Skip to content

chore(deps): bump @tootallnate/once from 2.0.0 to 2.0.1#53

Open
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/npm_and_yarn/tootallnate/once-2.0.1
Open

chore(deps): bump @tootallnate/once from 2.0.0 to 2.0.1#53
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/npm_and_yarn/tootallnate/once-2.0.1

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github May 22, 2026

Copy link
Copy Markdown
Contributor

Bumps @tootallnate/once from 2.0.0 to 2.0.1.

Release notes

Sourced from @​tootallnate/once's releases.

v2.0.1

Patch Changes

  • a1e5e2d: Fix promise hang when AbortSignal is aborted
Changelog

Sourced from @​tootallnate/once's changelog.

2.0.1

Patch Changes

  • a1e5e2d: Fix promise hang when AbortSignal is aborted
Commits
  • bcbb21d ci: fix OIDC publishing — Node 24, npm latest, provenance
  • dc24387 Version Packages (2.x) (#12)
  • b8a6f80 CI: test all Node versions on Linux only
  • dabcc0f ci: drop EOL Node.js 14.x/16.x, add 22.x
  • b464efc Update CI: modern Node versions, fix macOS ARM64 compat
  • a1e5e2d Fix promise hang when AbortSignal is aborted
  • See full diff in compare view
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for @​tootallnate/once since your current version.


@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels May 22, 2026
@github-actions

github-actions Bot commented May 22, 2026

Copy link
Copy Markdown
Contributor

Dependency Review

The following issues were found:
  • ✅ 0 vulnerable package(s)
  • ✅ 0 package(s) with incompatible licenses
  • ✅ 0 package(s) with invalid SPDX license definitions
  • ✅ 0 package(s) with unknown licenses.
  • ⚠️ 3 packages with OpenSSF Scorecard issues.
See the Details below.

OpenSSF Scorecard

PackageVersionScoreDetails
npm/@tootallnate/once 2.0.0 ⚠️ 2.8
Details
CheckScoreReason
Code-Review⚠️ 0Found 2/28 approved changesets -- score normalized to 0
Packaging⚠️ -1packaging workflow not detected
Maintained⚠️ 00 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Binary-Artifacts🟢 10no binaries found in the repo
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Security-Policy⚠️ 0security policy file not detected
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ 0branch protection not enabled on development/release branches
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
npm/@emotion/is-prop-valid 0.8.8 🟢 5.6
Details
CheckScoreReason
Code-Review🟢 8Found 17/20 approved changesets -- score normalized to 8
Packaging⚠️ -1packaging workflow not detected
Security-Policy🟢 4security policy file detected
Maintained⚠️ 10 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 1
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Token-Permissions🟢 10GitHub workflow tokens follow principle of least privilege
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
License🟢 10license file detected
Fuzzing⚠️ 0project is not fuzzed
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Signed-Releases⚠️ -1no releases found
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
npm/@emotion/memoize 0.7.4 🟢 5.6
Details
CheckScoreReason
Code-Review🟢 8Found 17/20 approved changesets -- score normalized to 8
Packaging⚠️ -1packaging workflow not detected
Security-Policy🟢 4security policy file detected
Maintained⚠️ 10 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 1
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Token-Permissions🟢 10GitHub workflow tokens follow principle of least privilege
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
License🟢 10license file detected
Fuzzing⚠️ 0project is not fuzzed
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Signed-Releases⚠️ -1no releases found
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
npm/@tootallnate/once 2.0.1 ⚠️ 2.8
Details
CheckScoreReason
Code-Review⚠️ 0Found 2/28 approved changesets -- score normalized to 0
Packaging⚠️ -1packaging workflow not detected
Maintained⚠️ 00 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Binary-Artifacts🟢 10no binaries found in the repo
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Security-Policy⚠️ 0security policy file not detected
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ 0branch protection not enabled on development/release branches
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
npm/ci-info 3.9.0 ⚠️ 2.9
Details
CheckScoreReason
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Packaging⚠️ -1packaging workflow not detected
Binary-Artifacts🟢 10no binaries found in the repo
Code-Review⚠️ 1Found 5/30 approved changesets -- score normalized to 1
Maintained⚠️ 00 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Pinned-Dependencies⚠️ 1dependency not pinned by hash detected -- score normalized to 1
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Security-Policy⚠️ 0security policy file not detected
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Branch-Protection⚠️ 0branch protection not enabled on development/release branches
Signed-Releases⚠️ -1no releases found
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0

Scanned Manifest Files

package-lock.json
  • @tootallnate/once@2.0.0
  • @emotion/is-prop-valid@0.8.8
  • @emotion/memoize@0.7.4
  • @tootallnate/once@2.0.1
  • ci-info@3.9.0
  • ci-info@3.9.0

@cloudflare-workers-and-pages

cloudflare-workers-and-pages Bot commented May 22, 2026

Copy link
Copy Markdown

Deploying trading-bot-template with  Cloudflare Pages  Cloudflare Pages

Latest commit: 0d48c58
Status: ✅  Deploy successful!
Preview URL: https://a1b6be78.trading-bot-template.pages.dev
Branch Preview URL: https://dependabot-npm-and-yarn-toot.trading-bot-template.pages.dev

View logs

Bumps [@tootallnate/once](https://github.com/TooTallNate/once) from 2.0.0 to 2.0.1.
- [Release notes](https://github.com/TooTallNate/once/releases)
- [Changelog](https://github.com/TooTallNate/once/blob/v2.0.1/CHANGELOG.md)
- [Commits](TooTallNate/once@2.0.0...v2.0.1)

---
updated-dependencies:
- dependency-name: "@tootallnate/once"
  dependency-version: 2.0.1
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/tootallnate/once-2.0.1 branch from 338ab76 to 0d48c58 Compare June 11, 2026 05:33
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants