Bump the production-dependencies group across 1 directory with 13 updates

[dependabot]

Bumps the production-dependencies group with 13 updates in the /frontend directory:

Package	From	To
@angular/animations	18.2.12	19.0.1
@angular/cdk	18.2.13	19.0.1
@angular/common	18.2.12	19.0.1
@angular/compiler	18.2.12	19.0.1
@angular/core	18.2.12	19.0.1
@angular/forms	18.2.12	19.0.1
@angular/material	18.2.13	19.0.1
@angular/platform-browser	18.2.12	19.0.1
@angular/platform-browser-dynamic	18.2.12	19.0.1
@angular/router	18.2.12	19.0.1
@octokit/types	13.6.1	13.6.2
cronstrue	2.51.0	2.52.0
highcharts	11.4.8	12.0.1

Updates @angular/animations from 18.2.12 to 19.0.1

Release notes

Sourced from @​angular/animations's releases.

v19.0.1

19.0.1 (2024-11-26)

compiler-cli

Commit	Description
	more accurate diagnostics for host binding parser errors (#58870)

core

Commit	Description
	correctly clear template HMR internal renderer cache (#58724)
	correctly perform lazy routes migration for components with additional decorators (#58796)
	Ensure _tick is always run within the TracingSnapshot. (#58881)
	Ensure resource sets an error (#58855)
	make component id generation more stable between client and server builds (#58813)
	Prevents race condition of cleanup for incremental hydration (#58722)

forms

Commit	Description
	work around TypeScript 5.7 issue (#58731)

language-service

Commit	Description
	add fix for individual unused imports (#58719)
	allow fixes to run without template info (#58719)

migrations

Commit	Description
	fix provide-initializer migration when using useFactory (#58518)
	handle parameters with initializers in inject migration (#58769)
	Mark hoisted properties as removed in inject migration (#58804)

v19.0.0

19.0.0 (2024-11-19)

Explore Angular v19 with a blog post from the Angular team: https://blog.angular.dev/meet-angular-v19-7b29dfd05b84

Breaking Changes

compiler

• this.foo property reads no longer refer to template context variables. If you intended to read the template variable, do not use this..

core

• Angular directives, components and pipes are now standalone by default.

  • Specify standalone: false for declarations that are currently declared in @NgModules.
  • ng update for v19 will take care of this automatically.

• TypeScript versions less than 5.5 are no longer supported.

• Timing changes for effect API (in developer preview):

  • effects which are triggered outside of change detection run as part of the change detection process instead of as a microtask. Depending on the

... (truncated)

Changelog

Sourced from @​angular/animations's changelog.

19.0.1 (2024-11-26)

compiler-cli

Commit	Type	Description
fb1fa8b0fc	fix	more accurate diagnostics for host binding parser errors (#58870)

core

Commit	Type	Description
502ee0e722	fix	correctly clear template HMR internal renderer cache (#58724)
99715104a1	fix	correctly perform lazy routes migration for components with additional decorators (#58796)
118803035f	fix	Ensure _tick is always run within the TracingSnapshot. (#58881)
08b9452f01	fix	Ensure resource sets an error (#58855)
84f45ea3ff	fix	make component id generation more stable between client and server builds (#58813)
d3491c7cee	fix	Prevents race condition of cleanup for incremental hydration (#58722)

forms

Commit	Type	Description
4dfe5b6cef	fix	work around TypeScript 5.7 issue (#58731)

language-service

Commit	Type	Description
a983865bff	fix	add fix for individual unused imports (#58719)
e6e7a4e22b	fix	allow fixes to run without template info (#58719)

migrations

Commit	Type	Description
5ce10264a4	fix	fix provide-initializer migration when using useFactory (#58518)
d4f5c85f60	fix	handle parameters with initializers in inject migration (#58769)
a6d2d2dc10	fix	Mark hoisted properties as removed in inject migration (#58804)

19.0.0 (2024-11-19)

Blog post: https://blog.angular.dev/meet-angular-v19-7b29dfd05b84

Breaking Changes

compiler

• this.foo property reads no longer refer to template context variables. If you intended to read the template variable, do not use this..
• changes to CSS selectors parsing where introduced, mainly to: pseudo selectors :where() and :is(), parsing of :host and host-context, parsing selectors within pseudo selector arguments (for instance comma separated selectors). These changes could lead to a different specificity of the resulting selectors and/or previously broken selectors being applied now, for example :where(:host) used to transform to :where()[ng-host] and is being :where([ng-host]) now. Unlike the previous outcome, the new result can target elements and therefore could lead to breakages.

core

• Angular directives, components and pipes are now standalone by default.
  • Specify standalone: false for declarations that are currently declared in @NgModules.
  • ng update for v19 will take care of this automatically.
• TypeScript versions less than 5.5 are no longer supported.

... (truncated)

Commits

• 09df589 refactor(core): Migrate all packages with the explicit-standalone-flag sche...
• 84b6896 refactor(platform-server): Add an ssr benchmark setup. (#57647)
• 9dbe6fc refactor: update license text to point to angular.dev (#57901)
• See full diff in compare view

Updates @angular/cdk from 18.2.13 to 19.0.1

Release notes

Sourced from @​angular/cdk's releases.

v19.0.1

19.0.1 "mercury-mailbox" (2024-11-27)

material

Commit	Description
	button-toggle: animate checkbox (#30025)
	chips: emit state changes when chip grid is disabled (#30033)
	datepicker: adds comparison ids and aria-describedby spans (#30040)
	slider: update documentation (#30029)
	timepicker: make disabled input public (#30063)

docs

Commit	Description
	update errorState example to cover handle missing state (#30059)

multiple

Commit	Description
	use cross-compatible type for setTimeout (#30073)

v19.0.0

19.0.0 "hafnium-hippo" (2024-11-19)

cdk

Commit	Description
	a11y: use native media query for high contrast detection (#29678)
	private: create cdk-visually-hidden style loader (#29757)
	overlay: avoid having to manually load structural styles
	overlay: load structural styles in a cascade layer (#29725)
	portal: remove ComponentFactoryResolver usages (#27427)
	scrolling: adds ngTemplateContextGuard (#27276)
	text-field: avoid having to manually load text field styles
	tree: fix issue where isExpanded wouldn't be set if placed before isExpandable (#29565)
	tree: only handle keyboard events directly from the node (#29861)
	tree: warn if mixed node types are used within the same tree

material

Commit	Description
	checkbox: add new aria properties to MatCheckbox (#29457)
	core: add experimental theme demo (#29636)
	core: add theme-overrides mixin (#29858)
	core: create focus-indicator structural styles loader (#29763)
	core: default to color-scheme theme type (#29907)
	core: deprecate the core mixin (#29906)
	core: rename theme mixin (#29857)
	core: switch system prefix from sys to mat-sys (#29908)
	input: add the ability to interact with disabled inputs (#29574)
	schematics: create v19 core removal schematic (#29768)
	schematics: Switch custom theme schematic to use theme mixin instead of define-theme and add high contrast override mixins (#29642)

... (truncated)

Changelog

Sourced from @​angular/cdk's changelog.

19.0.1 "mercury-mailbox" (2024-11-27)

material

Commit	Type	Description
2d7e078bb	fix	button-toggle: animate checkbox (#30025)
edac40645	fix	chips: emit state changes when chip grid is disabled (#30033)
18f7f4bb9	fix	datepicker: adds comparison ids and aria-describedby spans (#30040)
375435497	fix	slider: update documentation (#30029)
a31201475	fix	timepicker: make disabled input public (#30063)

docs

Commit	Type	Description
f9d9d2c81	fix	update errorState example to cover handle missing state (#30059)

multiple

Commit	Type	Description
59b7f436a	fix	use cross-compatible type for setTimeout (#30073)

19.0.0 "hafnium-hippo" (2024-11-19)

Breaking Changes

cdk

• • Since cdk.high-contrast targets a media query instead of a class, the specificity of the styles it emits is lower than before.
• • The overlay stays are now loaded slightly later than before which can change their specificity. You may have to update any overlay style overrides.

• • Virtual scrolling lists now have proper type checking which can reveal some previously-hidden compilation errors.

  • fix(cdk/scrolling): adds ngTemplateContextGuard

  implements ngTemplateContextGuard for CdkVirtualForOf directive

material

• • The ripples styles are now loaded slightly later than before which can change their specificity. You may have to update any ripple style overrides.
• • mixinColor and CanColor have been removed. Use a host binding instead.
  • mixinDisableRipple and CanDisableRipple have been removed. Use input transforms instead.
  • mixinDisabled and CanDisable have been removed. Use input transforms instead.
  • mixinInitialized and HasInitialized have been removed. Use a Subject that emits in ngOnInit instead.
  • mixinTabIndex and HasTabIndex have been removed. Use input transforms instead.

google-maps

• • The new @​googlemaps/markerclusterer API should be imported instead of the old one. Read more at: https://github.com/googlemaps/js-markerclusterer
  • The MapMarkerClusterer class has been renamed to DeprecatedMapMarkerClusterer.
  • The map-marker-clusterer selector has been changed to deprecated-map-marker-clusterer.

multiple

• • In order for Material to be compatible with recent changes in Sass and upcoming changes in the CSS standard, tokens are now emitted in-place, rather the being hoisted to the top of the selector. As a result, some token overrides might not apply anymore. This is relevant primarily for the cases like @include mat.button-theme($theme); --mat-button-color: red;. It can be resolved by wrapping the overrides with & {}, for example @include mat.button-theme($theme); & { --mat-button-color: red; }.
• • MatButton.ripple is no longer available.
  • MatCheckbox.ripple is no longer available.
  • MatChip.ripple is no longer available.

material-date-fns-adapter

Commit	Type	Description

... (truncated)

Commits

• 321ec85 release: cut the v19.0.1 release
• 7068a00 docs: Fix missing comma in the example theme config (#30088)
• a0e6773 build: some tokens not being extracted (#30084)
• 59b7f43 fix(multiple): use cross-compatible type for setTimeout (#30073)
• a312014 fix(material/timepicker): make disabled input public (#30063)
• f251e2b docs(material/form-field): update document refs to mat-chip-set (#30064)
• f9d9d2c fix(docs): update errorState example to cover handle missing state (#30059)
• 43eb506 ci: update to latest actions from angular/dev-infra (#30060)
• e8400c4 ci: update to latest actions from angular/dev-infra (#30054)
• 2d7e078 fix(material/button-toggle): animate checkbox (#30025)
• Additional commits viewable in compare view

Updates @angular/common from 18.2.12 to 19.0.1

Release notes

Sourced from @​angular/common's releases.

v19.0.1

19.0.1 (2024-11-26)

compiler-cli

Commit	Description
	more accurate diagnostics for host binding parser errors (#58870)

core

Commit	Description
	correctly clear template HMR internal renderer cache (#58724)
	correctly perform lazy routes migration for components with additional decorators (#58796)
	Ensure _tick is always run within the TracingSnapshot. (#58881)
	Ensure resource sets an error (#58855)
	make component id generation more stable between client and server builds (#58813)
	Prevents race condition of cleanup for incremental hydration (#58722)

forms

Commit	Description
	work around TypeScript 5.7 issue (#58731)

language-service

Commit	Description
	add fix for individual unused imports (#58719)
	allow fixes to run without template info (#58719)

migrations

Commit	Description
	fix provide-initializer migration when using useFactory (#58518)
	handle parameters with initializers in inject migration (#58769)
	Mark hoisted properties as removed in inject migration (#58804)

v19.0.0

19.0.0 (2024-11-19)

Explore Angular v19 with a blog post from the Angular team: https://blog.angular.dev/meet-angular-v19-7b29dfd05b84

Breaking Changes

compiler

• this.foo property reads no longer refer to template context variables. If you intended to read the template variable, do not use this..

core

• Angular directives, components and pipes are now standalone by default.

  • Specify standalone: false for declarations that are currently declared in @NgModules.
  • ng update for v19 will take care of this automatically.

• TypeScript versions less than 5.5 are no longer supported.

• Timing changes for effect API (in developer preview):

  • effects which are triggered outside of change detection run as part of the change detection process instead of as a microtask. Depending on the

... (truncated)

Changelog

Sourced from @​angular/common's changelog.

19.0.1 (2024-11-26)

compiler-cli

Commit	Type	Description
fb1fa8b0fc	fix	more accurate diagnostics for host binding parser errors (#58870)

core

Commit	Type	Description
502ee0e722	fix	correctly clear template HMR internal renderer cache (#58724)
99715104a1	fix	correctly perform lazy routes migration for components with additional decorators (#58796)
118803035f	fix	Ensure _tick is always run within the TracingSnapshot. (#58881)
08b9452f01	fix	Ensure resource sets an error (#58855)
84f45ea3ff	fix	make component id generation more stable between client and server builds (#58813)
d3491c7cee	fix	Prevents race condition of cleanup for incremental hydration (#58722)

forms

Commit	Type	Description
4dfe5b6cef	fix	work around TypeScript 5.7 issue (#58731)

language-service

Commit	Type	Description
a983865bff	fix	add fix for individual unused imports (#58719)
e6e7a4e22b	fix	allow fixes to run without template info (#58719)

migrations

Commit	Type	Description
5ce10264a4	fix	fix provide-initializer migration when using useFactory (#58518)
d4f5c85f60	fix	handle parameters with initializers in inject migration (#58769)
a6d2d2dc10	fix	Mark hoisted properties as removed in inject migration (#58804)

19.0.0 (2024-11-19)

Blog post: https://blog.angular.dev/meet-angular-v19-7b29dfd05b84

Breaking Changes

compiler

• this.foo property reads no longer refer to template context variables. If you intended to read the template variable, do not use this..
• changes to CSS selectors parsing where introduced, mainly to: pseudo selectors :where() and :is(), parsing of :host and host-context, parsing selectors within pseudo selector arguments (for instance comma separated selectors). These changes could lead to a different specificity of the resulting selectors and/or previously broken selectors being applied now, for example :where(:host) used to transform to :where()[ng-host] and is being :where([ng-host]) now. Unlike the previous outcome, the new result can target elements and therefore could lead to breakages.

core

• Angular directives, components and pipes are now standalone by default.
  • Specify standalone: false for declarations that are currently declared in @NgModules.
  • ng update for v19 will take care of this automatically.
• TypeScript versions less than 5.5 are no longer supported.

... (truncated)

Commits

• ea0bf74 refactor(core): use ApplicationRef.whenStable instead of a custom util func...
• 7dfb127 refactor: add @__PURE__ next to @pureOrBreakMyCode for improved bundler c...
• da9c0c5 refactor: cleanup initializers that use ctor params (#58349)
• 24c6373 feat(common): add optional rounded transform support in cloudinary image load...
• 4b9accd feat(http): promote withRequestsMadeViaParent to stable. (#58221)
• 13c1306 feat(common): disable keyvalue sorting using null compareFn (#57487)
• 09df589 refactor(core): Migrate all packages with the explicit-standalone-flag sche...
• 08b4a8a docs: move JSDoc below constructor (#57187)
• a36744e docs: move JSDoc before functions (#58087)
• 0eb1c5c docs(common): Minor typo in code example (#58085)
• Additional commits viewable in compare view

Updates @angular/compiler from 18.2.12 to 19.0.1

Release notes

Sourced from @​angular/compiler's releases.

v19.0.1

19.0.1 (2024-11-26)

compiler-cli

Commit	Description
	more accurate diagnostics for host binding parser errors (#58870)

core

Commit	Description
	correctly clear template HMR internal renderer cache (#58724)
	correctly perform lazy routes migration for components with additional decorators (#58796)
	Ensure _tick is always run within the TracingSnapshot. (#58881)
	Ensure resource sets an error (#58855)
	make component id generation more stable between client and server builds (#58813)
	Prevents race condition of cleanup for incremental hydration (#58722)

forms

Commit	Description
	work around TypeScript 5.7 issue (#58731)

language-service

Commit	Description
	add fix for individual unused imports (#58719)
	allow fixes to run without template info (#58719)

migrations

Commit	Description
	fix provide-initializer migration when using useFactory (#58518)
	handle parameters with initializers in inject migration (#58769)
	Mark hoisted properties as removed in inject migration (#58804)

v19.0.0

19.0.0 (2024-11-19)

Explore Angular v19 with a blog post from the Angular team: https://blog.angular.dev/meet-angular-v19-7b29dfd05b84

Breaking Changes

compiler

• this.foo property reads no longer refer to template context variables. If you intended to read the template variable, do not use this..

core

• Angular directives, components and pipes are now standalone by default.

  • Specify standalone: false for declarations that are currently declared in @NgModules.
  • ng update for v19 will take care of this automatically.

• TypeScript versions less than 5.5 are no longer supported.

• Timing changes for effect API (in developer preview):

  • effects which are triggered outside of change detection run as part of the change detection process instead of as a microtask. Depending on the

... (truncated)

Changelog

Sourced from @​angular/compiler's changelog.

19.0.1 (2024-11-26)

compiler-cli

Commit	Type	Description
fb1fa8b0fc	fix	more accurate diagnostics for host binding parser errors (#58870)

core

Commit	Type	Description
502ee0e722	fix	correctly clear template HMR internal renderer cache (#58724)
99715104a1	fix	correctly perform lazy routes migration for components with additional decorators (#58796)
118803035f	fix	Ensure _tick is always run within the TracingSnapshot. (#58881)
08b9452f01	fix	Ensure resource sets an error (#58855)
84f45ea3ff	fix	make component id generation more stable between client and server builds (#58813)
d3491c7cee	fix	Prevents race condition of cleanup for incremental hydration (#58722)

forms

Commit	Type	Description
4dfe5b6cef	fix	work around TypeScript 5.7 issue (#58731)

language-service

Commit	Type	Description
a983865bff	fix	add fix for individual unused imports (#58719)
e6e7a4e22b	fix	allow fixes to run without template info (#58719)

migrations

Commit	Type	Description
5ce10264a4	fix	fix provide-initializer migration when using useFactory (#58518)
d4f5c85f60	fix	handle parameters with initializers in inject migration (#58769)
a6d2d2dc10	fix	Mark hoisted properties as removed in inject migration (#58804)

19.0.0 (2024-11-19)

Blog post: https://blog.angular.dev/meet-angular-v19-7b29dfd05b84

Breaking Changes

compiler

• this.foo property reads no longer refer to template context variables. If you intended to read the template variable, do not use this..
• changes to CSS selectors parsing where introduced, mainly to: pseudo selectors :where() and :is(), parsing of :host and host-context, parsing selectors within pseudo selector arguments (for instance comma separated selectors). These changes could lead to a different specificity of the resulting selectors and/or previously broken selectors being applied now, for example :where(:host) used to transform to :where()[ng-host] and is being :where([ng-host]) now. Unlike the previous outcome, the new result can target elements and therefore could lead to breakages.

core

• Angular directives, components and pipes are now standalone by default.
  • Specify standalone: false for declarations that are currently declared in @NgModules.
  • ng update for v19 will take care of this automatically.
• TypeScript versions less than 5.5 are no longer supported.

... (truncated)

Commits

• fb1fa8b fix(compiler-cli): more accurate diagnostics for host binding parser errors (...
• 806a61b fix(compiler): fix multiline selectors (#58681)
• e5d3abb fix(compiler): resolve :host:host-context(.foo) (#58681)
• 80f5695 fix(compiler): transform chained pseudo-selectors (#58681)
• 2be161d fix(compiler): fix :host parsing in pseudo-selectors (

[github-actions]

Dependency Review

The following issues were found:

• ✅ 0 vulnerable package(s)
• ✅ 0 package(s) with incompatible licenses
• ✅ 0 package(s) with invalid SPDX license definitions
• ⚠️ 1 package(s) with unknown licenses.

See the Details below.

License Issues

frontend/package.json

Package	Version	License	Issue Type
highcharts	^12.0.1	Null	Unknown License

OpenSSF Scorecard

Scorecard details

Package	Version	Score	Details
npm/@angular/animations	19.0.1	🟢 6.4	Details Check Score Reason Binary-Artifacts 🟢 10 no binaries found in the repo Branch-Protection 🟢 6 branch protection is not maximal on development and all release branches CI-Tests ⚠️ -1 no pull request found CII-Best-Practices ⚠️ 2 badge detected: InProgress Code-Review ⚠️ 0 Found 0/30 approved changesets -- score normalized to 0 Contributors 🟢 10 project has 38 contributing companies or organizations Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Dependency-Update-Tool 🟢 10 update tool detected Fuzzing 🟢 10 project is fuzzed License 🟢 10 license file detected Maintained 🟢 10 30 commit(s) and 18 issue activity found in the last 90 days -- score normalized to 10 Packaging ⚠️ -1 packaging workflow not detected Pinned-Dependencies 🟢 10 all dependencies are pinned SAST ⚠️ 0 no SAST tool detected Security-Policy 🟢 10 security policy file detected Signed-Releases ⚠️ -1 no releases found Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Vulnerabilities ⚠️ 0 66 existing vulnerabilities detected
npm/@angular/cdk	19.0.1	🟢 7.4	Details Check Score Reason Binary-Artifacts 🟢 10 no binaries found in the repo Branch-Protection 🟢 6 branch protection is not maximal on development and all release branches CI-Tests 🟢 10 29 out of 29 merged PRs checked by a CI test -- score normalized to 10 CII-Best-Practices ⚠️ 2 badge detected: in_progress Code-Review 🟢 10 all changesets reviewed Contributors 🟢 10 21 different organizations found -- score normalized to 10 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Dependency-Update-Tool 🟢 10 update tool detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Maintained 🟢 10 30 commit(s) out of 30 and 7 issue activity out of 30 found in the last 90 days -- score normalized to 10 Packaging ⚠️ -1 no published package detected Pinned-Dependencies 🟢 10 all dependencies are pinned SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Security-Policy 🟢 10 security policy file detected Signed-Releases ⚠️ -1 no releases found Token-Permissions 🟢 8 detected GitHub workflow tokens with excessive permissions Vulnerabilities ⚠️ 0 51 existing vulnerabilities detected
npm/@angular/common	19.0.1	🟢 6.4	Details Check Score Reason Binary-Artifacts 🟢 10 no binaries found in the repo Branch-Protection 🟢 6 branch protection is not maximal on development and all release branches CI-Tests ⚠️ -1 no pull request found CII-Best-Practices ⚠️ 2 badge detected: InProgress Code-Review ⚠️ 0 Found 0/30 approved changesets -- score normalized to 0 Contributors 🟢 10 project has 38 contributing companies or organizations Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Dependency-Update-Tool 🟢 10 update tool detected Fuzzing 🟢 10 project is fuzzed License 🟢 10 license file detected Maintained 🟢 10 30 commit(s) and 18 issue activity found in the last 90 days -- score normalized to 10 Packaging ⚠️ -1 packaging workflow not detected Pinned-Dependencies 🟢 10 all dependencies are pinned SAST ⚠️ 0 no SAST tool detected Security-Policy 🟢 10 security policy file detected Signed-Releases ⚠️ -1 no releases found Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Vulnerabilities ⚠️ 0 66 existing vulnerabilities detected
npm/@angular/compiler	19.0.1	🟢 6.4	Details Check Score Reason Binary-Artifacts 🟢 10 no binaries found in the repo Branch-Protection 🟢 6 branch protection is not maximal on development and all release branches CI-Tests ⚠️ -1 no pull request found CII-Best-Practices ⚠️ 2 badge detected: InProgress Code-Review ⚠️ 0 Found 0/30 approved changesets -- score normalized to 0 Contributors 🟢 10 project has 38 contributing companies or organizations Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Dependency-Update-Tool 🟢 10 update tool detected Fuzzing 🟢 10 project is fuzzed License 🟢 10 license file detected Maintained 🟢 10 30 commit(s) and 18 issue activity found in the last 90 days -- score normalized to 10 Packaging ⚠️ -1 packaging workflow not detected Pinned-Dependencies 🟢 10 all dependencies are pinned SAST ⚠️ 0 no SAST tool detected Security-Policy 🟢 10 security policy file detected Signed-Releases ⚠️ -1 no releases found Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Vulnerabilities ⚠️ 0 66 existing vulnerabilities detected
npm/@angular/core	19.0.1	🟢 6.4	Details Check Score Reason Binary-Artifacts 🟢 10 no binaries found in the repo Branch-Protection 🟢 6 branch protection is not maximal on development and all release branches CI-Tests ⚠️ -1 no pull request found CII-Best-Practices ⚠️ 2 badge detected: InProgress Code-Review ⚠️ 0 Found 0/30 approved changesets -- score normalized to 0 Contributors 🟢 10 project has 38 contributing companies or organizations Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Dependency-Update-Tool 🟢 10 update tool detected Fuzzing 🟢 10 project is fuzzed License 🟢 10 license file detected Maintained 🟢 10 30 commit(s) and 18 issue activity found in the last 90 days -- score normalized to 10 Packaging ⚠️ -1 packaging workflow not detected Pinned-Dependencies 🟢 10 all dependencies are pinned SAST ⚠️ 0 no SAST tool detected Security-Policy 🟢 10 security policy file detected Signed-Releases ⚠️ -1 no releases found Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Vulnerabilities ⚠️ 0 66 existing vulnerabilities detected
npm/@angular/forms	19.0.1	🟢 6.4	Details Check Score Reason Binary-Artifacts 🟢 10 no binaries found in the repo Branch-Protection 🟢 6 branch protection is not maximal on development and all release branches CI-Tests ⚠️ -1 no pull request found CII-Best-Practices ⚠️ 2 badge detected: InProgress Code-Review ⚠️ 0 Found 0/30 approved changesets -- score normalized to 0 Contributors 🟢 10 project has 38 contributing companies or organizations Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Dependency-Update-Tool 🟢 10 update tool detected Fuzzing 🟢 10 project is fuzzed License 🟢 10 license file detected Maintained 🟢 10 30 commit(s) and 18 issue activity found in the last 90 days -- score normalized to 10 Packaging ⚠️ -1 packaging workflow not detected Pinned-Dependencies 🟢 10 all dependencies are pinned SAST ⚠️ 0 no SAST tool detected Security-Policy 🟢 10 security policy file detected Signed-Releases ⚠️ -1 no releases found Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Vulnerabilities ⚠️ 0 66 existing vulnerabilities detected
npm/@angular/material	19.0.1	🟢 7.4	Details Check Score Reason Binary-Artifacts 🟢 10 no binaries found in the repo Branch-Protection 🟢 6 branch protection is not maximal on development and all release branches CI-Tests 🟢 10 29 out of 29 merged PRs checked by a CI test -- score normalized to 10 CII-Best-Practices ⚠️ 2 badge detected: in_progress Code-Review 🟢 10 all changesets reviewed Contributors 🟢 10 21 different organizations found -- score normalized to 10 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Dependency-Update-Tool 🟢 10 update tool detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Maintained 🟢 10 30 commit(s) out of 30 and 7 issue activity out of 30 found in the last 90 days -- score normalized to 10 Packaging ⚠️ -1 no published package detected Pinned-Dependencies 🟢 10 all dependencies are pinned SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Security-Policy 🟢 10 security policy file detected Signed-Releases ⚠️ -1 no releases found Token-Permissions 🟢 8 detected GitHub workflow tokens with excessive permissions Vulnerabilities ⚠️ 0 51 existing vulnerabilities detected
npm/@angular/platform-browser	19.0.1	🟢 6.4	Details Check Score Reason Binary-Artifacts 🟢 10 no binaries found in the repo Branch-Protection 🟢 6 branch protection is not maximal on development and all release branches CI-Tests ⚠️ -1 no pull request found CII-Best-Practices ⚠️ 2 badge detected: InProgress Code-Review ⚠️ 0 Found 0/30 approved changesets -- score normalized to 0 Contributors 🟢 10 project has 38 contributing companies or organizations Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Dependency-Update-Tool 🟢 10 update tool detected Fuzzing 🟢 10 project is fuzzed License 🟢 10 license file detected Maintained 🟢 10 30 commit(s) and 18 issue activity found in the last 90 days -- score normalized to 10 Packaging ⚠️ -1 packaging workflow not detected Pinned-Dependencies 🟢 10 all dependencies are pinned SAST ⚠️ 0 no SAST tool detected Security-Policy 🟢 10 security policy file detected Signed-Releases ⚠️ -1 no releases found Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Vulnerabilities ⚠️ 0 66 existing vulnerabilities detected
npm/@angular/platform-browser-dynamic	19.0.1	🟢 6.4	Details Check Score Reason Binary-Artifacts 🟢 10 no binaries found in the repo Branch-Protection 🟢 6 branch protection is not maximal on development and all release branches CI-Tests ⚠️ -1 no pull request found CII-Best-Practices ⚠️ 2 badge detected: InProgress Code-Review ⚠️ 0 Found 0/30 approved changesets -- score normalized to 0 Contributors 🟢 10 project has 38 contributing companies or organizations Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Dependency-Update-Tool 🟢 10 update tool detected Fuzzing 🟢 10 project is fuzzed License 🟢 10 license file detected Maintained 🟢 10 30 commit(s) and 18 issue activity found in the last 90 days -- score normalized to 10 Packaging ⚠️ -1 packaging workflow not detected Pinned-Dependencies 🟢 10 all dependencies are pinned SAST ⚠️ 0 no SAST tool detected Security-Policy 🟢 10 security policy file detected Signed-Releases ⚠️ -1 no releases found Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Vulnerabilities ⚠️ 0 66 existing vulnerabilities detected
npm/@angular/router	19.0.1	🟢 6.4	Details Check Score Reason Binary-Artifacts 🟢 10 no binaries found in the repo Branch-Protection 🟢 6 branch protection is not maximal on development and all release branches CI-Tests ⚠️ -1 no pull request found CII-Best-Practices ⚠️ 2 badge detected: InProgress Code-Review ⚠️ 0 Found 0/30 approved changesets -- score normalized to 0 Contributors 🟢 10 project has 38 contributing companies or organizations Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Dependency-Update-Tool 🟢 10 update tool detected Fuzzing 🟢 10 project is fuzzed License 🟢 10 license file detected Maintained 🟢 10 30 commit(s) and 18 issue activity found in the last 90 days -- score normalized to 10 Packaging ⚠️ -1 packaging workflow not detected Pinned-Dependencies 🟢 10 all dependencies are pinned SAST ⚠️ 0 no SAST tool detected Security-Policy 🟢 10 security policy file detected Signed-Releases ⚠️ -1 no releases found Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Vulnerabilities ⚠️ 0 66 existing vulnerabilities detected
npm/@octokit/types	13.6.2	🟢 7.3	Details Check Score Reason Security-Policy 🟢 9 security policy file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Code-Review 🟢 10 all changesets reviewed Binary-Artifacts 🟢 10 no binaries found in the repo Maintained 🟢 9 9 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 9 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Pinned-Dependencies 🟢 3 dependency not pinned by hash detected -- score normalized to 3 Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Packaging 🟢 10 packaging workflow detected SAST 🟢 10 SAST tool is run on all commits Vulnerabilities 🟢 8 2 existing vulnerabilities detected
npm/cronstrue	2.52.0	🟢 3.8	Details Check Score Reason Code-Review ⚠️ 2 Found 8/28 approved changesets -- score normalized to 2 Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Maintained 🟢 6 5 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 6 Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy ⚠️ 0 security policy file not detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Signed-Releases ⚠️ 0 Project has not signed or included provenance with any releases. Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Vulnerabilities 🟢 6 4 existing vulnerabilities detected
npm/highcharts	12.0.1	🟢 3	Details Check Score Reason Dangerous-Workflow ⚠️ -1 no workflows found Token-Permissions ⚠️ -1 No tokens found Packaging ⚠️ -1 packaging workflow not detected Maintained 🟢 3 4 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 3 Code-Review ⚠️ 0 Found 1/28 approved changesets -- score normalized to 0 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy ⚠️ 0 security policy file not detected Binary-Artifacts 🟢 10 no binaries found in the repo License ⚠️ 0 license file not detected Vulnerabilities 🟢 10 0 existing vulnerabilities detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Pinned-Dependencies ⚠️ -1 no dependencies found SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed
npm/zone.js	0.15.0	🟢 6.4	Details Check Score Reason Binary-Artifacts 🟢 10 no binaries found in the repo Branch-Protection 🟢 6 branch protection is not maximal on development and all release branches CI-Tests ⚠️ -1 no pull request found CII-Best-Practices ⚠️ 2 badge detected: InProgress Code-Review ⚠️ 0 Found 0/30 approved changesets -- score normalized to 0 Contributors 🟢 10 project has 38 contributing companies or organizations Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Dependency-Update-Tool 🟢 10 update tool detected Fuzzing 🟢 10 project is fuzzed License 🟢 10 license file detected Maintained 🟢 10 30 commit(s) and 18 issue activity found in the last 90 days -- score normalized to 10 Packaging ⚠️ -1 packaging workflow not detected Pinned-Dependencies 🟢 10 all dependencies are pinned SAST ⚠️ 0 no SAST tool detected Security-Policy 🟢 10 security policy file detected Signed-Releases ⚠️ -1 no releases found Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Vulnerabilities ⚠️ 0 66 existing vulnerabilities detected
npm/@angular/animations	^19.0.1	🟢 6.4	Details Check Score Reason Binary-Artifacts 🟢 10 no binaries found in the repo Branch-Protection 🟢 6 branch protection is not maximal on development and all release branches CI-Tests ⚠️ -1 no pull request found CII-Best-Practices ⚠️ 2 badge detected: InProgress Code-Review ⚠️ 0 Found 0/30 approved changesets -- score normalized to 0 Contributors 🟢 10 project has 38 contributing companies or organizations Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Dependency-Update-Tool 🟢 10 update tool detected Fuzzing 🟢 10 project is fuzzed License 🟢 10 license file detected Maintained 🟢 10 30 commit(s) and 18 issue activity found in the last 90 days -- score normalized to 10 Packaging ⚠️ -1 packaging workflow not detected Pinned-Dependencies 🟢 10 all dependencies are pinned SAST ⚠️ 0 no SAST tool detected Security-Policy 🟢 10 security policy file detected Signed-Releases ⚠️ -1 no releases found Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Vulnerabilities ⚠️ 0 66 existing vulnerabilities detected
npm/@angular/cdk	^19.0.1	🟢 7.4	Details Check Score Reason Binary-Artifacts 🟢 10 no binaries found in the repo Branch-Protection 🟢 6 branch protection is not maximal on development and all release branches CI-Tests 🟢 10 29 out of 29 merged PRs checked by a CI test -- score normalized to 10 CII-Best-Practices ⚠️ 2 badge detected: in_progress Code-Review 🟢 10 all changesets reviewed Contributors 🟢 10 21 different organizations found -- score normalized to 10 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Dependency-Update-Tool 🟢 10 update tool detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Maintained 🟢 10 30 commit(s) out of 30 and 7 issue activity out of 30 found in the last 90 days -- score normalized to 10 Packaging ⚠️ -1 no published package detected Pinned-Dependencies 🟢 10 all dependencies are pinned SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Security-Policy 🟢 10 security policy file detected Signed-Releases ⚠️ -1 no releases found Token-Permissions 🟢 8 detected GitHub workflow tokens with excessive permissions Vulnerabilities ⚠️ 0 51 existing vulnerabilities detected
npm/@angular/common	^19.0.1	🟢 6.4	Details Check Score Reason Binary-Artifacts 🟢 10 no binaries found in the repo Branch-Protection 🟢 6 branch protection is not maximal on development and all release branches CI-Tests ⚠️ -1 no pull request found CII-Best-Practices ⚠️ 2 badge detected: InProgress Code-Review ⚠️ 0 Found 0/30 approved changesets -- score normalized to 0 Contributors 🟢 10 project has 38 contributing companies or organizations Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Dependency-Update-Tool 🟢 10 update tool detected Fuzzing 🟢 10 project is fuzzed License 🟢 10 license file detected Maintained 🟢 10 30 commit(s) and 18 issue activity found in the last 90 days -- score normalized to 10 Packaging ⚠️ -1 packaging workflow not detected Pinned-Dependencies 🟢 10 all dependencies are pinned SAST ⚠️ 0 no SAST tool detected Security-Policy 🟢 10 security policy file detected Signed-Releases ⚠️ -1 no releases found Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Vulnerabilities ⚠️ 0 66 existing vulnerabilities detected
npm/@angular/compiler	^19.0.1	🟢 6.4	Details Check Score Reason Binary-Artifacts 🟢 10 no binaries found in the repo Branch-Protection 🟢 6 branch protection is not maximal on development and all release branches CI-Tests ⚠️ -1 no pull request found CII-Best-Practices ⚠️ 2 badge detected: InProgress Code-Review ⚠️ 0 Found 0/30 approved changesets -- score normalized to 0 Contributors 🟢 10 project has 38 contributing companies or organizations Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Dependency-Update-Tool 🟢 10 update tool detected Fuzzing 🟢 10 project is fuzzed License 🟢 10 license file detected Maintained 🟢 10 30 commit(s) and 18 issue activity found in the last 90 days -- score normalized to 10 Packaging ⚠️ -1 packaging workflow not detected Pinned-Dependencies 🟢 10 all dependencies are pinned SAST ⚠️ 0 no SAST tool detected Security-Policy 🟢 10 security policy file detected Signed-Releases ⚠️ -1 no releases found Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Vulnerabilities ⚠️ 0 66 existing vulnerabilities detected
npm/@angular/core	^19.0.1	🟢 6.4	Details Check Score Reason Binary-Artifacts 🟢 10 no binaries found in the repo Branch-Protection 🟢 6 branch protection is not maximal on development and all release branches CI-Tests ⚠️ -1 no pull request found CII-Best-Practices ⚠️ 2 badge detected: InProgress Code-Review ⚠️ 0 Found 0/30 approved changesets -- score normalized to 0 Contributors 🟢 10 project has 38 contributing companies or organizations Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Dependency-Update-Tool 🟢 10 update tool detected Fuzzing 🟢 10 project is fuzzed License 🟢 10 license file detected Maintained 🟢 10 30 commit(s) and 18 issue activity found in the last 90 days -- score normalized to 10 Packaging ⚠️ -1 packaging workflow not detected Pinned-Dependencies 🟢 10 all dependencies are pinned SAST ⚠️ 0 no SAST tool detected Security-Policy 🟢 10 security policy file detected Signed-Releases ⚠️ -1 no releases found Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Vulnerabilities ⚠️ 0 66 existing vulnerabilities detected
npm/@angular/forms	^19.0.1	🟢 6.4	Details Check Score Reason Binary-Artifacts 🟢 10 no binaries found in the repo Branch-Protection 🟢 6 branch protection is not maximal on development and all release branches CI-Tests ⚠️ -1 no pull request found CII-Best-Practices ⚠️ 2 badge detected: InProgress Code-Review ⚠️ 0 Found 0/30 approved changesets -- score normalized to 0 Contributors 🟢 10 project has 38 contributing companies or organizations Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Dependency-Update-Tool 🟢 10 update tool detected Fuzzing 🟢 10 project is fuzzed License 🟢 10 license file detected Maintained 🟢 10 30 commit(s) and 18 issue activity found in the last 90 days -- score normalized to 10 Packaging ⚠️ -1 packaging workflow not detected Pinned-Dependencies 🟢 10 all dependencies are pinned SAST ⚠️ 0 no SAST tool detected Security-Policy 🟢 10 security policy file detected Signed-Releases ⚠️ -1 no releases found Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Vulnerabilities ⚠️ 0 66 existing vulnerabilities detected
