diff --git a/.github/workflows/auto-assign-issues.yml b/.github/workflows/auto-assign-issues.yml index 0cb9345..98f071a 100644 --- a/.github/workflows/auto-assign-issues.yml +++ b/.github/workflows/auto-assign-issues.yml @@ -9,7 +9,7 @@ jobs: runs-on: ubuntu-latest steps: - name: 'Auto-assign issue' - uses: pozil/auto-assign-issue@v1.10.0 + uses: pozil/auto-assign-issue@v1.10.1 with: assignees: phantsure,tiwarishub,anuragc617,vsvipul,bishal-pdmsft numOfAssignee: 1 diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml index c319ce1..002f30d 100644 --- a/.github/workflows/stale.yml +++ b/.github/workflows/stale.yml @@ -13,7 +13,7 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/stale@v5 + - uses: actions/stale@v6 with: stale-issue-message: 'This issue has become stale and will be closed automatically within a period of time. Sorry about that.' stale-pr-message: 'This pull request has become stale and will be closed automatically within a period of time. Sorry about that.' diff --git a/.github/workflows/sync-ghes.yaml b/.github/workflows/sync-ghes.yaml index 5e949bb..ddd0484 100644 --- a/.github/workflows/sync-ghes.yaml +++ b/.github/workflows/sync-ghes.yaml @@ -2,8 +2,7 @@ name: Sync workflows for GHES on: push: - branches: [ $default-branch ] - workflow_dispatch: + branches: [ main ] jobs: sync: diff --git a/ci/docker-publish.yml b/ci/docker-publish.yml index e88539d..11dd662 100644 --- a/ci/docker-publish.yml +++ b/ci/docker-publish.yml @@ -41,9 +41,9 @@ jobs: # https://github.com/sigstore/cosign-installer - name: Install cosign if: github.event_name != 'pull_request' - uses: sigstore/cosign-installer@7e0881f8fe90b25e305bbf0309761e9314607e25 + uses: sigstore/cosign-installer@f3c664df7af409cb4873aa5068053ba9d61a57b6 #v2.6.0 with: - cosign-release: 'v1.9.0' + cosign-release: 'v1.11.0' # Workaround: https://github.com/docker/build-push-action/issues/461 @@ -78,6 +78,9 @@ jobs: push: ${{ github.event_name != 'pull_request' }} tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} + cache-from: type=gha + cache-to: type=gha,mode=max + # Sign the resulting Docker image digest except on PRs. # This will only write to the public Rekor transparency log when the Docker diff --git a/ci/dotnet-desktop.yml b/ci/dotnet-desktop.yml index bd2cb2e..fd82a39 100644 --- a/ci/dotnet-desktop.yml +++ b/ci/dotnet-desktop.yml @@ -69,7 +69,7 @@ jobs: # Install the .NET Core workload - name: Install .NET Core - uses: actions/setup-dotnet@v2 + uses: actions/setup-dotnet@v3 with: dotnet-version: 6.0.x diff --git a/ci/dotnet.yml b/ci/dotnet.yml index a8eccab..7465e23 100644 --- a/ci/dotnet.yml +++ b/ci/dotnet.yml @@ -14,7 +14,7 @@ jobs: steps: - uses: actions/checkout@v3 - name: Setup .NET - uses: actions/setup-dotnet@v2 + uses: actions/setup-dotnet@v3 with: dotnet-version: 6.0.x - name: Restore dependencies diff --git a/code-scanning/anchore.yml b/code-scanning/anchore.yml index a3d2eed..818fb70 100644 --- a/code-scanning/anchore.yml +++ b/code-scanning/anchore.yml @@ -9,7 +9,7 @@ # and parameters, see https://github.com/anchore/scan-action. For more # information on Anchore's container image scanning tool Grype, see # https://github.com/anchore/grype -name: Anchore Container Scan +name: Anchore Grype vulnerability scan on: push: @@ -28,20 +28,21 @@ jobs: permissions: contents: read # for actions/checkout to fetch code security-events: write # for github/codeql-action/upload-sarif to upload SARIF results - actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status + actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status runs-on: ubuntu-latest steps: - - name: Checkout the code + - name: Check out the code uses: actions/checkout@v3 - name: Build the Docker image run: docker build . --file Dockerfile --tag localbuild/testimage:latest - - name: Run the Anchore scan action itself with GitHub Advanced Security code scanning integration enabled - uses: anchore/scan-action@b08527d5ae7f7dc76f9621edb6e49eaf47933ccd + - name: Run the Anchore Grype scan action + uses: anchore/scan-action@d5aa5b6cb9414b0c7771438046ff5bcfa2854ed7 + id: scan with: image: "localbuild/testimage:latest" - acs-report-enable: true - fail-build: false - - name: Upload Anchore Scan Report + fail-build: true + severity-cutoff: critical + - name: Upload vulnerability report uses: github/codeql-action/upload-sarif@v2 with: - sarif_file: results.sarif + sarif_file: ${{ steps.scan.outputs.sarif }} diff --git a/code-scanning/frogbot-scan-and-fix.yml b/code-scanning/frogbot-scan-and-fix.yml index 6dd4b0e..0089f10 100644 --- a/code-scanning/frogbot-scan-and-fix.yml +++ b/code-scanning/frogbot-scan-and-fix.yml @@ -37,7 +37,7 @@ jobs: # node-version: "16.x" - - uses: jfrog/frogbot@34759934930c177bdefba6ca3a417589d4db6cab + - uses: jfrog/frogbot@9304d3b1d8e05a1b5fc0ba9ebf9ffbd495386250 env: # [Mandatory] # JFrog platform URL (This functionality requires version 3.29.0 or above of Xray) diff --git a/code-scanning/frogbot-scan-pr.yml b/code-scanning/frogbot-scan-pr.yml index ec19d61..bd1a9c2 100644 --- a/code-scanning/frogbot-scan-pr.yml +++ b/code-scanning/frogbot-scan-pr.yml @@ -42,7 +42,7 @@ jobs: # The full template list with the required GitHub Actions can be found at https://github.com/jfrog/frogbot/tree/master/templates/github-actions/scan-pull-request - - uses: jfrog/frogbot@34759934930c177bdefba6ca3a417589d4db6cab + - uses: jfrog/frogbot@9304d3b1d8e05a1b5fc0ba9ebf9ffbd495386250 env: # [Mandatory] # JFrog platform URL (This functionality requires version 3.29.0 or above of Xray) diff --git a/code-scanning/nowsecure-mobile-sbom.yml b/code-scanning/nowsecure-mobile-sbom.yml new file mode 100644 index 0000000..b9cf039 --- /dev/null +++ b/code-scanning/nowsecure-mobile-sbom.yml @@ -0,0 +1,55 @@ +# This workflow uses actions that are not certified by GitHub. +# They are provided by a third-party and are governed by +# separate terms of service, privacy policy, and support +# documentation. +# +# NowSecure: The Mobile Security Experts . +# +# To use this workflow, you must have a token for NowSecure Platform. If you are a NowSecure customer, +# you can find it in NowSecure Platform. +# +# If you *are not* a NowSecure customer, click here to sign up for a free trial to get access: +# . +# +# Instructions: +# +# 1. In the settings for your repository, click "Secrets" then "New repository secret". Name the secret "NS_TOKEN" and +# paste in your Platform token. If you do not have a Platform token, or wish to create a new one for GitHub, visit +# NowSecure Platform and go to "Profile & Preferences" then create a token labelled "GitHub". +# +# 2. Follow the annotated workflow below and make any necessary modifications then save the workflow to your repository +# and review the "Dependency graph" tab in the "Insights" pane once the action has run. + +name: "NowSecure Mobile SBOM" + +on: + push: + branches: [ $default-branch, $protected-branches ] + pull_request: + # The branches below must be a subset of the branches above + branches: [ $default-branch ] + schedule: + - cron: $cron-weekly + +permissions: + contents: read + +jobs: + nowsecure: + name: NowSecure Mobile SBOM + runs-on: ubuntu-latest + permissions: + contents: read + steps: + - name: Checkout code + uses: actions/checkout@v3 + + - name: Build your application + run: ./gradlew assembleDebug # Update this to build your Android or iOS application + + - name: NowSecure upload app + uses: nowsecure/nowsecure-sbom-action@ecb731b6f17a83fa53f756f9dae2ec7034c5ed7c + with: + token: ${{ secrets.NS_TOKEN }} + app_file: app-debug.apk # Update this to a path to your .ipa or .apk + group_id: {{ groupId }} # Update this to your desired Platform group ID diff --git a/code-scanning/properties/anchore-syft.properties.json b/code-scanning/properties/anchore-syft.properties.json index 815f8b2..aa4cb1e 100644 --- a/code-scanning/properties/anchore-syft.properties.json +++ b/code-scanning/properties/anchore-syft.properties.json @@ -1,6 +1,6 @@ { "name": "Anchore Syft SBOM Scan", - "organization": "Anchore", + "creator": "Anchore", "description": "Produce Software Bills of Materials based on Anchore's open source Syft tool.", "iconName": "anchore", "categories": ["Code Scanning", "dockerfile", "dependency-management"] diff --git a/code-scanning/properties/anchore.properties.json b/code-scanning/properties/anchore.properties.json index d997da4..94634dd 100644 --- a/code-scanning/properties/anchore.properties.json +++ b/code-scanning/properties/anchore.properties.json @@ -1,7 +1,7 @@ { - "name": "Anchore Container Scan", - "creator": "Indeni Cloudrail", - "description": "Produce container image vulnerability and compliance reports based on the open-source Anchore container image scanner.", + "name": "Anchore Grype Vulnerability Scan", + "creator": "Anchore", + "description": "Produce source and container vulnerability reports based on Anchore's open source Grype tool.", "iconName": "anchore", "categories": ["Code Scanning", "dockerfile"] -} \ No newline at end of file +} diff --git a/code-scanning/properties/codeql.properties.json b/code-scanning/properties/codeql.properties.json index ddb4627..8ee80b4 100644 --- a/code-scanning/properties/codeql.properties.json +++ b/code-scanning/properties/codeql.properties.json @@ -1,6 +1,7 @@ { "name": "CodeQL Analysis", "creator": "GitHub", + "enterprise": true, "description": "Security analysis from GitHub for C, C++, C#, Go, Java, JavaScript, TypeScript, Python, and Ruby developers.", "iconName": "octicon mark-github", "categories": ["Code Scanning", "C", "C++", "C#", "Go", "Java", "JavaScript", "TypeScript", "Python", "Ruby"] diff --git a/code-scanning/properties/eslint.properties.json b/code-scanning/properties/eslint.properties.json index a84646a..2a1271f 100644 --- a/code-scanning/properties/eslint.properties.json +++ b/code-scanning/properties/eslint.properties.json @@ -2,10 +2,11 @@ "name": "ESLint", "description": "A tool for identifying and reporting the problems found in ECMAScript/JavaScript code.", "iconName": "eslint", + "enterprise": false, "categories": [ "Code Scanning", "JavaScript", "EcmaScript", "TypeScript" ] -} \ No newline at end of file +} diff --git a/code-scanning/properties/nowsecure-mobile-sbom.properties.json b/code-scanning/properties/nowsecure-mobile-sbom.properties.json new file mode 100644 index 0000000..32a7964 --- /dev/null +++ b/code-scanning/properties/nowsecure-mobile-sbom.properties.json @@ -0,0 +1,21 @@ +{ + "name": "NowSecure Mobile SBOM", + "creator": "NowSecure", + "description": "Generate a Mobile SBOM for an application and submit to Dependency Graph", + "iconName": "nowsecure", + "categories": [ + "Code Scanning", + "Java", + "Kotlin", + "Scala", + "Swift", + "Objective C", + "C", + "C++", + "C#", + "Rust", + "JavaScript", + "TypeScript", + "Node" + ] +} diff --git a/code-scanning/properties/zscaler-iac-scan.properties.json b/code-scanning/properties/zscaler-iac-scan.properties.json new file mode 100644 index 0000000..274d17a --- /dev/null +++ b/code-scanning/properties/zscaler-iac-scan.properties.json @@ -0,0 +1,7 @@ +{ + "name": "Zscaler IaC Scan", + "creator": "Zscaler CWP", + "description": "Scan your Infrastructure as Code files using Zscaler Infrastructure as Code (IaC) Scan app", + "iconName": "zscaler", + "categories": ["Code Scanning"] +} \ No newline at end of file diff --git a/code-scanning/properties/zscan.properties.json b/code-scanning/properties/zscan.properties.json new file mode 100644 index 0000000..6b55756 --- /dev/null +++ b/code-scanning/properties/zscan.properties.json @@ -0,0 +1,14 @@ +{ + "name": "zScan", + "creator": "Zimperium", + "description": "The zimperium-zscan GitHub action scans your mobile app binary (iOS or Android) and identifies security, privacy, and compliance-related vulnerabilities. ​", + "iconName": "zscan", + "categories": [ + "Code Scanning", + "Java", + "Kotlin", + "Scala", + "Swift", + "Objective C" + ] +} diff --git a/code-scanning/scorecards.yml b/code-scanning/scorecards.yml index 8ca5094..31a4fa1 100644 --- a/code-scanning/scorecards.yml +++ b/code-scanning/scorecards.yml @@ -22,7 +22,7 @@ jobs: # Needs for private repositories. contents: read actions: read - + steps: - name: "Checkout code" uses: actions/checkout@a12a3943b4bdde767164f792f33f40b04645d846 # tag=v3.0.0 @@ -41,8 +41,8 @@ jobs: # repo_token: ${{ secrets.SCORECARD_READ_TOKEN }} # Publish the results for public repositories to enable scorecard badges. For more details, see - # https://github.com/ossf/scorecard-action#publishing-results. - # For private repositories, `publish_results` will automatically be set to `false`, regardless + # https://github.com/ossf/scorecard-action#publishing-results. + # For private repositories, `publish_results` will automatically be set to `false`, regardless # of the value entered here. publish_results: true @@ -54,7 +54,7 @@ jobs: name: SARIF file path: results.sarif retention-days: 5 - + # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" uses: github/codeql-action/upload-sarif@5f532563584d71fdef14ee64d17bafb34f751ce5 # tag=v1.0.26 diff --git a/code-scanning/soos-dast-scan.yml b/code-scanning/soos-dast-scan.yml index cf3b1b7..9b58e90 100644 --- a/code-scanning/soos-dast-scan.yml +++ b/code-scanning/soos-dast-scan.yml @@ -3,13 +3,18 @@ # separate terms of service, privacy policy, and support # documentation. # -# SOOS is the easy-to-integrate software security solution for your whole team, learn more at https://soos.io/ +# SOOS is the easy-to-integrate and affordable software security solution for your whole team. +# Learn more at https://soos.io/ # -# To use this action you need to fill the following requirements: +# To use this action, perform the following steps: # -# 1. Create an account on https://app.soos.io to obtain a Client ID and API Key (Free 30 days trials for both our SCA/DAST product). +# 1. Create an account on https://app.soos.io. SOOS offers a free 30 day trial for our SCA and DAST products. # -# 2. Set up your API KEY/Client ID as Github Secrets named SOOS_CLIENT_ID & SOOS_API_KEY. (Also set SOOS_GITHUB_PAT with