1
0
Fork 0
Commit Graph

58 Commits (cec923457de63a9b3210d0f953ae5cfc4f209653)

Author SHA1 Message Date
eggyhead c01bc907ed fixing https://github.com/advisories/GHSA-f5x3-32g6-xq36 2024-04-10 21:30:24 +00:00
Brian DeHamer 4ce4c767e2
npm audit fix
Signed-off-by: Brian DeHamer <bdehamer@github.com>
2024-03-22 12:44:24 -07:00
bethanyj28 b956d8a4dd audit, lint, format 2024-02-22 17:55:53 -05:00
Vallie Joseph d63a8c4d3f updating package-json 2024-01-09 17:13:35 +00:00
Rob Herley 9e7201ff5b
audit fix 2023-11-20 16:51:13 +00:00
Rob Herley 8cd02dfabc
audit fix 2023-10-16 16:27:26 +00:00
Tatyana Kostromskaya b2d5fa216f update github package 2023-09-14 14:32:08 +00:00
Tatyana Kostromskaya ce31408ff5 Update dependencies 2023-09-08 14:29:27 +00:00
Vallie Joseph 2461056696
Audit Fix (#1480)
* fixing audit failures

* replacing lerna bootstrap with npm command

* audit fix for cache and tool-cache

* updating tunnel

* upgrading core packages

* re-adding tunnel as prod dep

* updating dependencies

* updating exec deps

* updating exec io package

* .

* Revert

* updating packages

* adding core as dep

* updating learna config

* updating lerna commands

* Removing audit failing packages in cache + tool-cache

* updating contribution bootstrap description

* updating libraries

* prettier lint

* hiding stricter rules

* updating prettier command

* Removing unknown flag

* Adding eslint prettier

* ignoring sym links

* updating ignore path

* updating prettier rules

* changing prettier + github ver

* updating ts and ignores

* Revert ts

* Adding unknown ignores

* downgrading lerna

* .

* adding nx

* Adding lint auto lint rules

* updating eslint ignore for glob packages

* Adding subdirs to ignore

* adding flag for ignore pattern in linter

* Expanding ignore regex

* Adding ignore rules

* adding another ignore pattern to tsconfig eslint

* adding ignore pattern to eslintrc

* syncing package-json

* updating traverse

* .

* test adding core and http client to base package

* running npm ci

* adding tsconfig paths

* adding base URL

* Adding explicit path to core and http-client

* editing tsc call

* updating artifact packages

* force build

* updating lock file version

* updating lock file version

* upgrading node version

* Adding babel traverse back

* fixing build issue

* fixing typescript ver

* updating package json

* Adding ignore for artifact test

* adding ignore to flags

* unlink after test completes

* cleanup

* merge + package edit
2023-08-03 16:36:11 -04:00
dependabot[bot] c6005c2a3c
Bump http-cache-semantics from 4.1.0 to 4.1.1
Bumps [http-cache-semantics](https://github.com/kornelski/http-cache-semantics) from 4.1.0 to 4.1.1.
- [Release notes](https://github.com/kornelski/http-cache-semantics/releases)
- [Commits](https://github.com/kornelski/http-cache-semantics/compare/v4.1.0...v4.1.1)

---
updated-dependencies:
- dependency-name: http-cache-semantics
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-02-03 04:52:15 +00:00
Ferenc Hammerl 4ea08312c6 Fix json5 vuln 2023-01-03 13:37:01 +01:00
Ferenc Hammerl 56c460630a Fix audit 2022-12-14 01:27:55 +01:00
Ferenc Hammerl c91bdbadbf Update ts types to node16 2022-12-14 01:13:46 +01:00
Sankalp Kotewar 3fd7f664a6 Merge remote-tracking branch 'origin/main' into segment-download-timeout 2022-08-09 10:38:08 +00:00
Thomas Boop 30995490f2
Update lerna dependency. (#1149)
* fix audit

* update linter
2022-08-08 14:39:23 -04:00
Sankalp Kotewar fe1ee8b6b4 Updated lerna to 5.3.0 due to audit reasons 2022-08-03 14:25:32 +00:00
Luke Tomlinson d594f1e4b3
Fix npm audit (#1040) 2022-03-31 14:40:06 -04:00
Ashwin Sangem 58406447b5 Fixed toolkit audit by running npm audit fix. 2022-03-23 11:24:15 +00:00
Luke Tomlinson 6ce349e08c
Update High Severity Dev Dependencies (#923)
* Update deps

* More Updates

* Use npm 7

* Update package-lock.json
2021-10-14 09:20:09 -04:00
Thomas Boop 27f76dfe1a
Full release of actions/core 1.6.0 with oidc behavior (#919)
* OIDC Client for actions/core

Co-authored-by: Sourav Chanduka <souravchanduka37@gmail.com>
Co-authored-by: Sourav Chanduka <souravchanduka@users.noreply.github.com>
Co-authored-by: Tingluo Huang <tingluohuang@github.com>
2021-09-28 12:55:21 -04:00
Luke Tomlinson ea81280a4d
Update release for core 1.5.0 (#873)
* Update release for core 1.5.0

* Update RELEASES.md

* Run npm audit fix
2021-08-18 09:26:19 -04:00
Brian Cristante 9167ce1f3a
Resolve vulnerabilities found by `npm audit` (#846) 2021-06-16 09:20:08 -04:00
dependabot[bot] aa29345ae8
Bump ws from 7.2.3 to 7.4.6 (#823)
Bumps [ws](https://github.com/websockets/ws) from 7.2.3 to 7.4.6.
- [Release notes](https://github.com/websockets/ws/releases)
- [Commits](https://github.com/websockets/ws/compare/7.2.3...7.4.6)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-06-01 09:50:25 -04:00
Thomas Boop 0d74e9080a
Re-enable the audit tools step and update dependencies (#815)
* update package versions

* run audit

* fix eslint config

* linter updates

* re-enable audit

* update timeouts test

* pass done into callback

* fix format
2021-05-21 09:19:40 -04:00
dependabot[bot] 1bafbed467
Bump lodash from 4.17.15 to 4.17.21 (#801)
Bumps [lodash](https://github.com/lodash/lodash) from 4.17.15 to 4.17.21.
- [Release notes](https://github.com/lodash/lodash/releases)
- [Commits](https://github.com/lodash/lodash/compare/4.17.15...4.17.21)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-05-14 14:39:47 -04:00
dependabot[bot] cac7db2d19
Bump handlebars from 4.5.3 to 4.7.7 (#799)
Bumps [handlebars](https://github.com/wycats/handlebars.js) from 4.5.3 to 4.7.7.
- [Release notes](https://github.com/wycats/handlebars.js/releases)
- [Changelog](https://github.com/handlebars-lang/handlebars.js/blob/master/release-notes.md)
- [Commits](https://github.com/wycats/handlebars.js/compare/v4.5.3...v4.7.7)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-05-07 16:37:28 -04:00
dependabot[bot] fecf6cdd59
Bump hosted-git-info from 2.7.1 to 2.8.9 (#800)
Bumps [hosted-git-info](https://github.com/npm/hosted-git-info) from 2.7.1 to 2.8.9.
- [Release notes](https://github.com/npm/hosted-git-info/releases)
- [Changelog](https://github.com/npm/hosted-git-info/blob/v2.8.9/CHANGELOG.md)
- [Commits](https://github.com/npm/hosted-git-info/compare/v2.7.1...v2.8.9)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-05-07 14:17:30 -04:00
Thomas Boop 208fa83feb
Release @actions/github v.5.0.0 (#783)
* update latest octokit definitions

* update package versions

* update link in release notes

* update tsc version
2021-05-04 16:20:38 -04:00
dependabot[bot] 3512925c1c
Bump ssri from 6.0.1 to 6.0.2 (#776)
Bumps [ssri](https://github.com/npm/ssri) from 6.0.1 to 6.0.2.
- [Release notes](https://github.com/npm/ssri/releases)
- [Changelog](https://github.com/npm/ssri/blob/v6.0.2/CHANGELOG.md)
- [Commits](https://github.com/npm/ssri/compare/v6.0.1...v6.0.2)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-04-27 10:06:31 -04:00
dependabot[bot] fc00528337
Bump y18n from 4.0.0 to 4.0.1 (#753)
Bumps [y18n](https://github.com/yargs/y18n) from 4.0.0 to 4.0.1.
- [Release notes](https://github.com/yargs/y18n/releases)
- [Changelog](https://github.com/yargs/y18n/blob/master/CHANGELOG.md)
- [Commits](https://github.com/yargs/y18n/commits)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-04-02 12:41:01 -04:00
dependabot[bot] 228a9534d1
Bump ini from 1.3.5 to 1.3.7 (#672)
Bumps [ini](https://github.com/isaacs/ini) from 1.3.5 to 1.3.7.
- [Release notes](https://github.com/isaacs/ini/releases)
- [Commits](https://github.com/isaacs/ini/compare/v1.3.5...v1.3.7)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-02-05 13:38:54 -05:00
dependabot[bot] 0bf9897205
Bump lodash from 4.17.15 to 4.17.19 (#524)
Bumps [lodash](https://github.com/lodash/lodash) from 4.17.15 to 4.17.19.
- [Release notes](https://github.com/lodash/lodash/releases)
- [Commits](https://github.com/lodash/lodash/compare/4.17.15...4.17.19)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2020-07-16 16:56:22 -04:00
David Hadka 4964b0cc7c
Use Azure storage SDK to download cache (#497)
* Adds option to download using AzCopy

* Bump version number and add release notes

* Ensure we use at least v10

* Negate env var so it disables AzCopy

* Use Azure storage SDK to download cache

* Use same level of parallelism as AzCopy

* Fix naming of variable

* React to feedback

* Bump Node types to Node 12

* Make linter happy

* Pass options into restoreCache method

* Fix tests

* Restructure files and add tests

* Add method to get the default download and upload options

* Include breaking changes in RELEASES.md

Co-authored-by: Josh Gross <joshmgross@github.com>
2020-07-10 17:09:32 +02:00
Konrad Pabjan 1e88dec883
Update ts-jest to latest versions (#419) 2020-04-27 17:17:31 +02:00
Thomas Boop 3c125ce4e0
Update eslint to 2.2.7 (#410) 2020-04-13 10:19:49 -04:00
Thomas Boop 82fbe5da0f
Update jest to 25.1 (#374)
* Update jest to 25.1

* Update acorn to 6.4.1

* Update dependencies, run audit on all packages, update packagelock

* Remove package-lock dependencies
2020-03-09 14:17:29 -04:00
Bryan MacFarlane 2e88402d19
audit fix and update http-client (#298) 2020-01-10 16:37:48 -05:00
francisfuzz 4e69ce10e9 package-lock.json: update handlebars & uglify-js (#279) 2020-01-03 15:26:02 -05:00
Josh Gross 8a4134761f Update to latest typescript version (#274) 2019-12-27 19:42:30 -05:00
eric sciple f79897266e
fix errors during npm install (#262) 2019-12-17 12:48:13 -05:00
eric sciple 6c824bd448 Update jest and lerna to fix npm install warnings 2019-11-12 12:13:32 -05:00
Bryan MacFarlane 67eeeea9fa
use zip and unzip from path (#161) 2019-09-24 17:07:08 -04:00
Jonathan Clem ebace7edd3
Bump TypeScript to 3.6.2 2019-09-05 10:03:10 -04:00
dependabot[bot] e35e0e640b Bump mixin-deep from 1.3.1 to 1.3.2 (#95)
Bumps [mixin-deep](https://github.com/jonschlinkert/mixin-deep) from 1.3.1 to 1.3.2.
- [Release notes](https://github.com/jonschlinkert/mixin-deep/releases)
- [Commits](https://github.com/jonschlinkert/mixin-deep/compare/1.3.1...1.3.2)

Signed-off-by: dependabot[bot] <support@github.com>
2019-08-28 09:45:33 -04:00
dependabot[bot] ccf748b53b Bump lodash.template from 4.4.0 to 4.5.0 (#94)
Bumps [lodash.template](https://github.com/lodash/lodash) from 4.4.0 to 4.5.0.
- [Release notes](https://github.com/lodash/lodash/releases)
- [Commits](https://github.com/lodash/lodash/compare/4.4.0...4.5.0)

Signed-off-by: dependabot[bot] <support@github.com>
2019-08-28 09:35:15 -04:00
dependabot[bot] 8caeee5d56 Bump tar from 2.2.1 to 2.2.2 (#93)
Bumps [tar](https://github.com/npm/node-tar) from 2.2.1 to 2.2.2.
- [Release notes](https://github.com/npm/node-tar/releases)
- [Commits](https://github.com/npm/node-tar/compare/v2.2.1...v2.2.2)

Signed-off-by: dependabot[bot] <support@github.com>
2019-08-28 09:34:59 -04:00
dependabot[bot] b26ef29d75 Bump lodash from 4.17.11 to 4.17.15 (#92)
Bumps [lodash](https://github.com/lodash/lodash) from 4.17.11 to 4.17.15.
- [Release notes](https://github.com/lodash/lodash/releases)
- [Commits](https://github.com/lodash/lodash/compare/4.17.11...4.17.15)

Signed-off-by: dependabot[bot] <support@github.com>
2019-08-28 09:34:46 -04:00
dependabot[bot] fba68de49e Bump fstream from 1.0.11 to 1.0.12 (#91)
Bumps [fstream](https://github.com/npm/fstream) from 1.0.11 to 1.0.12.
- [Release notes](https://github.com/npm/fstream/releases)
- [Commits](https://github.com/npm/fstream/compare/v1.0.11...v1.0.12)

Signed-off-by: dependabot[bot] <support@github.com>
2019-08-28 09:34:34 -04:00
dependabot[bot] df04d7dbaf Bump eslint-utils from 1.3.1 to 1.4.2 (#90)
Bumps [eslint-utils](https://github.com/mysticatea/eslint-utils) from 1.3.1 to 1.4.2.
- [Release notes](https://github.com/mysticatea/eslint-utils/releases)
- [Commits](https://github.com/mysticatea/eslint-utils/compare/v1.3.1...v1.4.2)

Signed-off-by: dependabot[bot] <support@github.com>
2019-08-28 09:34:20 -04:00
Jonathan Clem 1cfd9cc9b7
Add concurrently and check-all script 2019-05-21 10:43:05 -04:00