chore(deps): update dependency testcontainers to v11

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
testcontainers	^10.0.0 -> ^11.0.0

---

Release Notes

testcontainers/testcontainers-node (testcontainers)

v11.9.0

Compare Source

Changes

🚀 Features

• Add support for identity token authentication @​cristianrgreco (#​1179)

📦 Dependency Updates

• Bump the dependencies group across 21 directories with 23 updates @​dependabot[bot] (#​1187)
• Bump mkdocs-material from 9.6.23 to 9.7.0 in the dependencies group @​dependabot[bot] (#​1186)

v11.8.1

Compare Source

Changes

🐛 Bug Fixes

• Fix Redis container to accept command override @​ziggornif (#​1155)

📦 Dependency Updates

• Bump the dependencies group with 10 updates @​dependabot[bot] (#​1176)
• Bump mkdocs-material from 9.6.22 to 9.6.23 in the dependencies group @​dependabot[bot] (#​1178)
• Bump the dependencies group across 28 directories with 31 updates @​dependabot[bot] (#​1177)

v11.8.0

Compare Source

Changes

🚀 Features

• Add configuration for TESTCONTAINERS_RYUK_RECONNECTION_TIMEOUT @​abendi (#​1168)
• Add s3mock module @​nikeee (#​1170)

📦 Dependency Updates

• Bump the dependencies group across 5 directories with 9 updates @​dependabot[bot] (#​1103)
• Bump the dependencies group across 1 directory with 26 updates @​dependabot[bot] (#​1173)
• Bump python from 3.13 to 3.14 in the dependencies group @​dependabot[bot] (#​1159)
• Bump mkdocs-material from 9.6.20 to 9.6.21 in the dependencies group @​dependabot[bot] (#​1157)

v11.7.2

Compare Source

Changes

🧹 Maintenance

• Add missing await to cassandra test @​cristianrgreco (#​1154)

📦 Dependency Updates

• Bump vite from 7.1.5 to 7.1.11 @​dependabot[bot] (#​1165)
• Bump the dependencies group across 1 directory with 30 updates @​dependabot[bot] (#​1163)

v11.7.1

Compare Source

Changes

🐛 Bug Fixes

• Return empty registry credentials when none found @​cristianrgreco (#​1153)

v11.7.0

Compare Source

Changes

🚀 Features

• Bump ryuk image version to 0.14 @​digital88 (#​1148)
• Add CouchDB module @​botflux (#​1136)

🐛 Bug Fixes

• Fix MongoDB container excessive CPU usage @​digital88 (#​1146)

📦 Dependency Updates

• Bump mkdocs-material from 9.6.19 to 9.6.20 in the dependencies group @​dependabot[bot] (#​1142)
• Bump the dependencies group with 15 updates @​dependabot[bot] (#​1141)

v11.6.0

Compare Source

Changes

🚀 Features

• Skip checking registry on credential helper list @​karol-bochenski (#​1121)
• Add username option to Valkey container @​rqbazan (#​1117)

📖 Documentation

• Fix typo in usage example (RedisContainer) @​lightningspirit (#​1132)

📦 Dependency Updates

• Bump the dependencies group across 1 directory with 22 updates @​dependabot[bot] (#​1137)
• Bump the dependencies group across 1 directory with 15 updates @​dependabot[bot] (#​1123)
• Bump mkdocs-material from 9.6.17 to 9.6.18 in the dependencies group @​dependabot[bot] (#​1118)
• Bump mkdocs-material from 9.6.16 to 9.6.17 in the dependencies group @​dependabot[bot] (#​1110)
• Bump the dependencies group across 1 directory with 16 updates @​dependabot[bot] (#​1111)
• Bump actions/checkout from 4 to 5 in the actions group @​dependabot[bot] (#​1112)
• Remove msw override @​cristianrgreco (#​1114)

v11.5.1

Compare Source

Changes

🐛 Bug Fixes

• Fix redpanda missing redpanda.yaml.hbs @​cristianrgreco (#​1105)

🧹 Maintenance

• Move more test images to Dockerfiles for Dependabot @​cristianrgreco (#​1100)

📦 Dependency Updates

• Bump the dependencies group across 1 directory with 28 updates @​dependabot[bot] (#​1102)

v11.5.0

Compare Source

Changes

🚀 Features

• Implement support for specifying the protocol when exposing ports @​technocidal (#​1068)

🐛 Bug Fixes

• Fix resource quota being rejected when contains decimals @​cristianrgreco (#​1088)

🧹 Maintenance

• Documentation improvements @​cristianrgreco (#​1089)

📦 Dependency Updates

• Bump mkdocs-material from 9.6.15 to 9.6.16 in the dependencies group @​dependabot[bot] (#​1091)
• Bump the dependencies group across 11 directories with 12 updates @​dependabot[bot] (#​1092)

v11.4.0

Compare Source

Changes

🚀 Features

• Add support for MongoDBContainer credentials @​digital88 (#​1070)

🐛 Bug Fixes

• Wait for ports to be bound when container restarts @​cristianrgreco (#​1087)

v11.3.2

Compare Source

Changes

📦 Dependency Updates

• Bump the dependencies group across 5 directories with 5 updates @​dependabot[bot] (#​1086)
• Bump the dependencies group across 1 directory with 20 updates @​dependabot[bot] (#​1085)

v11.3.1

Compare Source

Changes

🐛 Bug Fixes

• Fix for Gcloud module eagerly importing @​google-cloud/spanner @​cristianrgreco (#​1084)

v11.3.0

Compare Source

Changes

🚀 Features

• Implement AsyncDisposable to support TS 5.2's using @​cristianrgreco (#​1080)
• Add Spanner module @​JohanObrink (#​1076)
• Add HashiCorp Vault module @​inf1nite-lo0p (#​1079)
• Add Opensearch module @​JohanObrink (#​1072)

🧹 Maintenance

• Bump ryuk and sshd image versions @​digital88 (#​1063)

📦 Dependency Updates

• Bump the dependencies group across 4 directories with 4 updates @​dependabot[bot] (#​1074)

v11.2.1

Compare Source

Changes

🐛 Bug Fixes

• Fix undici response parsing when status code says no content but there is content @​cristianrgreco (#​1062)

v11.2.0

Compare Source

Changes

🚀 Features

• Add getSecureUrl in mockserver's module @​botflux (#​1059)
• Add support for Confluent Kafka 8 @​cristianrgreco (#​1053)

🧹 Maintenance

• Add mkdocs + devcontainers to dependabot @​cristianrgreco (#​1054)

📦 Dependency Updates

• Bump the dependencies group across 11 directories with 11 updates @​dependabot[bot] (#​1061)
• Bump the dependencies group with 4 updates @​dependabot[bot] (#​1056)
• Bump python from 3.8 to 3.13 in the dependencies group @​dependabot[bot] (#​1057)
• Bump the dependencies group across 6 directories with 6 updates @​dependabot[bot] (#​1055)
• Bump the dependencies group across 1 directory with 22 updates @​dependabot[bot] (#​1052)

v11.1.0

Compare Source

Changes

🚀 Features

• Add support for custom client options in DockerComposeEnvironment @​Dyskal (#​1044)
• Change KurrentDB protocol from esdb to kurrentdb @​botflux (#​1051)

v11.0.3

Compare Source

Changes

🐛 Bug Fixes

• Increase timeout for waiting for host port bindings @​cristianrgreco (#​1038)

📦 Dependency Updates

• Bump the dependencies group across 2 directories with 21 updates @​dependabot[bot] (#​1034)
• Bump the dependencies group across 7 directories with 7 updates @​dependabot[bot] (#​1037)

v11.0.2

Compare Source

Changes

🐛 Bug Fixes

• Handle case where container port does not exist in inspect result @​cristianrgreco (#​1036)

v11.0.1

Compare Source

🐛 Bug Fixes

• Retry inspecting container until exposed ports are mapped @​cristianrgreco (#​1032)

📦 Dependency Updates

• Bump the dependencies group across 4 directories with 4 updates @​dependabot[bot] (#​1026)
• Bump the dependencies group across 28 directories with 28 updates @​dependabot[bot] (#​1021)
• Bump the dependencies group across 5 directories with 7 updates @​dependabot[bot] (#​1022)

v11.0.0

Compare Source

🚨 Breaking Changes

---

1. Minimum Node engine requirement set to 20.

---

2. Default module images have been removed.

Previously:

await new PostgreSqlContainer().start();

Now:

await new PostgreSqlContainer("postgres:13.3-alpine").start();

For convenience, here is a table of all the previous default values, which you could just copy/paste to get back working again, but have a think about which version you actually need. Some of these are quite old and need to be updated.

Default module images

Module	Image
arangodb	arangodb:3.10.0
azurecosmosdb	mcr.microsoft.com/cosmosdb/linux/azure-cosmos-emulator:vnext-EN20250228
azurite	mcr.microsoft.com/azure-storage/azurite:3.33.0
cassandra	cassandra:5.0.2
chromadb	chromadb/chroma:0.6.3
clickhouse	clickhouse/clickhouse-server:25.3-alpine
cockroachdb	cockroachdb/cockroach:v24.3.5
couchbase	couchbase/server:6.5.1
elasticsearch	elasticsearch:7.17.7
etcd	quay.io/coreos/etcd:v3.6.0
eventstoredb	eventstore/eventstore:24.10
gcloud	gcr.io/google.com/cloudsdktool/cloud-sdk:517.0.0-emulators
hivemq	hivemq/hivemq-ce:2023.5
k3s	rancher/k3s:v1.31.2-k3s1
kafka	confluentinc/cp-kafka:7.2.2
localstack	localstack/localstack:2.2.0
mariadb	mariadb:11.5.2
minio	minio/minio:RELEASE.2024-12-13T22-19-12Z
mockserver	mockserver/mockserver:5.15.0
mongodb	mongo:4.0.1
mssqlserver	mcr.microsoft.com/mssql/server:2022-CU13-ubuntu-22.04
mysql	mysql:8.0.31
nats	nats:2.8.4-alpine
neo4j	neo4j:4.4.12
ollama	ollama/ollama:0.1.44
postgresql	postgres:13.3-alpine
qdrant	qdrant/qdrant:v1.13.4
rabbitmq	rabbitmq:3.12.11-management-alpine
redis	redis:7.2
redpanda	docker.redpanda.com/redpandadata/redpanda:v23.3.10
scylladb	scylladb/scylla:6.2.0
selenium	selenium/standalone-chrome:112.0
toxiproxy	ghcr.io/shopify/toxiproxy:2.11.0
valkey	valkey/valkey:8.0
weaviate	semitechnologies/weaviate:1.24.5

---

3. Dropped support for Docker Compose v1 (EOL July 2023).

---

4. Docker compose version no longer available via ComposeClient

const { compose } = await getContainerRuntimeClient();
compose.version; // no longer available

---

5. Container stop timeouts have changed from seconds to milliseconds

Previously:

await container.stop({ timeout: 10 }); // 10 seconds

Now:

await container.stop({ timeout: 10_000 }); // 10 seconds

---

6. EventStoreDB has been renamed to KurrentDB

Previously:

import { EventStoreDBContainer } from "@​testcontainers/eventstoredb";
new EventStoreDBContainer("eventstore/eventstore:24.10").start();

Now:

import { KurrentDbContainer } from "@​testcontainers/kurrentdb";
new KurrentDbContainer("kurrentplatform/kurrentdb:25.0").start();

---

7. RandomUniquePortGenerator replaced by RandomPortGenerator

---

Changes

🧹 Maintenance

• Refactor workflows @​cristianrgreco (#​1016)
• Add dependabot @​cristianrgreco (#​1013)
• Rename EventStoreDB to KurrentDB @​botflux (#​901)
• Don't log compose version to improve startup performance @​cristianrgreco (#​1012)
• Container stop timeouts should be in milliseconds @​digital88 (#​962)
• Remove default images + Min node version 20 @​cristianrgreco (#​938)

📦 Dependency Updates

• Bump the dependencies group across 3 directories with 27 updates @​dependabot[bot] (#​1015)
• Bump the actions group with 3 updates @​dependabot[bot] (#​1014)

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	testcontainers@​10.28.0 ⏵ 11.9.0				+2

View full report

[github-actions]

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

Package	Version	Score	Details
npm/@types/dockerode	3.3.47	🟢 7	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 10 Packaging ⚠️ -1 packaging workflow not detected Code-Review 🟢 9 Found 28/29 approved changesets -- score normalized to 9 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 9 license file detected Security-Policy 🟢 10 security policy file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Signed-Releases ⚠️ -1 no releases found Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md Vulnerabilities 🟢 10 0 existing vulnerabilities detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies 🟢 8 dependency not pinned by hash detected -- score normalized to 8 Fuzzing ⚠️ 0 project is not fuzzed
npm/debug	4.4.3	🟢 4.5	Details Check Score Reason Code-Review 🟢 3 Found 10/30 approved changesets -- score normalized to 3 Maintained 🟢 8 1 commit(s) and 9 issue activity found in the last 90 days -- score normalized to 8 Packaging ⚠️ -1 packaging workflow not detected Binary-Artifacts 🟢 10 no binaries found in the repo Token-Permissions ⚠️ -1 No tokens found Dangerous-Workflow ⚠️ -1 no workflows found Pinned-Dependencies ⚠️ -1 no dependencies found CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy ⚠️ 0 security policy file not detected Vulnerabilities 🟢 10 0 existing vulnerabilities detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Signed-Releases ⚠️ -1 no releases found SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
npm/docker-compose	1.3.0	🟢 3.4	Details Check Score Reason Maintained 🟢 3 4 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 3 Binary-Artifacts 🟢 10 no binaries found in the repo Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Code-Review 🟢 3 Found 5/16 approved changesets -- score normalized to 3 Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy ⚠️ 0 security policy file not detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md Vulnerabilities ⚠️ 0 16 existing vulnerabilities detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
npm/dockerode	4.0.9	🟢 4.8	Details Check Score Reason Code-Review 🟢 3 Found 5/14 approved changesets -- score normalized to 3 Packaging ⚠️ -1 packaging workflow not detected Maintained 🟢 6 6 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 6 Binary-Artifacts 🟢 10 no binaries found in the repo Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy ⚠️ 0 security policy file not detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Vulnerabilities 🟢 9 1 existing vulnerabilities detected Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 SAST 🟢 3 SAST tool is not run on all commits -- score normalized to 3
npm/ms	2.1.3	🟢 6.3	Details Check Score Reason Packaging ⚠️ -1 packaging workflow not detected Code-Review 🟢 10 all changesets reviewed Maintained 🟢 10 8 commit(s) and 11 issue activity found in the last 90 days -- score normalized to 10 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Binary-Artifacts 🟢 10 no binaries found in the repo Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md Security-Policy 🟢 10 security policy file detected Vulnerabilities 🟢 8 2 existing vulnerabilities detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
npm/tar-fs	3.1.1	🟢 4.2	Details Check Score Reason Code-Review ⚠️ 1 Found 3/30 approved changesets -- score normalized to 1 Binary-Artifacts 🟢 10 no binaries found in the repo Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Maintained ⚠️ 1 2 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 1 Security-Policy 🟢 10 security policy file detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Vulnerabilities 🟢 10 0 existing vulnerabilities detected License 🟢 10 license file detected Fuzzing ⚠️ 0 project is not fuzzed Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
npm/tar-fs	2.1.4	🟢 4.2	Details Check Score Reason Code-Review ⚠️ 1 Found 3/30 approved changesets -- score normalized to 1 Binary-Artifacts 🟢 10 no binaries found in the repo Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Maintained ⚠️ 1 2 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 1 Security-Policy 🟢 10 security policy file detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Vulnerabilities 🟢 10 0 existing vulnerabilities detected License 🟢 10 license file detected Fuzzing ⚠️ 0 project is not fuzzed Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
npm/testcontainers	11.9.0	🟢 5.4	Details Check Score Reason Code-Review 🟢 4 Found 7/17 approved changesets -- score normalized to 4 Maintained 🟢 10 30 commit(s) and 14 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions License 🟢 10 license file detected Binary-Artifacts 🟢 10 no binaries found in the repo Security-Policy ⚠️ 0 security policy file not detected Signed-Releases ⚠️ -1 no releases found Fuzzing ⚠️ 0 project is not fuzzed Packaging 🟢 10 packaging workflow detected SAST 🟢 9 SAST tool detected but not run on all commits Vulnerabilities 🟢 8 2 existing vulnerabilities detected Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0
npm/tmp	0.2.5	🟢 3.4	Details Check Score Reason Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Maintained ⚠️ 0 0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0 Packaging ⚠️ -1 packaging workflow not detected Code-Review ⚠️ 2 Found 3/14 approved changesets -- score normalized to 2 Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies 🟢 3 dependency not pinned by hash detected -- score normalized to 3 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy ⚠️ 0 security policy file not detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md Vulnerabilities ⚠️ 2 8 existing vulnerabilities detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
npm/undici	7.16.0	🟢 8.3	Details Check Score Reason Dependency-Update-Tool 🟢 10 update tool detected Maintained 🟢 10 30 commit(s) and 19 issue activity found in the last 90 days -- score normalized to 10 Code-Review 🟢 10 all changesets reviewed Security-Policy 🟢 9 security policy file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Binary-Artifacts 🟢 8 binaries present in source code Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Pinned-Dependencies 🟢 4 dependency not pinned by hash detected -- score normalized to 4 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Vulnerabilities 🟢 10 0 existing vulnerabilities detected Packaging 🟢 10 packaging workflow detected Fuzzing 🟢 10 project is fuzzed SAST 🟢 10 SAST tool is run on all commits License 🟢 10 license file detected Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md Signed-Releases ⚠️ -1 no releases found CI-Tests 🟢 10 30 out of 30 merged PRs checked by a CI test -- score normalized to 10 Contributors 🟢 10 project has 79 contributing companies or organizations

Scanned Files

• package-lock.json