fix(deps): update npm to v7 - - package.json (major)

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
mongodb	^5.9.2 -> ^7.0.0
react-router-dom (source)	6.30.1 -> 7.9.5
vite (source)	^4.5.14 -> ^7.2.2

---

Release Notes

mongodb/node-mongodb-native (mongodb)

v7.0.0

Compare Source

⚠ BREAKING CHANGES

• NODE-7259: use alphas of all supporting packages (#​4746)
• NODE-5510: dont filter change stream options (#​4723)
• NODE-6296: remove cursor default batch size of 1000 (#​4729)
• NODE-7150: update peer dependency matrix for 3rd party peer deps (#​4720)
• NODE-7046: remove AWS uri/options support (#​4689)
• NODE-4808: remove support for stream() transform on cursors and change streams (#​4728)
• NODE-6377: remove noResponse option (#​4724)
• NODE-6473: remove MONGODB-CR auth (#​4717)
• NODE-5994: Remove metadata-related properties from public driver API (#​4716)
• NODE-7016: remove beta namespace and move resource management into driver (#​4719)
• NODE-4184: don't throw on aggregate with write concern and explain (#​4718)
• NODE-7043, NODE-7217: adopt mongodb-client-encryption v7 (#​4705)
• NODE-6065: throw MongoRuntimeError instead of MissingDependencyError in crypto connection (#​4711)
• NODE-6584: improve typing for filepaths in AutoEncryptionOptions (#​4341)
• NODE-6334: rename PoolRequstedRetry to PoolRequestedRetry (#​4696)
• NODE-7174: drop support for Node16 and Node18 (#​4668)
• NODE-7047: use custom credential provider first after URI (#​4656)
• NODE-6988: require aws sdk for aws auth (#​4659)

Features

• bump bson to 7.0.0-alpha.2 (#​4756) (9b34953)
• NODE-4184: don't throw on aggregate with write concern and explain (#​4718) (88e02a4)
• NODE-4243: drop collection checks ns not found (#​4742) (a8d7c5f)
• NODE-4808: remove support for stream() transform on cursors and change streams (#​4728) (1702987)
• NODE-5510: dont filter change stream options (#​4723) (a2daf76)
• NODE-5545: remove deprecated objects (#​4704) (cfbada6)
• NODE-5994: Remove metadata-related properties from public driver API (#​4716) (b59c5ce)
• NODE-6065: throw MongoRuntimeError instead of MissingDependencyError in crypto connection (#​4711) (ff229fa)
• NODE-6296: remove cursor default batch size of 1000 (#​4729) (f8a855f)
• NODE-6334: rename PoolRequstedRetry to PoolRequestedRetry (#​4696) (84db848)
• NODE-6377: remove noResponse option (#​4724) (9e9059a)
• NODE-6473: remove MONGODB-CR auth (#​4717) (9a1bc65)
• NODE-6584: improve typing for filepaths in AutoEncryptionOptions (#​4341) (dab4c7c)
• NODE-6988: require aws sdk for aws auth (#​4659) (b7c6750)
• NODE-7016: remove beta namespace and move resource management into driver (#​4719) (fb2824f)
• NODE-7043, NODE-7217: adopt mongodb-client-encryption v7 (#​4705) (3f7196e)
• NODE-7046: remove AWS uri/options support (#​4689) (d14ac3f)
• NODE-7047: use custom credential provider first after URI (#​4656) (2a47bbb)
• NODE-7150: update peer dependency matrix for 3rd party peer deps (#​4720) (0451dae)
• NODE-7174: drop support for Node16 and Node18 (#​4668) (a576b7d)
• NODE-7223: run checkout on connect regardless of credentials (#​4715) (c5f74ab)
• NODE-7259: use alphas of all supporting packages (#​4746) (e1ea14c)
• NODE-7260: update bson alpha to latest (#​4748) (4e88559)

Bug Fixes

• NODE-7067: Wrap socket write in a try/catch to ensure errors can be properly wrapped (#​4759) (66c18b7)
• NODE-7232: only send endSessions during client close if the topology supports sessions (#​4722) (cc85ebf)
• NODE-7247: clarify #rewrapManyDataKey() parameter types (#​4760) (cb522bf)
• NODE-7270: remove extra BSONType file in docs/Next/variables (#​4754) (df3aaaa)

v6.20.0

Compare Source

Features

• NODE-6883: allow rawData option on time series collections (#​4642) (0fa3cd4)
• NODE-7125: add db and client properties to collection and database objects (#​4640) (3469f86)
• NODE-7134: allow hint with unacknowledged writes for delete, update and findAndModify commands (#​4647) (82d6ce6)
• NODE-7139: remove pre-4.2 logic and deprecate dead code (#​4657) (14303bc)
• NODE-7140: deprecate driver info options (#​4654) (b813c85)
• NODE-7157: deprecate retryWrites in CommandOperationOptions (#​4661) (620972d)

Bug Fixes

• NODE-4763: cache resumeToken in ChangeStream.tryNext() (#​4636) (8331a93)
• NODE-6858: treat MongoServerSelectionError as a resumable error for Change Streams (#​4653) (c6d64e7)
• NODE-7138: prevent duplicate metadata from being appended to handshake metadata (#​4651) (05c230c)

v6.19.0

Compare Source

Features

• NODE-4179: allow secureContext in KMS TLS options (#​4578) (0ea6eaa)
• NODE-6472: findOne and find no longer keep open cursors (#​4580) (be7f808)
• NODE-7020: remove ping on connect (#​4607) (3d296b7)
• NODE-7059, NODE-7008: add support for text queries for QE string fields (#​4597) (e4492f3)

v6.18.0

Compare Source

Features

• NODE-5055: Add databaseName property to command monitoring events (#​4586) (3faf0c9)
• NODE-6865: deprecate transaction getters (#​4567) (da46aea)
• NODE-6991: deprecate unintentionally public client metadata types (#​4566) (ca6554b)
• NODE-7009: add client metadata on demand (#​4574) (b9636ee)
• NODE-7053: deprecate noResponse option (#​4589) (1115319)

Bug Fixes

• NODE-4845: allocate sessions lazily in cursors (#​4575) (5761703)
• NODE-6589: background task does not prune idle connections when minPoolSize=0 (#​4569) (7cbb641)
• NODE-6955: add missing wallTime property TS change stream event interfaces (#​4541) (f153c6f)

v6.17.0

Compare Source

Features

• NODE-6245: add keepAliveInitialDelay config (#​4510) (d6c0eb3)
• NODE-6290: add sort support to updateOne and replaceOne (#​4515) (28857b7)
• NODE-6882: eagerly close checked out connections when client is closed (#​4499) (64fdb3e)
• NODE-6884: remove support for 4.0 (#​4534) (6fe6ccc)
• NODE-6952: support configuring DEK cache expiration (#​4538) (c529f07)
• NODE-6963: use BSON 6.10.4 (#​4549) (aee490a)

Bug Fixes

• NODE-6638: throw if all atomic updates are undefined (#​4519) (9625b2d)
• NODE-6864: socket errors are not always converted to MongoNetworkErrors (#​4473) (2d86095)
• NODE-6962: OIDC machine workflows use OIDCCallbacks internally (#​4546) (bd6030f)

v6.16.0

Compare Source

Features

• NODE-6494: add support for hint on distinct commands (#​4487) (40d0e87)
• NODE-6515: deprecate driver support for server 4.0 (#​4517) (4c1a8a7)

Bug Fixes

• NODE-6630: read all messages in buffer when chunk arrives (#​4512) (8c86e30)
• NODE-6878: documents.clear() throws a TypeError after cursor is rewound (#​4488) (a1fffeb)

v6.15.0

Compare Source

Features

• NODE-6141: allow custom aws sdk config (#​4373) (3d047ed)

Bug Fixes

• NODE-6845: ensure internal rejections are handled (#​4448) (06e941a)

v6.14.2

Compare Source

Bug Fixes

• NODE-6803: kms proxy socket creates unhandled rejection (#​4444) (ed69cf9)

v6.14.1

Compare Source

Bug Fixes

• NODE-6801: set token on connection from cache (#​4438) (cb13746)

v6.14.0

Compare Source

Features

• NODE-6676: add support for nsType in change stream create events (#​4431) (7800067)
• NODE-6773: add support for $lookup with automatic encryption (#​4427) (965b21a)

Bug Fixes

• NODE-6765: FindOneAndUpdateOptions supports aggregation expressions (#​4423) (421ddeb)
• NODE-6792: use isUint8Array from driver's utils instead of util/types (#​4436) (dfe1fba)
• NODE-6794: revert @aws-sdk/credential-providers peer compatibility change (#​4437) (488c407)

v6.13.1

Compare Source

Bug Fixes

• NODE-6407: use conversationId returned from server in saslContinue (#​4368) (fbefa6b)
• NODE-6613: Update error messages when primaries go stale (#​4397) (6528c8d)
• NODE-6690: Remove extraneous Document in replaceOne return type (#​4383) (6c81d4e)
• NODE-6763: pass WriteConcernOptions instead on WriteConcernSettings (#​4421) (26f15d7)
• NODE-6777: update BSON to 6.10.3 (#​4428) (db5b9e0)

v6.13.0

Compare Source

Features

• NODE-5672: support standardized logging (#​4387) (d1b2453)
• NODE-6258: add signal support to find and aggregate (#​4364) (73def18)
• NODE-6451: retry SRV and TXT lookup for DNS timeout errors (#​4375) (fd902d3)
• NODE-6633: MongoClient.close closes active cursors (#​4372) (654069f)

Bug Fixes

• NODE-5225: concurrent MongoClient.close() calls each attempt to close the client (#​4376) (9419af7)
• NODE-6340: OIDC reauth uses caches speculative auth result (#​4379) (8b2b7fd)

Performance Improvements

• NODE-6452: Optimize CommandStartedEvent and CommandSucceededEvent constructors (#​4371) (41b066b)
• NODE-6616: shortcircuit logging ejson.stringify (#​4377) (c1bcf0d)

v6.12.0

Compare Source

Features

• NODE-6593: add support for [email protected] (#​4346) (ea8a33f)
• NODE-6605: add error message when invalidating primary (#​4340) (37613f1)

Bug Fixes

• NODE-6583: upgrade to BSON v6.10.1 to remove internal unbounded type cache (#​4338) (249c279)
• NODE-6600: set object mode correctly for message chunking in SizedMessageTransform (#​4345) (5558573)
• NODE-6602: only wrap errors from SOCKS in network errors (#​4347) (ed83f36)

v6.11.0

Compare Source

Features

• NODE-5682: set maxTimeMS on commands and preempt I/O (#​4174) (e4e6a5e)
• NODE-5844: add iscryptd to ServerDescription (#​4239) (c39d443)
• NODE-6069: OIDC k8s machine workflow (#​4270) (82c931c)
• NODE-6090: Implement CSOT logic for connection checkout and server selection (bd8a9f4)
• NODE-6231: Add CSOT behaviour for retryable reads and writes (#​4186) (2ffd5eb)
• NODE-6274: add CSOT support to bulkWrite (#​4250) (c5a9ae5)
• NODE-6275: Add CSOT support to GridFS (#​4246) (3cb8187)
• NODE-6304: add CSOT support for non-tailable cursors (#​4195) (131f6ed)
• NODE-6305: Add CSOT support to tailable cursors (#​4218) (2398fc6)
• NODE-6312: add error transformation for server timeouts (#​4192) (c2c0cb9)
• NODE-6313: add CSOT support to sessions and transactions (#​4199) (5f1102f)
• NODE-6387: Add CSOT support to change streams (#​4256) (4588ff2)
• NODE-6389: add support for timeoutMS in StateMachine.execute() (#​4243) (c55f965)
• NODE-6390: Add timeoutMS support to auto encryption (#​4265) (55e08e7)
• NODE-6391: Add timeoutMS support to explicit encryption (#​4269) (f745b99)
• NODE-6392: add timeoutMS support to ClientEncryption helpers part 1 (#​4281) (e86f11e)
• NODE-6403: add CSOT support to client bulk write (#​4261) (365d63b)
• NODE-6421: add support for timeoutMS to explain helpers (#​4268) (5b2629b)
• NODE-6446: deprecate legacy timeout options (#​4279) (c28608b)
• NODE-6551: update bson to 6.10.0 (#​4329) (adb15fe)

