Skip to content

Upgrade all dependencies#418

Closed
Skitionek wants to merge 401 commits intoactions:mainfrom
Skitionek:update-dependencies
Closed

Upgrade all dependencies#418
Skitionek wants to merge 401 commits intoactions:mainfrom
Skitionek:update-dependencies

Conversation

@Skitionek
Copy link

@Skitionek Skitionek commented Sep 8, 2024

It has not been updated for a while - some dependencies had known vulnerabilities.

homoluctus and others added 30 commits September 21, 2019 16:38
@homoluctus
Merge pull request #35 from homoluctus/develop
c4cf5ee 
UPDATE - preview contains job_name #34
@homoluctus
[UPDATE] prepare for release
3a0d2c1
@homoluctus
UPDATE - change the text message order
9d6f915
@homoluctus
Merge pull request #36 from homoluctus/develop
a1bf904 
UPDATE - change the text message order
@homoluctus
[UPDATE] prepare for release
57414ff
@homoluctus
UPDATE - add two patterns for cancel and failure
738cdfe
@homoluctus
UPDATE - replace to new images
4d31c5f
@homoluctus
Merge pull request #37 from homoluctus/develop
4008a39 
Modify GitHub Actions to test three pattern (succeed, fail and cancel)
@homoluctus
UPDATE - execute cancel job after success job
83d0b94
@homoluctus
UPDATE - replace failure image to new
75f3096
@homoluctus
Merge pull request #39 from homoluctus/develop
4e7dab4 
Change the order jobs
@homoluctus
UPDATE - wait 60 sec not to send message to slack immediately
90a95ce
@homoluctus
Merge pull request #41 from homoluctus/develop
9acc017 
UPDATE - wait 60 sec not to send message to slack immediately
@homoluctus
UPDATE - rename workflow
7334991
@homoluctus
UPDATE - replace cancel image to new one
cb94131
@homoluctus
ADD - create deploy.yml to check if works properly
dd041a0
@homoluctus
UPDATE - append a new badge for Works properly workflow
41e81b2
@homoluctus
Merge pull request #42 from homoluctus/develop
75b53e9 
ADD - create deploy.yml to check if works properly
@homoluctus
UPDATE - add description about feature and replace slack ui image
a66aa0c
@homoluctus
UPDATE - replace slack image to new one
e0c5856
@homoluctus
Merge pull request #43 from homoluctus/develop
a35ce8c 
Replace slack UI images to new image
@homoluctus
Merge pull request #40 from homoluctus/releases/v1
d6b6b8f 
Release 1.7.2
@homoluctus
ADD - create workflow for develop
1109acd
@homoluctus
UPDATE - change job_name
b122e7d
@homoluctus
UPDATE - modify mention syntax
f4c5890
@homoluctus
UPDATE - add mention feature
c20d75e
@homoluctus
UPDATE - add if statement to support mention_text is empty str
2ed6189
@homoluctus
UPDATE - add description for mention feature
804df19
@homoluctus
UPDATE - add mention test
d141531
@homoluctus
Merge pull request #44 from homoluctus/feature/mention
a6bfd81 
Add slack mention feature
semantic-release-bot and others added 27 commits February 2, 2023 13:38
@semantic-release-bot
chore(release): 1.0.7 [skip ci]
24849a2 
## [1.0.7](v1.0.6...v1.0.7) (2023-02-02)

### Bug Fixes

* package.json & package-lock.json to reduce vulnerabilities ([#52](#52)) ([ecc73bd](ecc73bd))
@snyk-bot
fix: package.json, package-lock.json & .snyk to reduce vulnerabilities (
3c11469 
#53)

The following vulnerabilities are fixed with a Snyk patch:
- https://snyk.io/vuln/SNYK-JS-LODASH-567746
@semantic-release-bot
chore(release): 1.0.8 [skip ci]
9c67757 
## [1.0.8](v1.0.7...v1.0.8) (2023-02-02)

### Bug Fixes

* package.json, package-lock.json & .snyk to reduce vulnerabilities ([#53](#53)) ([3c11469](3c11469))
@dependabot
Bump follow-redirects from 1.14.5 to 1.15.2 (#55)
114b55a 
Bumps [follow-redirects](https://github.com/follow-redirects/follow-redirects) from 1.14.5 to 1.15.2.
- [Release notes](https://github.com/follow-redirects/follow-redirects/releases)
- [Commits](follow-redirects/follow-redirects@v1.14.5...v1.15.2)

