From 39768648949a64a33517191af16badbed0a97f46 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Sun, 14 Aug 2022 22:54:57 +0000 Subject: [PATCH] fix: package.json & yarn.lock to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-ACTIONSCORE-2980270 --- package.json | 2 +- yarn.lock | 14 ++++++++++---- 2 files changed, 11 insertions(+), 5 deletions(-) diff --git a/package.json b/package.json index 63d7dc7..7364751 100644 --- a/package.json +++ b/package.json @@ -31,7 +31,7 @@ }, "homepage": "https://github.com/gautamkrishnar/blog-post-workflow#readme", "dependencies": { - "@actions/core": "^1.9.0", + "@actions/core": "^1.9.1", "dateformat": "^3.0.3", "esbuild": "^0.14.49", "keepalive-workflow": "^1.0.8", diff --git a/yarn.lock b/yarn.lock index 3827e86..21909c2 100644 --- a/yarn.lock +++ b/yarn.lock @@ -2,12 +2,13 @@ # yarn lockfile v1 -"@actions/core@^1.9.0": - version "1.9.0" - resolved "https://registry.yarnpkg.com/@actions/core/-/core-1.9.0.tgz#20c1baac5d4bd2508ba1fc3e5f3fc4b8a80d4082" - integrity sha512-5pbM693Ih59ZdUhgk+fts+bUWTnIdHV3kwOSr+QIoFHMLg7Gzhwm0cifDY/AG68ekEJAkHnQVpcy4f6GjmzBCA== +"@actions/core@^1.9.1": + version "1.9.1" + resolved "https://registry.yarnpkg.com/@actions/core/-/core-1.9.1.tgz#97c0201b1f9856df4f7c3a375cdcdb0c2a2f750b" + integrity sha512-5ad+U2YGrmmiw6du20AQW5XuWo7UKN2052FjSV7MX+Wfjf8sCqcsZe62NfgHys4QI4/Y+vQvLKYL8jWtA1ZBTA== dependencies: "@actions/http-client" "^2.0.1" + uuid "^8.3.2" "@actions/http-client@^2.0.1": version "2.0.1" @@ -1399,6 +1400,11 @@ tunnel@^0.0.6: resolved "https://registry.yarnpkg.com/tunnel/-/tunnel-0.0.6.tgz#72f1314b34a5b192db012324df2cc587ca47f92c" integrity sha512-1h/Lnq9yajKY2PEbBadPXj3VxsDDu844OnaAo52UVmIzIvwwtBPIuNvkjuzBlTWpfJyUbG3ez0KSBibQkj4ojg== +uuid@^8.3.2: + version "8.3.2" + resolved "https://registry.yarnpkg.com/uuid/-/uuid-8.3.2.tgz#80d5b5ced271bb9af6c445f21a1a04c606cefbe2" + integrity sha512-+NYs2QeMWy+GWFOEm9xnn6HCDp0l7QBD7ml8zLUmJ+93Q5NF0NocErnwkTkXVFNiX3/fpC6afS8Dhb/gz7R7eg== + wait-on@5.2.0: version "5.2.0" resolved "https://registry.yarnpkg.com/wait-on/-/wait-on-5.2.0.tgz#6711e74422523279714a36d52cf49fb47c9d9597"