81 Commits

Author SHA1 Message Date
Aiqiao Yan 36d90eb54c Merge pull request #2356 from actions/dependabot/npm_and_yarn/flatted-3.4.2
chore(deps-dev): bump flatted from 3.3.3 to 3.4.2
2026-04-21 12:59:58 -04:00
dependabot[bot] 3c424f0d63 chore(deps-dev): bump axios from 1.12.2 to 1.15.1
Bumps [axios](https://github.com/axios/axios) from 1.12.2 to 1.15.1.
- [Release notes](https://github.com/axios/axios/releases)
- [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md)
- [Commits](https://github.com/axios/axios/compare/v1.12.2...v1.15.1)

---
updated-dependencies:
- dependency-name: axios
  dependency-version: 1.15.1
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-04-20 21:34:33 +00:00
dependabot[bot] 1f375f130a chore(deps-dev): bump follow-redirects from 1.15.11 to 1.16.0
Bumps [follow-redirects](https://github.com/follow-redirects/follow-redirects) from 1.15.11 to 1.16.0.
- [Release notes](https://github.com/follow-redirects/follow-redirects/releases)
- [Commits](https://github.com/follow-redirects/follow-redirects/compare/v1.15.11...v1.16.0)

---
updated-dependencies:
- dependency-name: follow-redirects
  dependency-version: 1.16.0
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-04-15 18:58:03 +00:00
dependabot[bot] 233d556477 chore(deps-dev): bump picomatch from 2.3.1 to 2.3.2
Bumps [picomatch](https://github.com/micromatch/picomatch) from 2.3.1 to 2.3.2.
- [Release notes](https://github.com/micromatch/picomatch/releases)
- [Changelog](https://github.com/micromatch/picomatch/blob/master/CHANGELOG.md)
- [Commits](https://github.com/micromatch/picomatch/compare/2.3.1...2.3.2)

---
updated-dependencies:
- dependency-name: picomatch
  dependency-version: 2.3.2
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-03-25 22:41:36 +00:00
dependabot[bot] 23cbecacad chore(deps-dev): bump flatted from 3.3.3 to 3.4.2
Bumps [flatted](https://github.com/WebReflection/flatted) from 3.3.3 to 3.4.2.
- [Commits](https://github.com/WebReflection/flatted/compare/v3.3.3...v3.4.2)

---
updated-dependencies:
- dependency-name: flatted
  dependency-version: 3.4.2
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-03-21 10:32:03 +00:00
Lokesh Gopu b77f226465 Merge pull request #2249 from actions/fix/upgrade-octokit-dependencies
upgrade octokit dependencies
2026-01-22 14:46:12 -05:00
Lokesh Gopu f61ae48376 upgrade octokit dependencies 2026-01-22 11:59:59 -05:00
dependabot[bot] bd561a6765 chore(deps): bump lodash from 4.17.21 to 4.17.23
Bumps [lodash](https://github.com/lodash/lodash) from 4.17.21 to 4.17.23.
- [Release notes](https://github.com/lodash/lodash/releases)
- [Commits](https://github.com/lodash/lodash/compare/4.17.21...4.17.23)

---
updated-dependencies:
- dependency-name: lodash
  dependency-version: 4.17.23
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-01-22 00:03:54 +00:00
Salman Muin Kayser Chishti 8883833d6d chore: fix npm audit vulnerabilities (glob, js-yaml) 2025-12-08 21:14:00 +00:00
Salman Muin Kayser Chishti 88a490d2ce override for node-fetch 2025-10-15 16:28:21 +01:00
Salman Muin Kayser Chishti 33a9b6c09c update with dist updates 2025-10-15 16:22:51 +01:00
Salman Muin Kayser Chishti 7aea3e735f changes 2025-09-08 15:37:51 +01:00
Salman Muin Kayser Chishti 011f07d1dc package changes 2025-09-04 12:58:54 +01:00
Salman Muin Kayser Chishti aa7077acfb Override to fix npm audit stuff 2025-09-04 12:49:31 +01:00
Salman Muin Kayser Chishti 86207b5042 remove engines 24 reuqirement from toolkit and fix test 2025-09-04 12:41:43 +01:00
Salman Muin Kayser Chishti f82db4c00b audit fix 2025-08-08 12:26:34 +01:00
Salman Muin Kayser Chishti ece2273b24 updates 2025-07-31 23:48:44 +01:00
Bassem Dghaidi ab8110fa2f Remove unecessary packages from top level package.json 2024-11-14 06:36:42 -08:00
Bassem Dghaidi 83baffc3f6 Package upgrades with security fixes 2024-11-14 03:34:32 -08:00
Bassem Dghaidi 70e5684b1f Merge branch 'main' into neo-cache-service 2024-09-24 02:36:02 -07:00
Thomas Boop 48a65377c0 Fix HTTP client tests (#1792)
* fix tests and update dependencies
2024-08-15 16:53:06 -04:00
Rob Herley 56832696fc npm audit fix 2024-07-03 17:03:40 +00:00
Bassem Dghaidi 264230c2c5 add debug 2024-05-23 09:04:37 -07:00
eggyhead c01bc907ed fixing https://github.com/advisories/GHSA-f5x3-32g6-xq36 2024-04-10 21:30:24 +00:00
Brian DeHamer 4ce4c767e2 npm audit fix
Signed-off-by: Brian DeHamer <bdehamer@github.com>
2024-03-22 12:44:24 -07:00
bethanyj28 b956d8a4dd audit, lint, format 2024-02-22 17:55:53 -05:00
Vallie Joseph d63a8c4d3f updating package-json 2024-01-09 17:13:35 +00:00
Rob Herley 9e7201ff5b audit fix 2023-11-20 16:51:13 +00:00
Rob Herley 8cd02dfabc audit fix 2023-10-16 16:27:26 +00:00
Tatyana Kostromskaya b2d5fa216f update github package 2023-09-14 14:32:08 +00:00
Tatyana Kostromskaya ce31408ff5 Update dependencies 2023-09-08 14:29:27 +00:00
Vallie Joseph 2461056696 Audit Fix (#1480)
* fixing audit failures

* replacing lerna bootstrap with npm command

* audit fix for cache and tool-cache

* updating tunnel

* upgrading core packages

* re-adding tunnel as prod dep

* updating dependencies

* updating exec deps

* updating exec io package

* .

* Revert

* updating packages

* adding core as dep

* updating learna config

* updating lerna commands

* Removing audit failing packages in cache + tool-cache

* updating contribution bootstrap description

* updating libraries

* prettier lint

* hiding stricter rules

* updating prettier command

* Removing unknown flag

* Adding eslint prettier

* ignoring sym links

* updating ignore path

* updating prettier rules

* changing prettier + github ver

* updating ts and ignores

* Revert ts

* Adding unknown ignores

* downgrading lerna

* .

* adding nx

* Adding lint auto lint rules

* updating eslint ignore for glob packages

* Adding subdirs to ignore

* adding flag for ignore pattern in linter

* Expanding ignore regex

* Adding ignore rules

* adding another ignore pattern to tsconfig eslint

* adding ignore pattern to eslintrc

* syncing package-json

* updating traverse

* .

* test adding core and http client to base package

* running npm ci

* adding tsconfig paths

* adding base URL

* Adding explicit path to core and http-client

* editing tsc call

* updating artifact packages

* force build

* updating lock file version

* updating lock file version

* upgrading node version

* Adding babel traverse back

* fixing build issue

* fixing typescript ver

* updating package json

* Adding ignore for artifact test

* adding ignore to flags

* unlink after test completes

* cleanup

* merge + package edit
2023-08-03 16:36:11 -04:00
dependabot[bot] c6005c2a3c Bump http-cache-semantics from 4.1.0 to 4.1.1
Bumps [http-cache-semantics](https://github.com/kornelski/http-cache-semantics) from 4.1.0 to 4.1.1.
- [Release notes](https://github.com/kornelski/http-cache-semantics/releases)
- [Commits](https://github.com/kornelski/http-cache-semantics/compare/v4.1.0...v4.1.1)

---
updated-dependencies:
- dependency-name: http-cache-semantics
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-02-03 04:52:15 +00:00
Ferenc Hammerl 4ea08312c6 Fix json5 vuln 2023-01-03 13:37:01 +01:00
Ferenc Hammerl 56c460630a Fix audit 2022-12-14 01:27:55 +01:00
Ferenc Hammerl c91bdbadbf Update ts types to node16 2022-12-14 01:13:46 +01:00
Sankalp Kotewar 3fd7f664a6 Merge remote-tracking branch 'origin/main' into segment-download-timeout 2022-08-09 10:38:08 +00:00
Thomas Boop 30995490f2 Update lerna dependency. (#1149)
* fix audit

* update linter
2022-08-08 14:39:23 -04:00
Sankalp Kotewar fe1ee8b6b4 Updated lerna to 5.3.0 due to audit reasons 2022-08-03 14:25:32 +00:00
Luke Tomlinson d594f1e4b3 Fix npm audit (#1040) 2022-03-31 14:40:06 -04:00
Ashwin Sangem 58406447b5 Fixed toolkit audit by running npm audit fix. 2022-03-23 11:24:15 +00:00
Luke Tomlinson 6ce349e08c Update High Severity Dev Dependencies (#923)
* Update deps

* More Updates

* Use npm 7

* Update package-lock.json
2021-10-14 09:20:09 -04:00
Thomas Boop 27f76dfe1a Full release of actions/core 1.6.0 with oidc behavior (#919)
* OIDC Client for actions/core

Co-authored-by: Sourav Chanduka <souravchanduka37@gmail.com>
Co-authored-by: Sourav Chanduka <souravchanduka@users.noreply.github.com>
Co-authored-by: Tingluo Huang <tingluohuang@github.com>
2021-09-28 12:55:21 -04:00
Luke Tomlinson ea81280a4d Update release for core 1.5.0 (#873)
* Update release for core 1.5.0

* Update RELEASES.md

* Run npm audit fix
2021-08-18 09:26:19 -04:00
Brian Cristante 9167ce1f3a Resolve vulnerabilities found by npm audit (#846) 2021-06-16 09:20:08 -04:00
dependabot[bot] aa29345ae8 Bump ws from 7.2.3 to 7.4.6 (#823)
Bumps [ws](https://github.com/websockets/ws) from 7.2.3 to 7.4.6.
- [Release notes](https://github.com/websockets/ws/releases)
- [Commits](https://github.com/websockets/ws/compare/7.2.3...7.4.6)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-06-01 09:50:25 -04:00
Thomas Boop 0d74e9080a Re-enable the audit tools step and update dependencies (#815)
* update package versions

* run audit

* fix eslint config

* linter updates

* re-enable audit

* update timeouts test

* pass done into callback

* fix format
2021-05-21 09:19:40 -04:00
dependabot[bot] 1bafbed467 Bump lodash from 4.17.15 to 4.17.21 (#801)
Bumps [lodash](https://github.com/lodash/lodash) from 4.17.15 to 4.17.21.
- [Release notes](https://github.com/lodash/lodash/releases)
- [Commits](https://github.com/lodash/lodash/compare/4.17.15...4.17.21)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-05-14 14:39:47 -04:00
dependabot[bot] cac7db2d19 Bump handlebars from 4.5.3 to 4.7.7 (#799)
Bumps [handlebars](https://github.com/wycats/handlebars.js) from 4.5.3 to 4.7.7.
- [Release notes](https://github.com/wycats/handlebars.js/releases)
- [Changelog](https://github.com/handlebars-lang/handlebars.js/blob/master/release-notes.md)
- [Commits](https://github.com/wycats/handlebars.js/compare/v4.5.3...v4.7.7)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-05-07 16:37:28 -04:00
dependabot[bot] fecf6cdd59 Bump hosted-git-info from 2.7.1 to 2.8.9 (#800)
Bumps [hosted-git-info](https://github.com/npm/hosted-git-info) from 2.7.1 to 2.8.9.
- [Release notes](https://github.com/npm/hosted-git-info/releases)
- [Changelog](https://github.com/npm/hosted-git-info/blob/v2.8.9/CHANGELOG.md)
- [Commits](https://github.com/npm/hosted-git-info/compare/v2.7.1...v2.8.9)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-05-07 14:17:30 -04:00