8000 NPM Audit Fixes by GhadimiR · Pull Request #2043 · actions/toolkit · GitHub
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content

NPM Audit Fixes #2043

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 4 commits into from
May 7, 2025
Merged

NPM Audit Fixes #2043

merged 4 commits into from
May 7, 2025
+171 −83

Conversation

GhadimiR
Copy link
Contributor
@GhadimiR GhadimiR commented May 7, 2025
edited
Loading

Toolkit audit is failing due to some vulnerabilities in dependencies. This PR updates the dependencies to fix the vulnerabilities, starting with github, which we'll need to release to address the vulnerabilities in the other packages that depend on it.

@Copilot Copilot AI review requested due to automatic review settings May 7, 2025 09:16
@GhadimiR GhadimiR requested a review from a team as a code owner May 7, 2025 09:16
Copilot
Copilot AI reviewed May 7, 2025
View reviewed changes
Copy link
@Copilot Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

Updates dependency versions in packages/artifact/package.json to resolve audit vulnerabilities.

  • Bumped @actions/github from ^5.1.1 to ^6.0.0
  • Bumped @octokit/core from ^3.5.1 to ^5.2.1 and added @octokit/plugin-paginate-rest
  • Bumped @octokit/request-error from ^5.0.0 to ^5.1.1
Files not reviewed (1)
  • packages/artifact/package-lock.json: Language not supported
Comments suppressed due to low confidence (4)

packages/artifact/package.json:44

  • Since this is a major version bump with potential breaking changes, add or update tests for workflows using @actions/github to ensure compatibility.
"@actions/github": "^6.0.0"

packages/artifact/package.json:47

  • This major version bump may include breaking changes; verify and add tests for Octokit API calls accordingly.
"@octokit/core": "^5.2.1"

packages/artifact/package.json:48

  • New pagination plugin added—ensure you include tests for paginated API endpoints to validate correct behavior.
"@octokit/plugin-paginate-rest": "^9.2.2"

packages/artifact/package.json:51

  • Update tests around error handling to cover any changes introduced in @octokit/request-error v5.1.1.
"@octokit/request-error": "^5.1.1"

@GhadimiR GhadimiR requested a review from a team as a code owner May 7, 2025 09:37
@GhadimiR GhadimiR force-pushed the ghadimir/audit_fix branch from 6acd85a to 2b47632 Compare May 7, 2025 11:05
thboop
thboop approved these changes May 7, 2025
View reviewed changes
Copy link
Collaborator
@thboop thboop left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm

@GhadimiR GhadimiR merged commit ef199a9 into main May 7, 2025
16 of 17 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@joshmgross joshmgross joshmgross approved these changes

Copilot code review Copilot Copilot left review comments

@robherley robherley robherley approved these changes

@thboop thboop thboop approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@GhadimiR @joshmgross @robherley @thboop
0