From a625c7487f8172cfd7fef0e0b7d7a77212f1f5f6 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 27 Oct 2023 22:45:49 +0000 Subject: [PATCH 1/2] build(deps): bump jwt-decode from 3.1.2 to 4.0.0 Bumps [jwt-decode](https://github.com/auth0/jwt-decode) from 3.1.2 to 4.0.0. - [Release notes](https://github.com/auth0/jwt-decode/releases) - [Changelog](https://github.com/auth0/jwt-decode/blob/main/CHANGELOG.md) - [Commits](https://github.com/auth0/jwt-decode/compare/v3.1.2...v4.0.0) --- updated-dependencies: - dependency-name: jwt-decode dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- package.json | 2 +- yarn.lock | 10 +++++----- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/package.json b/package.json index 14ab703c..fd809f2b 100644 --- a/package.json +++ b/package.json @@ -58,7 +58,7 @@ "csv-parse": "^5.5.2", "handlebars": "^4.7.8", "js-yaml": "^4.1.0", - "jwt-decode": "^3.1.2", + "jwt-decode": "^4.0.0", "semver": "^7.5.4", "tmp": "^0.2.1" }, diff --git a/yarn.lock b/yarn.lock index cc87982d..73ce51c3 100644 --- a/yarn.lock +++ b/yarn.lock @@ -1066,7 +1066,7 @@ __metadata: handlebars: ^4.7.8 jest: ^29.6.4 js-yaml: ^4.1.0 - jwt-decode: ^3.1.2 + jwt-decode: ^4.0.0 prettier: ^3.0.3 rimraf: ^5.0.1 semver: ^7.5.4 @@ -5356,10 +5356,10 @@ __metadata: languageName: node linkType: hard -"jwt-decode@npm:^3.1.2": - version: 3.1.2 - resolution: "jwt-decode@npm:3.1.2" - checksum: 20a4b072d44ce3479f42d0d2c8d3dabeb353081ba4982e40b83a779f2459a70be26441be6c160bfc8c3c6eadf9f6380a036fbb06ac5406b5674e35d8c4205eeb +"jwt-decode@npm:^4.0.0": + version: 4.0.0 + resolution: "jwt-decode@npm:4.0.0" + checksum: 390e2edcb31a92e86c8cbdd1edeea4c0d62acd371f8a8f0a8878e499390c0ecf4c658b365c4e941e4ef37d0170e4ca650aaa49f99a45c0b9695a235b210154b0 languageName: node linkType: hard From 0e5f8a766ae6d1cf13feeec1ff95956ae675762a Mon Sep 17 00:00:00 2001 From: CrazyMax Date: Sat, 28 Oct 2023 02:37:52 +0200 Subject: [PATCH 2/2] github: fix jwt-decode import and test Signed-off-by: CrazyMax --- __tests__/github.test.ts | 2 +- src/github.ts | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/__tests__/github.test.ts b/__tests__/github.test.ts index f992db16..c065cca2 100644 --- a/__tests__/github.test.ts +++ b/__tests__/github.test.ts @@ -138,7 +138,7 @@ describe('printActionsRuntimeTokenACs', () => { }); it('malformed', async () => { process.env.ACTIONS_RUNTIME_TOKEN = 'foo'; - await expect(GitHub.printActionsRuntimeTokenACs()).rejects.toThrow(new Error("Cannot parse GitHub Actions Runtime Token: Invalid token specified: Cannot read properties of undefined (reading 'replace')")); + await expect(GitHub.printActionsRuntimeTokenACs()).rejects.toThrow(new Error('Cannot parse GitHub Actions Runtime Token: Invalid token specified: missing part #2')); }); it('refs/heads/master', async () => { const infoSpy = jest.spyOn(core, 'info'); diff --git a/src/github.ts b/src/github.ts index e7b8e1c5..d49f0ac3 100644 --- a/src/github.ts +++ b/src/github.ts @@ -18,7 +18,7 @@ import {GitHub as Octokit} from '@actions/github/lib/utils'; import * as core from '@actions/core'; import * as github from '@actions/github'; import {Context} from '@actions/github/lib/context'; -import jwt_decode from 'jwt-decode'; +import {jwtDecode, JwtPayload} from 'jwt-decode'; import {GitHubActionsRuntimeToken, GitHubActionsRuntimeTokenAC, GitHubRepo} from './types/github'; @@ -51,7 +51,7 @@ export class GitHub { static get actionsRuntimeToken(): GitHubActionsRuntimeToken | undefined { const token = process.env['ACTIONS_RUNTIME_TOKEN'] || ''; - return token ? jwt_decode(token) : undefined; + return token ? (jwtDecode(token) as GitHubActionsRuntimeToken) : undefined; } public static async printActionsRuntimeTokenACs() {