Bump the production-dependencies group across 1 directory with 13 updates #82

dependabot · 2024-12-06T16:50:58Z

Bumps the production-dependencies group with 13 updates in the /frontend directory:

Package	From	To
@angular/animations	`18.2.12`	`19.0.3`
@angular/cdk	`18.2.13`	`19.0.2`
@angular/common	`18.2.12`	`19.0.3`
@angular/compiler	`18.2.12`	`19.0.3`
@angular/core	`18.2.12`	`19.0.3`
@angular/forms	`18.2.12`	`19.0.3`
@angular/material	`18.2.13`	`19.0.2`
@angular/platform-browser	`18.2.12`	`19.0.3`
@angular/platform-browser-dynamic	`18.2.12`	`19.0.3`
@angular/router	`18.2.12`	`19.0.3`
@octokit/types	`13.6.1`	`13.6.2`
cronstrue	`2.51.0`	`2.52.0`
highcharts	`11.4.8`	`12.0.2`

Updates @angular/animations from 18.2.12 to 19.0.3

Release notes

Sourced from @angular/animations's releases.

v19.0.3

19.0.3 (2024-12-04)

v19.0.2

19.0.2 (2024-12-04)

compiler-cli

Commit Description

account for multiple generated namespace imports in HMR (#58924)

core

Commit Description

Explicitly manage TracingSnapshot lifecycle and dispose of it once it's been used. (#58929)

migrations

Commit Description

class content being deleted in some edge cases (#58959)

correctly strip away parameters surrounded by comments in inject migration (#58959)

don't migrate classes with parameters that can't be injected (#58959)

inject migration aggressively removing imports (#58959)

inject migration dropping code if everything except super is removed (#58959)

preserve type literals and tuples in inject migrations (#58959)

platform-server

Commit Description

remove peer dependency on animations (#58997)

v19.0.1

19.0.1 (2024-11-26)

compiler-cli

Commit Description

more accurate diagnostics for host binding parser errors (#58870)

core

Commit Description

correctly clear template HMR internal renderer cache (#58724)

correctly perform lazy routes migration for components with additional decorators (#58796)

Ensure _tick is always run within the TracingSnapshot. (#58881)

Ensure resource sets an error (#58855)

make component id generation more stable between client and server builds (#58813)

Prevents race condition of cleanup for incremental hydration (#58722)

forms

Commit Description

work around TypeScript 5.7 issue (#58731)

language-service

... (truncated)

Changelog

Sourced from @angular/animations's changelog.

19.0.3 (2024-12-04)

19.1.0-next.1 (2024-12-04)

compiler-cli

Commit Type Description

f280467398 fix account for multiple generated namespace imports in HMR (#58924)

core

Commit Type Description

e894a5daea feat set kind field on template and effect nodes (#58865)

3b765367f3 fix Explicitly manage TracingSnapshot lifecycle and dispose of it once it's been used. (#58929)

migrations

Commit Type Description

e31e52e177 fix class content being deleted in some edge cases (#58959)

508d3a1b3b fix correctly strip away parameters surrounded by comments in inject migration (#58959)

7191aa6e09 fix don't migrate classes with parameters that can't be injected (#58959)

a4924af6d5 fix inject migration aggressively removing imports (#58959)

35165d152d fix inject migration dropping code if everything except super is removed (#58959)

68e5ba7a3a fix preserve type literals and tuples in inject migrations (#58959)

platform-server

Commit Type Description

1cfbfc66d3 fix remove peer dependency on animations (#58997)

19.0.2 (2024-12-04)

compiler-cli

Commit Type Description

9f99196d23 fix account for multiple generated namespace imports in HMR (#58924)

core

Commit Type Description

4792db9a6d fix Explicitly manage TracingSnapshot lifecycle and dispose of it once it's been used. (#58929)

migrations

Commit Type Description

7b5bacc228 fix class content being deleted in some edge cases (#58959)

d1cbdd6acb fix correctly strip away parameters surrounded by comments in inject migration (#58959)

e17ff71c31 fix don't migrate classes with parameters that can't be injected (#58959)

7c5f990001 fix inject migration aggressively removing imports (#58959)

4392ccedf9 fix inject migration dropping code if everything except super is removed (#58959)

9cbebc6dda fix preserve type literals and tuples in inject migrations (#58959)

... (truncated)

Commits

5f3ba06 docs: set syntax highlighting of code examples MD code blocks (#59026)
b8a2ae0 docs: fix missing alert block styles in the API reference (#59020)
09df589 refactor(core): Migrate all packages with the explicit-standalone-flag sche...
84b6896 refactor(platform-server): Add an ssr benchmark setup. (#57647)
9dbe6fc refactor: update license text to point to angular.dev (#57901)
See full diff in compare view

Updates @angular/cdk from 18.2.13 to 19.0.2

Release notes

Sourced from @angular/cdk's releases.

v19.0.2

19.0.2 "plastic-rhino" (2024-12-04)

youtube-player

Commit Description

update to latest typings (#30126)

material

Commit Description

button-toggle: unable to tab into ngModel-based group on first render (#30103)

core: optgroup label color not inferred correctly (#30085)

schematics: avoid parsing stylesheets that don't include Material

schematics: error if stylesheet contains syntax errors

sort: simplify animations (#30057)

tabs: ink bar not showing when same tab is re-selected (#30121)

cdk

Commit Description

accordion: improve accessibility in example code (#30087)

menu: disable flexible dimensions (#30086)

v19.0.1

19.0.1 "mercury-mailbox" (2024-11-27)

material

Commit Description

button-toggle: animate checkbox (#30025)

chips: emit state changes when chip grid is disabled (#30033)

datepicker: adds comparison ids and aria-describedby spans (#30040)

slider: update documentation (#30029)

timepicker: make disabled input public (#30063)

docs

Commit Description

update errorState example to cover handle missing state (#30059)

multiple

Commit Description

use cross-compatible type for setTimeout (#30073)

v19.0.0

19.0.0 "hafnium-hippo" (2024-11-19)

cdk

Commit Description

a11y: use native media query for high contrast detection (#29678)

private: create cdk-visually-hidden style loader (#29757)

... (truncated)

Changelog

Sourced from @angular/cdk's changelog.

19.0.2 "plastic-rhino" (2024-12-04)

cdk

Commit Type Description

460f971b27 fix accordion: improve accessibility in example code (#30087)

6306a12c12 fix menu: disable flexible dimensions (#30086)

material

Commit Type Description

0ed9869529 fix button-toggle: unable to tab into ngModel-based group on first render (#30103)

72ff6fcce3 fix core: optgroup label color not inferred correctly (#30085)

c395585446 fix schematics: avoid parsing stylesheets that don't include Material

5b3350a60e fix schematics: error if stylesheet contains syntax errors

1235ad28bc fix sort: simplify animations (#30057)

5b165067e8 fix tabs: ink bar not showing when same tab is re-selected (#30121)

youtube-player

Commit Type Description

1d3905a208 fix update to latest typings (#30126)

19.1.0-next.0 "hassium-ham" (2024-11-27)

material

Commit Type Description

f47f5f9a1 feat schematics: Add CSS output to custom theme schematic (#30004)

multiple

Commit Type Description

3a7724e95 fix remove webkit-overflow-scrolling (#30003)

