deps(deps): Bump the js-prod-non-major group with 5 updates

[dependabot]

Bumps the js-prod-non-major group with 5 updates:

Package	From	To
@smolpack/bootstrap-extensions	1.1.1	1.1.2
bootstrap	5.3.3	5.3.8
bootstrap-icons	1.11.3	1.13.1
colorbrewer	1.5.6	1.6.1
react-bootstrap	2.10.4	2.10.10

Updates @smolpack/bootstrap-extensions from 1.1.1 to 1.1.2

Release notes

Sourced from @​smolpack/bootstrap-extensions's releases.

v1.1.2

What's Changed

• Bump word-wrap from 1.2.3 to 1.2.4 by @​dependabot[bot] in SmolSoftBoi/bootstrap-extensions#5
• Bump stylelint from 14.16.1 to 15.10.1 by @​dependabot[bot] in SmolSoftBoi/bootstrap-extensions#3
• Bump postcss from 8.4.25 to 8.4.31 by @​dependabot[bot] in SmolSoftBoi/bootstrap-extensions#6
• Bump gh-pages from 4.0.0 to 5.0.0 in the npm_and_yarn group across 1 directory by @​dependabot[bot] in SmolSoftBoi/bootstrap-extensions#11
• Create tech stack docs (techstack.yml and techstack.md) by @​stack-file[bot] in SmolSoftBoi/bootstrap-extensions#7

New Contributors

• @​stack-file[bot] made their first contribution in SmolSoftBoi/bootstrap-extensions#7

Full Changelog: SmolSoftBoi/bootstrap-extensions@v1.1.1...v.1.1.2

Commits

• 40df504 Bump version to 1.1.2 in package.json
• e782348 Fix file paths for SASS and CSS in package.json
• 670c149 Update Bootstrap and related dependencies to latest versions
• af52ff5 Merge pull request #7 from SmolSoftBoi/tech-stack-file
• 9b9a454 Update techstack.md
• d7740f6 Update techstack.yml
• c8ec7a6 Create techstack.md
• 370eae8 Create techstack.yml
• 817967e Merge pull request #11 from SmolSoftBoi/dependabot/npm_and_yarn/npm_and_yarn-...
• abcc411 Bump gh-pages in the npm_and_yarn group across 1 directory
• Additional commits viewable in compare view

Updates bootstrap from 5.3.3 to 5.3.8

Release notes

Sourced from bootstrap's releases.

v5.3.8

What's Changed

• Streamline release prep script by @​mdo in twbs/bootstrap#41539
• Docs: restore local dev port to 9001 by @​chalin in twbs/bootstrap#41545
• Docs: use Example shortcode instead of divs with only .bd-example class by @​julien-deramond in twbs/bootstrap#41556
• Docs: fix scss autorecompile in dev mode by @​MaxLardenois in twbs/bootstrap#41574
• Fix color-contrast() function for WCAG 2.1 compliance by @​julien-deramond in twbs/bootstrap#41585
• OSSF Scorecard by @​mdo in twbs/bootstrap#41571
• Workflows: Use SHA-1 for third-party actions by @​julien-deramond in twbs/bootstrap#41595
• Docs: unminify downloadable example HTML files by @​julien-deramond in twbs/bootstrap#41637
• Docs: Add tooltips to buttons when <Example> is used, not just <Code> by @​louismaximepiton in twbs/bootstrap#41582
• Set cursor pointer on input search cancel button by @​mdo in twbs/bootstrap#41639
• CSS: Prevent spinner distortion in flex containers with multiline content by @​julien-deramond in twbs/bootstrap#41654
• Migrate MyGet script to GH actions by @​supergibbs in twbs/bootstrap#41583
• Revert "Attempt to return focus explicitly to dropdown trigger" by @​mdo in twbs/bootstrap#41668
• docs: Minor range example code optimization by @​coliff in twbs/bootstrap#41665
• Remove Themes from docs by @​mdo in twbs/bootstrap#41671
• Release v5.3.8 by @​mdo in twbs/bootstrap#41669

Dependencies

• Build(deps-dev): Bump the development-dependencies group with 3 updates by @​julien-deramond in twbs/bootstrap#41540
• Build(deps-dev): Bump the development-dependencies group with 2 updates by @​julien-deramond in twbs/bootstrap#41544
• Build(deps-dev): Bump stylelint-config-twbs-bootstrap from 16.0.0 to 16.1.0 by @​julien-deramond in twbs/bootstrap#41546
• Build(deps-dev): Bump the development-dependencies group with 5 updates by @​julien-deramond in twbs/bootstrap#41552
• Build(deps-dev): Bump the development-dependencies group with 4 updates by @​julien-deramond in twbs/bootstrap#41560
• Build(deps-dev): Bump the development-dependencies group with 3 updates by @​julien-deramond in twbs/bootstrap#41566
• Build(deps): Bump actions/upload-artifact from 4.6.1 to 4.6.2 by @​dependabot[bot] in twbs/bootstrap#41594
• Build(deps-dev): Bump the development-dependencies group with 4 updates by @​julien-deramond in twbs/bootstrap#41599
• Build(deps-dev): Bump the development-dependencies group with 2 updates by @​julien-deramond in twbs/bootstrap#41609
• Build(deps): Bump github/codeql-action from 3.29.2 to 3.29.3 by @​dependabot[bot] in twbs/bootstrap#41611
• Build(deps): Bump streetsidesoftware/cspell-action from 7.1.1 to 7.1.2 by @​dependabot[bot] in twbs/bootstrap#41610
• Build(deps-dev): Bump the development-dependencies group with 4 updates by @​julien-deramond in twbs/bootstrap#41621
• Build(deps): Bump streetsidesoftware/cspell-action from 7.1.2 to 7.2.0 by @​dependabot[bot] in twbs/bootstrap#41625
• Build(deps): Bump actions-cool/issues-helper from 3.6.0 to 3.6.2 by @​dependabot[bot] in twbs/bootstrap#41623
• Build(deps): Bump github/codeql-action from 3.29.3 to 3.29.4 by @​dependabot[bot] in twbs/bootstrap#41624
• Build(deps-dev): Bump the development-dependencies group across 1 directory with 3 updates by @​dependabot[bot] in twbs/bootstrap#41626
• Build(deps): Bump github/codeql-action from 3.29.4 to 3.29.5 by @​dependabot[bot] in twbs/bootstrap#41640
• Build(deps): Bump tmp from 0.2.3 to 0.2.4 by @​dependabot[bot] in twbs/bootstrap#41649
• Build(deps): Bump github/codeql-action from 3.29.7 to 3.29.8 by @​dependabot[bot] in twbs/bootstrap#41657
• Build(deps): Bump actions/checkout from 4.2.2 to 5.0.0 by @​dependabot[bot] in twbs/bootstrap#41655
• Build(deps): Bump github/codeql-action from 3.29.8 to 3.29.10 by @​dependabot[bot] in twbs/bootstrap#41664

New Contributors

• @​chalin made their first contribution in twbs/bootstrap#41545

Full Changelog: twbs/bootstrap@v5.3.7...v5.3.8

v5.3.7

📚 Documentation

... (truncated)

Commits

• 25aa8cc Release v5.3.8 (#41669)
• 122bff5 Remove Themes from docs (#41671)
• 320f713 docs: Minor range example code optimization (#41665)
• ac5f51c Revert "Attempt to return focus explicitly to dropdown trigger (#41365)" (#41...
• 4bd8b6c Migrate MyGet script to GH actions (#41583)
• f50f38b CSS: Fix spinner deformation in flex boxes when content is multiline (#41654)
• 47c75b8 Set cursor pointer on input search cancel button (#41639)
• 26c86ba Build(deps): Bump github/codeql-action from 3.29.8 to 3.29.10 (#41664)
• 099b02b Build(deps-dev): Bump rollup from 4.46.2 to 4.46.3
• 4b8a2c9 Build(deps-dev): bump dependencies
• Additional commits viewable in compare view

Updates bootstrap-icons from 1.11.3 to 1.13.1

Release notes

Sourced from bootstrap-icons's releases.

v1.13.1

Quick fix for search on the docs.

What's Changed

• Release v1.13.1 and fix search by @​mdo in twbs/icons#2152

Full Changelog: twbs/icons@v1.13.0...v1.13.1

v1.13.0

What's Changed

• Category consistency by @​mdo in twbs/icons#2145
• Update usage docs for Vite and Parcel relative path issues by @​mdo in twbs/icons#2146
• New icons for v1.13.0 by @​mdo in twbs/icons#2147
• Bump for 1.13.0 by @​mdo in twbs/icons#2150

Full Changelog: twbs/icons@v1.12.1...v1.13.0

v1.12.1

Forgot to generate new docs page for Bluesky because I was too excited about a single icon update.

v1.12.0: The Bluesky Update

There's only one new icon in this release… and it‘s Bluesky. 🤣

v1.11.4

What's Changed

Not including several dependency updates…

• Remove Google Analytics by @​coliff in twbs/icons#1917
• docs: fix missing bi class from font examples by @​XhmikosR in twbs/icons#1879
• docs: fix mortarboard spelling by @​Hugo-Le-Goff in twbs/icons#1919
• Fix edge case in color-modes.js by @​julien-deramond in twbs/icons#1854
• deploy.yml: add permissions contents: read by @​XhmikosR in twbs/icons#1925
• Fix icon class name in font example by @​kyletsang in twbs/icons#2108
• Add 'like' and 'okay' keywords to hand-thumbs-up icon by @​Skiblinx in twbs/icons#2015
• Add math tags for Math related Icons by @​shaunroselt in twbs/icons#2082
• Added "unknown" as a tag for question mark icons by @​shaunroselt in twbs/icons#2042
• Searching icons, Alternate spellings (#2044) by @​sidhanshamil in twbs/icons#2048
• Fixes #2090, fixes #2021, fixes #2067 by @​mdo in twbs/icons#2138
• Prep 1.11.4 release by @​mdo in twbs/icons#2139
• Rebuild after version bump by @​mdo in twbs/icons#2140

New Contributors

• @​Hugo-Le-Goff made their first contribution in twbs/icons#1919
• @​kyletsang made their first contribution in twbs/icons#2108
• @​Skiblinx made their first contribution in twbs/icons#2015
• @​sidhanshamil made their first contribution in twbs/icons#2048

Full Changelog: twbs/icons@v1.11.3...v1.11.4

Commits

• ce0e49d Release v1.13.1 and fix search (#2152)
• ab0d9f3 Bump for 1.13.0 (#2150)
• 1fcdc75 New icons for v1.13.0 (#2147)
• 563c21a Update usage docs for Vite and Parcel relative path issues (#2146)
• 6b3775d Fixes #2144 (#2145)
• 805db3a Forgot .md page (#2142)
• 662ac04 Bluesky (#2141)
• e45c8d2 Rebuild (#2140)
• 3ce0fff Prep 1.11.4 release (#2139)
• 9bdc10a Fixes #2090, fixes #2021, fixes #2067 (#2138)
• Additional commits viewable in compare view

Updates colorbrewer from 1.5.6 to 1.6.1

Release notes

Sourced from colorbrewer's releases.

Release v1.6.1

• TypeScript import fixes
• Modernize rollup build process
• Fix a critical bug step that has missing index.es.js

1.5.9

Fix typo and missing build step.

v1.5.7

Full Changelog: saikocat/colorbrewer@v1.5.6...v1.5.7

Commits

• 2f82bf6 Bump to fix pkg url + missing build file in packaging
• d9a1ce4 Attribute moranbw for the awesome work
• 5664bf6 [Typescript Fix] Merge pull request #13 from moranbw/master
• 7dc1ca3 newline insertion as requested.
• a685434 fix types + cleanup
• 2b5178a 1.5.9
• 701c646 1.5.8
• 4b86b16 [Issue #12] Fix typo in rollup config
• cf87c24 1.5.7
• 4abc574 Add new build artifacts
• Additional commits viewable in compare view

Updates react-bootstrap from 2.10.4 to 2.10.10

Release notes

Sourced from react-bootstrap's releases.

v2.10.10

2.10.10 (2025-05-11)

Bug Fixes

• Navbar: add defaultExpanded type (#6926) (4c64270)

v2.10.9

2.10.9 (2025-01-30)

Bug Fixes

• update @​restart/ui to v1.9.4 (#6893) (bbbba51)
• Variant/Color type infer (#6885) (0e3ab61)

v2.10.8

2.10.8 (2025-01-21)

Bug Fixes

• Navbar: fix react 19 type compatibility (#6886) (7f69899)
• update @​restart/ui to v1.9.3 (#6890) (1277678)

v2.10.7

2.10.7 (2024-12-15)

Bug Fixes

• fix type conflicts with react 19 types (#6880) (416145f)

v2.10.6

2.10.6 (2024-11-25)

Bug Fixes

• AccordionHeader: apply aria-controls to button (#6868) (8475119)
• fix ref access in React 19 (#6869) (2c65f5d)
• Nav: remove prop-types-extra import from build (#6854) (ab81d6b)

v2.10.5

2.10.5 (2024-09-26)

... (truncated)

Changelog

Sourced from react-bootstrap's changelog.

2.10.10 (2025-05-11)

Bug Fixes

• Navbar: add defaultExpanded type (#6926) (4c64270)

2.10.9 (2025-01-30)

Bug Fixes

• update @​restart/ui to v1.9.4 (#6893) (bbbba51)
• Variant/Color type infer (#6885) (0e3ab61)

2.10.8 (2025-01-21)

Bug Fixes

• Navbar: fix react 19 type compatibility (#6886) (7f69899)
• update @​restart/ui to v1.9.3 (#6890) (1277678)

2.10.7 (2024-12-15)

Bug Fixes

• fix type conflicts with react 19 types (#6880) (416145f)

2.10.6 (2024-11-25)

Bug Fixes

... (truncated)

Commits

• 8b1cb72 Publish v2.10.10
• 4c64270 fix(Navbar): add defaultExpanded type (#6926)
• 079e5fd chore: update code quality tools (#6894)
• 7cb1fc0 Publish v2.10.9
• bbbba51 fix: update @​restart/ui to v1.9.4 (#6893)
• 0e3ab61 fix: Variant/Color type infer (#6885)
• fad2751 Publish v2.10.8
• 1277678 fix: update @​restart/ui to v1.9.3 (#6890)
• 0f1a5b6 docs: update react-docgen to v7 (#6888)
• 7f69899 fix(Navbar): fix react 19 type compatibility (#6886)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[coderabbitai]

Important

Review skipped

Bot user detected.

To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[github-actions]

Dependency Review

The following issues were found:

• ✅ 0 vulnerable package(s)
• ✅ 0 package(s) with incompatible licenses
• ✅ 0 package(s) with invalid SPDX license definitions
• ⚠️ 2 package(s) with unknown licenses.
• ⚠️ 1 packages with OpenSSF Scorecard issues.

See the Details below.

License Issues

yarn.lock

Package	Version	License	Issue Type
@smolpack/bootstrap-extensions	1.1.2	Null	Unknown License
@types/colorbrewer	1.6.0	Null	Unknown License

