From 7c784c819e89c90cac9d3b94c4b977ba21d85c83 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Sun, 4 Apr 2021 23:05:40 +0000 Subject: [PATCH 1/5] fix: package.json to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-NODEMAILER-1038834 --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index 05a527544..c5a7e1ec3 100644 --- a/package.json +++ b/package.json @@ -59,7 +59,7 @@ "moment": "^2.18.1", "mysql": "^2.14.1", "mz": "^2.6.0", - "nodemailer": "^1.3.0", + "nodemailer": "^6.4.16", "normalize-registry-metadata": "^1.1.2", "rimraf": "^2.6.2", "semver": "^5.4.1", From 242b118b8c3223cd1a6c87faa31f97a4499fe69e Mon Sep 17 00:00:00 2001 From: Marcel Raschke <42359664+MarcelRaschke@users.noreply.github.com> Date: Wed, 21 Apr 2021 20:28:48 +0200 Subject: [PATCH 2/5] Create npm-publish.yml --- .github/workflows/npm-publish.yml | 47 +++++++++++++++++++++++++++++++ 1 file changed, 47 insertions(+) create mode 100644 .github/workflows/npm-publish.yml diff --git a/.github/workflows/npm-publish.yml b/.github/workflows/npm-publish.yml new file mode 100644 index 000000000..a0236637c --- /dev/null +++ b/.github/workflows/npm-publish.yml @@ -0,0 +1,47 @@ +# This workflow will run tests using node and then publish a package to GitHub Packages when a release is created +# For more information see: https://help.github.com/actions/language-and-framework-guides/publishing-nodejs-packages + +name: Node.js Package + +on: + release: + types: [created] + +jobs: + build: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v2 + - uses: actions/setup-node@v2 + with: + node-version: 12 + - run: npm ci + - run: npm test + + publish-npm: + needs: build + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v2 + - uses: actions/setup-node@v2 + with: + node-version: 12 + registry-url: https://registry.npmjs.org/ + - run: npm ci + - run: npm publish + env: + NODE_AUTH_TOKEN: ${{secrets.npm_token}} + + publish-gpr: + needs: build + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v2 + - uses: actions/setup-node@v2 + with: + node-version: 12 + registry-url: https://npm.pkg.github.com/ + - run: npm ci + - run: npm publish + env: + NODE_AUTH_TOKEN: ${{secrets.GITHUB_TOKEN}} From cfcfd0951f6ff3f88baa39eb0354cb379e94e4fd Mon Sep 17 00:00:00 2001 From: Marcel Raschke <42359664+MarcelRaschke@users.noreply.github.com> Date: Wed, 21 Apr 2021 20:29:46 +0200 Subject: [PATCH 3/5] Create node.js.yml --- .github/workflows/node.js.yml | 30 ++++++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) create mode 100644 .github/workflows/node.js.yml diff --git a/.github/workflows/node.js.yml b/.github/workflows/node.js.yml new file mode 100644 index 000000000..afc2425b7 --- /dev/null +++ b/.github/workflows/node.js.yml @@ -0,0 +1,30 @@ +# This workflow will do a clean install of node dependencies, build the source code and run tests across different versions of node +# For more information see: https://help.github.com/actions/language-and-framework-guides/using-nodejs-with-github-actions + +name: Node.js CI + +on: + push: + branches: [ master ] + pull_request: + branches: [ master ] + +jobs: + build: + + runs-on: ubuntu-latest + + strategy: + matrix: + node-version: [10.x, 12.x, 14.x, 15.x] + # See supported Node.js release schedule at https://nodejs.org/en/about/releases/ + + steps: + - uses: actions/checkout@v2 + - name: Use Node.js ${{ matrix.node-version }} + uses: actions/setup-node@v2 + with: + node-version: ${{ matrix.node-version }} + - run: npm ci + - run: npm run build --if-present + - run: npm test From ea29a0797ccf7a9bf195e0f477a32976ebe8c873 Mon Sep 17 00:00:00 2001 From: Marcel Raschke <42359664+MarcelRaschke@users.noreply.github.com> Date: Wed, 21 Apr 2021 20:31:23 +0200 Subject: [PATCH 4/5] Create deno.yml --- .github/workflows/deno.yml | 39 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 39 insertions(+) create mode 100644 .github/workflows/deno.yml diff --git a/.github/workflows/deno.yml b/.github/workflows/deno.yml new file mode 100644 index 000000000..8d524c284 --- /dev/null +++ b/.github/workflows/deno.yml @@ -0,0 +1,39 @@ +# This workflow uses actions that are not certified by GitHub. +# They are provided by a third-party and are governed by +# separate terms of service, privacy policy, and support +# documentation. + +# This workflow will install Deno and run tests across stable and nightly builds on Windows, Ubuntu and macOS. +# For more information see: https://github.com/denolib/setup-deno + +name: Deno + +on: + push: + branches: [master] + pull_request: + branches: [master] + +jobs: + test: + runs-on: ${{ matrix.os }} # runs a test on Ubuntu, Windows and macOS + + strategy: + matrix: + deno: ["v1.x", "nightly"] + os: [macOS-latest, windows-latest, ubuntu-latest] + + steps: + - name: Setup repo + uses: actions/checkout@v2 + + - name: Setup Deno + uses: denolib/setup-deno@c7d7968ad4a59c159a777f79adddad6872ee8d96 + with: + deno-version: ${{ matrix.deno }} # tests across multiple Deno versions + + - name: Cache Dependencies + run: deno cache deps.ts + + - name: Run Tests + run: deno test -A --unstable From de8e03f228cf251a40dbe9ebe0d54b0f6feaf173 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Fri, 8 Jul 2022 21:25:28 +0000 Subject: [PATCH 5/5] feat: upgrade xss from 0.3.8 to 1.0.13 Snyk has created this PR to upgrade xss from 0.3.8 to 1.0.13. See this package in npm: https://www.npmjs.com/package/xss See this project in Snyk: https://app.snyk.io/org/marcelraschke/project/ea011853-aa66-4d34-9ddb-131448d70500?utm_source=github&utm_medium=referral&page=upgrade-pr --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index c5a7e1ec3..6ad6b55e2 100644 --- a/package.json +++ b/package.json @@ -70,7 +70,7 @@ "urllib": "^2.24.0", "utility": "^1.12.0", "uuid": "^8.3.0", - "xss": "^0.3.3" + "xss": "^1.0.13" }, "devDependencies": { "autod": "*",