fix: vulnerabilities #6
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
* Update latest node versions * Update latest node versions * Update test data * Update test data * Update test data * Update test data * Update test data * macos lts failure fix * Update macos-13
* Bump braces from 3.0.2 to 3.0.3 Bumps [braces](https://github.com/micromatch/braces) from 3.0.2 to 3.0.3. - [Changelog](https://github.com/micromatch/braces/blob/master/CHANGELOG.md) - [Commits](micromatch/braces@3.0.2...3.0.3) --- updated-dependencies: - dependency-name: braces dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> * Bump undici from 5.28.3 to 5.28.4 --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: HarithaVattikuti <73516759+HarithaVattikuti@users.noreply.github.com>
* first commit on using setup node * Delete .github/workflows/helloWorld.yml * Create main.yml * Rename main.yml to helloworld.yml * goodbye world added * name changed to goodbye * updated README --------- Co-authored-by: Suyash Gaonkar <39784472+suyashrg18@users.noreply.github.com>
* Add condition to ensure ZIP extraction targets only Windows ARM64 official archives * Bumps micromatch from 4.0.5 to 4.0.8
Add workflow file for publishing releases to immutable action package
* db-alerts-fix * npm run format * db-alert-fix * failure check fix * check- filaure fix
Upgrade IA Publish
* fix: add arch to cached path * fix: change from using env to os module * fix: use process.env.RUNNER_OS instead of os.platform() * fix: remove unused var
…to 0.3.0 (actions#1174) * Update versions.yml * Update versions.yml * ubuntu-24, macos-13 updates * check -failure fix
…ons#1191) * upgrade `@actions/cache` to `^4.0.0` * Review licenses & update types * updated package-lock.json
Bumps [pnpm/action-setup](https://github.com/pnpm/action-setup) from 2 to 4. - [Release notes](https://github.com/pnpm/action-setup/releases) - [Commits](pnpm/action-setup@v2...v4) --- updated-dependencies: - dependency-name: pnpm/action-setup dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [actions/publish-immutable-action](https://github.com/actions/publish-immutable-action) from 0.0.3 to 0.0.4. - [Release notes](https://github.com/actions/publish-immutable-action/releases) - [Commits](actions/publish-immutable-action@0.0.3...v0.0.4) --- updated-dependencies: - dependency-name: actions/publish-immutable-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Bump semver from 7.6.0 to 7.6.3 Bumps [semver](https://github.com/npm/node-semver) from 7.6.0 to 7.6.3. - [Release notes](https://github.com/npm/node-semver/releases) - [Changelog](https://github.com/npm/node-semver/blob/main/CHANGELOG.md) - [Commits](npm/node-semver@v7.6.0...v7.6.3) --- updated-dependencies: - dependency-name: semver dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * fix for check-dist & license check failures --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Aparna Jyothi <aparnajyothi-y@github.com>
Bumps [@types/jest](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/jest) from 29.5.12 to 29.5.14. - [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases) - [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/jest) --- updated-dependencies: - dependency-name: "@types/jest" dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Bump undici from 5.28.4 to 5.28.5 Bumps [undici](https://github.com/nodejs/undici) from 5.28.4 to 5.28.5. - [Release notes](https://github.com/nodejs/undici/releases) - [Commits](nodejs/undici@v5.28.4...v5.28.5) --- updated-dependencies: - dependency-name: undici dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> * fix for check-dist and license failures * npm run updates --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Aparna Jyothi <aparnajyothi-y@github.com>
* Bump @actions/glob from 0.4.0 to 0.5.0 Bumps [@actions/glob](https://github.com/actions/toolkit/tree/HEAD/packages/glob) from 0.4.0 to 0.5.0. - [Changelog](https://github.com/actions/toolkit/blob/main/packages/glob/RELEASES.md) - [Commits](https://github.com/actions/toolkit/commits/HEAD/packages/glob) --- updated-dependencies: - dependency-name: "@actions/glob" dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * fix for check-dist and license failures --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Aparna Jyothi <aparnajyothi-y@github.com>
Co-authored-by: “gowridurgad” <“hgowridurgad@github.com>
* Bump @vercel/ncc from 0.38.1 to 0.38.3 Bumps [@vercel/ncc](https://github.com/vercel/ncc) from 0.38.1 to 0.38.3. - [Release notes](https://github.com/vercel/ncc/releases) - [Commits](vercel/ncc@0.38.1...0.38.3) --- updated-dependencies: - dependency-name: "@vercel/ncc" dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * fix for check failures --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Aparna Jyothi <aparnajyothi-y@github.com>
* Bump @actions/tool-cache from 2.0.1 to 2.0.2 Bumps [@actions/tool-cache](https://github.com/actions/toolkit/tree/HEAD/packages/tool-cache) from 2.0.1 to 2.0.2. - [Changelog](https://github.com/actions/toolkit/blob/main/packages/tool-cache/RELEASES.md) - [Commits](https://github.com/actions/toolkit/commits/HEAD/packages/tool-cache) --- updated-dependencies: - dependency-name: "@actions/tool-cache" dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * check failures fix --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Aparna Jyothi <aparnajyothi-y@github.com>
* feat: support private mirrors * chore: change fallback message with mirrors
* Update versions.yml * Update versions.yml * actions/cache upgrade to 4.0.3 * events update * npm audit fix revert * npm adit fix revert
* Bump @octokit/request-error and @actions/github Bumps [@octokit/request-error](https://github.com/octokit/request-error.js) to 5.1.1 and updates ancestor dependency [@actions/github](https://github.com/actions/toolkit/tree/HEAD/packages/github). These dependencies need to be updated together. Updates `@octokit/request-error` from 2.1.0 to 5.1.1 - [Release notes](https://github.com/octokit/request-error.js/releases) - [Commits](octokit/request-error.js@v2.1.0...v5.1.1) Updates `@actions/github` from 5.1.1 to 6.0.0 - [Changelog](https://github.com/actions/toolkit/blob/main/packages/github/RELEASES.md) - [Commits](https://github.com/actions/toolkit/commits/HEAD/packages/github) --- updated-dependencies: - dependency-name: "@octokit/request-error" dependency-type: indirect - dependency-name: "@actions/github" dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> * Fix failures --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: HarithaVattikuti <73516759+HarithaVattikuti@users.noreply.github.com>
* Bump uuid from 9.0.1 to 11.1.0 Bumps [uuid](https://github.com/uuidjs/uuid) from 9.0.1 to 11.1.0. - [Release notes](https://github.com/uuidjs/uuid/releases) - [Changelog](https://github.com/uuidjs/uuid/blob/main/CHANGELOG.md) - [Commits](uuidjs/uuid@v9.0.1...v11.1.0) --- updated-dependencies: - dependency-name: uuid dependency-version: 11.1.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> * Bump uuid from 9.0.1 to 11.1.0 Bumps [uuid](https://github.com/uuidjs/uuid) from 9.0.1 to 11.1.0. - [Release notes](https://github.com/uuidjs/uuid/releases) - [Changelog](https://github.com/uuidjs/uuid/blob/main/CHANGELOG.md) - [Commits](uuidjs/uuid@v9.0.1...v11.1.0) --- updated-dependencies: - dependency-name: uuid dependency-version: 11.1.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> * Fix failures --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: HarithaVattikuti <73516759+HarithaVattikuti@users.noreply.github.com>
mjd3
approved these changes
Jul 23, 2025
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description:
Describe your changes.
Related issue:
Add link to the related issue.
Check list: