Skip to content

chore(deps)(deps): bump the production-minor-and-patch group across 1 directory with 7 updates#84

Open
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/npm_and_yarn/production-minor-and-patch-084518e4e2
Open

chore(deps)(deps): bump the production-minor-and-patch group across 1 directory with 7 updates#84
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/npm_and_yarn/production-minor-and-patch-084518e4e2

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 5, 2026

Copy link
Copy Markdown

Bumps the production-minor-and-patch group with 7 updates in the / directory:

Package From To
@grafana/faro-react 2.7.1 2.8.2
@grafana/faro-web-sdk 2.7.1 2.8.2
@tanstack/react-query 5.101.0 5.101.2
graphql 17.0.1 17.0.2
pg 8.21.0 8.22.0
react-router-dom 7.18.0 7.18.1
resend 6.14.0 6.16.0

Updates @grafana/faro-react from 2.7.1 to 2.8.2

Release notes

Sourced from @​grafana/faro-react's releases.

v2.8.2

2.8.2 (2026-07-01)

Bug Fixes

  • session: attribute the rotation-triggering signal to the new session (#2168) (923d3b8)
  • session: stop a background tab from emitting an expired session id (#2167) (eba5c2f)

v2.8.1

2.8.1 (2026-06-26)

Bug Fixes

  • web-sdk: harden fetch keepalive handling (#2151) (29c6327)

v2.8.0

2.8.0 (2026-06-25)

Features

  • web-sdk: add gzip request compression to FetchTransport (#2028) (acf7e29)

Bug Fixes

  • ci: align Renovate npm cooldown with yarn 7-day age gate (#2133) (62be84c)
  • ci: sign release-please lockfile-refresh commit via GitHub API (#2150) (d662d78)
  • core: allow BatchExecutor to run in worker scopes (#2122) (07d5282)
  • deps: update npm-dependencies past 7-day cooldown (#2138) (f8ef28e)
  • security/high/e2e/smoke: update security e2e/smoke vite to v8.0.16 [security] (#2129) (f52baee)
  • security/medium/: update security tar to v7.5.16 [security] (#2130) (cec1026)
  • web-sdk: report service worker time as 0 when no service worker is used (#2149) (13ab0a4)
  • web-tracing: update @​opentelemetry/core to v2.8.0 [security] (#2136) (a73fb1f)
Changelog

Sourced from @​grafana/faro-react's changelog.

2.8.2 (2026-07-01)

Bug Fixes

  • session: attribute the rotation-triggering signal to the new session (#2168) (923d3b8)
  • session: stop a background tab from emitting an expired session id (#2167) (eba5c2f)

2.8.1 (2026-06-26)

Bug Fixes

  • web-sdk: harden fetch keepalive handling (#2151) (29c6327)

2.8.0 (2026-06-25)

Features

  • web-sdk: add gzip request compression to FetchTransport (#2028) (acf7e29)

Bug Fixes

  • ci: align Renovate npm cooldown with yarn 7-day age gate (#2133) (62be84c)
  • ci: sign release-please lockfile-refresh commit via GitHub API (#2150) (d662d78)
  • core: allow BatchExecutor to run in worker scopes (#2122) (07d5282)
  • deps: update npm-dependencies past 7-day cooldown (#2138) (f8ef28e)
  • security/high/e2e/smoke: update security e2e/smoke vite to v8.0.16 [security] (#2129) (f52baee)
  • security/medium/: update security tar to v7.5.16 [security] (#2130) (cec1026)
  • web-sdk: report service worker time as 0 when no service worker is used (#2149) (13ab0a4)
  • web-tracing: update @​opentelemetry/core to v2.8.0 [security] (#2136) (a73fb1f)
Commits

Updates @grafana/faro-web-sdk from 2.7.1 to 2.8.2

Release notes

Sourced from @​grafana/faro-web-sdk's releases.

v2.8.2

2.8.2 (2026-07-01)

Bug Fixes

  • session: attribute the rotation-triggering signal to the new session (#2168) (923d3b8)
  • session: stop a background tab from emitting an expired session id (#2167) (eba5c2f)

v2.8.1

2.8.1 (2026-06-26)

Bug Fixes

  • web-sdk: harden fetch keepalive handling (#2151) (29c6327)

v2.8.0

2.8.0 (2026-06-25)

Features

  • web-sdk: add gzip request compression to FetchTransport (#2028) (acf7e29)

Bug Fixes

  • ci: align Renovate npm cooldown with yarn 7-day age gate (#2133) (62be84c)
  • ci: sign release-please lockfile-refresh commit via GitHub API (#2150) (d662d78)
  • core: allow BatchExecutor to run in worker scopes (#2122) (07d5282)
  • deps: update npm-dependencies past 7-day cooldown (#2138) (f8ef28e)
  • security/high/e2e/smoke: update security e2e/smoke vite to v8.0.16 [security] (#2129) (f52baee)
  • security/medium/: update security tar to v7.5.16 [security] (#2130) (cec1026)
  • web-sdk: report service worker time as 0 when no service worker is used (#2149) (13ab0a4)
  • web-tracing: update @​opentelemetry/core to v2.8.0 [security] (#2136) (a73fb1f)
Changelog

Sourced from @​grafana/faro-web-sdk's changelog.

2.8.2 (2026-07-01)

Bug Fixes

  • session: attribute the rotation-triggering signal to the new session (#2168) (923d3b8)
  • session: stop a background tab from emitting an expired session id (#2167) (eba5c2f)

2.8.1 (2026-06-26)

Bug Fixes

  • web-sdk: harden fetch keepalive handling (#2151) (29c6327)

2.8.0 (2026-06-25)

Features

  • web-sdk: add gzip request compression to FetchTransport (#2028) (acf7e29)

Bug Fixes

  • ci: align Renovate npm cooldown with yarn 7-day age gate (#2133) (62be84c)
  • ci: sign release-please lockfile-refresh commit via GitHub API (#2150) (d662d78)
  • core: allow BatchExecutor to run in worker scopes (#2122) (07d5282)
  • deps: update npm-dependencies past 7-day cooldown (#2138) (f8ef28e)
  • security/high/e2e/smoke: update security e2e/smoke vite to v8.0.16 [security] (#2129) (f52baee)
  • security/medium/: update security tar to v7.5.16 [security] (#2130) (cec1026)
  • web-sdk: report service worker time as 0 when no service worker is used (#2149) (13ab0a4)
  • web-tracing: update @​opentelemetry/core to v2.8.0 [security] (#2136) (a73fb1f)
Commits
  • 1d0a664 chore: release 2.8.2 (#2170)
  • 923d3b8 fix(session): attribute the rotation-triggering signal to the new session (#2...
  • eba5c2f fix(session): stop a background tab from emitting an expired session id (#2167)
  • 8efae53 chore: release 2.8.1 (#2157)
  • 29c6327 fix(web-sdk): harden fetch keepalive handling (#2151)
  • 1da0e9c chore: release 2.8.0 (#2124)
  • 13ab0a4 fix(web-sdk): report service worker time as 0 when no service worker is used ...
  • 4f51898 chore(deps): update npm-dependencies (#2102)
  • f8ef28e fix(deps): update npm-dependencies past 7-day cooldown (#2138)
  • acf7e29 feat(web-sdk): add gzip request compression to FetchTransport (#2028)
  • See full diff in compare view

Updates @tanstack/react-query from 5.101.0 to 5.101.2

Release notes

Sourced from @​tanstack/react-query's releases.

@​tanstack/react-query-devtools@​5.101.2

Patch Changes

@​tanstack/react-query-next-experimental@​5.101.2

Patch Changes

  • Updated dependencies []:
    • @​tanstack/react-query@​5.101.2

@​tanstack/react-query-persist-client@​5.101.2

Patch Changes

  • Updated dependencies []:
    • @​tanstack/query-persist-client-core@​5.101.2
    • @​tanstack/react-query@​5.101.2

@​tanstack/react-query@​5.101.2

Patch Changes

  • Updated dependencies []:
    • @​tanstack/query-core@​5.101.2

@​tanstack/react-query-devtools@​5.101.1

Patch Changes

  • Updated dependencies []:
    • @​tanstack/query-devtools@​5.101.1
    • @​tanstack/react-query@​5.101.1

@​tanstack/react-query-next-experimental@​5.101.1

Patch Changes

  • Updated dependencies []:
    • @​tanstack/react-query@​5.101.1

@​tanstack/react-query-persist-client@​5.101.1

Patch Changes

  • Updated dependencies []:
    • @​tanstack/query-persist-client-core@​5.101.1
    • @​tanstack/react-query@​5.101.1

@​tanstack/react-query@​5.101.1

Patch Changes

... (truncated)

Changelog

Sourced from @​tanstack/react-query's changelog.

5.101.2

Patch Changes

  • Updated dependencies []:
    • @​tanstack/query-core@​5.101.2

5.101.1

Patch Changes

  • Updated dependencies [9eff92e]:
    • @​tanstack/query-core@​5.101.1
Commits
  • 610e8d1 ci: Version Packages (#10996)
  • 1f84256 docs: document the select typing caveat for parallel-queries hooks (#10984)
  • b809297 ci: Version Packages (#10977)
  • ccc843e test({react,preact}-query/useQueries): move type-only tests to 'useQueries.te...
  • 4154613 test({react,preact}-query/useMutation): split 'should handle conditional logi...
  • 8bb5fde test({react,preact}-query/useMutation): split 'should pass meta to mutation' ...
  • 87426a3 test(react-query): replace deprecated 'toBeCalledTimes' with 'toHaveBeenCalle...
  • feb1efd test(*): move 'vi.useRealTimers' to the end of 'afterEach' so cleanup runs un...
  • See full diff in compare view

