Bump the production-dependencies group across 1 directory with 14 updates #103

dependabot · 2025-01-06T20:42:42Z

Bumps the production-dependencies group with 14 updates in the /frontend directory:

Package	From	To
@angular/animations	`18.2.12`	`19.0.5`
@angular/cdk	`18.2.13`	`19.0.4`
@angular/common	`18.2.12`	`19.0.5`
@angular/compiler	`18.2.12`	`19.0.5`
@angular/core	`18.2.12`	`19.0.5`
@angular/forms	`18.2.12`	`19.0.5`
@angular/material	`18.2.13`	`19.0.4`
@angular/platform-browser	`18.2.12`	`19.0.5`
@angular/platform-browser-dynamic	`18.2.12`	`19.0.5`
@angular/router	`18.2.12`	`19.0.5`
@octokit/types	`13.6.1`	`13.6.2`
cronstrue	`2.51.0`	`2.52.0`
highcharts	`11.4.8`	`12.1.2`
ng2-charts	`7.0.0`	`8.0.0`

Updates @angular/animations from 18.2.12 to 19.0.5

Release notes

Sourced from @angular/animations's releases.

v19.0.5

19.0.5 (2024-12-18)

core

Commit Description

avoid triggering on timer and on idle on the server (#59177)

Fix nested timer serialization (#59173)

platform-server

Commit Description

Warn user when transfer state happens more than once (#58935)

v19.0.4

19.0.4 (2024-12-12)

compiler-cli

Commit Description

consider pre-release versions when detecting feature support (#59061)

error in unused standalone imports diagnostic (#59064)

core

Commit Description

Fix a bug where snapshotted functions are being run twice if they return a nullish/falsey value. (#59073)

platform-browser

Commit Description

collect external component styles from server rendering (#59031)

v19.0.3

19.0.3 (2024-12-04)

v19.0.2

19.0.2 (2024-12-04)

compiler-cli

Commit Description

account for multiple generated namespace imports in HMR (#58924)

core

Commit Description

Explicitly manage TracingSnapshot lifecycle and dispose of it once it's been used. (#58929)

migrations

Commit Description

class content being deleted in some edge cases (#58959)

correctly strip away parameters surrounded by comments in inject migration (#58959)

... (truncated)

Changelog

Sourced from @angular/animations's changelog.

19.0.5 (2024-12-18)

core

Commit Type Description

3793218e77 fix avoid triggering on timer and on idle on the server (#59177)

cfc96ed82c fix Fix nested timer serialization (#59173)

platform-server

Commit Type Description

9085a8fbd8 fix Warn user when transfer state happens more than once (#58935)

19.1.0-next.3 (2024-12-12)

compiler-cli

Commit Type Description

c5c20e9d86 fix check event side of two-way bindings (#59002)

0dee2681f7 fix consider pre-release versions when detecting feature support (#59061)

1b9492edf8 fix error in unused standalone imports diagnostic (#59064)

core

Commit Type Description

d010e11b73 feat add event listener options to renderer (#59092)

30e676098d fix Fix a bug where snapshotted functions are being run twice if they return a nullish/falsey value. (#59073)

platform-browser

Commit Type Description

52be35118f fix collect external component styles from server rendering (#59031)

19.0.4 (2024-12-12)

compiler-cli

Commit Type Description

7e612171709 fix consider pre-release versions when detecting feature support (#59061)

cd764a31152 fix error in unused standalone imports diagnostic (#59064)

core

Commit Type Description

34ded10fa60 fix Fix a bug where snapshotted functions are being run twice if they return a nullish/falsey value. (#59073)

platform-browser

Commit Type Description

ae0802d63c5 fix collect external component styles from server rendering (#59031)

... (truncated)

Commits

c829a15 docs(animations): update position parameter to be a decimal (#57927)
5f3ba06 docs: set syntax highlighting of code examples MD code blocks (#59026)
b8a2ae0 docs: fix missing alert block styles in the API reference (#59020)
09df589 refactor(core): Migrate all packages with the explicit-standalone-flag sche...
84b6896 refactor(platform-server): Add an ssr benchmark setup. (#57647)
9dbe6fc refactor: update license text to point to angular.dev (#57901)
See full diff in compare view

Updates @angular/cdk from 18.2.13 to 19.0.4

Release notes

Sourced from @angular/cdk's releases.

v19.0.4

19.0.4 "linen-lampshade" (2024-12-18)

material

Commit Description

list: enable MacOS select all with command+a (#30183)

menu: remove dependency on animations module (#30163)

sort: avoid center align for sort header (#30198)

table: improve filter predicate efficiency (#30172)

table: set border none for header cells on last row (#30193)

theming: fix not found error in the guide duplicate theming styles document (#30108)

tooltip: body line height affecting gap (#30164)

cdk

Commit Description

drag-drop: resolve projected handles

drag-drop: stop dragging on touchcancel (#30184)

testing: add code to keyboard events (#30188)

v19.0.3

19.0.3 "polonium-popsicle" (2024-12-11)

material

Commit Description

expansion: switch away from animations module (#30119)

menu: decouple menu lifecycle from animations (#30148)

paginator: ignore clicks on disabled buttons (#30138)

select: add opt-in input that allows selection of nullable options (#30142)

timepicker: deserialize ControlValueAccessor values correctly (#30149)

timepicker: disable toggle if timepicker is disabled (#30137)

v19.0.2

19.0.2 "plastic-rhino" (2024-12-04)

youtube-player

Commit Description

update to latest typings (#30126)

material

Commit Description

button-toggle: unable to tab into ngModel-based group on first render (#30103)

core: optgroup label color not inferred correctly (#30085)

schematics: avoid parsing stylesheets that don't include Material

schematics: error if stylesheet contains syntax errors

sort: simplify animations (#30057)

tabs: ink bar not showing when same tab is re-selected (#30121)

cdk

... (truncated)

Changelog

Sourced from @angular/cdk's changelog.

19.0.4 "linen-lampshade" (2024-12-18)

cdk

Commit Type Description

622057a146 fix drag-drop: resolve projected handles

1456074baa fix drag-drop: stop dragging on touchcancel (#30184)

c92def439b fix testing: add code to keyboard events (#30188)

material

Commit Type Description

050b59b883 fix list: enable MacOS select all with command+a (#30183)

c3f22f3c9a fix menu: remove dependency on animations module (#30163)

a9c569e13d fix sort: avoid center align for sort header (#30198)

f0ec675aaa fix table: improve filter predicate efficiency (#30172)

b724b0698c fix table: set border none for header cells on last row (#30193)

125d867161 fix theming: fix not found error in the guide duplicate theming styles document (#30108)

8d3279fcd4 fix tooltip: body line height affecting gap (#30164)

19.0.3 "polonium-popsicle" (2024-12-11)

material

Commit Type Description

7b64c451e6 fix expansion: switch away from animations module (#30119)

d18c3395d8 fix menu: decouple menu lifecycle from animations (#30148)

3ea8cf5c31 fix paginator: ignore clicks on disabled buttons (#30138)

fbaf286f9c fix select: add opt-in input that allows selection of nullable options (#30142)

600a8b04f9 fix timepicker: deserialize ControlValueAccessor values correctly (#30149)

4b69162998 fix timepicker: disable toggle if timepicker is disabled (#30137)

19.0.2 "plastic-rhino" (2024-12-04)

cdk

Commit Type Description

460f971b27 fix accordion: improve accessibility in example code (#30087)

6306a12c12 fix menu: disable flexible dimensions (#30086)

material

Commit Type Description

0ed9869529 fix button-toggle: unable to tab into ngModel-based group on first render (#30103)

72ff6fcce3 fix core: optgroup label color not inferred correctly (#30085)

c395585446 fix schematics: avoid parsing stylesheets that don't include Material

5b3350a60e fix schematics: error if stylesheet contains syntax errors

1235ad28bc fix sort: simplify animations (#30057)

5b165067e8 fix tabs: ink bar not showing when same tab is re-selected (#30121)

... (truncated)

Commits

65db2cc release: cut the v19.0.4 release
7e3f1e6 docs: fix whether typos (#30204)
a9c569e fix(material/sort): avoid center align for sort header (#30198)
8f5ff96 docs: fix typo in custom theme guide (#30202)
03a59b6 docs: update system var prefix (#30199)
b724b06 fix(material/table): set border none for header cells on last row (#30193)
050b59b fix(material/list): enable MacOS select all with command+a (#30183)
125d867 fix(material/theming): fix not found error in the guide duplicate theming sty...
0eb9e2f test(multiple): clean up standalone flags (#30189)
c92def4 fix(cdk/testing): add code to keyboard events (#30188)
Additional commits viewable in compare view

Updates @angular/common from 18.2.12 to 19.0.5

Release notes

Sourced from @angular/common's releases.

v19.0.5

19.0.5 (2024-12-18)

core

Commit Description

avoid triggering on timer and on idle on the server (#59177)

Fix nested timer serialization (#59173)

platform-server

Commit Description

Warn user when transfer state happens more than once (#58935)

v19.0.4

19.0.4 (2024-12-12)

compiler-cli

Commit Description

consider pre-release versions when detecting feature support (#59061)

error in unused standalone imports diagnostic (#59064)

core

Commit Description

Fix a bug where snapshotted functions are being run twice if they return a nullish/falsey value. (#59073)

platform-browser

Commit Description

collect external component styles from server rendering (#59031)

v19.0.3

19.0.3 (2024-12-04)

v19.0.2

19.0.2 (2024-12-04)

compiler-cli

Commit Description

account for multiple generated namespace imports in HMR (#58924)

core

Commit Description

Explicitly manage TracingSnapshot lifecycle and dispose of it once it's been used. (#58929)

migrations

Commit Description

class content being deleted in some edge cases (#58959)

correctly strip away parameters surrounded by comments in inject migration (#58959)

... (truncated)

Changelog

Sourced from @angular/common's changelog.

19.0.5 (2024-12-18)

core

Commit Type Description

3793218e77 fix avoid triggering on timer and on idle on the server (#59177)

cfc96ed82c fix Fix nested timer serialization (#59173)

platform-server

Commit Type Description

9085a8fbd8 fix Warn user when transfer state happens more than once (#58935)

19.1.0-next.3 (2024-12-12)

compiler-cli

Commit Type Description

c5c20e9d86 fix check event side of two-way bindings (#59002)

0dee2681f7 fix consider pre-release versions when detecting feature support (#59061)

1b9492edf8 fix error in unused standalone imports diagnostic (#59064)

core

Commit Type Description

d010e11b73 feat add event listener options to renderer (#59092)

30e676098d fix Fix a bug where snapshotted functions are being run twice if they return a nullish/falsey value. (#59073)

platform-browser

Commit Type Description

52be35118f fix collect external component styles from server rendering (#59031)

19.0.4 (2024-12-12)

compiler-cli

Commit Type Description

7e612171709 fix consider pre-release versions when detecting feature support (#59061)

cd764a31152 fix error in unused standalone imports diagnostic (#59064)

core

Commit Type Description

34ded10fa60 fix Fix a bug where snapshotted functions are being run twice if they return a nullish/falsey value. (#59073)

platform-browser

Commit Type Description

ae0802d63c5 fix collect external component styles from server rendering (#59031)

... (truncated)

Commits

e3bb6a0 refactor(common): update the NgOptimizedImage message to use @if instead of...
326337e refactor: replace ɵPendingTasks with ɵPendingTasksInternal (#59138)
ffae7df refactor(http): Don't log fetch warning in tests. (#59049)
0c40bb2 refactor(docs-infra): convert code-example-s that have only region param to @...
5f3ba06 docs: set syntax highlighting of code examples MD code blocks (#59026)
0df7b1e refactor(common): remove standalone: true (#58949)
b8a2ae0 docs: fix missing alert block styles in the API reference (#59020)
ea0bf74 refactor(core): use ApplicationRef.whenStable instead of a custom util func...
7dfb127 refactor: add @__PURE__ next to @pureOrBreakMyCode for improved bundler c...
da9c0c5 refactor: cleanup initializers that use ctor params (#58349)
Additional commits viewable in compare view

Updates @angular/compiler from 18.2.12 to 19.0.5

Release notes

Sourced from @angular/compiler's releases.

v19.0.5

19.0.5 (2024-12-18)

core

Commit Description

avoid triggering on timer and on idle on the server (#59177)

Fix nested timer serialization (#59173)

platform-server

Commit Description

Warn user when transfer state happens more than once (#58935)

v19.0.4

19.0.4 (2024-12-12)

compiler-cli

Commit Description

consider pre-release versions when detecting feature support (#59061)

error in unused standalone imports diagnostic (#59064)

core

Commit Description

Fix a bug where snapshotted functions are being run twice if they return a nullish/falsey value. (#59073)

platform-browser

Commit Description

collect external component styles from server rendering (#59031)

v19.0.3

19.0.3 (2024-12-04)

v19.0.2

19.0.2 (2024-12-04)

compiler-cli

Commit Description

account for multiple generated namespace imports in HMR (#58924)

core

Commit Description

Explicitly manage TracingSnapshot lifecycle and dispose of it once it's been used. (#58929)

migrations

Commit Description

class content being deleted in some edge cases (#58959)

correctly strip away parameters surrounded by comments in inject migration (#58959)

... (truncated)

Changelog

Sourced from @angular/compiler's changelog.

19.0.5 (2024-12-18)

core

Commit Type Description

3793218e77 fix avoid triggering on timer and on idle on the server (#59177)

cfc96ed82c fix Fix nested timer serialization (#59173)

platform-server

Commit Type Description

9085a8fbd8 fix Warn user when transfer state happens more than once (#58935)

19.1.0-next.3 (2024-12-12)

compiler-cli

Commit Type Description

c5c20e9d86 fix check event side of two-way bindings (#59002)

0dee2681f7 fix consider pre-release versions when detecting feature support (#59061)

1b9492edf8 fix error in unused standalone imports diagnostic (#59064)

core

Commit Type Description

d010e11b73 feat add event listener options to renderer (#59092)

30e676098d fix Fix a bug where snapshotted functions are being run twice if they return a nullish/falsey value. (#59073)

platform-browser

Commit Type Description

52be35118f fix collect external component styles from server rendering (#59031)

19.0.4 (2024-12-12)

compiler-cli

Commit Type Description

7e612171709 fix consider pre-release versions when detecting feature support (#59061)

cd764a31152 fix error in unused standalone imports diagnostic (#59064)

core

Commit Type Description

34ded10fa60 fix Fix a bug where snapshotted functions are being run twice if they return a nullish/falsey value. (#59073)

platform-browser

Commit Type Description

ae0802d63c5 fix collect external component styles from server rendering (#59031)

... (truncated)

