From 040bfe5512767b0f3e36636998c3f17ee572e4ea Mon Sep 17 00:00:00 2001 From: JanSzewczyk Date: Mon, 27 May 2024 20:54:59 +0200 Subject: [PATCH] fix(deps): update packages --- .github/workflows/codeql.yml | 39 +++++++++++ .github/workflows/pr-check.yml | 14 ++++ package-lock.json | 119 ++++++++++++++++++++++++++++++--- package.json | 2 +- 4 files changed, 163 insertions(+), 11 deletions(-) create mode 100644 .github/workflows/codeql.yml diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml new file mode 100644 index 0000000..f7c44b5 --- /dev/null +++ b/.github/workflows/codeql.yml @@ -0,0 +1,39 @@ +name: "CodeQL" + +on: + push: + branches: ["main"] + pull_request: + branches: ["main"] + schedule: + - cron: "37 21 * * 0" + +jobs: + analyze: + name: Analyze (${{ matrix.language }}) + runs-on: ${{ (matrix.language == 'swift' && 'macos-latest') || 'ubuntu-latest' }} + timeout-minutes: ${{ (matrix.language == 'swift' && 120) || 360 }} + permissions: + security-events: write + packages: read + actions: read + contents: read + strategy: + fail-fast: false + matrix: + include: + - language: javascript-typescript + build-mode: none + steps: + - name: Checkout repository + uses: actions/checkout@v4 + - name: Initialize CodeQL + uses: github/codeql-action/init@v3 + with: + languages: ${{ matrix.language }} + build-mode: ${{ matrix.build-mode }} + queries: security-extended + - name: Perform CodeQL Analysis + uses: github/codeql-action/analyze@v3 + with: + category: "/language:${{matrix.language}}" diff --git a/.github/workflows/pr-check.yml b/.github/workflows/pr-check.yml index 3f4ecd3..6d09c2c 100644 --- a/.github/workflows/pr-check.yml +++ b/.github/workflows/pr-check.yml @@ -23,3 +23,17 @@ jobs: run: npm ci - name: Prettier Check ๐Ÿงน run: npm run prettier:check + + dependency-review: + name: Dependency Review + runs-on: ubuntu-latest + permissions: + contents: read + pull-requests: write + steps: + - name: Checkout code ๐Ÿ“š + uses: actions/checkout@v4 + - name: Dependency Review + uses: actions/dependency-review-action@v4 + with: + comment-summary-in-pr: on-failure diff --git a/package-lock.json b/package-lock.json index 867049e..5cfb1df 100644 --- a/package-lock.json +++ b/package-lock.json @@ -13,7 +13,7 @@ "prettier-plugin-tailwindcss": "^0.5.14" }, "devDependencies": { - "@szum-tech/semantic-release-preset": "^1.5.5", + "@szum-tech/semantic-release-preset": "^1.5.6", "@types/prettier": "^3.0.0", "@types/semantic-release": "^20.0.6", "prettier": "^3.2.5", @@ -573,14 +573,14 @@ } }, "node_modules/@semantic-release/npm": { - "version": "12.0.0", - "resolved": "https://registry.npmjs.org/@semantic-release/npm/-/npm-12.0.0.tgz", - "integrity": "sha512-72TVYQCH9NvVsO/y13eF8vE4bNnfls518+4KcFwJUKi7AtA/ZXoNgSg9gTTfw5eMZMkiH0izUrpGXgZE/cSQhA==", + "version": "12.0.1", + "resolved": "https://registry.npmjs.org/@semantic-release/npm/-/npm-12.0.1.tgz", + "integrity": "sha512-/6nntGSUGK2aTOI0rHPwY3ZjgY9FkXmEHbW9Kr+62NVOsyqpKKeP0lrCH+tphv+EsNdJNmqqwijTEnVWUMQ2Nw==", "dev": true, "dependencies": { "@semantic-release/error": "^4.0.0", "aggregate-error": "^5.0.0", - "execa": "^8.0.0", + "execa": "^9.0.0", "fs-extra": "^11.0.0", "lodash-es": "^4.17.21", "nerf-dart": "^1.0.0", @@ -608,6 +608,105 @@ "node": ">=18" } }, + "node_modules/@semantic-release/npm/node_modules/@sindresorhus/merge-streams": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/@sindresorhus/merge-streams/-/merge-streams-4.0.0.tgz", + "integrity": "sha512-tlqY9xq5ukxTUZBmoOp+m61cqwQD5pHJtFY3Mn8CA8ps6yghLH/Hw8UPdqg4OLmFW3IFlcXnQNmo/dh8HzXYIQ==", + "dev": true, + "engines": { + "node": ">=18" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/@semantic-release/npm/node_modules/execa": { + "version": "9.1.0", + "resolved": "https://registry.npmjs.org/execa/-/execa-9.1.0.tgz", + "integrity": "sha512-lSgHc4Elo2m6bUDhc3Hl/VxvUDJdQWI40RZ4KMY9bKRc+hgMOT7II/JjbNDhI8VnMtrCb7U/fhpJIkLORZozWw==", + "dev": true, + "dependencies": { + "@sindresorhus/merge-streams": "^4.0.0", + "cross-spawn": "^7.