chore(deps-dev): bump vitest and @vitest/coverage-istanbul

[dependabot]

Bumps vitest and @vitest/coverage-istanbul. These dependencies needed to be updated together.
Updates vitest from 2.1.5 to 3.0.5

Release notes

Sourced from vitest's releases.

v3.0.5

🚀 Features

• ui: Insert message "no tests found" in ui - by @​DevJoaoLopes in vitest-dev/vitest#7366 (92da4)

🐞 Bug Fixes

• Validate websocket request - by @​hi-ogawa and @​AriPerkkio in vitest-dev/vitest#7317 (191ef)
• Don't toggle cli cursor on non-TTY - by @​AriPerkkio in vitest-dev/vitest#7336 (3c805)
• vite-node: Differentiate file url with hash and query - by @​hi-ogawa in vitest-dev/vitest#7365 (926ca)

View changes on GitHub

v3.0.4

   🐞 Bug Fixes

• Filter projects eagerly during config resolution  -  by @​sheremet-va and @​AriPerkkio in vitest-dev/vitest#7313 (dff44)
• Apply development|production condition on Vites 6 by @​hi-ogawa and @​sheremet-va (#7301) (ef146)
• browser: Restrict served files from /__screenshot-error  -  by @​hi-ogawa in vitest-dev/vitest#7340 (ed9ae)
• deps: Update all non-major dependencies  -  by @​sheremet-va in vitest-dev/vitest#7297 (38ea8)
• runner: Timeout long sync hook  -  by @​hi-ogawa in vitest-dev/vitest#7289 (c60ee)
• typechecking: Support typechecking parsing with Vite 6  -  by @​sheremet-va in vitest-dev/vitest#7335 (bff70)
• types: Fix public types  -  by @​mrginglymus and @​sheremet-va in vitest-dev/vitest#7328 (ce6af)

    View changes on GitHub

v3.0.3

   🐞 Bug Fixes

• browser:
  • Don't throw a validation error if v8 coverage is used with filtered instances  -  by @​sheremet-va in vitest-dev/vitest#7306 (fa463)
  • Don't fail when running --browser.headless if the browser projest is part of the workspace  -  by @​sheremet-va in vitest-dev/vitest#7311 (e43a8)

   🏎 Performance

• reporters: Update summary only when needed  -  by @​AriPerkkio in vitest-dev/vitest#7291 (7f36b)

    View changes on GitHub

v3.0.2

   🐞 Bug Fixes

• Don't await an empty timeout after every test  -  by @​sheremet-va in vitest-dev/vitest#7281 (ef1aa)
• expect: Fix expect().resolves/rejects chain typings  -  by @​hi-ogawa in vitest-dev/vitest#7273 (fa415)

    View changes on GitHub

v3.0.1

   🐞 Bug Fixes

... (truncated)

Commits

• 1154662 chore: release v3.0.5
• 3c8050e fix: don't toggle cli cursor on non-TTY (#7336)
• 191ef9e fix: validate websocket request (#7317)
• 9e40437 chore: release v3.0.4
• ef1464f fix: apply development|production condition on Vite 6 (#7301)
• 38ea8ea fix(deps): update all non-major dependencies (#7297)
• dff4406 fix: filter projects eagerly during config resolution (#7313)
• ce6af70 fix(types): fix public types (#7328)
• bff70be fix(typechecking): support typechecking parsing with Vite 6 (#7335)
• a8d123c chore(deps): update eslint packages (#7086)
• Additional commits viewable in compare view

Updates @vitest/coverage-istanbul from 2.1.5 to 3.0.5

Release notes

Sourced from @​vitest/coverage-istanbul's releases.

v3.0.5

🚀 Features

• ui: Insert message "no tests found" in ui - by @​DevJoaoLopes in vitest-dev/vitest#7366 (92da4)

🐞 Bug Fixes

• Validate websocket request - by @​hi-ogawa and @​AriPerkkio in vitest-dev/vitest#7317 (191ef)
• Don't toggle cli cursor on non-TTY - by @​AriPerkkio in vitest-dev/vitest#7336 (3c805)
• vite-node: Differentiate file url with hash and query - by @​hi-ogawa in vitest-dev/vitest#7365 (926ca)

