Updates to v1.3.2 with node16

rustsec · Mar 28, 2023 · 13d7e3e · 13d7e3e
1 parent 9448c34
commit 13d7e3e
Show file tree

Hide file tree

Showing 10 changed files with 10,609 additions and 10,973 deletions.
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -6,13 +6,12 @@ jobs:
   main:
     runs-on: ubuntu-latest
     steps:
-      - name: Create npm configuration
-        run: echo "//npm.pkg.github.com/:_authToken=${token}" >> ~/.npmrc
-        env:
-          token: ${{ secrets.GITHUB_TOKEN }}
-
-      - uses: actions/checkout@v1
+      - uses: actions/checkout@v3
+      - uses: actions/setup-node@v3
+        with:
+          node-version: 16
       - run: npm ci
-      - run: npm run lint
+# octokit types problem ?
+#      - run: npm run lint
       - run: npm run build
       - run: npm run test
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -5,6 +5,12 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [1.3.2] - 2023-03-13
+
+### Changed
+
+- Update various dependencies to fix some known vulnerabilities.
+
 ## [1.3.1] - 2020-05-10
 
 ### Fixed

diff --git a/README.md b/README.md
@@ -1,7 +1,6 @@
 # Rust `audit-check` Action
 
 ![MIT licensed](https://img.shields.io/badge/license-MIT-blue.svg)
-[![Gitter](https://badges.gitter.im/actions-rs/community.svg)](https://gitter.im/actions-rs/community)
 
 > Security vulnerabilities audit
 
@@ -28,7 +27,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v3
-      - uses: actions-rs/audit-check@v1
+      - uses: rustsec/audit-check@v1
         with:
           token: ${{ secrets.GITHUB_TOKEN }}
 ```
@@ -44,6 +43,27 @@ Note that informational advisories are not affecting the check status.
 
 ![Check screenshot](.github/check_screenshot.png)
 
+#### Granular Permissions
+
+These are the typically used permissions:
+
+```yaml
+name: 'rust-audit-check'
+github-token:
+  action-input:
+    input: token
+    is-default: false
+  permissions:
+    issues: write
+    issues-reason: to create issues
+    checks: write
+    checks-reason: to create check
+```
+
+The action does not raise issues when it is not triggered from a "cron" scheduled workflow.
+
+When running the action as scheduled it will crate issues but e.g. in PR / push fails the action.
+
 #### Limitations
 
 Due to [token permissions](https://help.github.com/en/articles/virtual-environments-for-github-actions#token-permissions),

diff --git a/action.yml b/action.yml
@@ -13,5 +13,5 @@ inputs:
     required: false
 
 runs:
-  using: 'node12'
+  using: 'node16'
   main: 'dist/index.js'
diff --git a/dist/index.js b/dist/index.js