New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Upgrade @actions/github from 1.0.0 to 1.1.0 #4

Open

snyk-bot wants to merge 1 commit into master from snyk-upgrade-cb7702afc76a5eeaf99f2569b81b73c4

snyk-bot commented Apr 13, 2022

Snyk has created this PR to upgrade @actions/github from 1.0.0 to 1.1.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

The recommended version is 2 versions ahead of your current version.
The recommended version was released 3 years ago, on 2019-09-05.

The recommended version fixes:

Severity	Issue	PriorityScore (*)	Exploit Maturity
	Denial of Service SNYK-JS-NODEFETCH-674311	306/1000 Why? CVSS 5.9	No Known Exploit
	Information Exposure SNYK-JS-NODEFETCH-2342118	306/1000 Why? CVSS 5.9	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: @actions/github

1.1.0 - 2019-09-05
@ actions/github@1.1.0
1.0.1 - 2019-09-03
@ actions/io@1.0.1
1.0.0 - 2019-08-07
@ actions/tool-cache@1.0.0

from @actions/github GitHub release notes

Commit messages

Package name: @actions/github

a2ab4bc Publish
7772d5f Merge pull request #113 from actions/client-options
1c4866f Add note about constructor options
ebace7e Bump TypeScript to 3.6.2
e533651 Accept Octokit.Options in the GitHub constructor
eb4c328 Merge pull request #98 from actions/core-debug
020f703 JavaScript walk through update (#107)
2a1b7d5 Merge branch 'master' of https://github.com/actions/toolkit
eaba921 Bump package version
f2d0199 Update RELEASES.md
99d3ad0 Use readFileSync instead of require (#101)
ac36ca4 Small fix for the tool-cache extract example (#99)
92e6443 End group in core.group regardless of error thrown
8f9992c Add assertion for return value of core.group
80fc75e Fix readme
8b9dfa8 Add group functions to core
e35e0e6 Bump mixin-deep from 1.3.1 to 1.3.2 (#95)
ccf748b Bump lodash.template from 4.4.0 to 4.5.0 (#94)
8caeee5 Bump tar from 2.2.1 to 2.2.2 (#93)
b26ef29 Bump lodash from 4.17.11 to 4.17.15 (#92)
fba68de Bump fstream from 1.0.11 to 1.0.12 (#91)
df04d7d Bump eslint-utils from 1.3.1 to 1.4.2 (#90)
37202e8 fix syntax error in output example (#84)
7cd421b lint fixes

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs


          fix: upgrade @actions/github from 1.0.0 to 1.1.0

09e7045

Snyk has created this PR to upgrade @actions/github from 1.0.0 to 1.1.0.

See this package in npm:
https://www.npmjs.com/package/@actions/github

See this project in Snyk:
https://app.snyk.io/org/olliepop/project/03fcbcec-bbbd-4af5-8353-1c8c5a0d6fde?utm_source=github&utm_medium=referral&page=upgrade-pr

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment