Skip to content

fix: upgrade dependencies to fix vulnerabilities #28566

fix: upgrade dependencies to fix vulnerabilities

fix: upgrade dependencies to fix vulnerabilities #28566

Workflow file for this run

name: Check packages
on:
pull_request:
jobs:
dependency-deduplication:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
- uses: actions/setup-node@v4
with:
node-version: 20.x
cache: 'yarn'
- uses: tj-actions/changed-files@v41
id: changed-files-specific
with:
files: |
yarn.lock
- name: Check package duplicates
if: steps.changed-files-specific.outputs.any_changed == 'true'
run: |
echo "yarn.lock changed! Verifying package deduplication ..."
yarn run dedupe --list --fail
if [[ $? -ne 0 ]]; then
echo "Your changes introduced package duplication 🚨"
echo "Run 'yarn run dedupe' to fix those."
else
echo "No duplicate packages introduced ✅"
fi
dependency-mismatches:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
- uses: actions/setup-node@v4
with:
node-version: 20.x
- uses: actions/github-script@v7
with:
script: |
const syncpackVersion = require('./package.json').devDependencies.syncpack;
if (typeof syncpackVersion !== 'string') {
core.setFailed("Please check 'package.json', it should include 'syncpack' in 'devDependencies'")
return
}
core.exportVariable('SYNCPACK_VERSION', syncpackVersion);
- run: |
npx syncpack@$SYNCPACK_VERSION list-mismatches
change-files:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
- uses: actions/setup-node@v4
with:
node-version: 20.x
- uses: actions/github-script@v7
with:
script: |
const beachballVersion = require('./package.json').devDependencies.beachball;
if (typeof beachballVersion !== 'string') {
core.setFailed("Please check 'package.json', it should include 'beachball' in 'devDependencies'")
return
}
core.exportVariable('BEACHBALL_VERSION', beachballVersion);
- run: |
npx beachball@$BEACHBALL_VERSION check