Bug Fixes

• NODE-6374: MongoOperationTimeoutError inherits MongoRuntimeError (#​4237) (9fb896a)
• NODE-6412: read stale response from previously timed out connection (#​4273) (fd8f3bd)
• NODE-6454: use timeoutcontext for state machine execute() cursor options (#​4291) (5dd8ee5)
• NODE-6469: pool is cleared before connection checkin on error (#​4296) (06a2e2c)
• NODE-6523: deleteMany in gridfs passes timeoutMS to predicate, not options (#​4319) (1965ed5)

Performance Improvements

• NODE-6525: remove setPrototype and defineProperty from hot path (#​4321) (48ed47e)

v6.10.0

Compare Source

Features

• NODE-5682: set maxTimeMS on commands and preempt I/O (#​4174) (e4e6a5e)
• NODE-5844: add iscryptd to ServerDescription (#​4239) (c39d443)
• NODE-6069: OIDC k8s machine workflow (#​4270) (82c931c)
• NODE-6090: Implement CSOT logic for connection checkout and server selection (bd8a9f4)
• NODE-6231: Add CSOT behaviour for retryable reads and writes (#​4186) (2ffd5eb)
• NODE-6274: add CSOT support to bulkWrite (#​4250) (c5a9ae5)
• NODE-6275: Add CSOT support to GridFS (#​4246) (3cb8187)
• NODE-6304: add CSOT support for non-tailable cursors (#​4195) (131f6ed)
• NODE-6305: Add CSOT support to tailable cursors (#​4218) (2398fc6)
• NODE-6312: add error transformation for server timeouts (#​4192) (c2c0cb9)
• NODE-6313: add CSOT support to sessions and transactions (#​4199) (5f1102f)
• NODE-6387: Add CSOT support to change streams (#​4256) (4588ff2)
• NODE-6389: add support for timeoutMS in StateMachine.execute() (#​4243) (c55f965)
• NODE-6390: Add timeoutMS support to auto encryption (#​4265) (55e08e7)
• NODE-6391: Add timeoutMS support to explicit encryption (#​4269) (f745b99)
• NODE-6392: add timeoutMS support to ClientEncryption helpers part 1 (#​4281) (e86f11e)
• NODE-6403: add CSOT support to client bulk write (#​4261) (365d63b)
• NODE-6421: add support for timeoutMS to explain helpers (#​4268) (5b2629b)
• NODE-6446: deprecate legacy timeout options (#​4279) (c28608b)
• NODE-6551: update bson to 6.10.0 (#​4329) (adb15fe)

Bug Fixes

• NODE-6374: MongoOperationTimeoutError inherits MongoRuntimeError (#​4237) (9fb896a)
• NODE-6412: read stale response from previously timed out connection (#​4273) (fd8f3bd)
• NODE-6454: use timeoutcontext for state machine execute() cursor options (#​4291) (5dd8ee5)
• NODE-6469: pool is cleared before connection checkin on error (#​4296) (06a2e2c)
• NODE-6523: deleteMany in gridfs passes timeoutMS to predicate, not options (#​4319) (1965ed5)

