chore(deps): bump qs and express in /docs/docusaurus

[dependabot]

Bumps qs and express. These dependencies needed to be updated together.
Updates qs from 6.14.2 to 6.15.2

Changelog

Sourced from qs's changelog.

6.15.2

• [Fix] stringify: skip null/undefined entries in arrayFormat: 'comma' + encodeValuesOnly instead of crashing in encoder
• [Fix] stringify: use configured delimiter after charsetSentinel (#555)
• [Fix] stringify: apply formatter to encoded key under strictNullHandling (#554)
• [Fix] stringify: skip null/undefined filter-array entries instead of crashing in encoder (#551)
• [Fix] parse: handle nested bracket groups and add regression tests (#530)
• [readme] fix grammar (#550)
• [Dev Deps] update @ljharb/eslint-config
• [Tests] add regression tests for keys containing percent-encoded bracket text

6.15.1

• [Fix] parse: parameterLimit: Infinity with throwOnLimitExceeded: true silently drops all parameters
• [Deps] update @ljharb/eslint-config
• [Dev Deps] update @ljharb/eslint-config, iconv-lite
• [Tests] increase coverage

6.15.0

• [New] parse: add strictMerge option to wrap object/primitive conflicts in an array (#425, #122)
• [Fix] duplicates option should not apply to bracket notation keys (#514)

Commits

• 9aca407 v6.15.2
• 5e33d33 [Dev Deps] update @ljharb/eslint-config
• 21f80b3 [Fix] stringify: skip null/undefined entries in arrayFormat: 'comma' + `e...
• a0a81ea [Fix] stringify: use configured delimiter after charsetSentinel
• e3062f7 [Fix] stringify: apply formatter to encoded key under strictNullHandling
• 0c180a4 [Fix] stringify: skip null/undefined filter-array entries instead of crashi...
• 3a8b94a [Tests] add regression tests for keys containing percent-encoded bracket text
• 96755ab [readme] fix grammar
• a419ce5 [Fix] parse: handle nested bracket groups and add regression tests
• 3f5e1c5 v6.15.1
• Additional commits viewable in compare view

Updates express from 4.22.1 to 5.2.1

Release notes

Sourced from express's releases.

v5.2.1

What's Changed

[!IMPORTANT]
The prior release (5.2.0) included an erroneous breaking change related to the extended query parser. There is no actual security vulnerability associated with this behavior (CVE-2024-51999 has been rejected). The change has been fully reverted in this release.

• Release: 5.2.1 by @​UlisesGascon in expressjs/express#6933

Full Changelog: expressjs/express@v5.2.0...v5.2.1

v5.2.0

Important: Security

• Security fix for CVE-2024-51999 (GHSA-pj86-cfqh-vqx6)

What's Changed

• build(deps): bump github/codeql-action from 3.28.11 to 3.28.13 by @​dependabot[bot] in expressjs/express#6429
• Refactor: simplify acceptsLanguages implementation using spread operator by @​Ayoub-Mabrouk in expressjs/express#6137
• increased code coverage of utils.js file by @​ashish3011 in expressjs/express#6386
• chore: remove duplicate word by @​dufucun in expressjs/express#6456
• build(deps): bump github/codeql-action from 3.28.13 to 3.28.16 by @​dependabot[bot] in expressjs/express#6498
• build(deps): bump actions/setup-node from 4.3.0 to 4.4.0 by @​dependabot[bot] in expressjs/express#6497
• build(deps): bump actions/download-artifact from 4.2.1 to 4.3.0 by @​dependabot[bot] in expressjs/express#6496
• ci: add node.js 24 to test matrix by @​Phillip9587 in expressjs/express#6504
• ci: update codeql config by @​Phillip9587 in expressjs/express#6488
• chore: wider range for query test skip by @​jonchurch in expressjs/express#6512
• chore: fix typos in test by @​noritaka1166 in expressjs/express#6535
• ci: disable credential persistence for checkout actions by @​mertssmnoglu in expressjs/express#6522
• ci: allow manual triggering of workflow by @​shivarm in expressjs/express#6515
• test: add coverage for app.listen() variants by @​kgarg1 in expressjs/express#6476
• docs: move documentation and charters to the discussions and .github … by @​bjohansebas in expressjs/express#6427
• build(deps): bump github/codeql-action from 3.28.16 to 3.28.18 by @​dependabot[bot] in expressjs/express#6549
• build(deps): bump ossf/scorecard-action from 2.4.1 to 2.4.2 by @​dependabot[bot] in expressjs/express#6548
• chore: enforce explicit Buffer import and add lint rule by @​shivarm in expressjs/express#6525
• chore: use node protocol for querystring by @​shivarm in expressjs/express#6520
• chore: fix typo by @​mountdisk in expressjs/express#6609
• build(deps): bump github/codeql-action from 3.28.18 to 3.29.2 by @​dependabot[bot] in expressjs/express#6618
• add deprecation warnings for redirect arguments undefined by @​bjohansebas in expressjs/express#6405
• ci: run CI when the markdown changes by @​bjohansebas in expressjs/express#6632
• doc: fix CONTRIBUTING link by @​jonchurch in expressjs/express#6653
• doc: update contributing guidelines and code of conduct links by @​ShubhamOulkar in expressjs/express#6601
• build(deps-dev): bump morgan from 1.10.0 to 1.10.1 by @​dependabot[bot] in expressjs/express#6679
• build(deps-dev): bump cookie-session from 2.1.0 to 2.1.1 by @​dependabot[bot] in expressjs/express#6678
• lint: add --fix flag to automatic fix linting issue by @​shivarm in expressjs/express#6644
• chore: ignore yarn.lock file and update example by @​shivarm in expressjs/express#6588
• lib: use req.socket over deprecated req.connection by @​bjohansebas in expressjs/express#6705
• doc: update express app example by @​shivarm in expressjs/express#6718
• build(deps): bump github/codeql-action from 3.29.2 to 3.29.5 by @​dependabot[bot] in expressjs/express#6675
• Remove history.md from being packaged on publish by @​sheplu in expressjs/express#6780

... (truncated)

Changelog

Sourced from express's changelog.

5.2.1 / 2025-12-01

• Revert security fix for CVE-2024-51999 (GHSA-pj86-cfqh-vqx6)
  • The prior release (5.2.0) included an erroneous breaking change related to the extended query parser. There is no actual security vulnerability associated with this behavior (CVE-2024-51999 has been rejected). The change has been fully reverted in this release.

5.2.0 / 2025-12-01

• Security fix for CVE-2024-51999 (GHSA-pj86-cfqh-vqx6)
• deps: body-parser@^2.2.1
• A deprecation warning was added when using res.redirect with undefined arguments, Express now emits a warning to help detect calls that pass undefined as the status or URL and make them easier to fix.

5.1.0 / 2025-03-31

• Add support for Uint8Array in res.send()
• Add support for ETag option in res.sendFile()
• Add support for multiple links with the same rel in res.links()
• Add funding field to package.json
• perf: use loop for acceptParams
• refactor: prefix built-in node module imports
• deps: remove setprototypeof
• deps: remove safe-buffer
• deps: remove utils-merge
• deps: remove methods
• deps: remove depd
• deps: debug@^4.4.0
• deps: body-parser@^2.2.0
• deps: router@^2.2.0
• deps: content-type@^1.0.5
• deps: finalhandler@^2.1.0
• deps: qs@^6.14.0
• deps: server-static@2.2.0
• deps: type-is@2.0.1

5.0.1 / 2024-10-08

• Update cookie semver lock to address CVE-2024-47764

5.0.0 / 2024-09-10

• remove:
  • path-is-absolute dependency - use path.isAbsolute instead
• breaking:
  • res.status() accepts only integers, and input must be greater than 99 and less than 1000
    • will throw a RangeError: Invalid status code: ${code}. Status code must be greater than 99 and less than 1000. for inputs outside this range
    • will throw a TypeError: Invalid status code: ${code}. Status code must be an integer. for non integer inputs
  • deps: send@1.0.0

... (truncated)

Commits

• dbac741 5.2.1
• 697547c Revert "sec: security patch for CVE-2024-51999"
• 4007ad1 Release: 5.2.0 (#6920)
• 2f64f68 sec: security patch for CVE-2024-51999
• ed0ba3f build(deps): bump actions/checkout from 5.0.0 to 6.0.0 (#6928)
• 8eace46 build(deps): bump github/codeql-action from 4.31.2 to 4.31.6 (#6929)
• 30bae81 build(deps): bump coverallsapp/github-action from 2.3.6 to 2.3.7 (#6930)
• 758d435 deps: body-parser@^2.2.1 (#6922)
• 77bcd52 docs: update emeritus triagers (#6890)
• f33caf1 Nominate to @​efekrskl for triage team (#6888)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.

[github-actions]

Dependency Review

The following issues were found:

• ✅ 0 vulnerable package(s)
• ✅ 0 package(s) with incompatible licenses
• ✅ 0 package(s) with invalid SPDX license definitions
• ✅ 0 package(s) with unknown licenses.
• ⚠️ 1 packages with OpenSSF Scorecard issues.

See the Details below.

OpenSSF Scorecard

Scorecard details

Package	Version	Score	Details
npm/accepts	2.0.0	🟢 6.9	Details Check Score Reason Pinned-Dependencies 🟢 7 dependency not pinned by hash detected -- score normalized to 7 Packaging ⚠️ -1 packaging workflow not detected Maintained ⚠️ 2 3 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 2 Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege Binary-Artifacts 🟢 10 no binaries found in the repo Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Code-Review 🟢 5 Found 12/23 approved changesets -- score normalized to 5 Vulnerabilities 🟢 10 0 existing vulnerabilities detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Signed-Releases ⚠️ -1 no releases found Fuzzing ⚠️ 0 project is not fuzzed Dependency-Update-Tool 🟢 10 update tool detected SAST 🟢 8 SAST tool detected but not run on all commits Security-Policy 🟢 9 security policy file detected License 🟢 10 license file detected Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches CI-Tests 🟢 5 11 out of 21 merged PRs checked by a CI test -- score normalized to 5 Contributors 🟢 10 project has 11 contributing companies or organizations
npm/body-parser	2.2.2	🟢 8.1	Details Check Score Reason Code-Review 🟢 8 Found 10/12 approved changesets -- score normalized to 8 Dependency-Update-Tool 🟢 10 update tool detected Maintained 🟢 10 16 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 10 Packaging ⚠️ -1 packaging workflow not detected Binary-Artifacts 🟢 10 no binaries found in the repo Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Pinned-Dependencies 🟢 6 dependency not pinned by hash detected -- score normalized to 6 Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege Vulnerabilities 🟢 10 0 existing vulnerabilities detected License 🟢 10 license file detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected SAST 🟢 10 SAST tool is run on all commits Security-Policy 🟢 10 security policy file detected Fuzzing ⚠️ 0 project is not fuzzed Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ 1 branch protection is not maximal on development and all release branches CI-Tests 🟢 10 29 out of 29 merged PRs checked by a CI test -- score normalized to 10 Contributors 🟢 10 project has 31 contributing companies or organizations
npm/content-disposition	1.1.0	🟢 7.9	Details Check Score Reason Maintained 🟢 10 16 commit(s) and 8 issue activity found in the last 90 days -- score normalized to 10 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected Binary-Artifacts 🟢 10 no binaries found in the repo Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Code-Review 🟢 7 Found 18/25 approved changesets -- score normalized to 7 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Vulnerabilities 🟢 10 0 existing vulnerabilities detected SAST 🟢 9 SAST tool detected but not run on all commits Dependency-Update-Tool 🟢 10 update tool detected License 🟢 10 license file detected Fuzzing ⚠️ 0 project is not fuzzed Signed-Releases ⚠️ -1 no releases found Branch-Protection 🟢 5 branch protection is not maximal on development and all release branches Security-Policy 🟢 9 security policy file detected CI-Tests 🟢 10 28 out of 28 merged PRs checked by a CI test -- score normalized to 10 Contributors 🟢 10 project has 21 contributing companies or organizations
npm/content-type	2.0.0	🟢 7.2	Details Check Score Reason Binary-Artifacts 🟢 10 no binaries found in the repo Code-Review 🟢 4 Found 14/30 approved changesets -- score normalized to 4 Maintained 🟢 10 10 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 10 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected Pinned-Dependencies 🟢 3 dependency not pinned by hash detected -- score normalized to 3 Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection 🟢 5 branch protection is not maximal on development and all release branches Security-Policy 🟢 9 security policy file detected SAST 🟢 9 SAST tool detected but not run on all commits
