actions
/
toolkit
mirror of https://github.com/actions/toolkit
1
0
Fork 0
Code
916 Commits
164 Branches
18 Tags
27 MiB
Commit Graph

66 Commits (vmjoseph/audit-fix-2)

Author SHA1 Message Date
Vallie Joseph 04f5e0c4bd gloabl uuid upgrade 2023-07-31 20:16:45 +00:00
Vallie Joseph 758362f376 Adding proxy 2023-07-31 19:12:52 +00:00
Vallie Joseph c14f4d8d90 adding nock 2023-07-31 19:08:27 +00:00
Vallie Joseph a9c979ebb1 Adding uuid types 2023-07-31 19:05:32 +00:00
Vallie Joseph 5361052c88 Adding uuid package 2023-07-31 18:48:16 +00:00
Vallie Joseph 7a7052f1e6 trying more dep downloads 2023-07-31 18:45:18 +00:00
Vallie Joseph ffd504ff70 Adding other deps to main package.json 2023-07-31 18:06:33 +00:00
Vallie Joseph 132a8a43ad . 2023-07-31 17:58:18 +00:00
Vallie Joseph bc702ed972 clear cache 2023-07-31 17:41:01 +00:00
Vallie Joseph ff13a7d7ff updating json with lower node ver 2023-07-31 15:41:11 +00:00
Vallie Joseph b3ac2cb042 Revert exec deps 2023-07-31 15:26:49 +00:00
Vallie Joseph 569e038d97 updating base packages 2023-07-31 15:01:19 +00:00
Vallie Joseph 928e1e68e8 updating packages to dep instead of dev dep 2023-07-31 14:34:47 +00:00
Vallie Joseph 8350ad95a6 updating vuln packages 2023-07-31 13:43:00 +00:00
Vallie Joseph 903fa9e061 bumping artifact typescript ver 2023-07-28 15:19:20 +00:00
Vallie Joseph ba96334e72 upgrading typescript; fixing audit issues 2023-07-28 05:43:32 +00:00
Vallie Joseph 3a9ebfb229 minimal audit-fix 2023-07-28 04:13:36 +00:00
dependabot[bot] c6005c2a3c
Bump http-cache-semantics from 4.1.0 to 4.1.1 
Bumps [http-cache-semantics](https://github.com/kornelski/http-cache-semantics) from 4.1.0 to 4.1.1.
- [Release notes](https://github.com/kornelski/http-cache-semantics/releases)
- [Commits](https://github.com/kornelski/http-cache-semantics/compare/v4.1.0...v4.1.1)

---
updated-dependencies:
- dependency-name: http-cache-semantics
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-02-03 04:52:15 +00:00
Ferenc Hammerl 4ea08312c6 Fix json5 vuln 2023-01-03 13:37:01 +01:00
Ferenc Hammerl 56c460630a Fix audit 2022-12-14 01:27:55 +01:00
Ferenc Hammerl c91bdbadbf Update ts types to node16 2022-12-14 01:13:46 +01:00
Sankalp Kotewar 3fd7f664a6 Merge remote-tracking branch 'origin/main' into segment-download-timeout 2022-08-09 10:38:08 +00:00
Thomas Boop 30995490f2
Update lerna dependency. (#1149) 
* fix audit

* update linter
 2022-08-08 14:39:23 -04:00
Sankalp Kotewar fe1ee8b6b4 Updated lerna to 5.3.0 due to audit reasons 2022-08-03 14:25:32 +00:00
Luke Tomlinson d594f1e4b3
Fix npm audit (#1040) 2022-03-31 14:40:06 -04:00
Ashwin Sangem 58406447b5 Fixed toolkit audit by running npm audit fix. 2022-03-23 11:24:15 +00:00
Luke Tomlinson 6ce349e08c
Update High Severity Dev Dependencies (#923) 
* Update deps

* More Updates

* Use npm 7

* Update package-lock.json
 2021-10-14 09:20:09 -04:00
Thomas Boop 27f76dfe1a
Full release of actions/core 1.6.0 with oidc behavior (#919) 
* OIDC Client for actions/core

Co-authored-by: Sourav Chanduka <souravchanduka37@gmail.com>
Co-authored-by: Sourav Chanduka <souravchanduka@users.noreply.github.com>
Co-authored-by: Tingluo Huang <tingluohuang@github.com>
 2021-09-28 12:55:21 -04:00
Luke Tomlinson ea81280a4d
Update release for core 1.5.0 (#873) 
* Update release for core 1.5.0

* Update RELEASES.md

* Run npm audit fix
 2021-08-18 09:26:19 -04:00
Brian Cristante 9167ce1f3a
Resolve vulnerabilities found by `npm audit` (#846) 2021-06-16 09:20:08 -04:00
dependabot[bot] aa29345ae8
Bump ws from 7.2.3 to 7.4.6 (#823) 
Bumps [ws](https://github.com/websockets/ws) from 7.2.3 to 7.4.6.
- [Release notes](https://github.com/websockets/ws/releases)
- [Commits](https://github.com/websockets/ws/compare/7.2.3...7.4.6)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2021-06-01 09:50:25 -04:00
Thomas Boop 0d74e9080a
Re-enable the audit tools step and update dependencies (#815) 
* update package versions

* run audit

* fix eslint config

* linter updates

* re-enable audit

* update timeouts test

* pass done into callback

* fix format
 2021-05-21 09:19:40 -04:00
dependabot[bot] 1bafbed467
Bump lodash from 4.17.15 to 4.17.21 (#801) 
Bumps [lodash](https://github.com/lodash/lodash) from 4.17.15 to 4.17.21.
- [Release notes](https://github.com/lodash/lodash/releases)
- [Commits](https://github.com/lodash/lodash/compare/4.17.15...4.17.21)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2021-05-14 14:39:47 -04:00
dependabot[bot] cac7db2d19
Bump handlebars from 4.5.3 to 4.7.7 (#799) 
Bumps [handlebars](https://github.com/wycats/handlebars.js) from 4.5.3 to 4.7.7.
- [Release notes](https://github.com/wycats/handlebars.js/releases)
- [Changelog](https://github.com/handlebars-lang/handlebars.js/blob/master/release-notes.md)
- [Commits](https://github.com/wycats/handlebars.js/compare/v4.5.3...v4.7.7)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2021-05-07 16:37:28 -04:00
dependabot[bot] fecf6cdd59
Bump hosted-git-info from 2.7.1 to 2.8.9 (#800) 
Bumps [hosted-git-info](https://github.com/npm/hosted-git-info) from 2.7.1 to 2.8.9.
- [Release notes](https://github.com/npm/hosted-git-info/releases)
- [Changelog](https://github.com/npm/hosted-git-info/blob/v2.8.9/CHANGELOG.md)
- [Commits](https://github.com/npm/hosted-git-info/compare/v2.7.1...v2.8.9)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2021-05-07 14:17:30 -04:00
Thomas Boop 208fa83feb
Release @actions/github v.5.0.0 (#783) 
* update latest octokit definitions

* update package versions

* update link in release notes

* update tsc version
 2021-05-04 16:20:38 -04:00
dependabot[bot] 3512925c1c
Bump ssri from 6.0.1 to 6.0.2 (#776) 
Bumps [ssri](https://github.com/npm/ssri) from 6.0.1 to 6.0.2.
- [Release notes](https://github.com/npm/ssri/releases)
- [Changelog](https://github.com/npm/ssri/blob/v6.0.2/CHANGELOG.md)
- [Commits](https://github.com/npm/ssri/compare/v6.0.1...v6.0.2)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2021-04-27 10:06:31 -04:00
dependabot[bot] fc00528337
Bump y18n from 4.0.0 to 4.0.1 (#753) 
Bumps [y18n](https://github.com/yargs/y18n) from 4.0.0 to 4.0.1.
- [Release notes](https://github.com/yargs/y18n/releases)
- [Changelog](https://github.com/yargs/y18n/blob/master/CHANGELOG.md)
- [Commits](https://github.com/yargs/y18n/commits)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2021-04-02 12:41:01 -04:00
dependabot[bot] 228a9534d1
Bump ini from 1.3.5 to 1.3.7 (#672) 
Bumps [ini](https://github.com/isaacs/ini) from 1.3.5 to 1.3.7.
- [Release notes](https://github.com/isaacs/ini/releases)
- [Commits](https://github.com/isaacs/ini/compare/v1.3.5...v1.3.7)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2021-02-05 13:38:54 -05:00
dependabot[bot] 0bf9897205
Bump lodash from 4.17.15 to 4.17.19 (#524) 
Bumps [lodash](https://github.com/lodash/lodash) from 4.17.15 to 4.17.19.
- [Release notes](https://github.com/lodash/lodash/releases)
- [Commits](https://github.com/lodash/lodash/compare/4.17.15...4.17.19)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2020-07-16 16:56:22 -04:00
David Hadka 4964b0cc7c
Use Azure storage SDK to download cache (#497) 
* Adds option to download using AzCopy

* Bump version number and add release notes

* Ensure we use at least v10

* Negate env var so it disables AzCopy

* Use Azure storage SDK to download cache

* Use same level of parallelism as AzCopy

* Fix naming of variable

* React to feedback

* Bump Node types to Node 12

* Make linter happy

* Pass options into restoreCache method

* Fix tests

* Restructure files and add tests

* Add method to get the default download and upload options

* Include breaking changes in RELEASES.md

Co-authored-by: Josh Gross <joshmgross@github.com>
 2020-07-10 17:09:32 +02:00
Konrad Pabjan 1e88dec883
Update ts-jest to latest versions (#419) 2020-04-27 17:17:31 +02:00
Thomas Boop 3c125ce4e0
Update eslint to 2.2.7 (#410) 2020-04-13 10:19:49 -04:00
Thomas Boop 82fbe5da0f
Update jest to 25.1 (#374) 
* Update jest to 25.1

* Update acorn to 6.4.1

* Update dependencies, run audit on all packages, update packagelock

* Remove package-lock dependencies
 2020-03-09 14:17:29 -04:00
Bryan MacFarlane 2e88402d19
audit fix and update http-client (#298) 2020-01-10 16:37:48 -05:00
francisfuzz 4e69ce10e9 package-lock.json: update handlebars & uglify-js (#279) 2020-01-03 15:26:02 -05:00
Josh Gross 8a4134761f Update to latest typescript version (#274) 2019-12-27 19:42:30 -05:00
eric sciple f79897266e
fix errors during npm install (#262) 2019-12-17 12:48:13 -05:00
eric sciple 6c824bd448 Update jest and lerna to fix npm install warnings 2019-11-12 12:13:32 -05:00
Bryan MacFarlane 67eeeea9fa
use zip and unzip from path (#161) 2019-09-24 17:07:08 -04:00