From bedb7492f18c464a757ade2221b6e1e0829e4e87 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 5 Jul 2021 01:14:51 +0000 Subject: [PATCH 1/2] build(deps): bump debug from 4.1.1 to 4.3.2 Bumps [debug](https://github.com/visionmedia/debug) from 4.1.1 to 4.3.2. - [Release notes](https://github.com/visionmedia/debug/releases) - [Commits](https://github.com/visionmedia/debug/compare/4.1.1...4.3.2) --- updated-dependencies: - dependency-name: debug dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- package-lock.json | 14 +++++++------- package.json | 2 +- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/package-lock.json b/package-lock.json index 0bc463e8..c99fe284 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1610,17 +1610,17 @@ "integrity": "sha512-7u+uNfnjWkX+YFQfivvW24TjaJG6ahvTrfw1auq7KlC7osuGcZBIWGBvB9UcENjH6JnLVhMqlRripk1dSHjAUA==" }, "debug": { - "version": "4.1.1", - "resolved": "https://registry.npmjs.org/debug/-/debug-4.1.1.tgz", - "integrity": "sha512-pYAIzeRo8J6KPEaJ0VWOh5Pzkbw/RetuzehGM7QRRX5he4fPHx2rdKMB256ehJCkX+XRQm16eZLqLNS8RSZXZw==", + "version": "4.3.2", + "resolved": "https://registry.npmjs.org/debug/-/debug-4.3.2.tgz", + "integrity": "sha512-mOp8wKcvj7XxC78zLgw/ZA+6TSgkoE2C/ienthhRD298T7UNwAg9diBpLRxC0mOezLl4B0xV7M0cCO6P/O0Xhw==", "requires": { - "ms": "^2.1.1" + "ms": "2.1.2" }, "dependencies": { "ms": { - "version": "2.1.1", - "resolved": "https://registry.npmjs.org/ms/-/ms-2.1.1.tgz", - "integrity": "sha512-tgp+dl5cGk28utYktBsrFqA7HKgrhgPsg6Z/EfhWI4gl1Hwq8B/GmY/0oXZ6nF8hDVesS/FpnYaD/kOWhYQvyg==" + "version": "2.1.2", + "resolved": "https://registry.npmjs.org/ms/-/ms-2.1.2.tgz", + "integrity": "sha512-sGkPx+VjMtmA6MX27oA4FBFELFCZZ4S4XqeGOXCv68tT+jb3vk/RyaKWP0PTKyWtmLSM0b+adUTEvbs1PEaH2w==" } } }, diff --git a/package.json b/package.json index e1246fa8..21a7a729 100644 --- a/package.json +++ b/package.json @@ -24,7 +24,7 @@ "cookie-session": "^2.0.0-rc.1", "cors": "^2.8.5", "cryptiles": "^4.1.3", - "debug": "~4.1.1", + "debug": "~4.3.2", "dotenv": "^8.6.0", "express": "~4.17.1", "express-validator": "^6.12.0", From 14042ec92fa1b2a2bd517e618e8679ba7a65284b Mon Sep 17 00:00:00 2001 From: Tracy <46543122+chenxuan-zhou@users.noreply.github.com> Date: Sat, 10 Jul 2021 12:14:10 -0400 Subject: [PATCH 2/2] =?UTF-8?q?fix=EF=BC=9A=20share=20github=20secrets=20t?= =?UTF-8?q?o=20dependabot=20(#712)=20(#713)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/workflows/node.js.yml | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) diff --git a/.github/workflows/node.js.yml b/.github/workflows/node.js.yml index 941f103b..2ccae5a9 100644 --- a/.github/workflows/node.js.yml +++ b/.github/workflows/node.js.yml @@ -8,6 +8,8 @@ on: branches: [ dev, master ] pull_request: branches: [ dev, master ] + pull_request_target: + branches: [ dev, master ] jobs: build: @@ -24,8 +26,21 @@ jobs: node-version: [14.x] # See supported Node.js release schedule at https://nodejs.org/en/about/releases/ + if: | + (github.event_name == 'pull_request_target' && github.actor == 'dependabot[bot]') || + (github.event_name != 'pull_request_target' && github.actor != 'dependabot[bot]') + steps: - - uses: actions/checkout@v2 + - name: Checkout + if: ${{ github.event_name != 'pull_request_target' }} + uses: actions/checkout@v2 + + - name: Checkout PR + if: ${{ github.event_name == 'pull_request_target' }} + uses: actions/checkout@v2 + with: + ref: ${{ github.event.pull_request.head.sha }} + - name: Use Node.js ${{ matrix.node-version }} uses: actions/setup-node@v2 with: