Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

chore(deps): update dependency sass to v1.80.3 #8562

Merged
merged 1 commit into from
Oct 28, 2024
Merged

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Oct 28, 2024

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
sass 1.77.8 -> 1.80.3 age adoption passing confidence

Release Notes

sass/dart-sass (sass)

v1.80.3

Compare Source

  • Fix a bug where @import url("...") would crash in plain CSS files.

  • Improve consistency of how warnings are emitted by different parts of the
    compiler. This should result in minimal user-visible changes, but different
    types of warnings should now respond more reliably to flags like --quiet,
    --verbose, and --silence-deprecation.

v1.80.2

Compare Source

  • Fix a bug where deprecation warnings were incorrectly emitted for the
    plain-CSS invert() function.

v1.80.1

Compare Source

  • Fix a bug where repeated deprecation warnings were not automatically limited.

v1.80.0

Compare Source

  • @import is now officially deprecated, as are global built-in functions that
    are available within built-in modules. See the Sass blog post for more
    details on the deprecation process.
Embedded Host
  • Fix an error that would sometimes occur when deprecation warnings were
    emitted when using a custom importer with the legacy API.

v1.79.6

Compare Source

  • Fix a bug where Sass would add an extra */ after loud comments with
    whitespace after an explicit */ in the indented syntax.

  • Potentially breaking bug fix: Adding text after an explicit */ in the
    indented syntax is now an error, rather than silently generating invalid CSS.

Embedded Host
  • Properly export the SassBoolean type.

v1.79.5

Compare Source

  • Changes to how selector.unify() and @extend combine selectors:

    • The relative order of pseudo-classes (like :hover) and pseudo-elements
      (like ::before) within each original selector is now preserved when
      they're combined.

    • Pseudo selectors are now consistently placed at the end of the combined
      selector, regardless of which selector they came from. Previously, this
      reordering only applied to pseudo-selectors in the second selector.

  • Tweak the color transformation matrices for OKLab and OKLCH to match the
    newer, more accurate values in the CSS spec.

  • Fix a slight inaccuracy case when converting to srgb-linear and
    display-p3.

  • Potentially breaking bug fix: math.unit() now wraps multiple denominator
    units in parentheses. For example, px/(em*em) instead of px/em*em.

Command-Line Interface
  • Use @parcel/watcher to watch the filesystem when running from JavaScript and
    not using --poll. This should mitigate more frequent failures users have
    been seeing since version 4.0.0 of Chokidar, our previous watching tool, was
    released.
JS API
  • Fix SassColor.interpolate() to allow an undefined options parameter, as
    the types indicate.
Embedded Sass
  • Properly pass missing color channel values to and from custom functions.

v1.79.4

Compare Source

JS API
  • Fix a bug where passing green or blue to color.change() for legacy
    colors would fail.

v1.79.3

Compare Source

  • Update the $channel parameter in the suggested replacement for
    color.red(), color.green(), color.blue(), color.hue(),
    color.saturation(), color.lightness(), color.whiteness(), and
    color.blackness() to use a quoted string.

v1.79.2

Compare Source

  • Add a $space parameter to the suggested replacement for color.red(),
    color.green(), color.blue(), color.hue(), color.saturation(),
    color.lightness(), color.whiteness(), and color.blackness().

  • Update deprecation warnings for the legacy JS API to include a link to
    relevant documentation.

v1.79.1

Compare Source

  • No user-visible changes.

v1.79.0

Compare Source

  • Breaking change: Passing a number with unit % to the $alpha parameter
    of color.change(), color.adjust(), change-color(), and adjust-color()
    is now interpreted as a percentage, instead of ignoring the unit. For example,
    color.change(red, $alpha: 50%) now returns rgb(255 0 0 / 0.5).

  • Potentially breaking compatibility fix: Sass no longer rounds RGB channels
    to the nearest integer. This means that, for example, rgb(0 0 1) != rgb(0 0 0.6). This matches the latest version of the CSS spec and browser behavior.

  • Potentially breaking compatibility fix: Passing large positive or negative
    values to color.adjust() can now cause a color's channels to go outside that
    color's gamut. In most cases this will currently be clipped by the browser and
    end up showing the same color as before, but once browsers implement gamut
    mapping it may produce a different result.

