Thomas Boop
6422c3bb5d
fix vuln
2024-08-15 16:17:49 -04:00
Rob Herley
56832696fc
npm audit fix
2024-07-03 17:03:40 +00:00
eggyhead
c01bc907ed
fixing https://github.com/advisories/GHSA-f5x3-32g6-xq36
2024-04-10 21:30:24 +00:00
Brian DeHamer
4ce4c767e2
npm audit fix
...
Signed-off-by: Brian DeHamer <bdehamer@github.com>
2024-03-22 12:44:24 -07:00
bethanyj28
b956d8a4dd
audit, lint, format
2024-02-22 17:55:53 -05:00
Vallie Joseph
d63a8c4d3f
updating package-json
2024-01-09 17:13:35 +00:00
Rob Herley
9e7201ff5b
audit fix
2023-11-20 16:51:13 +00:00
Rob Herley
8cd02dfabc
audit fix
2023-10-16 16:27:26 +00:00
Tatyana Kostromskaya
b2d5fa216f
update github package
2023-09-14 14:32:08 +00:00
Tatyana Kostromskaya
ce31408ff5
Update dependencies
2023-09-08 14:29:27 +00:00
Vallie Joseph
2461056696
Audit Fix ( #1480 )
...
* fixing audit failures
* replacing lerna bootstrap with npm command
* audit fix for cache and tool-cache
* updating tunnel
* upgrading core packages
* re-adding tunnel as prod dep
* updating dependencies
* updating exec deps
* updating exec io package
* .
* Revert
* updating packages
* adding core as dep
* updating learna config
* updating lerna commands
* Removing audit failing packages in cache + tool-cache
* updating contribution bootstrap description
* updating libraries
* prettier lint
* hiding stricter rules
* updating prettier command
* Removing unknown flag
* Adding eslint prettier
* ignoring sym links
* updating ignore path
* updating prettier rules
* changing prettier + github ver
* updating ts and ignores
* Revert ts
* Adding unknown ignores
* downgrading lerna
* .
* adding nx
* Adding lint auto lint rules
* updating eslint ignore for glob packages
* Adding subdirs to ignore
* adding flag for ignore pattern in linter
* Expanding ignore regex
* Adding ignore rules
* adding another ignore pattern to tsconfig eslint
* adding ignore pattern to eslintrc
* syncing package-json
* updating traverse
* .
* test adding core and http client to base package
* running npm ci
* adding tsconfig paths
* adding base URL
* Adding explicit path to core and http-client
* editing tsc call
* updating artifact packages
* force build
* updating lock file version
* updating lock file version
* upgrading node version
* Adding babel traverse back
* fixing build issue
* fixing typescript ver
* updating package json
* Adding ignore for artifact test
* adding ignore to flags
* unlink after test completes
* cleanup
* merge + package edit
2023-08-03 16:36:11 -04:00
dependabot[bot]
c6005c2a3c
Bump http-cache-semantics from 4.1.0 to 4.1.1
...
Bumps [http-cache-semantics](https://github.com/kornelski/http-cache-semantics ) from 4.1.0 to 4.1.1.
- [Release notes](https://github.com/kornelski/http-cache-semantics/releases )
- [Commits](https://github.com/kornelski/http-cache-semantics/compare/v4.1.0...v4.1.1 )
---
updated-dependencies:
- dependency-name: http-cache-semantics
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-02-03 04:52:15 +00:00
Ferenc Hammerl
4ea08312c6
Fix json5 vuln
2023-01-03 13:37:01 +01:00
Ferenc Hammerl
56c460630a
Fix audit
2022-12-14 01:27:55 +01:00
Ferenc Hammerl
c91bdbadbf
Update ts types to node16
2022-12-14 01:13:46 +01:00
Sankalp Kotewar
3fd7f664a6
Merge remote-tracking branch 'origin/main' into segment-download-timeout
2022-08-09 10:38:08 +00:00
Thomas Boop
30995490f2
Update lerna dependency. ( #1149 )
...
* fix audit
* update linter
2022-08-08 14:39:23 -04:00
Sankalp Kotewar
fe1ee8b6b4
Updated lerna to 5.3.0 due to audit reasons
2022-08-03 14:25:32 +00:00
Luke Tomlinson
d594f1e4b3
Fix npm audit ( #1040 )
2022-03-31 14:40:06 -04:00
Ashwin Sangem
58406447b5
Fixed toolkit audit by running npm audit fix.
2022-03-23 11:24:15 +00:00
Luke Tomlinson
6ce349e08c
Update High Severity Dev Dependencies ( #923 )
...
* Update deps
* More Updates
* Use npm 7
* Update package-lock.json
2021-10-14 09:20:09 -04:00
Thomas Boop
27f76dfe1a
Full release of actions/core 1.6.0 with oidc behavior ( #919 )
...
* OIDC Client for actions/core
Co-authored-by: Sourav Chanduka <souravchanduka37@gmail.com>
Co-authored-by: Sourav Chanduka <souravchanduka@users.noreply.github.com>
Co-authored-by: Tingluo Huang <tingluohuang@github.com>
2021-09-28 12:55:21 -04:00
Luke Tomlinson
ea81280a4d
Update release for core 1.5.0 ( #873 )
...
* Update release for core 1.5.0
* Update RELEASES.md
* Run npm audit fix
2021-08-18 09:26:19 -04:00
Brian Cristante
9167ce1f3a
Resolve vulnerabilities found by `npm audit` ( #846 )
2021-06-16 09:20:08 -04:00
dependabot[bot]
aa29345ae8
Bump ws from 7.2.3 to 7.4.6 ( #823 )
...
Bumps [ws](https://github.com/websockets/ws ) from 7.2.3 to 7.4.6.
- [Release notes](https://github.com/websockets/ws/releases )
- [Commits](https://github.com/websockets/ws/compare/7.2.3...7.4.6 )
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-06-01 09:50:25 -04:00
Thomas Boop
0d74e9080a
Re-enable the audit tools step and update dependencies ( #815 )
...
* update package versions
* run audit
* fix eslint config
* linter updates
* re-enable audit
* update timeouts test
* pass done into callback
* fix format
2021-05-21 09:19:40 -04:00
dependabot[bot]
1bafbed467
Bump lodash from 4.17.15 to 4.17.21 ( #801 )
...
Bumps [lodash](https://github.com/lodash/lodash ) from 4.17.15 to 4.17.21.
- [Release notes](https://github.com/lodash/lodash/releases )
- [Commits](https://github.com/lodash/lodash/compare/4.17.15...4.17.21 )
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-05-14 14:39:47 -04:00
dependabot[bot]
cac7db2d19
Bump handlebars from 4.5.3 to 4.7.7 ( #799 )
...
Bumps [handlebars](https://github.com/wycats/handlebars.js ) from 4.5.3 to 4.7.7.
- [Release notes](https://github.com/wycats/handlebars.js/releases )
- [Changelog](https://github.com/handlebars-lang/handlebars.js/blob/master/release-notes.md )
- [Commits](https://github.com/wycats/handlebars.js/compare/v4.5.3...v4.7.7 )
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-05-07 16:37:28 -04:00
dependabot[bot]
fecf6cdd59
Bump hosted-git-info from 2.7.1 to 2.8.9 ( #800 )
...
Bumps [hosted-git-info](https://github.com/npm/hosted-git-info ) from 2.7.1 to 2.8.9.
- [Release notes](https://github.com/npm/hosted-git-info/releases )
- [Changelog](https://github.com/npm/hosted-git-info/blob/v2.8.9/CHANGELOG.md )
- [Commits](https://github.com/npm/hosted-git-info/compare/v2.7.1...v2.8.9 )
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-05-07 14:17:30 -04:00
Thomas Boop
208fa83feb
Release @actions/github v.5.0.0 ( #783 )
...
* update latest octokit definitions
* update package versions
* update link in release notes
* update tsc version
2021-05-04 16:20:38 -04:00
dependabot[bot]
3512925c1c
Bump ssri from 6.0.1 to 6.0.2 ( #776 )
...
Bumps [ssri](https://github.com/npm/ssri ) from 6.0.1 to 6.0.2.
- [Release notes](https://github.com/npm/ssri/releases )
- [Changelog](https://github.com/npm/ssri/blob/v6.0.2/CHANGELOG.md )
- [Commits](https://github.com/npm/ssri/compare/v6.0.1...v6.0.2 )
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-04-27 10:06:31 -04:00
dependabot[bot]
fc00528337
Bump y18n from 4.0.0 to 4.0.1 ( #753 )
...
Bumps [y18n](https://github.com/yargs/y18n ) from 4.0.0 to 4.0.1.
- [Release notes](https://github.com/yargs/y18n/releases )
- [Changelog](https://github.com/yargs/y18n/blob/master/CHANGELOG.md )
- [Commits](https://github.com/yargs/y18n/commits )
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-04-02 12:41:01 -04:00
dependabot[bot]
228a9534d1
Bump ini from 1.3.5 to 1.3.7 ( #672 )
...
Bumps [ini](https://github.com/isaacs/ini ) from 1.3.5 to 1.3.7.
- [Release notes](https://github.com/isaacs/ini/releases )
- [Commits](https://github.com/isaacs/ini/compare/v1.3.5...v1.3.7 )
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-02-05 13:38:54 -05:00
dependabot[bot]
0bf9897205
Bump lodash from 4.17.15 to 4.17.19 ( #524 )
...
Bumps [lodash](https://github.com/lodash/lodash ) from 4.17.15 to 4.17.19.
- [Release notes](https://github.com/lodash/lodash/releases )
- [Commits](https://github.com/lodash/lodash/compare/4.17.15...4.17.19 )
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2020-07-16 16:56:22 -04:00
David Hadka
4964b0cc7c
Use Azure storage SDK to download cache ( #497 )
...
* Adds option to download using AzCopy
* Bump version number and add release notes
* Ensure we use at least v10
* Negate env var so it disables AzCopy
* Use Azure storage SDK to download cache
* Use same level of parallelism as AzCopy
* Fix naming of variable
* React to feedback
* Bump Node types to Node 12
* Make linter happy
* Pass options into restoreCache method
* Fix tests
* Restructure files and add tests
* Add method to get the default download and upload options
* Include breaking changes in RELEASES.md
Co-authored-by: Josh Gross <joshmgross@github.com>
2020-07-10 17:09:32 +02:00
Konrad Pabjan
1e88dec883
Update ts-jest to latest versions ( #419 )
2020-04-27 17:17:31 +02:00
Thomas Boop
3c125ce4e0
Update eslint to 2.2.7 ( #410 )
2020-04-13 10:19:49 -04:00
Thomas Boop
82fbe5da0f
Update jest to 25.1 ( #374 )
...
* Update jest to 25.1
* Update acorn to 6.4.1
* Update dependencies, run audit on all packages, update packagelock
* Remove package-lock dependencies
2020-03-09 14:17:29 -04:00
Bryan MacFarlane
2e88402d19
audit fix and update http-client ( #298 )
2020-01-10 16:37:48 -05:00
francisfuzz
4e69ce10e9
package-lock.json: update handlebars & uglify-js ( #279 )
2020-01-03 15:26:02 -05:00
Josh Gross
8a4134761f
Update to latest typescript version ( #274 )
2019-12-27 19:42:30 -05:00
eric sciple
f79897266e
fix errors during npm install ( #262 )
2019-12-17 12:48:13 -05:00
eric sciple
6c824bd448
Update jest and lerna to fix npm install warnings
2019-11-12 12:13:32 -05:00
Bryan MacFarlane
67eeeea9fa
use zip and unzip from path ( #161 )
2019-09-24 17:07:08 -04:00
Jonathan Clem
ebace7edd3
Bump TypeScript to 3.6.2
2019-09-05 10:03:10 -04:00
dependabot[bot]
e35e0e640b
Bump mixin-deep from 1.3.1 to 1.3.2 ( #95 )
...
Bumps [mixin-deep](https://github.com/jonschlinkert/mixin-deep ) from 1.3.1 to 1.3.2.
- [Release notes](https://github.com/jonschlinkert/mixin-deep/releases )
- [Commits](https://github.com/jonschlinkert/mixin-deep/compare/1.3.1...1.3.2 )
Signed-off-by: dependabot[bot] <support@github.com>
2019-08-28 09:45:33 -04:00
dependabot[bot]
ccf748b53b
Bump lodash.template from 4.4.0 to 4.5.0 ( #94 )
...
Bumps [lodash.template](https://github.com/lodash/lodash ) from 4.4.0 to 4.5.0.
- [Release notes](https://github.com/lodash/lodash/releases )
- [Commits](https://github.com/lodash/lodash/compare/4.4.0...4.5.0 )
Signed-off-by: dependabot[bot] <support@github.com>
2019-08-28 09:35:15 -04:00
dependabot[bot]
8caeee5d56
Bump tar from 2.2.1 to 2.2.2 ( #93 )
...
Bumps [tar](https://github.com/npm/node-tar ) from 2.2.1 to 2.2.2.
- [Release notes](https://github.com/npm/node-tar/releases )
- [Commits](https://github.com/npm/node-tar/compare/v2.2.1...v2.2.2 )
Signed-off-by: dependabot[bot] <support@github.com>
2019-08-28 09:34:59 -04:00
dependabot[bot]
b26ef29d75
Bump lodash from 4.17.11 to 4.17.15 ( #92 )
...
Bumps [lodash](https://github.com/lodash/lodash ) from 4.17.11 to 4.17.15.
- [Release notes](https://github.com/lodash/lodash/releases )
- [Commits](https://github.com/lodash/lodash/compare/4.17.11...4.17.15 )
Signed-off-by: dependabot[bot] <support@github.com>
2019-08-28 09:34:46 -04:00
dependabot[bot]
fba68de49e
Bump fstream from 1.0.11 to 1.0.12 ( #91 )
...
Bumps [fstream](https://github.com/npm/fstream ) from 1.0.11 to 1.0.12.
- [Release notes](https://github.com/npm/fstream/releases )
- [Commits](https://github.com/npm/fstream/compare/v1.0.11...v1.0.12 )
Signed-off-by: dependabot[bot] <support@github.com>
2019-08-28 09:34:34 -04:00