chore: update step-security/harden-runner action to v2.8.0

Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
chore: update github/codeql-action action to v3.25.6
2024-05-22 12:54:53 +00:00 · 2024-05-21 04:41:01 +00:00 · 2024-05-20 12:08:56 +00:00 · 2024-05-17 08:26:56 -04:00 · 2024-05-17 01:47:11 +00:00 · 2024-05-13 13:14:38 +00:00
5 changed files with 710 additions and 347 deletions
--- a/.github/workflows/codeql-analysis.yml
+++ b/.github/workflows/codeql-analysis.yml
@ -20,7 +20,7 @@ jobs:
      actions: read

    steps:
-    - uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
+    - uses: step-security/harden-runner@f086349bfa2bd1361f7909c78558e816508cdc10 # v2.8.0
      with:
        disable-sudo: true
        egress-policy: block
@ -30,16 +30,16 @@ jobs:
          objects.githubusercontent.com:443

    - name: Checkout repository
-      uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+      uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
      with:
        persist-credentials: false

    - name: Initialize CodeQL
-      uses: github/codeql-action/init@8a470fddafa5cbb6266ee11b37ef4d8aae19c571 # v3.24.6
+      uses: github/codeql-action/init@9fdb3e49720b44c48891d036bb502feb25684276 # v3.25.6
      with:
        languages: javascript-typescript
        config-file: .github/codeql/codeql-config.yml

    - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@8a470fddafa5cbb6266ee11b37ef4d8aae19c571 # v3.24.6
+      uses: github/codeql-action/analyze@9fdb3e49720b44c48891d036bb502feb25684276 # v3.25.6

--- a/.github/workflows/continuous-integration.yml
+++ b/.github/workflows/continuous-integration.yml
@ -31,7 +31,7 @@ jobs:
      fail-fast: false
    runs-on: ${{ matrix.os }}
    steps:
-      - uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
+      - uses: step-security/harden-runner@f086349bfa2bd1361f7909c78558e816508cdc10 # v2.8.0
        if: ${{ matrix.os == 'ubuntu-latest' }}
        with:
          disable-sudo: true
@ -41,7 +41,7 @@ jobs:
            github.com:443
            nodejs.org:443
            registry.npmjs.org:443
-      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+      - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
        with:
          persist-credentials: false
      - name: Use Node.js ${{ matrix.node-version }}
@ -59,7 +59,7 @@ jobs:
    name: Code Lint
    runs-on: ubuntu-latest
    steps:
-      - uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
+      - uses: step-security/harden-runner@f086349bfa2bd1361f7909c78558e816508cdc10 # v2.8.0
        with:
          disable-sudo: true
          egress-policy: block
@ -68,7 +68,7 @@ jobs:
            github.com:443
            nodejs.org:443
            registry.npmjs.org:443
-      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+      - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
        with:
          persist-credentials: false
      - name: Use Node.js 20
@ -89,14 +89,14 @@ jobs:
    runs-on: ubuntu-latest
    if: ${{ github.event.pull_request }}
    steps:
-      - uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
+      - uses: step-security/harden-runner@f086349bfa2bd1361f7909c78558e816508cdc10 # v2.8.0
        with:
          disable-sudo: true
          egress-policy: block
          allowed-endpoints: >
            github.com:443
            registry.npmjs.org:443
-      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+      - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
        with:
          fetch-depth: 0
          persist-credentials: false
@ -125,14 +125,14 @@ jobs:
    name: Lockfile Lint
    runs-on: ubuntu-latest
    steps:
-      - uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
+      - uses: step-security/harden-runner@f086349bfa2bd1361f7909c78558e816508cdc10 # v2.8.0
        with:
          disable-sudo: true
          egress-policy: block
          allowed-endpoints: >
            github.com:443
            registry.npmjs.org:443
-      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+      - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
        with:
          persist-credentials: false
      - name: Use Node.js 20
--- a/.github/workflows/scorecards.yml
+++ b/.github/workflows/scorecards.yml
@ -32,7 +32,7 @@ jobs:
      id-token: write

    steps:
-      - uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
+      - uses: step-security/harden-runner@f086349bfa2bd1361f7909c78558e816508cdc10 # v2.8.0
        if: ${{ matrix.os == 'ubuntu-latest' }}
        with:
          disable-sudo: true
@ -47,11 +47,11 @@ jobs:
            rekor.sigstore.dev:443
            tuf-repo-cdn.sigstore.dev:443
            www.bestpractices.dev:443
-      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+      - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
        with:
          persist-credentials: false

-      - uses: ossf/scorecard-action@0864cf19026789058feabb7e87baa5f140aac736 # v2.3.1
+      - uses: ossf/scorecard-action@dc50aa9510b46c811795eb24b2f1ba02a914e534 # v2.3.3
        with:
          results_file: results.sarif
          results_format: sarif
@ -66,13 +66,13 @@ jobs:

      # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
      # format to the repository Actions tab.
-      - uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1
+      - uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
        with:
          name: OSSF Scorecard SARIF file
          path: results.sarif
          retention-days: 90

      # Upload the results to GitHub's code scanning dashboard.
-      - uses: github/codeql-action/upload-sarif@8a470fddafa5cbb6266ee11b37ef4d8aae19c571 # v3.24.6
+      - uses: github/codeql-action/upload-sarif@9fdb3e49720b44c48891d036bb502feb25684276 # v3.25.6
        with:
          sarif_file: results.sarif
--- a/package-lock.json
+++ b/package-lock.json
--- a/package.json
+++ b/package.json
@ -26,16 +26,16 @@
    "strong-globalize": "^6.0.6"
  },
  "devDependencies": {
-    "@commitlint/cli": "^19.0.3",
-    "@commitlint/config-conventional": "^19.0.3",
+    "@commitlint/cli": "^19.3.0",
+    "@commitlint/config-conventional": "^19.2.2",
    "@types/express": "^4.17.21",
-    "chai": "^5.1.0",
+    "chai": "^5.1.1",
    "eslint": "^8.57.0",
    "eslint-config-loopback": "^13.1.0",
-    "express": "^4.18.3",
+    "express": "^4.19.2",
    "lockfile-lint": "^4.13.2",
-    "mocha": "^10.3.0",
-    "supertest": "^6.3.4"
+    "mocha": "^10.4.0",
+    "supertest": "^7.0.0"
  },
  "browser": {
    "strong-error-handler": false
Author	SHA1	Message	Date
renovate[bot]	7c19fbaea8	chore: update step-security/harden-runner action to v2.8.0 Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>	2024-05-22 12:54:53 +00:00
renovate[bot]	2bb675062b	chore: update github/codeql-action action to v3.25.6 Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>	2024-05-21 04:41:01 +00:00
renovate[bot]	0767b3610b	chore: lock file maintenance Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>	2024-05-20 12:08:56 +00:00
renovate[bot]	9bcfd79b9e	chore: update dependency supertest to v7 Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>	2024-05-17 08:26:56 -04:00
renovate[bot]	7929859a61	chore: update actions/checkout action to v4.1.6 Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>	2024-05-17 01:47:11 +00:00
renovate[bot]	d339136c8d	chore: update github/codeql-action action to v3.25.5 Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>	2024-05-13 13:14:38 +00:00
renovate[bot]	bc6ca060a1	chore: lock file maintenance Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>	2024-05-13 05:06:15 +00:00
renovate[bot]	33dbd5fcc4	chore: update ossf/scorecard-action action to v2.3.3 Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>	2024-05-10 01:44:12 +00:00
renovate[bot]	633482e152	chore: update dependency chai to ^5.1.1 Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>	2024-05-09 16:12:35 +00:00
renovate[bot]	30a41bcb20	chore: update actions/checkout action to v4.1.5 Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>	2024-05-09 01:14:28 +00:00
renovate[bot]	a8305f85ba	chore: update github/codeql-action action to v3.25.4 Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>	2024-05-08 18:18:43 +00:00
renovate[bot]	1f7d29774e	chore: lock file maintenance Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>	2024-05-06 04:55:58 +00:00
renovate[bot]	8c0ea62fa4	chore: update step-security/harden-runner action to v2.7.1 Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>	2024-04-30 04:04:56 +00:00
renovate[bot]	c474b4e9e4	chore: lock file maintenance Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>	2024-04-29 03:01:04 +00:00
renovate[bot]	8d60f4a6e8	chore: update github/codeql-action action to v3.25.3 Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>	2024-04-26 01:25:11 +00:00
renovate[bot]	29b4bc10d7	chore: update actions/checkout action to v4.1.4 Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>	2024-04-25 11:00:43 -04:00
renovate[bot]	5102eb12b9	chore: update dependency @commitlint/cli to ^19.3.0 Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>	2024-04-23 06:39:57 +00:00
renovate[bot]	38b9c32efa	chore: update github/codeql-action action to v3.25.2 Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>	2024-04-23 01:12:27 +00:00
renovate[bot]	8645450c59	chore: update actions/upload-artifact action to v4.3.3 Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>	2024-04-22 22:49:30 +00:00
renovate[bot]	3b3fc3f369	chore: update actions/checkout action to v4.1.3 Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>	2024-04-22 19:19:05 +00:00
renovate[bot]	c927632878	chore: lock file maintenance Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>	2024-04-22 04:12:13 +00:00
renovate[bot]	6a57fee349	chore: update actions/upload-artifact action to v4.3.2 Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>	2024-04-18 18:29:51 +00:00
renovate[bot]	705880daee	chore: update github/codeql-action action to v3.25.1 Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>	2024-04-17 07:52:54 -04:00
renovate[bot]	f4c8ed1e91	chore: update github/codeql-action action to v3.25.0 Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>	2024-04-15 17:29:42 +00:00
renovate[bot]	09428e16b2	chore: lock file maintenance Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>	2024-04-15 03:46:12 +00:00
renovate[bot]	f5e6710068	chore: update commitlint monorepo to ^19.2.2 Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>	2024-04-14 14:32:54 +00:00
renovate[bot]	0dcdfea860	chore: update github/codeql-action action to v3.24.10 Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>	2024-04-08 06:58:02 +00:00
renovate[bot]	93d9a7837f	chore: lock file maintenance Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>	2024-04-08 03:51:05 +00:00
renovate[bot]	8cbf36a67b	chore: lock file maintenance Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>	2024-04-01 04:36:13 +00:00
renovate[bot]	d06552cff6	chore: update dependency mocha to ^10.4.0 Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>	2024-03-26 21:19:10 +00:00
renovate[bot]	bfa045483c	chore: update dependency express to ^4.19.2 Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>	2024-03-25 19:58:11 +00:00
renovate[bot]	8b83de5d91	chore: lock file maintenance Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>	2024-03-25 03:51:53 +00:00
renovate[bot]	67d9a8d2a4	chore: update github/codeql-action action to v3.24.9 Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>	2024-03-22 16:13:37 +00:00
renovate[bot]	bc3afea99a	chore: update dependency express to ^4.19.1 Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>	2024-03-21 04:40:53 +00:00
renovate[bot]	4b548b7938	chore: update dependency express to ^4.19.0 Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>	2024-03-20 20:14:16 +00:00
renovate[bot]	23b55ae9c0	chore: update dependency @commitlint/cli to ^19.2.1 Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>	2024-03-19 07:10:52 +00:00
renovate[bot]	9318735471	chore: update github/codeql-action action to v3.24.8 Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>	2024-03-18 18:35:17 +00:00
renovate[bot]	e6d467cfb4	chore: lock file maintenance Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>	2024-03-18 04:50:42 +00:00
renovate[bot]	394755b079	chore: update dependency @commitlint/cli to ^19.2.0 Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>	2024-03-15 08:07:50 +00:00
renovate[bot]	b1b61523ef	chore: update github/codeql-action action to v3.24.7 Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>	2024-03-12 22:56:29 +00:00
renovate[bot]	d9a42a356e	chore: update commitlint monorepo to ^19.1.0 Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>	2024-03-12 09:30:15 +00:00
renovate[bot]	f11eb44efd	chore: lock file maintenance Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>	2024-03-11 04:55:08 +00:00