chore(deps): update devdependencies (non-major) #974

renovate · 2025-01-16T04:59:59Z

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
@babel/preset-env (source)	`7.26.8` -> `7.26.9`
@types/node (source)	`22.13.1` -> `22.13.8`
@wordpress/babel-plugin-makepot (source)	`6.17.0` -> `6.19.0`
@wordpress/eslint-plugin (source)	`22.3.0` -> `22.5.0`
@wordpress/i18n (source)	`5.17.0` -> `5.19.0`
johnpbloch/wordpress-core (source)	`6.7.1` -> `6.7.2`
rollup (source)	`4.34.6` -> `4.34.9`
typescript (source)	`5.7.3` -> `5.8.2`
wp-cli/i18n-command	`2.6.3` -> `2.6.4`
wp-phpunit/wp-phpunit (source)	`6.7.1` -> `6.7.2`

Release Notes

babel/babel (@babel/preset-env)

`v7.26.9`

Compare Source

🐛 Bug Fix

babel-types
- #17103 fix: Definition for TSPropertySignature.kind (@liuxingbaoyu)
babel-generator, babel-types
- #17062 Print TypeScript optional/definite in ClassPrivateProperty (@jamiebuilds-signal)

🏠 Internal

babel-types
- #17130 Use .ts files with explicit reexports to solve name conflicts (@nicolo-ribaudo)
babel-core
- #17127 Do not depend on @types/gensync in Babel 7 (@nicolo-ribaudo)

WordPress/gutenberg (@wordpress/babel-plugin-makepot)

`v6.19.0`

Compare Source

`v6.18.0`

Compare Source

WordPress/gutenberg (@wordpress/eslint-plugin)

`v22.5.0`

Compare Source

`v22.4.0`

Compare Source

WordPress/gutenberg (@wordpress/i18n)

`v5.19.0`

Compare Source

`v5.18.0`

Compare Source

johnpbloch/wordpress-core (johnpbloch/wordpress-core)

`v6.7.2`

Compare Source

rollup/rollup (rollup)

`v4.34.9`

Compare Source

2025-03-01

Bug Fixes

Support JSX modes in WASM (#5866)
Allow the CustomPluginOptions to be extended (#5850)

Pull Requests

#5850: Revert CustomPluginOptions to be an interface (@sapphi-red, @lukastaegert)
#5851: Javascript to JavaScript (@dasa, @lukastaegert)
#5853: chore(deps): update dependency pinia to v3 (@renovate[bot])
#5854: fix(deps): update swc monorepo (major) (@renovate[bot])
#5855: fix(deps): lock file maintenance minor/patch updates (@renovate[bot], @lukastaegert)
#5860: chore(deps): update dependency @shikijs/vitepress-twoslash to v3 (@renovate[bot])
#5861: chore(deps): update dependency globals to v16 (@renovate[bot])
#5863: fix(deps): lock file maintenance minor/patch updates (@renovate[bot])
#5864: chore(deps): lock file maintenance minor/patch updates (@renovate[bot])
#5866: Add jsx parameter to parseAsync in native.wasm.js (@TrickyPi)

`v4.34.8`

Compare Source

2025-02-17

Bug Fixes

Do not make assumptions about the value of nested paths in logical expressions if the expression cannot be simplified (#5846)

Pull Requests

#5846: return UnknownValue if the usedbranch is unkown and the path is not empty (@TrickyPi)

`v4.34.7`

Compare Source

2025-02-14

Bug Fixes

Ensure that calls to parameters are included correctly when using try-catch deoptimization (#5842)

Pull Requests

#5840: fix(deps): lock file maintenance minor/patch updates (@renovate[bot])
#5842: Fix prop inclusion with try-catch-deoptimization (@lukastaegert)

microsoft/TypeScript (typescript)

`v5.8.2`

Compare Source

wp-cli/i18n-command (wp-cli/i18n-command)

`v2.6.4`: Version 2.6.4

Compare Source

make-pot: scan any theme.json file in any level [#424]
Require wp-cli/wp-cli v2.12 [#420]

wp-phpunit/wp-phpunit (wp-phpunit/wp-phpunit)

`v6.7.2`

Compare Source

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

renovate · 2025-01-16T05:00:02Z

⚠️ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

any of the package files in this branch needs updating, or
the branch becomes conflicted, or
you click the rebase/retry checkbox if found above, or
you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: composer.lock

Command failed: composer update johnpbloch/wordpress-core:6.7.2 wp-cli/i18n-command:2.6.4 wp-phpunit/wp-phpunit:6.7.2 --with-dependencies --ignore-platform-req='ext-*' --ignore-platform-req='lib-*' --no-ansi --no-interaction --no-scripts --no-autoloader --no-plugins
Loading composer repositories with package information
Dependency cweagans/composer-patches is also a root requirement. Package has not been listed as an update argument, so keeping locked at old version. Use --with-all-dependencies (-W) to include root dependencies.
Updating dependencies
Your requirements could not be resolved to an installable set of packages.

  Problem 1
    - Root composer.json requires wp-cli/i18n-command ^2.2 -> satisfiable by wp-cli/i18n-command[v2.6.4].
    - wp-cli/i18n-command v2.6.4 requires wp-cli/wp-cli ^2.12 -> found wp-cli/wp-cli[dev-main, 2.12.x-dev (alias of dev-main)] but it does not match your minimum-stability.

Use the option --with-all-dependencies (-W) to allow upgrades, downgrades and removals for packages currently locked to specific versions.

github-actions · 2025-01-16T05:00:16Z

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

Scorecard details

Package

Version

Score

Details

npm/@babel/plugin-transform-for-of

7.26.9

🟢 6.1

Details

Check	Score	Reason
Maintained	🟢 10	30 commit(s) and 23 issue activity found in the last 90 days -- score normalized to 10
Code-Review	🟢 6	Found 20/29 approved changesets -- score normalized to 6
Packaging	⚠️ -1	packaging workflow not detected
CII-Best-Practices	⚠️ 2	badge detected: InProgress
Security-Policy	🟢 10	security policy file detected
License	🟢 10	license file detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Token-Permissions	🟢 9	detected GitHub workflow tokens with excessive permissions
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Binary-Artifacts	🟢 10	no binaries found in the repo
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Fuzzing	⚠️ 0	project is not fuzzed
Vulnerabilities	⚠️ 0	25 existing vulnerabilities detected

npm/@babel/preset-env

7.26.9

🟢 6.1

Details

Check	Score	Reason
Maintained	🟢 10	30 commit(s) and 23 issue activity found in the last 90 days -- score normalized to 10
Code-Review	🟢 6	Found 20/29 approved changesets -- score normalized to 6
Packaging	⚠️ -1	packaging workflow not detected
CII-Best-Practices	⚠️ 2	badge detected: InProgress
Security-Policy	🟢 10	security policy file detected
License	🟢 10	license file detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Token-Permissions	🟢 9	detected GitHub workflow tokens with excessive permissions
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Binary-Artifacts	🟢 10	no binaries found in the repo
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Fuzzing	⚠️ 0	project is not fuzzed
Vulnerabilities	⚠️ 0	25 existing vulnerabilities detected

npm/@rollup/rollup-android-arm-eabi

4.34.9

🟢 6

Details

Check	Score	Reason
Maintained	🟢 10	30 commit(s) and 14 issue activity found in the last 90 days -- score normalized to 10
Packaging	⚠️ -1	packaging workflow not detected
Code-Review	🟢 3	Found 7/22 approved changesets -- score normalized to 3
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Security-Policy	🟢 10	security policy file detected
License	🟢 9	license file detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	🟢 8	branch protection is not maximal on development and all release branches
Binary-Artifacts	🟢 10	no binaries found in the repo
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Fuzzing	⚠️ 0	project is not fuzzed
Vulnerabilities	🟢 10	0 existing vulnerabilities detected

