Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Bump @actions/core to 1.9.1 #56

Merged
merged 1 commit into from
Aug 28, 2022
Merged

Bump @actions/core to 1.9.1 #56

merged 1 commit into from
Aug 28, 2022

Conversation

ilammy
Copy link
Owner

@ilammy ilammy commented Aug 28, 2022

Fixes CVE-2022-35954. Does not look like anything terriblity important
to me, but hey, audit is happy.
@ilammy
Copy link
Owner Author

ilammy commented Aug 28, 2022

Oh wow, now it pulls in a bunch of dependencies 😢

RIP going months without a CVE in the codebase. Bracing for getting notifications about them every week.

@ilammy ilammy merged commit fe44a12 into master Aug 28, 2022
@ilammy ilammy deleted the audit branch August 28, 2022 07:38
@pzhlkj6612
Copy link
Contributor

well, the "node_modules" entry in .gitignore didn't work?

@ilammy
Copy link
Owner Author

ilammy commented Aug 29, 2022

Hm... Seems to be something with my local clone 😞 When I prepared the change, I saw updates in node_modules, so naturally git added them. I think that was some remnant of the past, or something.

I believe node_modules with production dependencies is needed only on the release branch, since actions expect everything to be vendored and ready for them.

@pzhlkj6612
Copy link
Contributor

IIRC, adding a Git-ignored item is not that easy: git - Force add despite the .gitignore file - Stack Overflow.

Anyway, I've seen #57 and it's alright now. :)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants