (#12326, #12325)

❤️ Thank You

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

Changelog

Sourced from @​typescript-eslint/eslint-plugin's changelog.

8.60.0 (2026-05-25)

This was a version bump only for eslint-plugin to align it with other projects, there were no code changes.

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

Commits

Updates @typescript-eslint/parser from 8.59.4 to 8.60.0

Release notes

Sourced from @​typescript-eslint/parser's releases.

v8.60.0

8.60.0 (2026-05-25)

🚀 Features

  • rule-tester: added updates of RuleTester from upstream (#12291)

🩹 Fixes

  • playground TS version selector is not working (#12326, #12325)

❤️ Thank You

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

Changelog

Sourced from @​typescript-eslint/parser's changelog.

8.60.0 (2026-05-25)

This was a version bump only for parser to align it with other projects, there were no code changes.

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

Commits

Updates @typescript-eslint/project-service from 8.59.4 to 8.60.0

Release notes

Sourced from @​typescript-eslint/project-service's releases.

v8.60.0

8.60.0 (2026-05-25)

🚀 Features

  • rule-tester: added updates of RuleTester from upstream (#12291)

🩹 Fixes

  • playground TS version selector is not working (#12326, #12325)

❤️ Thank You

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

Changelog

Sourced from @​typescript-eslint/project-service's changelog.

8.60.0 (2026-05-25)

This was a version bump only for project-service to align it with other projects, there were no code changes.

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

Commits

Updates @typescript-eslint/scope-manager from 8.59.4 to 8.60.0

Release notes

Sourced from @​typescript-eslint/scope-manager's releases.

v8.60.0

8.60.0 (2026-05-25)

🚀 Features

  • rule-tester: added updates of RuleTester from upstream (#12291)

🩹 Fixes

  • playground TS version selector is not working (#12326, #12325)

❤️ Thank You

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

Changelog

Sourced from @​typescript-eslint/scope-manager's changelog.

8.60.0 (2026-05-25)

This was a version bump only for scope-manager to align it with other projects, there were no code changes.

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

Commits

Updates @typescript-eslint/tsconfig-utils from 8.59.4 to 8.60.0

Release notes

Sourced from @​typescript-eslint/tsconfig-utils's releases.

v8.60.0

8.60.0 (2026-05-25)

🚀 Features

  • rule-tester: added updates of RuleTester from upstream (#12291)

🩹 Fixes

  • playground TS version selector is not working (#12326, #12325)

❤️ Thank You

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

Changelog

Sourced from @​typescript-eslint/tsconfig-utils's changelog.

8.60.0 (2026-05-25)

This was a version bump only for tsconfig-utils to align it with other projects, there were no code changes.

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

Commits

Updates @typescript-eslint/type-utils from 8.59.4 to 8.60.0

Release notes

Sourced from @​typescript-eslint/type-utils's releases.

v8.60.0

8.60.0 (2026-05-25)

🚀 Features

  • rule-tester: added updates of RuleTester from upstream (#12291)

🩹 Fixes

  • playground TS version selector is not working (#12326, #12325)

❤️ Thank You

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

Changelog

Sourced from @​typescript-eslint/type-utils's changelog.

8.60.0 (2026-05-25)

This was a version bump only for type-utils to align it with other projects, there were no code changes.

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

Commits

Updates @typescript-eslint/typescript-estree from 8.59.4 to 8.60.0

Release notes

Sourced from @​typescript-eslint/typescript-estree's releases.

v8.60.0

8.60.0 (2026-05-25)

🚀 Features

  • rule-tester: added updates of RuleTester from upstream (#12291)

🩹 Fixes

  • playground TS version selector is not working (#12326, #12325)

❤️ Thank You

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

Changelog

Sourced from @​typescript-eslint/typescript-estree's changelog.

8.60.0 (2026-05-25)

🩹 Fixes

  • playground TS version selector is not working (#12326, #12325)

❤️ Thank You

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

Commits

Updates @typescript-eslint/utils from 8.59.4 to 8.60.0

Release notes

Sourced from @​typescript-eslint/utils's releases.

v8.60.0

8.60.0 (2026-05-25)

🚀 Features

  • rule-tester: added updates of RuleTester from upstream (#12291)

🩹 Fixes

  • playground TS version selector is not working (#12326, #12325)

❤️ Thank You

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

Changelog

Sourced from @​typescript-eslint/utils's changelog.