View changes on GitHub

v3.0.4

   🐞 Bug Fixes

• Filter projects eagerly during config resolution  -  by @​sheremet-va and @​AriPerkkio in vitest-dev/vitest#7313 (dff44)
• Apply development|production condition on Vites 6 by @​hi-ogawa and @​sheremet-va (#7301) (ef146)
• browser: Restrict served files from /__screenshot-error  -  by @​hi-ogawa in vitest-dev/vitest#7340 (ed9ae)
• deps: Update all non-major dependencies  -  by @​sheremet-va in vitest-dev/vitest#7297 (38ea8)
• runner: Timeout long sync hook  -  by @​hi-ogawa in vitest-dev/vitest#7289 (c60ee)
• typechecking: Support typechecking parsing with Vite 6  -  by @​sheremet-va in vitest-dev/vitest#7335 (bff70)
• types: Fix public types  -  by @​mrginglymus and @​sheremet-va in vitest-dev/vitest#7328 (ce6af)

    View changes on GitHub

v3.0.3

   🐞 Bug Fixes

• browser:
  • Don't throw a validation error if v8 coverage is used with filtered instances  -  by @​sheremet-va in vitest-dev/vitest#7306 (fa463)
  • Don't fail when running --browser.headless if the browser projest is part of the workspace  -  by @​sheremet-va in vitest-dev/vitest#7311 (e43a8)

   🏎 Performance

• reporters: Update summary only when needed  -  by @​AriPerkkio in vitest-dev/vitest#7291 (7f36b)

    View changes on GitHub

v3.0.2

   🐞 Bug Fixes

• Don't await an empty timeout after every test  -  by @​sheremet-va in vitest-dev/vitest#7281 (ef1aa)
• expect: Fix expect().resolves/rejects chain typings  -  by @​hi-ogawa in vitest-dev/vitest#7273 (fa415)

    View changes on GitHub

v3.0.1

   🐞 Bug Fixes

... (truncated)

Commits

• 1154662 chore: release v3.0.5
• 9e40437 chore: release v3.0.4
• 38ea8ea fix(deps): update all non-major dependencies (#7297)
• 33ab8a2 chore: release v3.0.3
• f17918a chore: release v3.0.2
• 56c5018 chore: release v3.0.1
• 537fa5e fix(deps): update all non-major dependencies (#7147)
• 01600e0 chore: release v3.0.0
• 8cab960 fix: colors on forks pool (#7090)
• 57b671d chore: release v3.0.0-beta.4
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[github-actions]

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

Scorecard details

Package	Version	Score	Details
npm/@vitest/coverage-istanbul	^3.0.5	Unknown	Unknown
npm/vitest	^3.0.5	Unknown	Unknown
npm/@babel/compat-data	7.26.5	🟢 6.2	Details Check Score Reason Code-Review 🟢 7 Found 21/29 approved changesets -- score normalized to 7 Maintained 🟢 10 30 commit(s) and 12 issue activity found in the last 90 days -- score normalized to 10 License 🟢 10 license file detected Security-Policy 🟢 10 security policy file detected Packaging ⚠️ -1 packaging workflow not detected CII-Best-Practices ⚠️ 2 badge detected: InProgress Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Signed-Releases ⚠️ -1 no releases found Token-Permissions 🟢 9 detected GitHub workflow tokens with excessive permissions SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed Vulnerabilities ⚠️ 0 23 existing vulnerabilities detected
npm/@babel/core	7.26.7	🟢 6.2	Details Check Score Reason Code-Review 🟢 7 Found 21/29 approved changesets -- score normalized to 7 Maintained 🟢 10 30 commit(s) and 12 issue activity found in the last 90 days -- score normalized to 10 License 🟢 10 license file detected Security-Policy 🟢 10 security policy file detected Packaging ⚠️ -1 packaging workflow not detected CII-Best-Practices ⚠️ 2 badge detected: InProgress Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Signed-Releases ⚠️ -1 no releases found Token-Permissions 🟢 9 detected GitHub workflow tokens with excessive permissions SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed Vulnerabilities ⚠️ 0 23 existing vulnerabilities detected
npm/@babel/generator	7.26.5	🟢 6.2	Details Check Score Reason Code-Review 🟢 7 Found 21/29 approved changesets -- score normalized to 7 Maintained 🟢 10 30 commit(s) and 12 issue activity found in the last 90 days -- score normalized to 10 License 🟢 10 license file detected Security-Policy 🟢 10 security policy file detected Packaging ⚠️ -1 packaging workflow not detected CII-Best-Practices ⚠️ 2 badge detected: InProgress Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Signed-Releases ⚠️ -1 no releases found Token-Permissions 🟢 9 detected GitHub workflow tokens with excessive permissions SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed Vulnerabilities ⚠️ 0 23 existing vulnerabilities detected
npm/@babel/helper-compilation-targets	7.26.5	🟢 6.2	Details Check Score Reason Code-Review 🟢 7 Found 21/29 approved changesets -- score normalized to 7 Maintained 🟢 10 30 commit(s) and 12 issue activity found in the last 90 days -- score normalized to 10 License 🟢 10 license file detected Security-Policy 🟢 10 security policy file detected Packaging ⚠️ -1 packaging workflow not detected CII-Best-Practices ⚠️ 2 badge detected: InProgress Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Signed-Releases ⚠️ -1 no releases found Token-Permissions 🟢 9 detected GitHub workflow tokens with excessive permissions SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed Vulnerabilities ⚠️ 0 23 existing vulnerabilities detected
npm/@babel/helpers	7.26.7	🟢 6.2	Details Check Score Reason Code-Review 🟢 7 Found 21/29 approved changesets -- score normalized to 7 Maintained 🟢 10 30 commit(s) and 12 issue activity found in the last 90 days -- score normalized to 10 License 🟢 10 license file detected Security-Policy 🟢 10 security policy file detected Packaging ⚠️ -1 packaging workflow not detected CII-Best-Practices ⚠️ 2 badge detected: InProgress Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Signed-Releases ⚠️ -1 no releases found Token-Permissions 🟢 9 detected GitHub workflow tokens with excessive permissions SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed Vulnerabilities ⚠️ 0 23 existing vulnerabilities detected
npm/@babel/parser	7.26.7	🟢 6.2	Details Check Score Reason Code-Review 🟢 7 Found 21/29 approved changesets -- score normalized to 7 Maintained 🟢 10 30 commit(s) and 12 issue activity found in the last 90 days -- score normalized to 10 License 🟢 10 license file detected Security-Policy 🟢 10 security policy file detected Packaging ⚠️ -1 packaging workflow not detected CII-Best-Practices ⚠️ 2 badge detected: InProgress Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Signed-Releases ⚠️ -1 no releases found Token-Permissions 🟢 9 detected GitHub workflow tokens with excessive permissions SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed Vulnerabilities ⚠️ 0 23 existing vulnerabilities detected
npm/@babel/traverse	7.26.7	🟢 6.2	Details Check Score Reason Code-Review 🟢 7 Found 21/29 approved changesets -- score normalized to 7 Maintained 🟢 10 30 commit(s) and 12 issue activity found in the last 90 days -- score normalized to 10 License 🟢 10 license file detected Security-Policy 🟢 10 security policy file detected Packaging ⚠️ -1 packaging workflow not detected CII-Best-Practices ⚠️ 2 badge detected: InProgress Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Signed-Releases ⚠️ -1 no releases found Token-Permissions 🟢 9 detected GitHub workflow tokens with excessive permissions SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed Vulnerabilities ⚠️ 0 23 existing vulnerabilities detected
npm/@babel/types	7.26.7	🟢 6.2	Details Check Score Reason Code-Review 🟢 7 Found 21/29 approved changesets -- score normalized to 7 Maintained 🟢 10 30 commit(s) and 12 issue activity found in the last 90 days -- score normalized to 10 License 🟢 10 license file detected Security-Policy 🟢 10 security policy file detected Packaging ⚠️ -1 packaging workflow not detected CII-Best-Practices ⚠️ 2 badge detected: InProgress Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Signed-Releases ⚠️ -1 no releases found Token-Permissions 🟢 9 detected GitHub workflow tokens with excessive permissions SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed Vulnerabilities ⚠️ 0 23 existing vulnerabilities detected
npm/@vitest/coverage-istanbul	3.0.5	Unknown	Unknown
npm/@vitest/expect	3.0.5	Unknown	Unknown
npm/@vitest/mocker	3.0.5	Unknown	Unknown
npm/@vitest/pretty-format	3.0.5	Unknown	Unknown
