Bump the production-dependencies group across 1 directory with 14 updates #114

dependabot · 2025-01-27T20:32:56Z

Bumps the production-dependencies group with 14 updates in the /frontend directory:

Package	From	To
@angular/animations	`18.2.12`	`19.1.3`
@angular/cdk	`18.2.13`	`19.1.1`
@angular/common	`18.2.12`	`19.1.3`
@angular/compiler	`18.2.12`	`19.1.3`
@angular/core	`18.2.12`	`19.1.3`
@angular/forms	`18.2.12`	`19.1.3`
@angular/material	`18.2.13`	`19.1.1`
@angular/platform-browser	`18.2.12`	`19.1.3`
@angular/platform-browser-dynamic	`18.2.12`	`19.1.3`
@angular/router	`18.2.12`	`19.1.3`
@octokit/types	`13.6.1`	`13.7.0`
cronstrue	`2.51.0`	`2.53.0`
highcharts	`11.4.8`	`12.1.2`
ng2-charts	`7.0.0`	`8.0.0`

Updates @angular/animations from 18.2.12 to 19.1.3

Release notes

Sourced from @angular/animations's releases.

v19.1.3

19.1.3 (2025-01-22)

compiler

Commit Description

handle :host-context with comma-separated child selector (#59276)

compiler-cli

Commit Description

extract parenthesized dependencies during HMR (#59644)

handle conditional expressions when extracting dependencies (#59637)

handle new expressions when extracting dependencies (#59637)

core

Commit Description

capture self-referencing component during HMR (#59644)

replace metadata in place during HMR (#59644)

skip component ID collision warning during SSR (#59625)

migrations

Commit Description

avoid applying the same replacements twice when cleaning up unused imports (#59656)

platform-browser

Commit Description

clear renderer cache during HMR when using async animations (#59644)

v19.1.2

19.1.2 (2025-01-20)

compiler

Commit Description

update @ng/component URL to be relative (#59620)

compiler-cli

Commit Description

disable tree shaking during HMR (#59595)

core

Commit Description

animation sometimes renderer not being destroyed during HMR (#59574)

change Resource to use explicit undefined in its typings (#59024)

cleanup _ejsa when app is destroyed (#59492)

cleanup stash listener when app is destroyed (#59598)

handle shadow DOM encapsulated component with HMR (#59597)

HMR not matching component that injects ViewContainerRef (#59596)

treat exceptions in equal as part of computation (#55818)

... (truncated)

Changelog

Sourced from @angular/animations's changelog.

19.1.3 (2025-01-22)

compiler

Commit Type Description

ecfb74d287 fix handle :host-context with comma-separated child selector (#59276)

compiler-cli

Commit Type Description

53160e504d fix extract parenthesized dependencies during HMR (#59644)

39690969af fix handle conditional expressions when extracting dependencies (#59637)

78af7a5059 fix handle new expressions when extracting dependencies (#59637)

core

Commit Type Description

408af24ff3 fix capture self-referencing component during HMR (#59644)

d7575c201c fix replace metadata in place during HMR (#59644)

26f6d4c485 fix skip component ID collision warning during SSR (#59625)

migrations

Commit Type Description

a62c84bc18 fix avoid applying the same replacements twice when cleaning up unused imports (#59656)

platform-browser

Commit Type Description

b2b3816cb1 fix clear renderer cache during HMR when using async animations (#59644)

19.1.2 (2025-01-20)

compiler

Commit Type Description

8dcd889987 fix update @ng/component URL to be relative (#59620)

compiler-cli

Commit Type Description

95a05bb202 fix disable tree shaking during HMR (#59595)

core

Commit Type Description

a4eb74c79c fix animation sometimes renderer not being destroyed during HMR (#59574)

906413aba3 fix change Resource to use explicit undefined in its typings (#59024)

4eb541837c fix cleanup _ejsa when app is destroyed (#59492)

5497102769 fix cleanup stash listener when app is destroyed (#59598)

266a8f2f2e fix handle shadow DOM encapsulated component with HMR (#59597)

6f7716268a fix HMR not matching component that injects ViewContainerRef (#59596)

d12a186d53 fix treat exceptions in equal as part of computation (#55818)

... (truncated)

Commits

a4eb74c fix(core): animation sometimes renderer not being destroyed during HMR (#59574)
bfaeefe refactor(animations): drop warning functions in production (#59408)
0e23f20 fix(platform-browser): styles not replaced during HMR when using animations r...
2f5f898 docs(animations): update position parameter to be a decimal (#57927)
d010e11 feat(core): add event listener options to renderer (#59092)
0513fbc docs: set syntax highlighting of code examples MD code blocks (#59026)
8d6ea5b docs: fix missing alert block styles in the API reference (#59020)
09df589 refactor(core): Migrate all packages with the explicit-standalone-flag sche...
84b6896 refactor(platform-server): Add an ssr benchmark setup. (#57647)
9dbe6fc refactor: update license text to point to angular.dev (#57901)
See full diff in compare view

Updates @angular/cdk from 18.2.13 to 19.1.1

Release notes

Sourced from @angular/cdk's releases.

v19.1.1

19.1.1 "lanthanum-labrador" (2025-01-22)

material

Commit Description

autocomplete: fix initial render logic (#30348)

chips: fix chip blur timing (#30347)

expansion: inherit shape for focus indicator (#30352)

cdk

Commit Description

text-field: clear cached line height on resize (#30355)

v19.1.0

19.1.0 "denim-firefly" (2025-01-16)

material-luxon-adapter

Commit Description

infer first day of week from locale (#30285)

material-experimental

Commit Description

column-resize: Add support for "lazy" rather than live updating during resizing. (#30120)

cdk-experimental

Commit Description

column-resize: Support column size persistance hooks (#30136)

column-resize: Previous size was being sent for persistance rather than newly updated size in non-live resize mode. (#30161)

material

Commit Description

schematics: Add CSS output to custom theme schematic (#30004)

api-theme: fix nav items hover/focus contrast (#1004)

checkbox: ensure focus indicator has the correct shape (#30332)

docs: change twitter logo (#1245)

menu: lazy content not detached after animation (#30301)

select: match disabled placeholder color with label (#29870)

select: remove color transition w/ no animations module (#30304)

slider: active vs inactive tick mark count (#30319)

slider: tick mark positioning (#30329)

sort: avoid center align for sort header

tabs: tab nav bar animation not working when navigating forwards (#30313)

theme: unselected theme picker

tooltip: deprecate matTooltipAnimations (#30310)

button: Remove unused inject. (#30320)

table: Optimize expensive css selector (#30305)

tooltip: Use afterNextRender to invoke aria describer to align layout updates with other components using afterNextRender. (#30265)

cdk

... (truncated)

Changelog

Sourced from @angular/cdk's changelog.

19.1.1 "lanthanum-labrador" (2025-01-22)

cdk

Commit Type Description

380fd1dfa fix text-field: clear cached line height on resize (#30355)

material

Commit Type Description

5c4421641 fix autocomplete: fix initial render logic (#30348)

db3895cf1 fix chips: fix chip blur timing (#30347)

09d7476d9 fix expansion: inherit shape for focus indicator (#30352)

19.2.0-next.0 "bronze-baguette" (2025-01-16)

material

Commit Type Description

44c7320653 feat schematics: Add option to customize colors for neutral variant and error palettes (#30321)

1e5663636e fix stepper: switch away from animations module (#30314)

0eb9012777 fix tabs: switch away from animations module (#30281)

e5c3ddfb0b fix timepicker: adds default aria-label to timepicker toggle (#30284)

19.1.0 "denim-firefly" (2025-01-16)

cdk

Commit Type Description

62a672af0d feat dialog: expose cdk dialog docs (#1144)

a0a16fc70e feat menu: expose cdk menu docs (#1142)

2be0afcfb5 fix menu: avoid resetting the scroll position when using the mouse (#30249)

e421765d8d fix menu: not responding to position changes (#30234)

5c75bbecb2 fix scrolling: avoid SSR error in CdkVirtualScrollableWindow (#30259)

d721f0c2bc perf table: Use afterNextRender for sticky styling. Fixes a performance regression dating back to #28393 and removes need for coalesced sticky styler. (#30242)

material

Commit Type Description

f47f5f9a1e feat schematics: Add CSS output to custom theme schematic (#30004)

057ed370aa fix api-theme: fix nav items hover/focus contrast (#1004)

5138fe7b38 fix checkbox: ensure focus indicator has the correct shape (#30332)

3163040850 fix docs: change twitter logo (#1245)

781e91e798 fix menu: lazy content not detached after animation (#30301)

a3d9e4b45d fix select: match disabled placeholder color with label (#29870)

027c3ad267 fix select: remove color transition w/ no animations module (#30304)

4f676d4030 fix slider: active vs inactive tick mark count (#30319)

eae073032c fix slider: tick mark positioning (#30329)

0c099ff024 fix sort: avoid center align for sort header

... (truncated)

Commits

0b9c040 release: cut the v19.1.1 release
380fd1d fix(cdk/text-field): clear cached line height on resize (#30355)
09d7476 fix(material/expansion): inherit shape for focus indicator (#30352)
5c44216 fix(material/autocomplete): fix initial render logic (#30348)
db3895c fix(material/chips): fix chip blur timing (#30347)
7a3eb6c release: cut the v19.1.0 release
0f12ed2 Revert "test(material/timepicker): updates timepicker.spec.ts (#30335)" (#30342)
5138fe7 fix(material/checkbox): ensure focus indicator has the correct shape (#30332)
eae0730 fix(material/slider): tick mark positioning (#30329)
0df6e03 test(material/timepicker): updates timepicker.spec.ts (#30335)
Additional commits viewable in compare view

Updates @angular/common from 18.2.12 to 19.1.3

Release notes

Sourced from @angular/common's releases.

v19.1.3

19.1.3 (2025-01-22)

compiler

Commit Description

handle :host-context with comma-separated child selector (#59276)

compiler-cli

Commit Description

extract parenthesized dependencies during HMR (#59644)

handle conditional expressions when extracting dependencies (#59637)

handle new expressions when extracting dependencies (#59637)

core

Commit Description

capture self-referencing component during HMR (#59644)

replace metadata in place during HMR (#59644)

skip component ID collision warning during SSR (#59625)

migrations

Commit Description

avoid applying the same replacements twice when cleaning up unused imports (#59656)

platform-browser

Commit Description

clear renderer cache during HMR when using async animations (#59644)

v19.1.2

19.1.2 (2025-01-20)

compiler

Commit Description

update @ng/component URL to be relative (#59620)

compiler-cli

Commit Description

disable tree shaking during HMR (#59595)

core

Commit Description

animation sometimes renderer not being destroyed during HMR (#59574)

change Resource to use explicit undefined in its typings (#59024)

cleanup _ejsa when app is destroyed (#59492)

cleanup stash listener when app is destroyed (#59598)

handle shadow DOM encapsulated component with HMR (#59597)

HMR not matching component that injects ViewContainerRef (#59596)

treat exceptions in equal as part of computation (#55818)

... (truncated)

Changelog

Sourced from @angular/common's changelog.

19.1.3 (2025-01-22)

compiler

Commit Type Description

ecfb74d287 fix handle :host-context with comma-separated child selector (#59276)

compiler-cli

Commit Type Description

53160e504d fix extract parenthesized dependencies during HMR (#59644)

39690969af fix handle conditional expressions when extracting dependencies (#59637)

78af7a5059 fix handle new expressions when extracting dependencies (#59637)

core

Commit Type Description

408af24ff3 fix capture self-referencing component during HMR (#59644)

d7575c201c fix replace metadata in place during HMR (#59644)

26f6d4c485 fix skip component ID collision warning during SSR (#59625)

migrations

Commit Type Description

a62c84bc18 fix avoid applying the same replacements twice when cleaning up unused imports (#59656)

platform-browser

Commit Type Description

b2b3816cb1 fix clear renderer cache during HMR when using async animations (#59644)

19.1.2 (2025-01-20)

compiler

Commit Type Description

8dcd889987 fix update @ng/component URL to be relative (#59620)

compiler-cli

Commit Type Description

95a05bb202 fix disable tree shaking during HMR (#59595)

core

Commit Type Description

a4eb74c79c fix animation sometimes renderer not being destroyed during HMR (#59574)

906413aba3 fix change Resource to use explicit undefined in its typings (#59024)

4eb541837c fix cleanup _ejsa when app is destroyed (#59492)

5497102769 fix cleanup stash listener when app is destroyed (#59598)

266a8f2f2e fix handle shadow DOM encapsulated component with HMR (#59597)

6f7716268a fix HMR not matching component that injects ViewContainerRef (#59596)

d12a186d53 fix treat exceptions in equal as part of computation (#55818)

... (truncated)

Commits

810ed6a refactor(common): prevent duplicating Content-Type header (#59518)
e2b7359 refactor(common): drop error message in production (#59471)
95c0e51 docs: update class & style binding recommendation (#59240)
6a0dd96 Revert "refactor: initialize headers map directly in HttpHeaders class (#5926...
3e7ba3d docs: set syntax highlighting to the remaining Markdown code examples blocks ...
51a4839 refactor(common): tree-shake lcpObserver in NgOptimizedImage (#59481)
f6e7516 refactor(common): tree-shake transfer cache interceptor stuff (#59439)
f73f39c refactor: initialize headers map directly in HttpHeaders class (#59268)
411b4f5 refactor(common): prevent duplicating Accept header (#59467)
de12b52 refactor(common): drop enums by changing to const enum (#59468)
Additional commits viewable in compare view

Updates @angular/compiler from 18.2.12 to 19.1.3

Release notes

Sourced from @angular/compiler's releases.

v19.1.3

19.1.3 (2025-01-22)

compiler

Commit Description

handle :host-context with comma-separated child selector (#59276)

compiler-cli

Commit Description

extract parenthesized dependencies during HMR (#59644)

handle conditional expressions when extracting dependencies (#59637)

handle new expressions when extracting dependencies (#59637)

core

Commit Description

capture self-referencing component during HMR (#59644)

replace metadata in place during HMR (#59644)

skip component ID collision warning during SSR (#59625)

migrations

Commit Description

avoid applying the same replacements twice when cleaning up unused imports (#59656)

platform-browser

Commit Description

clear renderer cache during HMR when using async animations (#59644)

v19.1.2

19.1.2 (2025-01-20)

compiler

Commit Description

update @ng/component URL to be relative (#59620)

compiler-cli

Commit Description

disable tree shaking during HMR (#59595)

core
<...
Description has been truncated

Commit Description

animation sometimes renderer not being destroyed during HMR (#59574)

change Resource to use explicit undefined in its typings (#59024)

cleanup _ejsa when app is destroyed (#59492)

cleanup stash listener when app is destroyed (#59598)

handle shadow DOM encapsulated component with HMR (#59597)

HMR not matching component that injects ViewContainerRef (#59596)