  • Add support for CSS Color Level 4 color spaces. Each color value now tracks
    its color space along with the values of each channel in that color space.
    There are two general principles to keep in mind when dealing with new color
    spaces:

    1. With the exception of legacy color spaces (rgb, hsl, and hwb), colors
      will always be emitted in the color space they were defined in unless
      they're explicitly converted.

    2. The color.to-space() function is the only way to convert a color to
      another color space. Some built-in functions may do operations in a
      different color space, but they'll always convert back to the original space
      afterwards.

  • rgb colors can now have non-integer channels and channels outside the normal
    gamut of 0-255. These colors are always emitted using the rgb() syntax so
    that modern browsers that are being displayed on wide-gamut devices can
    display the most accurate color possible.

  • Add support for all the new color syntax defined in Color Level 4, including:

    • oklab(), oklch(), lab(), and lch() functions;
    • a top-level hwb() function that matches the space-separated CSS syntax;
    • and a color() function that supports the srgb, srgb-linear,
      display-p3, a98-rgb, prophoto-rgb, rec2020, xyz, xyz-d50, and
      xyz-d65 color spaces.
  • Add new functions for working with color spaces:

    • color.to-space($color, $space) converts $color to the given $space. In
      most cases this conversion is lossless—the color may end up out-of-gamut for
      the destination color space, but browsers will generally display it as best
      they can regardless. However, the hsl and hwb spaces can't represent
      out-of-gamut colors and so will be clamped.

    • color.channel($color, $channel, $space: null) returns the value of the
      given $channel in $color, after converting it to $space if necessary.
      It should be used instead of the old channel-specific functions such as
      color.red() and color.hue().

    • color.same($color1, $color2) returns whether two colors represent the same
      color even across color spaces. It differs from $color1 == $color2 because
      == never consider colors in different (non-legacy) spaces as equal.

    • color.is-in-gamut($color, $space: null) returns whether $color is
      in-gamut for its color space (or $space if it's passed).

    • color.to-gamut($color, $space: null) returns $color constrained to its
      space's gamut (or to $space's gamut, if passed). This is generally not
      recommended since even older browsers will display out-of-gamut colors as
      best they can, but it may be necessary in some cases.

    • color.space($color): Returns the name of $color's color space.

    • color.is-legacy($color): Returns whether $color is in a legacy color
      space (rgb, hsl, or hwb).

    • color.is-powerless($color, $channel, $space: null): Returns whether the
      given $channel of $color is powerless in $space (or its own color
      space). A channel is "powerless" if its value doesn't affect the way the
      color is displayed, such as hue for a color with 0 chroma.

    • color.is-missing($color, $channel): Returns whether $channel's value is
      missing in $color. Missing channels can be explicitly specified using the
      special value none and can appear automatically when color.to-space()
      returns a color with a powerless channel. Missing channels are usually
      treated as 0, except when interpolating between two colors and in
      color.mix() where they're treated as the same value as the other color.

  • Update existing functions to support color spaces:

    • hsl() and color.hwb() no longer forbid out-of-bounds values. Instead,
      they follow the CSS spec by clamping them to within the allowed range.

    • color.change(), color.adjust(), and color.scale() now support all
      channels of all color spaces. However, if you want to modify a channel
      that's not in $color's own color space, you have to explicitly specify the
      space with the $space parameter. (For backwards-compatibility, this
      doesn't apply to legacy channels of legacy colors—for example, you can still
      adjust an rgb color's saturation without passing $space: hsl).

    • color.mix() and color.invert() now support the standard CSS algorithm
      for interpolating between two colors (the same one that's used for gradients
      and animations). To use this, pass the color space to use for interpolation
      to the $method parameter. For polar color spaces like hsl and oklch,
      this parameter also allows you to specify how hue interpolation is handled.

    • color.complement() now supports a $space parameter that indicates which
      color space should be used to take the complement.

    • color.grayscale() now operates in the oklch space for non-legacy colors.

    • color.ie-hex-str() now automatically converts its color to the rgb space
      and gamut-maps it so that it can continue to take colors from any color
      space.

  • The following functions are now deprecated, and uses should be replaced with
    the new color-space-aware functions defined above:

    • The color.red(), color.green(), color.blue(), color.hue(),
      color.saturation(), color.lightness(), color.whiteness(), and
      color.blackness() functions, as well as their global counterparts, should
      be replaced with calls to color.channel().