---
updated-dependencies:
- dependency-name: follow-redirects
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@dependabot
Bump ini from 1.3.5 to 1.3.8 (#54)
6a01ae3 
Bumps [ini](https://github.com/npm/ini) from 1.3.5 to 1.3.8.
- [Release notes](https://github.com/npm/ini/releases)
- [Changelog](https://github.com/npm/ini/blob/main/CHANGELOG.md)
- [Commits](npm/ini@v1.3.5...v1.3.8)

---
updated-dependencies:
- dependency-name: ini
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@dependabot
Bump ansi-regex (#49)
31df812 
Bumps [ansi-regex](https://github.com/chalk/ansi-regex) and [ansi-regex](https://github.com/chalk/ansi-regex). These dependencies needed to be updated together.

Updates `ansi-regex` from 3.0.0 to 4.1.1
- [Release notes](https://github.com/chalk/ansi-regex/releases)
- [Commits](chalk/ansi-regex@v3.0.0...v4.1.1)

Updates `ansi-regex` from 4.1.0 to 4.1.1
- [Release notes](https://github.com/chalk/ansi-regex/releases)
- [Commits](chalk/ansi-regex@v3.0.0...v4.1.1)

---
updated-dependencies:
- dependency-name: ansi-regex
  dependency-type: indirect
- dependency-name: ansi-regex
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@dependabot
Bump lodash from 4.17.15 to 4.17.21 (#48)
621ca52 
Bumps [lodash](https://github.com/lodash/lodash) from 4.17.15 to 4.17.21.
- [Release notes](https://github.com/lodash/lodash/releases)
- [Commits](lodash/lodash@4.17.15...4.17.21)

---
updated-dependencies:
- dependency-name: lodash
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@dependabot
Bump tar from 4.4.8 to 4.4.19 (#47)
346deb5 
Bumps [tar](https://github.com/npm/node-tar) from 4.4.8 to 4.4.19.
- [Release notes](https://github.com/npm/node-tar/releases)
- [Changelog](https://github.com/isaacs/node-tar/blob/main/CHANGELOG.md)
- [Commits](isaacs/node-tar@v4.4.8...v4.4.19)

---
updated-dependencies:
- dependency-name: tar
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@dependabot
Bump json5 from 2.1.3 to 2.2.3 (#44)
10b5b9c 
Bumps [json5](https://github.com/json5/json5) from 2.1.3 to 2.2.3.
- [Release notes](https://github.com/json5/json5/releases)
- [Changelog](https://github.com/json5/json5/blob/main/CHANGELOG.md)
- [Commits](json5/json5@v2.1.3...v2.2.3)

---
updated-dependencies:
- dependency-name: json5
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@dependabot
Bump node-fetch from 2.6.0 to 2.6.7 (#28)
6c3cda9 
Bumps [node-fetch](https://github.com/node-fetch/node-fetch) from 2.6.0 to 2.6.7.
- [Release notes](https://github.com/node-fetch/node-fetch/releases)
- [Commits](node-fetch/node-fetch@v2.6.0...v2.6.7)

---
updated-dependencies:
- dependency-name: node-fetch
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@dependabot
Bump ajv from 6.10.2 to 6.12.6 (#22)
8635fd5 
Bumps [ajv](https://github.com/ajv-validator/ajv) from 6.10.2 to 6.12.6.
- [Release notes](https://github.com/ajv-validator/ajv/releases)
- [Commits](ajv-validator/ajv@v6.10.2...v6.12.6)

---
updated-dependencies:
- dependency-name: ajv
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@dependabot
Bump qs from 6.5.2 to 6.5.3 (#42)
4003464 
Bumps [qs](https://github.com/ljharb/qs) from 6.5.2 to 6.5.3.
- [Release notes](https://github.com/ljharb/qs/releases)
- [Changelog](https://github.com/ljharb/qs/blob/main/CHANGELOG.md)
- [Commits](ljharb/qs@v6.5.2...v6.5.3)

---
updated-dependencies:
- dependency-name: qs
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@dependabot
Bump ws from 5.2.2 to 5.2.3 (#11)
de610a0 
Bumps [ws](https://github.com/websockets/ws) from 5.2.2 to 5.2.3.
- [Release notes](https://github.com/websockets/ws/releases)
- [Commits](websockets/ws@5.2.2...5.2.3)

---
updated-dependencies:
- dependency-name: ws
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@dependabot
Bump semver-regex and husky (#59)
b0c087e 
Bumps [semver-regex](https://github.com/sindresorhus/semver-regex) to 3.1.4 and updates ancestor dependency [husky](https://github.com/typicode/husky). These dependencies need to be updated together.