Commits

b58123b refactor(compiler): remove circular dep in the output ast (#59083)
5f3ba06 docs: set syntax highlighting of code examples MD code blocks (#59026)
b182806 refactor(compiler): remove allowInvalidAssignmentEvents flag (#58988)
9f99196 fix(compiler-cli): account for multiple generated namespace imports in HMR (#...
d23a5d5 refactor(core): Consolidates shouldTrigger* methods down to one (#58833)
d6da631 refactor(compiler): Adds ingest and flags for defer details (#58833)
4852e57 docs: capitalize webpack with a lowercase W (#56812)
fb1fa8b fix(compiler-cli): more accurate diagnostics for host binding parser errors (...
806a61b fix(compiler): fix multiline selectors (#58681)
e5d3abb fix(compiler): resolve :host:host-context(.foo) (#58681)
Additional commits viewable in compare view

Updates @angular/core from 18.2.12 to 19.0.5

Release notes

Sourced from @angular/core's releases.

v19.0.5

19.0.5 (2024-12-18)

core

Commit Description

avoid triggering on timer and on idle on the server (#59177)

Fix nested timer serialization (#59173)

platform-server

Commit Description

Warn user when transfer state happens more than once (#58935)

v19.0.4

19.0.4 (2024-12-12)

compiler-cli

Commit Description

consider pre-release versions when detecting feature support (#59061)

error in unused standalone imports diagnostic (#59064)

core

Commit Description

…ates Bumps the production-dependencies group with 14 updates in the /frontend directory: | Package | From | To | | --- | --- | --- | | [@angular/animations](https://github.com/angular/angular/tree/HEAD/packages/animations) | `18.2.12` | `19.0.5` | | [@angular/cdk](https://github.com/angular/components) | `18.2.13` | `19.0.4` | | [@angular/common](https://github.com/angular/angular/tree/HEAD/packages/common) | `18.2.12` | `19.0.5` | | [@angular/compiler](https://github.com/angular/angular/tree/HEAD/packages/compiler) | `18.2.12` | `19.0.5` | | [@angular/core](https://github.com/angular/angular/tree/HEAD/packages/core) | `18.2.12` | `19.0.5` | | [@angular/forms](https://github.com/angular/angular/tree/HEAD/packages/forms) | `18.2.12` | `19.0.5` | | [@angular/material](https://github.com/angular/components) | `18.2.13` | `19.0.4` | | [@angular/platform-browser](https://github.com/angular/angular/tree/HEAD/packages/platform-browser) | `18.2.12` | `19.0.5` | | [@angular/platform-browser-dynamic](https://github.com/angular/angular/tree/HEAD/packages/platform-browser-dynamic) | `18.2.12` | `19.0.5` | | [@angular/router](https://github.com/angular/angular/tree/HEAD/packages/router) | `18.2.12` | `19.0.5` | | [@octokit/types](https://github.com/octokit/types.ts) | `13.6.1` | `13.6.2` | | [cronstrue](https://github.com/bradymholt/cronstrue) | `2.51.0` | `2.52.0` | | [highcharts](https://github.com/highcharts/highcharts-dist) | `11.4.8` | `12.1.2` | | [ng2-charts](https://github.com/valor-software/ng2-charts) | `7.0.0` | `8.0.0` | Updates `@angular/animations` from 18.2.12 to 19.0.5 - [Release notes](https://github.com/angular/angular/releases) - [Changelog](https://github.com/angular/angular/blob/main/CHANGELOG.md) - [Commits](https://github.com/angular/angular/commits/19.0.5/packages/animations) Updates `@angular/cdk` from 18.2.13 to 19.0.4 - [Release notes](https://github.com/angular/components/releases) - [Changelog](https://github.com/angular/components/blob/19.0.4/CHANGELOG.md) - [Commits](angular/components@18.2.13...19.0.4) Updates `@angular/common` from 18.2.12 to 19.0.5 - [Release notes](https://github.com/angular/angular/releases) - [Changelog](https://github.com/angular/angular/blob/main/CHANGELOG.md) - [Commits](https://github.com/angular/angular/commits/19.0.5/packages/common) Updates `@angular/compiler` from 18.2.12 to 19.0.5 - [Release notes](https://github.com/angular/angular/releases) - [Changelog](https://github.com/angular/angular/blob/main/CHANGELOG.md) - [Commits](https://github.com/angular/angular/commits/19.0.5/packages/compiler) Updates `@angular/core` from 18.2.12 to 19.0.5 - [Release notes](https://github.com/angular/angular/releases) - [Changelog](https://github.com/angular/angular/blob/main/CHANGELOG.md) - [Commits](https://github.com/angular/angular/commits/19.0.5/packages/core) Updates `@angular/forms` from 18.2.12 to 19.0.5 - [Release notes](https://github.com/angular/angular/releases) - [Changelog](https://github.com/angular/angular/blob/main/CHANGELOG.md) - [Commits](https://github.com/angular/angular/commits/19.0.5/packages/forms) Updates `@angular/material` from 18.2.13 to 19.0.4 - [Release notes](https://github.com/angular/components/releases) - [Changelog](https://github.com/angular/components/blob/19.0.4/CHANGELOG.md) - [Commits](angular/components@18.2.13...19.0.4) Updates `@angular/platform-browser` from 18.2.12 to 19.0.5 - [Release notes](https://github.com/angular/angular/releases) - [Changelog](https://github.com/angular/angular/blob/main/CHANGELOG.md) - [Commits](https://github.com/angular/angular/commits/19.0.5/packages/platform-browser) Updates `@angular/platform-browser-dynamic` from 18.2.12 to 19.0.5 - [Release notes](https://github.com/angular/angular/releases) - [Changelog](https://github.com/angular/angular/blob/main/CHANGELOG.md) - [Commits](https://github.com/angular/angular/commits/19.0.5/packages/platform-browser-dynamic) Updates `@angular/router` from 18.2.12 to 19.0.5 - [Release notes](https://github.com/angular/angular/releases) - [Changelog](https://github.com/angular/angular/blob/main/CHANGELOG.md) - [Commits](https://github.com/angular/angular/commits/19.0.5/packages/router) Updates `@octokit/types` from 13.6.1 to 13.6.2 - [Release notes](https://github.com/octokit/types.ts/releases) - [Commits](octokit/types.ts@v13.6.1...v13.6.2) Updates `cronstrue` from 2.51.0 to 2.52.0 - [Release notes](https://github.com/bradymholt/cronstrue/releases) - [Changelog](https://github.com/bradymholt/cRonstrue/blob/main/CHANGELOG.md) - [Commits](bradymholt/cRonstrue@v2.51.0...v2.52.0) Updates `highcharts` from 11.4.8 to 12.1.2 - [Commits](highcharts/highcharts-dist@v11.4.8...v12.1.2) Updates `ng2-charts` from 7.0.0 to 8.0.0 - [Release notes](https://github.com/valor-software/ng2-charts/releases) - [Commits](valor-software/ng2-charts@v7.0.0...v8.0.0) --- updated-dependencies: - dependency-name: "@angular/animations" dependency-type: direct:production update-type: version-update:semver-major dependency-group: production-dependencies - dependency-name: "@angular/cdk" dependency-type: direct:production update-type: version-update:semver-major dependency-group: production-dependencies - dependency-name: "@angular/common" dependency-type: direct:production update-type: version-update:semver-major dependency-group: production-dependencies - dependency-name: "@angular/compiler" dependency-type: direct:production update-type: version-update:semver-major dependency-group: production-dependencies - dependency-name: "@angular/core" dependency-type: direct:production update-type: version-update:semver-major dependency-group: production-dependencies - dependency-name: "@angular/forms" dependency-type: direct:production update-type: version-update:semver-major dependency-group: production-dependencies - dependency-name: "@angular/material" dependency-type: direct:production update-type: version-update:semver-major dependency-group: production-dependencies - dependency-name: "@angular/platform-browser" dependency-type: direct:production update-type: version-update:semver-major dependency-group: production-dependencies - dependency-name: "@angular/platform-browser-dynamic" dependency-type: direct:production update-type: version-update:semver-major dependency-group: production-dependencies - dependency-name: "@angular/router" dependency-type: direct:production update-type: version-update:semver-major dependency-group: production-dependencies - dependency-name: "@octokit/types" dependency-type: direct:production update-type: version-update:semver-patch dependency-group: production-dependencies - dependency-name: cronstrue dependency-type: direct:production update-type: version-update:semver-minor dependency-group: production-dependencies - dependency-name: highcharts dependency-type: direct:production update-type: version-update:semver-major dependency-group: production-dependencies - dependency-name: ng2-charts dependency-type: direct:production update-type: version-update:semver-major dependency-group: production-dependencies ... Signed-off-by: dependabot[bot] <[email protected]>

github-actions · 2025-01-06T20:42:56Z

Dependency Review

The following issues were found:

✅ 0 vulnerable package(s)
✅ 0 package(s) with incompatible licenses
✅ 0 package(s) with invalid SPDX license definitions
⚠️ 1 package(s) with unknown licenses.

