fix: 🐛 security fix for fetch dependency

see GHSA-r683-j2x4-v87g
ng-apimock · Jan 15, 2023 · 81d6d90 · 81d6d90
1 parent 8e0b69a
commit 81d6d90
Show file tree

Hide file tree

Showing 7 changed files with 1,968 additions and 2,458 deletions.
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -12,24 +12,23 @@ jobs:
       fail-fast: true
       matrix:
         node_version:
-          - 14
-          - 16
+          - 18
         os:
           - ubuntu-latest
           - macOS-latest
           - windows-latest
         architecture:
           - x64
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v3
       - name: Setup node ${{ matrix.node_version }} - ${{ matrix.architecture }} on ${{ matrix.os }}
-        uses: actions/setup-node@v2
+        uses: actions/setup-node@v3
         with:
           node-version: ${{ matrix.node_version }}
           architecture: ${{ matrix.architecture }}
           registry-url: https://registry.npmjs.org
       - name: Cache
-        uses: actions/cache@v2
+        uses: actions/cache@v3
         with:
           path: '**/node_modules'
           key: ${{ runner.os }}-modules-${{ hashFiles('**/yarn.lock') }}

diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
@@ -38,7 +38,7 @@ jobs:
 
     steps:
     - name: Checkout repository
-      uses: actions/checkout@v2
+      uses: actions/checkout@v3
 
     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL
@@ -53,7 +53,7 @@ jobs:
     # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
     # If this step fails, then you should remove it and run the build manually (see below)
     - name: Autobuild
-      uses: github/codeql-action/autobuild@v1
+      uses: github/codeql-action/autobuild@v2
 
     # ℹ️ Command-line programs to run using the OS shell.
     # 📚 https://git.io/JvXDl
@@ -67,4 +67,4 @@ jobs:
     #   make release
 
     - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v1
+      uses: github/codeql-action/analyze@v2
diff --git a/.github/workflows/integration.yml b/.github/workflows/integration.yml
@@ -11,12 +11,12 @@ jobs:
   test:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v3
         with:
           fetch-depth: 0
-      - uses: actions/setup-node@v2
+      - uses: actions/setup-node@v3
         with:
-          node-version: 14
+          node-version: 18
           registry-url: https://registry.npmjs.org
       - name: install
         run: yarn install --frozen-lockfile

diff --git a/.github/workflows/qa.yml b/.github/workflows/qa.yml
@@ -11,12 +11,12 @@ jobs:
   sonarcloud:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v3
         with:
           fetch-depth: 0
-      - uses: actions/setup-node@v2
+      - uses: actions/setup-node@v3
         with:
-          node-version: 14
+          node-version: 18
           registry-url: https://registry.npmjs.org
       - name: install
         run: yarn install --frozen-lockfile

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -9,12 +9,12 @@ jobs:
   publish:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v3
         with:
           fetch-depth: 0
-      - uses: actions/setup-node@v2
+      - uses: actions/setup-node@v3
         with:
-          node-version: 14
+          node-version: 18
           registry-url: https://registry.npmjs.org
       - name: install
         run: yarn install --frozen-lockfile

diff --git a/package.json b/package.json
@@ -44,45 +44,45 @@
     "angularjs"
   ],
   "devDependencies": {
-    "@commitlint/cli": "17.3.0",
-    "@commitlint/config-conventional": "17.3.0",
-    "@ng-apimock/core": "3.6.0",
-    "@ng-apimock/test-application": "3.5.1",
+    "@commitlint/cli": "17.4.2",
+    "@commitlint/config-conventional": "17.4.2",
+    "@ng-apimock/core": "3.6.1",
+    "@ng-apimock/test-application": "3.5.2",
     "@semantic-release/changelog": "6.0.2",
     "@semantic-release/commit-analyzer": "9.0.2",
     "@semantic-release/git": "10.0.1",
     "@semantic-release/github": "8.0.7",
-    "@semantic-release/npm": "9.0.1",
+    "@semantic-release/npm": "9.0.2",
     "@semantic-release/release-notes-generator": "10.0.3",
     "@types/cucumber": "6.0.1",
-    "@types/fs-extra": "9.0.13",
-    "@types/jest": "29.2.4",
-    "@typescript-eslint/eslint-plugin": "5.46.0",
-    "@typescript-eslint/parser": "5.46.0",
+    "@types/fs-extra": "11.0.1",
+    "@types/jest": "29.2.5",
+    "@typescript-eslint/eslint-plugin": "5.48.1",
+    "@typescript-eslint/parser": "5.48.1",
     "commitizen": "4.2.6",
     "cucumber": "6.0.7",
-    "eslint": "8.29.0",
+    "eslint": "8.32.0",
     "eslint-config-airbnb-base": "15.0.0",
-    "eslint-plugin-import": "2.26.0",
-    "eslint-plugin-jest": "27.1.6",
+    "eslint-plugin-import": "2.27.4",
+    "eslint-plugin-jest": "27.2.1",
     "express": "4.18.2",
     "fs-extra": "11.1.0",
     "http-proxy-middleware": "2.0.6",
-    "husky": "8.0.2",
+    "husky": "8.0.3",
     "jest": "29.3.1",
     "jest-matchers": "20.0.3",
     "lint-staged": "13.1.0",
     "protractor": "7.0.0",
-    "protractor-cucumber-framework": "8.4.4",
-    "rimraf": "3.0.2",
-    "semantic-release": "19.0.5",
-    "ts-jest": "29.0.3",
+    "protractor-cucumber-framework": "9.0.0",
+    "rimraf": "4.0.6",
+    "semantic-release": "20.0.2",
+    "ts-jest": "29.0.5",
     "ts-node": "10.9.1",
     "typescript": "4.9.4",
-    "wait-on": "6.0.1"
+    "wait-on": "7.0.1"
   },
   "dependencies": {
-    "@ng-apimock/base-client": "3.3.0"
+    "@ng-apimock/base-client": "3.3.1"
   },
   "peerDependencies": {
     "protractor": ">=6.x"