Performance Improvements

• NODE-6525: remove setPrototype and defineProperty from hot path (#​4321) (48ed47e)

v6.9.0

Compare Source

Features

• NODE-5459: add durations to connection pool events (#​4166) (7295695)
• NODE-5614: add support for explicit resource management (#​4177) (b3f3987)
• NODE-5754: allow auto select family options (#​4185) (54efb7d)
• NODE-5908: support range v2 (#​4141) (de253a7)
• NODE-6225: add property ownership check before referencing mongocryptdSpawnPath and mongocryptdSpawnArgs (#​4151) (f48f8d3)
• NODE-6244: Bump max supported wire version and server version (#​4163) (45bc098)
• NODE-6252: insertMany and bulkWrite permit readonly arrays (#​4175) (4b219d3)
• NODE-6278: deprecate 3.6 servers (#​4178) (35d8840)
• NODE-6309: Mark range API as stable (#​4190) (f53e9d9)
• NODE-6327: new client bulk write types and builders (#​4205) (6d65ae7)
• NODE-6365: pass through allowPartialTrustChain TLS flag (#​4228) (d6c147d)

Bug Fixes

• NODE-5720: on pre-4.4 sharded servers, the node driver uses error.writeConcern.code to determine retryability (#​4155) (b26c328)
• NODE-6241: allow Binary as local kms provider key for auto encryption (#​4165) (d85f827)
• NODE-6259: replace dynamically assigned length property with a static getter (#​4173) (320dde0)
• NODE-6276: preserve top level error code MongoWriteConcernError (#​4183) (e902584)
• NODE-6284: make sparsity and trimFactor optional (#​4189) (8622545)
• NODE-6355: respect utf8 validation options when iterating cursors (#​4214) (8bfe187)
• NODE-6362: cache cursor deserialization options across deserialize calls (#​4221) (833eaa4)
• NODE-6367: enable mixed use of iteration APIs (#​4231) (08912c8)

Performance Improvements

• NODE-5906: optimize toArray to use batches (#​4171) (5565d50)

v6.8.2

Compare Source

The MongoDB Node.js team is pleased to announce version 6.8.2 of the mongodb package!

Release Notes

Fixed mixed use of cursor.next() and cursor[Symbol.asyncIterator]

In 6.8.0, we inadvertently prevented the use of cursor.next() along with using for await syntax to iterate cursors. If your code made use of the following pattern and the call to cursor.next retrieved all your documents in the first batch, then the for-await loop would never be entered. This issue is now fixed.

const firstDoc = await cursor.next();

for await (const doc of cursor) {
    // process doc
    // ...
}

Bug Fixes

• NODE-6367: enable mixed use of iteration APIs (#​4234) (d63bf6f)

Documentation

• Reference
• API
• Changelog

We invite you to try the mongodb library immediately, and report any issues to the NODE project.

v6.8.1

Compare Source

The MongoDB Node.js team is pleased to announce version 6.8.1 of the mongodb package!

Release Notes

Fixed enableUtf8Validation option

Starting in v6.8.0 we inadvertently removed the ability to disable UTF-8 validation when deserializing BSON. Validation is normally a good thing, but it was always meant to be configurable and the recent Node.js runtime issues (v22.7.0) make this option indispensable for avoiding errors from mistakenly generated invalid UTF-8 bytes.

Bug Fixes

• NODE-6355: respect utf8 validation option when iterating cursors (#​4220) (886cefb)

Documentation

• Reference
• API
• Changelog

We invite you to try the mongodb library immediately, and report any issues to the NODE project.

v6.8.0

Compare Source

Features

• NODE-5718: add ReadConcernMajorityNotAvailableYet to retryable errors (#​4154) (4f32dec)
• NODE-5801: allow multiple providers providers per type (#​4137) (4d209ce)
• NODE-5853: support delegated KMIP data key option (#​4129) (aa429f8)
• NODE-6136: parse cursor responses on demand (#​4112) (3ed6a2a)
• NODE-6157: add signature to github releases (#​4119) (f38c5fe)

Bug Fixes

• NODE-5801: use more specific key typing for multiple KMS provider support (#​4146) (465ffd9)
• NODE-6085: add TS support for KMIP data key options (#​4128) (f790cc1)
• NODE-6241: allow Binary as local KMS provider key (#​4160) (fb724eb)
• NODE-6242: close becomes true after calling close when documents still remain (#​4161) (e3d70c3)

v6.7.0

Compare Source

Features

• NODE-5464: OIDC machine and callback workflow (#​3912) (2ba8434)

Bug Fixes

• NODE-6165: useBigInt64 causes compareTopologyVersion to throw (#​4109) (21b729b)

[v6.6.2](https://redirect.github.com/mongodb/node-mongodb-native/blob/HEAD/HISTORY.md#662-2024-05-

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about these updates again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[renovate]

⚠️ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

• any of the package files in this branch needs updating, or
• the branch becomes conflicted, or
• you click the rebase/retry checkbox if found above, or
• you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: package-lock.json

npm warn Unknown env config "store". This will stop working in the next major version of npm.
npm error code ERESOLVE
npm error ERESOLVE unable to resolve dependency tree
npm error
npm error While resolving: @finos/[email protected]
npm error Found: [email protected]
npm error node_modules/react
npm error   react@"^16.14.0" from the root project
npm error
npm error Could not resolve dependency:
npm error peer react@">=18" from [email protected]
npm error node_modules/react-router-dom
npm error   react-router-dom@"7.9.5" from the root project
npm error
npm error Fix the upstream dependency conflict, or retry
npm error this command with --force or --legacy-peer-deps
npm error to accept an incorrect (and potentially broken) dependency resolution.
npm error
npm error
npm error For a full report see:
npm error /runner/cache/others/npm/_logs/2025-11-07T12_49_15_266Z-eresolve-report.txt
npm error A complete log of this run can be found in: /runner/cache/others/npm/_logs/2025-11-07T12_49_15_266Z-debug-0.log

[github-actions]

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

Package	Version	Score	Details
npm/mongodb	^7.0.0	🟢 6.3	Details Check Score Reason Code-Review 🟢 9 Found 25/26 approved changesets -- score normalized to 9 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Maintained 🟢 10 30 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10 Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Security-Policy ⚠️ 0 security policy file not detected License 🟢 10 license file detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Branch-Protection 🟢 4 branch protection is not maximal on development and all release branches Signed-Releases 🟢 8 5 out of the last 5 releases have a total of 5 signed artifacts. SAST 🟢 9 SAST tool detected but not run on all commits Vulnerabilities 🟢 10 0 existing vulnerabilities detected Binary-Artifacts 🟢 10 no binaries found in the repo Fuzzing ⚠️ 0 project is not fuzzed Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0
npm/react-router-dom	7.9.5	🟢 4.6	Details Check Score Reason Code-Review ⚠️ 1 Found 4/28 approved changesets -- score normalized to 1 Maintained 🟢 10 30 commit(s) and 10 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Security-Policy 🟢 10 security policy file detected Packaging ⚠️ -1 packaging workflow not detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions License 🟢 10 license file detected Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md Fuzzing ⚠️ 0 project is not fuzzed Vulnerabilities ⚠️ 0 46 existing vulnerabilities detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
npm/vite	^7.2.2	🟢 7.1	Details Check Score Reason Code-Review 🟢 7 Found 20/26 approved changesets -- score normalized to 7 Maintained 🟢 10 30 commit(s) and 15 issue activity found in the last 90 days -- score normalized to 10 Packaging ⚠️ -1 packaging workflow not detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Token-Permissions 🟢 6 detected GitHub workflow tokens with excessive permissions Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected License 🟢 10 license file detected Security-Policy 🟢 10 security policy file detected Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md Signed-Releases ⚠️ -1 no releases found Binary-Artifacts 🟢 7 binaries present in source code Pinned-Dependencies 🟢 6 dependency not pinned by hash detected -- score normalized to 6 Fuzzing ⚠️ 0 project is not fuzzed SAST ⚠️ 2 SAST tool is not run on all commits -- score normalized to 2 Vulnerabilities 🟢 10 0 existing vulnerabilities detected

Scanned Files

• package.json

[netlify]

✅ Deploy Preview for endearing-brigadeiros-63f9d0 canceled.

Name	Link
🔨 Latest commit	9f2bab6
🔍 Latest deploy log	https://app.netlify.com/projects/endearing-brigadeiros-63f9d0/deploys/690dead352145e00082ab399