See the Details below.

License Issues

frontend/package.json

Package	Version	License	Issue Type
highcharts	^12.1.2	Null	Unknown License

OpenSSF Scorecard

Scorecard details

Package

Version

Score

Details

npm/@angular/animations

19.0.5

🟢 6.4

Details

Check	Score	Reason
Binary-Artifacts	🟢 10	no binaries found in the repo
Branch-Protection	🟢 6	branch protection is not maximal on development and all release branches
CI-Tests	⚠️ -1	no pull request found
CII-Best-Practices	⚠️ 2	badge detected: InProgress
Code-Review	⚠️ 0	Found 0/30 approved changesets -- score normalized to 0
Contributors	🟢 10	project has 36 contributing companies or organizations
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Dependency-Update-Tool	🟢 10	update tool detected
Fuzzing	🟢 10	project is fuzzed
License	🟢 10	license file detected
Maintained	🟢 10	30 commit(s) and 19 issue activity found in the last 90 days -- score normalized to 10
Packaging	⚠️ -1	packaging workflow not detected
Pinned-Dependencies	🟢 10	all dependencies are pinned
SAST	⚠️ 0	no SAST tool detected
Security-Policy	🟢 10	security policy file detected
Signed-Releases	⚠️ -1	no releases found
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Vulnerabilities	⚠️ 0	68 existing vulnerabilities detected

npm/@angular/cdk

19.0.4

🟢 7.4

Details

Check	Score	Reason
Binary-Artifacts	🟢 10	no binaries found in the repo
Branch-Protection	🟢 6	branch protection is not maximal on development and all release branches
CI-Tests	🟢 10	26 out of 26 merged PRs checked by a CI test -- score normalized to 10
CII-Best-Practices	⚠️ 2	badge detected: in_progress
Code-Review	🟢 10	all changesets reviewed
Contributors	🟢 10	24 different organizations found -- score normalized to 10
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Dependency-Update-Tool	🟢 10	update tool detected
Fuzzing	⚠️ 0	project is not fuzzed
License	🟢 10	license file detected
Maintained	🟢 10	30 commit(s) out of 30 and 11 issue activity out of 30 found in the last 90 days -- score normalized to 10
Packaging	⚠️ -1	no published package detected
Pinned-Dependencies	🟢 10	all dependencies are pinned
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Security-Policy	🟢 10	security policy file detected
Signed-Releases	⚠️ -1	no releases found
Token-Permissions	🟢 8	detected GitHub workflow tokens with excessive permissions
Vulnerabilities	⚠️ 0	53 existing vulnerabilities detected

npm/@angular/common

19.0.5

🟢 6.4

Details

Check	Score	Reason
Binary-Artifacts	🟢 10	no binaries found in the repo
Branch-Protection	🟢 6	branch protection is not maximal on development and all release branches
CI-Tests	⚠️ -1	no pull request found
CII-Best-Practices	⚠️ 2	badge detected: InProgress
Code-Review	⚠️ 0	Found 0/30 approved changesets -- score normalized to 0
Contributors	🟢 10	project has 36 contributing companies or organizations
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Dependency-Update-Tool	🟢 10	update tool detected
Fuzzing	🟢 10	project is fuzzed
License	🟢 10	license file detected
Maintained	🟢 10	30 commit(s) and 19 issue activity found in the last 90 days -- score normalized to 10
Packaging	⚠️ -1	packaging workflow not detected
Pinned-Dependencies	🟢 10	all dependencies are pinned
SAST	⚠️ 0	no SAST tool detected
Security-Policy	🟢 10	security policy file detected
Signed-Releases	⚠️ -1	no releases found
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Vulnerabilities	⚠️ 0	68 existing vulnerabilities detected

npm/@angular/compiler

19.0.5

🟢 6.4

Details

Check	Score	Reason
Binary-Artifacts	🟢 10	no binaries found in the repo
Branch-Protection	🟢 6	branch protection is not maximal on development and all release branches
CI-Tests	⚠️ -1	no pull request found
CII-Best-Practices	⚠️ 2	badge detected: InProgress
Code-Review	⚠️ 0	Found 0/30 approved changesets -- score normalized to 0
Contributors	🟢 10	project has 36 contributing companies or organizations
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Dependency-Update-Tool	🟢 10	update tool detected
Fuzzing	🟢 10	project is fuzzed
License	🟢 10	license file detected
Maintained	🟢 10	30 commit(s) and 19 issue activity found in the last 90 days -- score normalized to 10
Packaging	⚠️ -1	packaging workflow not detected
Pinned-Dependencies	🟢 10	all dependencies are pinned
SAST	⚠️ 0	no SAST tool detected
Security-Policy	🟢 10	security policy file detected
Signed-Releases	⚠️ -1	no releases found
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Vulnerabilities	⚠️ 0	68 existing vulnerabilities detected

npm/@angular/core

19.0.5

🟢 6.4

Details

Check	Score	Reason
Binary-Artifacts	🟢 10	no binaries found in the repo
Branch-Protection	🟢 6	branch protection is not maximal on development and all release branches
CI-Tests	⚠️ -1	no pull request found
CII-Best-Practices	⚠️ 2	badge detected: InProgress
Code-Review	⚠️ 0	Found 0/30 approved changesets -- score normalized to 0
Contributors	🟢 10	project has 36 contributing companies or organizations
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Dependency-Update-Tool	🟢 10	update tool detected
Fuzzing	🟢 10	project is fuzzed
License	🟢 10	license file detected
Maintained	🟢 10	30 commit(s) and 19 issue activity found in the last 90 days -- score normalized to 10
Packaging	⚠️ -1	packaging workflow not detected
Pinned-Dependencies	🟢 10	all dependencies are pinned
SAST	⚠️ 0	no SAST tool detected
Security-Policy	🟢 10	security policy file detected
Signed-Releases	⚠️ -1	no releases found
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Vulnerabilities	⚠️ 0	68 existing vulnerabilities detected

npm/@angular/forms

19.0.5

🟢 6.4

Details

Check	Score	Reason
Binary-Artifacts	🟢 10	no binaries found in the repo
Branch-Protection	🟢 6	branch protection is not maximal on development and all release branches
CI-Tests	⚠️ -1	no pull request found
CII-Best-Practices	⚠️ 2	badge detected: InProgress
Code-Review	⚠️ 0	Found 0/30 approved changesets -- score normalized to 0
Contributors	🟢 10	project has 36 contributing companies or organizations
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Dependency-Update-Tool	🟢 10	update tool detected
Fuzzing	🟢 10	project is fuzzed
License	🟢 10	license file detected
Maintained	🟢 10	30 commit(s) and 19 issue activity found in the last 90 days -- score normalized to 10
Packaging	⚠️ -1	packaging workflow not detected
Pinned-Dependencies	🟢 10	all dependencies are pinned
SAST	⚠️ 0	no SAST tool detected
Security-Policy	🟢 10	security policy file detected
Signed-Releases	⚠️ -1	no releases found
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Vulnerabilities	⚠️ 0	68 existing vulnerabilities detected

npm/@angular/material

19.0.4

🟢 7.4

Details

Check	Score	Reason
Binary-Artifacts	🟢 10	no binaries found in the repo
Branch-Protection	🟢 6	branch protection is not maximal on development and all release branches
CI-Tests	🟢 10	26 out of 26 merged PRs checked by a CI test -- score normalized to 10
CII-Best-Practices	⚠️ 2	badge detected: in_progress
Code-Review	🟢 10	all changesets reviewed
Contributors	🟢 10	24 different organizations found -- score normalized to 10
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Dependency-Update-Tool	🟢 10	update tool detected
Fuzzing	⚠️ 0	project is not fuzzed
License	🟢 10	license file detected
Maintained	🟢 10	30 commit(s) out of 30 and 11 issue activity out of 30 found in the last 90 days -- score normalized to 10
Packaging	⚠️ -1	no published package detected
Pinned-Dependencies	🟢 10	all dependencies are pinned
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Security-Policy	🟢 10	security policy file detected
Signed-Releases	⚠️ -1	no releases found
Token-Permissions	🟢 8	detected GitHub workflow tokens with excessive permissions
Vulnerabilities	⚠️ 0	53 existing vulnerabilities detected

npm/@angular/platform-browser

19.0.5

🟢 6.4

Details

Check	Score	Reason
Binary-Artifacts	🟢 10	no binaries found in the repo
Branch-Protection	🟢 6	branch protection is not maximal on development and all release branches
CI-Tests	⚠️ -1	no pull request found
CII-Best-Practices	⚠️ 2	badge detected: InProgress
Code-Review	⚠️ 0	Found 0/30 approved changesets -- score normalized to 0
Contributors	🟢 10	project has 36 contributing companies or organizations
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Dependency-Update-Tool	🟢 10	update tool detected
Fuzzing	🟢 10	project is fuzzed
License	🟢 10	license file detected
Maintained	🟢 10	30 commit(s) and 19 issue activity found in the last 90 days -- score normalized to 10
Packaging	⚠️ -1	packaging workflow not detected
Pinned-Dependencies	🟢 10	all dependencies are pinned
SAST	⚠️ 0	no SAST tool detected
Security-Policy	🟢 10	security policy file detected
Signed-Releases	⚠️ -1	no releases found
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Vulnerabilities	⚠️ 0	68 existing vulnerabilities detected

npm/@angular/platform-browser-dynamic

19.0.5

🟢 6.4

Details

Check	Score	Reason
Binary-Artifacts	🟢 10	no binaries found in the repo
Branch-Protection	🟢 6	branch protection is not maximal on development and all release branches
CI-Tests	⚠️ -1	no pull request found
CII-Best-Practices	⚠️ 2	badge detected: InProgress
Code-Review	⚠️ 0	Found 0/30 approved changesets -- score normalized to 0
Contributors	🟢 10	project has 36 contributing companies or organizations
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Dependency-Update-Tool	🟢 10	update tool detected
Fuzzing	🟢 10	project is fuzzed
License	🟢 10	license file detected
Maintained	🟢 10	30 commit(s) and 19 issue activity found in the last 90 days -- score normalized to 10
Packaging	⚠️ -1	packaging workflow not detected
Pinned-Dependencies	🟢 10	all dependencies are pinned
SAST	⚠️ 0	no SAST tool detected
Security-Policy	🟢 10	security policy file detected
Signed-Releases	⚠️ -1	no releases found
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Vulnerabilities	⚠️ 0	68 existing vulnerabilities detected

npm/@angular/router

19.0.5

🟢 6.4

Details

Check	Score	Reason
Binary-Artifacts	🟢 10	no binaries found in the repo
Branch-Protection	🟢 6	branch protection is not maximal on development and all release branches
CI-Tests	⚠️ -1	no pull request found
CII-Best-Practices	⚠️ 2	badge detected: InProgress
Code-Review	⚠️ 0	Found 0/30 approved changesets -- score normalized to 0
Contributors	🟢 10	project has 36 contributing companies or organizations
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Dependency-Update-Tool	🟢 10	update tool detected
Fuzzing	🟢 10	project is fuzzed
License	🟢 10	license file detected
Maintained	🟢 10	30 commit(s) and 19 issue activity found in the last 90 days -- score normalized to 10
Packaging	⚠️ -1	packaging workflow not detected
Pinned-Dependencies	🟢 10	all dependencies are pinned
SAST	⚠️ 0	no SAST tool detected
Security-Policy	🟢 10	security policy file detected
Signed-Releases	⚠️ -1	no releases found
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Vulnerabilities	⚠️ 0	68 existing vulnerabilities detected

npm/@octokit/types

13.6.2

🟢 6.9

Details

Check	Score	Reason
Maintained	🟢 5	5 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 5
Security-Policy	🟢 9	security policy file detected
Code-Review	🟢 10	all changesets reviewed
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Binary-Artifacts	🟢 10	no binaries found in the repo
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Pinned-Dependencies	🟢 3	dependency not pinned by hash detected -- score normalized to 3
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Fuzzing	⚠️ 0	project is not fuzzed
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Packaging	🟢 10	packaging workflow detected
SAST	🟢 10	SAST tool is run on all commits
Vulnerabilities	🟢 8	2 existing vulnerabilities detected

npm/cronstrue

2.52.0

🟢 3.6

Details

Check	Score	Reason
Packaging	⚠️ -1	packaging workflow not detected
Code-Review	⚠️ 2	Found 8/28 approved changesets -- score normalized to 2
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Maintained	🟢 5	4 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 5
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Binary-Artifacts	🟢 10	no binaries found in the repo
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Security-Policy	⚠️ 0	security policy file not detected
License	🟢 10	license file detected
Fuzzing	⚠️ 0	project is not fuzzed
Signed-Releases	⚠️ 0	Project has not signed or included provenance with any releases.
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities	🟢 5	5 existing vulnerabilities detected

npm/highcharts

12.1.2

🟢 3.5

Details

Check	Score	Reason
Code-Review	⚠️ 0	Found 1/28 approved changesets -- score normalized to 0
Packaging	⚠️ -1	packaging workflow not detected
Dangerous-Workflow	⚠️ -1	no workflows found
Maintained	🟢 7	9 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 7
Token-Permissions	⚠️ -1	No tokens found
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Security-Policy	⚠️ 0	security policy file not detected
License	⚠️ 0	license file not detected
Vulnerabilities	🟢 10	0 existing vulnerabilities detected
Binary-Artifacts	🟢 10	no binaries found in the repo
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ 0	branch protection not enabled on development/release branches
Pinned-Dependencies	⚠️ -1	no dependencies found
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Fuzzing	⚠️ 0	project is not fuzzed

npm/ng2-charts

8.0.0

🟢 3.6

Details

Check	Score	Reason
Maintained	🟢 3	4 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 3
Code-Review	⚠️ 0	Found 1/16 approved changesets -- score normalized to 0
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Packaging	⚠️ -1	packaging workflow not detected
Binary-Artifacts	🟢 10	no binaries found in the repo
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Pinned-Dependencies	⚠️ 2	dependency not pinned by hash detected -- score normalized to 2
Fuzzing	⚠️ 0	project is not fuzzed
License	🟢 10	license file detected
Signed-Releases	⚠️ 0	Project has not signed or included provenance with any releases.
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Security-Policy	⚠️ 0	security policy file not detected
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities	🟢 7	3 existing vulnerabilities detected

npm/zone.js

0.15.0

🟢 6.4

Details

Check	Score	Reason
Binary-Artifacts	🟢 10	no binaries found in the repo
Branch-Protection	🟢 6	branch protection is not maximal on development and all release branches
CI-Tests	⚠️ -1	no pull request found
CII-Best-Practices	⚠️ 2	badge detected: InProgress
Code-Review	⚠️ 0	Found 0/30 approved changesets -- score normalized to 0
Contributors	🟢 10	project has 36 contributing companies or organizations
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Dependency-Update-Tool	🟢 10	update tool detected
Fuzzing	🟢 10	project is fuzzed
License	🟢 10	license file detected
Maintained	🟢 10	30 commit(s) and 19 issue activity found in the last 90 days -- score normalized to 10
Packaging	⚠️ -1	packaging workflow not detected
Pinned-Dependencies	🟢 10	all dependencies are pinned
SAST	⚠️ 0	no SAST tool detected
Security-Policy	🟢 10	security policy file detected
Signed-Releases	⚠️ -1	no releases found
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Vulnerabilities	⚠️ 0	68 existing vulnerabilities detected

npm/@angular/animations

^19.0.5

🟢 6.4

Details

Check	Score	Reason
Binary-Artifacts	🟢 10	no binaries found in the repo
Branch-Protection	🟢 6	branch protection is not maximal on development and all release branches
CI-Tests	⚠️ -1	no pull request found
CII-Best-Practices	⚠️ 2	badge detected: InProgress
Code-Review	⚠️ 0	Found 0/30 approved changesets -- score normalized to 0
Contributors	🟢 10	project has 36 contributing companies or organizations
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Dependency-Update-Tool	🟢 10	update tool detected
Fuzzing	🟢 10	project is fuzzed
License	🟢 10	license file detected
Maintained	🟢 10	30 commit(s) and 19 issue activity found in the last 90 days -- score normalized to 10
Packaging	⚠️ -1	packaging workflow not detected
Pinned-Dependencies	🟢 10	all dependencies are pinned
SAST	⚠️ 0	no SAST tool detected
Security-Policy	🟢 10	security policy file detected
Signed-Releases	⚠️ -1	no releases found
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Vulnerabilities	⚠️ 0	68 existing vulnerabilities detected

npm/@angular/cdk

^19.0.4

🟢 7.4

Details

Check	Score	Reason
Binary-Artifacts	🟢 10	no binaries found in the repo
Branch-Protection	🟢 6	branch protection is not maximal on development and all release branches
CI-Tests	🟢 10	26 out of 26 merged PRs checked by a CI test -- score normalized to 10
CII-Best-Practices	⚠️ 2	badge detected: in_progress
Code-Review	🟢 10	all changesets reviewed
Contributors	🟢 10	24 different organizations found -- score normalized to 10
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Dependency-Update-Tool	🟢 10	update tool detected
Fuzzing	⚠️ 0	project is not fuzzed
License	🟢 10	license file detected
Maintained	🟢 10	30 commit(s) out of 30 and 11 issue activity out of 30 found in the last 90 days -- score normalized to 10
Packaging	⚠️ -1	no published package detected
Pinned-Dependencies	🟢 10	all dependencies are pinned
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Security-Policy	🟢 10	security policy file detected
Signed-Releases	⚠️ -1	no releases found
Token-Permissions	🟢 8	detected GitHub workflow tokens with excessive permissions
Vulnerabilities	⚠️ 0	53 existing vulnerabilities detected

npm/@angular/common

^19.0.5

🟢 6.4

Details

Check	Score	Reason
Binary-Artifacts	🟢 10	no binaries found in the repo
Branch-Protection	🟢 6	branch protection is not maximal on development and all release branches
CI-Tests	⚠️ -1	no pull request found
CII-Best-Practices	⚠️ 2	badge detected: InProgress
Code-Review	⚠️ 0	Found 0/30 approved changesets -- score normalized to 0
Contributors	🟢 10	project has 36 contributing companies or organizations
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Dependency-Update-Tool	🟢 10	update tool detected
Fuzzing	🟢 10	project is fuzzed
License	🟢 10	license file detected
Maintained	🟢 10	30 commit(s) and 19 issue activity found in the last 90 days -- score normalized to 10
Packaging	⚠️ -1	packaging workflow not detected
Pinned-Dependencies	🟢 10	all dependencies are pinned
SAST	⚠️ 0	no SAST tool detected
Security-Policy	🟢 10	security policy file detected
Signed-Releases	⚠️ -1	no releases found
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Vulnerabilities	⚠️ 0	68 existing vulnerabilities detected

npm/@angular/compiler

^19.0.5

🟢 6.4

Details

Check	Score	Reason
Binary-Artifacts	🟢 10	no binaries found in the repo
Branch-Protection	🟢 6	branch protection is not maximal on development and all release branches
CI-Tests	⚠️ -1	no pull request found
CII-Best-Practices	⚠️ 2	badge detected: InProgress
Code-Review	⚠️ 0	Found 0/30 approved changesets -- score normalized to 0
Contributors	🟢 10	project has 36 contributing companies or organizations
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Dependency-Update-Tool	🟢 10	update tool detected
Fuzzing	🟢 10	project is fuzzed
License	🟢 10	license file detected
Maintained	🟢 10	30 commit(s) and 19 issue activity found in the last 90 days -- score normalized to 10
Packaging	⚠️ -1	packaging workflow not detected
Pinned-Dependencies	🟢 10	all dependencies are pinned
SAST	⚠️ 0	no SAST tool detected
Security-Policy	🟢 10	security policy file detected
Signed-Releases	⚠️ -1	no releases found
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Vulnerabilities	⚠️ 0	68 existing vulnerabilities detected

npm/@angular/core

^19.0.5

🟢 6.4

Details

Check	Score	Reason
Binary-Artifacts	🟢 10	no binaries found in the repo
Branch-Protection	🟢 6	branch protection is not maximal on development and all release branches
CI-Tests	⚠️ -1	no pull request found
CII-Best-Practices	⚠️ 2	badge detected: InProgress
Code-Review	⚠️ 0	Found 0/30 approved changesets -- score normalized to 0
Contributors	🟢 10	project has 36 contributing companies or organizations
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Dependency-Update-Tool	🟢 10	update tool detected
Fuzzing	🟢 10	project is fuzzed
License	🟢 10	license file detected
Maintained	🟢 10	30 commit(s) and 19 issue activity found in the last 90 days -- score normalized to 10
Packaging	⚠️ -1	packaging workflow not detected
Pinned-Dependencies	🟢 10	all dependencies are pinned
SAST	⚠️ 0	no SAST tool detected
Security-Policy	🟢 10	security policy file detected
Signed-Releases	⚠️ -1	no releases found
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Vulnerabilities	⚠️ 0	68 existing vulnerabilities detected

npm/@angular/forms

^19.0.5

🟢 6.4

Details

Check	Score	Reason
Binary-Artifacts	🟢 10	no binaries found in the repo
Branch-Protection	🟢 6	branch protection is not maximal on development and all release branches
CI-Tests	⚠️ -1	no pull request found
CII-Best-Practices	⚠️ 2	badge detected: InProgress
Code-Review	⚠️ 0	Found 0/30 approved changesets -- score normalized to 0
Contributors	🟢 10	project has 36 contributing companies or organizations
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Dependency-Update-Tool	🟢 10	update tool detected
Fuzzing	🟢 10	project is fuzzed
License	🟢 10	license file detected
Maintained	🟢 10	30 commit(s) and 19 issue activity found in the last 90 days -- score normalized to 10
Packaging	⚠️ -1	packaging workflow not detected
Pinned-Dependencies	🟢 10	all dependencies are pinned
SAST	⚠️ 0	no SAST tool detected
Security-Policy	🟢 10	security policy file detected
Signed-Releases	⚠️ -1	no releases found
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Vulnerabilities	⚠️ 0	68 existing vulnerabilities detected

npm/@angular/material

^19.0.4

🟢 7.4

Details

Check	Score	Reason
Binary-Artifacts	🟢 10	no binaries found in the repo
Branch-Protection	🟢 6	branch protection is not maximal on development and all release branches
CI-Tests	🟢 10	26 out of 26 merged PRs checked by a CI test -- score normalized to 10
CII-Best-Practices	⚠️ 2	badge detected: in_progress
Code-Review	🟢 10	all changesets reviewed
Contributors	🟢 10	24 different organizations found -- score normalized to 10
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Dependency-Update-Tool	🟢 10	update tool detected
Fuzzing	⚠️ 0	project is not fuzzed
License	🟢 10	license file detected
Maintained	🟢 10	30 commit(s) out of 30 and 11 issue activity out of 30 found in the last 90 days -- score normalized to 10
Packaging	⚠️ -1	no published package detected
Pinned-Dependencies	🟢 10	all dependencies are pinned
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Security-Policy	🟢 10	security policy file detected
Signed-Releases	⚠️ -1	no releases found
Token-Permissions	🟢 8	detected GitHub workflow tokens with excessive permissions
Vulnerabilities	⚠️ 0	53 existing vulnerabilities detected

npm/@angular/platform-browser

^19.0.5

🟢 6.4

Details

Check	Score	Reason
Binary-Artifacts	🟢 10	no binaries found in the repo
Branch-Protection	🟢 6	branch protection is not maximal on development and all release branches
CI-Tests	⚠️ -1	no pull request found
CII-Best-Practices	⚠️ 2	badge detected: InProgress
Code-Review	⚠️ 0	Found 0/30 approved changesets -- score normalized to 0
Contributors	🟢 10	project has 36 contributing companies or organizations
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Dependency-Update-Tool	🟢 10	update tool detected
Fuzzing	🟢 10	project is fuzzed
License	🟢 10	license file detected
Maintained	🟢 10	30 commit(s) and 19 issue activity found in the last 90 days -- score normalized to 10
Packaging	⚠️ -1	packaging workflow not detected
Pinned-Dependencies	🟢 10	all dependencies are pinned
SAST	⚠️ 0	no SAST tool detected
Security-Policy	🟢 10	security policy file detected
Signed-Releases	⚠️ -1	no releases found
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Vulnerabilities	⚠️ 0	68 existing vulnerabilities detected

npm/@angular/platform-browser-dynamic

^19.0.5

🟢 6.4

Details

Check	Score	Reason
Binary-Artifacts	🟢 10	no binaries found in the repo
Branch-Protection	🟢 6	branch protection is not maximal on development and all release branches
CI-Tests	⚠️ -1	no pull request found
CII-Best-Practices	⚠️ 2	badge detected: InProgress
Code-Review	⚠️ 0	Found 0/30 approved changesets -- score normalized to 0
Contributors	🟢 10	project has 36 contributing companies or organizations
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Dependency-Update-Tool	🟢 10	update tool detected
Fuzzing	🟢 10	project is fuzzed
License	🟢 10	license file detected
Maintained	🟢 10	30 commit(s) and 19 issue activity found in the last 90 days -- score normalized to 10
Packaging	⚠️ -1	packaging workflow not detected
Pinned-Dependencies	🟢 10	all dependencies are pinned
SAST	⚠️ 0	no SAST tool detected
Security-Policy	🟢 10	security policy file detected
Signed-Releases	⚠️ -1	no releases found
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Vulnerabilities	⚠️ 0	68 existing vulnerabilities detected

npm/@angular/router

^19.0.5

🟢 6.4

Details

Check	Score	Reason
Binary-Artifacts	🟢 10	no binaries found in the repo
Branch-Protection	🟢 6	branch protection is not maximal on development and all release branches
CI-Tests	⚠️ -1	no pull request found
CII-Best-Practices	⚠️ 2	badge detected: InProgress
Code-Review	⚠️ 0	Found 0/30 approved changesets -- score normalized to 0
Contributors	🟢 10	project has 36 contributing companies or organizations
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Dependency-Update-Tool	🟢 10	update tool detected
Fuzzing	🟢 10	project is fuzzed
License	🟢 10	license file detected
Maintained	🟢 10	30 commit(s) and 19 issue activity found in the last 90 days -- score normalized to 10
Packaging	⚠️ -1	packaging workflow not detected
Pinned-Dependencies	🟢 10	all dependencies are pinned
SAST	⚠️ 0	no SAST tool detected
Security-Policy	🟢 10	security policy file detected
Signed-Releases	⚠️ -1	no releases found
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Vulnerabilities	⚠️ 0	68 existing vulnerabilities detected

npm/@octokit/types

^13.6.2

🟢 6.9

Details

Check	Score	Reason
Maintained	🟢 5	5 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 5
Security-Policy	🟢 9	security policy file detected
Code-Review	🟢 10	all changesets reviewed
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Binary-Artifacts	🟢 10	no binaries found in the repo
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Pinned-Dependencies	🟢 3	dependency not pinned by hash detected -- score normalized to 3
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Fuzzing	⚠️ 0	project is not fuzzed
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Packaging	🟢 10	packaging workflow detected
SAST	🟢 10	SAST tool is run on all commits
Vulnerabilities	🟢 8	2 existing vulnerabilities detected

npm/cronstrue

^2.52.0

🟢 3.6

Details

Check	Score	Reason
Packaging	⚠️ -1	packaging workflow not detected
Code-Review	⚠️ 2	Found 8/28 approved changesets -- score normalized to 2
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Maintained	🟢 5	4 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 5
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Binary-Artifacts	🟢 10	no binaries found in the repo
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Security-Policy	⚠️ 0	security policy file not detected
License	🟢 10	license file detected
Fuzzing	⚠️ 0	project is not fuzzed
Signed-Releases	⚠️ 0	Project has not signed or included provenance with any releases.
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities	🟢 5	5 existing vulnerabilities detected

npm/highcharts

^12.1.2

🟢 3.5

Details

Check	Score	Reason
Code-Review	⚠️ 0	Found 1/28 approved changesets -- score normalized to 0
Packaging	⚠️ -1	packaging workflow not detected
Dangerous-Workflow	⚠️ -1	no workflows found
Maintained	🟢 7	9 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 7
Token-Permissions	⚠️ -1	No tokens found
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Security-Policy	⚠️ 0	security policy file not detected
License	⚠️ 0	license file not detected
Vulnerabilities	🟢 10	0 existing vulnerabilities detected
Binary-Artifacts	🟢 10	no binaries found in the repo
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ 0	branch protection not enabled on development/release branches
Pinned-Dependencies	⚠️ -1	no dependencies found
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Fuzzing	⚠️ 0	project is not fuzzed

npm/ng2-charts

^8.0.0

🟢 3.6

Details

Check	Score	Reason
Maintained	🟢 3	4 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 3
Code-Review	⚠️ 0	Found 1/16 approved changesets -- score normalized to 0
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Packaging	⚠️ -1	packaging workflow not detected
Binary-Artifacts	🟢 10	no binaries found in the repo
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Pinned-Dependencies	⚠️ 2	dependency not pinned by hash detected -- score normalized to 2
Fuzzing	⚠️ 0	project is not fuzzed
License	🟢 10	license file detected
Signed-Releases	⚠️ 0	Project has not signed or included provenance with any releases.
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Security-Policy	⚠️ 0	security policy file not detected
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities	🟢 7	3 existing vulnerabilities detected

