[WIP]chore: upgrade to nextjs13

[AGMASO]

General Changes

[NOT MERGE]

Developer Notes

Reviewer Checklist

Please ensure you, as the reviewer(s), have gone through this checklist to ensure that the code changes are ready to ship safely and to help mitigate any downstream issues that may occur.

• End-to-end tests are passing without any errors
• Code changes do not significantly increase the application bundle size
• If there are new 3rd-party packages, they do not introduce potential security threats
• If there are new environment variables being added, they have been added to the .env.example file as well as the pertinant .github/actions/* files
• There are no CI changes, or they have been approved by the DevOps and Engineering team(s)

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Preview	Comments	Updated (UTC)
interface	Ready	Preview	Comment	Nov 10, 2025 10:37am

[github-actions]

Dependency Review

The following issues were found:

• ❌ 2 vulnerable package(s)

See the Details below.

Vulnerabilities

package.json

Name	Version	Vulnerability	Severity
next	13.5.6	Authorization Bypass in Next.js Middleware	critical
		Next.js Server-Side Request Forgery in Server Actions	high
		Next.js Cache Poisoning	high
		Next.js authorization bypass vulnerability	high
		Denial of Service condition in Next.js image optimization	moderate
		Next.js Allows a Denial of Service (DoS) with Server Actions	moderate
		Next.js Affected by Cache Key Confusion for Image Optimization API Routes	moderate
		Next.js Content Injection Vulnerability for Image Optimization	moderate
		Next.js Improper Middleware Redirect Handling Leads to SSRF	moderate

yarn.lock

Name	Version	Vulnerability	Severity
next	13.5.6	Authorization Bypass in Next.js Middleware	critical
		Next.js Server-Side Request Forgery in Server Actions	high
		Next.js Cache Poisoning	high
		Next.js authorization bypass vulnerability	high
		Denial of Service condition in Next.js image optimization	moderate
		Next.js Allows a Denial of Service (DoS) with Server Actions	moderate
		Next.js Affected by Cache Key Confusion for Image Optimization API Routes	moderate
		Next.js Content Injection Vulnerability for Image Optimization	moderate
		Next.js Improper Middleware Redirect Handling Leads to SSRF	moderate
next	13.5.6	Authorization Bypass in Next.js Middleware	critical
		Next.js Server-Side Request Forgery in Server Actions	high
		Next.js Cache Poisoning	high
		Next.js authorization bypass vulnerability	high
		Denial of Service condition in Next.js image optimization	moderate
		Next.js Allows a Denial of Service (DoS) with Server Actions	moderate
		Next.js Affected by Cache Key Confusion for Image Optimization API Routes	moderate
		Next.js Content Injection Vulnerability for Image Optimization	moderate
		Next.js Improper Middleware Redirect Handling Leads to SSRF	moderate

Only included vulnerabilities with severity moderate or higher.

OpenSSF Scorecard

Scorecard details

Package	Version	Score	Details
npm/next	13.5.6	🟢 5.3	Details Check Score Reason Code-Review 🟢 8 Found 26/30 approved changesets -- score normalized to 8 Maintained 🟢 10 30 commit(s) and 21 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md Signed-Releases ⚠️ -1 no releases found Security-Policy 🟢 10 security policy file detected Packaging 🟢 10 packaging workflow detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Binary-Artifacts ⚠️ 0 binaries present in source code Vulnerabilities ⚠️ 0 241 existing vulnerabilities detected Fuzzing 🟢 10 project is fuzzed Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0
npm/caniuse-lite	^1.0.30001754	🟢 5	Details Check Score Reason Maintained 🟢 10 28 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10 Code-Review ⚠️ 0 Found 0/30 approved changesets -- score normalized to 0 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected SAST ⚠️ 0 no SAST tool detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy ⚠️ 0 security policy file not detected License 🟢 10 license file detected Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies 🟢 10 all dependencies are pinned Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Fuzzing ⚠️ 0 project is not fuzzed Vulnerabilities 🟢 10 0 existing vulnerabilities detected
npm/next	13.5.6	🟢 5.3	Details Check Score Reason Code-Review 🟢 8 Found 26/30 approved changesets -- score normalized to 8 Maintained 🟢 10 30 commit(s) and 21 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md Signed-Releases ⚠️ -1 no releases found Security-Policy 🟢 10 security policy file detected Packaging 🟢 10 packaging workflow detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Binary-Artifacts ⚠️ 0 binaries present in source code Vulnerabilities ⚠️ 0 241 existing vulnerabilities detected Fuzzing 🟢 10 project is fuzzed Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0
npm/@next/env	13.5.6	🟢 5.3	Details Check Score Reason Code-Review 🟢 8 Found 26/30 approved changesets -- score normalized to 8 Maintained 🟢 10 30 commit(s) and 21 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md Signed-Releases ⚠️ -1 no releases found Security-Policy 🟢 10 security policy file detected Packaging 🟢 10 packaging workflow detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Binary-Artifacts ⚠️ 0 binaries present in source code Vulnerabilities ⚠️ 0 241 existing vulnerabilities detected Fuzzing 🟢 10 project is fuzzed Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0
npm/@next/swc-darwin-arm64	13.5.6	🟢 5.3	Details Check Score Reason Code-Review 🟢 8 Found 26/30 approved changesets -- score normalized to 8 Maintained 🟢 10 30 commit(s) and 21 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md Signed-Releases ⚠️ -1 no releases found Security-Policy 🟢 10 security policy file detected Packaging 🟢 10 packaging workflow detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Binary-Artifacts ⚠️ 0 binaries present in source code Vulnerabilities ⚠️ 0 241 existing vulnerabilities detected Fuzzing 🟢 10 project is fuzzed Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0
npm/@next/swc-darwin-x64	13.5.6	🟢 5.3	Details Check Score Reason Code-Review 🟢 8 Found 26/30 approved changesets -- score normalized to 8 Maintained 🟢 10 30 commit(s) and 21 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md Signed-Releases ⚠️ -1 no releases found Security-Policy 🟢 10 security policy file detected Packaging 🟢 10 packaging workflow detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Binary-Artifacts ⚠️ 0 binaries present in source code Vulnerabilities ⚠️ 0 241 existing vulnerabilities detected Fuzzing 🟢 10 project is fuzzed Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0
npm/@next/swc-linux-arm64-gnu	13.5.6	🟢 5.3	Details Check Score Reason Code-Review 🟢 8 Found 26/30 approved changesets -- score normalized to 8 Maintained 🟢 10 30 commit(s) and 21 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md Signed-Releases ⚠️ -1 no releases found Security-Policy 🟢 10 security policy file detected Packaging 🟢 10 packaging workflow detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Binary-Artifacts ⚠️ 0 binaries present in source code Vulnerabilities ⚠️ 0 241 existing vulnerabilities detected Fuzzing 🟢 10 project is fuzzed Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0
npm/@next/swc-linux-arm64-musl	13.5.6	🟢 5.3	Details Check Score Reason Code-Review 🟢 8 Found 26/30 approved changesets -- score normalized to 8 Maintained 🟢 10 30 commit(s) and 21 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md Signed-Releases ⚠️ -1 no releases found Security-Policy 🟢 10 security policy file detected Packaging 🟢 10 packaging workflow detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Binary-Artifacts ⚠️ 0 binaries present in source code Vulnerabilities ⚠️ 0 241 existing vulnerabilities detected Fuzzing 🟢 10 project is fuzzed Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0
