| Package | Version | Score | Details |
|---|
| npm/@octokit/rest | 22.0.1 | 🟢 6.4 | Details| Check | Score | Reason |
|---|
| Security-Policy | 🟢 9 | security policy file detected | | Maintained | 🟢 6 | 5 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 6 | | Code-Review | 🟢 10 | all changesets reviewed | | Dangerous-Workflow | 🟢 10 | no dangerous workflow patterns detected | | Binary-Artifacts | 🟢 10 | no binaries found in the repo | | CII-Best-Practices | ⚠️ 0 | no effort to earn an OpenSSF best practices badge detected | | Token-Permissions | ⚠️ 0 | detected GitHub workflow tokens with excessive permissions | | Pinned-Dependencies | 🟢 6 | dependency not pinned by hash detected -- score normalized to 6 | | Fuzzing | ⚠️ 0 | project is not fuzzed | | License | 🟢 10 | license file detected | | Branch-Protection | ⚠️ -1 | internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md | | Signed-Releases | ⚠️ -1 | no releases found | | Packaging | 🟢 10 | packaging workflow detected | | SAST | 🟢 10 | SAST tool is run on all commits | | Vulnerabilities | ⚠️ 0 | 19 existing vulnerabilities detected |
|
| npm/@octokit/rest | 22.0.1 | 🟢 6.4 | Details| Check | Score | Reason |
|---|
| Security-Policy | 🟢 9 | security policy file detected | | Maintained | 🟢 6 | 5 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 6 | | Code-Review | 🟢 10 | all changesets reviewed | | Dangerous-Workflow | 🟢 10 | no dangerous workflow patterns detected | | Binary-Artifacts | 🟢 10 | no binaries found in the repo | | CII-Best-Practices | ⚠️ 0 | no effort to earn an OpenSSF best practices badge detected | | Token-Permissions | ⚠️ 0 | detected GitHub workflow tokens with excessive permissions | | Pinned-Dependencies | 🟢 6 | dependency not pinned by hash detected -- score normalized to 6 | | Fuzzing | ⚠️ 0 | project is not fuzzed | | License | 🟢 10 | license file detected | | Branch-Protection | ⚠️ -1 | internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md | | Signed-Releases | ⚠️ -1 | no releases found | | Packaging | 🟢 10 | packaging workflow detected | | SAST | 🟢 10 | SAST tool is run on all commits | | Vulnerabilities | ⚠️ 0 | 19 existing vulnerabilities detected |
|
| npm/@octokit/rest | 22.0.1 | 🟢 6.4 | Details| Check | Score | Reason |
|---|
| Security-Policy | 🟢 9 | security policy file detected | | Maintained | 🟢 6 | 5 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 6 | | Code-Review | 🟢 10 | all changesets reviewed | | Dangerous-Workflow | 🟢 10 | no dangerous workflow patterns detected | | Binary-Artifacts | 🟢 10 | no binaries found in the repo | | CII-Best-Practices | ⚠️ 0 | no effort to earn an OpenSSF best practices badge detected | | Token-Permissions | ⚠️ 0 | detected GitHub workflow tokens with excessive permissions | | Pinned-Dependencies | 🟢 6 | dependency not pinned by hash detected -- score normalized to 6 | | Fuzzing | ⚠️ 0 | project is not fuzzed | | License | 🟢 10 | license file detected | | Branch-Protection | ⚠️ -1 | internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md | | Signed-Releases | ⚠️ -1 | no releases found | | Packaging | 🟢 10 | packaging workflow detected | | SAST | 🟢 10 | SAST tool is run on all commits | | Vulnerabilities | ⚠️ 0 | 19 existing vulnerabilities detected |
|
| npm/@octokit/plugin-paginate-rest | 14.0.0 | 🟢 6.9 | Details| Check | Score | Reason |
|---|
| Code-Review | 🟢 9 | Found 10/11 approved changesets -- score normalized to 9 | | Dangerous-Workflow | 🟢 10 | no dangerous workflow patterns detected | | Binary-Artifacts | 🟢 10 | no binaries found in the repo | | Security-Policy | 🟢 9 | security policy file detected | | Maintained | 🟢 8 | 7 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 8 | | Token-Permissions | ⚠️ 0 | detected GitHub workflow tokens with excessive permissions | | CII-Best-Practices | ⚠️ 0 | no effort to earn an OpenSSF best practices badge detected | | Pinned-Dependencies | 🟢 4 | dependency not pinned by hash detected -- score normalized to 4 | | License | 🟢 10 | license file detected | | Fuzzing | ⚠️ 0 | project is not fuzzed | | Branch-Protection | ⚠️ -1 | internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md | | Signed-Releases | ⚠️ -1 | no releases found | | Vulnerabilities | 🟢 6 | 4 existing vulnerabilities detected | | Packaging | 🟢 10 | packaging workflow detected | | SAST | 🟢 10 | SAST tool is run on all commits |