8.60.0 (2026-05-25)

This was a version bump only for utils to align it with other projects, there were no code changes.

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

Commits

Updates @typescript-eslint/visitor-keys from 8.59.4 to 8.60.0

Release notes

Sourced from @​typescript-eslint/visitor-keys's releases.

v8.60.0

8.60.0 (2026-05-25)

🚀 Features

  • rule-tester: added updates of RuleTester from upstream (#12291)

🩹 Fixes

  • playground TS version selector is not working (#12326, #12325)

❤️ Thank You

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

Changelog

Sourced from @​typescript-eslint/visitor-keys's changelog.

8.60.0 (2026-05-25)

This was a version bump only for visitor-keys to align it with other projects, there were no code changes.

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

Commits

Updates @aws-lambda-powertools/logger from 2.33.0 to 2.33.1

Release notes

Sourced from @​aws-lambda-powertools/logger's releases.

v2.33.1

Summary

This release is mainly composed of bug fixes across the HTTP event handler, Metrics, Logger, and Parser utilities, along with the removal of Node.js 20 support now that the runtime has reached end-of-life on AWS Lambda.

In the HTTP event handler, we have fixed response header corruption where multi-attribute headers like Set-Cookie (with Expires dates) and other comma-containing values were being incorrectly split into multiple headers. The HTTP event handler also now correctly preserves PATCH request bodies on ALB events and returns the proper 204 response for CORS preflight requests that omit the Access-Control-Request-Headers header.

In Metrics, dimension limits are now enforced per-array rather than across the merged set, preventing CloudWatch EMF rejections when default and request-scoped dimensions overlap. Logger now flushes the log buffer when critical() is called with flushOnErrorLog enabled, matching the behaviour of error().

[!IMPORTANT] Node.js 20 is no longer supported. Node.js 20 reached end-of-life on AWS Lambda, so this release drops support for it. If you are still on Node.js 20, we recommend upgrading to Node.js 22 before updating Powertools.

⭐ Congratulations to @​vishwakt<...

Description has been truncated

Bumps the npm group with 3 updates in the / directory: [@aws-lambda-powertools/logger](https://github.com/aws-powertools/powertools-lambda-typescript), [hono](https://github.com/honojs/hono) and [typescript-eslint](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/typescript-eslint).
Bumps the npm group with 3 updates in the /example directory: [@aws-lambda-powertools/logger](https://github.com/aws-powertools/powertools-lambda-typescript), [hono](https://github.com/honojs/hono) and [typescript-eslint](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/typescript-eslint).
Bumps the npm group with 2 updates in the /package directory: [@aws-lambda-powertools/logger](https://github.com/aws-powertools/powertools-lambda-typescript) and [typescript-eslint](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/typescript-eslint).


Updates `@aws-lambda-powertools/logger` from 2.33.0 to 2.33.1
- [Release notes](https://github.com/aws-powertools/powertools-lambda-typescript/releases)
- [Changelog](https://github.com/aws-powertools/powertools-lambda-typescript/blob/main/CHANGELOG.md)
- [Commits](aws-powertools/powertools-lambda-typescript@v2.33.0...v2.33.1)

Updates `hono` from 4.12.22 to 4.12.23
- [Release notes](https://github.com/honojs/hono/releases)
- [Commits](honojs/hono@v4.12.22...v4.12.23)

Updates `typescript-eslint` from 8.59.4 to 8.60.0
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/typescript-eslint/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.60.0/packages/typescript-eslint)

Updates `@aws-lambda-powertools/commons` from 2.33.0 to 2.33.1
- [Release notes](https://github.com/aws-powertools/powertools-lambda-typescript/releases)
- [Changelog](https://github.com/aws-powertools/powertools-lambda-typescript/blob/main/CHANGELOG.md)
- [Commits](aws-powertools/powertools-lambda-typescript@v2.33.0...v2.33.1)

Updates `@typescript-eslint/eslint-plugin` from 8.59.4 to 8.60.0
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/eslint-plugin/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.60.0/packages/eslint-plugin)

Updates `@typescript-eslint/parser` from 8.59.4 to 8.60.0
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/parser/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.60.0/packages/parser)

Updates `@typescript-eslint/project-service` from 8.59.4 to 8.60.0
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/project-service/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.60.0/packages/project-service)

Updates `@typescript-eslint/scope-manager` from 8.59.4 to 8.60.0
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/scope-manager/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.60.0/packages/scope-manager)

Updates `@typescript-eslint/tsconfig-utils` from 8.59.4 to 8.60.0
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/tsconfig-utils/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.60.0/packages/tsconfig-utils)

Updates `@typescript-eslint/type-utils` from 8.59.4 to 8.60.0
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/type-utils/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.60.0/packages/type-utils)

Updates `@typescript-eslint/typescript-estree` from 8.59.4 to 8.60.0
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/typescript-estree/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.60.0/packages/typescript-estree)

Updates `@typescript-eslint/utils` from 8.59.4 to 8.60.0
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/utils/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.60.0/packages/utils)

Updates `@typescript-eslint/visitor-keys` from 8.59.4 to 8.60.0
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/visitor-keys/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.60.0/packages/visitor-keys)

Updates `@aws-lambda-powertools/logger` from 2.33.0 to 2.33.1
- [Release notes](https://github.com/aws-powertools/powertools-lambda-typescript/releases)
- [Changelog](https://github.com/aws-powertools/powertools-lambda-typescript/blob/main/CHANGELOG.md)
- [Commits](aws-powertools/powertools-lambda-typescript@v2.33.0...v2.33.1)

Updates `hono` from 4.12.22 to 4.12.23
- [Release notes](https://github.com/honojs/hono/releases)
- [Commits](honojs/hono@v4.12.22...v4.12.23)

Updates `typescript-eslint` from 8.59.4 to 8.60.0
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/typescript-eslint/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.60.0/packages/typescript-eslint)

Updates `@aws-lambda-powertools/logger` from 2.33.0 to 2.33.1
- [Release notes](https://github.com/aws-powertools/powertools-lambda-typescript/releases)
- [Changelog](https://github.com/aws-powertools/powertools-lambda-typescript/blob/main/CHANGELOG.md)
- [Commits](aws-powertools/powertools-lambda-typescript@v2.33.0...v2.33.1)

Updates `typescript-eslint` from 8.59.4 to 8.60.0
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/typescript-eslint/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.60.0/packages/typescript-eslint)

---
updated-dependencies:
- dependency-name: "@aws-lambda-powertools/logger"
  dependency-version: 2.33.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: npm
- dependency-name: hono
  dependency-version: 4.12.23
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: npm
- dependency-name: typescript-eslint
  dependency-version: 8.60.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm
- dependency-name: "@aws-lambda-powertools/commons"
  dependency-version: 2.33.1
  dependency-type: indirect
  update-type: version-update:semver-patch
  dependency-group: npm
- dependency-name: "@typescript-eslint/eslint-plugin"
  dependency-version: 8.60.0
  dependency-type: indirect
  update-type: version-update:semver-minor
  dependency-group: npm
- dependency-name: "@typescript-eslint/parser"
  dependency-version: 8.60.0
  dependency-type: indirect
  update-type: version-update:semver-minor
  dependency-group: npm
- dependency-name: "@typescript-eslint/project-service"
  dependency-version: 8.60.0
  dependency-type: indirect
  update-type: version-update:semver-minor
  dependency-group: npm
- dependency-name: "@typescript-eslint/scope-manager"
  dependency-version: 8.60.0
  dependency-type: indirect
  update-type: version-update:semver-minor
  dependency-group: npm
- dependency-name: "@typescript-eslint/tsconfig-utils"
  dependency-version: 8.60.0
  dependency-type: indirect
  update-type: version-update:semver-minor
  dependency-group: npm
- dependency-name: "@typescript-eslint/type-utils"
  dependency-version: 8.60.0
  dependency-type: indirect
  update-type: version-update:semver-minor
  dependency-group: npm
- dependency-name: "@typescript-eslint/typescript-estree"
  dependency-version: 8.60.0
  dependency-type: indirect
  update-type: version-update:semver-minor
  dependency-group: npm
- dependency-name: "@typescript-eslint/utils"
  dependency-version: 8.60.0
  dependency-type: indirect
  update-type: version-update:semver-minor
  dependency-group: npm
- dependency-name: "@typescript-eslint/visitor-keys"
  dependency-version: 8.60.0
  dependency-type: indirect
  update-type: version-update:semver-minor
  dependency-group: npm
- dependency-name: "@aws-lambda-powertools/logger"
  dependency-version: 2.33.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: npm
- dependency-name: hono
  dependency-version: 4.12.23
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: npm
- dependency-name: typescript-eslint
  dependency-version: 8.60.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm
- dependency-name: "@aws-lambda-powertools/logger"
  dependency-version: 2.33.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: npm
- dependency-name: typescript-eslint
  dependency-version: 8.60.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot assigned poad Jun 3, 2026
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Jun 3, 2026
@github-actions
github-actions Bot enabled auto-merge (squash) June 3, 2026 03:01
@github-actions

github-actions Bot commented Jun 3, 2026

Copy link
Copy Markdown
Contributor

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

Scorecard details
PackageVersionScoreDetails
npm/@aws-lambda-powertools/logger 2.33.1 🟢 9.6
Details
CheckScoreReason
Code-Review🟢 10all changesets reviewed
Maintained🟢 1030 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
Dependency-Update-Tool🟢 10update tool detected
Security-Policy🟢 10security policy file detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Binary-Artifacts🟢 10no binaries found in the repo
Token-Permissions🟢 10GitHub workflow tokens follow principle of least privilege
Pinned-Dependencies🟢 10all dependencies are pinned
CII-Best-Practices🟢 5badge detected: Passing
SAST🟢 10SAST tool is run on all commits
License🟢 10license file detected
Fuzzing🟢 10project is fuzzed
Vulnerabilities🟢 91 existing vulnerabilities detected
Packaging🟢 10packaging workflow detected
Signed-Releases⚠️ -1no releases found
CI-Tests🟢 1030 out of 30 merged PRs checked by a CI test -- score normalized to 10
Branch-Protection🟢 8branch protection is not maximal on development and all release branches
Contributors🟢 10project has 11 contributing companies or organizations
npm/typescript-eslint 8.60.0 🟢 6.7
Details
CheckScoreReason
Maintained🟢 1030 commit(s) and 22 issue activity found in the last 90 days -- score normalized to 10
Packaging⚠️ -1packaging workflow not detected
Code-Review🟢 9Found 24/26 approved changesets -- score normalized to 9
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Security-Policy🟢 10security policy file detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies🟢 8dependency not pinned by hash detected -- score normalized to 8
Fuzzing⚠️ 0project is not fuzzed
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
npm/@aws-lambda-powertools/logger 2.33.1 🟢 9.6
Details
CheckScoreReason
Code-Review🟢 10all changesets reviewed
Maintained🟢 1030 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
Dependency-Update-Tool🟢 10update tool detected
Security-Policy🟢 10security policy file detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Binary-Artifacts🟢 10no binaries found in the repo
Token-Permissions🟢 10GitHub workflow tokens follow principle of least privilege
Pinned-Dependencies🟢 10all dependencies are pinned
CII-Best-Practices🟢 5badge detected: Passing
SAST🟢 10SAST tool is run on all commits
License🟢 10license file detected
Fuzzing🟢 10project is fuzzed
Vulnerabilities🟢 91 existing vulnerabilities detected
Packaging🟢 10packaging workflow detected
Signed-Releases⚠️ -1no releases found
CI-Tests🟢 1030 out of 30 merged PRs checked by a CI test -- score normalized to 10
Branch-Protection🟢 8branch protection is not maximal on development and all release branches
Contributors🟢 10project has 11 contributing companies or organizations
npm/typescript-eslint 8.60.0 🟢 6.7
Details
CheckScoreReason
Maintained🟢 1030 commit(s) and 22 issue activity found in the last 90 days -- score normalized to 10
Packaging⚠️ -1packaging workflow not detected
Code-Review🟢 9Found 24/26 approved changesets -- score normalized to 9
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Security-Policy🟢 10security policy file detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies🟢 8dependency not pinned by hash detected -- score normalized to 8
Fuzzing⚠️ 0project is not fuzzed
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
npm/@aws-lambda-powertools/commons 2.33.1 🟢 9.6
Details
CheckScoreReason
Code-Review🟢 10all changesets reviewed
Maintained🟢 1030 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
Dependency-Update-Tool🟢 10update tool detected
Security-Policy🟢 10security policy file detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Binary-Artifacts🟢 10no binaries found in the repo
Token-Permissions🟢 10GitHub workflow tokens follow principle of least privilege
Pinned-Dependencies🟢 10all dependencies are pinned
CII-Best-Practices🟢 5badge detected: Passing
SAST🟢 10SAST tool is run on all commits
License🟢 10license file detected
Fuzzing🟢 10project is fuzzed
