From 4149e84e62ca47011b5467e0b124025b4912a027 Mon Sep 17 00:00:00 2001 From: sriram veeraghanta Date: Sat, 16 Nov 2024 18:25:29 +0530 Subject: [PATCH 1/8] Create dependabot.yml (#6002) --- .github/dependabot.yml | 110 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 110 insertions(+) create mode 100644 .github/dependabot.yml diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 0000000000..a4d992f311 --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,110 @@ +version: 2 +updates: +# Root level package.json (Turborepo) +- package-ecosystem: "npm" # See documentation for possible values + directory: "/" # Location of package manifests + schedule: + interval: "weekly" + labels: + - "dependencies" + - "turbo" + commit-message: + prefix: "chore(deps)" + prefix-development: "chore(deps-dev)" + groups: + turborepo-deps: + patterns: + - "turbo" + - "@turbo/*" + +# Web App +- package-ecosystem: "npm" + directory: "/web" + schedule: + interval: "weekly" + labels: + - "dependencies" + - "web" + groups: + next-deps: + patterns: + - "next" + - "@next/*" + react-deps: + patterns: + - "react" + - "react-dom" + +# Admin App +- package-ecosystem: "npm" + directory: "/admin" + schedule: + interval: "weekly" + labels: + - "dependencies" + - "admin" + groups: + next-deps: + patterns: + - "next" + - "@next/*" + react-deps: + patterns: + - "react" + - "react-dom" + +# Sites App +- package-ecosystem: "npm" + directory: "/space" + schedule: + interval: "weekly" + labels: + - "dependencies" + - "sites" + groups: + next-deps: + patterns: + - "next" + - "@next/*" + react-deps: + patterns: + - "react" + - "react-dom" + +# Live Server +- package-ecosystem: "npm" + directory: "/live" # Adjust path for your Node.js app + schedule: + interval: "weekly" + labels: + - "dependencies" + - "live" + - "nodejs" + +# Python service +- package-ecosystem: "pip" + directory: "/apiserver" # Adjust path for your Python app + schedule: + interval: "weekly" + labels: + - "dependencies" + - "backend" + - "python" + +# GitHub Actions +- package-ecosystem: "github-actions" + directory: "/" + schedule: + interval: "weekly" + labels: + - "ci-cd" + - "dependencies" + +# Docker dependencies +- package-ecosystem: "docker" + directory: "/" + schedule: + interval: "weekly" + labels: + - "dependencies" + - "docker" From 1b1b160c0455edac8b766d295487fb40e9a8fa9f Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 16 Nov 2024 18:30:44 +0530 Subject: [PATCH 2/8] chore(deps): bump docker/build-push-action from 5.1.0 to 6.9.0 (#6004) Bumps [docker/build-push-action](https://github.com/docker/build-push-action) from 5.1.0 to 6.9.0. - [Release notes](https://github.com/docker/build-push-action/releases) - [Commits](https://github.com/docker/build-push-action/compare/v5.1.0...v6.9.0) --- updated-dependencies: - dependency-name: docker/build-push-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/build-aio-base.yml | 4 ++-- .github/workflows/build-aio-branch.yml | 4 ++-- .github/workflows/feature-deployment.yml | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/build-aio-base.yml b/.github/workflows/build-aio-base.yml index 301fd8766a..3fb2958f1f 100644 --- a/.github/workflows/build-aio-base.yml +++ b/.github/workflows/build-aio-base.yml @@ -83,7 +83,7 @@ jobs: endpoint: ${{ env.BUILDX_ENDPOINT }} - name: Build and Push to Docker Hub - uses: docker/build-push-action@v5.1.0 + uses: docker/build-push-action@v6.9.0 with: context: ./aio file: ./aio/Dockerfile-base-full @@ -124,7 +124,7 @@ jobs: endpoint: ${{ env.BUILDX_ENDPOINT }} - name: Build and Push to Docker Hub - uses: docker/build-push-action@v5.1.0 + uses: docker/build-push-action@v6.9.0 with: context: ./aio file: ./aio/Dockerfile-base-slim diff --git a/.github/workflows/build-aio-branch.yml b/.github/workflows/build-aio-branch.yml index 8e28fe0d44..a3a2f35fa8 100644 --- a/.github/workflows/build-aio-branch.yml +++ b/.github/workflows/build-aio-branch.yml @@ -128,7 +128,7 @@ jobs: uses: actions/checkout@v4 - name: Build and Push to Docker Hub - uses: docker/build-push-action@v5.1.0 + uses: docker/build-push-action@v6.9.0 with: context: . file: ./aio/Dockerfile-app @@ -188,7 +188,7 @@ jobs: uses: actions/checkout@v4 - name: Build and Push to Docker Hub - uses: docker/build-push-action@v5.1.0 + uses: docker/build-push-action@v6.9.0 with: context: . file: ./aio/Dockerfile-app diff --git a/.github/workflows/feature-deployment.yml b/.github/workflows/feature-deployment.yml index 0c71564e12..311014cf85 100644 --- a/.github/workflows/feature-deployment.yml +++ b/.github/workflows/feature-deployment.yml @@ -79,7 +79,7 @@ jobs: uses: actions/checkout@v4 - name: Build and Push to Docker Hub - uses: docker/build-push-action@v5.1.0 + uses: docker/build-push-action@v6.9.0 with: context: . file: ./aio/Dockerfile-app From 35938b57af38be9f796a4818ce48ba43db781aa0 Mon Sep 17 00:00:00 2001 From: sriram veeraghanta Date: Sat, 16 Nov 2024 18:36:47 +0530 Subject: [PATCH 3/8] fix: dependabot security patch only --- .github/dependabot.yml | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index a4d992f311..1a2b52ff48 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -16,9 +16,13 @@ updates: patterns: - "turbo" - "@turbo/*" + allow: + - dependency-type: "all" + security-updates-only: true # Web App - package-ecosystem: "npm" + security-updates-only: true directory: "/web" schedule: interval: "weekly" @@ -37,6 +41,7 @@ updates: # Admin App - package-ecosystem: "npm" + security-updates-only: true directory: "/admin" schedule: interval: "weekly" @@ -55,6 +60,7 @@ updates: # Sites App - package-ecosystem: "npm" + security-updates-only: true directory: "/space" schedule: interval: "weekly" @@ -73,7 +79,8 @@ updates: # Live Server - package-ecosystem: "npm" - directory: "/live" # Adjust path for your Node.js app + security-updates-only: true + directory: "/live" schedule: interval: "weekly" labels: @@ -83,7 +90,8 @@ updates: # Python service - package-ecosystem: "pip" - directory: "/apiserver" # Adjust path for your Python app + security-updates-only: true + directory: "/apiserver" schedule: interval: "weekly" labels: @@ -93,6 +101,7 @@ updates: # GitHub Actions - package-ecosystem: "github-actions" + security-updates-only: true directory: "/" schedule: interval: "weekly" @@ -102,6 +111,7 @@ updates: # Docker dependencies - package-ecosystem: "docker" + security-updates-only: true directory: "/" schedule: interval: "weekly" From c5f96466e9f822cb80fff327a40702936d70d088 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 16 Nov 2024 18:40:01 +0530 Subject: [PATCH 4/8] chore(deps): bump cross-spawn in the npm_and_yarn group (#6038) Bumps the npm_and_yarn group with 1 update: [cross-spawn](https://github.com/moxystudio/node-cross-spawn). Updates `cross-spawn` from 7.0.3 to 7.0.5 - [Changelog](https://github.com/moxystudio/node-cross-spawn/blob/master/CHANGELOG.md) - [Commits](https://github.com/moxystudio/node-cross-spawn/compare/v7.0.3...v7.0.5) --- updated-dependencies: - dependency-name: cross-spawn dependency-type: indirect dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- yarn.lock | 37 +++++++++++++++++++++++++++++++------ 1 file changed, 31 insertions(+), 6 deletions(-) diff --git a/yarn.lock b/yarn.lock index cb6f87170e..1a8bbbdd67 100644 --- a/yarn.lock +++ b/yarn.lock @@ -5647,9 +5647,9 @@ cross-fetch@^3.1.5: node-fetch "^2.6.12" cross-spawn@^7.0.0, cross-spawn@^7.0.2, cross-spawn@^7.0.3: - version "7.0.3" - resolved "https://registry.yarnpkg.com/cross-spawn/-/cross-spawn-7.0.3.tgz#f73a85b9d5d41d045551c177e2882d4ac85728a6" - integrity sha512-iRDPJKUPVEND7dHPO8rkbOnPpyDygcDFtWjpeWNCgy8WP2rXcxXL8TskReQl6OrB2G7+UJrags1q15Fudc7G6w== + version "7.0.5" + resolved "https://registry.yarnpkg.com/cross-spawn/-/cross-spawn-7.0.5.tgz#910aac880ff5243da96b728bc6521a5f6c2f2f82" + integrity sha512-ZVJrKKYunU38/76t0RMOulHOnUcbU9GbpWKAOZ0mhjr7CX6FVrH+4FrAapSOekrgFQ3f/8gwMEuIft0aKq6Hug== dependencies: path-key "^3.1.0" shebang-command "^2.0.0" @@ -11287,7 +11287,16 @@ streamx@^2.15.0, streamx@^2.20.0: optionalDependencies: bare-events "^2.2.0" -"string-width-cjs@npm:string-width@^4.2.0", string-width@^4.1.0, string-width@^4.2.0, string-width@^4.2.3: +"string-width-cjs@npm:string-width@^4.2.0": + version "4.2.3" + resolved "https://registry.yarnpkg.com/string-width/-/string-width-4.2.3.tgz#269c7117d27b05ad2e536830a8ec895ef9c6d010" + integrity sha512-wKyQRQpjJ0sIp62ErSZdGsjMJWsap5oRNihHhu6G7JVO/9jIB6UyevL+tXuOqrng8j/cxKTWyWUwvSTriiZz/g== + dependencies: + emoji-regex "^8.0.0" + is-fullwidth-code-point "^3.0.0" + strip-ansi "^6.0.1" + +string-width@^4.1.0, string-width@^4.2.0, string-width@^4.2.3: version "4.2.3" resolved "https://registry.yarnpkg.com/string-width/-/string-width-4.2.3.tgz#269c7117d27b05ad2e536830a8ec895ef9c6d010" integrity sha512-wKyQRQpjJ0sIp62ErSZdGsjMJWsap5oRNihHhu6G7JVO/9jIB6UyevL+tXuOqrng8j/cxKTWyWUwvSTriiZz/g== @@ -11375,7 +11384,14 @@ string_decoder@^1.1.1, string_decoder@^1.3.0: dependencies: safe-buffer "~5.2.0" -"strip-ansi-cjs@npm:strip-ansi@^6.0.1", strip-ansi@^6.0.0, strip-ansi@^6.0.1: +"strip-ansi-cjs@npm:strip-ansi@^6.0.1": + version "6.0.1" + resolved "https://registry.yarnpkg.com/strip-ansi/-/strip-ansi-6.0.1.tgz#9e26c63d30f53443e9489495b2105d37b67a85d9" + integrity sha512-Y38VPSHcqkFrCpFnQ9vuSXmquuv5oXOKpGeT6aGrr3o3Gc9AlVa6JBfUSOCnbxGGZF+/0ooI7KrPuUSztUdU5A== + dependencies: + ansi-regex "^5.0.1" + +strip-ansi@^6.0.0, strip-ansi@^6.0.1: version "6.0.1" resolved "https://registry.yarnpkg.com/strip-ansi/-/strip-ansi-6.0.1.tgz#9e26c63d30f53443e9489495b2105d37b67a85d9" integrity sha512-Y38VPSHcqkFrCpFnQ9vuSXmquuv5oXOKpGeT6aGrr3o3Gc9AlVa6JBfUSOCnbxGGZF+/0ooI7KrPuUSztUdU5A== @@ -12607,7 +12623,16 @@ word-wrap@^1.2.5: resolved "https://registry.yarnpkg.com/word-wrap/-/word-wrap-1.2.5.tgz#d2c45c6dd4fbce621a66f136cbe328afd0410b34" integrity sha512-BN22B5eaMMI9UMtjrGd5g5eCYPpCPDUy0FJXbYsaT5zYxjFOckS53SQDE3pWkVoWpHXVb3BrYcEN4Twa55B5cA== -"wrap-ansi-cjs@npm:wrap-ansi@^7.0.0", wrap-ansi@^7.0.0: +"wrap-ansi-cjs@npm:wrap-ansi@^7.0.0": + version "7.0.0" + resolved "https://registry.yarnpkg.com/wrap-ansi/-/wrap-ansi-7.0.0.tgz#67e145cff510a6a6984bdf1152911d69d2eb9e43" + integrity sha512-YVGIj2kamLSTxw6NsZjoBxfSwsn0ycdesmc4p+Q21c5zPuZ1pl+NfxVdxPtdHvmNVOQ6XSYG4AUtyt/Fi7D16Q== + dependencies: + ansi-styles "^4.0.0" + string-width "^4.1.0" + strip-ansi "^6.0.0" + +wrap-ansi@^7.0.0: version "7.0.0" resolved "https://registry.yarnpkg.com/wrap-ansi/-/wrap-ansi-7.0.0.tgz#67e145cff510a6a6984bdf1152911d69d2eb9e43" integrity sha512-YVGIj2kamLSTxw6NsZjoBxfSwsn0ycdesmc4p+Q21c5zPuZ1pl+NfxVdxPtdHvmNVOQ6XSYG4AUtyt/Fi7D16Q== From 2ef00efaabba8be1d14d03a47fcdedf8c267086a Mon Sep 17 00:00:00 2001 From: sriram veeraghanta Date: Sat, 16 Nov 2024 19:37:06 +0530 Subject: [PATCH 5/8] fix: tubro repo upgrade --- package.json | 2 +- yarn.lock | 99 ++++++++++++++++++++++++++++++++-------------------- 2 files changed, 63 insertions(+), 38 deletions(-) diff --git a/package.json b/package.json index 36f4e30f44..eb8b4fb227 100644 --- a/package.json +++ b/package.json @@ -22,7 +22,7 @@ "devDependencies": { "prettier": "latest", "prettier-plugin-tailwindcss": "^0.5.4", - "turbo": "^2.1.1" + "turbo": "^2.3.0" }, "packageManager": "yarn@1.22.22", "name": "plane" diff --git a/yarn.lock b/yarn.lock index cb6f87170e..87b0b12c82 100644 --- a/yarn.lock +++ b/yarn.lock @@ -11287,7 +11287,16 @@ streamx@^2.15.0, streamx@^2.20.0: optionalDependencies: bare-events "^2.2.0" -"string-width-cjs@npm:string-width@^4.2.0", string-width@^4.1.0, string-width@^4.2.0, string-width@^4.2.3: +"string-width-cjs@npm:string-width@^4.2.0": + version "4.2.3" + resolved "https://registry.yarnpkg.com/string-width/-/string-width-4.2.3.tgz#269c7117d27b05ad2e536830a8ec895ef9c6d010" + integrity sha512-wKyQRQpjJ0sIp62ErSZdGsjMJWsap5oRNihHhu6G7JVO/9jIB6UyevL+tXuOqrng8j/cxKTWyWUwvSTriiZz/g== + dependencies: + emoji-regex "^8.0.0" + is-fullwidth-code-point "^3.0.0" + strip-ansi "^6.0.1" + +string-width@^4.1.0, string-width@^4.2.0, string-width@^4.2.3: version "4.2.3" resolved "https://registry.yarnpkg.com/string-width/-/string-width-4.2.3.tgz#269c7117d27b05ad2e536830a8ec895ef9c6d010" integrity sha512-wKyQRQpjJ0sIp62ErSZdGsjMJWsap5oRNihHhu6G7JVO/9jIB6UyevL+tXuOqrng8j/cxKTWyWUwvSTriiZz/g== @@ -11375,7 +11384,14 @@ string_decoder@^1.1.1, string_decoder@^1.3.0: dependencies: safe-buffer "~5.2.0" -"strip-ansi-cjs@npm:strip-ansi@^6.0.1", strip-ansi@^6.0.0, strip-ansi@^6.0.1: +"strip-ansi-cjs@npm:strip-ansi@^6.0.1": + version "6.0.1" + resolved "https://registry.yarnpkg.com/strip-ansi/-/strip-ansi-6.0.1.tgz#9e26c63d30f53443e9489495b2105d37b67a85d9" + integrity sha512-Y38VPSHcqkFrCpFnQ9vuSXmquuv5oXOKpGeT6aGrr3o3Gc9AlVa6JBfUSOCnbxGGZF+/0ooI7KrPuUSztUdU5A== + dependencies: + ansi-regex "^5.0.1" + +strip-ansi@^6.0.0, strip-ansi@^6.0.1: version "6.0.1" resolved "https://registry.yarnpkg.com/strip-ansi/-/strip-ansi-6.0.1.tgz#9e26c63d30f53443e9489495b2105d37b67a85d9" integrity sha512-Y38VPSHcqkFrCpFnQ9vuSXmquuv5oXOKpGeT6aGrr3o3Gc9AlVa6JBfUSOCnbxGGZF+/0ooI7KrPuUSztUdU5A== @@ -11912,47 +11928,47 @@ tunnel-agent@^0.6.0: dependencies: safe-buffer "^5.0.1" -turbo-darwin-64@2.2.3: - version "2.2.3" - resolved "https://registry.yarnpkg.com/turbo-darwin-64/-/turbo-darwin-64-2.2.3.tgz#f0ced75ed031091e52851cbe8bb05d21a161a22b" - integrity sha512-Rcm10CuMKQGcdIBS3R/9PMeuYnv6beYIHqfZFeKWVYEWH69sauj4INs83zKMTUiZJ3/hWGZ4jet9AOwhsssLyg== +turbo-darwin-64@2.3.0: + version "2.3.0" + resolved "https://registry.yarnpkg.com/turbo-darwin-64/-/turbo-darwin-64-2.3.0.tgz#cf82cf4a816a267c65a71d2d3ec1baef5c6b0f78" + integrity sha512-pji+D49PhFItyQjf2QVoLZw2d3oRGo8gJgKyOiRzvip78Rzie74quA8XNwSg/DuzM7xx6gJ3p2/LylTTlgZXxQ== -turbo-darwin-arm64@2.2.3: - version "2.2.3" - resolved "https://registry.yarnpkg.com/turbo-darwin-arm64/-/turbo-darwin-arm64-2.2.3.tgz#0b4741383ab5070d8383891a65861a8869cc7202" - integrity sha512-+EIMHkuLFqUdJYsA3roj66t9+9IciCajgj+DVek+QezEdOJKcRxlvDOS2BUaeN8kEzVSsNiAGnoysFWYw4K0HA== +turbo-darwin-arm64@2.3.0: + version "2.3.0" + resolved "https://registry.yarnpkg.com/turbo-darwin-arm64/-/turbo-darwin-arm64-2.3.0.tgz#3e058a4e41130abce9df49a1fb5e271af85a1d99" + integrity sha512-AJrGIL9BO41mwDF/IBHsNGwvtdyB911vp8f5mbNo1wG66gWTvOBg7WCtYQBvCo11XTenTfXPRSsAb7w3WAZb6w== -turbo-linux-64@2.2.3: - version "2.2.3" - resolved "https://registry.yarnpkg.com/turbo-linux-64/-/turbo-linux-64-2.2.3.tgz#2b339db50c12bc52ce99139c156d5555717a209d" - integrity sha512-UBhJCYnqtaeOBQLmLo8BAisWbc9v9daL9G8upLR+XGj6vuN/Nz6qUAhverN4Pyej1g4Nt1BhROnj6GLOPYyqxQ== +turbo-linux-64@2.3.0: + version "2.3.0" + resolved "https://registry.yarnpkg.com/turbo-linux-64/-/turbo-linux-64-2.3.0.tgz#0aefff6047faed0ffdbf0980d5dd4f11ace51d65" + integrity sha512-jZqW6vc2sPJT3M/3ZmV1Cg4ecQVPqsbHncG/RnogHpBu783KCSXIndgxvUQNm9qfgBYbZDBnP1md63O4UTElhw== -turbo-linux-arm64@2.2.3: - version "2.2.3" - resolved "https://registry.yarnpkg.com/turbo-linux-arm64/-/turbo-linux-arm64-2.2.3.tgz#a4daf6e0872a4e2652e2d05d68ad18cee5b10e94" - integrity sha512-hJYT9dN06XCQ3jBka/EWvvAETnHRs3xuO/rb5bESmDfG+d9yQjeTMlhRXKrr4eyIMt6cLDt1LBfyi+6CQ+VAwQ== +turbo-linux-arm64@2.3.0: + version "2.3.0" + resolved "https://registry.yarnpkg.com/turbo-linux-arm64/-/turbo-linux-arm64-2.3.0.tgz#a00db7c7a88400cc0357bfeac2beb383a35e255e" + integrity sha512-HUbDLJlvd/hxuyCNO0BmEWYQj0TugRMvSQeG8vHJH+Lq8qOgDAe7J0K73bFNbZejZQxW3C3XEiZFB3pnpO78+A== -turbo-windows-64@2.2.3: - version "2.2.3" - resolved "https://registry.yarnpkg.com/turbo-windows-64/-/turbo-windows-64-2.2.3.tgz#d44b3385948bd0f2ef5c2d53391f142bdd467b18" - integrity sha512-NPrjacrZypMBF31b4HE4ROg4P3nhMBPHKS5WTpMwf7wydZ8uvdEHpESVNMOtqhlp857zbnKYgP+yJF30H3N2dQ== +turbo-windows-64@2.3.0: + version "2.3.0" + resolved "https://registry.yarnpkg.com/turbo-windows-64/-/turbo-windows-64-2.3.0.tgz#f082688f17c73d345efbdc43fb589b1df70cd53f" + integrity sha512-c5rxrGNTYDWX9QeMzWLFE9frOXnKjHGEvQMp1SfldDlbZYsloX9UKs31TzUThzfTgTiz8NYuShaXJ2UvTMnV/g== -turbo-windows-arm64@2.2.3: - version "2.2.3" - resolved "https://registry.yarnpkg.com/turbo-windows-arm64/-/turbo-windows-arm64-2.2.3.tgz#d0625ec53f467013a6f259f87f7fc4ae8670aaa4" - integrity sha512-fnNrYBCqn6zgKPKLHu4sOkihBI/+0oYFr075duRxqUZ+1aLWTAGfHZLgjVeLh3zR37CVzuerGIPWAEkNhkWEIw== +turbo-windows-arm64@2.3.0: + version "2.3.0" + resolved "https://registry.yarnpkg.com/turbo-windows-arm64/-/turbo-windows-arm64-2.3.0.tgz#42d77fe99f72b4862bb4cbbb0cb5dca73427270a" + integrity sha512-7qfUuYhfIVb1AZgs89DxhXK+zZez6O2ocmixEQ4hXZK7ytnBt5vaz2zGNJJKFNYIL5HX1C3tuHolnpNgDNCUIg== -turbo@^2.1.1: - version "2.2.3" - resolved "https://registry.yarnpkg.com/turbo/-/turbo-2.2.3.tgz#0f45612d62526c98c75da0682aa8c26b902b5e07" - integrity sha512-5lDvSqIxCYJ/BAd6rQGK/AzFRhBkbu4JHVMLmGh/hCb7U3CqSnr5Tjwfy9vc+/5wG2DJ6wttgAaA7MoCgvBKZQ== +turbo@^2.3.0: + version "2.3.0" + resolved "https://registry.yarnpkg.com/turbo/-/turbo-2.3.0.tgz#01e7841fafdd870564e1ad376b42dbc8a71d52b3" + integrity sha512-/uOq5o2jwRPyaUDnwBpOR5k9mQq4c3wziBgWNWttiYQPmbhDtrKYPRBxTvA2WpgQwRIbt8UM612RMN8n/TvmHA== optionalDependencies: - turbo-darwin-64 "2.2.3" - turbo-darwin-arm64 "2.2.3" - turbo-linux-64 "2.2.3" - turbo-linux-arm64 "2.2.3" - turbo-windows-64 "2.2.3" - turbo-windows-arm64 "2.2.3" + turbo-darwin-64 "2.3.0" + turbo-darwin-arm64 "2.3.0" + turbo-linux-64 "2.3.0" + turbo-linux-arm64 "2.3.0" + turbo-windows-64 "2.3.0" + turbo-windows-arm64 "2.3.0" tween-functions@^1.2.0: version "1.2.0" @@ -12607,7 +12623,16 @@ word-wrap@^1.2.5: resolved "https://registry.yarnpkg.com/word-wrap/-/word-wrap-1.2.5.tgz#d2c45c6dd4fbce621a66f136cbe328afd0410b34" integrity sha512-BN22B5eaMMI9UMtjrGd5g5eCYPpCPDUy0FJXbYsaT5zYxjFOckS53SQDE3pWkVoWpHXVb3BrYcEN4Twa55B5cA== -"wrap-ansi-cjs@npm:wrap-ansi@^7.0.0", wrap-ansi@^7.0.0: +"wrap-ansi-cjs@npm:wrap-ansi@^7.0.0": + version "7.0.0" + resolved "https://registry.yarnpkg.com/wrap-ansi/-/wrap-ansi-7.0.0.tgz#67e145cff510a6a6984bdf1152911d69d2eb9e43" + integrity sha512-YVGIj2kamLSTxw6NsZjoBxfSwsn0ycdesmc4p+Q21c5zPuZ1pl+NfxVdxPtdHvmNVOQ6XSYG4AUtyt/Fi7D16Q== + dependencies: + ansi-styles "^4.0.0" + string-width "^4.1.0" + strip-ansi "^6.0.0" + +wrap-ansi@^7.0.0: version "7.0.0" resolved "https://registry.yarnpkg.com/wrap-ansi/-/wrap-ansi-7.0.0.tgz#67e145cff510a6a6984bdf1152911d69d2eb9e43" integrity sha512-YVGIj2kamLSTxw6NsZjoBxfSwsn0ycdesmc4p+Q21c5zPuZ1pl+NfxVdxPtdHvmNVOQ6XSYG4AUtyt/Fi7D16Q== From 5989b1a134b823d52551affcbd309d6c0cce3841 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 16 Nov 2024 19:39:31 +0530 Subject: [PATCH 6/8] chore(deps): bump github/codeql-action from 2 to 3 (#6011) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2 to 3. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/v2...v3) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/codeql.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index dbfd811685..ec9c12bfd6 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -33,7 +33,7 @@ jobs: # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@v2 + uses: github/codeql-action/init@v3 with: languages: ${{ matrix.language }} # If you wish to specify custom queries, you can do so here or in a config file. @@ -46,7 +46,7 @@ jobs: # Autobuild attempts to build any compiled languages (C/C++, C#, Go, Java, or Swift). # If this step fails, then you should remove it and run the build manually (see