19.0.1 "mercury-mailbox" (2024-11-27)

material

Commit Type Description

2d7e078bb fix button-toggle: animate checkbox (#30025)

edac40645 fix chips: emit state changes when chip grid is disabled (#30033)

18f7f4bb9 fix datepicker: adds comparison ids and aria-describedby spans (#30040)

375435497 fix slider: update documentation (#30029)

a31201475 fix timepicker: make disabled input public (#30063)

docs

Commit Type Description

f9d9d2c81 fix update errorState example to cover handle missing state (#30059)

multiple

... (truncated)

Commits

8f2b8f3 release: cut the v19.0.2 release
5b16506 fix(material/tabs): ink bar not showing when same tab is re-selected (#30121)
1d3905a fix(youtube-player): update to latest typings (#30126)
341bd14 docs(material/tabs): remove duplicated tabs example (#30109)
c395585 fix(material/schematics): avoid parsing stylesheets that don't include Material
5b3350a fix(material/schematics): error if stylesheet contains syntax errors
0ed9869 fix(material/button-toggle): unable to tab into ngModel-based group on first ...
460f971 fix(cdk/accordion): improve accessibility in example code (#30087)
dfe4f2f docs(material/timepicker): fix missing icon in example (#30096)
66e9093 docs(material/button): avoid clipping icon (#30095)
Additional commits viewable in compare view

Updates @angular/common from 18.2.12 to 19.0.3

Release notes

Sourced from @angular/common's releases.

v19.0.3

19.0.3 (2024-12-04)

v19.0.2

19.0.2 (2024-12-04)

compiler-cli

Commit Description

account for multiple generated namespace imports in HMR (#58924)

core

Commit Description

Explicitly manage TracingSnapshot lifecycle and dispose of it once it's been used. (#58929)

migrations

Commit Description

class content being deleted in some edge cases (#58959)

correctly strip away parameters surrounded by comments in inject migration (#58959)

don't migrate classes with parameters that can't be injected (#58959)

inject migration aggressively removing imports (#58959)

inject migration dropping code if everything except super is removed (#58959)

preserve type literals and tuples in inject migrations (#58959)

platform-server

Commit Description

remove peer dependency on animations (#58997)

v19.0.1

19.0.1 (2024-11-26)

compiler-cli

Commit Description

more accurate diagnostics for host binding parser errors (#58870)

core

Commit Description

correctly clear template HMR internal renderer cache (#58724)

correctly perform lazy routes migration for components with additional decorators (#58796)

Ensure _tick is always run within the TracingSnapshot. (#58881)

Ensure resource sets an error (#58855)

make component id generation more stable between client and server builds (#58813)

Prevents race condition of cleanup for incremental hydration (#58722)

forms

Commit Description

work around TypeScript 5.7 issue (#58731)

language-service

... (truncated)

Changelog

Sourced from @angular/common's changelog.

19.0.3 (2024-12-04)

19.1.0-next.1 (2024-12-04)

compiler-cli

Commit Type Description

f280467398 fix account for multiple generated namespace imports in HMR (#58924)

core

Commit Type Description

e894a5daea feat set kind field on template and effect nodes (#58865)

3b765367f3 fix Explicitly manage TracingSnapshot lifecycle and dispose of it once it's been used. (#58929)

migrations

Commit Type Description

e31e52e177 fix class content being deleted in some edge cases (#58959)

508d3a1b3b fix correctly strip away parameters surrounded by comments in inject migration (#58959)

7191aa6e09 fix don't migrate classes with parameters that can't be injected (#58959)

a4924af6d5 fix inject migration aggressively removing imports (#58959)

35165d152d fix inject migration dropping code if everything except super is removed (#58959)

68e5ba7a3a fix preserve type literals and tuples in inject migrations (#58959)

platform-server

Commit Type Description

1cfbfc66d3 fix remove peer dependency on animations (#58997)

19.0.2 (2024-12-04)

compiler-cli

Commit Type Description

9f99196d23 fix account for multiple generated namespace imports in HMR (#58924)

core

Commit Type Description

4792db9a6d fix Explicitly manage TracingSnapshot lifecycle and dispose of it once it's been used. (#58929)

migrations

Commit Type Description

7b5bacc228 fix class content being deleted in some edge cases (#58959)

d1cbdd6acb fix correctly strip away parameters surrounded by comments in inject migration (#58959)

e17ff71c31 fix don't migrate classes with parameters that can't be injected (#58959)

7c5f990001 fix inject migration aggressively removing imports (#58959)

4392ccedf9 fix inject migration dropping code if everything except super is removed (#58959)

9cbebc6dda fix preserve type literals and tuples in inject migrations (#58959)

... (truncated)

Commits

0c40bb2 refactor(docs-infra): convert code-example-s that have only region param to @...
5f3ba06 docs: set syntax highlighting of code examples MD code blocks (#59026)
0df7b1e refactor(common): remove standalone: true (#58949)
b8a2ae0 docs: fix missing alert block styles in the API reference (#59020)
ea0bf74 refactor(core): use ApplicationRef.whenStable instead of a custom util func...
7dfb127 refactor: add @__PURE__ next to @pureOrBreakMyCode for improved bundler c...
da9c0c5 refactor: cleanup initializers that use ctor params (#58349)
24c6373 feat(common): add optional rounded transform support in cloudinary image load...
4b9accd feat(http): promote withRequestsMadeViaParent to stable. (#58221)
13c1306 feat(common): disable keyvalue sorting using null compareFn (#57487)
Additional commits viewable in compare view

Updates @angular/compiler from 18.2.12 to 19.0.3

Release notes

Sourced from @angular/compiler's releases.

v19.0.3

19.0.3 (2024-12-04)

v19.0.2

19.0.2 (2024-12-04)

compiler-cli

Commit Description

account for multiple generated namespace imports in HMR (#58924)

core

Commit Description

Explicitly manage TracingSnapshot lifecycle and dispose of it once it's been used. (#58929)

migrations

Commit Description

class content being deleted in some edge cases (#58959)

correctly strip away parameters surrounded by comments in inject migration (#58959)

don't migrate classes with parameters that can't be injected (#58959)

inject migration aggressively removing imports (#58959)

inject migration dropping code if everything except super is removed (#58959)

preserve type literals and tuples in inject migrations (#58959)

platform-server

Commit Description

remove peer dependency on animations (#58997)

v19.0.1

19.0.1 (2024-11-26)

compiler-cli

Commit Description

more accurate diagnostics for host binding parser errors (#58870)

core

Commit Description

correctly clear template HMR internal renderer cache (#58724)

correctly perform lazy routes migration for components with additional decorators (#58796)

Ensure _tick is always run within the TracingSnapshot. (#58881)

Ensure resource sets an error (#58855)

make component id generation more stable between client and server builds (#58813)

Prevents race condition of cleanup for incremental hydration (#58722)

forms

Commit Description

work around TypeScript 5.7 issue (#58731)

language-service

... (truncated)

Changelog

Sourced from @angular/compiler's changelog.

19.0.3 (2024-12-04)

19.1.0-next.1 (2024-12-04)

compiler-cli

Commit Type Description

f280467398 fix account for multiple generated namespace imports in HMR (#58924)

core

Commit Type Description

e894a5daea feat set kind field on template and effect nodes (#58865)

3b765367f3 fix Explicitly manage TracingSnapshot lifecycle and dispose of it once it's been used. (#58929)

migrations

Commit Type Description

e31e52e177 fix class content being deleted in some edge cases (#58959)

508d3a1b3b fix correctly strip away parameters surrounded by comments in inject migration (#58959)

7191aa6e09 fix don't migrate classes with parameters that can't be injected (#58959)

a4924af6d5 fix inject migration aggressively removing imports (#58959)

35165d152d fix inject migration dropping code if everything except super is removed (#58959)

68e5ba7a3a fix preserve type literals and tuples in inject migrations (#58959)

platform-server

Commit Type Description

1cfbfc66d3 fix remove peer dependency on animations (#58997)

19.0.2 (2024-12-04)

compiler-cli

Commit Type Description

9f99196d23 fix account for multiple generated namespace imports in HMR (#58924)

core

Commit Type Description

4792db9a6d fix Explicitly manage TracingSnapshot lifecycle and dispose of it once it's been used. (#58929)

migrations

Commit Type Description

7b5bacc228 fix class content being deleted in some edge cases (#58959)

d1cbdd6acb fix correctly strip away parameters surrounded by comments in inject migration (#58959)

e17ff71c31 fix don't migrate classes with parameters that can't be injected (#58959)

7c5f990001 fix inject migration aggressively removing imports (#58959)

4392ccedf9 fix inject migration dropping code if everything except super is removed (#58959)

9cbebc6dda fix preserve type literals and tuples in inject ...
Description has been truncated

…ates Bumps the production-dependencies group with 13 updates in the /frontend directory: | Package | From | To | | --- | --- | --- | | [@angular/animations](https://github.com/angular/angular/tree/HEAD/packages/animations) | `18.2.12` | `19.0.3` | | [@angular/cdk](https://github.com/angular/components) | `18.2.13` | `19.0.2` | | [@angular/common](https://github.com/angular/angular/tree/HEAD/packages/common) | `18.2.12` | `19.0.3` | | [@angular/compiler](https://github.com/angular/angular/tree/HEAD/packages/compiler) | `18.2.12` | `19.0.3` | | [@angular/core](https://github.com/angular/angular/tree/HEAD/packages/core) | `18.2.12` | `19.0.3` | | [@angular/forms](https://github.com/angular/angular/tree/HEAD/packages/forms) | `18.2.12` | `19.0.3` | | [@angular/material](https://github.com/angular/components) | `18.2.13` | `19.0.2` | | [@angular/platform-browser](https://github.com/angular/angular/tree/HEAD/packages/platform-browser) | `18.2.12` | `19.0.3` | | [@angular/platform-browser-dynamic](https://github.com/angular/angular/tree/HEAD/packages/platform-browser-dynamic) | `18.2.12` | `19.0.3` | | [@angular/router](https://github.com/angular/angular/tree/HEAD/packages/router) | `18.2.12` | `19.0.3` | | [@octokit/types](https://github.com/octokit/types.ts) | `13.6.1` | `13.6.2` | | [cronstrue](https://github.com/bradymholt/cronstrue) | `2.51.0` | `2.52.0` | | [highcharts](https://github.com/highcharts/highcharts-dist) | `11.4.8` | `12.0.2` | Updates `@angular/animations` from 18.2.12 to 19.0.3 - [Release notes](https://github.com/angular/angular/releases) - [Changelog](https://github.com/angular/angular/blob/main/CHANGELOG.md) - [Commits](https://github.com/angular/angular/commits/19.0.3/packages/animations) Updates `@angular/cdk` from 18.2.13 to 19.0.2 - [Release notes](https://github.com/angular/components/releases) - [Changelog](https://github.com/angular/components/blob/main/CHANGELOG.md) - [Commits](angular/components@18.2.13...19.0.2) Updates `@angular/common` from 18.2.12 to 19.0.3 - [Release notes](https://github.com/angular/angular/releases) - [Changelog](https://github.com/angular/angular/blob/main/CHANGELOG.md) - [Commits](https://github.com/angular/angular/commits/19.0.3/packages/common) Updates `@angular/compiler` from 18.2.12 to 19.0.3 - [Release notes](https://github.com/angular/angular/releases) - [Changelog](https://github.com/angular/angular/blob/main/CHANGELOG.md) - [Commits](https://github.com/angular/angular/commits/19.0.3/packages/compiler) Updates `@angular/core` from 18.2.12 to 19.0.3 - [Release notes](https://github.com/angular/angular/releases) - [Changelog](https://github.com/angular/angular/blob/main/CHANGELOG.md) - [Commits](https://github.com/angular/angular/commits/19.0.3/packages/core) Updates `@angular/forms` from 18.2.12 to 19.0.3 - [Release notes](https://github.com/angular/angular/releases) - [Changelog](https://github.com/angular/angular/blob/main/CHANGELOG.md) - [Commits](https://github.com/angular/angular/commits/19.0.3/packages/forms) Updates `@angular/material` from 18.2.13 to 19.0.2 - [Release notes](https://github.com/angular/components/releases) - [Changelog](https://github.com/angular/components/blob/main/CHANGELOG.md) - [Commits](angular/components@18.2.13...19.0.2) Updates `@angular/platform-browser` from 18.2.12 to 19.0.3 - [Release notes](https://github.com/angular/angular/releases) - [Changelog](https://github.com/angular/angular/blob/main/CHANGELOG.md) - [Commits](https://github.com/angular/angular/commits/19.0.3/packages/platform-browser) Updates `@angular/platform-browser-dynamic` from 18.2.12 to 19.0.3 - [Release notes](https://github.com/angular/angular/releases) - [Changelog](https://github.com/angular/angular/blob/main/CHANGELOG.md) - [Commits](https://github.com/angular/angular/commits/19.0.3/packages/platform-browser-dynamic) Updates `@angular/router` from 18.2.12 to 19.0.3 - [Release notes](https://github.com/angular/angular/releases) - [Changelog](https://github.com/angular/angular/blob/main/CHANGELOG.md) - [Commits](https://github.com/angular/angular/commits/19.0.3/packages/router) Updates `@octokit/types` from 13.6.1 to 13.6.2 - [Release notes](https://github.com/octokit/types.ts/releases) - [Commits](octokit/types.ts@v13.6.1...v13.6.2) Updates `cronstrue` from 2.51.0 to 2.52.0 - [Release notes](https://github.com/bradymholt/cronstrue/releases) - [Changelog](https://github.com/bradymholt/cRonstrue/blob/main/CHANGELOG.md) - [Commits](bradymholt/cRonstrue@v2.51.0...v2.52.0) Updates `highcharts` from 11.4.8 to 12.0.2 - [Commits](highcharts/highcharts-dist@v11.4.8...v12.0.2) --- updated-dependencies: - dependency-name: "@angular/animations" dependency-type: direct:production update-type: version-update:semver-major dependency-group: production-dependencies - dependency-name: "@angular/cdk" dependency-type: direct:production update-type: version-update:semver-major dependency-group: production-dependencies - dependency-name: "@angular/common" dependency-type: direct:production update-type: version-update:semver-major dependency-group: production-dependencies - dependency-name: "@angular/compiler" dependency-type: direct:production update-type: version-update:semver-major dependency-group: production-dependencies - dependency-name: "@angular/core" dependency-type: direct:production update-type: version-update:semver-major dependency-group: production-dependencies - dependency-name: "@angular/forms" dependency-type: direct:production update-type: version-update:semver-major dependency-group: production-dependencies - dependency-name: "@angular/material" dependency-type: direct:production update-type: version-update:semver-major dependency-group: production-dependencies - dependency-name: "@angular/platform-browser" dependency-type: direct:production update-type: version-update:semver-major dependency-group: production-dependencies - dependency-name: "@angular/platform-browser-dynamic" dependency-type: direct:production update-type: version-update:semver-major dependency-group: production-dependencies - dependency-name: "@angular/router" dependency-type: direct:production update-type: version-update:semver-major dependency-group: production-dependencies - dependency-name: "@octokit/types" dependency-type: direct:production update-type: version-update:semver-patch dependency-group: production-dependencies - dependency-name: cronstrue dependency-type: direct:production update-type: version-update:semver-minor dependency-group: production-dependencies - dependency-name: highcharts dependency-type: direct:production update-type: version-update:semver-major dependency-group: production-dependencies ... Signed-off-by: dependabot[bot] <[email protected]>

