Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

deps: upgrading @actions/github to 6.0.0 #65

Merged
merged 6 commits into from
Jun 24, 2024
Merged

deps: upgrading @actions/github to 6.0.0 #65

merged 6 commits into from
Jun 24, 2024

Conversation

shmam
Copy link
Contributor

@shmam shmam commented Jun 21, 2024

Summary

Upgrading @actions/github to this latest major version to address the lodash dependency vuln required a rewrite of how we used the client. It also required introducing babel to transform the dependency @octokit/core in order to run tests. Mocking has to be completely re-done as well to account for the new ways that octokit was using built-in fetch.

References

hashtagchris
hashtagchris reviewed Jun 21, 2024
View reviewed changes
Copy link

@hashtagchris hashtagchris left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Despite it passing, the build CI has some interesting warnings about mocks not being called:

/~https://github.com/npm/action-deploy/actions/runs/9619410439/job/26535455926?pr=65

If we decide to continue to maintain this public action, we should possibly add a .nvmrc file and have the build job call setup-node.

hashtagchris
hashtagchris approved these changes Jun 24, 2024
View reviewed changes
Copy link

@hashtagchris hashtagchris left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

@shmam shmam merged commit a32db49 into master Jun 24, 2024
4 checks passed
@shmam shmam deleted the deps/upgrade-lodash-set-vuln branch June 24, 2024 18:03
This was referenced Jun 24, 2024
Closed
Merged
shmam added a commit to npm/action-deployment-notifications that referenced this pull request Jun 25, 2024
@shmam @jpg619
deps: sync dependency update changes from fork action-deploy (#4)
ec260b2 
* fix dependabot alerts (npm#57)

* nock 13.5.1

* Revert "nock 13.5.1"

This reverts commit dd1d7ad.

* mock commit

* Revert "mock commit"

This reverts commit 10c7bab.

* @zeit/ncc replaced by @vercel/ncc

* nock 13.5.4

* typescript 3.9.7

* ts-standard 12.0.2

* ts-jest 26.5.6

* @types/node 17.0.41

* @types/jest 27.4.1

* @typescript-eslint/parser 7.1.1

* @types/sinon 17.0.3

* js-yaml 4.1.0

* @types/node and typescript

* jest 26.6.3

* typescript code cleanup

* jest and related

* jest 28.1.3

* jest-circus and sinon

* typescript 4.9.5

* @slack/web-api 7.0.2

* @actions/core 1.6.0

* reverting console.error

* version bump

* deps: upgrading `@actions/github` to 6.0.0  (npm#65)

* deps: upgrading @actions/github to 6.0.0 which included a pretty big re-write

* 2.6.0

* updating dist

* fix: pre version bump

* 2.6.0

---------

Co-authored-by: Jithin Prabhakaran Girija <141764922+jpg619@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@hashtagchris hashtagchris hashtagchris approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@shmam @hashtagchris