From ecc5516821087666a672c0d280a0084ea6d9aafd Mon Sep 17 00:00:00 2001 From: Jenna Goldstrich Date: Wed, 15 Nov 2023 09:41:06 -0800 Subject: [PATCH] Update Github-Actions-Core, Semver, remove Snyk (#87) * Update Github-Actions-Core to mitigate semver CVE * Bump io/tool cache to the same version used in core * Remove Snyk --- .github/workflows/snyk.yml | 40 -------- .snyk | 19 ---- package-lock.json | 196 ++++++++++++++++++++++--------------- package.json | 8 +- 4 files changed, 119 insertions(+), 144 deletions(-) delete mode 100644 .github/workflows/snyk.yml delete mode 100644 .snyk diff --git a/.github/workflows/snyk.yml b/.github/workflows/snyk.yml deleted file mode 100644 index 735ab96..0000000 --- a/.github/workflows/snyk.yml +++ /dev/null @@ -1,40 +0,0 @@ ---- -name: "Security Scan: Snyk Code" - -on: - push: - -jobs: - snyk: - runs-on: ubuntu-latest - - permissions: - security-events: write - actions: read - contents: read - - strategy: - # see https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstrategyfail-fast - fail-fast: false - - steps: - - name: Checkout Repository - uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0 - with: - fetch-depth: 1 - - # see https://github.com/snyk/actions/tree/master/node - - name: Lint Code with Snyk - uses: snyk/actions/node@b98d498629f1c368650224d6d212bf7dfa89e4bf # 0.4.0 - env: - # see https://github.com/snyk/actions#getting-your-snyk-token - SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} - with: - # see https://github.com/snyk/actions/tree/master/node#uploading-snyk-scan-results-to-github-code-scanning - args: --policy-path=.snyk --sarif-file-output=snyk.sarif --org=${{ secrets.SNYK_ORG }} - - # see https://github.com/github/codeql-action/tree/main/upload-sarif - - name: Upload Snyk IaC results to GitHub Code Scanning - uses: github/codeql-action/upload-sarif@e4262713b504983e61c7728f5452be240d9385a7 # codeql-bundle-v2.14.3 - with: - sarif_file: snyk.sarif diff --git a/.snyk b/.snyk deleted file mode 100644 index f02a7c2..0000000 --- a/.snyk +++ /dev/null @@ -1,19 +0,0 @@ -version: v1.25.0 - -# see https://docs.snyk.io/snyk-cli/test-for-vulnerabilities/the-.snyk-file?q= -ignore: - # see https://security.snyk.io/vuln/snyk:lic:npm:hashicorp:js-releases:MPL-2.0] - 'snyk:lic:npm:hashicorp:js-releases:MPL-2.0': - - '@hashicorp/js-releases': - reason: acceptable license - expires: 2023-12-31T00:00:00.000Z - created: 2022-08-16T00:00:00.000Z - - # see https://security.snyk.io/vuln/snyk:lic:npm:openpgp:LGPL-3.0 - 'snyk:lic:npm:openpgp:LGPL-3.0': - - '@hashicorp/js-releases > openpgp': - reason: acceptable license - expires: 2023-12-31T00:00:00.000Z - created: 2022-08-16T00:00:00.000Z - -patch: {} diff --git a/package-lock.json b/package-lock.json index 1bfe8e3..6ced77a 100644 --- a/package-lock.json +++ b/package-lock.json @@ -9,23 +9,23 @@ "version": "2.1.0", "license": "Apache-2.0", "dependencies": { - "@actions/core": "1.10.0", - "@actions/io": "1.1.2", + "@actions/core": "1.10.1", + "@actions/io": "1.1.3", "@actions/tool-cache": "2.0.1", - "@hashicorp/github-actions-core": "github:hashicorp/github-actions-core#v0.3.0", + "@hashicorp/github-actions-core": "github:hashicorp/github-actions-core#v0.3.1", "@vercel/ncc": "0.36.1" }, "devDependencies": { "@types/node": "18.14.1", - "@types/semver": "7.3.13", + "@types/semver": "7.5.4", "prettier": "2.8.4", "typescript": "4.9.5" } }, "node_modules/@actions/core": { - "version": "1.10.0", - "resolved": "https://registry.npmjs.org/@actions/core/-/core-1.10.0.tgz", - "integrity": "sha512-2aZDDa3zrrZbP5ZYg159sNoLRb61nQ7awl5pSvIq5Qpj81vwDzdMRKzkWJGJuwVvWpvZKx7vspJALyvaaIQyug==", + "version": "1.10.1", + "resolved": "https://registry.npmjs.org/@actions/core/-/core-1.10.1.tgz", + "integrity": "sha512-3lBR9EDAY+iYIpTnTIXmWcNbX3T2kCkAEQGIQx4NVQ0575nk2k3GRZDTPQG+vVtS2izSLmINlxXf0uLtnrTP+g==", "dependencies": { "@actions/http-client": "^2.0.1", "uuid": "^8.3.2" @@ -40,17 +40,18 @@ } }, "node_modules/@actions/http-client": { - "version": "2.0.1", - "resolved": "https://registry.npmjs.org/@actions/http-client/-/http-client-2.0.1.tgz", - "integrity": "sha512-PIXiMVtz6VvyaRsGY268qvj57hXQEpsYogYOu2nrQhlf+XCGmZstmuZBbAybUl1nQGnvS1k1eEsQ69ZoD7xlSw==", + "version": "2.2.0", + "resolved": "https://registry.npmjs.org/@actions/http-client/-/http-client-2.2.0.tgz", + "integrity": "sha512-q+epW0trjVUUHboliPb4UF9g2msf+w61b32tAkFEwL/IwP0DQWgbCMM0Hbe3e3WXSKz5VcUXbzJQgy8Hkra/Lg==", "dependencies": { - "tunnel": "^0.0.6" + "tunnel": "^0.0.6", + "undici": "^5.25.4" } }, "node_modules/@actions/io": { - "version": "1.1.2", - "resolved": "https://registry.npmjs.org/@actions/io/-/io-1.1.2.tgz", - "integrity": "sha512-d+RwPlMp+2qmBfeLYPLXuSRykDIFEwdTA0MMxzS9kh4kvP1ftrc/9fzy6pX6qAjthdXruHQ6/6kjT/DNo5ALuw==" + "version": "1.1.3", + "resolved": "https://registry.npmjs.org/@actions/io/-/io-1.1.3.tgz", + "integrity": "sha512-wi9JjgKLYS7U/z8PPbco+PvTb/nRWjeoFlJ1Qer83k/3C5PHQi28hiVdeE2kHXmIL99mQFawx8qt/JPjZilJ8Q==" }, "node_modules/@actions/tool-cache": { "version": "2.0.1", @@ -74,22 +75,30 @@ "uuid": "bin/uuid" } }, + "node_modules/@fastify/busboy": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/@fastify/busboy/-/busboy-2.0.0.tgz", + "integrity": "sha512-JUFJad5lv7jxj926GPgymrWQxxjPYuJNiNjNMzqT+HiuP6Vl3dk5xzG+8sTX96np0ZAluvaMzPsjhHZ5rNuNQQ==", + "engines": { + "node": ">=14" + } + }, "node_modules/@hashicorp/github-actions-core": { - "version": "0.1.0", - "resolved": "git+ssh://git@github.com/hashicorp/github-actions-core.git#d0edc4c9019939f83bef32882bf9576ba58d8017", - "license": "MPL-2.0", + "version": "0.3.1", + "resolved": "git+ssh://git@github.com/hashicorp/github-actions-core.git#4305a2bf15b10283f92b84875ef8454c1ec6086c", + "license": "Apache-2.0", "dependencies": { - "@actions/core": "^1.10.0", - "@actions/io": "^1.1.2", + "@actions/core": "^1.10.1", + "@actions/io": "^1.1.3", "@actions/tool-cache": "^2.0.1", - "@hashicorp/js-releases": "^1.6.1", - "semver": "^7.3.8" + "@hashicorp/js-releases": "^1.7.0", + "semver": "^7.5.3" } }, "node_modules/@hashicorp/github-actions-core/node_modules/semver": { - "version": "7.3.8", - "resolved": "https://registry.npmjs.org/semver/-/semver-7.3.8.tgz", - "integrity": "sha512-NB1ctGL5rlHrPJtFDVIVzTyQylMLu9N9VICA6HSFJo8MCGVTMW6gfpicwKmmK/dAjTOrqu5l63JJOpDSrAis3A==", + "version": "7.5.4", + "resolved": "https://registry.npmjs.org/semver/-/semver-7.5.4.tgz", + "integrity": "sha512-1bCSESV6Pv+i21Hvpxp3Dx+pSD8lIPt8uVjRrxAUt/nbswYc+tK6Y2btiULjd4+fnq15PX+nqQDC7Oft7WkwcA==", "dependencies": { "lru-cache": "^6.0.0" }, @@ -101,21 +110,21 @@ } }, "node_modules/@hashicorp/js-releases": { - "version": "1.6.1", - "resolved": "https://registry.npmjs.org/@hashicorp/js-releases/-/js-releases-1.6.1.tgz", - "integrity": "sha512-eb8NgI+oTrQ1BWioenKSCH8a90uLngeaVkyMOXofPLPcShJwhc/AAJpzP5AZoYCGrbt1nVJmFGgjUrS858YLBw==", + "version": "1.7.0", + "resolved": "https://registry.npmjs.org/@hashicorp/js-releases/-/js-releases-1.7.0.tgz", + "integrity": "sha512-ONeN2lH5qeZU+wK32CschZEPe+NB9ypGzsfCpEQgA87oGMEkWX66s95bLYN4ff+WirBWYvyvHxGLT1MWbj/m9A==", "dependencies": { "axios": "^0.25.0", "https-proxy-agent": "^5.0.1", - "openpgp": "5.1.0", + "openpgp": "^5.5.0", "semver": "^7.3.5", "yauzl": "^2.10.0" } }, "node_modules/@hashicorp/js-releases/node_modules/semver": { - "version": "7.3.8", - "resolved": "https://registry.npmjs.org/semver/-/semver-7.3.8.tgz", - "integrity": "sha512-NB1ctGL5rlHrPJtFDVIVzTyQylMLu9N9VICA6HSFJo8MCGVTMW6gfpicwKmmK/dAjTOrqu5l63JJOpDSrAis3A==", + "version": "7.5.4", + "resolved": "https://registry.npmjs.org/semver/-/semver-7.5.4.tgz", + "integrity": "sha512-1bCSESV6Pv+i21Hvpxp3Dx+pSD8lIPt8uVjRrxAUt/nbswYc+tK6Y2btiULjd4+fnq15PX+nqQDC7Oft7WkwcA==", "dependencies": { "lru-cache": "^6.0.0" }, @@ -133,9 +142,9 @@ "dev": true }, "node_modules/@types/semver": { - "version": "7.3.13", - "resolved": "https://registry.npmjs.org/@types/semver/-/semver-7.3.13.tgz", - "integrity": "sha512-21cFJr9z3g5dW8B0CVI9g2O9beqaThGQ6ZFBqHfwhzLDKUxaqTIy3vnfah/UPkfOiF2pLq+tGz+W8RyCskuslw==", + "version": "7.5.4", + "resolved": "https://registry.npmjs.org/@types/semver/-/semver-7.5.4.tgz", + "integrity": "sha512-MMzuxN3GdFwskAnb6fz0orFvhfqi752yjaXylr0Rp4oDg5H0Zn1IuyRhDVvYOwAXoJirx2xuS16I3WjxnAIHiQ==", "dev": true }, "node_modules/@vercel/ncc": { @@ -214,9 +223,9 @@ } }, "node_modules/follow-redirects": { - "version": "1.15.2", - "resolved": "https://registry.npmjs.org/follow-redirects/-/follow-redirects-1.15.2.tgz", - "integrity": "sha512-VQLG33o04KaQ8uYi2tVNbdrWp1QWxNNea+nmIB4EVM28v0hmP17z7aG1+wAkNzVq4KeXTq3221ye5qTJP91JwA==", + "version": "1.15.3", + "resolved": "https://registry.npmjs.org/follow-redirects/-/follow-redirects-1.15.3.tgz", + "integrity": "sha512-1VzOtuEM8pC9SFU1E+8KfTjZyMztRsgEfwQl44z8A25uy13jSzTj6dyK2Df52iV0vgHCfBwLhDWevLn95w5v6Q==", "funding": [ { "type": "individual", @@ -271,9 +280,9 @@ "integrity": "sha512-sGkPx+VjMtmA6MX27oA4FBFELFCZZ4S4XqeGOXCv68tT+jb3vk/RyaKWP0PTKyWtmLSM0b+adUTEvbs1PEaH2w==" }, "node_modules/openpgp": { - "version": "5.1.0", - "resolved": "https://registry.npmjs.org/openpgp/-/openpgp-5.1.0.tgz", - "integrity": "sha512-keCno6QPMXWwfjrOOtT8fwZ5XgCcB7vZH80xb44SbJ49qQ11Efl2fFfqHpaie7jTQFjRKxgT8hSFPXJUjogNPw==", + "version": "5.10.2", + "resolved": "https://registry.npmjs.org/openpgp/-/openpgp-5.10.2.tgz", + "integrity": "sha512-nRqMp4o31rBagWB02tgfKCsocXWq4uYobZf9GDVlD5rQXBq/wRIZHiDhGX1dlDAI2inkZcPd2dSZOqmtGnsK1A==", "dependencies": { "asn1.js": "^5.0.0" }, @@ -307,9 +316,9 @@ "integrity": "sha512-YZo3K82SD7Riyi0E1EQPojLz7kpepnSQI9IyPbHHg1XXXevb5dJI7tpyN2ADxGcQbHG7vcyRHk0cbwqcQriUtg==" }, "node_modules/semver": { - "version": "6.3.0", - "resolved": "https://registry.npmjs.org/semver/-/semver-6.3.0.tgz", - "integrity": "sha512-b39TBaTSfV6yBrapU89p5fKekE2m/NwnDocOVruQFS1/veMgdzuPcnOM34M6CwxW8jH/lxEa5rBoDeUwu5HHTw==", + "version": "6.3.1", + "resolved": "https://registry.npmjs.org/semver/-/semver-6.3.1.tgz", + "integrity": "sha512-BR7VvDCVHO+q2xBEWskxS6DJE1qRnb7DxzUrogb71CWoSficBxYsiAGd+Kl0mmq/MprG9yArRkyrQxTO6XjMzA==", "bin": { "semver": "bin/semver.js" } @@ -335,6 +344,17 @@ "node": ">=4.2.0" } }, + "node_modules/undici": { + "version": "5.26.4", + "resolved": "https://registry.npmjs.org/undici/-/undici-5.26.4.tgz", + "integrity": "sha512-OG+QOf0fTLtazL9P9X7yqWxQ+Z0395Wk6DSkyTxtaq3wQEjIroVe7Y4asCX/vcCxYpNGMnwz8F0qbRYUoaQVMw==", + "dependencies": { + "@fastify/busboy": "^2.0.0" + }, + "engines": { + "node": ">=14.0" + } + }, "node_modules/uuid": { "version": "8.3.2", "resolved": "https://registry.npmjs.org/uuid/-/uuid-8.3.2.tgz", @@ -360,9 +380,9 @@ }, "dependencies": { "@actions/core": { - "version": "1.10.0", - "resolved": "https://registry.npmjs.org/@actions/core/-/core-1.10.0.tgz", - "integrity": "sha512-2aZDDa3zrrZbP5ZYg159sNoLRb61nQ7awl5pSvIq5Qpj81vwDzdMRKzkWJGJuwVvWpvZKx7vspJALyvaaIQyug==", + "version": "1.10.1", + "resolved": "https://registry.npmjs.org/@actions/core/-/core-1.10.1.tgz", + "integrity": "sha512-3lBR9EDAY+iYIpTnTIXmWcNbX3T2kCkAEQGIQx4NVQ0575nk2k3GRZDTPQG+vVtS2izSLmINlxXf0uLtnrTP+g==", "requires": { "@actions/http-client": "^2.0.1", "uuid": "^8.3.2" @@ -377,17 +397,18 @@ } }, "@actions/http-client": { - "version": "2.0.1", - "resolved": "https://registry.npmjs.org/@actions/http-client/-/http-client-2.0.1.tgz", - "integrity": "sha512-PIXiMVtz6VvyaRsGY268qvj57hXQEpsYogYOu2nrQhlf+XCGmZstmuZBbAybUl1nQGnvS1k1eEsQ69ZoD7xlSw==", + "version": "2.2.0", + "resolved": "https://registry.npmjs.org/@actions/http-client/-/http-client-2.2.0.tgz", + "integrity": "sha512-q+epW0trjVUUHboliPb4UF9g2msf+w61b32tAkFEwL/IwP0DQWgbCMM0Hbe3e3WXSKz5VcUXbzJQgy8Hkra/Lg==", "requires": { - "tunnel": "^0.0.6" + "tunnel": "^0.0.6", + "undici": "^5.25.4" } }, "@actions/io": { - "version": "1.1.2", - "resolved": "https://registry.npmjs.org/@actions/io/-/io-1.1.2.tgz", - "integrity": "sha512-d+RwPlMp+2qmBfeLYPLXuSRykDIFEwdTA0MMxzS9kh4kvP1ftrc/9fzy6pX6qAjthdXruHQ6/6kjT/DNo5ALuw==" + "version": "1.1.3", + "resolved": "https://registry.npmjs.org/@actions/io/-/io-1.1.3.tgz", + "integrity": "sha512-wi9JjgKLYS7U/z8PPbco+PvTb/nRWjeoFlJ1Qer83k/3C5PHQi28hiVdeE2kHXmIL99mQFawx8qt/JPjZilJ8Q==" }, "@actions/tool-cache": { "version": "2.0.1", @@ -409,21 +430,26 @@ } } }, + "@fastify/busboy": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/@fastify/busboy/-/busboy-2.0.0.tgz", + "integrity": "sha512-JUFJad5lv7jxj926GPgymrWQxxjPYuJNiNjNMzqT+HiuP6Vl3dk5xzG+8sTX96np0ZAluvaMzPsjhHZ5rNuNQQ==" + }, "@hashicorp/github-actions-core": { - "version": "git+ssh://git@github.com/hashicorp/github-actions-core.git#d0edc4c9019939f83bef32882bf9576ba58d8017", - "from": "@hashicorp/github-actions-core@github:hashicorp/github-actions-core#v0.3.0", + "version": "git+ssh://git@github.com/hashicorp/github-actions-core.git#4305a2bf15b10283f92b84875ef8454c1ec6086c", + "from": "@hashicorp/github-actions-core@github:hashicorp/github-actions-core#v0.3.1", "requires": { - "@actions/core": "^1.10.0", - "@actions/io": "^1.1.2", + "@actions/core": "^1.10.1", + "@actions/io": "^1.1.3", "@actions/tool-cache": "^2.0.1", - "@hashicorp/js-releases": "^1.6.1", - "semver": "^7.3.8" + "@hashicorp/js-releases": "^1.7.0", + "semver": "^7.5.3" }, "dependencies": { "semver": { - "version": "7.3.8", - "resolved": "https://registry.npmjs.org/semver/-/semver-7.3.8.tgz", - "integrity": "sha512-NB1ctGL5rlHrPJtFDVIVzTyQylMLu9N9VICA6HSFJo8MCGVTMW6gfpicwKmmK/dAjTOrqu5l63JJOpDSrAis3A==", + "version": "7.5.4", + "resolved": "https://registry.npmjs.org/semver/-/semver-7.5.4.tgz", + "integrity": "sha512-1bCSESV6Pv+i21Hvpxp3Dx+pSD8lIPt8uVjRrxAUt/nbswYc+tK6Y2btiULjd4+fnq15PX+nqQDC7Oft7WkwcA==", "requires": { "lru-cache": "^6.0.0" } @@ -431,21 +457,21 @@ } }, "@hashicorp/js-releases": { - "version": "1.6.1", - "resolved": "https://registry.npmjs.org/@hashicorp/js-releases/-/js-releases-1.6.1.tgz", - "integrity": "sha512-eb8NgI+oTrQ1BWioenKSCH8a90uLngeaVkyMOXofPLPcShJwhc/AAJpzP5AZoYCGrbt1nVJmFGgjUrS858YLBw==", + "version": "1.7.0", + "resolved": "https://registry.npmjs.org/@hashicorp/js-releases/-/js-releases-1.7.0.tgz", + "integrity": "sha512-ONeN2lH5qeZU+wK32CschZEPe+NB9ypGzsfCpEQgA87oGMEkWX66s95bLYN4ff+WirBWYvyvHxGLT1MWbj/m9A==", "requires": { "axios": "^0.25.0", "https-proxy-agent": "^5.0.1", - "openpgp": "5.1.0", + "openpgp": "^5.5.0", "semver": "^7.3.5", "yauzl": "^2.10.0" }, "dependencies": { "semver": { - "version": "7.3.8", - "resolved": "https://registry.npmjs.org/semver/-/semver-7.3.8.tgz", - "integrity": "sha512-NB1ctGL5rlHrPJtFDVIVzTyQylMLu9N9VICA6HSFJo8MCGVTMW6gfpicwKmmK/dAjTOrqu5l63JJOpDSrAis3A==", + "version": "7.5.4", + "resolved": "https://registry.npmjs.org/semver/-/semver-7.5.4.tgz", + "integrity": "sha512-1bCSESV6Pv+i21Hvpxp3Dx+pSD8lIPt8uVjRrxAUt/nbswYc+tK6Y2btiULjd4+fnq15PX+nqQDC7Oft7WkwcA==", "requires": { "lru-cache": "^6.0.0" } @@ -459,9 +485,9 @@ "dev": true }, "@types/semver": { - "version": "7.3.13", - "resolved": "https://registry.npmjs.org/@types/semver/-/semver-7.3.13.tgz", - "integrity": "sha512-21cFJr9z3g5dW8B0CVI9g2O9beqaThGQ6ZFBqHfwhzLDKUxaqTIy3vnfah/UPkfOiF2pLq+tGz+W8RyCskuslw==", + "version": "7.5.4", + "resolved": "https://registry.npmjs.org/@types/semver/-/semver-7.5.4.tgz", + "integrity": "sha512-MMzuxN3GdFwskAnb6fz0orFvhfqi752yjaXylr0Rp4oDg5H0Zn1IuyRhDVvYOwAXoJirx2xuS16I3WjxnAIHiQ==", "dev": true }, "@vercel/ncc": { @@ -523,9 +549,9 @@ } }, "follow-redirects": { - "version": "1.15.2", - "resolved": "https://registry.npmjs.org/follow-redirects/-/follow-redirects-1.15.2.tgz", - "integrity": "sha512-VQLG33o04KaQ8uYi2tVNbdrWp1QWxNNea+nmIB4EVM28v0hmP17z7aG1+wAkNzVq4KeXTq3221ye5qTJP91JwA==" + "version": "1.15.3", + "resolved": "https://registry.npmjs.org/follow-redirects/-/follow-redirects-1.15.3.tgz", + "integrity": "sha512-1VzOtuEM8pC9SFU1E+8KfTjZyMztRsgEfwQl44z8A25uy13jSzTj6dyK2Df52iV0vgHCfBwLhDWevLn95w5v6Q==" }, "https-proxy-agent": { "version": "5.0.1", @@ -560,9 +586,9 @@ "integrity": "sha512-sGkPx+VjMtmA6MX27oA4FBFELFCZZ4S4XqeGOXCv68tT+jb3vk/RyaKWP0PTKyWtmLSM0b+adUTEvbs1PEaH2w==" }, "openpgp": { - "version": "5.1.0", - "resolved": "https://registry.npmjs.org/openpgp/-/openpgp-5.1.0.tgz", - "integrity": "sha512-keCno6QPMXWwfjrOOtT8fwZ5XgCcB7vZH80xb44SbJ49qQ11Efl2fFfqHpaie7jTQFjRKxgT8hSFPXJUjogNPw==", + "version": "5.10.2", + "resolved": "https://registry.npmjs.org/openpgp/-/openpgp-5.10.2.tgz", + "integrity": "sha512-nRqMp4o31rBagWB02tgfKCsocXWq4uYobZf9GDVlD5rQXBq/wRIZHiDhGX1dlDAI2inkZcPd2dSZOqmtGnsK1A==", "requires": { "asn1.js": "^5.0.0" } @@ -584,9 +610,9 @@ "integrity": "sha512-YZo3K82SD7Riyi0E1EQPojLz7kpepnSQI9IyPbHHg1XXXevb5dJI7tpyN2ADxGcQbHG7vcyRHk0cbwqcQriUtg==" }, "semver": { - "version": "6.3.0", - "resolved": "https://registry.npmjs.org/semver/-/semver-6.3.0.tgz", - "integrity": "sha512-b39TBaTSfV6yBrapU89p5fKekE2m/NwnDocOVruQFS1/veMgdzuPcnOM34M6CwxW8jH/lxEa5rBoDeUwu5HHTw==" + "version": "6.3.1", + "resolved": "https://registry.npmjs.org/semver/-/semver-6.3.1.tgz", + "integrity": "sha512-BR7VvDCVHO+q2xBEWskxS6DJE1qRnb7DxzUrogb71CWoSficBxYsiAGd+Kl0mmq/MprG9yArRkyrQxTO6XjMzA==" }, "tunnel": { "version": "0.0.6", @@ -599,6 +625,14 @@ "integrity": "sha512-1FXk9E2Hm+QzZQ7z+McJiHL4NW1F2EzMu9Nq9i3zAaGqibafqYwCVU6WyWAuyQRRzOlxou8xZSyXLEN8oKj24g==", "dev": true }, + "undici": { + "version": "5.26.4", + "resolved": "https://registry.npmjs.org/undici/-/undici-5.26.4.tgz", + "integrity": "sha512-OG+QOf0fTLtazL9P9X7yqWxQ+Z0395Wk6DSkyTxtaq3wQEjIroVe7Y4asCX/vcCxYpNGMnwz8F0qbRYUoaQVMw==", + "requires": { + "@fastify/busboy": "^2.0.0" + } + }, "uuid": { "version": "8.3.2", "resolved": "https://registry.npmjs.org/uuid/-/uuid-8.3.2.tgz", diff --git a/package.json b/package.json index a932a91..b00825a 100644 --- a/package.json +++ b/package.json @@ -19,15 +19,15 @@ "fmt": "prettier --write 'src/*.ts'" }, "dependencies": { - "@actions/core": "1.10.0", - "@actions/io": "1.1.2", + "@actions/core": "1.10.1", + "@actions/io": "1.1.3", "@actions/tool-cache": "2.0.1", - "@hashicorp/github-actions-core": "github:hashicorp/github-actions-core#v0.3.0", + "@hashicorp/github-actions-core": "github:hashicorp/github-actions-core#v0.3.1", "@vercel/ncc": "0.36.1" }, "devDependencies": { "@types/node": "18.14.1", - "@types/semver": "7.3.13", + "@types/semver": "7.5.4", "prettier": "2.8.4", "typescript": "4.9.5" }