OpenSSF Scorecard

Package	Version	Score	Details
npm/@babel/runtime	7.28.4	🟢 6.4	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 14 issue activity found in the last 90 days -- score normalized to 10 Code-Review 🟢 9 Found 29/30 approved changesets -- score normalized to 9 License 🟢 10 license file detected CII-Best-Practices ⚠️ 2 badge detected: InProgress Packaging ⚠️ -1 packaging workflow not detected Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Security-Policy 🟢 10 security policy file detected Token-Permissions 🟢 9 detected GitHub workflow tokens with excessive permissions Signed-Releases ⚠️ -1 no releases found Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed Vulnerabilities ⚠️ 0 32 existing vulnerabilities detected
npm/@restart/hooks	0.5.1	⚠️ 2.7	Details Check Score Reason Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Code-Review ⚠️ 2 Found 7/30 approved changesets -- score normalized to 2 Maintained ⚠️ 0 0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0 Binary-Artifacts 🟢 10 no binaries found in the repo Packaging ⚠️ -1 packaging workflow not detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Security-Policy ⚠️ 0 security policy file not detected License 🟢 10 license file detected Fuzzing ⚠️ 0 project is not fuzzed Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Vulnerabilities ⚠️ 0 190 existing vulnerabilities detected
npm/@restart/ui	1.9.4	🟢 3	Details Check Score Reason Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Maintained ⚠️ 2 3 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 2 Packaging ⚠️ -1 packaging workflow not detected Code-Review 🟢 3 Found 11/30 approved changesets -- score normalized to 3 Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy ⚠️ 0 security policy file not detected License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Fuzzing ⚠️ 0 project is not fuzzed SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Vulnerabilities ⚠️ 0 74 existing vulnerabilities detected
npm/@smolpack/bootstrap-extensions	1.1.2	Unknown	Unknown
npm/@types/colorbrewer	1.6.0	🟢 7	Details Check Score Reason Packaging ⚠️ -1 packaging workflow not detected Code-Review 🟢 9 Found 29/30 approved changesets -- score normalized to 9 Maintained 🟢 10 30 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Security-Policy 🟢 10 security policy file detected License 🟢 9 license file detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md Vulnerabilities 🟢 10 0 existing vulnerabilities detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies 🟢 8 dependency not pinned by hash detected -- score normalized to 8 Fuzzing ⚠️ 0 project is not fuzzed
npm/@types/prop-types	15.7.15	🟢 7	Details Check Score Reason Packaging ⚠️ -1 packaging workflow not detected Code-Review 🟢 9 Found 29/30 approved changesets -- score normalized to 9 Maintained 🟢 10 30 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Security-Policy 🟢 10 security policy file detected License 🟢 9 license file detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md Vulnerabilities 🟢 10 0 existing vulnerabilities detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies 🟢 8 dependency not pinned by hash detected -- score normalized to 8 Fuzzing ⚠️ 0 project is not fuzzed
npm/bootstrap	5.3.8	🟢 7.5	Details Check Score Reason Code-Review ⚠️ 0 Found 2/23 approved changesets -- score normalized to 0 Maintained 🟢 10 30 commit(s) and 14 issue activity found in the last 90 days -- score normalized to 10 Dependency-Update-Tool 🟢 10 update tool detected Security-Policy 🟢 9 security policy file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions 🟢 9 detected GitHub workflow tokens with excessive permissions Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies 🟢 10 all dependencies are pinned CII-Best-Practices ⚠️ 2 badge detected: InProgress SAST 🟢 10 SAST tool is run on all commits Signed-Releases ⚠️ 0 Project has not signed or included provenance with any releases. Fuzzing ⚠️ 0 project is not fuzzed Packaging 🟢 10 packaging workflow detected Vulnerabilities 🟢 9 1 existing vulnerabilities detected License 🟢 10 license file detected Branch-Protection ⚠️ -1 internal error: error during GetBranch(v4-dev): error during branchesHandler.query: internal error: githubv4.Query: Resource not accessible by integration CI-Tests 🟢 10 10 out of 10 merged PRs checked by a CI test -- score normalized to 10 Contributors 🟢 10 project has 58 contributing companies or organizations
npm/bootstrap-icons	1.13.1	🟢 6	Details Check Score Reason Maintained ⚠️ 1 2 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 1 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Code-Review ⚠️ 2 Found 6/23 approved changesets -- score normalized to 2 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected License 🟢 10 license file detected Token-Permissions 🟢 9 detected GitHub workflow tokens with excessive permissions Fuzzing ⚠️ 0 project is not fuzzed Packaging 🟢 10 packaging workflow detected Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md Signed-Releases ⚠️ 0 Project has not signed or included provenance with any releases. Security-Policy ⚠️ 0 security policy file not detected Pinned-Dependencies 🟢 10 all dependencies are pinned Binary-Artifacts 🟢 10 no binaries found in the repo SAST 🟢 9 SAST tool detected but not run on all commits Vulnerabilities 🟢 10 0 existing vulnerabilities detected
npm/colorbrewer	1.6.1	🟢 3	Details Check Score Reason Pinned-Dependencies ⚠️ -1 no dependencies found Maintained ⚠️ 0 0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0 Binary-Artifacts 🟢 10 no binaries found in the repo Dangerous-Workflow ⚠️ -1 no workflows found Packaging ⚠️ -1 packaging workflow not detected Code-Review ⚠️ 0 Found 1/20 approved changesets -- score normalized to 0 Token-Permissions ⚠️ -1 No tokens found CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy ⚠️ 0 security policy file not detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 9 license file detected Vulnerabilities 🟢 10 0 existing vulnerabilities detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
npm/react-bootstrap	2.10.10	🟢 4.6	Details Check Score Reason Maintained 🟢 7 8 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 7 Code-Review ⚠️ 1 Found 4/21 approved changesets -- score normalized to 1 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege Packaging ⚠️ -1 packaging workflow not detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Security-Policy ⚠️ 0 security policy file not detected License 🟢 10 license file detected Fuzzing ⚠️ 0 project is not fuzzed Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Vulnerabilities ⚠️ 0 17 existing vulnerabilities detected

Scanned Files

• yarn.lock

[SmolSoftBoi]

@dependabot rebase