chore(deps-dev): bump @pact-foundation/pact from 16.0.4 to 16.3.0

[dependabot]

Bumps @pact-foundation/pact from 16.0.4 to 16.3.0.

Release notes

Sourced from @​pact-foundation/pact's releases.

Release v16.3.0

16.3.0 (2026-03-11)

Features

• support pending, comments and test names on interactions (4746539)

Release v16.2.0

16.2.0 (2026-02-10)

Features

• add matching rules support to async and sync interactions (#1663) (ee4dc99)

Release v16.1.0

16.1.0 (2026-02-06)

Features

• add support for with_matching_rules and add example usage (#1640) (31a277b)

Fixes and Improvements

• deps: update dependency @​pact-foundation/pact-core to v18 (#1635) (1700f6f)

Changelog

Sourced from @​pact-foundation/pact's changelog.

16.3.0 (2026-03-11)

Features

• support pending, comments and test names on interactions (4746539)

16.2.0 (2026-02-10)

Features

• add matching rules support to async and sync interactions (#1663) (ee4dc99)

16.1.0 (2026-02-06)

Features

• add support for with_matching_rules and add example usage (#1640) (31a277b)

Fixes and Improvements

• deps: update dependency @​pact-foundation/pact-core to v18 (#1635) (1700f6f)

Commits

• 750bcbe chore(release): 16.3.0
• 4746539 feat: support pending, comments and test names on interactions
• 9cb753c V4 interaction metadata (#1693)
• 4788618 chore(deps): update dependency @​types/node to v24.12.0 (#1691)
• 5be418e chore(deps): lock file maintenance (#1690)
• 5e30577 chore(deps): update dependency @​types/node to v24.11.2 (#1689)
• 35e7453 chore(deps): update dependency sinon to v21.0.2 (#1688)
• e355b85 chore(deps): update actions/setup-node digest to 53b8394 (#1686)
• 716fd0b chore(deps): update dependency @​types/node to v24.11.0 (#1684)
• 6734dda chore(deps): lock file maintenance (#1683)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for @​pact-foundation/pact since your current version.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[github-actions]

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

Snapshot Warnings

⚠️: No snapshots were found for the head SHA 65ea797.

Ensure that dependencies are being submitted on PR branches and consider enabling retry-on-snapshot-warnings. See the documentation for more information and troubleshooting advice.

OpenSSF Scorecard

Package	Version	Score	Details
npm/@pact-foundation/pact	16.3.0	🟢 4.2	Details Check Score Reason Packaging ⚠️ -1 packaging workflow not detected Code-Review ⚠️ 0 Found 1/30 approved changesets -- score normalized to 0 Maintained 🟢 10 30 commit(s) and 7 issue activity found in the last 90 days -- score normalized to 10 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Binary-Artifacts 🟢 10 no binaries found in the repo CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 9 license file detected Signed-Releases ⚠️ -1 no releases found Security-Policy ⚠️ 0 security policy file not detected Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Pinned-Dependencies 🟢 7 dependency not pinned by hash detected -- score normalized to 7 SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
npm/@pact-foundation/pact-core	19.1.0	🟢 3.9	Details Check Score Reason Code-Review ⚠️ 0 Found 2/26 approved changesets -- score normalized to 0 Maintained 🟢 10 30 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Binary-Artifacts 🟢 10 no binaries found in the repo Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Pinned-Dependencies 🟢 7 dependency not pinned by hash detected -- score normalized to 7 Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Security-Policy ⚠️ 0 security policy file not detected Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Signed-Releases ⚠️ 0 Project has not signed or included provenance with any releases. SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
npm/@pact-foundation/pact-core-darwin-arm64	19.1.0	🟢 3.9	Details Check Score Reason Code-Review ⚠️ 0 Found 2/26 approved changesets -- score normalized to 0 Maintained 🟢 10 30 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Binary-Artifacts 🟢 10 no binaries found in the repo Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Pinned-Dependencies 🟢 7 dependency not pinned by hash detected -- score normalized to 7 Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Security-Policy ⚠️ 0 security policy file not detected Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Signed-Releases ⚠️ 0 Project has not signed or included provenance with any releases. SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
npm/@pact-foundation/pact-core-darwin-x64	19.1.0	🟢 3.9	Details Check Score Reason Code-Review ⚠️ 0 Found 2/26 approved changesets -- score normalized to 0 Maintained 🟢 10 30 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Binary-Artifacts 🟢 10 no binaries found in the repo Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Pinned-Dependencies 🟢 7 dependency not pinned by hash detected -- score normalized to 7 Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Security-Policy ⚠️ 0 security policy file not detected Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Signed-Releases ⚠️ 0 Project has not signed or included provenance with any releases. SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
npm/@pact-foundation/pact-core-linux-arm64-glibc	19.1.0	🟢 3.9	Details Check Score Reason Code-Review ⚠️ 0 Found 2/26 approved changesets -- score normalized to 0 Maintained 🟢 10 30 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Binary-Artifacts 🟢 10 no binaries found in the repo Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Pinned-Dependencies 🟢 7 dependency not pinned by hash detected -- score normalized to 7 Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Security-Policy ⚠️ 0 security policy file not detected Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Signed-Releases ⚠️ 0 Project has not signed or included provenance with any releases. SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
npm/@pact-foundation/pact-core-linux-arm64-musl	19.1.0	🟢 3.9	Details Check Score Reason Code-Review ⚠️ 0 Found 2/26 approved changesets -- score normalized to 0 Maintained 🟢 10 30 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Binary-Artifacts 🟢 10 no binaries found in the repo Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Pinned-Dependencies 🟢 7 dependency not pinned by hash detected -- score normalized to 7 Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Security-Policy ⚠️ 0 security policy file not detected Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Signed-Releases ⚠️ 0 Project has not signed or included provenance with any releases. SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
npm/@pact-foundation/pact-core-linux-x64-glibc	19.1.0	🟢 3.9	Details Check Score Reason Code-Review ⚠️ 0 Found 2/26 approved changesets -- score normalized to 0 Maintained 🟢 10 30 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Binary-Artifacts 🟢 10 no binaries found in the repo Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Pinned-Dependencies 🟢 7 dependency not pinned by hash detected -- score normalized to 7 Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Security-Policy ⚠️ 0 security policy file not detected Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Signed-Releases ⚠️ 0 Project has not signed or included provenance with any releases. SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
npm/@pact-foundation/pact-core-linux-x64-musl	19.1.0	🟢 3.9	Details Check Score Reason Code-Review ⚠️ 0 Found 2/26 approved changesets -- score normalized to 0 Maintained 🟢 10 30 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Binary-Artifacts 🟢 10 no binaries found in the repo Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Pinned-Dependencies 🟢 7 dependency not pinned by hash detected -- score normalized to 7 Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Security-Policy ⚠️ 0 security policy file not detected Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Signed-Releases ⚠️ 0 Project has not signed or included provenance with any releases. SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
npm/@pact-foundation/pact-core-windows-x64	19.1.0	🟢 3.9	Details Check Score Reason Code-Review ⚠️ 0 Found 2/26 approved changesets -- score normalized to 0 Maintained 🟢 10 30 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Binary-Artifacts 🟢 10 no binaries found in the repo Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Pinned-Dependencies 🟢 7 dependency not pinned by hash detected -- score normalized to 7 Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Security-Policy ⚠️ 0 security policy file not detected Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Signed-Releases ⚠️ 0 Project has not signed or included provenance with any releases. SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
npm/underscore	1.13.8	🟢 6.1	Details Check Score Reason Code-Review ⚠️ 1 Found 4/21 approved changesets -- score normalized to 1 Packaging ⚠️ -1 packaging workflow not detected Token-Permissions 🟢 9 detected GitHub workflow tokens with excessive permissions Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Security-Policy 🟢 10 security policy file detected Maintained 🟢 10 25 commit(s) and 5 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 License 🟢 10 license file detected Fuzzing ⚠️ 0 project is not fuzzed Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches SAST 🟢 8 SAST tool detected but not run on all commits

Scanned Files

• package-lock.json

[github-actions]

🐳 Docker Image Size Comparison

Branch	Size
Base (main)	396MB
PR (dependabot/npm_and_yarn/pact-foundation/pact-16.3.0)	396MB

---

💡 Tip: Keep image size small using multi-stage builds and .dockerignore