npm/cookie-signature	1.2.2	⚠️ 2.3	Details Check Score Reason Pinned-Dependencies ⚠️ -1 no dependencies found Binary-Artifacts 🟢 10 no binaries found in the repo Dangerous-Workflow ⚠️ -1 no workflows found Maintained ⚠️ 0 0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0 Code-Review ⚠️ 2 Found 4/17 approved changesets -- score normalized to 2 Packaging ⚠️ -1 packaging workflow not detected Token-Permissions ⚠️ -1 No tokens found CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy ⚠️ 0 security policy file not detected Fuzzing ⚠️ 0 project is not fuzzed Signed-Releases ⚠️ -1 no releases found License 🟢 10 license file detected Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
npm/express	5.2.1	🟢 8.9	Details Check Score Reason Dependency-Update-Tool 🟢 10 update tool detected Code-Review 🟢 10 all changesets reviewed Packaging ⚠️ -1 packaging workflow not detected Binary-Artifacts 🟢 10 no binaries found in the repo Maintained 🟢 10 18 commit(s) and 6 issue activity found in the last 90 days -- score normalized to 10 Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege Pinned-Dependencies 🟢 6 dependency not pinned by hash detected -- score normalized to 6 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Vulnerabilities 🟢 10 0 existing vulnerabilities detected License 🟢 10 license file detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Signed-Releases ⚠️ -1 no releases found SAST 🟢 10 SAST tool is run on all commits Security-Policy 🟢 10 security policy file detected Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md Fuzzing ⚠️ 0 project is not fuzzed CI-Tests 🟢 10 30 out of 30 merged PRs checked by a CI test -- score normalized to 10 Contributors 🟢 10 project has 110 contributing companies or organizations
npm/finalhandler	2.1.1	🟢 7.5	Details Check Score Reason Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected Code-Review 🟢 8 Found 8/10 approved changesets -- score normalized to 8 Dependency-Update-Tool 🟢 10 update tool detected Pinned-Dependencies 🟢 6 dependency not pinned by hash detected -- score normalized to 6 Binary-Artifacts 🟢 10 no binaries found in the repo Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege Maintained 🟢 4 5 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 4 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Vulnerabilities 🟢 10 0 existing vulnerabilities detected SAST 🟢 10 SAST tool is run on all commits Signed-Releases ⚠️ -1 no releases found License 🟢 10 license file detected Fuzzing ⚠️ 0 project is not fuzzed Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Security-Policy 🟢 9 security policy file detected Contributors 🟢 10 project has 18 contributing companies or organizations CI-Tests 🟢 10 29 out of 29 merged PRs checked by a CI test -- score normalized to 10
npm/fresh	2.0.0	🟢 5.6	Details Check Score Reason Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Code-Review 🟢 4 Found 6/15 approved changesets -- score normalized to 4 Maintained ⚠️ 1 2 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 1 Binary-Artifacts 🟢 10 no binaries found in the repo Packaging ⚠️ -1 packaging workflow not detected Pinned-Dependencies ⚠️ 2 dependency not pinned by hash detected -- score normalized to 2 Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Security-Policy 🟢 9 security policy file detected Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches SAST 🟢 8 SAST tool detected but not run on all commits
npm/iconv-lite	0.7.2	Unknown	Unknown
npm/is-promise	4.0.0	🟢 4.1	Details Check Score Reason Code-Review 🟢 3 Found 10/30 approved changesets -- score normalized to 3 Dangerous-Workflow ⚠️ -1 no workflows found Maintained ⚠️ 0 0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0 Pinned-Dependencies ⚠️ -1 no dependencies found Token-Permissions ⚠️ -1 No tokens found Packaging ⚠️ -1 packaging workflow not detected Binary-Artifacts 🟢 10 no binaries found in the repo CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md Security-Policy 🟢 10 security policy file detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
npm/media-typer	1.1.0	🟢 7	Details Check Score Reason Binary-Artifacts 🟢 10 no binaries found in the repo Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Code-Review ⚠️ 2 Found 5/19 approved changesets -- score normalized to 2 Maintained 🟢 6 8 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 6 Packaging ⚠️ -1 packaging workflow not detected Pinned-Dependencies 🟢 5 dependency not pinned by hash detected -- score normalized to 5 Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege Dependency-Update-Tool 🟢 10 update tool detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Vulnerabilities 🟢 10 0 existing vulnerabilities detected SAST 🟢 9 SAST tool detected but not run on all commits Fuzzing ⚠️ 0 project is not fuzzed Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Security-Policy 🟢 9 security policy file detected Contributors 🟢 10 project has 20 contributing companies or organizations CI-Tests 🟢 9 19 out of 21 merged PRs checked by a CI test -- score normalized to 9
npm/merge-descriptors	2.0.0	🟢 3.4	Details Check Score Reason Binary-Artifacts 🟢 10 no binaries found in the repo Security-Policy 🟢 10 security policy file detected Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Packaging ⚠️ -1 packaging workflow not detected Code-Review ⚠️ 0 Found 0/30 approved changesets -- score normalized to 0 Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Maintained ⚠️ 0 0 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 0 SAST ⚠️ 0 no SAST tool detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches
npm/once	1.4.0	🟢 3.6	Details Check Score Reason Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Maintained ⚠️ 0 0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0 Binary-Artifacts 🟢 10 no binaries found in the repo Code-Review ⚠️ 1 Found 3/25 approved changesets -- score normalized to 1 Packaging ⚠️ -1 packaging workflow not detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Security-Policy 🟢 10 security policy file detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
npm/path-to-regexp	8.4.2	🟢 7.6	Details Check Score Reason Binary-Artifacts 🟢 10 no binaries found in the repo Branch-Protection ⚠️ 1 branch protection is not maximal on development and all release branches CI-Tests 🟢 10 26 out of 26 merged PRs checked by a CI test -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Code-Review 🟢 5 found 12 unreviewed changesets out of 29 -- score normalized to 5 Contributors 🟢 10 25 different organizations found -- score normalized to 10 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Dependency-Update-Tool 🟢 10 update tool detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Maintained 🟢 10 16 commit(s) out of 30 and 3 issue activity out of 30 found in the last 90 days -- score normalized to 10 Packaging ⚠️ -1 no published package detected Pinned-Dependencies 🟢 3 dependency not pinned by hash detected -- score normalized to 3 SAST 🟢 10 SAST tool is run on all commits Security-Policy 🟢 9 security policy file detected Signed-Releases ⚠️ -1 no releases found Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege Vulnerabilities 🟢 10 no vulnerabilities detected
npm/qs	6.15.2	🟢 5.3	Details Check Score Reason Code-Review ⚠️ 1 Found 5/30 approved changesets -- score normalized to 1 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Security-Policy 🟢 10 security policy file detected Packaging ⚠️ -1 packaging workflow not detected Binary-Artifacts 🟢 10 no binaries found in the repo Maintained 🟢 10 13 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10 Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 CII-Best-Practices 🟢 5 badge detected: Passing Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
npm/raw-body	3.0.2	🟢 6.6	Details Check Score Reason Code-Review ⚠️ 2 Found 3/14 approved changesets -- score normalized to 2 Dependency-Update-Tool 🟢 10 update tool detected Security-Policy 🟢 10 security policy file detected Pinned-Dependencies ⚠️ 2 dependency not pinned by hash detected -- score normalized to 2 Binary-Artifacts 🟢 10 no binaries found in the repo Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege Maintained ⚠️ 0 0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0 Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Vulnerabilities 🟢 10 0 existing vulnerabilities detected Signed-Releases ⚠️ -1 no releases found License 🟢 10 license file detected Fuzzing ⚠️ 0 project is not fuzzed SAST 🟢 8 SAST tool detected but not run on all commits Branch-Protection 🟢 3 branch protection is not maximal on development and all release branches CI-Tests 🟢 9 18 out of 19 merged PRs checked by a CI test -- score normalized to 9 Contributors 🟢 10 project has 16 contributing companies or organizations
npm/router	2.2.0	🟢 7	Details Check Score Reason Binary-Artifacts 🟢 10 no binaries found in the repo Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches CI-Tests ⚠️ 1 5 out of 28 merged PRs checked by a CI test -- score normalized to 1 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Code-Review 🟢 9 Found 27/29 approved changesets -- score normalized to 9 Contributors 🟢 10 project has 19 contributing companies or organizations Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Dependency-Update-Tool 🟢 10 update tool detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Maintained ⚠️ 1 1 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 1 Packaging ⚠️ -1 packaging workflow not detected Pinned-Dependencies 🟢 8 dependency not pinned by hash detected -- score normalized to 8 SAST 🟢 7 SAST tool detected but not run on all commits Security-Policy 🟢 9 security policy file detected Signed-Releases ⚠️ -1 no releases found Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege Vulnerabilities 🟢 10 0 existing vulnerabilities detected
npm/serve-static	2.2.1	🟢 7.2	Details Check Score Reason Code-Review 🟢 10 all changesets reviewed Dependency-Update-Tool 🟢 10 update tool detected Packaging ⚠️ -1 packaging workflow not detected Binary-Artifacts 🟢 10 no binaries found in the repo Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Pinned-Dependencies 🟢 6 dependency not pinned by hash detected -- score normalized to 6 Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege Maintained ⚠️ 0 0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Vulnerabilities 🟢 10 0 existing vulnerabilities detected SAST 🟢 9 SAST tool detected but not run on all commits License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Fuzzing ⚠️ 0 project is not fuzzed Security-Policy 🟢 10 security policy file detected Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches CI-Tests 🟢 7 22 out of 30 merged PRs checked by a CI test -- score normalized to 7 Contributors 🟢 10 project has 29 contributing companies or organizations
npm/side-channel-list	1.0.1	Unknown	Unknown
npm/type-is	2.1.0	🟢 7.2	Details Check Score Reason Code-Review 🟢 7 Found 9/12 approved changesets -- score normalized to 7 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected Maintained 🟢 7 6 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 7 Binary-Artifacts 🟢 10 no binaries found in the repo Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege Pinned-Dependencies ⚠️ 2 dependency not pinned by hash detected -- score normalized to 2 Vulnerabilities 🟢 10 0 existing vulnerabilities detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected SAST 🟢 8 SAST tool detected but not run on all commits Signed-Releases ⚠️ -1 no releases found Dependency-Update-Tool 🟢 10 update tool detected License 🟢 10 license file detected Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Fuzzing ⚠️ 0 project is not fuzzed Security-Policy 🟢 9 security policy file detected CI-Tests 🟢 7 17 out of 23 merged PRs checked by a CI test -- score normalized to 7 Contributors 🟢 10 project has 25 contributing companies or organizations
npm/wrappy	1.0.2	🟢 3.7	Details Check Score Reason Code-Review ⚠️ 1 Found 2/16 approved changesets -- score normalized to 1 Pinned-Dependencies ⚠️ -1 no dependencies found Maintained ⚠️ 0 0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0 Binary-Artifacts 🟢 10 no binaries found in the repo Token-Permissions ⚠️ -1 No tokens found Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow ⚠️ -1 no workflows found CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md Security-Policy 🟢 10 security policy file detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0

Scanned Files

• docs/docusaurus/package-lock.json

[codecov-commenter]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 85.49%. Comparing base (1102901) to head (cf3493d).

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #1632      +/-   ##
==========================================
- Coverage   85.50%   85.49%   -0.01%     
==========================================
  Files          82       82              
  Lines       11805    11805              
==========================================
- Hits        10094    10093       -1     
- Misses       1711     1712       +1     

Flag	Coverage Δ
pester	83.65% <ø> (-0.02%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.
see 1 file with indirect coverage changes

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.