npm/@rollup/rollup-android-arm64

4.34.9

🟢 6

Details

Check	Score	Reason
Maintained	🟢 10	30 commit(s) and 14 issue activity found in the last 90 days -- score normalized to 10
Packaging	⚠️ -1	packaging workflow not detected
Code-Review	🟢 3	Found 7/22 approved changesets -- score normalized to 3
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Security-Policy	🟢 10	security policy file detected
License	🟢 9	license file detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	🟢 8	branch protection is not maximal on development and all release branches
Binary-Artifacts	🟢 10	no binaries found in the repo
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Fuzzing	⚠️ 0	project is not fuzzed
Vulnerabilities	🟢 10	0 existing vulnerabilities detected

npm/@rollup/rollup-darwin-arm64

4.34.9

🟢 6

Details

Check	Score	Reason
Maintained	🟢 10	30 commit(s) and 14 issue activity found in the last 90 days -- score normalized to 10
Packaging	⚠️ -1	packaging workflow not detected
Code-Review	🟢 3	Found 7/22 approved changesets -- score normalized to 3
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Security-Policy	🟢 10	security policy file detected
License	🟢 9	license file detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	🟢 8	branch protection is not maximal on development and all release branches
Binary-Artifacts	🟢 10	no binaries found in the repo
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Fuzzing	⚠️ 0	project is not fuzzed
Vulnerabilities	🟢 10	0 existing vulnerabilities detected

npm/@rollup/rollup-darwin-x64

4.34.9

🟢 6

Details

Check	Score	Reason
Maintained	🟢 10	30 commit(s) and 14 issue activity found in the last 90 days -- score normalized to 10
Packaging	⚠️ -1	packaging workflow not detected
Code-Review	🟢 3	Found 7/22 approved changesets -- score normalized to 3
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Security-Policy	🟢 10	security policy file detected
License	🟢 9	license file detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	🟢 8	branch protection is not maximal on development and all release branches
Binary-Artifacts	🟢 10	no binaries found in the repo
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Fuzzing	⚠️ 0	project is not fuzzed
Vulnerabilities	🟢 10	0 existing vulnerabilities detected

npm/@rollup/rollup-freebsd-arm64

4.34.9

🟢 6

Details

Check	Score	Reason
Maintained	🟢 10	30 commit(s) and 14 issue activity found in the last 90 days -- score normalized to 10
Packaging	⚠️ -1	packaging workflow not detected
Code-Review	🟢 3	Found 7/22 approved changesets -- score normalized to 3
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Security-Policy	🟢 10	security policy file detected
License	🟢 9	license file detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	🟢 8	branch protection is not maximal on development and all release branches
Binary-Artifacts	🟢 10	no binaries found in the repo
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Fuzzing	⚠️ 0	project is not fuzzed
Vulnerabilities	🟢 10	0 existing vulnerabilities detected

npm/@rollup/rollup-freebsd-x64

4.34.9

🟢 6

Details

Check	Score	Reason
Maintained	🟢 10	30 commit(s) and 14 issue activity found in the last 90 days -- score normalized to 10
Packaging	⚠️ -1	packaging workflow not detected
Code-Review	🟢 3	Found 7/22 approved changesets -- score normalized to 3
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Security-Policy	🟢 10	security policy file detected
License	🟢 9	license file detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	🟢 8	branch protection is not maximal on development and all release branches
Binary-Artifacts	🟢 10	no binaries found in the repo
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Fuzzing	⚠️ 0	project is not fuzzed
Vulnerabilities	🟢 10	0 existing vulnerabilities detected

npm/@rollup/rollup-linux-arm-gnueabihf

4.34.9

🟢 6

Details

Check	Score	Reason
Maintained	🟢 10	30 commit(s) and 14 issue activity found in the last 90 days -- score normalized to 10
Packaging	⚠️ -1	packaging workflow not detected
Code-Review	🟢 3	Found 7/22 approved changesets -- score normalized to 3
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Security-Policy	🟢 10	security policy file detected
License	🟢 9	license file detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	🟢 8	branch protection is not maximal on development and all release branches
Binary-Artifacts	🟢 10	no binaries found in the repo
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Fuzzing	⚠️ 0	project is not fuzzed
Vulnerabilities	🟢 10	0 existing vulnerabilities detected

npm/@rollup/rollup-linux-arm-musleabihf

4.34.9

🟢 6

Details

Check	Score	Reason
Maintained	🟢 10	30 commit(s) and 14 issue activity found in the last 90 days -- score normalized to 10
Packaging	⚠️ -1	packaging workflow not detected
Code-Review	🟢 3	Found 7/22 approved changesets -- score normalized to 3
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Security-Policy	🟢 10	security policy file detected
License	🟢 9	license file detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	🟢 8	branch protection is not maximal on development and all release branches
Binary-Artifacts	🟢 10	no binaries found in the repo
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Fuzzing	⚠️ 0	project is not fuzzed
Vulnerabilities	🟢 10	0 existing vulnerabilities detected

npm/@rollup/rollup-linux-arm64-gnu

4.34.9

🟢 6

Details

Check	Score	Reason
Maintained	🟢 10	30 commit(s) and 14 issue activity found in the last 90 days -- score normalized to 10
Packaging	⚠️ -1	packaging workflow not detected
Code-Review	🟢 3	Found 7/22 approved changesets -- score normalized to 3
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Security-Policy	🟢 10	security policy file detected
License	🟢 9	license file detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	🟢 8	branch protection is not maximal on development and all release branches
Binary-Artifacts	🟢 10	no binaries found in the repo
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Fuzzing	⚠️ 0	project is not fuzzed
Vulnerabilities	🟢 10	0 existing vulnerabilities detected

npm/@rollup/rollup-linux-arm64-musl

4.34.9

🟢 6

Details

Check	Score	Reason
Maintained	🟢 10	30 commit(s) and 14 issue activity found in the last 90 days -- score normalized to 10
Packaging	⚠️ -1	packaging workflow not detected
Code-Review	🟢 3	Found 7/22 approved changesets -- score normalized to 3
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Security-Policy	🟢 10	security policy file detected
License	🟢 9	license file detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	🟢 8	branch protection is not maximal on development and all release branches
Binary-Artifacts	🟢 10	no binaries found in the repo
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Fuzzing	⚠️ 0	project is not fuzzed
Vulnerabilities	🟢 10	0 existing vulnerabilities detected

npm/@rollup/rollup-linux-loongarch64-gnu

4.34.9

🟢 6

Details

Check	Score	Reason
Maintained	🟢 10	30 commit(s) and 14 issue activity found in the last 90 days -- score normalized to 10
Packaging	⚠️ -1	packaging workflow not detected
Code-Review	🟢 3	Found 7/22 approved changesets -- score normalized to 3
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Security-Policy	🟢 10	security policy file detected
License	🟢 9	license file detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	🟢 8	branch protection is not maximal on development and all release branches
Binary-Artifacts	🟢 10	no binaries found in the repo
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Fuzzing	⚠️ 0	project is not fuzzed
Vulnerabilities	🟢 10	0 existing vulnerabilities detected

npm/@rollup/rollup-linux-powerpc64le-gnu

4.34.9

🟢 6

Details

Check	Score	Reason
Maintained	🟢 10	30 commit(s) and 14 issue activity found in the last 90 days -- score normalized to 10
Packaging	⚠️ -1	packaging workflow not detected
Code-Review	🟢 3	Found 7/22 approved changesets -- score normalized to 3
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Security-Policy	🟢 10	security policy file detected
License	🟢 9	license file detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	🟢 8	branch protection is not maximal on development and all release branches
Binary-Artifacts	🟢 10	no binaries found in the repo
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Fuzzing	⚠️ 0	project is not fuzzed
Vulnerabilities	🟢 10	0 existing vulnerabilities detected

npm/@rollup/rollup-linux-riscv64-gnu

4.34.9

🟢 6

Details

Check	Score	Reason
Maintained	🟢 10	30 commit(s) and 14 issue activity found in the last 90 days -- score normalized to 10
Packaging	⚠️ -1	packaging workflow not detected
Code-Review	🟢 3	Found 7/22 approved changesets -- score normalized to 3
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Security-Policy	🟢 10	security policy file detected
License	🟢 9	license file detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	🟢 8	branch protection is not maximal on development and all release branches
Binary-Artifacts	🟢 10	no binaries found in the repo
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Fuzzing	⚠️ 0	project is not fuzzed
Vulnerabilities	🟢 10	0 existing vulnerabilities detected

npm/@rollup/rollup-linux-s390x-gnu

4.34.9

🟢 6

Details

Check	Score	Reason
Maintained	🟢 10	30 commit(s) and 14 issue activity found in the last 90 days -- score normalized to 10
Packaging	⚠️ -1	packaging workflow not detected
Code-Review	🟢 3	Found 7/22 approved changesets -- score normalized to 3
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Security-Policy	🟢 10	security policy file detected
License	🟢 9	license file detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	🟢 8	branch protection is not maximal on development and all release branches
Binary-Artifacts	🟢 10	no binaries found in the repo
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Fuzzing	⚠️ 0	project is not fuzzed
Vulnerabilities	🟢 10	0 existing vulnerabilities detected

npm/@rollup/rollup-linux-x64-gnu

4.34.9

🟢 6

Details

Check	Score	Reason
Maintained	🟢 10	30 commit(s) and 14 issue activity found in the last 90 days -- score normalized to 10
Packaging	⚠️ -1	packaging workflow not detected
Code-Review	🟢 3	Found 7/22 approved changesets -- score normalized to 3
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Security-Policy	🟢 10	security policy file detected
License	🟢 9	license file detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	🟢 8	branch protection is not maximal on development and all release branches
Binary-Artifacts	🟢 10	no binaries found in the repo
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Fuzzing	⚠️ 0	project is not fuzzed
Vulnerabilities	🟢 10	0 existing vulnerabilities detected

npm/@rollup/rollup-linux-x64-musl

4.34.9

🟢 6

Details

Check	Score	Reason
Maintained	🟢 10	30 commit(s) and 14 issue activity found in the last 90 days -- score normalized to 10
Packaging	⚠️ -1	packaging workflow not detected
Code-Review	🟢 3	Found 7/22 approved changesets -- score normalized to 3
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Security-Policy	🟢 10	security policy file detected
License	🟢 9	license file detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	🟢 8	branch protection is not maximal on development and all release branches
Binary-Artifacts	🟢 10	no binaries found in the repo
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Fuzzing	⚠️ 0	project is not fuzzed
Vulnerabilities	🟢 10	0 existing vulnerabilities detected

npm/@rollup/rollup-win32-arm64-msvc

4.34.9

🟢 6

Details

Check	Score	Reason
Maintained	🟢 10	30 commit(s) and 14 issue activity found in the last 90 days -- score normalized to 10
Packaging	⚠️ -1	packaging workflow not detected
Code-Review	🟢 3	Found 7/22 approved changesets -- score normalized to 3
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Security-Policy	🟢 10	security policy file detected
License	🟢 9	license file detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	🟢 8	branch protection is not maximal on development and all release branches
Binary-Artifacts	🟢 10	no binaries found in the repo
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Fuzzing	⚠️ 0	project is not fuzzed
Vulnerabilities	🟢 10	0 existing vulnerabilities detected

npm/@rollup/rollup-win32-ia32-msvc

4.34.9

🟢 6

Details

Check	Score	Reason
Maintained	🟢 10	30 commit(s) and 14 issue activity found in the last 90 days -- score normalized to 10
Packaging	⚠️ -1	packaging workflow not detected
Code-Review	🟢 3	Found 7/22 approved changesets -- score normalized to 3
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Security-Policy	🟢 10	security policy file detected
License	🟢 9	license file detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	🟢 8	branch protection is not maximal on development and all release branches
Binary-Artifacts	🟢 10	no binaries found in the repo
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Fuzzing	⚠️ 0	project is not fuzzed
Vulnerabilities	🟢 10	0 existing vulnerabilities detected

npm/@rollup/rollup-win32-x64-msvc

4.34.9

🟢 6

Details

Check	Score	Reason
Maintained	🟢 10	30 commit(s) and 14 issue activity found in the last 90 days -- score normalized to 10
Packaging	⚠️ -1	packaging workflow not detected
Code-Review	🟢 3	Found 7/22 approved changesets -- score normalized to 3
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Security-Policy	🟢 10	security policy file detected
License	🟢 9	license file detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	🟢 8	branch protection is not maximal on development and all release branches
Binary-Artifacts	🟢 10	no binaries found in the repo
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Fuzzing	⚠️ 0	project is not fuzzed
Vulnerabilities	🟢 10	0 existing vulnerabilities detected

