Skip to content

Deps: Bump i18next-cli from 1.58.0 to 1.65.0#5418

Merged
greenbonebot merged 1 commit into
mainfrom
dependabot/npm_and_yarn/main/i18next-cli-1.65.0
Jul 15, 2026
Merged

Deps: Bump i18next-cli from 1.58.0 to 1.65.0#5418
greenbonebot merged 1 commit into
mainfrom
dependabot/npm_and_yarn/main/i18next-cli-1.65.0

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 15, 2026

Copy link
Copy Markdown
Contributor

Bumps i18next-cli from 1.58.0 to 1.65.0.

Changelog

Sourced from i18next-cli's changelog.

1.65.0

  • fix(extract): respect fallbackNS — keys already translated in a fallback namespace are no longer duplicated into the requesting namespace's file (#272).
    • Such keys are now attributed to the fallback namespace instead, so removeUnusedKeys no longer prunes them from the fallback file (previously a key like cancel living only in the fallback namespace was deleted there and re-created in every namespace that used it).
    • A key that already has a non-empty value in the requesting namespace's own file is treated as an intentional per-namespace override and keeps being extracted there, mirroring the i18next runtime lookup order (requested namespace first, then the fallback chain). Empty-string placeholders left behind by previous extract runs are cleaned up.
    • Keys not found in any fallback namespace are still added to the requesting namespace, like the i18next saveMissing behavior.
  • feat(extract): fallbackNS now also accepts an array of namespaces (looked up in order, like the i18next runtime option) — supported by extract, status, and the TypeScript types generator.

1.64.2

  • fix(status): scope the pass/fail result to the requested locale (#271).
    • status <locale> now exits based on that locale only, instead of always evaluating every secondary language. Previously, running e.g. status en-AU on a fully-translated primary could print "🎉 All keys present" and still exit 1 because an unrelated secondary (e.g. an empty de-DE) was incomplete — a summary that contradicted the exit code.
    • When the requested locale is the primary, the check still fails only on absent keys (empty placeholders are tolerated); for a secondary it fails on any untranslated/absent key. The global view (status with no locale) is unchanged.
    • The failure message now names the locale when scoped (Error: Incomplete translations detected for "de-DE".) so the reason is no longer hidden.

1.64.1

  • fix(status): align plural reporting with the i18next runtime (#270).
    • Plural categories that Intl.PluralRules only selects for out-of-range values (e.g. French _many, which fires only for counts ≥ 1,000,000) are now treated as optional: a missing or empty variant is shown as a soft "optional plural form" note instead of a hard "missing key" error, so it no longer fails the check. Categories reachable by typical counts (including decimals, e.g. Polish/Russian other) remain required.
    • With disablePlurals: true, a key used with count is now considered satisfied when either its plural variants (_one/_other) or the bare key exist — mirroring the runtime's key + suffix → key resolution chain —

... (truncated)

Commits
  • 9497126 1.65.0
  • cebfb66 fix(extract): respect fallbackNS and stop duplicating keys into namespace fil...
  • 4af3b5b 1.64.2
  • 59e5c15 fix(status): scope pass/fail to the requested locale #271
  • 58e96ac 1.64.1
  • 90fb64d fix(status): align plural reporting with the i18next runtime #270
  • 4f32c05 1.64.0
  • 9ab66af feat(extract): support trailing wildcards in functions (e.g. 'tProps.*')
  • 3f40d0b 1.63.1
  • eac231d fix(init): pin @​inlang/plugin-i18next@​6.2.1 (restores Sherlock annotations)
  • Additional commits viewable in compare view

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Jul 15, 2026
@dependabot dependabot Bot requested a review from a team as a code owner July 15, 2026 03:22
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Jul 15, 2026
@greenbonebot greenbonebot enabled auto-merge (rebase) July 15, 2026 03:22
@github-actions

github-actions Bot commented Jul 15, 2026

Copy link
Copy Markdown

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

Snapshot Warnings

⚠️: No snapshots were found for the head SHA b20a12c.
Ensure that dependencies are being submitted on PR branches and consider enabling retry-on-snapshot-warnings. See the documentation for more information and troubleshooting advice.

OpenSSF Scorecard

Scorecard details
PackageVersionScoreDetails
npm/@swc/core 1.15.43 🟢 7.1
Details
CheckScoreReason
Maintained🟢 1030 commit(s) and 10 issue activity found in the last 90 days -- score normalized to 10
Code-Review🟢 6Found 19/30 approved changesets -- score normalized to 6
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Security-Policy🟢 10security policy file detected
Token-Permissions🟢 10GitHub workflow tokens follow principle of least privilege
Packaging🟢 10packaging workflow detected
Fuzzing🟢 10project is fuzzed
Branch-Protection🟢 4branch protection is not maximal on development and all release branches
Signed-Releases⚠️ 0Project has not signed or included provenance with any releases.
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies🟢 6dependency not pinned by hash detected -- score normalized to 6
npm/@swc/core-darwin-arm64 1.15.43 🟢 7.1
Details
CheckScoreReason
Maintained🟢 1030 commit(s) and 10 issue activity found in the last 90 days -- score normalized to 10
Code-Review🟢 6Found 19/30 approved changesets -- score normalized to 6
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Security-Policy🟢 10security policy file detected
Token-Permissions🟢 10GitHub workflow tokens follow principle of least privilege
Packaging🟢 10packaging workflow detected
Fuzzing🟢 10project is fuzzed
Branch-Protection🟢 4branch protection is not maximal on development and all release branches
Signed-Releases⚠️ 0Project has not signed or included provenance with any releases.
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies🟢 6dependency not pinned by hash detected -- score normalized to 6
npm/@swc/core-darwin-x64 1.15.43 🟢 7.1
Details
CheckScoreReason
Maintained🟢 1030 commit(s) and 10 issue activity found in the last 90 days -- score normalized to 10
Code-Review🟢 6Found 19/30 approved changesets -- score normalized to 6
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Security-Policy🟢 10security policy file detected
Token-Permissions🟢 10GitHub workflow tokens follow principle of least privilege
Packaging🟢 10packaging workflow detected
Fuzzing🟢 10project is fuzzed
Branch-Protection🟢 4branch protection is not maximal on development and all release branches
Signed-Releases⚠️ 0Project has not signed or included provenance with any releases.
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies🟢 6dependency not pinned by hash detected -- score normalized to 6
npm/@swc/core-linux-arm-gnueabihf 1.15.43 🟢 7.1
Details
CheckScoreReason
Maintained🟢 1030 commit(s) and 10 issue activity found in the last 90 days -- score normalized to 10
Code-Review🟢 6Found 19/30 approved changesets -- score normalized to 6
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Security-Policy🟢 10security policy file detected
Token-Permissions🟢 10GitHub workflow tokens follow principle of least privilege
Packaging🟢 10packaging workflow detected
Fuzzing🟢 10project is fuzzed
Branch-Protection🟢 4branch protection is not maximal on development and all release branches
Signed-Releases⚠️ 0Project has not signed or included provenance with any releases.
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies🟢 6dependency not pinned by hash detected -- score normalized to 6
npm/@swc/core-linux-arm64-gnu 1.15.43 🟢 7.1
Details
CheckScoreReason
Maintained🟢 1030 commit(s) and 10 issue activity found in the last 90 days -- score normalized to 10
Code-Review🟢 6Found 19/30 approved changesets -- score normalized to 6
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Security-Policy🟢 10security policy file detected
Token-Permissions🟢 10GitHub workflow tokens follow principle of least privilege
Packaging🟢 10packaging workflow detected
Fuzzing🟢 10project is fuzzed
Branch-Protection🟢 4branch protection is not maximal on development and all release branches
Signed-Releases⚠️ 0Project has not signed or included provenance with any releases.
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies🟢 6dependency not pinned by hash detected -- score normalized to 6
npm/@swc/core-linux-arm64-musl 1.15.43 🟢 7.1
Details
CheckScoreReason
Maintained🟢 1030 commit(s) and 10 issue activity found in the last 90 days -- score normalized to 10
Code-Review🟢 6Found 19/30 approved changesets -- score normalized to 6
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Security-Policy🟢 10security policy file detected
Token-Permissions🟢 10GitHub workflow tokens follow principle of least privilege
Packaging🟢 10packaging workflow detected
Fuzzing🟢 10project is fuzzed
Branch-Protection🟢 4branch protection is not maximal on development and all release branches
Signed-Releases⚠️ 0Project has not signed or included provenance with any releases.
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies🟢 6dependency not pinned by hash detected -- score normalized to 6
npm/@swc/core-linux-ppc64-gnu 1.15.43 🟢 7.1
Details
CheckScoreReason
Maintained🟢 1030 commit(s) and 10 issue activity found in the last 90 days -- score normalized to 10
Code-Review🟢 6Found 19/30 approved changesets -- score normalized to 6
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Security-Policy🟢 10security policy file detected
Token-Permissions🟢 10GitHub workflow tokens follow principle of least privilege
Packaging🟢 10packaging workflow detected
Fuzzing🟢 10project is fuzzed
Branch-Protection🟢 4branch protection is not maximal on development and all release branches
Signed-Releases⚠️ 0Project has not signed or included provenance with any releases.
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies🟢 6dependency not pinned by hash detected -- score normalized to 6
npm/@swc/core-linux-s390x-gnu 1.15.43 🟢 7.1
Details
CheckScoreReason
Maintained🟢 1030 commit(s) and 10 issue activity found in the last 90 days -- score normalized to 10
Code-Review🟢 6Found 19/30 approved changesets -- score normalized to 6
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Security-Policy🟢 10security policy file detected
Token-Permissions🟢 10GitHub workflow tokens follow principle of least privilege
Packaging🟢 10packaging workflow detected
Fuzzing🟢 10project is fuzzed
Branch-Protection🟢 4branch protection is not maximal on development and all release branches
Signed-Releases⚠️ 0Project has not signed or included provenance with any releases.
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies🟢 6dependency not pinned by hash detected -- score normalized to 6
npm/@swc/core-linux-x64-gnu 1.15.43 🟢 7.1
Details
CheckScoreReason
Maintained🟢 1030 commit(s) and 10 issue activity found in the last 90 days -- score normalized to 10
Code-Review🟢 6Found 19/30 approved changesets -- score normalized to 6
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Security-Policy🟢 10security policy file detected
Token-Permissions🟢 10GitHub workflow tokens follow principle of least privilege
Packaging🟢 10packaging workflow detected
Fuzzing🟢 10project is fuzzed
Branch-Protection🟢 4branch protection is not maximal on development and all release branches
Signed-Releases⚠️ 0Project has not signed or included provenance with any releases.
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies🟢 6dependency not pinned by hash detected -- score normalized to 6
npm/@swc/core-linux-x64-musl 1.15.43 🟢 7.1
Details
CheckScoreReason
Maintained🟢 1030 commit(s) and 10 issue activity found in the last 90 days -- score normalized to 10
Code-Review🟢 6Found 19/30 approved changesets -- score normalized to 6
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Security-Policy🟢 10security policy file detected
Token-Permissions🟢 10GitHub workflow tokens follow principle of least privilege
Packaging🟢 10packaging workflow detected
Fuzzing🟢 10project is fuzzed
Branch-Protection🟢 4branch protection is not maximal on development and all release branches
Signed-Releases⚠️ 0Project has not signed or included provenance with any releases.
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies🟢 6dependency not pinned by hash detected -- score normalized to 6
npm/@swc/core-win32-arm64-msvc 1.15.43 🟢 7.1
Details
CheckScoreReason
Maintained🟢 1030 commit(s) and 10 issue activity found in the last 90 days -- score normalized to 10
Code-Review🟢 6Found 19/30 approved changesets -- score normalized to 6
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Security-Policy🟢 10security policy file detected
Token-Permissions🟢 10GitHub workflow tokens follow principle of least privilege
Packaging🟢 10packaging workflow detected
Fuzzing🟢 10project is fuzzed
Branch-Protection🟢 4branch protection is not maximal on development and all release branches
Signed-Releases⚠️ 0Project has not signed or included provenance with any releases.
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies🟢 6dependency not pinned by hash detected -- score normalized to 6
npm/@swc/core-win32-ia32-msvc 1.15.43 🟢 7.1
Details
CheckScoreReason
Maintained🟢 1030 commit(s) and 10 issue activity found in the last 90 days -- score normalized to 10
Code-Review🟢 6Found 19/30 approved changesets -- score normalized to 6
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Security-Policy🟢 10security policy file detected
Token-Permissions🟢 10GitHub workflow tokens follow principle of least privilege
Packaging🟢 10packaging workflow detected
Fuzzing🟢 10project is fuzzed
Branch-Protection🟢 4branch protection is not maximal on development and all release branches
Signed-Releases⚠️ 0Project has not signed or included provenance with any releases.
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies🟢 6dependency not pinned by hash detected -- score normalized to 6
npm/@swc/core-win32-x64-msvc 1.15.43 🟢 7.1
Details
CheckScoreReason
Maintained🟢 1030 commit(s) and 10 issue activity found in the last 90 days -- score normalized to 10
Code-Review🟢 6Found 19/30 approved changesets -- score normalized to 6
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Security-Policy🟢 10security policy file detected
Token-Permissions🟢 10GitHub workflow tokens follow principle of least privilege
Packaging🟢 10packaging workflow detected
Fuzzing🟢 10project is fuzzed
Branch-Protection🟢 4branch protection is not maximal on development and all release branches
Signed-Releases⚠️ 0Project has not signed or included provenance with any releases.
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies🟢 6dependency not pinned by hash detected -- score normalized to 6
npm/@swc/types 0.1.27 🟢 7.1
Details
CheckScoreReason
Maintained🟢 1030 commit(s) and 10 issue activity found in the last 90 days -- score normalized to 10
Code-Review🟢 6Found 19/30 approved changesets -- score normalized to 6
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Security-Policy🟢 10security policy file detected
Token-Permissions🟢 10GitHub workflow tokens follow principle of least privilege
Packaging🟢 10packaging workflow detected
Fuzzing🟢 10project is fuzzed
Branch-Protection🟢 4branch protection is not maximal on development and all release branches
Signed-Releases⚠️ 0Project has not signed or included provenance with any releases.
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies🟢 6dependency not pinned by hash detected -- score normalized to 6
npm/chardet 2.2.0 🟢 4.4
Details
CheckScoreReason
Code-Review⚠️ 0Found 1/21 approved changesets -- score normalized to 0
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Maintained🟢 810 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 8
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Security-Policy⚠️ 0security policy file not detected
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Signed-Releases⚠️ -1no releases found
Packaging🟢 10packaging workflow detected
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
npm/get-east-asian-width 1.6.0 🟢 4
Details
CheckScoreReason
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Code-Review🟢 4Found 12/25 approved changesets -- score normalized to 4
Security-Policy🟢 10security policy file detected
Maintained⚠️ 12 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 1
Binary-Artifacts🟢 10no binaries found in the repo
Packaging⚠️ -1packaging workflow not detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ 0branch protection not enabled on development/release branches
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
npm/i18next-cli 1.65.0 UnknownUnknown
npm/iconv-lite 0.7.3 UnknownUnknown
npm/inquirer 14.0.2 🟢 5.8
Details
CheckScoreReason
Code-Review🟢 4Found 2/5 approved changesets -- score normalized to 4
Maintained🟢 1030 commit(s) and 8 issue activity found in the last 90 days -- score normalized to 10
Packaging⚠️ -1packaging workflow not detected
Security-Policy🟢 10security policy file detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Binary-Artifacts🟢 10no binaries found in the repo
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
License🟢 10license file detected
Fuzzing⚠️ 0project is not fuzzed
Branch-Protection🟢 3branch protection is not maximal on development and all release branches
Signed-Releases⚠️ -1no releases found
SAST🟢 9SAST tool detected but not run on all commits
npm/jiti 2.7.0 🟢 5.5
Details
CheckScoreReason
Code-Review⚠️ 1Found 5/27 approved changesets -- score normalized to 1
Packaging⚠️ -1packaging workflow not detected
Maintained🟢 98 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 9
Binary-Artifacts🟢 10no binaries found in the repo
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Token-Permissions🟢 10GitHub workflow tokens follow principle of least privilege
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Pinned-Dependencies⚠️ 1dependency not pinned by hash detected -- score normalized to 1