github-actions · 2024-12-06T16:51:16Z

Dependency Review

The following issues were found:

✅ 0 vulnerable package(s)
✅ 0 package(s) with incompatible licenses
✅ 0 package(s) with invalid SPDX license definitions
⚠️ 1 package(s) with unknown licenses.

See the Details below.

License Issues

frontend/package.json

Package	Version	License	Issue Type
highcharts	^12.0.2	Null	Unknown License

OpenSSF Scorecard

Scorecard details

Package

Version

Score

Details

npm/@angular/animations

19.0.3

🟢 6.4

Details

Check	Score	Reason
Binary-Artifacts	🟢 10	no binaries found in the repo
Branch-Protection	🟢 6	branch protection is not maximal on development and all release branches
CI-Tests	⚠️ -1	no pull request found
CII-Best-Practices	⚠️ 2	badge detected: InProgress
Code-Review	⚠️ 0	Found 0/30 approved changesets -- score normalized to 0
Contributors	🟢 10	project has 38 contributing companies or organizations
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Dependency-Update-Tool	🟢 10	update tool detected
Fuzzing	🟢 10	project is fuzzed
License	🟢 10	license file detected
Maintained	🟢 10	30 commit(s) and 13 issue activity found in the last 90 days -- score normalized to 10
Packaging	⚠️ -1	packaging workflow not detected
Pinned-Dependencies	🟢 10	all dependencies are pinned
SAST	⚠️ 0	no SAST tool detected
Security-Policy	🟢 10	security policy file detected
Signed-Releases	⚠️ -1	no releases found
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Vulnerabilities	⚠️ 0	67 existing vulnerabilities detected

npm/@angular/cdk

19.0.2

🟢 7.4

Details

Check	Score	Reason
Binary-Artifacts	🟢 10	no binaries found in the repo
Branch-Protection	🟢 6	branch protection is not maximal on development and all release branches
CI-Tests	🟢 10	29 out of 29 merged PRs checked by a CI test -- score normalized to 10
CII-Best-Practices	⚠️ 2	badge detected: in_progress
Code-Review	🟢 10	all changesets reviewed
Contributors	🟢 10	21 different organizations found -- score normalized to 10
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Dependency-Update-Tool	🟢 10	update tool detected
Fuzzing	⚠️ 0	project is not fuzzed
License	🟢 10	license file detected
Maintained	🟢 10	30 commit(s) out of 30 and 7 issue activity out of 30 found in the last 90 days -- score normalized to 10
Packaging	⚠️ -1	no published package detected
Pinned-Dependencies	🟢 10	all dependencies are pinned
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Security-Policy	🟢 10	security policy file detected
Signed-Releases	⚠️ -1	no releases found
Token-Permissions	🟢 8	detected GitHub workflow tokens with excessive permissions
Vulnerabilities	⚠️ 0	52 existing vulnerabilities detected

npm/@angular/common

19.0.3

🟢 6.4

Details

Check	Score	Reason
Binary-Artifacts	🟢 10	no binaries found in the repo
Branch-Protection	🟢 6	branch protection is not maximal on development and all release branches
CI-Tests	⚠️ -1	no pull request found
CII-Best-Practices	⚠️ 2	badge detected: InProgress
Code-Review	⚠️ 0	Found 0/30 approved changesets -- score normalized to 0
Contributors	🟢 10	project has 38 contributing companies or organizations
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Dependency-Update-Tool	🟢 10	update tool detected
Fuzzing	🟢 10	project is fuzzed
License	🟢 10	license file detected
Maintained	🟢 10	30 commit(s) and 13 issue activity found in the last 90 days -- score normalized to 10
Packaging	⚠️ -1	packaging workflow not detected
Pinned-Dependencies	🟢 10	all dependencies are pinned
SAST	⚠️ 0	no SAST tool detected
Security-Policy	🟢 10	security policy file detected
Signed-Releases	⚠️ -1	no releases found
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Vulnerabilities	⚠️ 0	67 existing vulnerabilities detected

npm/@angular/compiler

19.0.3

🟢 6.4

Details

Check	Score	Reason
Binary-Artifacts	🟢 10	no binaries found in the repo
Branch-Protection	🟢 6	branch protection is not maximal on development and all release branches
CI-Tests	⚠️ -1	no pull request found
CII-Best-Practices	⚠️ 2	badge detected: InProgress
Code-Review	⚠️ 0	Found 0/30 approved changesets -- score normalized to 0
Contributors	🟢 10	project has 38 contributing companies or organizations
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Dependency-Update-Tool	🟢 10	update tool detected
Fuzzing	🟢 10	project is fuzzed
License	🟢 10	license file detected
Maintained	🟢 10	30 commit(s) and 13 issue activity found in the last 90 days -- score normalized to 10
Packaging	⚠️ -1	packaging workflow not detected
Pinned-Dependencies	🟢 10	all dependencies are pinned
SAST	⚠️ 0	no SAST tool detected
Security-Policy	🟢 10	security policy file detected
Signed-Releases	⚠️ -1	no releases found
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Vulnerabilities	⚠️ 0	67 existing vulnerabilities detected

npm/@angular/core

19.0.3

🟢 6.4

Details

Check	Score	Reason
Binary-Artifacts	🟢 10	no binaries found in the repo
Branch-Protection	🟢 6	branch protection is not maximal on development and all release branches
CI-Tests	⚠️ -1	no pull request found
CII-Best-Practices	⚠️ 2	badge detected: InProgress
Code-Review	⚠️ 0	Found 0/30 approved changesets -- score normalized to 0
Contributors	🟢 10	project has 38 contributing companies or organizations
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Dependency-Update-Tool	🟢 10	update tool detected
Fuzzing	🟢 10	project is fuzzed
License	🟢 10	license file detected
Maintained	🟢 10	30 commit(s) and 13 issue activity found in the last 90 days -- score normalized to 10
Packaging	⚠️ -1	packaging workflow not detected
Pinned-Dependencies	🟢 10	all dependencies are pinned
SAST	⚠️ 0	no SAST tool detected
Security-Policy	🟢 10	security policy file detected
Signed-Releases	⚠️ -1	no releases found
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Vulnerabilities	⚠️ 0	67 existing vulnerabilities detected

npm/@angular/forms

19.0.3

🟢 6.4

Details

Check	Score	Reason
Binary-Artifacts	🟢 10	no binaries found in the repo
Branch-Protection	🟢 6	branch protection is not maximal on development and all release branches
CI-Tests	⚠️ -1	no pull request found
CII-Best-Practices	⚠️ 2	badge detected: InProgress
Code-Review	⚠️ 0	Found 0/30 approved changesets -- score normalized to 0
Contributors	🟢 10	project has 38 contributing companies or organizations
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Dependency-Update-Tool	🟢 10	update tool detected
Fuzzing	🟢 10	project is fuzzed
License	🟢 10	license file detected
Maintained	🟢 10	30 commit(s) and 13 issue activity found in the last 90 days -- score normalized to 10
Packaging	⚠️ -1	packaging workflow not detected
Pinned-Dependencies	🟢 10	all dependencies are pinned
SAST	⚠️ 0	no SAST tool detected
Security-Policy	🟢 10	security policy file detected
Signed-Releases	⚠️ -1	no releases found
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Vulnerabilities	⚠️ 0	67 existing vulnerabilities detected

npm/@angular/material

19.0.2

🟢 7.4

Details

Check	Score	Reason
Binary-Artifacts	🟢 10	no binaries found in the repo
Branch-Protection	🟢 6	branch protection is not maximal on development and all release branches
CI-Tests	🟢 10	29 out of 29 merged PRs checked by a CI test -- score normalized to 10
CII-Best-Practices	⚠️ 2	badge detected: in_progress
Code-Review	🟢 10	all changesets reviewed
Contributors	🟢 10	21 different organizations found -- score normalized to 10
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Dependency-Update-Tool	🟢 10	update tool detected
Fuzzing	⚠️ 0	project is not fuzzed
License	🟢 10	license file detected
Maintained	🟢 10	30 commit(s) out of 30 and 7 issue activity out of 30 found in the last 90 days -- score normalized to 10
Packaging	⚠️ -1	no published package detected
Pinned-Dependencies	🟢 10	all dependencies are pinned
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Security-Policy	🟢 10	security policy file detected
Signed-Releases	⚠️ -1	no releases found
Token-Permissions	🟢 8	detected GitHub workflow tokens with excessive permissions
Vulnerabilities	⚠️ 0	52 existing vulnerabilities detected

npm/@angular/platform-browser

19.0.3

🟢 6.4

Details

Check	Score	Reason
Binary-Artifacts	🟢 10	no binaries found in the repo
Branch-Protection	🟢 6	branch protection is not maximal on development and all release branches
CI-Tests	⚠️ -1	no pull request found
CII-Best-Practices	⚠️ 2	badge detected: InProgress
Code-Review	⚠️ 0	Found 0/30 approved changesets -- score normalized to 0
Contributors	🟢 10	project has 38 contributing companies or organizations
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Dependency-Update-Tool	🟢 10	update tool detected
Fuzzing	🟢 10	project is fuzzed
License	🟢 10	license file detected
Maintained	🟢 10	30 commit(s) and 13 issue activity found in the last 90 days -- score normalized to 10
Packaging	⚠️ -1	packaging workflow not detected
Pinned-Dependencies	🟢 10	all dependencies are pinned
SAST	⚠️ 0	no SAST tool detected
Security-Policy	🟢 10	security policy file detected
Signed-Releases	⚠️ -1	no releases found
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Vulnerabilities	⚠️ 0	67 existing vulnerabilities detected

npm/@angular/platform-browser-dynamic

19.0.3

🟢 6.4

Details

Check	Score	Reason
Binary-Artifacts	🟢 10	no binaries found in the repo
Branch-Protection	🟢 6	branch protection is not maximal on development and all release branches
CI-Tests	⚠️ -1	no pull request found
CII-Best-Practices	⚠️ 2	badge detected: InProgress
Code-Review	⚠️ 0	Found 0/30 approved changesets -- score normalized to 0
Contributors	🟢 10	project has 38 contributing companies or organizations
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Dependency-Update-Tool	🟢 10	update tool detected
Fuzzing	🟢 10	project is fuzzed
License	🟢 10	license file detected
Maintained	🟢 10	30 commit(s) and 13 issue activity found in the last 90 days -- score normalized to 10
Packaging	⚠️ -1	packaging workflow not detected
Pinned-Dependencies	🟢 10	all dependencies are pinned
SAST	⚠️ 0	no SAST tool detected
Security-Policy	🟢 10	security policy file detected
Signed-Releases	⚠️ -1	no releases found
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Vulnerabilities	⚠️ 0	67 existing vulnerabilities detected

npm/@angular/router

19.0.3

🟢 6.4

Details

Check	Score	Reason
Binary-Artifacts	🟢 10	no binaries found in the repo
Branch-Protection	🟢 6	branch protection is not maximal on development and all release branches
CI-Tests	⚠️ -1	no pull request found
CII-Best-Practices	⚠️ 2	badge detected: InProgress
Code-Review	⚠️ 0	Found 0/30 approved changesets -- score normalized to 0
Contributors	🟢 10	project has 38 contributing companies or organizations
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Dependency-Update-Tool	🟢 10	update tool detected
Fuzzing	🟢 10	project is fuzzed
License	🟢 10	license file detected
Maintained	🟢 10	30 commit(s) and 13 issue activity found in the last 90 days -- score normalized to 10
Packaging	⚠️ -1	packaging workflow not detected
Pinned-Dependencies	🟢 10	all dependencies are pinned
SAST	⚠️ 0	no SAST tool detected
Security-Policy	🟢 10	security policy file detected
Signed-Releases	⚠️ -1	no releases found
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Vulnerabilities	⚠️ 0	67 existing vulnerabilities detected

npm/@octokit/types

13.6.2

🟢 7.3

Details

Check	Score	Reason
Maintained	🟢 9	9 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 9
Binary-Artifacts	🟢 10	no binaries found in the repo
Code-Review	🟢 10	all changesets reviewed
Security-Policy	🟢 9	security policy file detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Pinned-Dependencies	🟢 3	dependency not pinned by hash detected -- score normalized to 3
License	🟢 10	license file detected
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Signed-Releases	⚠️ -1	no releases found
Fuzzing	⚠️ 0	project is not fuzzed
Packaging	🟢 10	packaging workflow detected
SAST	🟢 10	SAST tool is run on all commits
Vulnerabilities	🟢 8	2 existing vulnerabilities detected

npm/cronstrue

2.52.0

🟢 3.7

Details

Check	Score	Reason
Code-Review	⚠️ 2	Found 8/28 approved changesets -- score normalized to 2
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Maintained	🟢 5	4 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 5
Packaging	⚠️ -1	packaging workflow not detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Binary-Artifacts	🟢 10	no binaries found in the repo
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Security-Policy	⚠️ 0	security policy file not detected
Fuzzing	⚠️ 0	project is not fuzzed
License	🟢 10	license file detected
Signed-Releases	⚠️ 0	Project has not signed or included provenance with any releases.
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities	🟢 6	4 existing vulnerabilities detected

