snyk-bot
cc15e3c0d1
fix: upgrade @actions/core from 1.6.0 to 1.7.0
...
Snyk has created this PR to upgrade @actions/core from 1.6.0 to 1.7.0.
See this package in npm:
https://www.npmjs.com/package/@actions/core
See this project in Snyk:
https://app.snyk.io/org/emnmer1/project/34c7da3b-bd8a-469a-bbc4-db9b5aa7b90e?utm_source=github&utm_medium=referral&page=upgrade-pr
2022-05-16 23:28:04 +00:00
Emnmer1
459d804628
Merge pull request #12 from Emnmer1/snyk-upgrade-9f9457bd6a324eb509b33b0ed4812fee
...
[Snyk] Upgrade @actions/github from 5.0.0 to 5.0.1
2022-04-25 04:03:44 -07:00
Emnmer1
44abdd19d9
Merge branch 'actions:main' into main
2022-04-23 12:09:59 -07:00
snyk-bot
77481491f5
fix: upgrade @actions/github from 5.0.0 to 5.0.1
...
Snyk has created this PR to upgrade @actions/github from 5.0.0 to 5.0.1.
See this package in npm:
https://www.npmjs.com/package/@actions/github
See this project in Snyk:
https://app.snyk.io/org/emnmer1/project/34c7da3b-bd8a-469a-bbc4-db9b5aa7b90e?utm_source=github&utm_medium=referral&page=upgrade-pr
2022-04-22 22:24:18 +00:00
Emnmer1
1b0cc5085d
Merge pull request #10 from Emnmer1/snyk-upgrade-0658ef0dff4fc660c08767912341a88e
...
[Snyk] Upgrade uuid from 3.4.0 to 8.3.2
2022-04-21 12:35:20 -07:00
Emnmer1
1f9ae1535f
Merge pull request #11 from Emnmer1/snyk-upgrade-fa9aa46d4dcbc77e2f2edfe30c4fd662
...
[Snyk] Upgrade @actions/github from 2.2.0 to 5.0.0
2022-04-21 12:35:03 -07:00
Tingluo Huang
2541b1294d
Prepare changelog for v3.0.2. ( #777 )
2022-04-21 10:29:04 -04:00
snyk-bot
4a2308bbdc
feat: upgrade @actions/github from 2.2.0 to 5.0.0
...
Snyk has created this PR to upgrade @actions/github from 2.2.0 to 5.0.0.
See this package in npm:
https://www.npmjs.com/package/@actions/github
See this project in Snyk:
https://app.snyk.io/org/emnmer1/project/34c7da3b-bd8a-469a-bbc4-db9b5aa7b90e?utm_source=github&utm_medium=referral&page=upgrade-pr
2022-04-21 09:00:22 +00:00
snyk-bot
66bcca04ba
feat: upgrade uuid from 3.4.0 to 8.3.2
...
Snyk has created this PR to upgrade uuid from 3.4.0 to 8.3.2.
See this package in npm:
https://www.npmjs.com/package/uuid
See this project in Snyk:
https://app.snyk.io/org/emnmer1/project/34c7da3b-bd8a-469a-bbc4-db9b5aa7b90e?utm_source=github&utm_medium=referral&page=upgrade-pr
2022-04-21 09:00:18 +00:00
Tingluo Huang
0ffe6f9c55
Add set-safe-directory input to allow customers to take control. ( #770 )
...
* Add set-safe-directory input to allow customers to take control.
2022-04-20 21:37:43 -04:00
Emnmer1
b03235eb78
Merge pull request #9 from Emnmer1/snyk-upgrade-051c28ecc7862af26b0c9a9eb027d14a
...
[Snyk] Upgrade uuid from 3.3.3 to 3.4.0
2022-04-20 06:58:36 -07:00
Emnmer1
cad0b42c07
Merge branch 'actions:main' into snyk-upgrade-051c28ecc7862af26b0c9a9eb027d14a
2022-04-20 04:54:42 -07:00
Emnmer1
a8b45e2744
Merge pull request #6 from Emnmer1/snyk-upgrade-4e5967dab2475ae6b8293da21f49909b
...
[Snyk] Upgrade @actions/core from 1.2.6 to 1.6.0
2022-04-20 04:40:41 -07:00
Thomas Boop
dcd71f6466
Enforce safe directory ( #762 )
...
* set safe directory when running checkout
* Update CHANGELOG.md
2022-04-14 14:13:20 -04:00
snyk-bot
4c7e6c7cd3
fix: upgrade uuid from 3.3.3 to 3.4.0
...
Snyk has created this PR to upgrade uuid from 3.3.3 to 3.4.0.
See this package in npm:
https://www.npmjs.com/package/uuid
See this project in Snyk:
https://app.snyk.io/org/emnmer1/project/34c7da3b-bd8a-469a-bbc4-db9b5aa7b90e?utm_source=github&utm_medium=referral&page=upgrade-pr
2022-04-11 07:10:33 +00:00
snyk-bot
6012935062
fix: upgrade @actions/core from 1.2.6 to 1.6.0
...
Snyk has created this PR to upgrade @actions/core from 1.2.6 to 1.6.0.
See this package in npm:
https://www.npmjs.com/package/@actions/core
See this project in Snyk:
https://app.snyk.io/org/emnmer1/project/34c7da3b-bd8a-469a-bbc4-db9b5aa7b90e?utm_source=github&utm_medium=referral&page=upgrade-pr
2022-04-11 07:10:23 +00:00
Emnmer1
360b1bd174
Merge branch 'actions:main' into main
2022-04-06 00:19:41 -07:00
Tingluo Huang
add3486cc3
Patch to fix the dependbot alert. ( #744 )
...
* Patch to fix the dependbot alert.
* .
* .
* .
2022-04-05 13:01:33 -04:00
Emnmer1
38f735923c
3
...
gh pr checkout 3
2022-04-02 14:19:51 -07:00
Emnmer1
389fa9dff2
Merge branch 'actions:main' into main
2022-04-01 01:53:36 -07:00
dependabot[bot]
5126516654
Bump minimist from 1.2.5 to 1.2.6 ( #741 )
...
Bumps [minimist](https://github.com/substack/minimist ) from 1.2.5 to 1.2.6.
- [Release notes](https://github.com/substack/minimist/releases )
- [Commits](https://github.com/substack/minimist/compare/1.2.5...1.2.6 )
---
updated-dependencies:
- dependency-name: minimist
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-03-31 10:09:15 -04:00
Emnmer1
e3c1862394
Merge branch 'actions:main' into main
2022-03-26 04:30:50 -07:00
Emnmer1
61a89dd64d
Merge pull request #1 from Emnmer1/dependabot/npm_and_yarn/node-fetch-2.6.7
...
Bump node-fetch from 2.6.5 to 2.6.7
2022-03-26 03:55:27 -07:00
Edward Thomson
d50f8ea767
Add v3.0 release information to changelog ( #740 )
2022-03-25 09:52:31 -04:00
dependabot[bot]
890204e24f
Bump node-fetch from 2.6.5 to 2.6.7
...
Bumps [node-fetch](https://github.com/node-fetch/node-fetch ) from 2.6.5 to 2.6.7.
- [Release notes](https://github.com/node-fetch/node-fetch/releases )
- [Commits](https://github.com/node-fetch/node-fetch/compare/v2.6.5...v2.6.7 )
---
updated-dependencies:
- dependency-name: node-fetch
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-03-22 00:40:08 +00:00
Emnmer1
3a9da3354b
Add files via upload
2022-03-21 10:24:10 -07:00
Thomas Boop
2d1c1198e7
update test workflows to checkout v3 ( #709 )
2022-03-01 13:02:13 -05:00
Thomas Boop
a12a3943b4
update readme for v3 ( #708 )
...
* update readme for v3
* update readme with changes
* nit grammar
2022-03-01 12:46:45 -05:00
Thomas Boop
8f9e05e482
Update to node 16 ( #689 )
...
* Update to node 16
* update setup-node version
* Update check-dist.yml
update setup node version
* update dist/index.js
2022-02-28 16:17:29 -05:00
Ameya Lokare
230611dbd0
Change secret name for PAT to not start with GITHUB_ ( #623 )
...
Github doesn't allow secret names that start with `GITHUB_` (case insensitive). Update README to choose a different prefix (GH).
2021-11-02 16:20:59 -05:00
eric sciple
ec3a7ce113
set insteadOf url for org-id ( #621 )
2021-11-01 11:43:18 -05:00
eric sciple
fd47087372
codeql should analyze lib not dist ( #620 )
2021-10-20 15:11:24 -05:00
eric sciple
3d677ac575
script to generate license info ( #614 )
2021-10-19 14:30:04 -05:00
eric sciple
826ba42d6c
npm audit fix ( #612 )
2021-10-19 10:05:28 -05:00
eric sciple
eb8a193c1d
update dev dependencies and react to new linting rules ( #611 )
2021-10-19 09:52:57 -05:00
Jeremy Epling
c49af7ca1f
Create codeql-analysis.yml ( #602 )
2021-10-18 16:28:25 -05:00
Thomas Boop
1e204e9a92
update licensed check ( #606 )
2021-10-13 16:22:03 -05:00
eric sciple
0299a0d2b6
update dist ( #605 )
2021-10-13 16:07:05 -05:00
dependabot[bot]
be0f448456
Bump ws from 5.2.2 to 5.2.3 ( #604 )
...
Bumps [ws](https://github.com/websockets/ws ) from 5.2.2 to 5.2.3.
- [Release notes](https://github.com/websockets/ws/releases )
- [Commits](https://github.com/websockets/ws/compare/5.2.2...5.2.3 )
---
updated-dependencies:
- dependency-name: ws
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-10-13 09:14:20 -05:00
dependabot[bot]
56c00a7b1f
Bump tmpl from 1.0.4 to 1.0.5 ( #588 )
...
Bumps [tmpl](https://github.com/daaku/nodejs-tmpl ) from 1.0.4 to 1.0.5.
- [Release notes](https://github.com/daaku/nodejs-tmpl/releases )
- [Commits](https://github.com/daaku/nodejs-tmpl/commits/v1.0.5 )
---
updated-dependencies:
- dependency-name: tmpl
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-10-13 09:13:31 -05:00
dependabot[bot]
85e47d1a2b
Bump path-parse from 1.0.6 to 1.0.7 ( #568 )
...
Bumps [path-parse](https://github.com/jbgutierrez/path-parse ) from 1.0.6 to 1.0.7.
- [Release notes](https://github.com/jbgutierrez/path-parse/releases )
- [Commits](https://github.com/jbgutierrez/path-parse/commits/v1.0.7 )
---
updated-dependencies:
- dependency-name: path-parse
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-10-13 09:13:04 -05:00
dependabot[bot]
3fc17f8645
Bump hosted-git-info from 2.8.5 to 2.8.9 ( #500 )
...
Bumps [hosted-git-info](https://github.com/npm/hosted-git-info ) from 2.8.5 to 2.8.9.
- [Release notes](https://github.com/npm/hosted-git-info/releases )
- [Changelog](https://github.com/npm/hosted-git-info/blob/v2.8.9/CHANGELOG.md )
- [Commits](https://github.com/npm/hosted-git-info/compare/v2.8.5...v2.8.9 )
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-10-13 09:11:06 -05:00
dependabot[bot]
e3bc06d986
Bump lodash from 4.17.15 to 4.17.21 ( #499 )
...
Bumps [lodash](https://github.com/lodash/lodash ) from 4.17.15 to 4.17.21.
- [Release notes](https://github.com/lodash/lodash/releases )
- [Commits](https://github.com/lodash/lodash/compare/4.17.15...4.17.21 )
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-10-13 09:08:31 -05:00
dependabot[bot]
442567ba57
Bump handlebars from 4.5.3 to 4.7.7 ( #497 )
...
Bumps [handlebars](https://github.com/wycats/handlebars.js ) from 4.5.3 to 4.7.7.
- [Release notes](https://github.com/wycats/handlebars.js/releases )
- [Changelog](https://github.com/handlebars-lang/handlebars.js/blob/master/release-notes.md )
- [Commits](https://github.com/wycats/handlebars.js/compare/v4.5.3...v4.7.7 )
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-10-13 09:07:45 -05:00
dependabot[bot]
7f00b66d06
Bump y18n from 4.0.0 to 4.0.1 ( #469 )
...
Bumps [y18n](https://github.com/yargs/y18n ) from 4.0.0 to 4.0.1.
- [Release notes](https://github.com/yargs/y18n/releases )
- [Changelog](https://github.com/yargs/y18n/blob/master/CHANGELOG.md )
- [Commits](https://github.com/yargs/y18n/commits )
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-10-13 09:07:05 -05:00
dependabot[bot]
eccf386318
Bump @actions/core from 1.1.3 to 1.2.6 ( #361 )
...
Bumps [@actions/core](https://github.com/actions/toolkit/tree/HEAD/packages/core ) from 1.1.3 to 1.2.6.
- [Release notes](https://github.com/actions/toolkit/releases )
- [Changelog](https://github.com/actions/toolkit/blob/main/packages/core/RELEASES.md )
- [Commits](https://github.com/actions/toolkit/commits/HEAD/packages/core )
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-10-13 08:57:33 -05:00
dependabot[bot]
2bd2911be9
Bump acorn from 5.7.3 to 5.7.4 ( #186 )
...
Bumps [acorn](https://github.com/acornjs/acorn ) from 5.7.3 to 5.7.4.
- [Release notes](https://github.com/acornjs/acorn/releases )
- [Commits](https://github.com/acornjs/acorn/compare/5.7.3...5.7.4 )
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-10-13 08:55:25 -05:00
Brian Cristante
afe4af09a7
Create check-dist.yml ( #566 )
...
* Add check-dist.yml
* Don't need to mv to git diff
* Upload the whole dist/ directory as an artifact
* Update .github/workflows/check-dist.yml
2021-08-17 16:08:22 -04:00
Ross Brodbeck
25a956c84d
Create CODEOWNERS
2021-02-04 12:25:41 -05:00
Johannes Schindelin
5a4ac9002d
Add missing `await`s ( #379 )
...
* auth-helper: properly await replacement of the token value in the config
After writing the `.extraheader` config, we manually replace the token
with the actual value. This is done in an `async` function, but we were
not `await`ing the result.
In our tests, this commit fixes a flakiness we observed where
`remote.origin.url` sometimes (very rarely, actually) is not set for
submodules. Our interpretation is that the configs are in the process of
being rewritten with the correct token value _while_ another `git
config` that wants to set the `insteadOf` value is reading the config,
which is currently empty.
A more idiomatic way to fix this in Typescript would use
`Promise.all()`, like this:
await Promise.all(
configPaths.map(async configPath => {
core.debug(`Replacing token placeholder in '${configPath}'`)
await this.replaceTokenPlaceholder(configPath)
})
)
However, during review of https://github.com/actions/checkout/pull/379
it was decided to keep the `for` loop in the interest of simplicity.
Reported by Ian Lynagh.
Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
* downloadRepository(): await the result of recursive deletions
Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
* Ask ESLint to report floating Promises
This rule is quite helpful in avoiding hard-to-debug missing `await`s.
Note: there are two locations in `src/main.ts` that trigger warnings:
the `run()` and the `cleanup()` function are called without `await` and
without any `.catch()` clause.
In the initial version of https://github.com/actions/checkout/pull/379 ,
this was addressed by adding `.catch()` clauses. However, it was
determined that this is boilerplate code that will need to be fixed in a
broader way.
Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
* Rebuild
This trick was brought to you by `npm ci && npm run build`. Needed to
get the PR build to pass.
Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
2020-11-03 09:44:09 -05:00