WARNING: THIS SITE IS A MIRROR OF GITHUB.COM / IT CANNOT LOGIN OR REGISTER ACCOUNTS / THE CONTENTS ARE PROVIDED AS-IS / THIS SITE ASSUMES NO RESPONSIBILITY FOR ANY DISPLAYED CONTENT OR LINKS / IF YOU FOUND SOMETHING MAY NOT GOOD FOR EVERYONE, CONTACT ADMIN AT ilovescratch@foxmail.com
Skip to content

chore(deps): Non-AWS dependency updates #698

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
kelvin-chappell merged 2 commits into from
Oct 29, 2025
Merged

chore(deps): Non-AWS dependency updates #698

kelvin-chappell merged 2 commits into from
Oct 29, 2025

Conversation

@gu-scala-steward-public-repos
Copy link
Contributor

@gu-scala-steward-public-repos gu-scala-steward-public-repos bot commented Oct 24, 2025

About this PR

Updates:

Usage

βœ… Please merge!

I'll automatically update this PR to resolve conflicts as long as you don't change it yourself.

If you have any feedback, just mention me in the comments below.

Configure Scala Steward for your repository with a .scala-steward.conf file.

Have a fantastic day writing Scala!

πŸ” Files still referring to the old version numbers

The following files still refer to the old version numbers.
You might want to review and update them manually.

build.sbt
frontend/package-lock.json
βš™ Adjust future updates

Add these to your .scala-steward.conf file to ignore future updates of these dependencies:

updates.ignore = [
  { groupId = "ch.qos.logback", artifactId = "logback-classic" },
  { groupId = "org.scala-lang", artifactId = "scala3-library" }
]

Or, add these to slow down future updates of these dependencies:

dependencyOverrides = [
  {
    pullRequests = { frequency = "30 days" },
    dependency = { groupId = "ch.qos.logback", artifactId = "logback-classic" }
  },
  {
    pullRequests = { frequency = "30 days" },
    dependency = { groupId = "org.scala-lang", artifactId = "scala3-library" }
  }
]
labels: dependencies

@github-actions
Copy link
Contributor

github-actions bot commented Oct 24, 2025

Dependency Review

The following issues were found:
  • βœ… 0 vulnerable package(s)
  • βœ… 0 package(s) with incompatible licenses
  • βœ… 0 package(s) with invalid SPDX license definitions
  • ⚠️ 2 package(s) with unknown licenses.
See the Details below.

License Issues

build.sbt

PackageVersionLicenseIssue Type
ch.qos.logback:logback-classic1.5.20NullUnknown License
ch.qos.logback:logback-core1.5.20NullUnknown License

OpenSSF Scorecard

Scorecard details
PackageVersionScoreDetails
maven/ch.qos.logback:logback-classic 1.5.20 🟒 7.2
Details
CheckScoreReason
Maintained🟒 1026 commit(s) and 7 issue activity found in the last 90 days -- score normalized to 10
Dangerous-Workflow🟒 10no dangerous workflow patterns detected
Packaging⚠️ -1packaging workflow not detected
Token-Permissions🟒 10GitHub workflow tokens follow principle of least privilege
Code-Review⚠️ 0Found 2/30 approved changesets -- score normalized to 0
Security-Policy🟒 10security policy file detected
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Binary-Artifacts🟒 10no binaries found in the repo
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
License🟒 9license file detected
Fuzzing🟒 10project is fuzzed
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities🟒 100 existing vulnerabilities detected
maven/ch.qos.logback:logback-core 1.5.20 🟒 7.2
Details
CheckScoreReason
Maintained🟒 1026 commit(s) and 7 issue activity found in the last 90 days -- score normalized to 10
Dangerous-Workflow🟒 10no dangerous workflow patterns detected
Packaging⚠️ -1packaging workflow not detected
Token-Permissions🟒 10GitHub workflow tokens follow principle of least privilege
Code-Review⚠️ 0Found 2/30 approved changesets -- score normalized to 0
Security-Policy🟒 10security policy file detected
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Binary-Artifacts🟒 10no binaries found in the repo
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
License🟒 9license file detected
Fuzzing🟒 10project is fuzzed
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities🟒 100 existing vulnerabilities detected
maven/org.jline:jline-native 3.29.0 🟒 4.4
Details
CheckScoreReason
Code-Review⚠️ 0Found 0/17 approved changesets -- score normalized to 0
Maintained🟒 1030 commit(s) and 4 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Dangerous-Workflow🟒 10no dangerous workflow patterns detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Security-Policy⚠️ 0security policy file not detected
License🟒 9license file detected
Binary-Artifacts⚠️ 0binaries present in source code
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Fuzzing🟒 10project is fuzzed
Signed-Releases⚠️ -1no releases found
Packaging🟒 10packaging workflow detected
Branch-Protection⚠️ 0branch protection not enabled on development/release branches
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities🟒 100 existing vulnerabilities detected
maven/org.jline:jline-reader 3.29.0 🟒 4.4
Details
CheckScoreReason
Code-Review⚠️ 0Found 0/17 approved changesets -- score normalized to 0
Maintained🟒 1030 commit(s) and 4 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Dangerous-Workflow🟒 10no dangerous workflow patterns detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Security-Policy⚠️ 0security policy file not detected
License🟒 9license file detected
Binary-Artifacts⚠️ 0binaries present in source code
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Fuzzing🟒 10project is fuzzed
Signed-Releases⚠️ -1no releases found
Packaging🟒 10packaging workflow detected
Branch-Protection⚠️ 0branch protection not enabled on development/release branches
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities🟒 100 existing vulnerabilities detected
maven/org.jline:jline-terminal 3.29.0 🟒 4.4
Details
CheckScoreReason
Code-Review⚠️ 0Found 0/17 approved changesets -- score normalized to 0
Maintained🟒 1030 commit(s) and 4 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Dangerous-Workflow🟒 10no dangerous workflow patterns detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Security-Policy⚠️ 0security policy file not detected
License🟒 9license file detected
Binary-Artifacts⚠️ 0binaries present in source code
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Fuzzing🟒 10project is fuzzed
Signed-Releases⚠️ -1no releases found
Packaging🟒 10packaging workflow detected
Branch-Protection⚠️ 0branch protection not enabled on development/release branches
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities🟒 100 existing vulnerabilities detected
maven/org.jline:jline-terminal-jni 3.29.0 🟒 4.4
Details
CheckScoreReason
Code-Review⚠️ 0Found 0/17 approved changesets -- score normalized to 0
Maintained🟒 1030 commit(s) and 4 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Dangerous-Workflow🟒 10no dangerous workflow patterns detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Security-Policy⚠️ 0security policy file not detected
License🟒 9license file detected
Binary-Artifacts⚠️ 0binaries present in source code
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Fuzzing🟒 10project is fuzzed
Signed-Releases⚠️ -1no releases found
Packaging🟒 10packaging workflow detected
Branch-Protection⚠️ 0branch protection not enabled on development/release branches
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities🟒 100 existing vulnerabilities detected
maven/org.scala-lang:scala3-compiler_3 3.3.7 UnknownUnknown
maven/org.scala-lang:scala3-interfaces 3.3.7 UnknownUnknown
maven/org.scala-lang:scala3-library_3 3.3.7 UnknownUnknown
maven/org.scala-lang:scala3-tasty-inspector_3 3.3.7 UnknownUnknown
maven/org.scala-lang:scaladoc_3 3.3.7 UnknownUnknown
maven/org.scala-lang:tasty-core_3 3.3.7 UnknownUnknown
maven/org.scala-sbt:compiler-interface 1.10.7 🟒 5.6
Details
CheckScoreReason
Dangerous-Workflow🟒 10no dangerous workflow patterns detected
Code-Review🟒 8Found 17/19 approved changesets -- score normalized to 8
Maintained🟒 1030 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 10
Packaging⚠️ -1packaging workflow not detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Binary-Artifacts🟒 9binaries present in source code
License🟒 10license file detected
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Vulnerabilities🟒 100 existing vulnerabilities detected
Fuzzing⚠️ 0project is not fuzzed
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Security-Policy⚠️ 0security policy file not detected
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
maven/org.scala-sbt:util-interface 1.10.7 🟒 4.9
Details
CheckScoreReason
Maintained🟒 1030 commit(s) and 13 issue activity found in the last 90 days -- score normalized to 10
Code-Review🟒 8Found 11/13 approved changesets -- score normalized to 8
Dangerous-Workflow🟒 10no dangerous workflow patterns detected
Packaging⚠️ -1packaging workflow not detected
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Fuzzing⚠️ 0project is not fuzzed
License🟒 10license file detected
Vulnerabilities🟒 100 existing vulnerabilities detected
Binary-Artifacts⚠️ 0binaries present in source code
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Security-Policy⚠️ 0security policy file not detected
Signed-Releases🟒 82 out of the last 2 releases have a total of 2 signed artifacts.
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0

Scanned Files

  • build.sbt

@kelvin-chappell kelvin-chappell merged commit c3ed61e into main Oct 29, 2025
8 checks passed
@kelvin-chappell kelvin-chappell deleted the update/non_aws branch October 29, 2025 09:11
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@kelvin-chappell kelvin-chappell kelvin-chappell approved these changes

Assignees

No one assigned

Labels

dependencies

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@kelvin-chappell