…ates Bumps the production-dependencies group with 14 updates in the /frontend directory: | Package | From | To | | --- | --- | --- | | [@angular/animations](https://github.com/angular/angular/tree/HEAD/packages/animations) | `18.2.12` | `19.1.3` | | [@angular/cdk](https://github.com/angular/components) | `18.2.13` | `19.1.1` | | [@angular/common](https://github.com/angular/angular/tree/HEAD/packages/common) | `18.2.12` | `19.1.3` | | [@angular/compiler](https://github.com/angular/angular/tree/HEAD/packages/compiler) | `18.2.12` | `19.1.3` | | [@angular/core](https://github.com/angular/angular/tree/HEAD/packages/core) | `18.2.12` | `19.1.3` | | [@angular/forms](https://github.com/angular/angular/tree/HEAD/packages/forms) | `18.2.12` | `19.1.3` | | [@angular/material](https://github.com/angular/components) | `18.2.13` | `19.1.1` | | [@angular/platform-browser](https://github.com/angular/angular/tree/HEAD/packages/platform-browser) | `18.2.12` | `19.1.3` | | [@angular/platform-browser-dynamic](https://github.com/angular/angular/tree/HEAD/packages/platform-browser-dynamic) | `18.2.12` | `19.1.3` | | [@angular/router](https://github.com/angular/angular/tree/HEAD/packages/router) | `18.2.12` | `19.1.3` | | [@octokit/types](https://github.com/octokit/types.ts) | `13.6.1` | `13.7.0` | | [cronstrue](https://github.com/bradymholt/cronstrue) | `2.51.0` | `2.53.0` | | [highcharts](https://github.com/highcharts/highcharts-dist) | `11.4.8` | `12.1.2` | | [ng2-charts](https://github.com/valor-software/ng2-charts) | `7.0.0` | `8.0.0` | Updates `@angular/animations` from 18.2.12 to 19.1.3 - [Release notes](https://github.com/angular/angular/releases) - [Changelog](https://github.com/angular/angular/blob/main/CHANGELOG.md) - [Commits](https://github.com/angular/angular/commits/19.1.3/packages/animations) Updates `@angular/cdk` from 18.2.13 to 19.1.1 - [Release notes](https://github.com/angular/components/releases) - [Changelog](https://github.com/angular/components/blob/main/CHANGELOG.md) - [Commits](angular/components@18.2.13...19.1.1) Updates `@angular/common` from 18.2.12 to 19.1.3 - [Release notes](https://github.com/angular/angular/releases) - [Changelog](https://github.com/angular/angular/blob/main/CHANGELOG.md) - [Commits](https://github.com/angular/angular/commits/19.1.3/packages/common) Updates `@angular/compiler` from 18.2.12 to 19.1.3 - [Release notes](https://github.com/angular/angular/releases) - [Changelog](https://github.com/angular/angular/blob/main/CHANGELOG.md) - [Commits](https://github.com/angular/angular/commits/19.1.3/packages/compiler) Updates `@angular/core` from 18.2.12 to 19.1.3 - [Release notes](https://github.com/angular/angular/releases) - [Changelog](https://github.com/angular/angular/blob/main/CHANGELOG.md) - [Commits](https://github.com/angular/angular/commits/19.1.3/packages/core) Updates `@angular/forms` from 18.2.12 to 19.1.3 - [Release notes](https://github.com/angular/angular/releases) - [Changelog](https://github.com/angular/angular/blob/main/CHANGELOG.md) - [Commits](https://github.com/angular/angular/commits/19.1.3/packages/forms) Updates `@angular/material` from 18.2.13 to 19.1.1 - [Release notes](https://github.com/angular/components/releases) - [Changelog](https://github.com/angular/components/blob/main/CHANGELOG.md) - [Commits](angular/components@18.2.13...19.1.1) Updates `@angular/platform-browser` from 18.2.12 to 19.1.3 - [Release notes](https://github.com/angular/angular/releases) - [Changelog](https://github.com/angular/angular/blob/main/CHANGELOG.md) - [Commits](https://github.com/angular/angular/commits/19.1.3/packages/platform-browser) Updates `@angular/platform-browser-dynamic` from 18.2.12 to 19.1.3 - [Release notes](https://github.com/angular/angular/releases) - [Changelog](https://github.com/angular/angular/blob/main/CHANGELOG.md) - [Commits](https://github.com/angular/angular/commits/19.1.3/packages/platform-browser-dynamic) Updates `@angular/router` from 18.2.12 to 19.1.3 - [Release notes](https://github.com/angular/angular/releases) - [Changelog](https://github.com/angular/angular/blob/main/CHANGELOG.md) - [Commits](https://github.com/angular/angular/commits/19.1.3/packages/router) Updates `@octokit/types` from 13.6.1 to 13.7.0 - [Release notes](https://github.com/octokit/types.ts/releases) - [Commits](octokit/types.ts@v13.6.1...v13.7.0) Updates `cronstrue` from 2.51.0 to 2.53.0 - [Release notes](https://github.com/bradymholt/cronstrue/releases) - [Changelog](https://github.com/bradymholt/cRonstrue/blob/main/CHANGELOG.md) - [Commits](bradymholt/cRonstrue@v2.51.0...v2.53.0) Updates `highcharts` from 11.4.8 to 12.1.2 - [Commits](highcharts/highcharts-dist@v11.4.8...v12.1.2) Updates `ng2-charts` from 7.0.0 to 8.0.0 - [Release notes](https://github.com/valor-software/ng2-charts/releases) - [Commits](valor-software/ng2-charts@v7.0.0...v8.0.0) --- updated-dependencies: - dependency-name: "@angular/animations" dependency-type: direct:production update-type: version-update:semver-major dependency-group: production-dependencies - dependency-name: "@angular/cdk" dependency-type: direct:production update-type: version-update:semver-major dependency-group: production-dependencies - dependency-name: "@angular/common" dependency-type: direct:production update-type: version-update:semver-major dependency-group: production-dependencies - dependency-name: "@angular/compiler" dependency-type: direct:production update-type: version-update:semver-major dependency-group: production-dependencies - dependency-name: "@angular/core" dependency-type: direct:production update-type: version-update:semver-major dependency-group: production-dependencies - dependency-name: "@angular/forms" dependency-type: direct:production update-type: version-update:semver-major dependency-group: production-dependencies - dependency-name: "@angular/material" dependency-type: direct:production update-type: version-update:semver-major dependency-group: production-dependencies - dependency-name: "@angular/platform-browser" dependency-type: direct:production update-type: version-update:semver-major dependency-group: production-dependencies - dependency-name: "@angular/platform-browser-dynamic" dependency-type: direct:production update-type: version-update:semver-major dependency-group: production-dependencies - dependency-name: "@angular/router" dependency-type: direct:production update-type: version-update:semver-major dependency-group: production-dependencies - dependency-name: "@octokit/types" dependency-type: direct:production update-type: version-update:semver-minor dependency-group: production-dependencies - dependency-name: cronstrue dependency-type: direct:production update-type: version-update:semver-minor dependency-group: production-dependencies - dependency-name: highcharts dependency-type: direct:production update-type: version-update:semver-major dependency-group: production-dependencies - dependency-name: ng2-charts dependency-type: direct:production update-type: version-update:semver-major dependency-group: production-dependencies ... Signed-off-by: dependabot[bot] <support@github.com>

github-actions · 2025-01-27T20:33:12Z

Dependency Review

The following issues were found:

✅ 0 vulnerable package(s)
✅ 0 package(s) with incompatible licenses
✅ 0 package(s) with invalid SPDX license definitions
⚠️ 1 package(s) with unknown licenses.

See the Details below.