your Github Personal Access Token if you're going to use sarif upload) +# 2. Navigate to the "Integrate" page in the SOOS app (https://app.soos.io/integrate). Note the "API Credentials" section of this page; the keys you will need for the next step are here. +# +# 3. Set up your SOOS API Key and SOOS Client Id as Github Secrets named SOOS_API_KEY and SOOS_CLIENT_ID. +# +# 4. (Optional) If you'd like to upload SARIF results of DAST scans to GitHub, set SOOS_GITHUB_PAT with your Github Personal Access Token. # name: "SOOS DAST Scan" diff --git a/code-scanning/zscaler-iac-scan.yml b/code-scanning/zscaler-iac-scan.yml new file mode 100644 index 0000000..c6020a5 --- /dev/null +++ b/code-scanning/zscaler-iac-scan.yml @@ -0,0 +1,56 @@ +#This workflow uses actions that are not certified by GitHub. +#They are provided by a third party and are governed by +#separate terms of service, privacy policy, and support +#documentation. + +#This workflow runs the Zscaler Infrastructure as Code (IaC) Scan app, +#which detects security misconfigurations in IaC templates and publishes the findings +#under the code scanning alerts section within the repository. + +#Log into the Zscaler Workload Posture (ZWP) Admin Portal to begin the onboarding process. +#Copy the client ID and client secret key generated during the onboarding process and configure. +#GitHub secrets (ZSCANNER_CLIENT_ID, ZSCANNER_CLIENT_SECRET). + +#Refer https://github.com/marketplace/actions/zscaler-iac-scan for additional details on setting up this workflow. +#Any issues with this workflow, please raise it on https://github.com/ZscalerCWP/Zscaler-IaC-Action/issues for further investigation. + +name: Zscaler IaC Scan +on: + push: + branches: [ $default-branch, $protected-branches ] + pull_request: + branches: [ $default-branch ] + schedule: + - cron: $cron-weekly + +permissions: + contents: read + +jobs: + zscaler-iac-scan: + permissions: + contents: read # for actions/checkout to fetch code + security-events: write # for github/codeql-action/upload-sarif to upload SARIF results + runs-on: ubuntu-latest + steps: + - name : Code Checkout + uses: actions/checkout@v3 + - name : Zscaler IAC Scan + uses : ZscalerCWP/Zscaler-IaC-Action@8f0d8b60bd5a8f44062d444463f66f419ab71cfc + id : zscaler-iac-scan + with: + client_id : ${{ secrets.ZSCANNER_CLIENT_ID }} + client_secret : ${{ secrets.ZSCANNER_CLIENT_SECRET }} + #This is the user region specified during the onboarding process within the ZWP Admin Portal. + region : 'US' + iac_dir : #Enter the IaC directory path from root. + iac_file : #Enter the IaC file path from root. + output_format : #(Optional) By default, the output is provided in a human readable format. However, if you require a different format, you can specify it here. + #To fail the build based on policy violations identified in the IaC templates, set the input value (fail_build) to true. + fail_build : #Enter true/false + #Ensure that the following step is included in order to post the scan results under the code scanning alerts section within the repository. + - name: Upload SARIF file + if: ${{ success() || failure() && (steps.zscaler-iac-scan.outputs.sarif_file_path != '') }} + uses: github/codeql-action/upload-sarif@v2 + with: + sarif_file: ${{ steps.zscaler-iac-scan.sarif_file_path }} diff --git a/code-scanning/zscan.yml b/code-scanning/zscan.yml new file mode 100644 index 0000000..1ac6bbd --- /dev/null +++ b/code-scanning/zscan.yml @@ -0,0 +1,61 @@ +# This workflow uses actions that are not certified by GitHub. +# They are provided by a third-party and are governed by +# separate terms of service, privacy policy, and support +# documentation. +# +# The zimperium-zscan GitHub action scans your mobile app binary (iOS or Android) +# and identifies security, privacy, and compliance-related vulnerabilities. ​ +# +# Prerequisites: ​ +# * An active Zimperium zScan account is required. If you are not an existing Zimperium +# zScan customer, please request a zSCAN demo by visiting https://www.zimperium.com/contact-us. +# * Either GitHub Advanced Security (GHAS) or a public repository is required to display +# issues and view the remediation information inside of GitHub code scanning alerts. ​ +# +# For additional information and setup instructions +# please visit: https://github.com/Zimperium/zScanMarketplace#readme + +name: "Zimperium zScan" + +on: + push: + branches: [ $default-branch, $protected-branches ] + pull_request: + branches: [ $default-branch ] + +permissions: + contents: read + +jobs: + zscan: + name: zScan + runs-on: ubuntu-latest + permissions: + contents: read # for actions/checkout to fetch code + security-events: write # for github/codeql-action/upload-sarif to upload SARIF results + actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status + steps: + - name: Checkout repository + uses: actions/checkout@v3 + + - name: Execute gradle build + run: ./gradlew build # Change this to build your mobile application + + - name: Run Zimperium zScan + uses: zimperium/zscanmarketplace@bfc6670f6648d796098c251ccefcfdb98983174d + timeout-minutes: 60 + with: + # REPLACE: Zimperium Client Environment Name + client_env: env_string + # REPLACE: Zimperium Client ID + client_id: id_string + # REPLACE: Zimperium Client Secret + client_secret: ${{ secrets.ZSCAN_CLIENT_SECRET }} + # REPLACE: The path to an .ipa or .apk + app_file: app-release-unsigned.apk + + - name: Upload SARIF file + uses: github/codeql-action/upload-sarif@v2 + with: + sarif_file: Zimperium.sarif + \ No newline at end of file diff --git a/icons/zscaler.svg b/icons/zscaler.svg new file mode 100644 index 0000000..3897442 --- /dev/null +++ b/icons/zscaler.svg @@ -0,0 +1,3 @@ + + + diff --git a/icons/zscan.svg b/icons/zscan.svg new file mode 100644 index 0000000..1dff416 --- /dev/null +++ b/icons/zscan.svg @@ -0,0 +1,11 @@ + + + + + + + + + + + diff --git a/script/sync-ghes/index.ts b/script/sync-ghes/index.ts index 608e73d..a320d36 100755 --- a/script/sync-ghes/index.ts +++ b/script/sync-ghes/index.ts @@ -61,7 +61,7 @@ async function checkWorkflows( const enabled = !isPartnerWorkflow && - workflowProperties.enterprise !== false && + (workflowProperties.enterprise === true || folder !== 'code-scanning') && (await checkWorkflow(workflowFilePath, enabledActions)); const workflowDesc: WorkflowDesc = { diff --git a/script/validate-data/package-lock.json b/script/validate-data/package-lock.json index e660b6a..358c661 100644 --- a/script/validate-data/package-lock.json +++ b/script/validate-data/package-lock.json @@ -9,7 +9,7 @@ "version": "1.0.0", "license": "MIT", "dependencies": { - "@actions/core": "^1.2.6", + "@actions/core": "^1.9.1", "js-yaml": "^3.13.1", "jsonschema": "^1.2.6" }, @@ -21,9 +21,21 @@ } }, "node_modules/@actions/core": { - "version": "1.2.6", - "resolved": "https://registry.npmjs.org/@actions/core/-/core-1.2.6.tgz", - "integrity": "sha512-ZQYitnqiyBc3D+k7LsgSBmMDVkOVidaagDG7j3fOym77jNunWRuYx7VSHa9GNfFZh+zh61xsCjRj4JxMZlDqTA==" + "version": "1.9.1", + "resolved": "https://registry.npmjs.org/@actions/core/-/core-1.9.1.tgz", + "integrity": "sha512-5ad+U2YGrmmiw6du20AQW5XuWo7UKN2052FjSV7MX+Wfjf8sCqcsZe62NfgHys4QI4/Y+vQvLKYL8jWtA1ZBTA==", + "dependencies": { + "@actions/http-client": "^2.0.1", + "uuid": "^8.3.2" + } + }, + "node_modules/@actions/http-client": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/@actions/http-client/-/http-client-2.0.1.tgz", + "integrity": "sha512-PIXiMVtz6VvyaRsGY268qvj57hXQEpsYogYOu2nrQhlf+XCGmZstmuZBbAybUl1nQGnvS1k1eEsQ69ZoD7xlSw==", + "dependencies": { + "tunnel": "^0.0.6" + } }, "node_modules/@types/js-yaml": { "version": "3.12.4", @@ -153,6 +165,14 @@ "typescript": ">=2.7" } }, + "node_modules/tunnel": { + "version": "0.0.6", + "resolved": "https://registry.npmjs.org/tunnel/-/tunnel-0.0.6.tgz", + "integrity": "sha512-1h/Lnq9yajKY2PEbBadPXj3VxsDDu844OnaAo52UVmIzIvwwtBPIuNvkjuzBlTWpfJyUbG3ez0KSBibQkj4ojg==", + "engines": { + "node": ">=0.6.11 <=0.7.0 || >=0.7.3" + } + }, "node_modules/typescript": { "version": "3.9.2", "resolved": "https://registry.npmjs.org/typescript/-/typescript-3.9.2.tgz", @@ -166,6 +186,14 @@ "node": ">=4.2.0" } }, + "node_modules/uuid": { + "version": "8.3.2", + "resolved": "https://registry.npmjs.org/uuid/-/uuid-8.3.2.tgz", + "integrity": "sha512-+NYs2QeMWy+GWFOEm9xnn6HCDp0l7QBD7ml8zLUmJ+93Q5NF0NocErnwkTkXVFNiX3/fpC6afS8Dhb/gz7R7eg==", + "bin": { + "uuid": "dist/bin/uuid" + } + }, "node_modules/yn": { "version": "3.1.1", "resolved": "https://registry.npmjs.org/yn/-/yn-3.1.1.tgz", @@ -178,9 +206,21 @@ }, "dependencies": { "@actions/core": { - "version": "1.2.6", - "resolved": "https://registry.npmjs.org/@actions/core/-/core-1.2.6.tgz", - "integrity": "sha512-ZQYitnqiyBc3D+k7LsgSBmMDVkOVidaagDG7j3fOym77jNunWRuYx7VSHa9GNfFZh+zh61xsCjRj4JxMZlDqTA==" + "version": "1.9.1", + "resolved": "https://registry.npmjs.org/@actions/core/-/core-1.9.1.tgz", + "integrity": "sha512-5ad+U2YGrmmiw6du20AQW5XuWo7UKN2052FjSV7MX+Wfjf8sCqcsZe62NfgHys4QI4/Y+vQvLKYL8jWtA1ZBTA==", + "requires": { + "@actions/http-client": "^2.0.1", + "uuid": "^8.3.2" + } + }, + "@actions/http-client": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/@actions/http-client/-/http-client-2.0.1.tgz", + "integrity": "sha512-PIXiMVtz6VvyaRsGY268qvj57hXQEpsYogYOu2nrQhlf+XCGmZstmuZBbAybUl1nQGnvS1k1eEsQ69ZoD7xlSw==", + "requires": { + "tunnel": "^0.0.6" + } }, "@types/js-yaml": { "version": "3.12.4", @@ -279,12 +319,22 @@ "yn": "3.1.1" } }, + "tunnel": { + "version": "0.0.6", + "resolved": "https://registry.npmjs.org/tunnel/-/tunnel-0.0.6.tgz", + "integrity": "sha512-1h/Lnq9yajKY2PEbBadPXj3VxsDDu844OnaAo52UVmIzIvwwtBPIuNvkjuzBlTWpfJyUbG3ez0KSBibQkj4ojg==" + }, "typescript": { "version": "3.9.2", "resolved": "https://registry.npmjs.org/typescript/-/typescript-3.9.2.tgz", "integrity": "sha512-q2ktq4n/uLuNNShyayit+DTobV2ApPEo/6so68JaD5ojvc/6GClBipedB9zNWYxRSAlZXAe405Rlijzl6qDiSw==", "dev": true }, + "uuid": { + "version": "8.3.2", + "resolved": "https://registry.npmjs.org/uuid/-/uuid-8.3.2.tgz", + "integrity": "sha512-+NYs2QeMWy+GWFOEm9xnn6HCDp0l7QBD7ml8zLUmJ+93Q5NF0NocErnwkTkXVFNiX3/fpC6afS8Dhb/gz7R7eg==" + }, "yn": { "version": "3.1.1", "resolved": "https://registry.npmjs.org/yn/-/yn-3.1.1.tgz", diff --git a/script/validate-data/package.json b/script/validate-data/package.json index e6403ee..6811f19 100644 --- a/script/validate-data/package.json +++ b/script/validate-data/package.json @@ -14,7 +14,7 @@ "typescript": "^3.9.2" }, "dependencies": { - "@actions/core": "^1.2.6", + "@actions/core": "^1.9.1", "js-yaml": "^3.13.1", "jsonschema": "^1.2.6" }