chore(deps-dev): bump nyc from 17.1.0 to 18.0.0 by dependabot[bot] · Pull Request #268 · hexojs/hexo-generator-feed

dependabot · 2026-02-25T10:03:14Z

Bumps nyc from 17.1.0 to 18.0.0.

Release notes

nyc: v18.0.0

18.0.0 (2026-02-22)

⚠ BREAKING CHANGES

deps: transitive dependencies now require node 20 || >=22.

Bug Fixes

deps: update dependencies pulling in old glob (#1612) (0707729)

Changelog

Sourced from nyc's changelog.

18.0.0 (2026-02-22)

⚠ BREAKING CHANGES

deps: transitive dependencies now require node 20 || >=22.

Bug Fixes

deps: update dependencies pulling in old glob (#1612) (0707729)

Commits

3ce6d97 chore(main): release nyc 18.0.0 (#1613)
b9f6781 build: publication is now manual again due to changes in tokens
0707729 fix(deps)!: update dependencies pulling in old glob (#1612)
See full diff in compare view

You can trigger a rebase of this PR by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

github-actions · 2026-02-25T10:03:28Z

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

Snapshot Warnings

⚠️: No snapshots were found for the head SHA d5b6935.

Ensure that dependencies are being submitted on PR branches and consider enabling retry-on-snapshot-warnings. See the documentation for more information and troubleshooting advice.

OpenSSF Scorecard

Scorecard details

Package

Version

Score

Details

npm/balanced-match

4.0.4

🟢 5.7

Details

Check	Score	Reason
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Maintained	🟢 10	12 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10
Binary-Artifacts	🟢 10	no binaries found in the repo
Packaging	⚠️ -1	packaging workflow not detected
Code-Review	⚠️ 2	Found 4/17 approved changesets -- score normalized to 2
Token-Permissions	🟢 10	GitHub workflow tokens follow principle of least privilege
Security-Policy	🟢 10	security policy file detected
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Fuzzing	⚠️ 0	project is not fuzzed
License	🟢 9	license file detected
Branch-Protection	⚠️ 0	branch protection not enabled on development/release branches
Signed-Releases	⚠️ -1	no releases found
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

npm/brace-expansion

5.0.5

🟢 6.3

Details

Check	Score	Reason
Packaging	⚠️ -1	packaging workflow not detected
Maintained	🟢 10	15 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10
Security-Policy	🟢 10	security policy file detected
Binary-Artifacts	🟢 10	no binaries found in the repo
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Code-Review	⚠️ 2	Found 7/25 approved changesets -- score normalized to 2
Token-Permissions	🟢 10	GitHub workflow tokens follow principle of least privilege
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Fuzzing	⚠️ 0	project is not fuzzed
License	🟢 9	license file detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

npm/glob

13.0.6

🟢 5.5

Details

Check	Score	Reason
Packaging	⚠️ -1	packaging workflow not detected
Code-Review	⚠️ 0	Found 0/30 approved changesets -- score normalized to 0
Maintained	🟢 10	26 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 10
SAST	⚠️ 0	no SAST tool detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Binary-Artifacts	🟢 10	no binaries found in the repo
Token-Permissions	🟢 10	GitHub workflow tokens follow principle of least privilege
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Fuzzing	⚠️ 0	project is not fuzzed
License	🟢 9	license file detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ 0	branch protection not enabled on development/release branches
Security-Policy	🟢 10	security policy file detected

npm/istanbul-lib-processinfo

3.0.0

🟢 4.8

Details

Check	Score	Reason
Maintained	🟢 6	8 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 6
Packaging	⚠️ -1	packaging workflow not detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Code-Review	⚠️ 0	Found 1/23 approved changesets -- score normalized to 0
Binary-Artifacts	🟢 10	no binaries found in the repo
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Pinned-Dependencies	🟢 4	dependency not pinned by hash detected -- score normalized to 4
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Fuzzing	⚠️ 0	project is not fuzzed
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Security-Policy	🟢 10	security policy file detected
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

npm/lru-cache

11.2.7

🟢 5

Details

Check	Score	Reason
Code-Review	⚠️ 0	Found 0/29 approved changesets -- score normalized to 0
Maintained	🟢 10	13 commit(s) and 9 issue activity found in the last 90 days -- score normalized to 10
Packaging	⚠️ -1	packaging workflow not detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Binary-Artifacts	🟢 10	no binaries found in the repo
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Fuzzing	⚠️ 0	project is not fuzzed
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Security-Policy	🟢 10	security policy file detected
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

npm/minimatch

10.2.4

🟢 6.2

Details

Check	Score	Reason
Maintained	🟢 10	23 commit(s) and 8 issue activity found in the last 90 days -- score normalized to 10
Code-Review	⚠️ 0	Found 1/28 approved changesets -- score normalized to 0
Packaging	⚠️ -1	packaging workflow not detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Token-Permissions	🟢 10	GitHub workflow tokens follow principle of least privilege
Binary-Artifacts	🟢 10	no binaries found in the repo
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Fuzzing	⚠️ 0	project is not fuzzed
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Security-Policy	🟢 10	security policy file detected
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

npm/minipass

7.1.3

🟢 3.6

Details

Check	Score	Reason
Code-Review	⚠️ 0	Found 0/30 approved changesets -- score normalized to 0
Maintained	⚠️ 1	2 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 1
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Packaging	⚠️ -1	packaging workflow not detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
SAST	⚠️ 0	no SAST tool detected
Binary-Artifacts	🟢 10	no binaries found in the repo
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Fuzzing	⚠️ 0	project is not fuzzed
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
Security-Policy	🟢 10	security policy file detected
Branch-Protection	⚠️ 0	branch protection not enabled on development/release branches

npm/nyc

18.0.0

🟢 4.9

Details

Check	Score	Reason
Code-Review	🟢 3	Found 7/21 approved changesets -- score normalized to 3
Maintained	🟢 4	4 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 4
Packaging	⚠️ -1	packaging workflow not detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Binary-Artifacts	🟢 10	no binaries found in the repo
Pinned-Dependencies	🟢 3	dependency not pinned by hash detected -- score normalized to 3
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Fuzzing	⚠️ 0	project is not fuzzed
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Security-Policy	🟢 10	security policy file detected
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

npm/path-scurry

2.0.2

🟢 4.9

Details

Check	Score	Reason
Code-Review	⚠️ 0	Found 0/30 approved changesets -- score normalized to 0
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Binary-Artifacts	🟢 10	no binaries found in the repo
Maintained	🟢 4	5 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 4
Packaging	⚠️ -1	packaging workflow not detected
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Token-Permissions	🟢 10	GitHub workflow tokens follow principle of least privilege
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Fuzzing	⚠️ 0	project is not fuzzed
License	🟢 9	license file detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ 0	branch protection not enabled on development/release branches
Security-Policy	🟢 10	security policy file detected
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

npm/rimraf

6.1.3

🟢 5.5

Details

Check	Score	Reason
Code-Review	⚠️ 0	Found 2/24 approved changesets -- score normalized to 0
Maintained	🟢 10	12 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 10
Packaging	⚠️ -1	packaging workflow not detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Binary-Artifacts	🟢 10	no binaries found in the repo
Token-Permissions	🟢 10	GitHub workflow tokens follow principle of least privilege
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Fuzzing	⚠️ 0	project is not fuzzed
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
Security-Policy	🟢 10	security policy file detected
Branch-Protection	⚠️ 0	branch protection not enabled on development/release branches
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

npm/spawn-wrap

3.0.0

🟢 3.9

Details

Check	Score	Reason
Code-Review	⚠️ 2	Found 7/26 approved changesets -- score normalized to 2
Packaging	⚠️ -1	packaging workflow not detected
Binary-Artifacts	🟢 10	no binaries found in the repo
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Maintained	⚠️ 2	3 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 2
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Fuzzing	⚠️ 0	project is not fuzzed
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ 0	branch protection not enabled on development/release branches
Security-Policy	🟢 10	security policy file detected
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

npm/test-exclude

8.0.0

🟢 4.4

Details

Check	Score	Reason
Code-Review	⚠️ 0	Found 1/26 approved changesets -- score normalized to 0
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Maintained	🟢 3	4 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 3
Packaging	⚠️ -1	packaging workflow not detected
Binary-Artifacts	🟢 10	no binaries found in the repo
Pinned-Dependencies	🟢 3	dependency not pinned by hash detected -- score normalized to 3
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Fuzzing	⚠️ 0	project is not fuzzed
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Security-Policy	🟢 10	security policy file detected
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

Scanned Files

package-lock.json

Bumps [nyc](https://github.com/istanbuljs/nyc) from 17.1.0 to 18.0.0. - [Release notes](https://github.com/istanbuljs/nyc/releases) - [Changelog](https://github.com/istanbuljs/nyc/blob/main/CHANGELOG.md) - [Commits](istanbuljs/nyc@nyc-v17.1.0...nyc-v18.0.0) --- updated-dependencies: - dependency-name: nyc dependency-version: 18.0.0 dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>

coveralls · 2026-03-26T17:03:49Z

coverage: 98.734%. remained the same
when pulling d5b6935 on dependabot/npm_and_yarn/nyc-18.0.0
into 7f5304e on master.

dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Feb 25, 2026

dependabot bot force-pushed the dependabot/npm_and_yarn/nyc-18.0.0 branch from 1872c43 to d5b6935 Compare March 26, 2026 17:02

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

chore(deps-dev): bump nyc from 17.1.0 to 18.0.0#268

chore(deps-dev): bump nyc from 17.1.0 to 18.0.0#268
dependabot[bot] wants to merge 1 commit intomasterfrom
dependabot/npm_and_yarn/nyc-18.0.0

dependabot bot commented on behalf of github Feb 25, 2026 •

edited

Loading

Uh oh!

github-actions bot commented Feb 25, 2026 •

edited

Loading

Uh oh!

coveralls commented Mar 26, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Uh oh!

Conversation

dependabot bot commented on behalf of github Feb 25, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

nyc: v18.0.0

18.0.0 (2026-02-22)

⚠ BREAKING CHANGES

Bug Fixes

18.0.0 (2026-02-22)

⚠ BREAKING CHANGES

Bug Fixes

Uh oh!

github-actions bot commented Feb 25, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Dependency Review

Snapshot Warnings

OpenSSF Scorecard

Scanned Files

Uh oh!

coveralls commented Mar 26, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

dependabot bot commented on behalf of github Feb 25, 2026 •

edited

Loading

github-actions bot commented Feb 25, 2026 •

edited

Loading