npm/@types/node

22.13.8

🟢 7

Details

Check	Score	Reason
Maintained	🟢 10	30 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10
Packaging	⚠️ -1	packaging workflow not detected
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Code-Review	🟢 9	Found 27/30 approved changesets -- score normalized to 9
License	🟢 9	license file detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Security-Policy	🟢 10	security policy file detected
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Signed-Releases	⚠️ -1	no releases found
Vulnerabilities	🟢 10	0 existing vulnerabilities detected
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Binary-Artifacts	🟢 10	no binaries found in the repo
Pinned-Dependencies	🟢 8	dependency not pinned by hash detected -- score normalized to 8
Fuzzing	⚠️ 0	project is not fuzzed

npm/@wordpress/babel-plugin-makepot

6.19.0

🟢 5.2

Details

Check	Score	Reason
Maintained	🟢 10	30 commit(s) and 13 issue activity found in the last 90 days -- score normalized to 10
Code-Review	🟢 8	Found 24/30 approved changesets -- score normalized to 8
Security-Policy	🟢 9	security policy file detected
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
License	🟢 9	license file detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Signed-Releases	⚠️ 0	Project has not signed or included provenance with any releases.
Pinned-Dependencies	🟢 8	dependency not pinned by hash detected -- score normalized to 8
Binary-Artifacts	🟢 7	binaries present in source code
Fuzzing	⚠️ 0	project is not fuzzed
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Packaging	🟢 10	packaging workflow detected
Vulnerabilities	⚠️ 0	22 existing vulnerabilities detected

npm/@wordpress/babel-preset-default

8.19.0

🟢 5.2

Details

Check	Score	Reason
Maintained	🟢 10	30 commit(s) and 13 issue activity found in the last 90 days -- score normalized to 10
Code-Review	🟢 8	Found 24/30 approved changesets -- score normalized to 8
Security-Policy	🟢 9	security policy file detected
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
License	🟢 9	license file detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Signed-Releases	⚠️ 0	Project has not signed or included provenance with any releases.
Pinned-Dependencies	🟢 8	dependency not pinned by hash detected -- score normalized to 8
Binary-Artifacts	🟢 7	binaries present in source code
Fuzzing	⚠️ 0	project is not fuzzed
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Packaging	🟢 10	packaging workflow detected
Vulnerabilities	⚠️ 0	22 existing vulnerabilities detected

npm/@wordpress/browserslist-config

6.19.0

🟢 5.2

Details

Check	Score	Reason
Maintained	🟢 10	30 commit(s) and 13 issue activity found in the last 90 days -- score normalized to 10
Code-Review	🟢 8	Found 24/30 approved changesets -- score normalized to 8
Security-Policy	🟢 9	security policy file detected
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
License	🟢 9	license file detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Signed-Releases	⚠️ 0	Project has not signed or included provenance with any releases.
Pinned-Dependencies	🟢 8	dependency not pinned by hash detected -- score normalized to 8
Binary-Artifacts	🟢 7	binaries present in source code
Fuzzing	⚠️ 0	project is not fuzzed
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Packaging	🟢 10	packaging workflow detected
Vulnerabilities	⚠️ 0	22 existing vulnerabilities detected

npm/@wordpress/eslint-plugin

22.5.0

🟢 5.2

Details

Check	Score	Reason
Maintained	🟢 10	30 commit(s) and 13 issue activity found in the last 90 days -- score normalized to 10
Code-Review	🟢 8	Found 24/30 approved changesets -- score normalized to 8
Security-Policy	🟢 9	security policy file detected
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
License	🟢 9	license file detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Signed-Releases	⚠️ 0	Project has not signed or included provenance with any releases.
Pinned-Dependencies	🟢 8	dependency not pinned by hash detected -- score normalized to 8
Binary-Artifacts	🟢 7	binaries present in source code
Fuzzing	⚠️ 0	project is not fuzzed
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Packaging	🟢 10	packaging workflow detected
Vulnerabilities	⚠️ 0	22 existing vulnerabilities detected

npm/@wordpress/hooks

4.19.0

🟢 5.2

Details

Check	Score	Reason
Maintained	🟢 10	30 commit(s) and 13 issue activity found in the last 90 days -- score normalized to 10
Code-Review	🟢 8	Found 24/30 approved changesets -- score normalized to 8
Security-Policy	🟢 9	security policy file detected
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
License	🟢 9	license file detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Signed-Releases	⚠️ 0	Project has not signed or included provenance with any releases.
Pinned-Dependencies	🟢 8	dependency not pinned by hash detected -- score normalized to 8
Binary-Artifacts	🟢 7	binaries present in source code
Fuzzing	⚠️ 0	project is not fuzzed
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Packaging	🟢 10	packaging workflow detected
Vulnerabilities	⚠️ 0	22 existing vulnerabilities detected

npm/@wordpress/i18n

5.19.0

🟢 5.2

Details

Check	Score	Reason
Maintained	🟢 10	30 commit(s) and 13 issue activity found in the last 90 days -- score normalized to 10
Code-Review	🟢 8	Found 24/30 approved changesets -- score normalized to 8
Security-Policy	🟢 9	security policy file detected
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
License	🟢 9	license file detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Signed-Releases	⚠️ 0	Project has not signed or included provenance with any releases.
Pinned-Dependencies	🟢 8	dependency not pinned by hash detected -- score normalized to 8
Binary-Artifacts	🟢 7	binaries present in source code
Fuzzing	⚠️ 0	project is not fuzzed
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Packaging	🟢 10	packaging workflow detected
Vulnerabilities	⚠️ 0	22 existing vulnerabilities detected

npm/@wordpress/prettier-config

4.19.0

🟢 5.2

Details

Check	Score	Reason
Maintained	🟢 10	30 commit(s) and 13 issue activity found in the last 90 days -- score normalized to 10
Code-Review	🟢 8	Found 24/30 approved changesets -- score normalized to 8
Security-Policy	🟢 9	security policy file detected
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
License	🟢 9	license file detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Signed-Releases	⚠️ 0	Project has not signed or included provenance with any releases.
Pinned-Dependencies	🟢 8	dependency not pinned by hash detected -- score normalized to 8
Binary-Artifacts	🟢 7	binaries present in source code
Fuzzing	⚠️ 0	project is not fuzzed
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Packaging	🟢 10	packaging workflow detected
Vulnerabilities	⚠️ 0	22 existing vulnerabilities detected

npm/@wordpress/warning

3.19.0

🟢 5.2

Details

Check	Score	Reason
Maintained	🟢 10	30 commit(s) and 13 issue activity found in the last 90 days -- score normalized to 10
Code-Review	🟢 8	Found 24/30 approved changesets -- score normalized to 8
Security-Policy	🟢 9	security policy file detected
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
License	🟢 9	license file detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Signed-Releases	⚠️ 0	Project has not signed or included provenance with any releases.
Pinned-Dependencies	🟢 8	dependency not pinned by hash detected -- score normalized to 8
Binary-Artifacts	🟢 7	binaries present in source code
Fuzzing	⚠️ 0	project is not fuzzed
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Packaging	🟢 10	packaging workflow detected
Vulnerabilities	⚠️ 0	22 existing vulnerabilities detected

npm/rollup

4.34.9

🟢 6

Details

Check	Score	Reason
Maintained	🟢 10	30 commit(s) and 14 issue activity found in the last 90 days -- score normalized to 10
Packaging	⚠️ -1	packaging workflow not detected
Code-Review	🟢 3	Found 7/22 approved changesets -- score normalized to 3
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Security-Policy	🟢 10	security policy file detected
License	🟢 9	license file detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	🟢 8	branch protection is not maximal on development and all release branches
Binary-Artifacts	🟢 10	no binaries found in the repo
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Fuzzing	⚠️ 0	project is not fuzzed
Vulnerabilities	🟢 10	0 existing vulnerabilities detected

npm/typescript

5.8.2

🟢 8.7

Details

Check	Score	Reason
Maintained	🟢 10	30 commit(s) and 5 issue activity found in the last 90 days -- score normalized to 10
Code-Review	🟢 10	all changesets reviewed
Dependency-Update-Tool	🟢 10	update tool detected
Packaging	⚠️ -1	packaging workflow not detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Token-Permissions	🟢 10	GitHub workflow tokens follow principle of least privilege
Security-Policy	🟢 10	security policy file detected
License	🟢 10	license file detected
Signed-Releases	⚠️ 0	Project has not signed or included provenance with any releases.
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Binary-Artifacts	🟢 10	no binaries found in the repo
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Pinned-Dependencies	🟢 6	dependency not pinned by hash detected -- score normalized to 6
SAST	🟢 10	SAST tool is run on all commits
Vulnerabilities	🟢 10	0 existing vulnerabilities detected
Fuzzing	🟢 10	project is fuzzed
CI-Tests	🟢 10	30 out of 30 merged PRs checked by a CI test -- score normalized to 10
Contributors	🟢 10	project has 36 contributing companies or organizations

Scanned Files

package-lock.json

renovate bot added dependencies dev-dependencies labels Jan 16, 2025

renovate bot requested a review from sjinks as a code owner January 16, 2025 05:00

renovate bot added the php label Jan 16, 2025

renovate bot enabled auto-merge (squash) January 16, 2025 05:00

renovate bot force-pushed the renovate/dev-deps branch 15 times, most recently from 5dc3163 to 5a8087b Compare January 23, 2025 04:50

renovate bot force-pushed the renovate/dev-deps branch 8 times, most recently from 423234b to 32d45ba Compare January 28, 2025 05:02

renovate bot force-pushed the renovate/dev-deps branch 9 times, most recently from ee4b4a1 to 4a04685 Compare February 4, 2025 07:38

renovate bot changed the title ~~chore(deps): update devdependencies (non-major)~~ chore(deps): update dependency wp-cli/i18n-command to v2.6.4 Feb 4, 2025

renovate bot force-pushed the renovate/dev-deps branch from 4a04685 to bbda663 Compare February 4, 2025 09:18

renovate bot changed the title ~~chore(deps): update dependency wp-cli/i18n-command to v2.6.4~~ chore(deps): update devdependencies (non-major) Feb 4, 2025

renovate bot force-pushed the renovate/dev-deps branch 6 times, most recently from 515b5bf to c4d9077 Compare February 9, 2025 20:44

renovate bot force-pushed the renovate/dev-deps branch 6 times, most recently from fc22bbd to 7aa2b8b Compare February 17, 2025 10:50

renovate bot force-pushed the renovate/dev-deps branch 4 times, most recently from 107f20e to acff077 Compare February 28, 2025 22:23

chore(deps): update devdependencies (non-major)

b5cb747

renovate bot force-pushed the renovate/dev-deps branch from acff077 to b5cb747 Compare March 1, 2025 09:22

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore(deps): update devdependencies (non-major) #974

chore(deps): update devdependencies (non-major) #974

renovate bot commented Jan 16, 2025 •

edited

Loading

renovate bot commented Jan 16, 2025 •

edited

Loading

github-actions bot commented Jan 16, 2025 •

edited

Loading

chore(deps): update devdependencies (non-major) #974

Are you sure you want to change the base?

chore(deps): update devdependencies (non-major) #974

Conversation

renovate bot commented Jan 16, 2025 • edited Loading

Release Notes

🐛 Bug Fix

🏠 Internal

Bug Fixes

Pull Requests

Bug Fixes

Pull Requests

Bug Fixes

Pull Requests

v2.6.4: Version 2.6.4

Configuration

renovate bot commented Jan 16, 2025 • edited Loading

⚠️ Artifact update problem

File name: composer.lock

github-actions bot commented Jan 16, 2025 • edited Loading

Dependency Review

OpenSSF Scorecard

Scanned Files

renovate bot commented Jan 16, 2025 •

edited

Loading

`v2.6.4`: Version 2.6.4

renovate bot commented Jan 16, 2025 •

edited

Loading

github-actions bot commented Jan 16, 2025 •

edited

Loading