Bump ua-parser-js from 1.0.40 to 2.0.3

[dependabot]

Bumps ua-parser-js from 1.0.40 to 2.0.3.

Release notes

Sourced from ua-parser-js's releases.

v2.0.3

Version 2.0.3

• Add new browser: Dooble, Ecosia, LG Browser, Otter, qutebrowser, Surf
• Add new device: BLU, Facebook Portal TV
• Improve device detection: Archos, LG, Meta Quest
• Remove jazzer.js fuzz test
• Improve withClientHints():
  • Browser naming adjustments:
    • HuaweiBrowser => Huawei Browser
    • Miui Browser => MIUI Browser
    • OperaMobile => Opera Mobi
    • YaBrowser => Yandex
• extensions submodule:
  • Add new Crawler: AdIdxBot, Linespider, LinkedInBot, OpenAI Image Downloader, SemrushBot, Yahoo! Slurp
  • Add new Fetcher: Better Uptime Bot, Google-PageRenderer, GoogleImageProxy, MicrosoftPreview, Snap URL Preview, SkypeUriPreview, TelegramBot
  • Add new Vehicles: BMW, Jeep
  • Add OS detection of WhatsApp user-agent

v2.0.2

Version 2.0.2

• Fix TypeScript dependency issue

v2.0.1

Version 2.0.1

• Add new browser: Ladybird, Daum
• Add new device: Apple HomePod
• Add new device vendor: HMD
• Add new OS: Ubuntu Touch, Windows IoT
• Improve CPU detection: ARM, x86
• Improve device detection: Lenovo, Nokia, Nvidia, Xiaomi
  • Tablet: Google, Honor, Huawei, Infinix, Nokia, OnePlus, Xiaomi
  • Wearable: Asus, Google, LG, Motorola, OnePlus, Oppo, Samsung, Sony
  • Smart-TV: Xiaomi, unidentified vendors
  • Improve detection for unknown VR devices
  • Improve device model detection for Generic devices
• Improve OS detection: Linux, Symbian
• Improve TypeScript definitions for Headers
• Improve withClientHints():
  • engine.version also get updated
  • Infer device.vendor & device.type by guessing from device.model
  • Browser naming adjustments:
    • Google Chrome => Chrome
    • Microsoft Edge => Edge
    • Android WebView => Chrome WebView
    • HeadlessChrome => Chrome Headless
• enums submodule:
  • Add TypeScript definitions

... (truncated)

Changelog

Sourced from ua-parser-js's changelog.

Version 2.0.3

• Add new browser: Dooble, Ecosia, LG Browser, Otter, qutebrowser, Surf
• Add new device: BLU, Facebook Portal TV
• Improve device detection: Archos, LG, Meta Quest
• Remove jazzer.js fuzz test
• Improve withClientHints():
  • Browser naming adjustments:
    • HuaweiBrowser => Huawei Browser
    • Miui Browser => MIUI Browser
    • OperaMobile => Opera Mobi
    • YaBrowser => Yandex
• extensions submodule:
  • Add new Crawler: AdIdxBot, Linespider, LinkedInBot, OpenAI Image Downloader, SemrushBot, Yahoo! Slurp
  • Add new Fetcher: Better Uptime Bot, Google-PageRenderer, GoogleImageProxy, MicrosoftPreview, Snap URL Preview, SkypeUriPreview, TelegramBot
  • Add new Vehicles: BMW, Jeep
  • Add OS detection of WhatsApp user-agent

Version 2.0.2

• Fix TypeScript dependency issue

Version 2.0.1

• Add new browser: Ladybird, Daum
• Add new device: Apple HomePod
• Add new device vendor: HMD
• Add new OS: Ubuntu Touch, Windows IoT
• Improve CPU detection: ARM, x86
• Improve device detection: Lenovo, Nokia, Nvidia, Xiaomi
  • Tablet: Google, Honor, Huawei, Infinix, Nokia, OnePlus, Xiaomi
  • Wearable: Asus, Google, LG, Motorola, OnePlus, Oppo, Samsung, Sony
  • Smart-TV: Xiaomi, unidentified vendors
  • Improve detection for unknown VR devices
  • Improve device model detection for Generic devices
• Improve OS detection: Linux, Symbian
• Improve TypeScript definitions for Headers
• Improve withClientHints():
  • engine.version also get updated
  • Infer device.vendor & device.type by guessing from device.model
  • Browser naming adjustments:
    • Google Chrome => Chrome
    • Microsoft Edge => Edge
    • Android WebView => Chrome WebView
    • HeadlessChrome => Chrome Headless
• enums submodule:
  • Add TypeScript definitions
• extensions submodule:
  • Add new list:
    • Vehicles: BYD, Rivian, Volvo

... (truncated)

Commits

• af8acf9 Bump version 2.0.3
• 6a41513 Add new device vendor: BLU
• f93cb04 Improve device detection for Meta Quest
• c6f8ba3 Add new device: Facebook Portal TV
• f7f64a3 [extensions] Detect OS from WhatsApp user agent
• 8f545f9 Add new browser: Dooble, Ecosia, Otter, qutebrowser, Surf
• 2d26ead Add new browser: LG Browser
• 30c0b20 Improve device detection: LG
• 0cf4477 Improve device detection: Archos
• 367eae4 [extensions] Add new Vehicles: BMW, Jeep Wagooner
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[github-actions]

