From bbb68381a9b1559e3fe116704d934bdfd3ab6059 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Sun, 14 Aug 2022 22:13:57 +0000 Subject: [PATCH] fix: package.json & package-lock.json to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-ACTIONSCORE-2980270 --- package-lock.json | 25 ++++++++++++++++++++++--- package.json | 2 +- 2 files changed, 23 insertions(+), 4 deletions(-) diff --git a/package-lock.json b/package-lock.json index 46591227..1e8a1f65 100644 --- a/package-lock.json +++ b/package-lock.json @@ -5,9 +5,28 @@ "requires": true, "dependencies": { "@actions/core": { - "version": "1.2.4", - "resolved": "https://registry.npmjs.org/@actions/core/-/core-1.2.4.tgz", - "integrity": "sha512-YJCEq8BE3CdN8+7HPZ/4DxJjk/OkZV2FFIf+DlZTC/4iBlzYCD5yjRR6eiOS5llO11zbRltIRuKAjMKaWTE6cg==" + "version": "1.9.1", + "resolved": "https://registry.npmjs.org/@actions/core/-/core-1.9.1.tgz", + "integrity": "sha512-5ad+U2YGrmmiw6du20AQW5XuWo7UKN2052FjSV7MX+Wfjf8sCqcsZe62NfgHys4QI4/Y+vQvLKYL8jWtA1ZBTA==", + "requires": { + "@actions/http-client": "^2.0.1", + "uuid": "^8.3.2" + }, + "dependencies": { + "@actions/http-client": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/@actions/http-client/-/http-client-2.0.1.tgz", + "integrity": "sha512-PIXiMVtz6VvyaRsGY268qvj57hXQEpsYogYOu2nrQhlf+XCGmZstmuZBbAybUl1nQGnvS1k1eEsQ69ZoD7xlSw==", + "requires": { + "tunnel": "^0.0.6" + } + }, + "uuid": { + "version": "8.3.2", + "resolved": "https://registry.npmjs.org/uuid/-/uuid-8.3.2.tgz", + "integrity": "sha512-+NYs2QeMWy+GWFOEm9xnn6HCDp0l7QBD7ml8zLUmJ+93Q5NF0NocErnwkTkXVFNiX3/fpC6afS8Dhb/gz7R7eg==" + } + } }, "@actions/github": { "version": "4.0.0", diff --git a/package.json b/package.json index c787cab2..a2ff9a48 100644 --- a/package.json +++ b/package.json @@ -35,7 +35,7 @@ } }, "dependencies": { - "@actions/core": "^1.2.4", + "@actions/core": "^1.9.1", "@actions/github": "^4.0.0", "@actions/io": "^1.0.2", "@octokit/core": "^3.1.2",