npm/highcharts

12.0.2

🟢 3.1

Details

Check	Score	Reason
Maintained	🟢 4	5 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 4
Packaging	⚠️ -1	packaging workflow not detected
Code-Review	⚠️ 0	Found 1/28 approved changesets -- score normalized to 0
Token-Permissions	⚠️ -1	No tokens found
Dangerous-Workflow	⚠️ -1	no workflows found
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Security-Policy	⚠️ 0	security policy file not detected
License	⚠️ 0	license file not detected
Vulnerabilities	🟢 10	0 existing vulnerabilities detected
Binary-Artifacts	🟢 10	no binaries found in the repo
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ 0	branch protection not enabled on development/release branches
Pinned-Dependencies	⚠️ -1	no dependencies found
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Fuzzing	⚠️ 0	project is not fuzzed

npm/zone.js

0.15.0

🟢 6.4

Details

Check	Score	Reason
Binary-Artifacts	🟢 10	no binaries found in the repo
Branch-Protection	🟢 6	branch protection is not maximal on development and all release branches
CI-Tests	⚠️ -1	no pull request found
CII-Best-Practices	⚠️ 2	badge detected: InProgress
Code-Review	⚠️ 0	Found 0/30 approved changesets -- score normalized to 0
Contributors	🟢 10	project has 38 contributing companies or organizations
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Dependency-Update-Tool	🟢 10	update tool detected
Fuzzing	🟢 10	project is fuzzed
License	🟢 10	license file detected
Maintained	🟢 10	30 commit(s) and 13 issue activity found in the last 90 days -- score normalized to 10
Packaging	⚠️ -1	packaging workflow not detected
Pinned-Dependencies	🟢 10	all dependencies are pinned
SAST	⚠️ 0	no SAST tool detected
Security-Policy	🟢 10	security policy file detected
Signed-Releases	⚠️ -1	no releases found
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Vulnerabilities	⚠️ 0	67 existing vulnerabilities detected

npm/@angular/animations

^19.0.3

🟢 6.4

Details

Check	Score	Reason
Binary-Artifacts	🟢 10	no binaries found in the repo
Branch-Protection	🟢 6	branch protection is not maximal on development and all release branches
CI-Tests	⚠️ -1	no pull request found
CII-Best-Practices	⚠️ 2	badge detected: InProgress
Code-Review	⚠️ 0	Found 0/30 approved changesets -- score normalized to 0
Contributors	🟢 10	project has 38 contributing companies or organizations
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Dependency-Update-Tool	🟢 10	update tool detected
Fuzzing	🟢 10	project is fuzzed
License	🟢 10	license file detected
Maintained	🟢 10	30 commit(s) and 13 issue activity found in the last 90 days -- score normalized to 10
Packaging	⚠️ -1	packaging workflow not detected
Pinned-Dependencies	🟢 10	all dependencies are pinned
SAST	⚠️ 0	no SAST tool detected
Security-Policy	🟢 10	security policy file detected
Signed-Releases	⚠️ -1	no releases found
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Vulnerabilities	⚠️ 0	67 existing vulnerabilities detected

npm/@angular/cdk

^19.0.2

🟢 7.4

Details

Check	Score	Reason
Binary-Artifacts	🟢 10	no binaries found in the repo
Branch-Protection	🟢 6	branch protection is not maximal on development and all release branches
CI-Tests	🟢 10	29 out of 29 merged PRs checked by a CI test -- score normalized to 10
CII-Best-Practices	⚠️ 2	badge detected: in_progress
Code-Review	🟢 10	all changesets reviewed
Contributors	🟢 10	21 different organizations found -- score normalized to 10
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Dependency-Update-Tool	🟢 10	update tool detected
Fuzzing	⚠️ 0	project is not fuzzed
License	🟢 10	license file detected
Maintained	🟢 10	30 commit(s) out of 30 and 7 issue activity out of 30 found in the last 90 days -- score normalized to 10
Packaging	⚠️ -1	no published package detected
Pinned-Dependencies	🟢 10	all dependencies are pinned
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Security-Policy	🟢 10	security policy file detected
Signed-Releases	⚠️ -1	no releases found
Token-Permissions	🟢 8	detected GitHub workflow tokens with excessive permissions
Vulnerabilities	⚠️ 0	52 existing vulnerabilities detected

npm/@angular/common

^19.0.3

🟢 6.4

Details

Check	Score	Reason
Binary-Artifacts	🟢 10	no binaries found in the repo
Branch-Protection	🟢 6	branch protection is not maximal on development and all release branches
CI-Tests	⚠️ -1	no pull request found
CII-Best-Practices	⚠️ 2	badge detected: InProgress
Code-Review	⚠️ 0	Found 0/30 approved changesets -- score normalized to 0
Contributors	🟢 10	project has 38 contributing companies or organizations
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Dependency-Update-Tool	🟢 10	update tool detected
Fuzzing	🟢 10	project is fuzzed
License	🟢 10	license file detected
Maintained	🟢 10	30 commit(s) and 13 issue activity found in the last 90 days -- score normalized to 10
Packaging	⚠️ -1	packaging workflow not detected
Pinned-Dependencies	🟢 10	all dependencies are pinned
SAST	⚠️ 0	no SAST tool detected
Security-Policy	🟢 10	security policy file detected
Signed-Releases	⚠️ -1	no releases found
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Vulnerabilities	⚠️ 0	67 existing vulnerabilities detected

npm/@angular/compiler

^19.0.3

🟢 6.4

Details

Check	Score	Reason
Binary-Artifacts	🟢 10	no binaries found in the repo
Branch-Protection	🟢 6	branch protection is not maximal on development and all release branches
CI-Tests	⚠️ -1	no pull request found
CII-Best-Practices	⚠️ 2	badge detected: InProgress
Code-Review	⚠️ 0	Found 0/30 approved changesets -- score normalized to 0
Contributors	🟢 10	project has 38 contributing companies or organizations
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Dependency-Update-Tool	🟢 10	update tool detected
Fuzzing	🟢 10	project is fuzzed
License	🟢 10	license file detected
Maintained	🟢 10	30 commit(s) and 13 issue activity found in the last 90 days -- score normalized to 10
Packaging	⚠️ -1	packaging workflow not detected
Pinned-Dependencies	🟢 10	all dependencies are pinned
SAST	⚠️ 0	no SAST tool detected
Security-Policy	🟢 10	security policy file detected
Signed-Releases	⚠️ -1	no releases found
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Vulnerabilities	⚠️ 0	67 existing vulnerabilities detected

npm/@angular/core

^19.0.3

🟢 6.4

Details

Check	Score	Reason
Binary-Artifacts	🟢 10	no binaries found in the repo
Branch-Protection	🟢 6	branch protection is not maximal on development and all release branches
CI-Tests	⚠️ -1	no pull request found
CII-Best-Practices	⚠️ 2	badge detected: InProgress
Code-Review	⚠️ 0	Found 0/30 approved changesets -- score normalized to 0
Contributors	🟢 10	project has 38 contributing companies or organizations
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Dependency-Update-Tool	🟢 10	update tool detected
Fuzzing	🟢 10	project is fuzzed
License	🟢 10	license file detected
Maintained	🟢 10	30 commit(s) and 13 issue activity found in the last 90 days -- score normalized to 10
Packaging	⚠️ -1	packaging workflow not detected
Pinned-Dependencies	🟢 10	all dependencies are pinned
SAST	⚠️ 0	no SAST tool detected
Security-Policy	🟢 10	security policy file detected
Signed-Releases	⚠️ -1	no releases found
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Vulnerabilities	⚠️ 0	67 existing vulnerabilities detected