    • The global adjust-hue(), saturate(), desaturate(), lighten(),
      darken(), transaprentize(), fade-out(), opacify(), and fade-in()
      functions should be replaced by color.adjust() or color.scale().

  • Add a global-builtin future deprecation, which can be opted-into with the
    --future-deprecation flag or the futureDeprecations option in the JS or
    Dart API. This emits warnings when any global built-in functions that are
    now available in sass: modules are called. It will become active by default
    in an upcoming release alongside the @import deprecation.

Dart API
  • Added a ColorSpace class which represents the various color spaces defined
    in the CSS spec.

  • Added SassColor.space which returns a color's color space.

  • Added SassColor.channels and .channelsOrNull which returns a list
    of channel values, with missing channels converted to 0 or exposed as null,
    respectively.

  • Added SassColor.isLegacy, .isInGamut, .channel(), .isChannelMissing(),
    .isChannelPowerless(), .toSpace(), .toGamut(), .changeChannels(), and
    .interpolate() which do the same thing as the Sass functions of the
    corresponding names.

  • SassColor.rgb() now allows out-of-bounds and non-integer arguments.

  • SassColor.hsl() and .hwb() now allow out-of-bounds arguments.

  • Added SassColor.hwb(), .srgb(), .srgbLinear(), .displayP3(),
    .a98Rgb(), .prophotoRgb(), .rec2020(), .xyzD50(), .xyzD65(),
    .lab(), .lch(), .oklab(), .oklch(), and .forSpace() constructors.

  • Deprecated SassColor.red, .green, .blue, .hue, .saturation,
    .lightness, .whiteness, and .blackness in favor of
    SassColor.channel().

  • Deprecated SassColor.changeRgb(), .changeHsl(), and .changeHwb() in
    favor of SassColor.changeChannels().

  • Added SassNumber.convertValueToUnit() as a shorthand for
    SassNumber.convertValue() with a single numerator.

  • Added InterpolationMethod and HueInterpolationMethod which collectively
    represent the method to use to interpolate two colors.

JS API
  • While the legacy API has been deprecated since we released the modern API, we
    now emit warnings when the legacy API is used to make sure users are aware
    that it will be removed in Dart Sass 2.0.0. In the meantime, you can silence
    these warnings by passing legacy-js-api in silenceDeprecations when using
    the legacy API.

  • Modify SassColor to accept a new space option, with support for all the
    new color spaces defined in Color Level 4.

  • Add SassColor.space which returns a color's color space.

  • Add SassColor.channels and .channelsOrNull which returns a list of channel
    values, with missing channels converted to 0 or exposed as null, respectively.

  • Add SassColor.isLegacy, .isInGamut(), .channel(), .isChannelMissing(),
    .isChannelPowerless(), .toSpace(), .toGamut(), .change(), and
    .interpolate() which do the same thing as the Sass functions of the
    corresponding names.

  • Deprecate SassColor.red, .green, .blue, .hue, .saturation,
    .lightness, .whiteness, and .blackness in favor of
    SassColor.channel().

Embedded Sass
  • Add Color SassScript value, with support for all the new color spaces
    defined in Color Level 4.

  • Remove RgbColor, HslColor and HwbColor SassScript values.

v1.78.0

Compare Source

  • The meta.feature-exists function is now deprecated. This deprecation is
    named feature-exists.

  • Fix a crash when using @at-root without any queries or children in the
    indented syntax.

JS API
  • Backport the deprecation options (fatalDeprecations, futureDeprecations,
    and silenceDeprecations) to the legacy JS API. The legacy JS API is itself
    deprecated, and you should move off of it if possible, but this will allow
    users of bundlers and other tools that are still using the legacy API to
    still control deprecation warnings.

  • Fix a bug where accessing SourceSpan.url would crash when a relative URL was
    passed to the Sass API.

Embedded Sass
  • Explicitly expose a sass executable from the sass-embedded npm package.
    This was intended to be included in 1.63.0, but due to the way
    platform-specific dependency executables are installed it did not work as
    intended. Now users can run npx sass for local installs or just sass when
    sass-embedded is installed globally.

  • Add linux-riscv64, linux-musl-riscv64, and android-riscv64 support for the
    sass-embedded npm package.

  • Fix an edge case where the Dart VM could hang when shutting down when requests
    were in flight.