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

Scorecard details

Package	Version	Score	Details
npm/@types/node	22.13.4	🟢 6.9	Details Check Score Reason Code-Review 🟢 8 Found 26/30 approved changesets -- score normalized to 8 Maintained 🟢 10 30 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10 Packaging ⚠️ -1 packaging workflow not detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 9 license file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Security-Policy 🟢 10 security policy file detected Signed-Releases ⚠️ -1 no releases found Vulnerabilities 🟢 10 0 existing vulnerabilities detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies 🟢 8 dependency not pinned by hash detected -- score normalized to 8 Fuzzing ⚠️ 0 project is not fuzzed
npm/@types/node-fetch	2.6.12	🟢 6.9	Details Check Score Reason Code-Review 🟢 8 Found 26/30 approved changesets -- score normalized to 8 Maintained 🟢 10 30 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10 Packaging ⚠️ -1 packaging workflow not detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 9 license file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Security-Policy 🟢 10 security policy file detected Signed-Releases ⚠️ -1 no releases found Vulnerabilities 🟢 10 0 existing vulnerabilities detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies 🟢 8 dependency not pinned by hash detected -- score normalized to 8 Fuzzing ⚠️ 0 project is not fuzzed
npm/asynckit	0.4.0	🟢 3	Details Check Score Reason Token-Permissions ⚠️ -1 No tokens found Maintained ⚠️ 0 0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0 Dangerous-Workflow ⚠️ -1 no workflows found SAST ⚠️ 0 no SAST tool detected Packaging ⚠️ -1 packaging workflow not detected Code-Review ⚠️ 0 Found 0/24 approved changesets -- score normalized to 0 Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ -1 no dependencies found CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Vulnerabilities 🟢 10 0 existing vulnerabilities detected Fuzzing ⚠️ 0 project is not fuzzed Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Signed-Releases ⚠️ -1 no releases found Security-Policy ⚠️ 0 security policy file not detected
npm/call-bind-apply-helpers	1.0.2	Unknown	Unknown
npm/combined-stream	1.0.8	🟢 3.2	Details Check Score Reason Token-Permissions ⚠️ -1 No tokens found Maintained ⚠️ 0 0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0 Binary-Artifacts 🟢 10 no binaries found in the repo Code-Review ⚠️ 1 Found 3/24 approved changesets -- score normalized to 1 Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow ⚠️ -1 no workflows found Pinned-Dependencies ⚠️ -1 no dependencies found CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy ⚠️ 0 security policy file not detected Fuzzing ⚠️ 0 project is not fuzzed Vulnerabilities 🟢 10 0 existing vulnerabilities detected License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
npm/delayed-stream	1.0.0	🟢 3	Details Check Score Reason Code-Review ⚠️ 0 Found 2/29 approved changesets -- score normalized to 0 Token-Permissions ⚠️ -1 No tokens found Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow ⚠️ -1 no workflows found Maintained ⚠️ 0 0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0 Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ -1 no dependencies found CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy ⚠️ 0 security policy file not detected Vulnerabilities 🟢 10 0 existing vulnerabilities detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
npm/detect-europe-js	0.1.2	Unknown	Unknown
npm/dunder-proto	1.0.1	Unknown	Unknown
npm/es-define-property	1.0.1	Unknown	Unknown
npm/es-errors	1.3.0	Unknown	Unknown
npm/es-object-atoms	1.1.1	Unknown	Unknown
npm/es-set-tostringtag	2.1.0	🟢 4.8	Details Check Score Reason Code-Review ⚠️ 0 Found 0/30 approved changesets -- score normalized to 0 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Maintained 🟢 8 10 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 8 SAST ⚠️ 0 no SAST tool detected Packaging ⚠️ -1 packaging workflow not detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Vulnerabilities 🟢 10 0 existing vulnerabilities detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Security-Policy 🟢 9 security policy file detected
npm/form-data	4.0.2	🟢 5.9	Details Check Score Reason Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege Maintained 🟢 10 21 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 10 Code-Review ⚠️ 0 Found 1/30 approved changesets -- score normalized to 0 Packaging ⚠️ -1 packaging workflow not detected Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy ⚠️ 0 security policy file not detected Vulnerabilities 🟢 10 0 existing vulnerabilities detected License 🟢 10 license file detected Fuzzing ⚠️ 0 project is not fuzzed Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Signed-Releases ⚠️ -1 no releases found SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
npm/function-bind	1.1.2	🟢 5	Details Check Score Reason Code-Review ⚠️ 1 Found 3/29 approved changesets -- score normalized to 1 Binary-Artifacts 🟢 10 no binaries found in the repo Maintained ⚠️ 0 0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0 Security-Policy 🟢 9 security policy file detected Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Fuzzing ⚠️ 0 project is not fuzzed Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege Vulnerabilities 🟢 10 0 existing vulnerabilities detected Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Signed-Releases ⚠️ -1 no releases found SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
npm/get-intrinsic	1.3.0	🟢 5.1	Details Check Score Reason Maintained 🟢 7 8 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 7 Packaging ⚠️ -1 packaging workflow not detected Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Code-Review ⚠️ 0 Found 0/30 approved changesets -- score normalized to 0 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Binary-Artifacts 🟢 10 no binaries found in the repo SAST ⚠️ 0 no SAST tool detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Fuzzing ⚠️ 0 project is not fuzzed Vulnerabilities 🟢 10 0 existing vulnerabilities detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Security-Policy 🟢 9 security policy file detected
npm/get-proto	1.0.1	Unknown	Unknown
npm/gopd	1.2.0	🟢 4.4	Details Check Score Reason Binary-Artifacts 🟢 10 no binaries found in the repo Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Maintained ⚠️ 0 0 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 0 Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Code-Review ⚠️ 0 Found 0/23 approved changesets -- score normalized to 0 SAST ⚠️ 0 no SAST tool detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Vulnerabilities 🟢 10 0 existing vulnerabilities detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Security-Policy 🟢 9 security policy file detected
npm/has-symbols	1.1.0	🟢 4.4	Details Check Score Reason Maintained ⚠️ 0 0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0 Binary-Artifacts 🟢 10 no binaries found in the repo Code-Review ⚠️ 0 Found 0/30 approved changesets -- score normalized to 0 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Packaging ⚠️ -1 packaging workflow not detected License 🟢 10 license file detected Fuzzing ⚠️ 0 project is not fuzzed Vulnerabilities 🟢 10 0 existing vulnerabilities detected Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected SAST ⚠️ 0 no SAST tool detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Security-Policy 🟢 9 security policy file detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions
npm/has-tostringtag	1.0.2	🟢 4.4	Details Check Score Reason Maintained ⚠️ 0 0 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 0 Code-Review ⚠️ 0 Found 0/29 approved changesets -- score normalized to 0 Binary-Artifacts 🟢 10 no binaries found in the repo Packaging ⚠️ -1 packaging workflow not detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Fuzzing ⚠️ 0 project is not fuzzed Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected License 🟢 10 license file detected SAST ⚠️ 0 no SAST tool detected Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Vulnerabilities 🟢 10 0 existing vulnerabilities detected Signed-Releases ⚠️ -1 no releases found Security-Policy 🟢 9 security policy file detected Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
npm/hasown	2.0.2	Unknown	Unknown
npm/is-standalone-pwa	0.1.1	Unknown	Unknown
npm/math-intrinsics	1.1.0	Unknown	Unknown
npm/mime-db	1.52.0	🟢 4.5	Details Check Score Reason Binary-Artifacts 🟢 10 no binaries found in the repo Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches CI-Tests 🟢 5 6 out of 12 merged PRs checked by a CI test -- score normalized to 5 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Code-Review 🟢 3 Found 11/29 approved changesets -- score normalized to 3 Contributors 🟢 10 project has 18 contributing companies or organizations Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Dependency-Update-Tool ⚠️ 0 no update tool detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Maintained 🟢 7 5 commit(s) and 4 issue activity found in the last 90 days -- score normalized to 7 Packaging ⚠️ -1 packaging workflow not detected Pinned-Dependencies ⚠️ 1 dependency not pinned by hash detected -- score normalized to 1 SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Security-Policy 🟢 4 security policy file detected Signed-Releases ⚠️ -1 no releases found Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Vulnerabilities 🟢 10 0 existing vulnerabilities detected
npm/mime-types	2.1.35	🟢 4.4	Details Check Score Reason Binary-Artifacts 🟢 10 no binaries found in the repo Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches CI-Tests 🟢 8 7 out of 8 merged PRs checked by a CI test -- score normalized to 8 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Code-Review ⚠️ 2 Found 7/26 approved changesets -- score normalized to 2 Contributors 🟢 10 project has 24 contributing companies or organizations Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Dependency-Update-Tool ⚠️ 0 no update tool detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Maintained ⚠️ 2 1 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 2 Packaging ⚠️ -1 packaging workflow not detected Pinned-Dependencies ⚠️ 2 dependency not pinned by hash detected -- score normalized to 2 SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Security-Policy 🟢 10 security policy file detected Signed-Releases ⚠️ -1 no releases found Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Vulnerabilities 🟢 10 0 existing vulnerabilities detected
npm/ua-is-frozen	0.1.2	Unknown	Unknown
npm/ua-parser-js	2.0.3	🟢 8.1	Details Check Score Reason Binary-Artifacts 🟢 10 no binaries found in the repo Branch-Protection ⚠️ 2 branch protection is not maximal on development and all release branches CI-Tests 🟢 8 4 out of 5 merged PRs checked by a CI test -- score normalized to 8 CII-Best-Practices 🟢 5 badge detected: passing Code-Review ⚠️ 1 5 out of last 30 changesets reviewed before merge -- score normalized to 1 Contributors 🟢 10 14 different organizations found -- score normalized to 10 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Dependency-Update-Tool 🟢 10 update tool detected Fuzzing 🟢 10 project is fuzzed with [OSSFuzz] License 🟢 10 license file detected Maintained 🟢 10 11 commit(s) out of 30 and 4 issue activity out of 30 found in the last 90 days -- score normalized to 10 Packaging 🟢 10 publishing workflow detected Pinned-Dependencies 🟢 9 dependency not pinned by hash detected -- score normalized to 9 SAST 🟢 7 SAST tool detected but not run on all commmits Security-Policy 🟢 10 security policy file detected Signed-Releases ⚠️ -1 no releases found Token-Permissions 🟢 9 non read-only tokens detected in GitHub workflows Vulnerabilities ⚠️ -1 internal error: vulnerabilitiesClient.ListUnfixedVulnerabilities: osvscanner.DoScan: vulnerabilities found
npm/undici-types	6.20.0	🟢 8.2	Details Check Score Reason Binary-Artifacts 🟢 8 binaries present in source code Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration CI-Tests 🟢 10 30 out of 30 merged PRs checked by a CI test -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Code-Review 🟢 10 all changesets reviewed Contributors 🟢 10 project has 75 contributing companies or organizations Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Dependency-Update-Tool 🟢 10 update tool detected Fuzzing 🟢 10 project is fuzzed License 🟢 10 license file detected Maintained 🟢 10 30 commit(s) and 21 issue activity found in the last 90 days -- score normalized to 10 Packaging 🟢 10 packaging workflow detected Pinned-Dependencies 🟢 3 dependency not pinned by hash detected -- score normalized to 3 SAST 🟢 9 SAST tool detected but not run on all commits Security-Policy 🟢 9 security policy file detected Signed-Releases ⚠️ -1 no releases found Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Vulnerabilities 🟢 10 0 existing vulnerabilities detected
npm/ua-parser-js	^2.0.3	🟢 8.1	Details Check Score Reason Binary-Artifacts 🟢 10 no binaries found in the repo Branch-Protection ⚠️ 2 branch protection is not maximal on development and all release branches CI-Tests 🟢 8 4 out of 5 merged PRs checked by a CI test -- score normalized to 8 CII-Best-Practices 🟢 5 badge detected: passing Code-Review ⚠️ 1 5 out of last 30 changesets reviewed before merge -- score normalized to 1 Contributors 🟢 10 14 different organizations found -- score normalized to 10 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Dependency-Update-Tool 🟢 10 update tool detected Fuzzing 🟢 10 project is fuzzed with [OSSFuzz] License 🟢 10 license file detected Maintained 🟢 10 11 commit(s) out of 30 and 4 issue activity out of 30 found in the last 90 days -- score normalized to 10 Packaging 🟢 10 publishing workflow detected Pinned-Dependencies 🟢 9 dependency not pinned by hash detected -- score normalized to 9 SAST 🟢 7 SAST tool detected but not run on all commmits Security-Policy 🟢 10 security policy file detected Signed-Releases ⚠️ -1 no releases found Token-Permissions 🟢 9 non read-only tokens detected in GitHub workflows Vulnerabilities ⚠️ -1 internal error: vulnerabilitiesClient.ListUnfixedVulnerabilities: osvscanner.DoScan: vulnerabilities found

Scanned Manifest Files

package-lock.json

• @types/node@22.13.4
• @types/node-fetch@2.6.12
• asynckit@0.4.0
• call-bind-apply-helpers@1.0.2
• combined-stream@1.0.8
• delayed-stream@1.0.0
• detect-europe-js@0.1.2
• dunder-proto@1.0.1
• es-define-property@1.0.1
• es-errors@1.3.0
• es-object-atoms@1.1.1
• es-set-tostringtag@2.1.0
• form-data@4.0.2
• function-bind@1.1.2
• get-intrinsic@1.3.0
• get-proto@1.0.1
• gopd@1.2.0
• has-symbols@1.1.0
• has-tostringtag@1.0.2
• hasown@2.0.2
• is-standalone-pwa@0.1.1
• math-intrinsics@1.1.0
• mime-db@1.52.0
• mime-types@2.1.35
• ua-is-frozen@0.1.2
• ua-parser-js@2.0.3
• undici-types@6.20.0
• @types/node@22.13.4
• ua-parser-js@1.0.40
• undici-types@6.20.0

package.json

• ua-parser-js@^2.0.3
• ua-parser-js@^1.0.40

[socket-security]

New and updated dependencies detected. Learn more about Socket for GitHub ↗︎

Package	New capabilities	Transitives	Size	Publisher
npm/ua-parser-js@1.0.40 ➜ 2.0.3	Transitive: eval, filesystem, network	+30	4.68 MB	faisalman

View full report↗︎