Updates `semver-regex` from 2.0.0 to 3.1.4
- [Release notes](https://github.com/sindresorhus/semver-regex/releases)
- [Commits](sindresorhus/semver-regex@v2.0.0...v3.1.4)

Updates `husky` from 4.2.5 to 4.3.8
- [Release notes](https://github.com/typicode/husky/releases)
- [Commits](typicode/husky@v4.2.5...v4.3.8)

---
updated-dependencies:
- dependency-name: semver-regex
  dependency-type: indirect
- dependency-name: husky
  dependency-type: direct:development
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@dependabot
Bump minimist, mkdirp and handlebars (#57)
b44a4eb 
Bumps [minimist](https://github.com/minimistjs/minimist), [mkdirp](https://github.com/isaacs/node-mkdirp) and [handlebars](https://github.com/wycats/handlebars.js). These dependencies needed to be updated together.

Updates `minimist` from 1.2.0 to 1.2.7
- [Release notes](https://github.com/minimistjs/minimist/releases)
- [Changelog](https://github.com/minimistjs/minimist/blob/main/CHANGELOG.md)
- [Commits](minimistjs/minimist@v1.2.0...v1.2.7)

Updates `mkdirp` from 0.5.1 to 0.5.6
- [Release notes](https://github.com/isaacs/node-mkdirp/releases)
- [Changelog](https://github.com/isaacs/node-mkdirp/blob/main/CHANGELOG.md)
- [Commits](isaacs/node-mkdirp@0.5.1...v0.5.6)

Updates `handlebars` from 4.4.5 to 4.7.7
- [Release notes](https://github.com/wycats/handlebars.js/releases)
- [Changelog](https://github.com/handlebars-lang/handlebars.js/blob/master/release-notes.md)
- [Commits](handlebars-lang/handlebars.js@v4.4.5...v4.7.7)

---
updated-dependencies:
- dependency-name: minimist
  dependency-type: indirect
- dependency-name: mkdirp
  dependency-type: indirect
- dependency-name: handlebars
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@dependabot
Bump glob-parent and @babel/cli (#61)
7344425 
Bumps [glob-parent](https://github.com/gulpjs/glob-parent) to 5.1.2 and updates ancestor dependency [@babel/cli](https://github.com/babel/babel/tree/HEAD/packages/babel-cli). These dependencies need to be updated together.


Updates `glob-parent` from 5.0.0 to 5.1.2
- [Release notes](https://github.com/gulpjs/glob-parent/releases)
- [Changelog](https://github.com/gulpjs/glob-parent/blob/main/CHANGELOG.md)
- [Commits](gulpjs/glob-parent@v5.0.0...v5.1.2)

Updates `@babel/cli` from 7.8.4 to 7.20.7
- [Release notes](https://github.com/babel/babel/releases)
- [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md)
- [Commits](https://github.com/babel/babel/commits/v7.20.7/packages/babel-cli)

---
updated-dependencies:
- dependency-name: glob-parent
  dependency-type: indirect
- dependency-name: "@babel/cli"
  dependency-type: direct:development
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@dependabot
Bump json-schema and jsprim (#60)
853d326 
Bumps [json-schema](https://github.com/kriszyp/json-schema) and [jsprim](https://github.com/joyent/node-jsprim). These dependencies needed to be updated together.

Updates `json-schema` from 0.2.3 to 0.4.0
- [Release notes](https://github.com/kriszyp/json-schema/releases)
- [Commits](kriszyp/json-schema@v0.2.3...v0.4.0)

Updates `jsprim` from 1.4.1 to 1.4.2
- [Release notes](https://github.com/joyent/node-jsprim/releases)
- [Changelog](https://github.com/TritonDataCenter/node-jsprim/blob/v1.4.2/CHANGES.md)
- [Commits](TritonDataCenter/node-jsprim@v1.4.1...v1.4.2)

---
updated-dependencies:
- dependency-name: json-schema
  dependency-type: indirect
- dependency-name: jsprim
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@dependabot
build(deps): bump y18n from 4.0.0 to 4.0.3 (#62)
e113190 
Bumps [y18n](https://github.com/yargs/y18n) from 4.0.0 to 4.0.3.
- [Release notes](https://github.com/yargs/y18n/releases)
- [Changelog](https://github.com/yargs/y18n/blob/y18n-v4.0.3/CHANGELOG.md)
- [Commits](yargs/y18n@v4.0.0...y18n-v4.0.3)

---
updated-dependencies:
- dependency-name: y18n
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@dependabot
build(deps): bump node-notifier and jest (#63)
326ca4b 
Removes [node-notifier](https://github.com/mikaelbr/node-notifier). It's no longer used after updating ancestor dependency [jest](https://github.com/facebook/jest/tree/HEAD/packages/jest). These dependencies need to be updated together.


Removes `node-notifier`

Updates `jest` from 24.9.0 to 29.4.1
- [Release notes](https://github.com/facebook/jest/releases)
- [Changelog](https://github.com/facebook/jest/blob/main/CHANGELOG.md)
- [Commits](https://github.com/facebook/jest/commits/v29.4.1/packages/jest)

---
updated-dependencies:
- dependency-name: node-notifier
  dependency-type: indirect
- dependency-name: jest
  dependency-type: direct:development
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@dependabot
build(deps): bump @actions/http-client from 1.0.7 to 1.0.11 (#64)
78ecded 
Bumps [@actions/http-client](https://github.com/actions/toolkit/tree/HEAD/packages/http-client) from 1.0.7 to 1.0.11.
- [Release notes](https://github.com/actions/toolkit/releases)
- [Changelog](https://github.com/actions/toolkit/blob/main/packages/http-client/RELEASES.md)
- [Commits](https://github.com/actions/toolkit/commits/HEAD/packages/http-client)

---
updated-dependencies:
- dependency-name: "@actions/http-client"
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@dependabot
build(deps): bump acorn from 7.0.0 to 7.4.1 (#66)
257de7e 
Bumps [acorn](https://github.com/acornjs/acorn) from 7.0.0 to 7.4.1.
- [Release notes](https://github.com/acornjs/acorn/releases)
- [Commits](acornjs/acorn@7.0.0...7.4.1)

---
updated-dependencies:
- dependency-name: acorn
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@dependabot
build(deps): bump browserslist from 4.12.0 to 4.21.5 (#65)
9bf261c 
Bumps [browserslist](https://github.com/browserslist/browserslist) from 4.12.0 to 4.21.5.
- [Release notes](https://github.com/browserslist/browserslist/releases)
- [Changelog](https://github.com/browserslist/browserslist/blob/main/CHANGELOG.md)
- [Commits](browserslist/browserslist@4.12.0...4.21.5)

---
updated-dependencies:
- dependency-name: browserslist
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@dependabot
Bump minimatch from 3.0.4 to 3.1.2 (#39)
fcf78be 
Bumps [minimatch](https://github.com/isaacs/minimatch) from 3.0.4 to 3.1.2.
- [Release notes](https://github.com/isaacs/minimatch/releases)
- [Commits](isaacs/minimatch@v3.0.4...v3.1.2)

---
updated-dependencies:
- dependency-name: minimatch
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@dependabot
Bump path-parse from 1.0.6 to 1.0.7 (#12)
b290e57 
Bumps [path-parse](https://github.com/jbgutierrez/path-parse) from 1.0.6 to 1.0.7.
- [Release notes](https://github.com/jbgutierrez/path-parse/releases)
- [Commits](https://github.com/jbgutierrez/path-parse/commits/v1.0.7)

---
updated-dependencies:
- dependency-name: path-parse
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@drewB
Update action.yml to use node 20 (#87)
77cc88b
@minhazur-piash
Update MessageCard to AdaptiveCard (#83)
190d4d9
@Skitionek
upgrade all dependencies
0513fb5
@Skitionek Skitionek requested a review from a team as a code owner September 8, 2024 17:13
@Skitionek Skitionek closed this Sep 8, 2024
@Skitionek
Copy link
Author

Skitionek commented Sep 8, 2024

Sorry I've accidentally used wrong remote.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

8 participants

@Skitionek @homoluctus @johanmeiring @semantic-release-bot @snyk-bot @rouanw @drewB @minhazur-piash