  • Fix a race condition where the embedded host could fail to shut down if it was
    closed around the same time a new compilation was started.

  • Fix a bug where parse-time deprecation warnings could not be controlled by
    the deprecation options in some circumstances.


Configuration

📅 Schedule: Branch creation - "after 7pm every weekday,before 5am every weekday" in timezone Europe/Madrid, Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.


  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate bot enabled auto-merge (squash) October 28, 2024 22:01
Copy link

vercel bot commented Oct 28, 2024

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name Status Preview Comments Updated (UTC)
unleash-monorepo-frontend ✅ Ready (Inspect) Visit Preview 💬 Add feedback Oct 28, 2024 10:04pm
1 Skipped Deployment
Name Status Preview Comments Updated (UTC)
unleash-docs ⬜️ Ignored (Inspect) Visit Preview Oct 28, 2024 10:04pm

Copy link
Contributor

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

Scorecard details
PackageVersionScoreDetails
npm/sass 1.80.3 🟢 4.9
Details
CheckScoreReason
Code-Review🟢 10all changesets reviewed
Maintained🟢 1030 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Branch-Protection⚠️ 0branch protection not enabled on development/release branches
Signed-Releases⚠️ 0Project has not signed or included provenance with any releases.
Binary-Artifacts🟢 10no binaries found in the repo
Security-Policy⚠️ 0security policy file not detected
Vulnerabilities🟢 100 existing vulnerabilities detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Packaging⚠️ -1packaging workflow not detected
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Fuzzing⚠️ 0project is not fuzzed
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
npm/@parcel/watcher 2.4.1 🟢 3.3
Details
CheckScoreReason
Code-Review⚠️ 1Found 4/30 approved changesets -- score normalized to 1
Maintained🟢 30 commit(s) and 4 issue activity found in the last 90 days -- score normalized to 3
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Packaging⚠️ -1packaging workflow not detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Binary-Artifacts🟢 7binaries present in source code
Security-Policy⚠️ 0security policy file not detected
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Fuzzing⚠️ 0project is not fuzzed
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities🟢 46 existing vulnerabilities detected
npm/@parcel/watcher-android-arm64 2.4.1 🟢 3.3
Details
CheckScoreReason
Code-Review⚠️ 1Found 4/30 approved changesets -- score normalized to 1
Maintained🟢 30 commit(s) and 4 issue activity found in the last 90 days -- score normalized to 3
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Packaging⚠️ -1packaging workflow not detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Binary-Artifacts🟢 7binaries present in source code
Security-Policy⚠️ 0security policy file not detected
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Fuzzing⚠️ 0project is not fuzzed
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities🟢 46 existing vulnerabilities detected
npm/@parcel/watcher-darwin-arm64 2.4.1 🟢 3.3
Details
CheckScoreReason
Code-Review⚠️ 1Found 4/30 approved changesets -- score normalized to 1
Maintained🟢 30 commit(s) and 4 issue activity found in the last 90 days -- score normalized to 3
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Packaging⚠️ -1packaging workflow not detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Binary-Artifacts🟢 7binaries present in source code
Security-Policy⚠️ 0security policy file not detected
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Fuzzing⚠️ 0project is not fuzzed
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities🟢 46 existing vulnerabilities detected
npm/@parcel/watcher-darwin-x64 2.4.1 🟢 3.3
Details
CheckScoreReason
Code-Review⚠️ 1Found 4/30 approved changesets -- score normalized to 1
Maintained🟢 30 commit(s) and 4 issue activity found in the last 90 days -- score normalized to 3
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Packaging⚠️ -1packaging workflow not detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Binary-Artifacts🟢 7binaries present in source code
Security-Policy⚠️ 0security policy file not detected
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Fuzzing⚠️ 0project is not fuzzed
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities🟢 46 existing vulnerabilities detected
npm/@parcel/watcher-freebsd-x64 2.4.1 🟢 3.3
Details
CheckScoreReason
Code-Review⚠️ 1Found 4/30 approved changesets -- score normalized to 1
Maintained🟢 30 commit(s) and 4 issue activity found in the last 90 days -- score normalized to 3
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Packaging⚠️ -1packaging workflow not detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Binary-Artifacts🟢 7binaries present in source code
Security-Policy⚠️ 0security policy file not detected