Scanned Files

frontend/package-lock.json
frontend/package.json

dependabot · 2025-01-13T20:21:46Z

Superseded by #107.

dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Jan 6, 2025

dependabot bot closed this Jan 13, 2025

dependabot bot deleted the dependabot/npm_and_yarn/frontend/production-dependencies-3ea5e04010 branch January 13, 2025 20:21

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump the production-dependencies group across 1 directory with 14 updates #103

Bump the production-dependencies group across 1 directory with 14 updates #103

dependabot bot commented on behalf of github Jan 6, 2025 •

edited

Loading

github-actions bot commented Jan 6, 2025

dependabot bot commented on behalf of github Jan 13, 2025

Commit	Description
	avoid triggering `on timer` and `on idle` on the server (#59177)
	Fix nested timer serialization (#59173)

Commit	Description
	consider pre-release versions when detecting feature support (#59061)
	error in unused standalone imports diagnostic (#59064)

Commit	Description
	class content being deleted in some edge cases (#58959)
	correctly strip away parameters surrounded by comments in inject migration (#58959)

Commit	Type	Description
3793218e77	fix	avoid triggering `on timer` and `on idle` on the server (#59177)
cfc96ed82c	fix	Fix nested timer serialization (#59173)

Commit	Type	Description
c5c20e9d86	fix	check event side of two-way bindings (#59002)
0dee2681f7	fix	consider pre-release versions when detecting feature support (#59061)
1b9492edf8	fix	error in unused standalone imports diagnostic (#59064)

Commit	Type	Description
d010e11b73	feat	add event listener options to renderer (#59092)
30e676098d	fix	Fix a bug where snapshotted functions are being run twice if they return a nullish/falsey value. (#59073)

Commit	Type	Description
7e612171709	fix	consider pre-release versions when detecting feature support (#59061)
cd764a31152	fix	error in unused standalone imports diagnostic (#59064)

Commit	Description
	list: enable MacOS select all with command+a (#30183)
	menu: remove dependency on animations module (#30163)
	sort: avoid center align for sort header (#30198)
	table: improve filter predicate efficiency (#30172)
	table: set border none for header cells on last row (#30193)
	theming: fix not found error in the guide duplicate theming styles document (#30108)
	tooltip: body line height affecting gap (#30164)

Commit	Description
	drag-drop: resolve projected handles
	drag-drop: stop dragging on touchcancel (#30184)
	testing: add code to keyboard events (#30188)

Commit	Description
	expansion: switch away from animations module (#30119)
	menu: decouple menu lifecycle from animations (#30148)
	paginator: ignore clicks on disabled buttons (#30138)
	select: add opt-in input that allows selection of nullable options (#30142)
	timepicker: deserialize ControlValueAccessor values correctly (#30149)
	timepicker: disable toggle if timepicker is disabled (#30137)

Commit	Description
	button-toggle: unable to tab into ngModel-based group on first render (#30103)
	core: optgroup label color not inferred correctly (#30085)
	schematics: avoid parsing stylesheets that don't include Material
	schematics: error if stylesheet contains syntax errors
	sort: simplify animations (#30057)
	tabs: ink bar not showing when same tab is re-selected (#30121)

Commit	Type	Description
622057a146	fix	drag-drop: resolve projected handles
1456074baa	fix	drag-drop: stop dragging on touchcancel (#30184)
c92def439b	fix	testing: add code to keyboard events (#30188)

Commit	Type	Description
050b59b883	fix	list: enable MacOS select all with command+a (#30183)
c3f22f3c9a	fix	menu: remove dependency on animations module (#30163)
a9c569e13d	fix	sort: avoid center align for sort header (#30198)
f0ec675aaa	fix	table: improve filter predicate efficiency (#30172)
b724b0698c	fix	table: set border none for header cells on last row (#30193)
125d867161	fix	theming: fix not found error in the guide duplicate theming styles document (#30108)
8d3279fcd4	fix	tooltip: body line height affecting gap (#30164)

Commit	Type	Description
7b64c451e6	fix	expansion: switch away from animations module (#30119)
d18c3395d8	fix	menu: decouple menu lifecycle from animations (#30148)
3ea8cf5c31	fix	paginator: ignore clicks on disabled buttons (#30138)
fbaf286f9c	fix	select: add opt-in input that allows selection of nullable options (#30142)
600a8b04f9	fix	timepicker: deserialize ControlValueAccessor values correctly (#30149)
4b69162998	fix	timepicker: disable toggle if timepicker is disabled (#30137)

Commit	Type	Description
460f971b27	fix	accordion: improve accessibility in example code (#30087)
6306a12c12	fix	menu: disable flexible dimensions (#30086)

Commit	Type	Description
0ed9869529	fix	button-toggle: unable to tab into ngModel-based group on first render (#30103)
72ff6fcce3	fix	core: optgroup label color not inferred correctly (#30085)
c395585446	fix	schematics: avoid parsing stylesheets that don't include Material
5b3350a60e	fix	schematics: error if stylesheet contains syntax errors
1235ad28bc	fix	sort: simplify animations (#30057)
5b165067e8	fix	tabs: ink bar not showing when same tab is re-selected (#30121)

Bump the production-dependencies group across 1 directory with 14 updates #103

Bump the production-dependencies group across 1 directory with 14 updates #103

Conversation

dependabot bot commented on behalf of github Jan 6, 2025 • edited Loading

v19.0.5

19.0.5 (2024-12-18)

core

platform-server

v19.0.4

19.0.4 (2024-12-12)

compiler-cli

core

platform-browser

v19.0.3

19.0.3 (2024-12-04)

v19.0.2

19.0.2 (2024-12-04)

compiler-cli

core

migrations

19.0.5 (2024-12-18)

core

platform-server

19.1.0-next.3 (2024-12-12)

compiler-cli

core

platform-browser

19.0.4 (2024-12-12)

compiler-cli

core

platform-browser

v19.0.4

19.0.4 "linen-lampshade" (2024-12-18)

material

cdk

v19.0.3

19.0.3 "polonium-popsicle" (2024-12-11)

material

v19.0.2

19.0.2 "plastic-rhino" (2024-12-04)

youtube-player

material

cdk

19.0.4 "linen-lampshade" (2024-12-18)

cdk

material

19.0.3 "polonium-popsicle" (2024-12-11)

material

19.0.2 "plastic-rhino" (2024-12-04)

cdk

material

v19.0.5

19.0.5 (2024-12-18)

core

platform-server

v19.0.4

19.0.4 (2024-12-12)

compiler-cli

core

platform-browser

v19.0.3

19.0.3 (2024-12-04)

v19.0.2

19.0.2 (2024-12-04)

compiler-cli

core

migrations

19.0.5 (2024-12-18)

core

platform-server

19.1.0-next.3 (2024-12-12)

compiler-cli

core

platform-browser

19.0.4 (2024-12-12)

compiler-cli

core

platform-browser

v19.0.5

19.0.5 (2024-12-18)

dependabot bot commented on behalf of github Jan 6, 2025 •

edited

Loading