0.3", + "figures": "^6.1.0", + "get-stream": "^9.0.0", + "human-signals": "^7.0.0", + "is-plain-obj": "^4.1.0", + "is-stream": "^4.0.1", + "npm-run-path": "^5.2.0", + "pretty-ms": "^9.0.0", + "signal-exit": "^4.1.0", + "strip-final-newline": "^4.0.0", + "yoctocolors": "^2.0.0" + }, + "engines": { + "node": ">=18" + }, + "funding": { + "url": "https://github.com/sindresorhus/execa?sponsor=1" + } + }, + "node_modules/@semantic-release/npm/node_modules/get-stream": { + "version": "9.0.1", + "resolved": "https://registry.npmjs.org/get-stream/-/get-stream-9.0.1.tgz", + "integrity": "sha512-kVCxPF3vQM/N0B1PmoqVUqgHP+EeVjmZSQn+1oCRPxd2P21P2F19lIgbR3HBosbB1PUhOAoctJnfEn2GbN2eZA==", + "dev": true, + "dependencies": { + "@sec-ant/readable-stream": "^0.4.1", + "is-stream": "^4.0.1" + }, + "engines": { + "node": ">=18" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/@semantic-release/npm/node_modules/human-signals": { + "version": "7.0.0", + "resolved": "https://registry.npmjs.org/human-signals/-/human-signals-7.0.0.tgz", + "integrity": "sha512-74kytxOUSvNbjrT9KisAbaTZ/eJwD/LrbM/kh5j0IhPuJzwuA19dWvniFGwBzN9rVjg+O/e+F310PjObDXS+9Q==", + "dev": true, + "engines": { + "node": ">=18.18.0" + } + }, + "node_modules/@semantic-release/npm/node_modules/is-stream": { + "version": "4.0.1", + "resolved": "https://registry.npmjs.org/is-stream/-/is-stream-4.0.1.tgz", + "integrity": "sha512-Dnz92NInDqYckGEUJv689RbRiTSEHCQ7wOVeALbkOz999YpqT46yMRIGtSNl2iCL1waAZSx40+h59NV/EwzV/A==", + "dev": true, + "engines": { + "node": ">=18" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/@semantic-release/npm/node_modules/signal-exit": { + "version": "4.1.0", + "resolved": "https://registry.npmjs.org/signal-exit/-/signal-exit-4.1.0.tgz", + "integrity": "sha512-bzyZ1e88w9O1iNJbKnOlvYTrWPDl46O1bG0D3XInv+9tkPrxrN8jUUTiFlDkkmKWgn1M6CfIA13SuGqOa9Korw==", + "dev": true, + "engines": { + "node": ">=14" + }, + "funding": { + "url": "https://github.com/sponsors/isaacs" + } + }, + "node_modules/@semantic-release/npm/node_modules/strip-final-newline": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/strip-final-newline/-/strip-final-newline-4.0.0.tgz", + "integrity": "sha512-aulFJcD6YK8V1G7iRB5tigAP4TsHBZZrOV8pjV++zdUwmeV8uzbY7yn6h9MswN62adStNZFuCIx4haBnRuMDaw==", + "dev": true, + "engines": { + "node": ">=18" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, "node_modules/@semantic-release/release-notes-generator": { "version": "13.0.0", "resolved": "https://registry.npmjs.org/@semantic-release/release-notes-generator/-/release-notes-generator-13.0.0.tgz", @@ -669,23 +768,23 @@ } }, "node_modules/@szum-tech/semantic-release-preset": { - "version": "1.5.5", - "resolved": "https://registry.npmjs.org/@szum-tech/semantic-release-preset/-/semantic-release-preset-1.5.5.tgz", - "integrity": "sha512-b5qgRWzrEjj4ALGbTIOpVYBZycYtKSm+9lA3xeTuiUxosgx+t2SIQYzHR5fiD0Xfg8w4ECzkt7znj3uxiXrnsg==", + "version": "1.5.6", + "resolved": "https://registry.npmjs.org/@szum-tech/semantic-release-preset/-/semantic-release-preset-1.5.6.tgz", + "integrity": "sha512-vLpws5EqhEpqr+UAe4mrawdVx/M0if3DkQ+TfKlD/VSFkCUAGPeCCh+c04sq/F2r+d5iCoAJRn8vx1zQ5lPBJA==", "dev": true, "dependencies": { "@semantic-release/changelog": "^6.0.3", "@semantic-release/commit-analyzer": "^12.0.0", "@semantic-release/git": "^10.0.1", "@semantic-release/github": "^10.0.3", - "@semantic-release/npm": "^12.0.0", + "@semantic-release/npm": "^12.0.1", "@semantic-release/release-notes-generator": "^13.0.0" }, "engines": { "node": ">=18" }, "peerDependencies": { - "semantic-release": "^23.0.8" + "semantic-release": "^23.1.1" } }, "node_modules/@types/node": { diff --git a/package.json b/package.json index 43b0b62..b04bb33 100644 --- a/package.json +++ b/package.json @@ -32,7 +32,7 @@ "prettier-plugin-tailwindcss": "^0.5.14" }, "devDependencies": { - "@szum-tech/semantic-release-preset": "^1.5.5", + "@szum-tech/semantic-release-preset": "^1.5.6", "@types/prettier": "^3.0.0", "@types/semantic-release": "^20.0.6", "prettier": "^3.2.5",