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Fuzzing⚠️ 0project is not fuzzed
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities🟢 46 existing vulnerabilities detected
npm/@parcel/watcher-linux-arm-glibc 2.4.1 🟢 3.3
Details
CheckScoreReason
Code-Review⚠️ 1Found 4/30 approved changesets -- score normalized to 1
Maintained🟢 30 commit(s) and 4 issue activity found in the last 90 days -- score normalized to 3
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Packaging⚠️ -1packaging workflow not detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Binary-Artifacts🟢 7binaries present in source code
Security-Policy⚠️ 0security policy file not detected
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Fuzzing⚠️ 0project is not fuzzed
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities🟢 46 existing vulnerabilities detected
npm/@parcel/watcher-linux-arm64-glibc 2.4.1 🟢 3.3
Details
CheckScoreReason
Code-Review⚠️ 1Found 4/30 approved changesets -- score normalized to 1
Maintained🟢 30 commit(s) and 4 issue activity found in the last 90 days -- score normalized to 3
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Packaging⚠️ -1packaging workflow not detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Binary-Artifacts🟢 7binaries present in source code
Security-Policy⚠️ 0security policy file not detected
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Fuzzing⚠️ 0project is not fuzzed
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities🟢 46 existing vulnerabilities detected
npm/@parcel/watcher-linux-arm64-musl 2.4.1 🟢 3.3
Details
CheckScoreReason
Code-Review⚠️ 1Found 4/30 approved changesets -- score normalized to 1
Maintained🟢 30 commit(s) and 4 issue activity found in the last 90 days -- score normalized to 3
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Packaging⚠️ -1packaging workflow not detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Binary-Artifacts🟢 7binaries present in source code
Security-Policy⚠️ 0security policy file not detected
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Fuzzing⚠️ 0project is not fuzzed
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities🟢 46 existing vulnerabilities detected
npm/@parcel/watcher-linux-x64-glibc 2.4.1 🟢 3.3
Details
CheckScoreReason
Code-Review⚠️ 1Found 4/30 approved changesets -- score normalized to 1
Maintained🟢 30 commit(s) and 4 issue activity found in the last 90 days -- score normalized to 3
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Packaging⚠️ -1packaging workflow not detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Binary-Artifacts🟢 7binaries present in source code
Security-Policy⚠️ 0security policy file not detected
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Fuzzing⚠️ 0project is not fuzzed
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities🟢 46 existing vulnerabilities detected
npm/@parcel/watcher-linux-x64-musl 2.4.1 🟢 3.3
Details
CheckScoreReason
Code-Review⚠️ 1Found 4/30 approved changesets -- score normalized to 1
Maintained🟢 30 commit(s) and 4 issue activity found in the last 90 days -- score normalized to 3
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Packaging⚠️ -1packaging workflow not detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Binary-Artifacts🟢 7binaries present in source code
Security-Policy⚠️ 0security policy file not detected
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Fuzzing⚠️ 0project is not fuzzed
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities🟢 46 existing vulnerabilities detected
npm/@parcel/watcher-win32-arm64 2.4.1 🟢 3.3
Details
CheckScoreReason
Code-Review⚠️ 1Found 4/30 approved changesets -- score normalized to 1
Maintained🟢 30 commit(s) and 4 issue activity found in the last 90 days -- score normalized to 3
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Packaging⚠️ -1packaging workflow not detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Binary-Artifacts🟢 7binaries present in source code
Security-Policy⚠️ 0security policy file not detected
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Fuzzing⚠️ 0project is not fuzzed
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities🟢 46 existing vulnerabilities detected
npm/@parcel/watcher-win32-ia32 2.4.1 🟢 3.3
Details
CheckScoreReason
Code-Review⚠️ 1Found 4/30 approved changesets -- score normalized to 1
Maintained🟢 30 commit(s) and 4 issue activity found in the last 90 days -- score normalized to 3
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Packaging⚠️ -1packaging workflow not detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Binary-Artifacts🟢 7binaries present in source code
Security-Policy⚠️ 0security policy file not detected
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Fuzzing⚠️ 0project is not fuzzed
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities🟢 46 existing vulnerabilities detected
npm/@parcel/watcher-win32-x64 2.4.1 🟢 3.3
Details
CheckScoreReason
