chore(deps): update dependency sinon to v20 - - package.json

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
sinon (source)	^19.0.2 -> ^20.0.0

---

Release Notes

sinonjs/sinon (sinon)

v20.0.0

Compare Source

• b6daed26
  chore!: remove usingPromise (Morgan Roderick)

  Everyone should be using native promises by now, or should know how to stub natives

• 95d4b8fc
  chore!: remove fakeXMLHttpRequest and fakeServer (Morgan Roderick)

  BREAKING CHANGE: remove fakeXMLHttpRequest and fakeServer from the API

Released by Morgan Roderick on 2025-03-24.

v19.0.5

Compare Source

• 67d19ff0
  chore: deprecate usingPromise (#​2651) (Morgan Roderick)
• 598dddb6
  chore: deprecate useFakeXMLHttpRequest and useFakeServer (Morgan Roderick)

Released by Morgan Roderick on 2025-03-23.

v19.0.4

Compare Source

The release script failed half-way in 19.0.3, so re-releasing.

• da67311a
  Revert "Add version 19.0.3 to releases" (Carl-Erik Kopseng)
• 84d5c82a
  Add version 19.0.3 to releases (Carl-Erik Kopseng)

Released by Carl-Erik Kopseng on 2025-03-19.

v19.0.3

Compare Source

Basically just documentation updates

• 1f1d3706
  Verifying links procedure (Carl-Erik Kopseng)
• 37623efc
  Catch latest two missing redirects (Carl-Erik Kopseng)
• 2404a45f
  Ignore ancient deadlinks to Sinon child projects in previous releases (Carl-Erik Kopseng)
• fba6f877
  Ignore historic links in changelog (Carl-Erik Kopseng)
• e3950d9b
  Fix external link (Carl-Erik Kopseng)
• 0be40825
  Fix the missing redirects to the migration guide (Carl-Erik Kopseng)
• 108fbca0
  Fix internal ../assertions link in source (Carl-Erik Kopseng)
• bb10e53a
  Fix spy-call reference in source (Carl-Erik Kopseng)
• ef582e31
  Remove bash-ism from Makefile (use POSIX) (Carl-Erik Kopseng)
• 7af1d235
  chore: remove .unimportedrc.json (Morgan Roderick)
• dfcad710
  chore: fix codecov upload (Morgan Roderick)

  We are seeing errors uploading coverage reports to codecov:

  Rate limit reached. Please upload with the Codecov repository upload token to resolve issue
  

  I've added a repository token, as instructed in https://docs.codecov.com/docs/adding-the-codecov-token.

  This changeset should fix the upload issue.

• 0ca2e49e
  fix: browser-test job fails in ubuntu-latest (Morgan Roderick)
• e9eb2eb2
  chore: remove unused unused job (Morgan Roderick)

  This crucial part of this workflow was removed in
  278e667, we should have removed the entire job.

• 278e667e
  chore: remove unimported (Morgan Roderick)

  The repository has been archived. See https://github.com/smeijer/unimported

• 9e30835b
  npm audit (Morgan Roderick)
• a74301cf
  chore: remove RunKit (Morgan Roderick)

  This service is dead.

• 80bc1d96
  Fix out-of-date fake-timers docs (#​2628) (Carl-Erik Kopseng)

  • Fix documentation issue for fake-timers mentioned in #​2625

  The docs were out of sync with the fake-timers docs.

  • Update dependencies before new patch version

• 527568cc
  Bump rexml from 3.3.7 to 3.3.9 (#​2626) (dependabot[bot])

  Bumps rexml from 3.3.7 to 3.3.9.

  • Release notes
  • Changelog
  • Commits

  ---

  updated-dependencies:

  • dependency-name: rexml

    dependency-type: indirect

  ...

  Signed-off-by: dependabot[bot] [email protected]

  Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@​users.noreply.github.com>

• ed029725
  Bump webrick from 1.8.1 to 1.8.2 (#​2623) (dependabot[bot])

  Bumps webrick from 1.8.1 to 1.8.2.

  • Release notes
  • Commits

  ---

  updated-dependencies:

  • dependency-name: webrick

    dependency-type: indirect

  ...

  Signed-off-by: dependabot[bot] [email protected]

  Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@​users.noreply.github.com>

Released by Carl-Erik Kopseng on 2025-03-19.

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[netlify]

✅ Deploy Preview for endearing-brigadeiros-63f9d0 canceled.

Name	Link
🔨 Latest commit	d2e9322
🔍 Latest deploy log	https://app.netlify.com/projects/endearing-brigadeiros-63f9d0/deploys/6864f27979fc240008c05589

[github-actions]

Dependency Review

The following issues were found:

• ✅ 0 vulnerable package(s)
• ✅ 0 package(s) with incompatible licenses
• ✅ 0 package(s) with invalid SPDX license definitions
• ⚠️ 1 package(s) with unknown licenses.

See the Details below.

License Issues

package.json

Package	Version	License	Issue Type
sinon	^20.0.0	Null	Unknown License

Allowed Licenses: MIT, MIT-0, Apache-2.0, BSD-3-Clause, BSD-3-Clause-Clear, ISC, BSD-2-Clause, Unlicense, CC0-1.0, 0BSD, X11, MPL-2.0, MPL-1.0, MPL-1.1, MPL-2.0, OFL-1.1, Zlib

Excluded from license check: pkg:npm/caniuse-lite

OpenSSF Scorecard

Package	Version	Score	Details
npm/@sinonjs/fake-timers	13.0.5	🟢 4.6	Details Check Score Reason Code-Review ⚠️ 2 Found 6/28 approved changesets -- score normalized to 2 Maintained ⚠️ 0 0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0 Binary-Artifacts 🟢 10 no binaries found in the repo Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Pinned-Dependencies 🟢 3 dependency not pinned by hash detected -- score normalized to 3 Security-Policy ⚠️ 0 security policy file not detected License 🟢 10 license file detected Fuzzing ⚠️ 0 project is not fuzzed Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Vulnerabilities 🟢 4 6 existing vulnerabilities detected
npm/sinon	20.0.0	🟢 5	Details Check Score Reason Code-Review 🟢 3 Found 7/21 approved changesets -- score normalized to 3 Maintained 🟢 5 5 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 5 Packaging ⚠️ -1 packaging workflow not detected Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 2 dependency not pinned by hash detected -- score normalized to 2 License 🟢 9 license file detected Security-Policy ⚠️ 0 security policy file not detected Fuzzing ⚠️ 0 project is not fuzzed Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Signed-Releases ⚠️ -1 no releases found SAST 🟢 3 SAST tool is not run on all commits -- score normalized to 3 Vulnerabilities ⚠️ 1 9 existing vulnerabilities detected
npm/sinon	^20.0.0	🟢 5	Details Check Score Reason Code-Review 🟢 3 Found 7/21 approved changesets -- score normalized to 3 Maintained 🟢 5 5 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 5 Packaging ⚠️ -1 packaging workflow not detected Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 2 dependency not pinned by hash detected -- score normalized to 2 License 🟢 9 license file detected Security-Policy ⚠️ 0 security policy file not detected Fuzzing ⚠️ 0 project is not fuzzed Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Signed-Releases ⚠️ -1 no releases found SAST 🟢 3 SAST tool is not run on all commits -- score normalized to 3 Vulnerabilities ⚠️ 1 9 existing vulnerabilities detected

Scanned Files

• package-lock.json
• package.json

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 76.78%. Comparing base (e262c0e) to head (d2e9322).
Report is 3 commits behind head on main.

Additional details and impacted files

@@           Coverage Diff           @@
##             main    #1078   +/-   ##
=======================================
  Coverage   76.78%   76.78%           
=======================================
  Files          55       55           
  Lines        2261     2261           
  Branches      251      251           
=======================================
  Hits         1736     1736           
  Misses        495      495           
  Partials       30       30           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.