License Issues

frontend/package.json

Package	Version	License	Issue Type
highcharts	^12.1.2	Null	Unknown License

OpenSSF Scorecard

Scorecard details

Package

Version

Score

Details

npm/@angular/animations

19.1.3

🟢 6.4

Details

Check	Score	Reason
Binary-Artifacts	🟢 10	no binaries found in the repo
Branch-Protection	🟢 6	branch protection is not maximal on development and all release branches
CI-Tests	⚠️ -1	no pull request found
CII-Best-Practices	⚠️ 2	badge detected: InProgress
Code-Review	⚠️ 0	Found 0/30 approved changesets -- score normalized to 0
Contributors	🟢 10	project has 36 contributing companies or organizations
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Dependency-Update-Tool	🟢 10	update tool detected
Fuzzing	🟢 10	project is fuzzed
License	🟢 10	license file detected
Maintained	🟢 10	30 commit(s) and 19 issue activity found in the last 90 days -- score normalized to 10
Packaging	⚠️ -1	packaging workflow not detected
Pinned-Dependencies	🟢 10	all dependencies are pinned
SAST	⚠️ 0	no SAST tool detected
Security-Policy	🟢 10	security policy file detected
Signed-Releases	⚠️ -1	no releases found
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Vulnerabilities	⚠️ 0	73 existing vulnerabilities detected

npm/@angular/cdk

19.1.1

🟢 7.3

Details

Check	Score	Reason
Binary-Artifacts	🟢 10	no binaries found in the repo
Branch-Protection	🟢 6	branch protection is not maximal on development and all release branches
CI-Tests	🟢 10	27 out of 27 merged PRs checked by a CI test -- score normalized to 10
CII-Best-Practices	⚠️ 2	badge detected: in_progress
Code-Review	🟢 9	found 1 unreviewed changesets out of 28 -- score normalized to 9
Contributors	🟢 10	23 different organizations found -- score normalized to 10
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Dependency-Update-Tool	🟢 10	update tool detected
Fuzzing	⚠️ 0	project is not fuzzed
License	🟢 10	license file detected
Maintained	🟢 10	30 commit(s) out of 30 and 10 issue activity out of 30 found in the last 90 days -- score normalized to 10
Packaging	⚠️ -1	no published package detected
Pinned-Dependencies	🟢 10	all dependencies are pinned
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Security-Policy	🟢 10	security policy file detected
Signed-Releases	⚠️ -1	no releases found
Token-Permissions	🟢 8	detected GitHub workflow tokens with excessive permissions
Vulnerabilities	⚠️ 0	56 existing vulnerabilities detected

npm/@angular/common

19.1.3

🟢 6.4

Details

Check	Score	Reason
Binary-Artifacts	🟢 10	no binaries found in the repo
Branch-Protection	🟢 6	branch protection is not maximal on development and all release branches
CI-Tests	⚠️ -1	no pull request found
CII-Best-Practices	⚠️ 2	badge detected: InProgress
Code-Review	⚠️ 0	Found 0/30 approved changesets -- score normalized to 0
Contributors	🟢 10	project has 36 contributing companies or organizations
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Dependency-Update-Tool	🟢 10	update tool detected
Fuzzing	🟢 10	project is fuzzed
License	🟢 10	license file detected
Maintained	🟢 10	30 commit(s) and 19 issue activity found in the last 90 days -- score normalized to 10
Packaging	⚠️ -1	packaging workflow not detected
Pinned-Dependencies	🟢 10	all dependencies are pinned
SAST	⚠️ 0	no SAST tool detected
Security-Policy	🟢 10	security policy file detected
Signed-Releases	⚠️ -1	no releases found
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Vulnerabilities	⚠️ 0	73 existing vulnerabilities detected

npm/@angular/compiler

19.1.3

🟢 6.4

Details

Check	Score	Reason
Binary-Artifacts	🟢 10	no binaries found in the repo
Branch-Protection	🟢 6	branch protection is not maximal on development and all release branches
CI-Tests	⚠️ -1	no pull request found
CII-Best-Practices	⚠️ 2	badge detected: InProgress
Code-Review	⚠️ 0	Found 0/30 approved changesets -- score normalized to 0
Contributors	🟢 10	project has 36 contributing companies or organizations
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Dependency-Update-Tool	🟢 10	update tool detected
Fuzzing	🟢 10	project is fuzzed
License	🟢 10	license file detected
Maintained	🟢 10	30 commit(s) and 19 issue activity found in the last 90 days -- score normalized to 10
Packaging	⚠️ -1	packaging workflow not detected
Pinned-Dependencies	🟢 10	all dependencies are pinned
SAST	⚠️ 0	no SAST tool detected
Security-Policy	🟢 10	security policy file detected
Signed-Releases	⚠️ -1	no releases found
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Vulnerabilities	⚠️ 0	73 existing vulnerabilities detected

npm/@angular/core

19.1.3

🟢 6.4

Details

Check	Score	Reason
Binary-Artifacts	🟢 10	no binaries found in the repo
Branch-Protection	🟢 6	branch protection is not maximal on development and all release branches
CI-Tests	⚠️ -1	no pull request found
CII-Best-Practices	⚠️ 2	badge detected: InProgress
Code-Review	⚠️ 0	Found 0/30 approved changesets -- score normalized to 0
Contributors	🟢 10	project has 36 contributing companies or organizations
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Dependency-Update-Tool	🟢 10	update tool detected
Fuzzing	🟢 10	project is fuzzed
License	🟢 10	license file detected
Maintained	🟢 10	30 commit(s) and 19 issue activity found in the last 90 days -- score normalized to 10
Packaging	⚠️ -1	packaging workflow not detected
Pinned-Dependencies	🟢 10	all dependencies are pinned
SAST	⚠️ 0	no SAST tool detected
Security-Policy	🟢 10	security policy file detected
Signed-Releases	⚠️ -1	no releases found
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Vulnerabilities	⚠️ 0	73 existing vulnerabilities detected

npm/@angular/forms

19.1.3

🟢 6.4

Details

Check	Score	Reason
Binary-Artifacts	🟢 10	no binaries found in the repo
Branch-Protection	🟢 6	branch protection is not maximal on development and all release branches
CI-Tests	⚠️ -1	no pull request found
CII-Best-Practices	⚠️ 2	badge detected: InProgress
Code-Review	⚠️ 0	Found 0/30 approved changesets -- score normalized to 0
Contributors	🟢 10	project has 36 contributing companies or organizations
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Dependency-Update-Tool	🟢 10	update tool detected
Fuzzing	🟢 10	project is fuzzed
License	🟢 10	license file detected
Maintained	🟢 10	30 commit(s) and 19 issue activity found in the last 90 days -- score normalized to 10
Packaging	⚠️ -1	packaging workflow not detected
Pinned-Dependencies	🟢 10	all dependencies are pinned
SAST	⚠️ 0	no SAST tool detected
Security-Policy	🟢 10	security policy file detected
Signed-Releases	⚠️ -1	no releases found
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Vulnerabilities	⚠️ 0	73 existing vulnerabilities detected

npm/@angular/material

19.1.1

🟢 7.3

Details

Check	Score	Reason
Binary-Artifacts	🟢 10	no binaries found in the repo
Branch-Protection	🟢 6	branch protection is not maximal on development and all release branches
CI-Tests	🟢 10	27 out of 27 merged PRs checked by a CI test -- score normalized to 10
CII-Best-Practices	⚠️ 2	badge detected: in_progress
Code-Review	🟢 9	found 1 unreviewed changesets out of 28 -- score normalized to 9
Contributors	🟢 10	23 different organizations found -- score normalized to 10
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Dependency-Update-Tool	🟢 10	update tool detected
Fuzzing	⚠️ 0	project is not fuzzed
License	🟢 10	license file detected
Maintained	🟢 10	30 commit(s) out of 30 and 10 issue activity out of 30 found in the last 90 days -- score normalized to 10
Packaging	⚠️ -1	no published package detected
Pinned-Dependencies	🟢 10	all dependencies are pinned
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Security-Policy	🟢 10	security policy file detected
Signed-Releases	⚠️ -1	no releases found
Token-Permissions	🟢 8	detected GitHub workflow tokens with excessive permissions
Vulnerabilities	⚠️ 0	56 existing vulnerabilities detected

npm/@angular/platform-browser

19.1.3

🟢 6.4

Details

Check	Score	Reason
Binary-Artifacts	🟢 10	no binaries found in the repo
Branch-Protection	🟢 6	branch protection is not maximal on development and all release branches
CI-Tests	⚠️ -1	no pull request found
CII-Best-Practices	⚠️ 2	badge detected: InProgress
Code-Review	⚠️ 0	Found 0/30 approved changesets -- score normalized to 0
Contributors	🟢 10	project has 36 contributing companies or organizations
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Dependency-Update-Tool	🟢 10	update tool detected
Fuzzing	🟢 10	project is fuzzed
License	🟢 10	license file detected
Maintained	🟢 10	30 commit(s) and 19 issue activity found in the last 90 days -- score normalized to 10
Packaging	⚠️ -1	packaging workflow not detected
Pinned-Dependencies	🟢 10	all dependencies are pinned
SAST	⚠️ 0	no SAST tool detected
Security-Policy	🟢 10	security policy file detected
Signed-Releases	⚠️ -1	no releases found
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Vulnerabilities	⚠️ 0	73 existing vulnerabilities detected

npm/@angular/platform-browser-dynamic

19.1.3

🟢 6.4

Details

Check	Score	Reason
Binary-Artifacts	🟢 10	no binaries found in the repo
Branch-Protection	🟢 6	branch protection is not maximal on development and all release branches
CI-Tests	⚠️ -1	no pull request found
CII-Best-Practices	⚠️ 2	badge detected: InProgress
Code-Review	⚠️ 0	Found 0/30 approved changesets -- score normalized to 0
Contributors	🟢 10	project has 36 contributing companies or organizations
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Dependency-Update-Tool	🟢 10	update tool detected
Fuzzing	🟢 10	project is fuzzed
License	🟢 10	license file detected
Maintained	🟢 10	30 commit(s) and 19 issue activity found in the last 90 days -- score normalized to 10
Packaging	⚠️ -1	packaging workflow not detected
Pinned-Dependencies	🟢 10	all dependencies are pinned
SAST	⚠️ 0	no SAST tool detected
Security-Policy	🟢 10	security policy file detected
Signed-Releases	⚠️ -1	no releases found
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Vulnerabilities	⚠️ 0	73 existing vulnerabilities detected

npm/@angular/router

19.1.3

🟢 6.4

Details

Check	Score	Reason
Binary-Artifacts	🟢 10	no binaries found in the repo
Branch-Protection	🟢 6	branch protection is not maximal on development and all release branches
CI-Tests	⚠️ -1	no pull request found
CII-Best-Practices	⚠️ 2	badge detected: InProgress
Code-Review	⚠️ 0	Found 0/30 approved changesets -- score normalized to 0
Contributors	🟢 10	project has 36 contributing companies or organizations
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Dependency-Update-Tool	🟢 10	update tool detected
Fuzzing	🟢 10	project is fuzzed
License	🟢 10	license file detected
Maintained	🟢 10	30 commit(s) and 19 issue activity found in the last 90 days -- score normalized to 10
Packaging	⚠️ -1	packaging workflow not detected
Pinned-Dependencies	🟢 10	all dependencies are pinned
SAST	⚠️ 0	no SAST tool detected
Security-Policy	🟢 10	security policy file detected
Signed-Releases	⚠️ -1	no releases found
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Vulnerabilities	⚠️ 0	73 existing vulnerabilities detected

npm/@octokit/openapi-types

23.0.1

🟢 7.1

Details

Check	Score	Reason
Code-Review	🟢 8	Found 6/7 approved changesets -- score normalized to 8
Maintained	🟢 8	9 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 8
Binary-Artifacts	🟢 10	no binaries found in the repo
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Security-Policy	🟢 9	security policy file detected
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Fuzzing	⚠️ 0	project is not fuzzed
License	🟢 10	license file detected
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Vulnerabilities	🟢 10	0 existing vulnerabilities detected
Signed-Releases	⚠️ -1	no releases found
Packaging	🟢 10	packaging workflow detected
SAST	🟢 9	SAST tool detected but not run on all commits
Pinned-Dependencies	🟢 3	dependency not pinned by hash detected -- score normalized to 3

npm/@octokit/types

13.7.0

🟢 6.9

Details

Check	Score	Reason
Code-Review	🟢 10	all changesets reviewed
Security-Policy	🟢 9	security policy file detected
Binary-Artifacts	🟢 10	no binaries found in the repo
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Maintained	🟢 5	5 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 5
Pinned-Dependencies	🟢 3	dependency not pinned by hash detected -- score normalized to 3
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Fuzzing	⚠️ 0	project is not fuzzed
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Packaging	🟢 10	packaging workflow detected
SAST	🟢 10	SAST tool is run on all commits
Vulnerabilities	🟢 8	2 existing vulnerabilities detected

npm/cronstrue

2.53.0

🟢 4

Details

Check	Score	Reason
Code-Review	🟢 3	Found 9/28 approved changesets -- score normalized to 3
Packaging	⚠️ -1	packaging workflow not detected
Maintained	🟢 8	7 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 8
Binary-Artifacts	🟢 10	no binaries found in the repo
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Security-Policy	⚠️ 0	security policy file not detected
License	🟢 10	license file detected
Fuzzing	⚠️ 0	project is not fuzzed
Signed-Releases	⚠️ 0	Project has not signed or included provenance with any releases.
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities	🟢 5	5 existing vulnerabilities detected

npm/highcharts

12.1.2

🟢 3.5

Details

Check	Score	Reason
Packaging	⚠️ -1	packaging workflow not detected
Code-Review	⚠️ 0	Found 1/28 approved changesets -- score normalized to 0
Maintained	🟢 7	9 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 7
Dangerous-Workflow	⚠️ -1	no workflows found
Token-Permissions	⚠️ -1	No tokens found
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Security-Policy	⚠️ 0	security policy file not detected
License	⚠️ 0	license file not detected
Vulnerabilities	🟢 10	0 existing vulnerabilities detected
Signed-Releases	⚠️ -1	no releases found
Binary-Artifacts	🟢 10	no binaries found in the repo
Branch-Protection	⚠️ 0	branch protection not enabled on development/release branches
Pinned-Dependencies	⚠️ -1	no dependencies found
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Fuzzing	⚠️ 0	project is not fuzzed

npm/ng2-charts

8.0.0

🟢 4.2

Details

Check	Score	Reason
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Packaging	⚠️ -1	packaging workflow not detected
Code-Review	⚠️ 0	Found 1/16 approved changesets -- score normalized to 0
Maintained	🟢 10	14 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
Binary-Artifacts	🟢 10	no binaries found in the repo
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Pinned-Dependencies	⚠️ 2	dependency not pinned by hash detected -- score normalized to 2
License	🟢 10	license file detected
Fuzzing	⚠️ 0	project is not fuzzed
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Signed-Releases	⚠️ 0	Project has not signed or included provenance with any releases.
Security-Policy	⚠️ 0	security policy file not detected
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities	🟢 7	3 existing vulnerabilities detected

npm/zone.js

0.15.0

🟢 6.4

Details

Check	Score	Reason
Binary-Artifacts	🟢 10	no binaries found in the repo
Branch-Protection	🟢 6	branch protection is not maximal on development and all release branches
CI-Tests	⚠️ -1	no pull request found
CII-Best-Practices	⚠️ 2	badge detected: InProgress
Code-Review	⚠️ 0	Found 0/30 approved changesets -- score normalized to 0
Contributors	🟢 10	project has 36 contributing companies or organizations
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Dependency-Update-Tool	🟢 10	update tool detected
Fuzzing	🟢 10	project is fuzzed
License	🟢 10	license file detected
Maintained	🟢 10	30 commit(s) and 19 issue activity found in the last 90 days -- score normalized to 10
Packaging	⚠️ -1	packaging workflow not detected
Pinned-Dependencies	🟢 10	all dependencies are pinned
SAST	⚠️ 0	no SAST tool detected
Security-Policy	🟢 10	security policy file detected
Signed-Releases	⚠️ -1	no releases found
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Vulnerabilities	⚠️ 0	73 existing vulnerabilities detected

npm/@angular/animations

^19.1.3

🟢 6.4

Details

Check	Score	Reason
Binary-Artifacts	🟢 10	no binaries found in the repo
Branch-Protection	🟢 6	branch protection is not maximal on development and all release branches
CI-Tests	⚠️ -1	no pull request found
CII-Best-Practices	⚠️ 2	badge detected: InProgress
Code-Review	⚠️ 0	Found 0/30 approved changesets -- score normalized to 0
Contributors	🟢 10	project has 36 contributing companies or organizations
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Dependency-Update-Tool	🟢 10	update tool detected
Fuzzing	🟢 10	project is fuzzed
License	🟢 10	license file detected
Maintained	🟢 10	30 commit(s) and 19 issue activity found in the last 90 days -- score normalized to 10
Packaging	⚠️ -1	packaging workflow not detected
Pinned-Dependencies	🟢 10	all dependencies are pinned
SAST	⚠️ 0	no SAST tool detected
Security-Policy	🟢 10	security policy file detected
Signed-Releases	⚠️ -1	no releases found
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Vulnerabilities	⚠️ 0	73 existing vulnerabilities detected

npm/@angular/cdk

^19.1.1

🟢 7.3

Details

Check	Score	Reason
Binary-Artifacts	🟢 10	no binaries found in the repo
Branch-Protection	🟢 6	branch protection is not maximal on development and all release branches
CI-Tests	🟢 10	27 out of 27 merged PRs checked by a CI test -- score normalized to 10
CII-Best-Practices	⚠️ 2	badge detected: in_progress
Code-Review	🟢 9	found 1 unreviewed changesets out of 28 -- score normalized to 9
Contributors	🟢 10	23 different organizations found -- score normalized to 10
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Dependency-Update-Tool	🟢 10	update tool detected
Fuzzing	⚠️ 0	project is not fuzzed
License	🟢 10	license file detected
Maintained	🟢 10	30 commit(s) out of 30 and 10 issue activity out of 30 found in the last 90 days -- score normalized to 10
Packaging	⚠️ -1	no published package detected
Pinned-Dependencies	🟢 10	all dependencies are pinned
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Security-Policy	🟢 10	security policy file detected
Signed-Releases	⚠️ -1	no releases found
Token-Permissions	🟢 8	detected GitHub workflow tokens with excessive permissions
Vulnerabilities	⚠️ 0	56 existing vulnerabilities detected

npm/@angular/common

^19.1.3

🟢 6.4

Details

Check	Score	Reason
Binary-Artifacts	🟢 10	no binaries found in the repo
Branch-Protection	🟢 6	branch protection is not maximal on development and all release branches
CI-Tests	⚠️ -1	no pull request found
CII-Best-Practices	⚠️ 2	badge detected: InProgress
Code-Review	⚠️ 0	Found 0/30 approved changesets -- score normalized to 0
Contributors	🟢 10	project has 36 contributing companies or organizations
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Dependency-Update-Tool	🟢 10	update tool detected
Fuzzing	🟢 10	project is fuzzed
License	🟢 10	license file detected
Maintained	🟢 10	30 commit(s) and 19 issue activity found in the last 90 days -- score normalized to 10
Packaging	⚠️ -1	packaging workflow not detected
Pinned-Dependencies	🟢 10	all dependencies are pinned
SAST	⚠️ 0	no SAST tool detected
Security-Policy	🟢 10	security policy file detected
Signed-Releases	⚠️ -1	no releases found
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Vulnerabilities	⚠️ 0	73 existing vulnerabilities detected

npm/@angular/compiler

^19.1.3

🟢 6.4

Details

Check	Score	Reason
Binary-Artifacts	🟢 10	no binaries found in the repo
Branch-Protection	🟢 6	branch protection is not maximal on development and all release branches
CI-Tests	⚠️ -1	no pull request found
CII-Best-Practices	⚠️ 2	badge detected: InProgress
Code-Review	⚠️ 0	Found 0/30 approved changesets -- score normalized to 0
Contributors	🟢 10	project has 36 contributing companies or organizations
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Dependency-Update-Tool	🟢 10	update tool detected
Fuzzing	🟢 10	project is fuzzed
License	🟢 10	license file detected
Maintained	🟢 10	30 commit(s) and 19 issue activity found in the last 90 days -- score normalized to 10
Packaging	⚠️ -1	packaging workflow not detected
Pinned-Dependencies	🟢 10	all dependencies are pinned
SAST	⚠️ 0	no SAST tool detected
Security-Policy	🟢 10	security policy file detected
Signed-Releases	⚠️ -1	no releases found
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Vulnerabilities	⚠️ 0	73 existing vulnerabilities detected

npm/@angular/core

^19.1.3

🟢 6.4

Details

Check	Score	Reason
Binary-Artifacts	🟢 10	no binaries found in the repo
Branch-Protection	🟢 6	branch protection is not maximal on development and all release branches
CI-Tests	⚠️ -1	no pull request found
CII-Best-Practices	⚠️ 2	badge detected: InProgress
Code-Review	⚠️ 0	Found 0/30 approved changesets -- score normalized to 0
Contributors	🟢 10	project has 36 contributing companies or organizations
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Dependency-Update-Tool	🟢 10	update tool detected
Fuzzing	🟢 10	project is fuzzed
License	🟢 10	license file detected
Maintained	🟢 10	30 commit(s) and 19 issue activity found in the last 90 days -- score normalized to 10
Packaging	⚠️ -1	packaging workflow not detected
Pinned-Dependencies	🟢 10	all dependencies are pinned
SAST	⚠️ 0	no SAST tool detected
Security-Policy	🟢 10	security policy file detected
Signed-Releases	⚠️ -1	no releases found
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Vulnerabilities	⚠️ 0	73 existing vulnerabilities detected

npm/@angular/forms

^19.1.3

🟢 6.4

Details

Check	Score	Reason
Binary-Artifacts	🟢 10	no binaries found in the repo
Branch-Protection	🟢 6	branch protection is not maximal on development and all release branches
CI-Tests	⚠️ -1	no pull request found
CII-Best-Practices	⚠️ 2	badge detected: InProgress
Code-Review	⚠️ 0	Found 0/30 approved changesets -- score normalized to 0
Contributors	🟢 10	project has 36 contributing companies or organizations
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Dependency-Update-Tool	🟢 10	update tool detected
Fuzzing	🟢 10	project is fuzzed
License	🟢 10	license file detected
Maintained	🟢 10	30 commit(s) and 19 issue activity found in the last 90 days -- score normalized to 10
Packaging	⚠️ -1	packaging workflow not detected
Pinned-Dependencies	🟢 10	all dependencies are pinned
SAST	⚠️ 0	no SAST tool detected
Security-Policy	🟢 10	security policy file detected
Signed-Releases	⚠️ -1	no releases found
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Vulnerabilities	⚠️ 0	73 existing vulnerabilities detected

npm/@angular/material

^19.1.1

🟢 7.3

Details

Check	Score	Reason
Binary-Artifacts	🟢 10	no binaries found in the repo
Branch-Protection	🟢 6	branch protection is not maximal on development and all release branches
CI-Tests	🟢 10	27 out of 27 merged PRs checked by a CI test -- score normalized to 10
CII-Best-Practices	⚠️ 2	badge detected: in_progress
Code-Review	🟢 9	found 1 unreviewed changesets out of 28 -- score normalized to 9
Contributors	🟢 10	23 different organizations found -- score normalized to 10
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Dependency-Update-Tool	🟢 10	update tool detected
Fuzzing	⚠️ 0	project is not fuzzed
License	🟢 10	license file detected
Maintained	🟢 10	30 commit(s) out of 30 and 10 issue activity out of 30 found in the last 90 days -- score normalized to 10
Packaging	⚠️ -1	no published package detected
Pinned-Dependencies	🟢 10	all dependencies are pinned
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Security-Policy	🟢 10	security policy file detected
Signed-Releases	⚠️ -1	no releases found
Token-Permissions	🟢 8	detected GitHub workflow tokens with excessive permissions
Vulnerabilities	⚠️ 0	56 existing vulnerabilities detected

npm/@angular/platform-browser

^19.1.3

🟢 6.4

Details

Check	Score	Reason
Binary-Artifacts	🟢 10	no binaries found in the repo
Branch-Protection	🟢 6	branch protection is not maximal on development and all release branches
CI-Tests	⚠️ -1	no pull request found
CII-Best-Practices	⚠️ 2	badge detected: InProgress
Code-Review	⚠️ 0	Found 0/30 approved changesets -- score normalized to 0
Contributors	🟢 10	project has 36 contributing companies or organizations
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Dependency-Update-Tool	🟢 10	update tool detected
Fuzzing	🟢 10	project is fuzzed
License	🟢 10	license file detected
Maintained	🟢 10	30 commit(s) and 19 issue activity found in the last 90 days -- score normalized to 10
Packaging	⚠️ -1	packaging workflow not detected
Pinned-Dependencies	🟢 10	all dependencies are pinned
SAST	⚠️ 0	no SAST tool detected
Security-Policy	🟢 10	security policy file detected
Signed-Releases	⚠️ -1	no releases found
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Vulnerabilities	⚠️ 0	73 existing vulnerabilities detected

npm/@angular/platform-browser-dynamic

^19.1.3

🟢 6.4

Details

Check	Score	Reason
Binary-Artifacts	🟢 10	no binaries found in the repo
Branch-Protection	🟢 6	branch protection is not maximal on development and all release branches
CI-Tests	⚠️ -1	no pull request found
CII-Best-Practices	⚠️ 2	badge detected: InProgress
Code-Review	⚠️ 0	Found 0/30 approved changesets -- score normalized to 0
Contributors	🟢 10	project has 36 contributing companies or organizations
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Dependency-Update-Tool	🟢 10	update tool detected
Fuzzing	🟢 10	project is fuzzed
License	🟢 10	license file detected
Maintained	🟢 10	30 commit(s) and 19 issue activity found in the last 90 days -- score normalized to 10
Packaging	⚠️ -1	packaging workflow not detected
Pinned-Dependencies	🟢 10	all dependencies are pinned
SAST	⚠️ 0	no SAST tool detected
Security-Policy	🟢 10	security policy file detected
Signed-Releases	⚠️ -1	no releases found
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Vulnerabilities	⚠️ 0	73 existing vulnerabilities detected

npm/@angular/router

^19.1.3

🟢 6.4

Details

Check	Score	Reason
Binary-Artifacts	🟢 10	no binaries found in the repo
Branch-Protection	🟢 6	branch protection is not maximal on development and all release branches
CI-Tests	⚠️ -1	no pull request found
CII-Best-Practices	⚠️ 2	badge detected: InProgress
Code-Review	⚠️ 0	Found 0/30 approved changesets -- score normalized to 0
Contributors	🟢 10	project has 36 contributing companies or organizations
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Dependency-Update-Tool	🟢 10	update tool detected
Fuzzing	🟢 10	project is fuzzed
License	🟢 10	license file detected
Maintained	🟢 10	30 commit(s) and 19 issue activity found in the last 90 days -- score normalized to 10
Packaging	⚠️ -1	packaging workflow not detected
Pinned-Dependencies	🟢 10	all dependencies are pinned
SAST	⚠️ 0	no SAST tool detected
Security-Policy	🟢 10	security policy file detected
Signed-Releases	⚠️ -1	no releases found
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Vulnerabilities	⚠️ 0	73 existing vulnerabilities detected

npm/@octokit/types

^13.7.0

🟢 6.9

Details

Check	Score	Reason
Code-Review	🟢 10	all changesets reviewed
Security-Policy	🟢 9	security policy file detected
Binary-Artifacts	🟢 10	no binaries found in the repo
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Maintained	🟢 5	5 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 5
Pinned-Dependencies	🟢 3	dependency not pinned by hash detected -- score normalized to 3
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Fuzzing	⚠️ 0	project is not fuzzed
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Packaging	🟢 10	packaging workflow detected
SAST	🟢 10	SAST tool is run on all commits
Vulnerabilities	🟢 8	2 existing vulnerabilities detected

npm/cronstrue

^2.53.0

🟢 4

Details

Check	Score	Reason
Code-Review	🟢 3	Found 9/28 approved changesets -- score normalized to 3
Packaging	⚠️ -1	packaging workflow not detected
Maintained	🟢 8	7 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 8
Binary-Artifacts	🟢 10	no binaries found in the repo
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Security-Policy	⚠️ 0	security policy file not detected
License	🟢 10	license file detected
Fuzzing	⚠️ 0	project is not fuzzed
Signed-Releases	⚠️ 0	Project has not signed or included provenance with any releases.
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities	🟢 5	5 existing vulnerabilities detected

npm/highcharts

^12.1.2

🟢 3.5

Details

Check	Score	Reason
Packaging	⚠️ -1	packaging workflow not detected
Code-Review	⚠️ 0	Found 1/28 approved changesets -- score normalized to 0
Maintained	🟢 7	9 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 7
Dangerous-Workflow	⚠️ -1	no workflows found
Token-Permissions	⚠️ -1	No tokens found
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Security-Policy	⚠️ 0	security policy file not detected
License	⚠️ 0	license file not detected
Vulnerabilities	🟢 10	0 existing vulnerabilities detected
Signed-Releases	⚠️ -1	no releases found
Binary-Artifacts	🟢 10	no binaries found in the repo
Branch-Protection	⚠️ 0	branch protection not enabled on development/release branches
Pinned-Dependencies	⚠️ -1	no dependencies found
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Fuzzing	⚠️ 0	project is not fuzzed

npm/ng2-charts

^8.0.0

🟢 4.2

Details

Check	Score	Reason
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Packaging	⚠️ -1	packaging workflow not detected
Code-Review	⚠️ 0	Found 1/16 approved changesets -- score normalized to 0
Maintained	🟢 10	14 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
Binary-Artifacts	🟢 10	no binaries found in the repo
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Pinned-Dependencies	⚠️ 2	dependency not pinned by hash detected -- score normalized to 2
License	🟢 10	license file detected
Fuzzing	⚠️ 0	project is not fuzzed
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Signed-Releases	⚠️ 0	Project has not signed or included provenance with any releases.
Security-Policy	⚠️ 0	security policy file not detected
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities	🟢 7	3 existing vulnerabilities detected

