Merge branch 'main' into ci-ubuntu-runner

ericcornelissen · Sep 8, 2024 · 12f8a78 · 12f8a78
2 parents 274278d + 23eb7bf
commit 12f8a78
Show file tree

Hide file tree

Showing 16 changed files with 2,641 additions and 1,553 deletions.
diff --git a/.github/workflows/checks.yml b/.github/workflows/checks.yml
@@ -30,12 +30,12 @@ jobs:
       - name: Checkout repository
         uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@4fa2a7953630fd2f3fb380f21be14ede0169dd4f # v3.25.12
+        uses: github/codeql-action/init@4dd16135b69a43b6c8efb853346f8437d92d3c93 # v3.26.6
         with:
           config-file: ./.github/codeql.yml
           languages: javascript
       - name: Perform CodeQL analysis
-        uses: github/codeql-action/analyze@4fa2a7953630fd2f3fb380f21be14ede0169dd4f # v3.25.12
+        uses: github/codeql-action/analyze@4dd16135b69a43b6c8efb853346f8437d92d3c93 # v3.26.6
   format:
     name: Formatting
     runs-on: ubuntu-24.04
@@ -396,7 +396,7 @@ jobs:
       - name: Run mutation tests
         run: npm run mutation:unit
       - name: Upload mutation report
-        uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4.3.4
+        uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0
         if: ${{ failure() || success() }}
         with:
           name: mutation-unit-report
@@ -447,7 +447,7 @@ jobs:
       - name: Run mutation tests
         run: npm run mutation:integration
       - name: Upload mutation report
-        uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4.3.4
+        uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0
         if: ${{ failure() || success() }}
         with:
           name: mutation-integration-report

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -59,7 +59,7 @@ jobs:
       - name: Update CHANGELOG
         run: node script/release/bump-changelog.js
       - name: Create Pull Request
-        uses: peter-evans/create-pull-request@6d6857d36972b65feb161a90e484f2984215f83e # v6.0.5
+        uses: peter-evans/create-pull-request@4320041ed380b20e97d388d56a7fb4f9b8c20e79 # v7.0.0
         with:
           token: ${{ steps.automation-token.outputs.token }}
           title: New ${{ github.event.inputs.update_type }} release

diff --git a/.github/workflows/reusable-fuzz.yml b/.github/workflows/reusable-fuzz.yml
@@ -111,7 +111,7 @@ jobs:
           exit 1
       - name: Upload crash (if any)
         if: ${{ steps.fuzz.outputs.fuzz-error == 'true' }}
-        uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4.3.4
+        uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0
         with:
           name: fuzz-crash-${{ steps.run-id.outputs.result }}
           path: |

diff --git a/.github/workflows/secrets.yml b/.github/workflows/secrets.yml
@@ -33,6 +33,6 @@ jobs:
         with:
           fetch-depth: 0
       - name: Scan for secrets
-        uses: trufflesecurity/trufflehog@b9dd330365132cd2d01dd5dc8a857a056a2544e1 # v3.79.0
+        uses: trufflesecurity/trufflehog@f2c7bb93be9373d5d2a524a11c7ba739dc1de7f2 # v3.81.8
         with:
           extra_args: --only-verified
diff --git a/.github/workflows/semgrep.yml b/.github/workflows/semgrep.yml
@@ -22,7 +22,7 @@ jobs:
         env:
           SEMGREP_APP_TOKEN: ${{ secrets.SEMGREP_APP_TOKEN }}
       - name: Upload Semgrep report to GitHub
-        uses: github/codeql-action/upload-sarif@4fa2a7953630fd2f3fb380f21be14ede0169dd4f # v3.25.12
+        uses: github/codeql-action/upload-sarif@4dd16135b69a43b6c8efb853346f8437d92d3c93 # v3.26.6
         if: ${{ failure() || success() }}
         with:
           sarif_file: semgrep.sarif
diff --git a/.github/workflows/trusty.yml b/.github/workflows/trusty.yml
@@ -0,0 +1,23 @@
+name: TrustyPkg
+
+on:
+  pull_request: ~
+
+permissions: read-all
+
+jobs:
+  trusty_pkg_check:
+    name: Dependency Check
+    runs-on: ubuntu-24.04
+    permissions:
+      pull-requests: write
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
+      - name: TrustyPkg Action
+        uses: stacklok/trusty-action@91b08021e289192cf2bb9b420a37d2dae463a3ca # v0.0.7
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        with:
+          global_threshold: 5
+          provenance_threshold: 5
diff --git a/.licensee.json b/.licensee.json
@@ -20,6 +20,7 @@
     "deep-freeze": "0.0.1",
     "filter-iterator": "0.0.1",
     "identity-function": "1.0.0",
+    "jsonp": "0.2.1",
     "shescape": "*"
   },
   "corrections": true

diff --git a/.nvmrc b/.nvmrc
@@ -1 +1 @@
-22
+22.7.0