Skip to content
This repository has been archived by the owner on Jan 2, 2025. It is now read-only.

Upgrade dependencies to latest versions, clear vulnerabilities #144

Merged
merged 16 commits into from
Oct 16, 2022
Merged

Upgrade dependencies to latest versions, clear vulnerabilities #144

merged 16 commits into from
Oct 16, 2022

Conversation

zteater
Copy link
Contributor

@zteater zteater commented Jun 22, 2022

Upgrade dependencies to latest versions, clear vulnerabilities

  • Bump actions/setup-java from 2.3.1 to 3
  • Bump actions/checkout from 2.3.4 to 3
  • Bump github/codeql-action from 1 to 2
  • Upgrade node, xmldom, and mocha to latest version

dependabot bot and others added 13 commits November 3, 2021 07:01
@dependabot
Bump actions/checkout from 2.3.4 to 2.4.0
393cd12 
Bumps [actions/checkout](https://github.com/actions/checkout) from 2.3.4 to 2.4.0.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](actions/checkout@v2.3.4...v2.4.0)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot
Bump actions/setup-java from 2.3.1 to 2.4.0
9c431c4 
Bumps [actions/setup-java](https://github.com/actions/setup-java) from 2.3.1 to 2.4.0.
- [Release notes](https://github.com/actions/setup-java/releases)
- [Commits](actions/setup-java@v2.3.1...v2.4.0)

---
updated-dependencies:
- dependency-name: actions/setup-java
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@zteater
Merge pull request #132 from whelk-io/dependabot/github_actions/devel…
ee1fbbd 
…op/actions/setup-java-2.4.0

Bump actions/setup-java from 2.3.1 to 2.4.0
@zteater
Merge pull request #131 from whelk-io/dependabot/github_actions/devel…
c01b563 
…op/actions/checkout-2.4.0

Bump actions/checkout from 2.3.4 to 2.4.0
@dependabot
Bump actions/setup-java from 2.4.0 to 2.5.0
eb80d5f 
Bumps [actions/setup-java](https://github.com/actions/setup-java) from 2.4.0 to 2.5.0.
- [Release notes](https://github.com/actions/setup-java/releases)
- [Commits](actions/setup-java@v2.4.0...v2.5.0)

---
updated-dependencies:
- dependency-name: actions/setup-java
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@zteater
Merge pull request #133 from whelk-io/dependabot/github_actions/devel…
ebc6f7f 
…op/actions/setup-java-2.5.0

Bump actions/setup-java from 2.4.0 to 2.5.0
@dependabot
Bump actions/setup-java from 2.5.0 to 3
52c91be 
Bumps [actions/setup-java](https://github.com/actions/setup-java) from 2.5.0 to 3.
- [Release notes](https://github.com/actions/setup-java/releases)
- [Commits](actions/setup-java@v2.5.0...v3)

---
updated-dependencies:
- dependency-name: actions/setup-java
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@zteater
Merge pull request #135 from whelk-io/dependabot/github_actions/devel…
2e1bffb 
…op/actions/setup-java-3

Bump actions/setup-java from 2.5.0 to 3
@dependabot
Bump actions/checkout from 2.4.0 to 3
3ecb1dd 
Bumps [actions/checkout](https://github.com/actions/checkout) from 2.4.0 to 3.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](actions/checkout@v2.4.0...v3)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@zteater
Merge pull request #136 from whelk-io/dependabot/github_actions/devel…
4c6384d 
…op/actions/checkout-3

Bump actions/checkout from 2.4.0 to 3
@dependabot
Bump github/codeql-action from 1 to 2
41570de 
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 1 to 2.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](github/codeql-action@v1...v2)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@zteater
Merge pull request #138 from whelk-io/dependabot/github_actions/devel…
4812d91 
…op/github/codeql-action-2

Bump github/codeql-action from 1 to 2
@zteater @ACN-kck
Upgrade node, xmldom, and mocha to latest version (#142)
befd6ce 
* Upgrade all used github actions to nodejs16
* Fix npm audit issues

Co-authored-by: Kevin Chwalek <kevin.chwalek@accenture.com>
@ACN-kck
Copy link
Contributor

ACN-kck commented Jun 23, 2022

Hopefully done once this is fixed:
xmldom/xmldom#416

@mgerlach
Copy link

Would be good to have this as it also includes the node 16 upgrade... looks like xmldom/xmldom#416 will still take a little while though

@mgerlach mgerlach mentioned this pull request Oct 10, 2022
Closed
@zteater zteater merged commit 554f3ca into main Oct 16, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@zteater @ACN-kck @mgerlach