Updates graphql from 17.0.1 to 17.0.2

Release notes

Sourced from graphql's releases.

v17.0.2 (2026-07-03)

Bug Fix 🐞

Polish 💅

Committers: 2

Commits

Updates pg from 8.21.0 to 8.22.0

Changelog

Sourced from pg's changelog.

pg@8.22.0

Commits

Updates react-router-dom from 7.18.0 to 7.18.1

Changelog

Sourced from react-router-dom's changelog.

v7.18.1

Patch Changes

Commits

Updates resend from 6.14.0 to 6.16.0

Release notes

Sourced from resend's releases.

v6.16.0

What's Changed

Full Changelog: resend/resend-node@v6.15.0...v6.16.0

v6.15.0

What's Changed

Full Changelog: resend/resend-node@v6.14.0...v6.15.0

Commits

@dependabot dependabot Bot added area: tooling Nx, pnpm, TypeScript, ESLint, Prettier, testing, or local development tooling. automated Created or updated by automation, bots, or repository workflows. dependencies Dependency update, package maintenance, or lockfile change. labels Jul 5, 2026
@cloudflare-workers-and-pages

cloudflare-workers-and-pages Bot commented Jul 5, 2026

Copy link
Copy Markdown

Deploying with  Cloudflare Workers  Cloudflare Workers

The latest updates on your project. Learn more about integrating Git with Workers.

Status Name Latest Commit Preview URL Updated (UTC)
✅ Deployment successful!
View logs
aerealith 31368d3 Commit Preview URL

Branch Preview URL
Jul 05 2026, 09:13 AM

@github-actions

github-actions Bot commented Jul 5, 2026

Copy link
Copy Markdown

Coverage Report for Aerealith Vitest Coverage (.)

Status Category Percentage Covered / Total
🔵 Lines 91.78% 893 / 973
🔵 Statements 91.79% 895 / 975
🔵 Functions 86.41% 267 / 309
🔵 Branches 87.2% 402 / 461
File CoverageNo changed files found.
Generated in workflow #210 for commit 31368d3 by the Vitest Coverage Report Action