|
| npm/@octokit/plugin-rest-endpoint-methods | 17.0.0 | 🟢 7.4 | Details| Check | Score | Reason |
|---|
| Code-Review | 🟢 10 | all changesets reviewed | | Security-Policy | 🟢 9 | security policy file detected | | Dangerous-Workflow | 🟢 10 | no dangerous workflow patterns detected | | Maintained | 🟢 10 | 14 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 10 | | Token-Permissions | ⚠️ 0 | detected GitHub workflow tokens with excessive permissions | | CII-Best-Practices | ⚠️ 0 | no effort to earn an OpenSSF best practices badge detected | | Binary-Artifacts | 🟢 10 | no binaries found in the repo | | Pinned-Dependencies | 🟢 4 | dependency not pinned by hash detected -- score normalized to 4 | | License | 🟢 10 | license file detected | | Fuzzing | ⚠️ 0 | project is not fuzzed | | Branch-Protection | ⚠️ -1 | internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md | | Signed-Releases | ⚠️ -1 | no releases found | | Vulnerabilities | 🟢 8 | 2 existing vulnerabilities detected | | Packaging | 🟢 10 | packaging workflow detected | | SAST | 🟢 10 | SAST tool is run on all commits |
|
| npm/@octokit/rest | 22.0.1 | 🟢 6.4 | Details| Check | Score | Reason |
|---|
| Security-Policy | 🟢 9 | security policy file detected | | Maintained | 🟢 6 | 5 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 6 | | Code-Review | 🟢 10 | all changesets reviewed | | Dangerous-Workflow | 🟢 10 | no dangerous workflow patterns detected | | Binary-Artifacts | 🟢 10 | no binaries found in the repo | | CII-Best-Practices | ⚠️ 0 | no effort to earn an OpenSSF best practices badge detected | | Token-Permissions | ⚠️ 0 | detected GitHub workflow tokens with excessive permissions | | Pinned-Dependencies | 🟢 6 | dependency not pinned by hash detected -- score normalized to 6 | | Fuzzing | ⚠️ 0 | project is not fuzzed | | License | 🟢 10 | license file detected | | Branch-Protection | ⚠️ -1 | internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md | | Signed-Releases | ⚠️ -1 | no releases found | | Packaging | 🟢 10 | packaging workflow detected | | SAST | 🟢 10 | SAST tool is run on all commits | | Vulnerabilities | ⚠️ 0 | 19 existing vulnerabilities detected |
|
Bumps the octokit group in /lambdas with 1 update:@octokit/rest.
Updates
@octokit/restfrom 22.0.0 to 22.0.1Release notes
Sourced from
@octokit/rest's releases.Commits
daa3ec9ci(action): update actions/setup-node action to v6 (#534)1dec0c7ci(action): update peter-evans/create-or-update-comment action to v5 (#531)ded2f17fix(deps): update octokit monorepo (major) (#538)0e0eaeachore(deps): update dependency@types/nodeto v24 (#537)c04acc8chore(deps): update vitest monorepo to v4 (major) (#536)e6dd306chore(deps): update dependency undici to v7 (#474)5f380d0build(deps-dev): Bump form-data from 4.0.2 to 4.0.4 in /docs (#520)dc6827dbuild(deps-dev): Bump tar-fs from 2.1.2 to 2.1.3 in /docs (#516)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot mergewill merge this PR after your CI passes on it@dependabot squash and mergewill squash and merge this PR after your CI passes on it@dependabot cancel mergewill cancel a previously requested merge and block automerging@dependabot reopenwill reopen this PR if it is closed@dependabot closewill close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore <dependency name> major versionwill close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)@dependabot ignore <dependency name> minor versionwill close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)@dependabot ignore <dependency name>will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)@dependabot unignore <dependency name>will remove all of the ignore conditions of the specified dependency@dependabot unignore <dependency name> <ignore condition>will remove the ignore condition of the specified dependency and ignore conditions