audit security vulnerabilities as part of ci (#280)

.github/workflows/unit-tests.yml

@@ -47,3 +47,9 @@ jobs:
 
     - name: Format
       run: npm run format-check
+
+    - name: audit tools
+      run: npm audit --audit-level=moderate
+
+    - name: audit packages
+      run: npm run audit-all

package.json

@@ -2,6 +2,7 @@
   "name": "root",
   "private": true,
   "scripts": {
+    "audit-all": "lerna run audit-moderate",
     "bootstrap": "lerna bootstrap",
     "build": "lerna run tsc",
     "check-all": "concurrently \"npm:format-check\" \"npm:lint\" \"npm:test\" \"npm:build -- -- --noEmit\"",

packages/core/package.json

@@ -27,6 +27,7 @@
     "directory": "packages/core"
   },
   "scripts": {
+    "audit-moderate": "npm install && npm audit --audit-level=moderate",
     "test": "echo \"Error: run tests from root\" && exit 1",
     "tsc": "tsc"
   },

packages/exec/package-lock.json

@@ -1,11 +1,11 @@
 {
   "name": "@actions/exec",
-  "version": "1.0.0",
+  "version": "1.0.2",
   "lockfileVersion": 1,
   "requires": true,
   "dependencies": {
     "@actions/io": {
-      "version": "1.0.0",
+      "version": "1.0.1",
       "dev": true
     }
   }

packages/exec/package.json

@@ -27,6 +27,7 @@
     "directory": "packages/exec"
   },
   "scripts": {
+    "audit-moderate": "npm install && npm audit --audit-level=moderate",
     "test": "echo \"Error: run tests from root\" && exit 1",
     "tsc": "tsc"
   },

packages/github/package.json

@@ -26,6 +26,7 @@
     "directory": "packages/github"
   },
   "scripts": {
+    "audit-moderate": "npm install && npm audit --audit-level=moderate",
     "test": "jest",
     "build": "tsc",
     "format": "prettier --write **/*.ts",

packages/glob/package-lock.json

@@ -4,20 +4,6 @@
 	"lockfileVersion": 1,
 	"requires": true,
 	"dependencies": {
-		"balanced-match": {
-			"version": "1.0.0",
-			"resolved": "https://registry.npmjs.org/balanced-match/-/balanced-match-1.0.0.tgz",
-			"integrity": "sha1-ibTRmasr7kneFk6gK4nORi1xt2c="
-		},
-		"brace-expansion": {
-			"version": "1.1.11",
-			"resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.11.tgz",
-			"integrity": "sha512-iCuPHDFgrHX7H2vEI/5xpz07zSHB00TpugqhmYtVmMO6518mCuRMoOYFldEBl0g187ufozdaHgWKcYFb61qGiA==",
-			"requires": {
-				"balanced-match": "^1.0.0",
-				"concat-map": "0.0.1"
-			}
-		},
 		"concat-map": {
 			"version": "0.0.1",
 			"resolved": "https://registry.npmjs.org/concat-map/-/concat-map-0.0.1.tgz",

packages/glob/package.json

@@ -28,6 +28,7 @@
     "directory": "packages/glob"
   },
   "scripts": {
+    "audit-moderate": "npm install && npm audit --audit-level=moderate",
     "test": "echo \"Error: run tests from root\" && exit 1",
     "tsc": "tsc"
   },

packages/io/package-lock.json

@@ -1,5 +1,5 @@
 {
   "name": "@actions/io",
-  "version": "1.0.0",
+  "version": "1.0.1",
   "lockfileVersion": 1
 }

packages/io/package.json

@@ -27,6 +27,7 @@
     "directory": "packages/io"
   },
   "scripts": {
+    "audit-moderate": "npm install && npm audit --audit-level=moderate",
     "test": "echo \"Error: run tests from root\" && exit 1",
     "tsc": "tsc"
   },

packages/tool-cache/package.json

@@ -28,6 +28,7 @@
     "directory": "packages/tool-cache"
   },
   "scripts": {
+    "audit-moderate": "npm install && npm audit --audit-level=moderate",
     "test": "echo \"Error: run tests from root\" && exit 1",
     "tsc": "tsc"
   },
@@ -35,8 +36,8 @@
     "url": "https://github.com/actions/toolkit/issues"
   },
   "dependencies": {
-    "@actions/core": "^1.1.0",
+    "@actions/core": "^1.2.0",
-    "@actions/exec": "^1.0.1",
+    "@actions/exec": "^1.0.0",
     "@actions/io": "^1.0.1",
     "semver": "^6.1.0",
     "typed-rest-client": "^1.4.0",