From 803934eca047e379f447096fe8ee202c9c496cf5 Mon Sep 17 00:00:00 2001 From: Bryan MacFarlane Date: Fri, 3 Jan 2020 17:54:10 -0500 Subject: [PATCH] audit security vulnerabilities as part of ci (#280) --- .github/workflows/unit-tests.yml | 6 ++++++ package.json | 1 + packages/core/package.json | 1 + packages/exec/package-lock.json | 4 ++-- packages/exec/package.json | 1 + packages/github/package.json | 1 + packages/glob/package-lock.json | 14 -------------- packages/glob/package.json | 1 + packages/io/package-lock.json | 2 +- packages/io/package.json | 1 + packages/tool-cache/package.json | 5 +++-- 11 files changed, 18 insertions(+), 19 deletions(-) diff --git a/.github/workflows/unit-tests.yml b/.github/workflows/unit-tests.yml index b9c23bff..2f192b63 100644 --- a/.github/workflows/unit-tests.yml +++ b/.github/workflows/unit-tests.yml @@ -47,3 +47,9 @@ jobs: - name: Format run: npm run format-check + + - name: audit tools + run: npm audit --audit-level=moderate + + - name: audit packages + run: npm run audit-all diff --git a/package.json b/package.json index c50ab127..5cfb35e1 100644 --- a/package.json +++ b/package.json @@ -2,6 +2,7 @@ "name": "root", "private": true, "scripts": { + "audit-all": "lerna run audit-moderate", "bootstrap": "lerna bootstrap", "build": "lerna run tsc", "check-all": "concurrently \"npm:format-check\" \"npm:lint\" \"npm:test\" \"npm:build -- -- --noEmit\"", diff --git a/packages/core/package.json b/packages/core/package.json index e84993c6..bdd06148 100644 --- a/packages/core/package.json +++ b/packages/core/package.json @@ -27,6 +27,7 @@ "directory": "packages/core" }, "scripts": { + "audit-moderate": "npm install && npm audit --audit-level=moderate", "test": "echo \"Error: run tests from root\" && exit 1", "tsc": "tsc" }, diff --git a/packages/exec/package-lock.json b/packages/exec/package-lock.json index ae5a0ad5..250508c7 100644 --- a/packages/exec/package-lock.json +++ b/packages/exec/package-lock.json @@ -1,11 +1,11 @@ { "name": "@actions/exec", - "version": "1.0.0", + "version": "1.0.2", "lockfileVersion": 1, "requires": true, "dependencies": { "@actions/io": { - "version": "1.0.0", + "version": "1.0.1", "dev": true } } diff --git a/packages/exec/package.json b/packages/exec/package.json index 42d9148b..0797a809 100644 --- a/packages/exec/package.json +++ b/packages/exec/package.json @@ -27,6 +27,7 @@ "directory": "packages/exec" }, "scripts": { + "audit-moderate": "npm install && npm audit --audit-level=moderate", "test": "echo \"Error: run tests from root\" && exit 1", "tsc": "tsc" }, diff --git a/packages/github/package.json b/packages/github/package.json index e49db4a4..b956d423 100644 --- a/packages/github/package.json +++ b/packages/github/package.json @@ -26,6 +26,7 @@ "directory": "packages/github" }, "scripts": { + "audit-moderate": "npm install && npm audit --audit-level=moderate", "test": "jest", "build": "tsc", "format": "prettier --write **/*.ts", diff --git a/packages/glob/package-lock.json b/packages/glob/package-lock.json index 3eb24c1b..a1e9ecc7 100644 --- a/packages/glob/package-lock.json +++ b/packages/glob/package-lock.json @@ -4,20 +4,6 @@ "lockfileVersion": 1, "requires": true, "dependencies": { - "balanced-match": { - "version": "1.0.0", - "resolved": "https://registry.npmjs.org/balanced-match/-/balanced-match-1.0.0.tgz", - "integrity": "sha1-ibTRmasr7kneFk6gK4nORi1xt2c=" - }, - "brace-expansion": { - "version": "1.1.11", - "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.11.tgz", - "integrity": "sha512-iCuPHDFgrHX7H2vEI/5xpz07zSHB00TpugqhmYtVmMO6518mCuRMoOYFldEBl0g187ufozdaHgWKcYFb61qGiA==", - "requires": { - "balanced-match": "^1.0.0", - "concat-map": "0.0.1" - } - }, "concat-map": { "version": "0.0.1", "resolved": "https://registry.npmjs.org/concat-map/-/concat-map-0.0.1.tgz", diff --git a/packages/glob/package.json b/packages/glob/package.json index 067d59c9..7b4c7800 100644 --- a/packages/glob/package.json +++ b/packages/glob/package.json @@ -28,6 +28,7 @@ "directory": "packages/glob" }, "scripts": { + "audit-moderate": "npm install && npm audit --audit-level=moderate", "test": "echo \"Error: run tests from root\" && exit 1", "tsc": "tsc" }, diff --git a/packages/io/package-lock.json b/packages/io/package-lock.json index 36c16d5b..4d44892f 100644 --- a/packages/io/package-lock.json +++ b/packages/io/package-lock.json @@ -1,5 +1,5 @@ { "name": "@actions/io", - "version": "1.0.0", + "version": "1.0.1", "lockfileVersion": 1 } diff --git a/packages/io/package.json b/packages/io/package.json index 9530062b..08dd3f84 100644 --- a/packages/io/package.json +++ b/packages/io/package.json @@ -27,6 +27,7 @@ "directory": "packages/io" }, "scripts": { + "audit-moderate": "npm install && npm audit --audit-level=moderate", "test": "echo \"Error: run tests from root\" && exit 1", "tsc": "tsc" }, diff --git a/packages/tool-cache/package.json b/packages/tool-cache/package.json index 84055222..9f58cc48 100644 --- a/packages/tool-cache/package.json +++ b/packages/tool-cache/package.json @@ -28,6 +28,7 @@ "directory": "packages/tool-cache" }, "scripts": { + "audit-moderate": "npm install && npm audit --audit-level=moderate", "test": "echo \"Error: run tests from root\" && exit 1", "tsc": "tsc" }, @@ -35,8 +36,8 @@ "url": "https://github.com/actions/toolkit/issues" }, "dependencies": { - "@actions/core": "^1.1.0", - "@actions/exec": "^1.0.1", + "@actions/core": "^1.2.0", + "@actions/exec": "^1.0.0", "@actions/io": "^1.0.1", "semver": "^6.1.0", "typed-rest-client": "^1.4.0",