Vulnerabilities🟢 91 existing vulnerabilities detected
Packaging🟢 10packaging workflow detected
Signed-Releases⚠️ -1no releases found
CI-Tests🟢 1030 out of 30 merged PRs checked by a CI test -- score normalized to 10
Branch-Protection🟢 8branch protection is not maximal on development and all release branches
Contributors🟢 10project has 11 contributing companies or organizations
npm/@aws-lambda-powertools/logger 2.33.1 🟢 9.6
Details
CheckScoreReason
Code-Review🟢 10all changesets reviewed
Maintained🟢 1030 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
Dependency-Update-Tool🟢 10update tool detected
Security-Policy🟢 10security policy file detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Binary-Artifacts🟢 10no binaries found in the repo
Token-Permissions🟢 10GitHub workflow tokens follow principle of least privilege
Pinned-Dependencies🟢 10all dependencies are pinned
CII-Best-Practices🟢 5badge detected: Passing
SAST🟢 10SAST tool is run on all commits
License🟢 10license file detected
Fuzzing🟢 10project is fuzzed
Vulnerabilities🟢 91 existing vulnerabilities detected
Packaging🟢 10packaging workflow detected
Signed-Releases⚠️ -1no releases found
CI-Tests🟢 1030 out of 30 merged PRs checked by a CI test -- score normalized to 10
Branch-Protection🟢 8branch protection is not maximal on development and all release branches
Contributors🟢 10project has 11 contributing companies or organizations
npm/@typescript-eslint/eslint-plugin 8.60.0 🟢 6.7
Details
CheckScoreReason
Maintained🟢 1030 commit(s) and 22 issue activity found in the last 90 days -- score normalized to 10
Packaging⚠️ -1packaging workflow not detected
Code-Review🟢 9Found 24/26 approved changesets -- score normalized to 9
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Security-Policy🟢 10security policy file detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies🟢 8dependency not pinned by hash detected -- score normalized to 8
Fuzzing⚠️ 0project is not fuzzed
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
npm/@typescript-eslint/parser 8.60.0 🟢 6.7
Details
CheckScoreReason
Maintained🟢 1030 commit(s) and 22 issue activity found in the last 90 days -- score normalized to 10
Packaging⚠️ -1packaging workflow not detected
Code-Review🟢 9Found 24/26 approved changesets -- score normalized to 9
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Security-Policy🟢 10security policy file detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies🟢 8dependency not pinned by hash detected -- score normalized to 8
Fuzzing⚠️ 0project is not fuzzed
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
npm/@typescript-eslint/project-service 8.60.0 🟢 6.7
Details
CheckScoreReason
Maintained🟢 1030 commit(s) and 22 issue activity found in the last 90 days -- score normalized to 10
Packaging⚠️ -1packaging workflow not detected
Code-Review🟢 9Found 24/26 approved changesets -- score normalized to 9
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Security-Policy🟢 10security policy file detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies🟢 8dependency not pinned by hash detected -- score normalized to 8
Fuzzing⚠️ 0project is not fuzzed
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
npm/@typescript-eslint/scope-manager 8.60.0 🟢 6.7
Details
CheckScoreReason
Maintained🟢 1030 commit(s) and 22 issue activity found in the last 90 days -- score normalized to 10
Packaging⚠️ -1packaging workflow not detected
Code-Review🟢 9Found 24/26 approved changesets -- score normalized to 9
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Security-Policy🟢 10security policy file detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies🟢 8dependency not pinned by hash detected -- score normalized to 8
Fuzzing⚠️ 0project is not fuzzed
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
npm/@typescript-eslint/tsconfig-utils 8.60.0 🟢 6.7
Details
CheckScoreReason
Maintained🟢 1030 commit(s) and 22 issue activity found in the last 90 days -- score normalized to 10
Packaging⚠️ -1packaging workflow not detected
Code-Review🟢 9Found 24/26 approved changesets -- score normalized to 9
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Security-Policy🟢 10security policy file detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies🟢 8dependency not pinned by hash detected -- score normalized to 8
Fuzzing⚠️ 0project is not fuzzed
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
npm/@typescript-eslint/type-utils 8.60.0 🟢 6.7
Details
CheckScoreReason
Maintained🟢 1030 commit(s) and 22 issue activity found in the last 90 days -- score normalized to 10
Packaging⚠️ -1packaging workflow not detected
Code-Review🟢 9Found 24/26 approved changesets -- score normalized to 9
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Security-Policy🟢 10security policy file detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies🟢 8dependency not pinned by hash detected -- score normalized to 8
Fuzzing⚠️ 0project is not fuzzed
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
npm/@typescript-eslint/typescript-estree 8.60.0 🟢 6.7
Details
CheckScoreReason
Maintained🟢 1030 commit(s) and 22 issue activity found in the last 90 days -- score normalized to 10
Packaging⚠️ -1packaging workflow not detected
Code-Review🟢 9Found 24/26 approved changesets -- score normalized to 9
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Security-Policy🟢 10security policy file detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies🟢 8dependency not pinned by hash detected -- score normalized to 8
Fuzzing⚠️ 0project is not fuzzed
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
npm/@typescript-eslint/utils 8.60.0 🟢 6.7
Details
CheckScoreReason
Maintained🟢 1030 commit(s) and 22 issue activity found in the last 90 days -- score normalized to 10
Packaging⚠️ -1packaging workflow not detected
Code-Review🟢 9Found 24/26 approved changesets -- score normalized to 9
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Security-Policy🟢 10security policy file detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies🟢 8dependency not pinned by hash detected -- score normalized to 8
Fuzzing⚠️ 0project is not fuzzed
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
npm/@typescript-eslint/visitor-keys 8.60.0 🟢 6.7
Details
CheckScoreReason
Maintained🟢 1030 commit(s) and 22 issue activity found in the last 90 days -- score normalized to 10
Packaging⚠️ -1packaging workflow not detected
Code-Review🟢 9Found 24/26 approved changesets -- score normalized to 9
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Security-Policy🟢 10security policy file detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies🟢 8dependency not pinned by hash detected -- score normalized to 8
Fuzzing⚠️ 0project is not fuzzed
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
npm/typescript-eslint 8.60.0 🟢 6.7
Details
CheckScoreReason
Maintained🟢 1030 commit(s) and 22 issue activity found in the last 90 days -- score normalized to 10
Packaging⚠️ -1packaging workflow not detected
Code-Review🟢 9Found 24/26 approved changesets -- score normalized to 9
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Security-Policy🟢 10security policy file detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies🟢 8dependency not pinned by hash detected -- score normalized to 8
Fuzzing⚠️ 0project is not fuzzed
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0

Scanned Files

  • example/package.json
  • package/package.json
  • pnpm-lock.yaml

@poad

poad commented Jun 3, 2026

Copy link
Copy Markdown
Owner

@dependabot rebase

@dependabot @github

dependabot Bot commented on behalf of github Jun 3, 2026

Copy link
Copy Markdown
Contributor Author

Dependabot tried to update this pull request, but something went wrong. We're looking into it, but in the meantime you can retry the update by commenting @dependabot recreate.

@github-actions
github-actions Bot merged commit f9c804d into main Jun 3, 2026
4 checks passed
@github-actions
github-actions Bot deleted the dependabot/npm_and_yarn/npm-7d48e76d25 branch June 3, 2026 14:46
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant