Thanks to visit codestin.com
Credit goes to github.com

Skip to content

fix: vulnerabilities #6

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 33 commits into from
Jul 23, 2025
Merged

fix: vulnerabilities #6

merged 33 commits into from
Jul 23, 2025

Conversation

mmatl
Copy link

@mmatl mmatl commented Jul 23, 2025

Description:
Describe your changes.

Related issue:
Add link to the related issue.

Check list:

  • Mark if documentation changes are required.
  • Mark if tests were added or updated to cover the changes.

HarithaVattikuti and others added 30 commits May 22, 2024 08:12
@HarithaVattikuti
Fix macos latest check failures (actions#1041)
eff380d 
* Update latest node versions

* Update latest node versions

* Update test data

* Update test data

* Update test data

* Update test data

* Update test data

* macos lts failure fix

* Update macos-13
@dependabot @HarithaVattikuti
Bump braces from 3.0.2 to 3.0.3 (actions#1087)
1e60f62 
* Bump braces from 3.0.2 to 3.0.3

Bumps [braces](https://github.com/micromatch/braces) from 3.0.2 to 3.0.3.
- [Changelog](https://github.com/micromatch/braces/blob/master/CHANGELOG.md)
- [Commits](micromatch/braces@3.0.2...3.0.3)

---
updated-dependencies:
- dependency-name: braces
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <[email protected]>

* Bump undici from 5.28.3 to 5.28.4

---------

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: HarithaVattikuti <[email protected]>
@suyashgaonkar @suyashrg18
Documentation update in the README file (actions#1106)
26961cf 
* first commit on using setup node

* Delete .github/workflows/helloWorld.yml

* Create main.yml

* Rename main.yml to helloworld.yml

* goodbye world added

* name changed to goodbye

* updated README

---------

Co-authored-by: Suyash Gaonkar <[email protected]>
@priyagupta108
Fix: windows arm64 setup (actions#1126)
1c7b2db 
* Add condition to ensure ZIP extraction targets only Windows ARM64 official archives

* Bumps micromatch from 4.0.5 to 4.0.8
@Jcambass
Create publish-immutable-action.yml
aa363de
@Jcambass
Merge pull request actions#1125 from actions/add-is-release-workflow
97ca147 
Add workflow file for publishing releases to immutable action package
@Jcambass
Upgrade IA Publish
d6ebc7b
@fulldecent
Correct version string (actions#1124)
0a44ba7
@aparnajyothi-y
Resolve High Security Alerts by upgrading Dependencies (actions#1132)
88de2a3 
* db-alerts-fix

* npm run format

* db-alert-fix

* failure check fix

* check- filaure fix
@Jcambass
Merge pull request actions#1134 from actions/Jcambass-patch-1
aca7b64 
Upgrade IA Publish
@jww3
Revise isGhes logic (actions#1148)
abb238b 
* Revise `isGhes` logic

* ran 'npm run format'

* added unit test
@pengx17
fix: add arch to cached path (actions#843)
39370e3 
* fix: add arch to cached path

* fix: change from using env to os module

* fix: use process.env.RUNNER_OS instead of os.platform()

* fix: remove unused var
@aparnajyothi-y
Add macos-13 to the workflows and upgrade publish-actions from 0.2.2 …
48b9067 
…to 0.3.0 (actions#1174)

* Update versions.yml

* Update versions.yml

* ubuntu-24, macos-13 updates

* check -failure fix
Update README.md (actions#1193)
fbeca22
@HarithaVattikuti
Create dependabot.yml (actions#1192)
5eef37b
@priyagupta108
Use the new cache service: upgrade @actions/cache to ^4.0.0 (acti…
8f9cc17 
…ons#1191)

* upgrade `@actions/cache` to `^4.0.0`

* Review licenses & update types

* updated package-lock.json
@dependabot
Bump pnpm/action-setup from 2 to 4 (actions#1194)
0bc26de 
Bumps [pnpm/action-setup](https://github.com/pnpm/action-setup) from 2 to 4.
- [Release notes](https://github.com/pnpm/action-setup/releases)
- [Commits](pnpm/action-setup@v2...v4)

---
updated-dependencies:
- dependency-name: pnpm/action-setup
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@dependabot
Bump actions/publish-immutable-action from 0.0.3 to 0.0.4 (actions#1195)
111c4be 
Bumps [actions/publish-immutable-action](https://github.com/actions/publish-immutable-action) from 0.0.3 to 0.0.4.
- [Release notes](https://github.com/actions/publish-immutable-action/releases)
- [Commits](actions/publish-immutable-action@0.0.3...v0.0.4)

---
updated-dependencies:
- dependency-name: actions/publish-immutable-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@dependabot @aparnajyothi-y
Bump semver from 7.6.0 to 7.6.3 (actions#1196)
260f870 
* Bump semver from 7.6.0 to 7.6.3

Bumps [semver](https://github.com/npm/node-semver) from 7.6.0 to 7.6.3.
- [Release notes](https://github.com/npm/node-semver/releases)
- [Changelog](https://github.com/npm/node-semver/blob/main/CHANGELOG.md)
- [Commits](npm/node-semver@v7.6.0...v7.6.3)

---
updated-dependencies:
- dependency-name: semver
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>

* fix for check-dist & license check failures

---------

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Aparna Jyothi <[email protected]>
@dependabot
Bump @types/jest from 29.5.12 to 29.5.14 (actions#1201)
574f09a 
Bumps [@types/jest](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/jest) from 29.5.12 to 29.5.14.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/jest)

---
updated-dependencies:
- dependency-name: "@types/jest"
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@dependabot @aparnajyothi-y
Bump undici from 5.28.4 to 5.28.5 (actions#1205)
1d0ff46 
* Bump undici from 5.28.4 to 5.28.5

Bumps [undici](https://github.com/nodejs/undici) from 5.28.4 to 5.28.5.
- [Release notes](https://github.com/nodejs/undici/releases)
- [Commits](nodejs/undici@v5.28.4...v5.28.5)

---
updated-dependencies:
- dependency-name: undici
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <[email protected]>

* fix for check-dist and license failures

* npm run updates

---------

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Aparna Jyothi <[email protected]>
@dependabot @aparnajyothi-y
Bump @actions/glob from 0.4.0 to 0.5.0 (actions#1200)
8026329 
* Bump @actions/glob from 0.4.0 to 0.5.0

Bumps [@actions/glob](https://github.com/actions/toolkit/tree/HEAD/packages/glob) from 0.4.0 to 0.5.0.
- [Changelog](https://github.com/actions/toolkit/blob/main/packages/glob/RELEASES.md)
- [Commits](https://github.com/actions/toolkit/commits/HEAD/packages/glob)

---
updated-dependencies:
- dependency-name: "@actions/glob"
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>

* fix for check-dist and license failures

---------

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Aparna Jyothi <[email protected]>
@gowridurgad
actions/cache upgrade (actions#1251)
a7c2d94 
Co-authored-by: “gowridurgad” <“[email protected]>
@dependabot @aparnajyothi-y
Bump @vercel/ncc from 0.38.1 to 0.38.3 (actions#1203)
22c0e74 
* Bump @vercel/ncc from 0.38.1 to 0.38.3

Bumps [@vercel/ncc](https://github.com/vercel/ncc) from 0.38.1 to 0.38.3.
- [Release notes](https://github.com/vercel/ncc/releases)
- [Commits](vercel/ncc@0.38.1...0.38.3)

---
updated-dependencies:
- dependency-name: "@vercel/ncc"
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>

* fix for check failures

---------

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Aparna Jyothi <[email protected]>
@dependabot @aparnajyothi-y
Bump @actions/tool-cache from 2.0.1 to 2.0.2 (actions#1220)
cdca736 
* Bump @actions/tool-cache from 2.0.1 to 2.0.2

Bumps [@actions/tool-cache](https://github.com/actions/toolkit/tree/HEAD/packages/tool-cache) from 2.0.1 to 2.0.2.
- [Changelog](https://github.com/actions/toolkit/blob/main/packages/tool-cache/RELEASES.md)
- [Commits](https://github.com/actions/toolkit/commits/HEAD/packages/tool-cache)

---
updated-dependencies:
- dependency-name: "@actions/tool-cache"
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>

* check failures fix

---------

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Aparna Jyothi <[email protected]>
@FloEdelmann
Make eslint-compact matcher compatible with Stylelint (actions#98)
1ccdddc
@fregante
Add support for indented eslint output (actions#1245)
40337cb
@marco-ippolito
feat: support private mirrors (actions#1240)
e3ce749 
* feat: support private mirrors

* chore: change fallback message with mirrors
@aparnajyothi-y
Bump @action/cache from 4.0.2 to 4.0.3 (actions#1262)
49933ea 
* Update versions.yml

* Update versions.yml

* actions/cache upgrade to 4.0.3

* events update

* npm audit fix revert

* npm adit fix revert
@dependabot @HarithaVattikuti
Bump @octokit/request-error and @actions/github (actions#1227)
08f58d1 
* Bump @octokit/request-error and @actions/github

Bumps [@octokit/request-error](https://github.com/octokit/request-error.js) to 5.1.1 and updates ancestor dependency [@actions/github](https://github.com/actions/toolkit/tree/HEAD/packages/github). These dependencies need to be updated together.


Updates `@octokit/request-error` from 2.1.0 to 5.1.1
- [Release notes](https://github.com/octokit/request-error.js/releases)
- [Commits](octokit/request-error.js@v2.1.0...v5.1.1)

Updates `@actions/github` from 5.1.1 to 6.0.0
- [Changelog](https://github.com/actions/toolkit/blob/main/packages/github/RELEASES.md)
- [Commits](https://github.com/actions/toolkit/commits/HEAD/packages/github)

---
updated-dependencies:
- dependency-name: "@octokit/request-error"
  dependency-type: indirect
- dependency-name: "@actions/github"
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <[email protected]>

* Fix failures

---------

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: HarithaVattikuti <[email protected]>
dependabot bot and others added 3 commits July 15, 2025 12:28
@dependabot @HarithaVattikuti
Bump uuid from 9.0.1 to 11.1.0 (actions#1273)
7e24a65 
* Bump uuid from 9.0.1 to 11.1.0

Bumps [uuid](https://github.com/uuidjs/uuid) from 9.0.1 to 11.1.0.
- [Release notes](https://github.com/uuidjs/uuid/releases)
- [Changelog](https://github.com/uuidjs/uuid/blob/main/CHANGELOG.md)
- [Commits](uuidjs/uuid@v9.0.1...v11.1.0)

---
updated-dependencies:
- dependency-name: uuid
  dependency-version: 11.1.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <[email protected]>

* Bump uuid from 9.0.1 to 11.1.0

Bumps [uuid](https://github.com/uuidjs/uuid) from 9.0.1 to 11.1.0.
- [Release notes](https://github.com/uuidjs/uuid/releases)
- [Changelog](https://github.com/uuidjs/uuid/blob/main/CHANGELOG.md)
- [Commits](uuidjs/uuid@v9.0.1...v11.1.0)

---
updated-dependencies:
- dependency-name: uuid
  dependency-version: 11.1.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <[email protected]>

* Fix failures

---------

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: HarithaVattikuti <[email protected]>
@mmatl
fix: merge remote-tracking branch 'upstream/main'
66a4515
@mmatl
fix: build
eba260d
@mmatl mmatl requested a review from mjd3 July 23, 2025 22:27
@mmatl mmatl merged commit afc4f39 into main Jul 23, 2025
24 of 199 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mjd3 mjd3 mjd3 approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.