npm/@next/swc-linux-x64-gnu	13.5.6	🟢 5.3	Details Check Score Reason Code-Review 🟢 8 Found 26/30 approved changesets -- score normalized to 8 Maintained 🟢 10 30 commit(s) and 21 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md Signed-Releases ⚠️ -1 no releases found Security-Policy 🟢 10 security policy file detected Packaging 🟢 10 packaging workflow detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Binary-Artifacts ⚠️ 0 binaries present in source code Vulnerabilities ⚠️ 0 241 existing vulnerabilities detected Fuzzing 🟢 10 project is fuzzed Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0
npm/@next/swc-linux-x64-musl	13.5.6	🟢 5.3	Details Check Score Reason Code-Review 🟢 8 Found 26/30 approved changesets -- score normalized to 8 Maintained 🟢 10 30 commit(s) and 21 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md Signed-Releases ⚠️ -1 no releases found Security-Policy 🟢 10 security policy file detected Packaging 🟢 10 packaging workflow detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Binary-Artifacts ⚠️ 0 binaries present in source code Vulnerabilities ⚠️ 0 241 existing vulnerabilities detected Fuzzing 🟢 10 project is fuzzed Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0
npm/@next/swc-win32-arm64-msvc	13.5.6	🟢 5.3	Details Check Score Reason Code-Review 🟢 8 Found 26/30 approved changesets -- score normalized to 8 Maintained 🟢 10 30 commit(s) and 21 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md Signed-Releases ⚠️ -1 no releases found Security-Policy 🟢 10 security policy file detected Packaging 🟢 10 packaging workflow detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Binary-Artifacts ⚠️ 0 binaries present in source code Vulnerabilities ⚠️ 0 241 existing vulnerabilities detected Fuzzing 🟢 10 project is fuzzed Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0
npm/@next/swc-win32-ia32-msvc	13.5.6	🟢 5.3	Details Check Score Reason Code-Review 🟢 8 Found 26/30 approved changesets -- score normalized to 8 Maintained 🟢 10 30 commit(s) and 21 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md Signed-Releases ⚠️ -1 no releases found Security-Policy 🟢 10 security policy file detected Packaging 🟢 10 packaging workflow detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Binary-Artifacts ⚠️ 0 binaries present in source code Vulnerabilities ⚠️ 0 241 existing vulnerabilities detected Fuzzing 🟢 10 project is fuzzed Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0
npm/@next/swc-win32-x64-msvc	13.5.6	🟢 5.3	Details Check Score Reason Code-Review 🟢 8 Found 26/30 approved changesets -- score normalized to 8 Maintained 🟢 10 30 commit(s) and 21 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md Signed-Releases ⚠️ -1 no releases found Security-Policy 🟢 10 security policy file detected Packaging 🟢 10 packaging workflow detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Binary-Artifacts ⚠️ 0 binaries present in source code Vulnerabilities ⚠️ 0 241 existing vulnerabilities detected Fuzzing 🟢 10 project is fuzzed Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0
npm/@swc/helpers	0.5.2	🟢 4.4	Details Check Score Reason Code-Review ⚠️ 1 Found 5/28 approved changesets -- score normalized to 1 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Maintained 🟢 10 30 commit(s) and 26 issue activity found in the last 90 days -- score normalized to 10 License 🟢 10 license file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Security-Policy ⚠️ 0 security policy file not detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Packaging 🟢 10 packaging workflow detected Fuzzing 🟢 10 project is fuzzed Branch-Protection 🟢 3 branch protection is not maximal on development and all release branches Signed-Releases ⚠️ 0 Project has not signed or included provenance with any releases. SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Vulnerabilities ⚠️ 0 78 existing vulnerabilities detected
npm/busboy	1.6.0	🟢 3.5	Details Check Score Reason Binary-Artifacts 🟢 10 no binaries found in the repo Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Maintained ⚠️ 1 0 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 1 Code-Review ⚠️ 0 Found 0/30 approved changesets -- score normalized to 0 SAST ⚠️ 0 no SAST tool detected Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Packaging ⚠️ -1 packaging workflow not detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Vulnerabilities 🟢 10 0 existing vulnerabilities detected Security-Policy ⚠️ 0 security policy file not detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches
npm/caniuse-lite	1.0.30001754	🟢 5	Details Check Score Reason Maintained 🟢 10 28 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10 Code-Review ⚠️ 0 Found 0/30 approved changesets -- score normalized to 0 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected SAST ⚠️ 0 no SAST tool detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy ⚠️ 0 security policy file not detected License 🟢 10 license file detected Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies 🟢 10 all dependencies are pinned Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Fuzzing ⚠️ 0 project is not fuzzed Vulnerabilities 🟢 10 0 existing vulnerabilities detected
npm/client-only	0.0.1	🟢 5.8	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 4 issue activity found in the last 90 days -- score normalized to 10 Code-Review 🟢 8 Found 25/30 approved changesets -- score normalized to 8 Security-Policy 🟢 10 security policy file detected Packaging ⚠️ -1 packaging workflow not detected CII-Best-Practices ⚠️ 2 badge detected: InProgress Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Binary-Artifacts 🟢 9 binaries present in source code SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Pinned-Dependencies ⚠️ 1 dependency not pinned by hash detected -- score normalized to 1 Fuzzing ⚠️ 0 project is not fuzzed Vulnerabilities ⚠️ 0 229 existing vulnerabilities detected
npm/glob-to-regexp	0.4.1	🟢 3.1	Details Check Score Reason Binary-Artifacts 🟢 10 no binaries found in the repo Dangerous-Workflow ⚠️ -1 no workflows found Token-Permissions ⚠️ -1 No tokens found Pinned-Dependencies ⚠️ -1 no dependencies found Packaging ⚠️ -1 packaging workflow not detected Code-Review 🟢 4 Found 9/19 approved changesets -- score normalized to 4 Maintained ⚠️ 0 project is archived CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Vulnerabilities 🟢 10 0 existing vulnerabilities detected Fuzzing ⚠️ 0 project is not fuzzed License ⚠️ 0 license file not detected Security-Policy ⚠️ 0 security policy file not detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
npm/nanoid	3.3.11	🟢 5	Details Check Score Reason Code-Review ⚠️ 1 Found 4/23 approved changesets -- score normalized to 1 Binary-Artifacts 🟢 10 no binaries found in the repo Packaging ⚠️ -1 packaging workflow not detected Maintained 🟢 10 12 commit(s) and 4 issue activity found in the last 90 days -- score normalized to 10 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Pinned-Dependencies 🟢 10 all dependencies are pinned CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy ⚠️ 0 security policy file not detected License 🟢 10 license file detected Fuzzing ⚠️ 0 project is not fuzzed Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Vulnerabilities 🟢 9 1 existing vulnerabilities detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
npm/postcss	8.4.31	🟢 5.1	Details Check Score Reason Code-Review 🟢 4 Found 12/30 approved changesets -- score normalized to 4 Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Maintained 🟢 7 8 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 7 Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies 🟢 10 all dependencies are pinned CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Security-Policy ⚠️ 0 security policy file not detected License 🟢 10 license file detected Fuzzing ⚠️ 0 project is not fuzzed Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Signed-Releases ⚠️ -1 no releases found Vulnerabilities 🟢 10 0 existing vulnerabilities detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
npm/streamsearch	1.1.0	🟢 3.4	Details Check Score Reason Code-Review ⚠️ 0 Found 0/23 approved changesets -- score normalized to 0 Packaging ⚠️ -1 packaging workflow not detected Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Maintained ⚠️ 0 0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0 SAST ⚠️ 0 no SAST tool detected Binary-Artifacts 🟢 10 no binaries found in the repo Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Vulnerabilities 🟢 10 0 existing vulnerabilities detected Fuzzing ⚠️ 0 project is not fuzzed Security-Policy ⚠️ 0 security policy file not detected License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches
npm/styled-jsx	5.1.1	🟢 4.5	Details Check Score Reason Code-Review 🟢 10 all changesets reviewed Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Maintained ⚠️ 0 0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0 Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Fuzzing ⚠️ 0 project is not fuzzed Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md Security-Policy 🟢 10 security policy file detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Vulnerabilities ⚠️ 0 30 existing vulnerabilities detected
npm/watchpack	2.4.0	🟢 4.3	Details Check Score Reason Maintained ⚠️ 1 2 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 1 Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Binary-Artifacts 🟢 10 no binaries found in the repo Code-Review ⚠️ 2 Found 5/17 approved changesets -- score normalized to 2 Packaging ⚠️ -1 packaging workflow not detected Pinned-Dependencies 🟢 4 dependency not pinned by hash detected -- score normalized to 4 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Fuzzing ⚠️ 0 project is not fuzzed Branch-Protection 🟢 5 branch protection is not maximal on development and all release branches Signed-Releases ⚠️ -1 no releases found Security-Policy 🟢 10 security policy file detected Vulnerabilities ⚠️ 2 8 existing vulnerabilities detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0

Scanned Files

• package.json
• yarn.lock

[github-actions]

• Ipfs hash: bafybeidr525htjl3hcqjw6vpcosmadvejqefpytyvkye4ue5zljiojtxqm
• Ipfs preview link: https://bafybeidr525htjl3hcqjw6vpcosmadvejqefpytyvkye4ue5zljiojtxqm.ipfs.cf-ipfs.com/

[github-actions]

📦 Next.js Bundle Analysis for aave-ui

This analysis was generated by the Next.js Bundle Analysis action. 🤖

This PR introduced no changes to the JavaScript bundle! 🙌