Scanned Files

frontend/package-lock.json
frontend/package.json

dependabot · 2025-02-03T20:49:06Z

Superseded by #117.

dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Jan 27, 2025

dependabot bot mentioned this pull request Jan 27, 2025

Bump the production-dependencies group across 1 directory with 14 updates #112

Closed

dependabot bot closed this Feb 3, 2025

dependabot bot deleted the dependabot/npm_and_yarn/frontend/production-dependencies-a4520d4cb4 branch February 3, 2025 20:49

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump the production-dependencies group across 1 directory with 14 updates #114

Bump the production-dependencies group across 1 directory with 14 updates #114

dependabot bot commented on behalf of github Jan 27, 2025 •

edited

Loading

github-actions bot commented Jan 27, 2025

dependabot bot commented on behalf of github Feb 3, 2025

Commit	Description
	extract parenthesized dependencies during HMR (#59644)
	handle conditional expressions when extracting dependencies (#59637)
	handle new expressions when extracting dependencies (#59637)

Commit	Description
	capture self-referencing component during HMR (#59644)
	replace metadata in place during HMR (#59644)
	skip component ID collision warning during SSR (#59625)

Commit	Description
	animation sometimes renderer not being destroyed during HMR (#59574)
	change `Resource` to use explicit `undefined` in its typings (#59024)
	cleanup `_ejsa` when app is destroyed (#59492)
	cleanup stash listener when app is destroyed (#59598)
	handle shadow DOM encapsulated component with HMR (#59597)
	HMR not matching component that injects ViewContainerRef (#59596)
	treat exceptions in `equal` as part of computation (#55818)

Commit	Type	Description
53160e504d	fix	extract parenthesized dependencies during HMR (#59644)
39690969af	fix	handle conditional expressions when extracting dependencies (#59637)
78af7a5059	fix	handle new expressions when extracting dependencies (#59637)

Commit	Type	Description
408af24ff3	fix	capture self-referencing component during HMR (#59644)
d7575c201c	fix	replace metadata in place during HMR (#59644)
26f6d4c485	fix	skip component ID collision warning during SSR (#59625)

Commit	Type	Description
a4eb74c79c	fix	animation sometimes renderer not being destroyed during HMR (#59574)
906413aba3	fix	change `Resource` to use explicit `undefined` in its typings (#59024)
4eb541837c	fix	cleanup `_ejsa` when app is destroyed (#59492)
5497102769	fix	cleanup stash listener when app is destroyed (#59598)
266a8f2f2e	fix	handle shadow DOM encapsulated component with HMR (#59597)
6f7716268a	fix	HMR not matching component that injects ViewContainerRef (#59596)
d12a186d53	fix	treat exceptions in `equal` as part of computation (#55818)

Commit	Description
	autocomplete: fix initial render logic (#30348)
	chips: fix chip blur timing (#30347)
	expansion: inherit shape for focus indicator (#30352)

Commit	Description
	column-resize: Support column size persistance hooks (#30136)
	column-resize: Previous size was being sent for persistance rather than newly updated size in non-live resize mode. (#30161)

Commit	Description
	schematics: Add CSS output to custom theme schematic (#30004)
	api-theme: fix nav items hover/focus contrast (#1004)
	checkbox: ensure focus indicator has the correct shape (#30332)
	docs: change twitter logo (#1245)
	menu: lazy content not detached after animation (#30301)
	select: match disabled placeholder color with label (#29870)
	select: remove color transition w/ no animations module (#30304)
	slider: active vs inactive tick mark count (#30319)
	slider: tick mark positioning (#30329)
	sort: avoid center align for sort header
	tabs: tab nav bar animation not working when navigating forwards (#30313)
	theme: unselected theme picker
	tooltip: deprecate matTooltipAnimations (#30310)
	button: Remove unused inject. (#30320)
	table: Optimize expensive css selector (#30305)
	tooltip: Use afterNextRender to invoke aria describer to align layout updates with other components using afterNextRender. (#30265)

Commit	Type	Description
5c4421641	fix	autocomplete: fix initial render logic (#30348)
db3895cf1	fix	chips: fix chip blur timing (#30347)
09d7476d9	fix	expansion: inherit shape for focus indicator (#30352)

Commit	Type	Description
44c7320653	feat	schematics: Add option to customize colors for neutral variant and error palettes (#30321)
1e5663636e	fix	stepper: switch away from animations module (#30314)
0eb9012777	fix	tabs: switch away from animations module (#30281)
e5c3ddfb0b	fix	timepicker: adds default aria-label to timepicker toggle (#30284)

Commit	Type	Description
62a672af0d	feat	dialog: expose cdk dialog docs (#1144)
a0a16fc70e	feat	menu: expose cdk menu docs (#1142)
2be0afcfb5	fix	menu: avoid resetting the scroll position when using the mouse (#30249)
e421765d8d	fix	menu: not responding to position changes (#30234)
5c75bbecb2	fix	scrolling: avoid SSR error in CdkVirtualScrollableWindow (#30259)
d721f0c2bc	perf	table: Use afterNextRender for sticky styling. Fixes a performance regression dating back to #28393 and removes need for coalesced sticky styler. (#30242)

Commit	Type	Description
f47f5f9a1e	feat	schematics: Add CSS output to custom theme schematic (#30004)
057ed370aa	fix	api-theme: fix nav items hover/focus contrast (#1004)
5138fe7b38	fix	checkbox: ensure focus indicator has the correct shape (#30332)
3163040850	fix	docs: change twitter logo (#1245)
781e91e798	fix	menu: lazy content not detached after animation (#30301)
a3d9e4b45d	fix	select: match disabled placeholder color with label (#29870)
027c3ad267	fix	select: remove color transition w/ no animations module (#30304)
4f676d4030	fix	slider: active vs inactive tick mark count (#30319)
eae073032c	fix	slider: tick mark positioning (#30329)
0c099ff024	fix	sort: avoid center align for sort header

Bump the production-dependencies group across 1 directory with 14 updates #114

Bump the production-dependencies group across 1 directory with 14 updates #114

Conversation

dependabot bot commented on behalf of github Jan 27, 2025 • edited Loading

v19.1.3

19.1.3 (2025-01-22)

compiler

compiler-cli

core

migrations

platform-browser

v19.1.2

19.1.2 (2025-01-20)

compiler

compiler-cli

core

19.1.3 (2025-01-22)

compiler

compiler-cli

core

migrations

platform-browser

19.1.2 (2025-01-20)

compiler

compiler-cli

core

v19.1.1

19.1.1 "lanthanum-labrador" (2025-01-22)

material

cdk

v19.1.0

19.1.0 "denim-firefly" (2025-01-16)

material-luxon-adapter

material-experimental

cdk-experimental

material

cdk

19.1.1 "lanthanum-labrador" (2025-01-22)

cdk

material

19.2.0-next.0 "bronze-baguette" (2025-01-16)

material

19.1.0 "denim-firefly" (2025-01-16)

cdk

material

v19.1.3

19.1.3 (2025-01-22)

compiler

compiler-cli

core

migrations

platform-browser

v19.1.2

19.1.2 (2025-01-20)

compiler

compiler-cli

core

19.1.3 (2025-01-22)

compiler

compiler-cli

core

migrations

platform-browser

19.1.2 (2025-01-20)

compiler

compiler-cli

core

v19.1.3

19.1.3 (2025-01-22)

compiler

compiler-cli

core

migrations

platform-browser

v19.1.2

19.1.2 (2025-01-20)

compiler

compiler-cli

core

github-actions bot commented Jan 27, 2025

dependabot bot commented on behalf of github Jan 27, 2025 •

edited

Loading