8000 chore(deps): update actions: bump oke-py/npm-audit-action from 2 to 3 by dependabot[bot] · Pull Request #27 · woliveiras/woliveiras.github.io · GitHub
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content

chore(deps): update actions: bump oke-py/npm-audit-action from 2 to 3 #27

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

chore(deps): update actions: bump oke-py/npm-audit-action from 2 to 3 #27

wants to merge 1 commit into from

Conversation

dependabot[bot]
Copy link
Contributor
@dependabot dependabot bot commented on behalf of github May 5, 2025

Bumps oke-py/npm-audit-action from 2 to 3.

Release notes

Sourced from oke-py/npm-audit-action's releases.

v3.0.0

npm-audit-action v3.0.0 Release Notes

Major Changes

Runtime Environment

  • Node.js 20 Support: Updated minimum Node.js version from 16 to 20
  • ES Modules Migration: Converted codebase from CommonJS to ES Modules
  • Modern JavaScript: Modernized code to ES2020 standards

Development Infrastructure

  • Testing Framework: Migrated from Jest to Vitest
  • Linting: Upgraded to ESLint 9 with updated configurations
  • Build Process: Updated TypeScript configuration and build pipeline

Dependencies

  • Core Dependencies:
    • Updated @​actions/core from 1.10.1 to 1.11.1
    • Updated @​actions/github to v6.0.0
    • Updated @​octokit/rest to v21.1.1
    • Replaced axios calls with Octokit
    • Updated strip-ansi to v7.1.0

GitHub Actions

  • Action Dependencies:
    • Bumped actions/checkout from v3 to v4
    • Bumped actions/setup-node from v3 to v4
    • Bumped stefanzweifel/git-auto-commit-action from v4 to v5

Breaking Changes

The upgrade to Node.js 20 may require users to update their GitHub Actions workflows if they're currently pinned to older Node.js versions. Update your workflow files to use a compatible runner that supports Node.js 20.

How to Upgrade

Update your GitHub Actions workflow to use the new version:

- uses: oke-py/npm-audit-action@v3
  with:
    audit_level: moderate
    github_token: ${{ secrets.GITHUB_TOKEN }}
    issue_assignees: your-username
    issue_labels: vulnerability,security
    dedupe_issues: true

Full Changelog

For a complete list of changes, see the full changelog.

... (truncated)

Commits
  • 6ec7878 Merge pull request #235 from oke-py/feature/update-to-v3
  • 3fa1b76 feat: update references from v2 to v3 for release v3.0.0
  • 766b744 Merge pull request #234 from oke-py/docs/update-clinerules-formatting
  • 5af198a docs: update clinerules formatting and TypeScript configuration
  • ca1ad4f Merge pull request #233 from oke-py/docs/update-gh-pr-create-usage
  • cbd6ea4 docs: add detailed instructions for gh pr create usage
  • 274f32f Merge pull request #232 from oke-py/fix/prettier-eslint-conflict
  • fa975d0 fix: resolve prettier and eslint conflict by removing bracketSpacing: false
  • 93b0055 Merge pull request #231 from oke-py/fix/test-coverage-src-only
  • 9f4cdf9 fix: limit test coverage to src directory only
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with th A01A is PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
chore(deps): update actions: bump oke-py/npm-audit-action from 2 to 3
0789f71 
Bumps [oke-py/npm-audit-action](https://github.com/oke-py/npm-audit-action) from 2 to 3.
- [Release notes](https://github.com/oke-py/npm-audit-action/releases)
- [Commits](oke-py/npm-audit-action@v2...v3)

---
updated-dependencies:
- dependency-name: oke-py/npm-audit-action
  dependency-version: '3'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels May 5, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@woliveiras woliveiras

Labels
dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@woliveiras
0