@github-actions

github-actions Bot commented Jul 5, 2026

Copy link
Copy Markdown

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

Scorecard details
PackageVersionScoreDetails
npm/@grafana/faro-core 2.8.2 UnknownUnknown
npm/@grafana/faro-react 2.8.2 UnknownUnknown
npm/@grafana/faro-web-sdk 2.8.2 UnknownUnknown
npm/@grafana/faro-web-tracing 2.8.2 UnknownUnknown
npm/@opentelemetry/api-logs 0.219.0 🟢 7
Details
CheckScoreReason
Code-Review🟢 9Found 25/26 approved changesets -- score normalized to 9
Dependency-Update-Tool🟢 10update tool detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Maintained🟢 1030 commit(s) and 16 issue activity found in the last 90 days -- score normalized to 10
Packaging⚠️ -1packaging workflow not detected
Binary-Artifacts🟢 10no binaries found in the repo
Token-Permissions🟢 10GitHub workflow tokens follow principle of least privilege
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Signed-Releases⚠️ 0Project has not signed or included provenance with any releases.
License🟢 10license file detected
Pinned-Dependencies🟢 6dependency not pinned by hash detected -- score normalized to 6
Fuzzing⚠️ 0project is not fuzzed
SAST🟢 10SAST tool is run on all commits
Branch-Protection🟢 4branch protection is not maximal on development and all release branches
Security-Policy🟢 10security policy file detected
Vulnerabilities⚠️ 021 existing vulnerabilities detected
CI-Tests🟢 1029 out of 29 merged PRs checked by a CI test -- score normalized to 10
Contributors🟢 10project has 40 contributing companies or organizations
npm/@opentelemetry/exporter-trace-otlp-http 0.219.0 🟢 7
Details
CheckScoreReason
Code-Review🟢 9Found 25/26 approved changesets -- score normalized to 9
Dependency-Update-Tool🟢 10update tool detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Maintained🟢 1030 commit(s) and 16 issue activity found in the last 90 days -- score normalized to 10
Packaging⚠️ -1packaging workflow not detected
Binary-Artifacts🟢 10no binaries found in the repo
Token-Permissions🟢 10GitHub workflow tokens follow principle of least privilege
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Signed-Releases⚠️ 0Project has not signed or included provenance with any releases.
License🟢 10license file detected
Pinned-Dependencies🟢 6dependency not pinned by hash detected -- score normalized to 6
Fuzzing⚠️ 0project is not fuzzed
SAST🟢 10SAST tool is run on all commits
Branch-Protection🟢 4branch protection is not maximal on development and all release branches
Security-Policy🟢 10security policy file detected
Vulnerabilities⚠️ 021 existing vulnerabilities detected
CI-Tests🟢 1029 out of 29 merged PRs checked by a CI test -- score normalized to 10
Contributors🟢 10project has 40 contributing companies or organizations
npm/@opentelemetry/instrumentation 0.219.0 🟢 7
Details
CheckScoreReason
Code-Review🟢 9Found 25/26 approved changesets -- score normalized to 9
Dependency-Update-Tool🟢 10update tool detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Maintained🟢 1030 commit(s) and 16 issue activity found in the last 90 days -- score normalized to 10
Packaging⚠️ -1packaging workflow not detected
Binary-Artifacts🟢 10no binaries found in the repo
Token-Permissions🟢 10GitHub workflow tokens follow principle of least privilege
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Signed-Releases⚠️ 0Project has not signed or included provenance with any releases.
License🟢 10license file detected
Pinned-Dependencies🟢 6dependency not pinned by hash detected -- score normalized to 6
Fuzzing⚠️ 0project is not fuzzed
SAST🟢 10SAST tool is run on all commits
Branch-Protection🟢 4branch protection is not maximal on development and all release branches
Security-Policy🟢 10security policy file detected
Vulnerabilities⚠️ 021 existing vulnerabilities detected
CI-Tests🟢 1029 out of 29 merged PRs checked by a CI test -- score normalized to 10
Contributors🟢 10project has 40 contributing companies or organizations
npm/@opentelemetry/instrumentation-fetch 0.219.0 🟢 7
Details
CheckScoreReason
Code-Review🟢 9Found 25/26 approved changesets -- score normalized to 9
Dependency-Update-Tool🟢 10update tool detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Maintained🟢 1030 commit(s) and 16 issue activity found in the last 90 days -- score normalized to 10
Packaging⚠️ -1packaging workflow not detected
Binary-Artifacts🟢 10no binaries found in the repo
Token-Permissions🟢 10GitHub workflow tokens follow principle of least privilege
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Signed-Releases⚠️ 0Project has not signed or included provenance with any releases.
License🟢 10license file detected
Pinned-Dependencies🟢 6dependency not pinned by hash detected -- score normalized to 6
Fuzzing⚠️ 0project is not fuzzed
SAST🟢 10SAST tool is run on all commits
Branch-Protection🟢 4branch protection is not maximal on development and all release branches
Security-Policy🟢 10security policy file detected
Vulnerabilities⚠️ 021 existing vulnerabilities detected
CI-Tests🟢 1029 out of 29 merged PRs checked by a CI test -- score normalized to 10
Contributors🟢 10project has 40 contributing companies or organizations
npm/@opentelemetry/instrumentation-xml-http-request 0.219.0 🟢 7
Details
CheckScoreReason
Code-Review🟢 9Found 25/26 approved changesets -- score normalized to 9
Dependency-Update-Tool🟢 10update tool detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Maintained🟢 1030 commit(s) and 16 issue activity found in the last 90 days -- score normalized to 10
Packaging⚠️ -1packaging workflow not detected
Binary-Artifacts🟢 10no binaries found in the repo
Token-Permissions🟢 10GitHub workflow tokens follow principle of least privilege
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Signed-Releases⚠️ 0Project has not signed or included provenance with any releases.
License🟢 10license file detected
Pinned-Dependencies🟢 6dependency not pinned by hash detected -- score normalized to 6
Fuzzing⚠️ 0project is not fuzzed
SAST🟢 10SAST tool is run on all commits
Branch-Protection🟢 4branch protection is not maximal on development and all release branches
Security-Policy🟢 10security policy file detected
Vulnerabilities⚠️ 021 existing vulnerabilities detected
CI-Tests🟢 1029 out of 29 merged PRs checked by a CI test -- score normalized to 10
Contributors🟢 10project has 40 contributing companies or organizations
npm/@opentelemetry/otlp-exporter-base 0.219.0 🟢 7
Details
CheckScoreReason
Code-Review🟢 9Found 25/26 approved changesets -- score normalized to 9
Dependency-Update-Tool🟢 10update tool detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Maintained🟢 1030 commit(s) and 16 issue activity found in the last 90 days -- score normalized to 10
Packaging⚠️ -1packaging workflow not detected
Binary-Artifacts🟢 10no binaries found in the repo
Token-Permissions🟢 10GitHub workflow tokens follow principle of least privilege
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Signed-Releases⚠️ 0Project has not signed or included provenance with any releases.
License🟢 10license file detected
Pinned-Dependencies🟢 6dependency not pinned by hash detected -- score normalized to 6
Fuzzing⚠️ 0project is not fuzzed
SAST🟢 10SAST tool is run on all commits
Branch-Protection🟢 4branch protection is not maximal on development and all release branches
Security-Policy🟢 10security policy file detected
Vulnerabilities⚠️ 021 existing vulnerabilities detected
CI-Tests🟢 1029 out of 29 merged PRs checked by a CI test -- score normalized to 10
Contributors🟢 10project has 40 contributing companies or organizations
npm/@opentelemetry/otlp-transformer 0.219.0 🟢 7
Details
CheckScoreReason
Code-Review🟢 9Found 25/26 approved changesets -- score normalized to 9
Dependency-Update-Tool🟢 10update tool detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Maintained🟢 1030 commit(s) and 16 issue activity found in the last 90 days -- score normalized to 10
Packaging⚠️ -1packaging workflow not detected
Binary-Artifacts🟢 10no binaries found in the repo
Token-Permissions🟢 10GitHub workflow tokens follow principle of least privilege
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Signed-Releases⚠️ 0Project has not signed or included provenance with any releases.
License🟢 10license file detected
Pinned-Dependencies🟢 6dependency not pinned by hash detected -- score normalized to 6
Fuzzing⚠️ 0project is not fuzzed
SAST🟢 10SAST tool is run on all commits
Branch-Protection🟢 4branch protection is not maximal on development and all release branches
Security-Policy🟢 10security policy file detected
Vulnerabilities⚠️ 021 existing vulnerabilities detected
CI-Tests🟢 1029 out of 29 merged PRs checked by a CI test -- score normalized to 10
Contributors🟢 10project has 40 contributing companies or organizations
npm/@opentelemetry/resources 2.9.0 🟢 7
Details
CheckScoreReason
Code-Review🟢 9Found 25/26 approved changesets -- score normalized to 9
Dependency-Update-Tool🟢 10update tool detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Maintained🟢 1030 commit(s) and 16 issue activity found in the last 90 days -- score normalized to 10
Packaging⚠️ -1packaging workflow not detected
Binary-Artifacts🟢 10no binaries found in the repo
Token-Permissions🟢 10GitHub workflow tokens follow principle of least privilege
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Signed-Releases⚠️ 0Project has not signed or included provenance with any releases.
License🟢 10license file detected
Pinned-Dependencies🟢 6dependency not pinned by hash detected -- score normalized to 6
Fuzzing⚠️ 0project is not fuzzed
SAST🟢 10SAST tool is run on all commits
Branch-Protection🟢 4branch protection is not maximal on development and all release branches
Security-Policy🟢 10security policy file detected
Vulnerabilities⚠️ 021 existing vulnerabilities detected
CI-Tests🟢 1029 out of 29 merged PRs checked by a CI test -- score normalized to 10
Contributors🟢 10project has 40 contributing companies or organizations
npm/@opentelemetry/sdk-logs 0.219.0 🟢 7
Details
CheckScoreReason
Code-Review🟢 9Found 25/26 approved changesets -- score normalized to 9
Dependency-Update-Tool🟢 10update tool detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Maintained🟢 1030 commit(s) and 16 issue activity found in the last 90 days -- score normalized to 10
Packaging⚠️ -1packaging workflow not detected
Binary-Artifacts🟢 10no binaries found in the repo
Token-Permissions🟢 10GitHub workflow tokens follow principle of least privilege
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Signed-Releases⚠️ 0Project has not signed or included provenance with any releases.
License🟢 10license file detected
Pinned-Dependencies🟢 6dependency not pinned by hash detected -- score normalized to 6
Fuzzing⚠️ 0project is not fuzzed
SAST🟢 10SAST tool is run on all commits
Branch-Protection🟢 4branch protection is not maximal on development and all release branches
Security-Policy🟢 10security policy file detected
Vulnerabilities⚠️ 021 existing vulnerabilities detected
CI-Tests🟢 1029 out of 29 merged PRs checked by a CI test -- score normalized to 10
Contributors🟢 10project has 40 contributing companies or organizations
npm/@opentelemetry/sdk-metrics 2.8.0 🟢 7
Details
CheckScoreReason
Code-Review🟢 9Found 25/26 approved changesets -- score normalized to 9
Dependency-Update-Tool🟢 10update tool detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Maintained🟢 1030 commit(s) and 16 issue activity found in the last 90 days -- score normalized to 10
Packaging⚠️ -1packaging workflow not detected
Binary-Artifacts🟢 10no binaries found in the repo
Token-Permissions🟢 10GitHub workflow tokens follow principle of least privilege
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Signed-Releases⚠️ 0Project has not signed or included provenance with any releases.
License🟢 10license file detected
Pinned-Dependencies🟢 6dependency not pinned by hash detected -- score normalized to 6
Fuzzing⚠️ 0project is not fuzzed
SAST🟢 10SAST tool is run on all commits
Branch-Protection🟢 4branch protection is not maximal on development and all release branches
Security-Policy🟢 10security policy file detected
Vulnerabilities⚠️ 021 existing vulnerabilities detected
CI-Tests🟢 1029 out of 29 merged PRs checked by a CI test -- score normalized to 10
Contributors🟢 10project has 40 contributing companies or organizations
npm/@opentelemetry/sdk-trace 2.9.0 🟢 7
Details
CheckScoreReason
Code-Review🟢 9Found 25/26 approved changesets -- score normalized to 9
Dependency-Update-Tool🟢 10update tool detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Maintained🟢 1030 commit(s) and 16 issue activity found in the last 90 days -- score normalized to 10
Packaging⚠️ -1packaging workflow not detected
Binary-Artifacts🟢 10no binaries found in the repo
Token-Permissions🟢 10GitHub workflow tokens follow principle of least privilege
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Signed-Releases⚠️ 0Project has not signed or included provenance with any releases.
License🟢 10license file detected
Pinned-Dependencies🟢 6dependency not pinned by hash detected -- score normalized to 6
Fuzzing⚠️ 0project is not fuzzed
SAST🟢 10SAST tool is run on all commits
Branch-Protection🟢 4branch protection is not maximal on development and all release branches
Security-Policy🟢 10security policy file detected
Vulnerabilities⚠️ 021 existing vulnerabilities detected
CI-Tests🟢 1029 out of 29 merged PRs checked by a CI test -- score normalized to 10
Contributors🟢 10project has 40 contributing companies or organizations
npm/@opentelemetry/sdk-trace-base 2.9.0 🟢 7
Details
CheckScoreReason
Code-Review🟢 9Found 25/26 approved changesets -- score normalized to 9
Dependency-Update-Tool🟢 10update tool detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Maintained🟢 1030 commit(s) and 16 issue activity found in the last 90 days -- score normalized to 10
Packaging⚠️ -1packaging workflow not detected
Binary-Artifacts🟢 10no binaries found in the repo
Token-Permissions🟢 10GitHub workflow tokens follow principle of least privilege
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Signed-Releases⚠️ 0Project has not signed or included provenance with any releases.
License🟢 10license file detected
Pinned-Dependencies🟢 6dependency not pinned by hash detected -- score normalized to 6
Fuzzing⚠️ 0project is not fuzzed
SAST🟢 10SAST tool is run on all commits
Branch-Protection🟢 4branch protection is not maximal on development and all release branches
Security-Policy🟢 10security policy file detected
Vulnerabilities⚠️ 021 existing vulnerabilities detected
CI-Tests🟢 1029 out of 29 merged PRs checked by a CI test -- score normalized to 10
Contributors🟢 10project has 40 contributing companies or organizations
npm/@opentelemetry/sdk-trace-web 2.9.0 🟢 7
Details
CheckScoreReason
Code-Review🟢 9Found 25/26 approved changesets -- score normalized to 9
Dependency-Update-Tool🟢 10update tool detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Maintained🟢 1030 commit(s) and 16 issue activity found in the last 90 days -- score normalized to 10
Packaging⚠️ -1packaging workflow not detected
Binary-Artifacts🟢 10no binaries found in the repo
Token-Permissions🟢 10GitHub workflow tokens follow principle of least privilege
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Signed-Releases⚠️ 0Project has not signed or included provenance with any releases.
License🟢 10license file detected
Pinned-Dependencies🟢 6dependency not pinned by hash detected -- score normalized to 6
Fuzzing⚠️ 0project is not fuzzed
SAST🟢 10SAST tool is run on all commits
Branch-Protection🟢 4branch protection is not maximal on development and all release branches
Security-Policy🟢 10security policy file detected
Vulnerabilities⚠️ 021 existing vulnerabilities detected
CI-Tests🟢 1029 out of 29 merged PRs checked by a CI test -- score normalized to 10
Contributors🟢 10project has 40 contributing companies or organizations
npm/@tanstack/query-core 5.101.2 UnknownUnknown
npm/@tanstack/react-query 5.101.2 UnknownUnknown
npm/es-module-lexer 2.3.0 🟢 4.6
Details
CheckScoreReason
Code-Review🟢 3Found 11/30 approved changesets -- score normalized to 3
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Packaging⚠️ -1packaging workflow not detected
Binary-Artifacts🟢 10no binaries found in the repo
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Maintained🟢 1011 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Fuzzing⚠️ 0project is not fuzzed
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Security-Policy⚠️ 0security policy file not detected
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
npm/graphql 17.0.2 🟢 7.3
Details
CheckScoreReason
Code-Review⚠️ 1Found 5/26 approved changesets -- score normalized to 1
Maintained🟢 1030 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Packaging⚠️ -1packaging workflow not detected
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Token-Permissions🟢 10GitHub workflow tokens follow principle of least privilege
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies🟢 4dependency not pinned by hash detected -- score normalized to 4
License🟢 10license file detected
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Fuzzing⚠️ 0project is not fuzzed
Signed-Releases⚠️ -1no releases found
Security-Policy🟢 10security policy file detected
SAST🟢 10SAST tool is run on all commits
npm/import-in-the-middle 3.3.0 UnknownUnknown
npm/pg 8.22.0 🟢 5.4
Details
CheckScoreReason
Maintained🟢 1030 commit(s) and 12 issue activity found in the last 90 days -- score normalized to 10
Token-Permissions🟢 10GitHub workflow tokens follow principle of least privilege
Code-Review🟢 6Found 19/29 approved changesets -- score normalized to 6
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Packaging⚠️ -1packaging workflow not detected
Binary-Artifacts🟢 10no binaries found in the repo
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Security-Policy⚠️ 0security policy file not detected
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
License🟢 10license file detected
Fuzzing⚠️ 0project is not fuzzed
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ 0branch protection not enabled on development/release branches
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
npm/pg-connection-string 2.14.0 🟢 5.4
Details
CheckScoreReason
Maintained🟢 1030 commit(s) and 12 issue activity found in the last 90 days -- score normalized to 10
Token-Permissions🟢 10GitHub workflow tokens follow principle of least privilege
Code-Review🟢 6Found 19/29 approved changesets -- score normalized to 6
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Packaging⚠️ -1packaging workflow not detected
Binary-Artifacts🟢 10no binaries found in the repo
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Security-Policy⚠️ 0security policy file not detected
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
License🟢 10license file detected
Fuzzing⚠️ 0project is not fuzzed
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ 0branch protection not enabled on development/release branches
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
npm/pg-protocol 1.15.0 🟢 5.4
Details
CheckScoreReason
Maintained🟢 1030 commit(s) and 12 issue activity found in the last 90 days -- score normalized to 10
Token-Permissions🟢 10GitHub workflow tokens follow principle of least privilege
Code-Review🟢 6Found 19/29 approved changesets -- score normalized to 6
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Packaging⚠️ -1packaging workflow not detected
Binary-Artifacts🟢 10no binaries found in the repo
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Security-Policy⚠️ 0security policy file not detected
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
License🟢 10license file detected
Fuzzing⚠️ 0project is not fuzzed
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ 0branch protection not enabled on development/release branches
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
npm/react-router 7.18.1 🟢 3.8
Details
CheckScoreReason
Security-Policy🟢 10security policy file detected
Code-Review🟢 3Found 11/30 approved changesets -- score normalized to 3
Dangerous-Workflow⚠️ 0dangerous workflow patterns detected
Maintained🟢 1030 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Packaging⚠️ -1packaging workflow not detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
License🟢 10license file detected
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Signed-Releases⚠️ -1no releases found
Fuzzing⚠️ 0project is not fuzzed
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
npm/react-router-dom 7.18.1 🟢 3.8
Details
CheckScoreReason
Security-Policy🟢 10security policy file detected
Code-Review🟢 3Found 11/30 approved changesets -- score normalized to 3
Dangerous-Workflow⚠️ 0dangerous workflow patterns detected
Maintained🟢 1030 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Packaging⚠️ -1packaging workflow not detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
License🟢 10license file detected
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Signed-Releases⚠️ -1no releases found
Fuzzing⚠️ 0project is not fuzzed
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
npm/resend 6.16.0 UnknownUnknown

Scanned Files

  • pnpm-lock.yaml

@github-actions github-actions Bot added the type: build Build tooling, packaging, bundling, or release pipeline work. label Jul 5, 2026
@github-code-quality

github-code-quality Bot commented Jul 5, 2026

Copy link
Copy Markdown

Code Coverage Overview

Languages: TypeScript

TypeScript / code-coverage/vitest

The overall coverage remains at 92%, unchanged from the branch.


Updated July 05, 2026 09:18 UTC
Code Coverage is in Public Preview. Learn more and provide us with your feedback.

@github-actions

github-actions Bot commented Jul 5, 2026

Copy link
Copy Markdown

Aerealith CI

Overall result: ✅ Passed
Run: #210

Check Result
Dependency install ✅ Passed
Nx installation ✅ Passed
Nx workspace reset ✅ Passed
Git comparison range ✅ Passed
Nx affected validation ✅ Passed
MegaLinter ✅ Passed

Cache

  • pnpm store: miss
  • Nx task cache: managed by Nx Cloud when configured for this workspace.
Run details
  • Base SHA: 29f4bb5372032cd5a0e975601929da430abcc9dc
  • Head SHA: 31368d3f87463b26a6a277038c95e7776884acb5
  • Validation targets: lint, typecheck, test, build
  • Logs: download the ci-logs artifact from the workflow run.

@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/production-minor-and-patch-084518e4e2 branch from 09de8f8 to 72bde2e Compare July 5, 2026 04:11
@Sinless777 Sinless777 moved this to Inbox in Aerealith Delivery Jul 5, 2026
@Sinless777 Sinless777 moved this from Inbox to In Review in Aerealith Delivery Jul 5, 2026
… directory with 7 updates

Bumps the production-minor-and-patch group with 7 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [@grafana/faro-react](https://github.com/grafana/faro-web-sdk/tree/HEAD/packages/react) | `2.7.1` | `2.8.2` |
| [@grafana/faro-web-sdk](https://github.com/grafana/faro-web-sdk/tree/HEAD/packages/web-sdk) | `2.7.1` | `2.8.2` |
| [@tanstack/react-query](https://github.com/TanStack/query/tree/HEAD/packages/react-query) | `5.101.0` | `5.101.2` |
| [graphql](https://github.com/graphql/graphql-js) | `17.0.1` | `17.0.2` |
| [pg](https://github.com/brianc/node-postgres/tree/HEAD/packages/pg) | `8.21.0` | `8.22.0` |
| [react-router-dom](https://github.com/remix-run/react-router/tree/HEAD/packages/react-router-dom) | `7.18.0` | `7.18.1` |
| [resend](https://github.com/resend/resend-node) | `6.14.0` | `6.16.0` |



Updates `@grafana/faro-react` from 2.7.1 to 2.8.2
- [Release notes](https://github.com/grafana/faro-web-sdk/releases)
- [Changelog](https://github.com/grafana/faro-web-sdk/blob/main/CHANGELOG.md)
- [Commits](https://github.com/grafana/faro-web-sdk/commits/v2.8.2/packages/react)

Updates `@grafana/faro-web-sdk` from 2.7.1 to 2.8.2
- [Release notes](https://github.com/grafana/faro-web-sdk/releases)
- [Changelog](https://github.com/grafana/faro-web-sdk/blob/main/CHANGELOG.md)
- [Commits](https://github.com/grafana/faro-web-sdk/commits/v2.8.2/packages/web-sdk)

Updates `@tanstack/react-query` from 5.101.0 to 5.101.2
- [Release notes](https://github.com/TanStack/query/releases)
- [Changelog](https://github.com/TanStack/query/blob/main/packages/react-query/CHANGELOG.md)
- [Commits](https://github.com/TanStack/query/commits/@tanstack/react-query@5.101.2/packages/react-query)

Updates `graphql` from 17.0.1 to 17.0.2
- [Release notes](https://github.com/graphql/graphql-js/releases)
- [Commits](graphql/graphql-js@v17.0.1...v17.0.2)

Updates `pg` from 8.21.0 to 8.22.0
- [Changelog](https://github.com/brianc/node-postgres/blob/master/CHANGELOG.md)
- [Commits](https://github.com/brianc/node-postgres/commits/pg@8.22.0/packages/pg)

Updates `react-router-dom` from 7.18.0 to 7.18.1
- [Release notes](https://github.com/remix-run/react-router/releases)
- [Changelog](https://github.com/remix-run/react-router/blob/react-router-dom@7.18.1/packages/react-router-dom/CHANGELOG.md)
- [Commits](https://github.com/remix-run/react-router/commits/react-router-dom@7.18.1/packages/react-router-dom)

Updates `resend` from 6.14.0 to 6.16.0
- [Release notes](https://github.com/resend/resend-node/releases)
- [Commits](resend/resend-node@v6.14.0...v6.16.0)

---
updated-dependencies:
- dependency-name: "@grafana/faro-react"
  dependency-version: 2.8.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production-minor-and-patch
- dependency-name: "@grafana/faro-web-sdk"
  dependency-version: 2.8.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production-minor-and-patch
- dependency-name: "@tanstack/react-query"
  dependency-version: 5.101.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: production-minor-and-patch
- dependency-name: graphql
  dependency-version: 17.0.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: production-minor-and-patch
- dependency-name: pg
  dependency-version: 8.22.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production-minor-and-patch
- dependency-name: react-router-dom
  dependency-version: 7.18.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: production-minor-and-patch
- dependency-name: resend
  dependency-version: 6.16.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production-minor-and-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/production-minor-and-patch-084518e4e2 branch from 72bde2e to 31368d3 Compare July 5, 2026 09:11
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

area: tooling Nx, pnpm, TypeScript, ESLint, Prettier, testing, or local development tooling. automated Created or updated by automation, bots, or repository workflows. dependencies Dependency update, package maintenance, or lockfile change. type: build Build tooling, packaging, bundling, or release pipeline work.

Projects

Status: In Review

Development

Successfully merging this pull request may close these issues.

1 participant