below) - name: Autobuild - uses: github/codeql-action/autobuild@v2 + uses: github/codeql-action/autobuild@v3 # â„šī¸ Command-line programs to run using the OS shell. # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun @@ -59,6 +59,6 @@ jobs: # ./location_of_script_within_repo/buildscript.sh - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v2 + uses: github/codeql-action/analyze@v3 with: category: "/language:${{matrix.language}}" From 52d3169542b20816fa652716628c79e532d12b88 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 16 Nov 2024 19:40:41 +0530 Subject: [PATCH 7/8] chore(deps): bump softprops/action-gh-release from 2.0.8 to 2.1.0 (#6010) Bumps [softprops/action-gh-release](https://github.com/softprops/action-gh-release) from 2.0.8 to 2.1.0. - [Release notes](https://github.com/softprops/action-gh-release/releases) - [Changelog](https://github.com/softprops/action-gh-release/blob/master/CHANGELOG.md) - [Commits](https://github.com/softprops/action-gh-release/compare/v2.0.8...v2.1.0) --- updated-dependencies: - dependency-name: softprops/action-gh-release dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/build-branch.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build-branch.yml b/.github/workflows/build-branch.yml index a675866f37..16378b41d2 100644 --- a/.github/workflows/build-branch.yml +++ b/.github/workflows/build-branch.yml @@ -367,7 +367,7 @@ jobs: - name: Create Release id: create_release - uses: softprops/action-gh-release@v2.0.8 + uses: softprops/action-gh-release@v2.1.0 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # This token is provided by Actions, you do not need to create your own token with: From 6d986190826f48a988f4784af1478f8aea8c591c Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 16 Nov 2024 19:42:08 +0530 Subject: [PATCH 8/8] chore(deps): bump actions/checkout from 3 to 4 (#6005) Bumps [actions/checkout](https://github.com/actions/checkout) from 3 to 4. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/v3...v4) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/codeql.yml | 2 +- .github/workflows/sync-repo-pr.yml | 2 +- .github/workflows/sync-repo.yml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index ec9c12bfd6..2bcbf557f0 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -29,7 +29,7 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@v3 + uses: actions/checkout@v4 # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL diff --git a/.github/workflows/sync-repo-pr.yml b/.github/workflows/sync-repo-pr.yml index df12960660..548ccbf423 100644 --- a/.github/workflows/sync-repo-pr.yml +++ b/.github/workflows/sync-repo-pr.yml @@ -21,7 +21,7 @@ jobs: contents: write steps: - name: Checkout code - uses: actions/checkout@v4.1.1 + uses: actions/checkout@v4 with: fetch-depth: 0 # Fetch all history for all branches and tags diff --git a/.github/workflows/sync-repo.yml b/.github/workflows/sync-repo.yml index 9ac4771ef6..1f13995ded 100644 --- a/.github/workflows/sync-repo.yml +++ b/.github/workflows/sync-repo.yml @@ -17,7 +17,7 @@ jobs: contents: read steps: - name: Checkout Code - uses: actions/checkout@v4.1.1 + uses: actions/checkout@v4 with: persist-credentials: false fetch-depth: 0