npm/@angular/material	^19.0.1	🟢 7.4	Details Check Score Reason Binary-Artifacts 🟢 10 no binaries found in the repo Branch-Protection 🟢 6 branch protection is not maximal on development and all release branches CI-Tests 🟢 10 29 out of 29 merged PRs checked by a CI test -- score normalized to 10 CII-Best-Practices ⚠️ 2 badge detected: in_progress Code-Review 🟢 10 all changesets reviewed Contributors 🟢 10 21 different organizations found -- score normalized to 10 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Dependency-Update-Tool 🟢 10 update tool detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Maintained 🟢 10 30 commit(s) out of 30 and 7 issue activity out of 30 found in the last 90 days -- score normalized to 10 Packaging ⚠️ -1 no published package detected Pinned-Dependencies 🟢 10 all dependencies are pinned SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Security-Policy 🟢 10 security policy file detected Signed-Releases ⚠️ -1 no releases found Token-Permissions 🟢 8 detected GitHub workflow tokens with excessive permissions Vulnerabilities ⚠️ 0 51 existing vulnerabilities detected
npm/@angular/platform-browser	^19.0.1	🟢 6.4	Details Check Score Reason Binary-Artifacts 🟢 10 no binaries found in the repo Branch-Protection 🟢 6 branch protection is not maximal on development and all release branches CI-Tests ⚠️ -1 no pull request found CII-Best-Practices ⚠️ 2 badge detected: InProgress Code-Review ⚠️ 0 Found 0/30 approved changesets -- score normalized to 0 Contributors 🟢 10 project has 38 contributing companies or organizations Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Dependency-Update-Tool 🟢 10 update tool detected Fuzzing 🟢 10 project is fuzzed License 🟢 10 license file detected Maintained 🟢 10 30 commit(s) and 18 issue activity found in the last 90 days -- score normalized to 10 Packaging ⚠️ -1 packaging workflow not detected Pinned-Dependencies 🟢 10 all dependencies are pinned SAST ⚠️ 0 no SAST tool detected Security-Policy 🟢 10 security policy file detected Signed-Releases ⚠️ -1 no releases found Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Vulnerabilities ⚠️ 0 66 existing vulnerabilities detected
npm/@angular/platform-browser-dynamic	^19.0.1	🟢 6.4	Details Check Score Reason Binary-Artifacts 🟢 10 no binaries found in the repo Branch-Protection 🟢 6 branch protection is not maximal on development and all release branches CI-Tests ⚠️ -1 no pull request found CII-Best-Practices ⚠️ 2 badge detected: InProgress Code-Review ⚠️ 0 Found 0/30 approved changesets -- score normalized to 0 Contributors 🟢 10 project has 38 contributing companies or organizations Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Dependency-Update-Tool 🟢 10 update tool detected Fuzzing 🟢 10 project is fuzzed License 🟢 10 license file detected Maintained 🟢 10 30 commit(s) and 18 issue activity found in the last 90 days -- score normalized to 10 Packaging ⚠️ -1 packaging workflow not detected Pinned-Dependencies 🟢 10 all dependencies are pinned SAST ⚠️ 0 no SAST tool detected Security-Policy 🟢 10 security policy file detected Signed-Releases ⚠️ -1 no releases found Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Vulnerabilities ⚠️ 0 66 existing vulnerabilities detected
npm/@angular/router	^19.0.1	🟢 6.4	Details Check Score Reason Binary-Artifacts 🟢 10 no binaries found in the repo Branch-Protection 🟢 6 branch protection is not maximal on development and all release branches CI-Tests ⚠️ -1 no pull request found CII-Best-Practices ⚠️ 2 badge detected: InProgress Code-Review ⚠️ 0 Found 0/30 approved changesets -- score normalized to 0 Contributors 🟢 10 project has 38 contributing companies or organizations Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Dependency-Update-Tool 🟢 10 update tool detected Fuzzing 🟢 10 project is fuzzed License 🟢 10 license file detected Maintained 🟢 10 30 commit(s) and 18 issue activity found in the last 90 days -- score normalized to 10 Packaging ⚠️ -1 packaging workflow not detected Pinned-Dependencies 🟢 10 all dependencies are pinned SAST ⚠️ 0 no SAST tool detected Security-Policy 🟢 10 security policy file detected Signed-Releases ⚠️ -1 no releases found Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Vulnerabilities ⚠️ 0 66 existing vulnerabilities detected
npm/@octokit/types	^13.6.2	🟢 7.3	Details Check Score Reason Security-Policy 🟢 9 security policy file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Code-Review 🟢 10 all changesets reviewed Binary-Artifacts 🟢 10 no binaries found in the repo Maintained 🟢 9 9 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 9 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Pinned-Dependencies 🟢 3 dependency not pinned by hash detected -- score normalized to 3 Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Packaging 🟢 10 packaging workflow detected SAST 🟢 10 SAST tool is run on all commits Vulnerabilities 🟢 8 2 existing vulnerabilities detected
npm/cronstrue	^2.52.0	🟢 3.8	Details Check Score Reason Code-Review ⚠️ 2 Found 8/28 approved changesets -- score normalized to 2 Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Maintained 🟢 6 5 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 6 Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy ⚠️ 0 security policy file not detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Signed-Releases ⚠️ 0 Project has not signed or included provenance with any releases. Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Vulnerabilities 🟢 6 4 existing vulnerabilities detected
npm/highcharts	^12.0.1	🟢 3	Details Check Score Reason Dangerous-Workflow ⚠️ -1 no workflows found Token-Permissions ⚠️ -1 No tokens found Packaging ⚠️ -1 packaging workflow not detected Maintained 🟢 3 4 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 3 Code-Review ⚠️ 0 Found 1/28 approved changesets -- score normalized to 0 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy ⚠️ 0 security policy file not detected Binary-Artifacts 🟢 10 no binaries found in the repo License ⚠️ 0 license file not detected Vulnerabilities 🟢 10 0 existing vulnerabilities detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Pinned-Dependencies ⚠️ -1 no dependencies found SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed

Scanned Files

• frontend/package-lock.json
• frontend/package.json

[dependabot]

Superseded by #82.