npm/@vitest/runner	3.0.5	Unknown	Unknown
npm/@vitest/snapshot	3.0.5	Unknown	Unknown
npm/@vitest/spy	3.0.5	Unknown	Unknown
npm/@vitest/utils	3.0.5	Unknown	Unknown
npm/browserslist	4.24.4	🟢 4.6	Details Check Score Reason Maintained 🟢 10 18 commit(s) and 6 issue activity found in the last 90 days -- score normalized to 10 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Code-Review ⚠️ 2 Found 6/27 approved changesets -- score normalized to 2 Packaging ⚠️ -1 packaging workflow not detected Binary-Artifacts 🟢 10 no binaries found in the repo Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy ⚠️ 0 security policy file not detected License 🟢 10 license file detected Fuzzing ⚠️ 0 project is not fuzzed Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Vulnerabilities 🟢 10 0 existing vulnerabilities detected
npm/caniuse-lite	1.0.30001698	🟢 4.4	Details Check Score Reason Code-Review ⚠️ 0 Found 0/27 approved changesets -- score normalized to 0 Maintained 🟢 10 19 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 10 Packaging ⚠️ -1 packaging workflow not detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy ⚠️ 0 security policy file not detected License 🟢 10 license file detected Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Signed-Releases ⚠️ -1 no releases found Fuzzing ⚠️ 0 project is not fuzzed SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Vulnerabilities 🟢 10 0 existing vulnerabilities detected
npm/electron-to-chromium	1.5.96	Unknown	Unknown
npm/es-module-lexer	1.6.0	🟢 3.7	Details Check Score Reason Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Maintained ⚠️ 1 2 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 1 Binary-Artifacts 🟢 9 binaries present in source code Code-Review 🟢 3 Found 9/30 approved changesets -- score normalized to 3 Packaging ⚠️ -1 packaging workflow not detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Vulnerabilities 🟢 10 0 existing vulnerabilities detected License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Security-Policy ⚠️ 0 security policy file not detected Fuzzing ⚠️ 0 project is not fuzzed SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
npm/jsesc	3.1.0	🟢 3.6	Details Check Score Reason Packaging ⚠️ -1 packaging workflow not detected Maintained 🟢 3 4 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 3 Pinned-Dependencies ⚠️ -1 no dependencies found Dangerous-Workflow ⚠️ -1 no workflows found Token-Permissions ⚠️ -1 No tokens found Binary-Artifacts 🟢 10 no binaries found in the repo Code-Review ⚠️ 1 Found 5/30 approved changesets -- score normalized to 1 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy ⚠️ 0 security policy file not detected License 🟢 10 license file detected Fuzzing ⚠️ 0 project is not fuzzed Vulnerabilities 🟢 10 0 existing vulnerabilities detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
npm/loupe	3.1.3	🟢 5.1	Details Check Score Reason Packaging ⚠️ -1 packaging workflow not detected Maintained 🟢 10 15 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10 Binary-Artifacts 🟢 10 no binaries found in the repo Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Code-Review 🟢 4 Found 11/23 approved changesets -- score normalized to 4 Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Pinned-Dependencies ⚠️ 1 dependency not pinned by hash detected -- score normalized to 1 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy ⚠️ 0 security policy file not detected License 🟢 10 license file detected Fuzzing ⚠️ 0 project is not fuzzed Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Vulnerabilities 🟢 8 2 existing vulnerabilities detected
npm/magic-string	0.30.17	🟢 4.5	Details Check Score Reason Maintained 🟢 10 14 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 10 Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Packaging ⚠️ -1 packaging workflow not detected Code-Review 🟢 3 Found 11/30 approved changesets -- score normalized to 3 Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Binary-Artifacts 🟢 10 no binaries found in the repo License 🟢 10 license file detected Security-Policy ⚠️ 0 security policy file not detected Fuzzing ⚠️ 0 project is not fuzzed Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Vulnerabilities 🟢 8 2 existing vulnerabilities detected
npm/node-releases	2.0.19	🟢 4.3	Details Check Score Reason Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Maintained 🟢 7 9 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 7 Code-Review ⚠️ 0 Found 0/30 approved changesets -- score normalized to 0 SAST ⚠️ 0 no SAST tool detected Packaging ⚠️ -1 packaging workflow not detected Pinned-Dependencies 🟢 3 dependency not pinned by hash detected -- score normalized to 3 Binary-Artifacts 🟢 10 no binaries found in the repo Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy ⚠️ 0 security policy file not detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Vulnerabilities 🟢 10 0 existing vulnerabilities detected
npm/pathe	2.0.2	Unknown	Unknown
npm/tinyrainbow	2.0.0	Unknown	Unknown
npm/update-browserslist-db	1.1.2	🟢 3.3	Details Check Score Reason Code-Review ⚠️ 1 Found 3/21 approved changesets -- score normalized to 1 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Maintained 🟢 5 5 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 5 Packaging ⚠️ -1 packaging workflow not detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy ⚠️ 0 security policy file not detected License 🟢 10 license file detected Fuzzing ⚠️ 0 project is not fuzzed Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Vulnerabilities 🟢 3 7 existing vulnerabilities detected
npm/vite-node	3.0.5	Unknown	Unknown
npm/vitest	3.0.5	Unknown	Unknown

Scanned Files

• package.json
• pnpm-lock.yaml

[github-actions]

📦 Package Metrics 📦

• Size of the Package in the base (main): 10.4kB
• Size of the Package in this branch (dependabot/npm_and_yarn/multi-ea06bce53d): 10.4kB

[dependabot]

Dependabot tried to update this pull request, but something went wrong. We're looking into it, but in the meantime you can retry the update by commenting @dependabot rebase.