-
Notifications
You must be signed in to change notification settings - Fork 1.5k
Bump @octokit/request-error and @actions/github #1227
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Bump @octokit/request-error and @actions/github #1227
Conversation
@dependabot rebase |
Looks like this PR has been edited by someone other than Dependabot. That means Dependabot can't rebase it - sorry! If you're happy for Dependabot to recreate it from scratch, overwriting any edits, you can request |
@dependabot recreate |
6e41730
to
7465f29
Compare
@dependabot recreate |
7465f29
to
bbaa6e6
Compare
OK, I won't notify you again about this release, but will get in touch when a new version is available. You can also ignore all major, minor, or patch releases for a dependency by adding an If you change your mind, just re-open this PR and I'll resolve any conflicts on it. |
@dependabot recreate |
Bumps [@octokit/request-error](https://github.com/octokit/request-error.js) to 5.1.1 and updates ancestor dependency [@actions/github](https://github.com/actions/toolkit/tree/HEAD/packages/github). These dependencies need to be updated together. Updates `@octokit/request-error` from 2.1.0 to 5.1.1 - [Release notes](https://github.com/octokit/request-error.js/releases) - [Commits](octokit/request-error.js@v2.1.0...v5.1.1) Updates `@actions/github` from 5.1.1 to 6.0.0 - [Changelog](https://github.com/actions/toolkit/blob/main/packages/github/RELEASES.md) - [Commits](https://github.com/actions/toolkit/commits/HEAD/packages/github) --- updated-dependencies: - dependency-name: "@octokit/request-error" dependency-type: indirect - dependency-name: "@actions/github" dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com>
05962ea
to
cfc4208
Compare
* Fix macos latest check failures (actions#1041) * Update latest node versions * Update latest node versions * Update test data * Update test data * Update test data * Update test data * Update test data * macos lts failure fix * Update macos-13 * Bump braces from 3.0.2 to 3.0.3 (actions#1087) * Bump braces from 3.0.2 to 3.0.3 Bumps [braces](https://github.com/micromatch/braces) from 3.0.2 to 3.0.3. - [Changelog](https://github.com/micromatch/braces/blob/master/CHANGELOG.md) - [Commits](micromatch/braces@3.0.2...3.0.3) --- updated-dependencies: - dependency-name: braces dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> * Bump undici from 5.28.3 to 5.28.4 --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: HarithaVattikuti <73516759+HarithaVattikuti@users.noreply.github.com> * Documentation update in the README file (actions#1106) * first commit on using setup node * Delete .github/workflows/helloWorld.yml * Create main.yml * Rename main.yml to helloworld.yml * goodbye world added * name changed to goodbye * updated README --------- Co-authored-by: Suyash Gaonkar <39784472+suyashrg18@users.noreply.github.com> * Fix: windows arm64 setup (actions#1126) * Add condition to ensure ZIP extraction targets only Windows ARM64 official archives * Bumps micromatch from 4.0.5 to 4.0.8 * Create publish-immutable-action.yml * Upgrade IA Publish * Correct version string (actions#1124) * Resolve High Security Alerts by upgrading Dependencies (actions#1132) * db-alerts-fix * npm run format * db-alert-fix * failure check fix * check- filaure fix * Revise `isGhes` logic (actions#1148) * Revise `isGhes` logic * ran 'npm run format' * added unit test * fix: add arch to cached path (actions#843) * fix: add arch to cached path * fix: change from using env to os module * fix: use process.env.RUNNER_OS instead of os.platform() * fix: remove unused var * Add macos-13 to the workflows and upgrade publish-actions from 0.2.2 to 0.3.0 (actions#1174) * Update versions.yml * Update versions.yml * ubuntu-24, macos-13 updates * check -failure fix * Update README.md (actions#1193) * Create dependabot.yml (actions#1192) * Use the new cache service: upgrade `@actions/cache` to `^4.0.0` (actions#1191) * upgrade `@actions/cache` to `^4.0.0` * Review licenses & update types * updated package-lock.json * Bump pnpm/action-setup from 2 to 4 (actions#1194) Bumps [pnpm/action-setup](https://github.com/pnpm/action-setup) from 2 to 4. - [Release notes](https://github.com/pnpm/action-setup/releases) - [Commits](pnpm/action-setup@v2...v4) --- updated-dependencies: - dependency-name: pnpm/action-setup dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump actions/publish-immutable-action from 0.0.3 to 0.0.4 (actions#1195) Bumps [actions/publish-immutable-action](https://github.com/actions/publish-immutable-action) from 0.0.3 to 0.0.4. - [Release notes](https://github.com/actions/publish-immutable-action/releases) - [Commits](actions/publish-immutable-action@0.0.3...v0.0.4) --- updated-dependencies: - dependency-name: actions/publish-immutable-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump semver from 7.6.0 to 7.6.3 (actions#1196) * Bump semver from 7.6.0 to 7.6.3 Bumps [semver](https://github.com/npm/node-semver) from 7.6.0 to 7.6.3. - [Release notes](https://github.com/npm/node-semver/releases) - [Changelog](https://github.com/npm/node-semver/blob/main/CHANGELOG.md) - [Commits](npm/node-semver@v7.6.0...v7.6.3) --- updated-dependencies: - dependency-name: semver dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * fix for check-dist & license check failures --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Aparna Jyothi <aparnajyothi-y@github.com> * Bump @types/jest from 29.5.12 to 29.5.14 (actions#1201) Bumps [@types/jest](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/jest) from 29.5.12 to 29.5.14. - [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases) - [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/jest) --- updated-dependencies: - dependency-name: "@types/jest" dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump undici from 5.28.4 to 5.28.5 (actions#1205) * Bump undici from 5.28.4 to 5.28.5 Bumps [undici](https://github.com/nodejs/undici) from 5.28.4 to 5.28.5. - [Release notes](https://github.com/nodejs/undici/releases) - [Commits](nodejs/undici@v5.28.4...v5.28.5) --- updated-dependencies: - dependency-name: undici dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> * fix for check-dist and license failures * npm run updates --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Aparna Jyothi <aparnajyothi-y@github.com> * Bump @actions/glob from 0.4.0 to 0.5.0 (actions#1200) * Bump @actions/glob from 0.4.0 to 0.5.0 Bumps [@actions/glob](https://github.com/actions/toolkit/tree/HEAD/packages/glob) from 0.4.0 to 0.5.0. - [Changelog](https://github.com/actions/toolkit/blob/main/packages/glob/RELEASES.md) - [Commits](https://github.com/actions/toolkit/commits/HEAD/packages/glob) --- updated-dependencies: - dependency-name: "@actions/glob" dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * fix for check-dist and license failures --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Aparna Jyothi <aparnajyothi-y@github.com> * actions/cache upgrade (actions#1251) Co-authored-by: “gowridurgad” <“hgowridurgad@github.com> * Bump @vercel/ncc from 0.38.1 to 0.38.3 (actions#1203) * Bump @vercel/ncc from 0.38.1 to 0.38.3 Bumps [@vercel/ncc](https://github.com/vercel/ncc) from 0.38.1 to 0.38.3. - [Release notes](https://github.com/vercel/ncc/releases) - [Commits](vercel/ncc@0.38.1...0.38.3) --- updated-dependencies: - dependency-name: "@vercel/ncc" dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * fix for check failures --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Aparna Jyothi <aparnajyothi-y@github.com> * Bump @actions/tool-cache from 2.0.1 to 2.0.2 (actions#1220) * Bump @actions/tool-cache from 2.0.1 to 2.0.2 Bumps [@actions/tool-cache](https://github.com/actions/toolkit/tree/HEAD/packages/tool-cache) from 2.0.1 to 2.0.2. - [Changelog](https://github.com/actions/toolkit/blob/main/packages/tool-cache/RELEASES.md) - [Commits](https://github.com/actions/toolkit/commits/HEAD/packages/tool-cache) --- updated-dependencies: - dependency-name: "@actions/tool-cache" dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * check failures fix --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Aparna Jyothi <aparnajyothi-y@github.com> * Make eslint-compact matcher compatible with Stylelint (actions#98) * Add support for indented eslint output (actions#1245) * feat: support private mirrors (actions#1240) * feat: support private mirrors * chore: change fallback message with mirrors * Bump @action/cache from 4.0.2 to 4.0.3 (actions#1262) * Update versions.yml * Update versions.yml * actions/cache upgrade to 4.0.3 * events update * npm audit fix revert * npm adit fix revert * Bump @octokit/request-error and @actions/github (actions#1227) * Bump @octokit/request-error and @actions/github Bumps [@octokit/request-error](https://github.com/octokit/request-error.js) to 5.1.1 and updates ancestor dependency [@actions/github](https://github.com/actions/toolkit/tree/HEAD/packages/github). These dependencies need to be updated together. Updates `@octokit/request-error` from 2.1.0 to 5.1.1 - [Release notes](https://github.com/octokit/request-error.js/releases) - [Commits](octokit/request-error.js@v2.1.0...v5.1.1) Updates `@actions/github` from 5.1.1 to 6.0.0 - [Changelog](https://github.com/actions/toolkit/blob/main/packages/github/RELEASES.md) - [Commits](https://github.com/actions/toolkit/commits/HEAD/packages/github) --- updated-dependencies: - dependency-name: "@octokit/request-error" dependency-type: indirect - dependency-name: "@actions/github" dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> * Fix failures --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: HarithaVattikuti <73516759+HarithaVattikuti@users.noreply.github.com> * Bump uuid from 9.0.1 to 11.1.0 (actions#1273) * Bump uuid from 9.0.1 to 11.1.0 Bumps [uuid](https://github.com/uuidjs/uuid) from 9.0.1 to 11.1.0. - [Release notes](https://github.com/uuidjs/uuid/releases) - [Changelog](https://github.com/uuidjs/uuid/blob/main/CHANGELOG.md) - [Commits](uuidjs/uuid@v9.0.1...v11.1.0) --- updated-dependencies: - dependency-name: uuid dependency-version: 11.1.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> * Bump uuid from 9.0.1 to 11.1.0 Bumps [uuid](https://github.com/uuidjs/uuid) from 9.0.1 to 11.1.0. - [Release notes](https://github.com/uuidjs/uuid/releases) - [Changelog](https://github.com/uuidjs/uuid/blob/main/CHANGELOG.md) - [Commits](uuidjs/uuid@v9.0.1...v11.1.0) --- updated-dependencies: - dependency-name: uuid dependency-version: 11.1.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> * Fix failures --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: HarithaVattikuti <73516759+HarithaVattikuti@users.noreply.github.com> * fix: build --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: HarithaVattikuti <73516759+HarithaVattikuti@users.noreply.github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: suyashgaonkar <suyashgaonkar@github.com> Co-authored-by: Suyash Gaonkar <39784472+suyashrg18@users.noreply.github.com> Co-authored-by: Priya Gupta <147705955+priyagupta108@users.noreply.github.com> Co-authored-by: Joel Ambass <Jcambass@users.noreply.github.com> Co-authored-by: William Entriken <github.com@phor.net> Co-authored-by: aparnajyothi-y <147696841+aparnajyothi-y@users.noreply.github.com> Co-authored-by: John Wesley Walker III <81404201+jww3@users.noreply.github.com> Co-authored-by: Peng Xiao <pengxiao@outlook.com> Co-authored-by: Ben Wells <benwells@github.com> Co-authored-by: Aparna Jyothi <aparnajyothi-y@github.com> Co-authored-by: gowridurgad <159780674+gowridurgad@users.noreply.github.com> Co-authored-by: “gowridurgad” <“hgowridurgad@github.com> Co-authored-by: Flo Edelmann <git@flo-edelmann.de> Co-authored-by: fregante <me@fregante.com> Co-authored-by: Marco Ippolito <marcoippolito54@gmail.com>
Bumps @octokit/request-error to 5.1.1 and updates ancestor dependency @actions/github. These dependencies need to be updated together.
Updates
@octokit/request-error
from 2.1.0 to 5.1.1Release notes
Sourced from
@octokit/request-error
's releases.... (truncated)
Commits
b51ed27
test: ReDos regex vulnerability, reported by@dayshift
12a14f0
fix: ReDos regex vulnerability, reported by@dayshift
3af20bd
fix: upgrade@octokit/types
to v1394147e8
feat(security): Add provenance (#416)590fc39
fix(deps): update dependency@octokit/types
to v12 (#366)4b9c57e
ci(action): update peter-evans/create-or-update-comment digest to 46da6c0710afc3
ci(action): update peter-evans/create-or-update-comment digest to 1f6c514c82c8ce
ci(action): update peter-evans/create-or-update-comment digest to 223779bec24ead
ci(action): update peter-evans/create-or-update-comment digest to 46846e5 (#362)365f18d
ci(action): update actions/checkout action to v4Updates
@actions/github
from 5.1.1 to 6.0.0Changelog
Sourced from
@actions/github
's changelog.Commits
You can trigger a rebase of this PR by commenting
@dependabot rebase
.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebase
will rebase this PR@dependabot recreate
will recreate this PR, overwriting any edits that have been made to it@dependabot merge
will merge this PR after your CI passes on it@dependabot squash and merge
will squash and merge this PR after your CI passes on it@dependabot cancel merge
will cancel a previously requested merge and block automerging@dependabot reopen
will reopen this PR if it is closed@dependabot close
will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot show <dependency name> ignore conditions
will show all of the ignore conditions of the specified dependency@dependabot ignore this major version
will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor version
will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependency
will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)You can disable automated security fix PRs for this repo from the Security Alerts page.