Code-Review⚠️ 1Found 4/30 approved changesets -- score normalized to 1
Maintained🟢 30 commit(s) and 4 issue activity found in the last 90 days -- score normalized to 3
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Packaging⚠️ -1packaging workflow not detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Binary-Artifacts🟢 7binaries present in source code
Security-Policy⚠️ 0security policy file not detected
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Fuzzing⚠️ 0project is not fuzzed
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities🟢 46 existing vulnerabilities detected
npm/chokidar 4.0.1 🟢 5.4
Details
CheckScoreReason
Maintained🟢 1030 commit(s) and 20 issue activity found in the last 90 days -- score normalized to 10
Code-Review🟢 3Found 8/23 approved changesets -- score normalized to 3
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies🟢 7dependency not pinned by hash detected -- score normalized to 7
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Security-Policy⚠️ 0security policy file not detected
Fuzzing⚠️ 0project is not fuzzed
Branch-Protection⚠️ 0branch protection not enabled on development/release branches
Signed-Releases⚠️ -1no releases found
Packaging🟢 10packaging workflow detected
Vulnerabilities🟢 100 existing vulnerabilities detected
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
npm/detect-libc 1.0.3 🟢 3.6
Details
CheckScoreReason
Code-Review⚠️ 2Found 7/30 approved changesets -- score normalized to 2
Maintained⚠️ 00 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 0
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Packaging⚠️ -1packaging workflow not detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Binary-Artifacts🟢 10no binaries found in the repo
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Branch-Protection⚠️ 0branch protection not enabled on development/release branches
Security-Policy⚠️ 0security policy file not detected
Signed-Releases⚠️ -1no releases found
Vulnerabilities🟢 100 existing vulnerabilities detected
Fuzzing⚠️ 0project is not fuzzed
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
npm/node-addon-api 7.1.1 🟢 8.8
Details
CheckScoreReason
Binary-Artifacts🟢 10no binaries found in the repo
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
CI-Tests🟢 928 out of 30 merged PRs checked by a CI test -- score normalized to 9
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Code-Review🟢 10all changesets reviewed
Contributors🟢 10project has 44 contributing companies or organizations
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Dependency-Update-Tool🟢 10update tool detected
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Maintained🟢 1027 commit(s) and 7 issue activity found in the last 90 days -- score normalized to 10
Packaging🟢 10packaging workflow detected
Pinned-Dependencies🟢 7dependency not pinned by hash detected -- score normalized to 7
SAST🟢 9SAST tool detected but not run on all commits
Security-Policy🟢 10security policy file detected
Signed-Releases⚠️ -1no releases found
Token-Permissions🟢 9detected GitHub workflow tokens with excessive permissions
Vulnerabilities🟢 100 existing vulnerabilities detected
npm/readdirp 4.0.2 🟢 5.2
Details
CheckScoreReason
Code-Review⚠️ 1Found 3/26 approved changesets -- score normalized to 1
Maintained🟢 1023 commit(s) and 4 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies🟢 7dependency not pinned by hash detected -- score normalized to 7
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Security-Policy⚠️ 0security policy file not detected
Branch-Protection⚠️ 0branch protection not enabled on development/release branches
Fuzzing⚠️ 0project is not fuzzed
Signed-Releases⚠️ -1no releases found
Packaging🟢 10packaging workflow detected
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities🟢 100 existing vulnerabilities detected
npm/sass 1.80.3 🟢 4.9
Details
CheckScoreReason
Code-Review🟢 10all changesets reviewed
Maintained🟢 1030 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Branch-Protection⚠️ 0branch protection not enabled on development/release branches
Signed-Releases⚠️ 0Project has not signed or included provenance with any releases.
Binary-Artifacts🟢 10no binaries found in the repo
Security-Policy⚠️ 0security policy file not detected
Vulnerabilities🟢 100 existing vulnerabilities detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Packaging⚠️ -1packaging workflow not detected
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Fuzzing⚠️ 0project is not fuzzed
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0

Scanned Files

  • frontend/package.json
  • frontend/yarn.lock

@renovate renovate bot merged commit 5a01a7e into main Oct 28, 2024
14 checks passed
@renovate renovate bot deleted the renovate/sass-1.x branch October 28, 2024 22:05
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
Archived in project
Development

Successfully merging this pull request may close these issues.

0 participants