npm/@angular/forms

^19.0.3

🟢 6.4

Details

Check	Score	Reason
Binary-Artifacts	🟢 10	no binaries found in the repo
Branch-Protection	🟢 6	branch protection is not maximal on development and all release branches
CI-Tests	⚠️ -1	no pull request found
CII-Best-Practices	⚠️ 2	badge detected: InProgress
Code-Review	⚠️ 0	Found 0/30 approved changesets -- score normalized to 0
Contributors	🟢 10	project has 38 contributing companies or organizations
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Dependency-Update-Tool	🟢 10	update tool detected
Fuzzing	🟢 10	project is fuzzed
License	🟢 10	license file detected
Maintained	🟢 10	30 commit(s) and 13 issue activity found in the last 90 days -- score normalized to 10
Packaging	⚠️ -1	packaging workflow not detected
Pinned-Dependencies	🟢 10	all dependencies are pinned
SAST	⚠️ 0	no SAST tool detected
Security-Policy	🟢 10	security policy file detected
Signed-Releases	⚠️ -1	no releases found
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Vulnerabilities	⚠️ 0	67 existing vulnerabilities detected

npm/@angular/material

^19.0.2

🟢 7.4

Details

Check	Score	Reason
Binary-Artifacts	🟢 10	no binaries found in the repo
Branch-Protection	🟢 6	branch protection is not maximal on development and all release branches
CI-Tests	🟢 10	29 out of 29 merged PRs checked by a CI test -- score normalized to 10
CII-Best-Practices	⚠️ 2	badge detected: in_progress
Code-Review	🟢 10	all changesets reviewed
Contributors	🟢 10	21 different organizations found -- score normalized to 10
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Dependency-Update-Tool	🟢 10	update tool detected
Fuzzing	⚠️ 0	project is not fuzzed
License	🟢 10	license file detected
Maintained	🟢 10	30 commit(s) out of 30 and 7 issue activity out of 30 found in the last 90 days -- score normalized to 10
Packaging	⚠️ -1	no published package detected
Pinned-Dependencies	🟢 10	all dependencies are pinned
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Security-Policy	🟢 10	security policy file detected
Signed-Releases	⚠️ -1	no releases found
Token-Permissions	🟢 8	detected GitHub workflow tokens with excessive permissions
Vulnerabilities	⚠️ 0	52 existing vulnerabilities detected

npm/@angular/platform-browser

^19.0.3

🟢 6.4

Details

Check	Score	Reason
Binary-Artifacts	🟢 10	no binaries found in the repo
Branch-Protection	🟢 6	branch protection is not maximal on development and all release branches
CI-Tests	⚠️ -1	no pull request found
CII-Best-Practices	⚠️ 2	badge detected: InProgress
Code-Review	⚠️ 0	Found 0/30 approved changesets -- score normalized to 0
Contributors	🟢 10	project has 38 contributing companies or organizations
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Dependency-Update-Tool	🟢 10	update tool detected
Fuzzing	🟢 10	project is fuzzed
License	🟢 10	license file detected
Maintained	🟢 10	30 commit(s) and 13 issue activity found in the last 90 days -- score normalized to 10
Packaging	⚠️ -1	packaging workflow not detected
Pinned-Dependencies	🟢 10	all dependencies are pinned
SAST	⚠️ 0	no SAST tool detected
Security-Policy	🟢 10	security policy file detected
Signed-Releases	⚠️ -1	no releases found
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Vulnerabilities	⚠️ 0	67 existing vulnerabilities detected

npm/@angular/platform-browser-dynamic

^19.0.3

🟢 6.4

Details

Check	Score	Reason
Binary-Artifacts	🟢 10	no binaries found in the repo
Branch-Protection	🟢 6	branch protection is not maximal on development and all release branches
CI-Tests	⚠️ -1	no pull request found
CII-Best-Practices	⚠️ 2	badge detected: InProgress
Code-Review	⚠️ 0	Found 0/30 approved changesets -- score normalized to 0
Contributors	🟢 10	project has 38 contributing companies or organizations
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Dependency-Update-Tool	🟢 10	update tool detected
Fuzzing	🟢 10	project is fuzzed
License	🟢 10	license file detected
Maintained	🟢 10	30 commit(s) and 13 issue activity found in the last 90 days -- score normalized to 10
Packaging	⚠️ -1	packaging workflow not detected
Pinned-Dependencies	🟢 10	all dependencies are pinned
SAST	⚠️ 0	no SAST tool detected
Security-Policy	🟢 10	security policy file detected
Signed-Releases	⚠️ -1	no releases found
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Vulnerabilities	⚠️ 0	67 existing vulnerabilities detected

npm/@angular/router

^19.0.3

🟢 6.4

Details

Check	Score	Reason
Binary-Artifacts	🟢 10	no binaries found in the repo
Branch-Protection	🟢 6	branch protection is not maximal on development and all release branches
CI-Tests	⚠️ -1	no pull request found
CII-Best-Practices	⚠️ 2	badge detected: InProgress
Code-Review	⚠️ 0	Found 0/30 approved changesets -- score normalized to 0
Contributors	🟢 10	project has 38 contributing companies or organizations
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Dependency-Update-Tool	🟢 10	update tool detected
Fuzzing	🟢 10	project is fuzzed
License	🟢 10	license file detected
Maintained	🟢 10	30 commit(s) and 13 issue activity found in the last 90 days -- score normalized to 10
Packaging	⚠️ -1	packaging workflow not detected
Pinned-Dependencies	🟢 10	all dependencies are pinned
SAST	⚠️ 0	no SAST tool detected
Security-Policy	🟢 10	security policy file detected
Signed-Releases	⚠️ -1	no releases found
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Vulnerabilities	⚠️ 0	67 existing vulnerabilities detected

npm/@octokit/types

^13.6.2

🟢 7.3

Details

Check	Score	Reason
Maintained	🟢 9	9 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 9
Binary-Artifacts	🟢 10	no binaries found in the repo
Code-Review	🟢 10	all changesets reviewed
Security-Policy	🟢 9	security policy file detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Pinned-Dependencies	🟢 3	dependency not pinned by hash detected -- score normalized to 3
License	🟢 10	license file detected
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Signed-Releases	⚠️ -1	no releases found
Fuzzing	⚠️ 0	project is not fuzzed
Packaging	🟢 10	packaging workflow detected
SAST	🟢 10	SAST tool is run on all commits
Vulnerabilities	🟢 8	2 existing vulnerabilities detected

npm/cronstrue

^2.52.0

🟢 3.7

Details

Check	Score	Reason
Code-Review	⚠️ 2	Found 8/28 approved changesets -- score normalized to 2
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Maintained	🟢 5	4 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 5
Packaging	⚠️ -1	packaging workflow not detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Binary-Artifacts	🟢 10	no binaries found in the repo
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Security-Policy	⚠️ 0	security policy file not detected
Fuzzing	⚠️ 0	project is not fuzzed
License	🟢 10	license file detected
Signed-Releases	⚠️ 0	Project has not signed or included provenance with any releases.
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities	🟢 6	4 existing vulnerabilities detected

npm/highcharts

^12.0.2

🟢 3.1

Details

Check	Score	Reason
Maintained	🟢 4	5 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 4
Packaging	⚠️ -1	packaging workflow not detected
Code-Review	⚠️ 0	Found 1/28 approved changesets -- score normalized to 0
Token-Permissions	⚠️ -1	No tokens found
Dangerous-Workflow	⚠️ -1	no workflows found
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Security-Policy	⚠️ 0	security policy file not detected
License	⚠️ 0	license file not detected
Vulnerabilities	🟢 10	0 existing vulnerabilities detected
Binary-Artifacts	🟢 10	no binaries found in the repo
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ 0	branch protection not enabled on development/release branches
Pinned-Dependencies	⚠️ -1	no dependencies found
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Fuzzing	⚠️ 0	project is not fuzzed

Scanned Files

frontend/package-lock.json
frontend/package.json

…dependencies-a83e0eed38

dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Dec 6, 2024

dependabot bot mentioned this pull request Dec 6, 2024

Bump the production-dependencies group across 1 directory with 13 updates #76

Closed

Merge branch 'main' into dependabot/npm_and_yarn/frontend/production-…

1aa31e8

…dependencies-a83e0eed38

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump the production-dependencies group across 1 directory with 13 updates #82

Bump the production-dependencies group across 1 directory with 13 updates #82

dependabot bot commented on behalf of github Dec 6, 2024 •

edited

Loading

github-actions bot commented Dec 6, 2024 •

edited

Loading

Commit	Description
	class content being deleted in some edge cases (#58959)
	correctly strip away parameters surrounded by comments in inject migration (#58959)
	don't migrate classes with parameters that can't be injected (#58959)
	inject migration aggressively removing imports (#58959)
	inject migration dropping code if everything except super is removed (#58959)
	preserve type literals and tuples in inject migrations (#58959)

Commit	Description
	correctly clear template HMR internal renderer cache (#58724)
	correctly perform lazy routes migration for components with additional decorators (#58796)
	Ensure _tick is always run within the TracingSnapshot. (#58881)
	Ensure resource sets an error (#58855)
	make component id generation more stable between client and server builds (#58813)
	Prevents race condition of cleanup for incremental hydration (#58722)

Commit	Type	Description
e894a5daea	feat	set kind field on template and effect nodes (#58865)
3b765367f3	fix	Explicitly manage TracingSnapshot lifecycle and dispose of it once it's been used. (#58929)

Commit	Type	Description
e31e52e177	fix	class content being deleted in some edge cases (#58959)
508d3a1b3b	fix	correctly strip away parameters surrounded by comments in inject migration (#58959)
7191aa6e09	fix	don't migrate classes with parameters that can't be injected (#58959)
a4924af6d5	fix	inject migration aggressively removing imports (#58959)
35165d152d	fix	inject migration dropping code if everything except super is removed (#58959)
68e5ba7a3a	fix	preserve type literals and tuples in inject migrations (#58959)

Commit	Type	Description
7b5bacc228	fix	class content being deleted in some edge cases (#58959)
d1cbdd6acb	fix	correctly strip away parameters surrounded by comments in inject migration (#58959)
e17ff71c31	fix	don't migrate classes with parameters that can't be injected (#58959)
7c5f990001	fix	inject migration aggressively removing imports (#58959)
4392ccedf9	fix	inject migration dropping code if everything except super is removed (#58959)
9cbebc6dda	fix	preserve type literals and tuples in inject migrations (#58959)

Commit	Description
	button-toggle: unable to tab into ngModel-based group on first render (#30103)
	core: optgroup label color not inferred correctly (#30085)
	schematics: avoid parsing stylesheets that don't include Material
	schematics: error if stylesheet contains syntax errors
	sort: simplify animations (#30057)
	tabs: ink bar not showing when same tab is re-selected (#30121)

Commit	Description
	accordion: improve accessibility in example code (#30087)
	menu: disable flexible dimensions (#30086)

Commit	Description
	button-toggle: animate checkbox (#30025)
	chips: emit state changes when chip grid is disabled (#30033)
	datepicker: adds comparison ids and aria-describedby spans (#30040)
	slider: update documentation (#30029)
	timepicker: make disabled input public (#30063)

Commit	Description
	a11y: use native media query for high contrast detection (#29678)
	private: create cdk-visually-hidden style loader (#29757)

Commit	Type	Description
460f971b27	fix	accordion: improve accessibility in example code (#30087)
6306a12c12	fix	menu: disable flexible dimensions (#30086)

Commit	Type	Description
0ed9869529	fix	button-toggle: unable to tab into ngModel-based group on first render (#30103)
72ff6fcce3	fix	core: optgroup label color not inferred correctly (#30085)
c395585446	fix	schematics: avoid parsing stylesheets that don't include Material
5b3350a60e	fix	schematics: error if stylesheet contains syntax errors
1235ad28bc	fix	sort: simplify animations (#30057)
5b165067e8	fix	tabs: ink bar not showing when same tab is re-selected (#30121)

Commit	Type	Description
2d7e078bb	fix	button-toggle: animate checkbox (#30025)
edac40645	fix	chips: emit state changes when chip grid is disabled (#30033)
18f7f4bb9	fix	datepicker: adds comparison ids and aria-describedby spans (#30040)
375435497	fix	slider: update documentation (#30029)
a31201475	fix	timepicker: make disabled input public (#30063)

Bump the production-dependencies group across 1 directory with 13 updates #82

Are you sure you want to change the base?

Bump the production-dependencies group across 1 directory with 13 updates #82

Conversation

dependabot bot commented on behalf of github Dec 6, 2024 • edited Loading

v19.0.3

19.0.3 (2024-12-04)

v19.0.2

19.0.2 (2024-12-04)

compiler-cli

core

migrations

platform-server

v19.0.1

19.0.1 (2024-11-26)

compiler-cli

core

forms

language-service

19.0.3 (2024-12-04)

19.1.0-next.1 (2024-12-04)

compiler-cli

core

migrations

platform-server

19.0.2 (2024-12-04)

compiler-cli

core

migrations

v19.0.2

19.0.2 "plastic-rhino" (2024-12-04)

youtube-player

material

cdk

v19.0.1

19.0.1 "mercury-mailbox" (2024-11-27)

material

docs

multiple

v19.0.0

19.0.0 "hafnium-hippo" (2024-11-19)

cdk

19.0.2 "plastic-rhino" (2024-12-04)

cdk

material

youtube-player

19.1.0-next.0 "hassium-ham" (2024-11-27)

material

multiple

19.0.1 "mercury-mailbox" (2024-11-27)

material

docs

multiple

v19.0.3

19.0.3 (2024-12-04)

v19.0.2

19.0.2 (2024-12-04)

compiler-cli

core

migrations

platform-server

v19.0.1

19.0.1 (2024-11-26)

compiler-cli

core

forms

language-service

19.0.3 (2024-12-04)

19.1.0-next.1 (2024-12-04)

compiler-cli

core

migrations

platform-server

19.0.2 (2024-12-04)

compiler-cli

core

migrations

v19.0.3

19.0.3 (2024-12-04)

v19.0.2

dependabot bot commented on behalf of github Dec 6, 2024 •

edited

Loading

github-actions bot commented Dec 6, 2024 •

edited

Loading