From fb03d2041ca1cff2a0079af27cafe8d9a02d19f4 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Sun, 14 Aug 2022 19:21:28 +0000 Subject: [PATCH] fix: package.json & package-lock.json to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-ACTIONSCORE-2980270 --- package-lock.json | 55 ++++++++++++++++++++++++++++++++++------------- package.json | 2 +- 2 files changed, 41 insertions(+), 16 deletions(-) diff --git a/package-lock.json b/package-lock.json index 41ad0adf1d..5b7089cb43 100644 --- a/package-lock.json +++ b/package-lock.json @@ -6,11 +6,11 @@ "packages": { "": { "name": "codeql", - "version": "1.0.1", + "version": "1.0.3", "license": "MIT", "dependencies": { "@actions/artifact": "^0.5.1", - "@actions/core": "^1.2.6", + "@actions/core": "^1.9.1", "@actions/exec": "^1.0.1", "@actions/github": "^4.0.0", "@actions/http-client": "^1.0.8", @@ -77,8 +77,21 @@ } }, "node_modules/@actions/core": { - "version": "1.2.6", - "license": "MIT" + "version": "1.9.1", + "resolved": "https://registry.npmjs.org/@actions/core/-/core-1.9.1.tgz", + "integrity": "sha512-5ad+U2YGrmmiw6du20AQW5XuWo7UKN2052FjSV7MX+Wfjf8sCqcsZe62NfgHys4QI4/Y+vQvLKYL8jWtA1ZBTA==", + "dependencies": { + "@actions/http-client": "^2.0.1", + "uuid": "^8.3.2" + } + }, + "node_modules/@actions/core/node_modules/@actions/http-client": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/@actions/http-client/-/http-client-2.0.1.tgz", + "integrity": "sha512-PIXiMVtz6VvyaRsGY268qvj57hXQEpsYogYOu2nrQhlf+XCGmZstmuZBbAybUl1nQGnvS1k1eEsQ69ZoD7xlSw==", + "dependencies": { + "tunnel": "^0.0.6" + } }, "node_modules/@actions/exec": { "version": "1.0.1", @@ -124,10 +137,6 @@ "uuid": "^3.3.2" } }, - "node_modules/@actions/tool-cache/node_modules/@actions/core": { - "version": "1.2.4", - "license": "MIT" - }, "node_modules/@actions/tool-cache/node_modules/semver": { "version": "6.3.0", "license": "ISC", @@ -5331,8 +5340,9 @@ } }, "node_modules/uuid": { - "version": "8.3.0", - "license": "MIT", + "version": "8.3.2", + "resolved": "https://registry.npmjs.org/uuid/-/uuid-8.3.2.tgz", + "integrity": "sha512-+NYs2QeMWy+GWFOEm9xnn6HCDp0l7QBD7ml8zLUmJ+93Q5NF0NocErnwkTkXVFNiX3/fpC6afS8Dhb/gz7R7eg==", "bin": { "uuid": "dist/bin/uuid" } @@ -5534,7 +5544,23 @@ } }, "@actions/core": { - "version": "1.2.6" + "version": "1.9.1", + "resolved": "https://registry.npmjs.org/@actions/core/-/core-1.9.1.tgz", + "integrity": "sha512-5ad+U2YGrmmiw6du20AQW5XuWo7UKN2052FjSV7MX+Wfjf8sCqcsZe62NfgHys4QI4/Y+vQvLKYL8jWtA1ZBTA==", + "requires": { + "@actions/http-client": "^2.0.1", + "uuid": "^8.3.2" + }, + "dependencies": { + "@actions/http-client": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/@actions/http-client/-/http-client-2.0.1.tgz", + "integrity": "sha512-PIXiMVtz6VvyaRsGY268qvj57hXQEpsYogYOu2nrQhlf+XCGmZstmuZBbAybUl1nQGnvS1k1eEsQ69ZoD7xlSw==", + "requires": { + "tunnel": "^0.0.6" + } + } + } }, "@actions/exec": { "version": "1.0.1" @@ -5573,9 +5599,6 @@ "uuid": "^3.3.2" }, "dependencies": { - "@actions/core": { - "version": "1.2.4" - }, "semver": { "version": "6.3.0" }, @@ -8946,7 +8969,9 @@ } }, "uuid": { - "version": "8.3.0" + "version": "8.3.2", + "resolved": "https://registry.npmjs.org/uuid/-/uuid-8.3.2.tgz", + "integrity": "sha512-+NYs2QeMWy+GWFOEm9xnn6HCDp0l7QBD7ml8zLUmJ+93Q5NF0NocErnwkTkXVFNiX3/fpC6afS8Dhb/gz7R7eg==" }, "v8-compile-cache": { "version": "2.1.1", diff --git a/package.json b/package.json index 9eb0643462..128b731e1a 100644 --- a/package.json +++ b/package.json @@ -22,7 +22,7 @@ "license": "MIT", "dependencies": { "@actions/artifact": "^0.5.1", - "@actions/core": "^1.2.6", + "@actions/core": "^1.9.1", "@actions/exec": "^1.0.1", "@actions/github": "^4.0.0", "@actions/http-client": "^1.0.8",