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Security-Policy⚠️ 0security policy file not detected
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
npm/ora 9.4.1 🟢 4.6
Details
CheckScoreReason
Code-Review⚠️ 2Found 6/30 approved changesets -- score normalized to 2
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Maintained🟢 97 commit(s) and 4 issue activity found in the last 90 days -- score normalized to 9
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Packaging⚠️ -1packaging workflow not detected
Binary-Artifacts🟢 10no binaries found in the repo
Security-Policy🟢 10security policy file detected
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Branch-Protection⚠️ 0branch protection not enabled on development/release branches
Signed-Releases⚠️ -1no releases found
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
npm/react 19.2.7 UnknownUnknown
npm/stdin-discarder 0.3.2 🟢 3.6
Details
CheckScoreReason
Maintained⚠️ 12 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 1
Packaging⚠️ -1packaging workflow not detected
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Code-Review⚠️ 0Found 0/18 approved changesets -- score normalized to 0
SAST⚠️ 0no SAST tool detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Binary-Artifacts🟢 10no binaries found in the repo
Security-Policy🟢 10security policy file detected
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ 0branch protection not enabled on development/release branches
npm/string-width 8.2.1 🟢 3.9
Details
CheckScoreReason
Code-Review🟢 3Found 9/30 approved changesets -- score normalized to 3
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Security-Policy🟢 10security policy file detected
Binary-Artifacts🟢 10no binaries found in the repo
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Packaging⚠️ -1packaging workflow not detected
Maintained⚠️ 12 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 1
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ 0branch protection not enabled on development/release branches
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
npm/strip-ansi 7.2.0 🟢 3.7
Details
CheckScoreReason
Code-Review⚠️ 2Found 6/30 approved changesets -- score normalized to 2
Binary-Artifacts🟢 10no binaries found in the repo
Maintained⚠️ 00 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Packaging⚠️ -1packaging workflow not detected
Security-Policy🟢 10security policy file detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ 0branch protection not enabled on development/release branches
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
npm/yaml 2.9.0 🟢 7.3
Details
CheckScoreReason
Code-Review⚠️ 1Found 2/13 approved changesets -- score normalized to 1
Maintained🟢 1013 commit(s) and 7 issue activity found in the last 90 days -- score normalized to 10
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Packaging⚠️ -1packaging workflow not detected
Security-Policy🟢 10security policy file detected
Binary-Artifacts🟢 10no binaries found in the repo
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Token-Permissions🟢 9detected GitHub workflow tokens with excessive permissions
Pinned-Dependencies⚠️ 2dependency not pinned by hash detected -- score normalized to 2
License🟢 10license file detected
Fuzzing🟢 10project is fuzzed
Signed-Releases⚠️ -1no releases found
Branch-Protection🟢 3branch protection is not maximal on development and all release branches
SAST🟢 10SAST tool is run on all commits

Scanned Files

  • package-lock.json

@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/main/i18next-cli-1.65.0 branch 2 times, most recently from 562f844 to 05cd749 Compare July 15, 2026 06:27
@bjoernricks

Copy link
Copy Markdown
Contributor

@dependabot rebase

Bumps [i18next-cli](https://github.com/i18next/i18next-cli) from 1.58.0 to 1.65.0.
- [Changelog](https://github.com/i18next/i18next-cli/blob/main/CHANGELOG.md)
- [Commits](i18next/i18next-cli@v1.58.0...v1.65.0)

---
updated-dependencies:
- dependency-name: i18next-cli
  dependency-version: 1.65.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/main/i18next-cli-1.65.0 branch from 05cd749 to b20a12c Compare July 15, 2026 06:43
@greenbonebot greenbonebot merged commit 8e70e4c into main Jul 15, 2026
23 of 25 checks passed
@greenbonebot greenbonebot deleted the dependabot/npm_and_yarn/main/i18next-cli-1.65.0 branch July 15, 2026 06:55
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants