cc15e3c0d1 
								
							 
						 
						
							
							
								
								fix: upgrade @actions/core from 1.6.0 to 1.7.0  
							
							... 
							
							
							
							Snyk has created this PR to upgrade @actions/core from 1.6.0 to 1.7.0.
See this package in npm:
https://www.npmjs.com/package/@actions/core 
See this project in Snyk:
https://app.snyk.io/org/emnmer1/project/34c7da3b-bd8a-469a-bbc4-db9b5aa7b90e?utm_source=github&utm_medium=referral&page=upgrade-pr  
							
						 
						
							2022-05-16 23:28:04 +00:00  
				
					
						
							
							
								 
						
							
								459d804628 
								
							 
						 
						
							
							
								
								Merge pull request  #12  from Emnmer1/snyk-upgrade-9f9457bd6a324eb509b33b0ed4812fee  
							
							... 
							
							
							
							[Snyk] Upgrade @actions/github from 5.0.0 to 5.0.1 
							
						 
						
							2022-04-25 04:03:44 -07:00  
				
					
						
							
							
								 
						
							
								44abdd19d9 
								
							 
						 
						
							
							
								
								Merge branch 'actions:main' into main  
							
							
							
						 
						
							2022-04-23 12:09:59 -07:00  
				
					
						
							
							
								 
						
							
								77481491f5 
								
							 
						 
						
							
							
								
								fix: upgrade @actions/github from 5.0.0 to 5.0.1  
							
							... 
							
							
							
							Snyk has created this PR to upgrade @actions/github from 5.0.0 to 5.0.1.
See this package in npm:
https://www.npmjs.com/package/@actions/github 
See this project in Snyk:
https://app.snyk.io/org/emnmer1/project/34c7da3b-bd8a-469a-bbc4-db9b5aa7b90e?utm_source=github&utm_medium=referral&page=upgrade-pr  
							
						 
						
							2022-04-22 22:24:18 +00:00  
				
					
						
							
							
								 
						
							
								1b0cc5085d 
								
							 
						 
						
							
							
								
								Merge pull request  #10  from Emnmer1/snyk-upgrade-0658ef0dff4fc660c08767912341a88e  
							
							... 
							
							
							
							[Snyk] Upgrade uuid from 3.4.0 to 8.3.2 
							
						 
						
							2022-04-21 12:35:20 -07:00  
				
					
						
							
							
								 
						
							
								1f9ae1535f 
								
							 
						 
						
							
							
								
								Merge pull request  #11  from Emnmer1/snyk-upgrade-fa9aa46d4dcbc77e2f2edfe30c4fd662  
							
							... 
							
							
							
							[Snyk] Upgrade @actions/github from 2.2.0 to 5.0.0 
							
						 
						
							2022-04-21 12:35:03 -07:00  
				
					
						
							
							
								 
						
							
								2541b1294d 
								
							 
						 
						
							
							
								
								Prepare changelog for v3.0.2. ( #777 )  
							
							
							
						 
						
							2022-04-21 10:29:04 -04:00  
				
					
						
							
							
								 
						
							
								4a2308bbdc 
								
							 
						 
						
							
							
								
								feat: upgrade @actions/github from 2.2.0 to 5.0.0  
							
							... 
							
							
							
							Snyk has created this PR to upgrade @actions/github from 2.2.0 to 5.0.0.
See this package in npm:
https://www.npmjs.com/package/@actions/github 
See this project in Snyk:
https://app.snyk.io/org/emnmer1/project/34c7da3b-bd8a-469a-bbc4-db9b5aa7b90e?utm_source=github&utm_medium=referral&page=upgrade-pr  
							
						 
						
							2022-04-21 09:00:22 +00:00  
				
					
						
							
							
								 
						
							
								66bcca04ba 
								
							 
						 
						
							
							
								
								feat: upgrade uuid from 3.4.0 to 8.3.2  
							
							... 
							
							
							
							Snyk has created this PR to upgrade uuid from 3.4.0 to 8.3.2.
See this package in npm:
https://www.npmjs.com/package/uuid 
See this project in Snyk:
https://app.snyk.io/org/emnmer1/project/34c7da3b-bd8a-469a-bbc4-db9b5aa7b90e?utm_source=github&utm_medium=referral&page=upgrade-pr  
							
						 
						
							2022-04-21 09:00:18 +00:00  
				
					
						
							
							
								 
						
							
								0ffe6f9c55 
								
							 
						 
						
							
							
								
								Add set-safe-directory input to allow customers to take control. ( #770 )  
							
							... 
							
							
							
							* Add set-safe-directory input to allow customers to take control. 
							
						 
						
							2022-04-20 21:37:43 -04:00  
				
					
						
							
							
								 
						
							
								b03235eb78 
								
							 
						 
						
							
							
								
								Merge pull request  #9  from Emnmer1/snyk-upgrade-051c28ecc7862af26b0c9a9eb027d14a  
							
							... 
							
							
							
							[Snyk] Upgrade uuid from 3.3.3 to 3.4.0 
							
						 
						
							2022-04-20 06:58:36 -07:00  
				
					
						
							
							
								 
						
							
								cad0b42c07 
								
							 
						 
						
							
							
								
								Merge branch 'actions:main' into snyk-upgrade-051c28ecc7862af26b0c9a9eb027d14a  
							
							
							
						 
						
							2022-04-20 04:54:42 -07:00  
				
					
						
							
							
								 
						
							
								a8b45e2744 
								
							 
						 
						
							
							
								
								Merge pull request  #6  from Emnmer1/snyk-upgrade-4e5967dab2475ae6b8293da21f49909b  
							
							... 
							
							
							
							[Snyk] Upgrade @actions/core from 1.2.6 to 1.6.0 
							
						 
						
							2022-04-20 04:40:41 -07:00  
				
					
						
							
							
								 
						
							
								dcd71f6466 
								
							 
						 
						
							
							
								
								Enforce safe directory ( #762 )  
							
							... 
							
							
							
							* set safe directory when running checkout
* Update CHANGELOG.md 
							
						 
						
							2022-04-14 14:13:20 -04:00  
				
					
						
							
							
								 
						
							
								4c7e6c7cd3 
								
							 
						 
						
							
							
								
								fix: upgrade uuid from 3.3.3 to 3.4.0  
							
							... 
							
							
							
							Snyk has created this PR to upgrade uuid from 3.3.3 to 3.4.0.
See this package in npm:
https://www.npmjs.com/package/uuid 
See this project in Snyk:
https://app.snyk.io/org/emnmer1/project/34c7da3b-bd8a-469a-bbc4-db9b5aa7b90e?utm_source=github&utm_medium=referral&page=upgrade-pr  
							
						 
						
							2022-04-11 07:10:33 +00:00  
				
					
						
							
							
								 
						
							
								6012935062 
								
							 
						 
						
							
							
								
								fix: upgrade @actions/core from 1.2.6 to 1.6.0  
							
							... 
							
							
							
							Snyk has created this PR to upgrade @actions/core from 1.2.6 to 1.6.0.
See this package in npm:
https://www.npmjs.com/package/@actions/core 
See this project in Snyk:
https://app.snyk.io/org/emnmer1/project/34c7da3b-bd8a-469a-bbc4-db9b5aa7b90e?utm_source=github&utm_medium=referral&page=upgrade-pr  
							
						 
						
							2022-04-11 07:10:23 +00:00  
				
					
						
							
							
								 
						
							
								360b1bd174 
								
							 
						 
						
							
							
								
								Merge branch 'actions:main' into main  
							
							
							
						 
						
							2022-04-06 00:19:41 -07:00  
				
					
						
							
							
								 
						
							
								add3486cc3 
								
							 
						 
						
							
							
								
								Patch to fix the dependbot alert. ( #744 )  
							
							... 
							
							
							
							* Patch to fix the dependbot alert.
* .
* .
* . 
							
						 
						
							2022-04-05 13:01:33 -04:00  
				
					
						
							
							
								 
						
							
								38f735923c 
								
							 
						 
						
							
							
								
								3  
							
							... 
							
							
							
							gh pr checkout 3 
							
						 
						
							2022-04-02 14:19:51 -07:00  
				
					
						
							
							
								 
						
							
								389fa9dff2 
								
							 
						 
						
							
							
								
								Merge branch 'actions:main' into main  
							
							
							
						 
						
							2022-04-01 01:53:36 -07:00  
				
					
						
							
							
								 
						
							
								5126516654 
								
							 
						 
						
							
							
								
								Bump minimist from 1.2.5 to 1.2.6 ( #741 )  
							
							... 
							
							
							
							Bumps [minimist](https://github.com/substack/minimist ) from 1.2.5 to 1.2.6.
- [Release notes](https://github.com/substack/minimist/releases )
- [Commits](https://github.com/substack/minimist/compare/1.2.5...1.2.6 )
---
updated-dependencies:
- dependency-name: minimist
  dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> 
							
						 
						
							2022-03-31 10:09:15 -04:00  
				
					
						
							
							
								 
						
							
								e3c1862394 
								
							 
						 
						
							
							
								
								Merge branch 'actions:main' into main  
							
							
							
						 
						
							2022-03-26 04:30:50 -07:00  
				
					
						
							
							
								 
						
							
								61a89dd64d 
								
							 
						 
						
							
							
								
								Merge pull request  #1  from Emnmer1/dependabot/npm_and_yarn/node-fetch-2.6.7  
							
							... 
							
							
							
							Bump node-fetch from 2.6.5 to 2.6.7 
							
						 
						
							2022-03-26 03:55:27 -07:00  
				
					
						
							
							
								 
						
							
								d50f8ea767 
								
							 
						 
						
							
							
								
								Add v3.0 release information to changelog ( #740 )  
							
							
							
						 
						
							2022-03-25 09:52:31 -04:00  
				
					
						
							
							
								 
						
							
								890204e24f 
								
							 
						 
						
							
							
								
								Bump node-fetch from 2.6.5 to 2.6.7  
							
							... 
							
							
							
							Bumps [node-fetch](https://github.com/node-fetch/node-fetch ) from 2.6.5 to 2.6.7.
- [Release notes](https://github.com/node-fetch/node-fetch/releases )
- [Commits](https://github.com/node-fetch/node-fetch/compare/v2.6.5...v2.6.7 )
---
updated-dependencies:
- dependency-name: node-fetch
  dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com> 
							
						 
						
							2022-03-22 00:40:08 +00:00  
				
					
						
							
							
								 
						
							
								3a9da3354b 
								
							 
						 
						
							
							
								
								Add files via upload  
							
							
							
						 
						
							2022-03-21 10:24:10 -07:00  
				
					
						
							
							
								 
						
							
								2d1c1198e7 
								
							 
						 
						
							
							
								
								update test workflows to checkout v3 ( #709 )  
							
							
							
						 
						
							2022-03-01 13:02:13 -05:00  
				
					
						
							
							
								 
						
							
								a12a3943b4 
								
							 
						 
						
							
							
								
								update readme for v3 ( #708 )  
							
							... 
							
							
							
							* update readme for v3
* update readme with changes
* nit grammar 
							
						 
						
							2022-03-01 12:46:45 -05:00  
				
					
						
							
							
								 
						
							
								8f9e05e482 
								
							 
						 
						
							
							
								
								Update to node 16 ( #689 )  
							
							... 
							
							
							
							* Update to node 16
* update setup-node version
* Update check-dist.yml
update setup node version
* update dist/index.js 
							
						 
						
							2022-02-28 16:17:29 -05:00  
				
					
						
							
							
								 
						
							
								230611dbd0 
								
							 
						 
						
							
							
								
								Change secret name for PAT to not start with GITHUB_ ( #623 )  
							
							... 
							
							
							
							Github doesn't allow secret names that start with `GITHUB_` (case insensitive). Update README to choose a different prefix (GH). 
							
						 
						
							2021-11-02 16:20:59 -05:00  
				
					
						
							
							
								 
						
							
								ec3a7ce113 
								
							 
						 
						
							
							
								
								set insteadOf url for org-id ( #621 )  
							
							
							
						 
						
							2021-11-01 11:43:18 -05:00  
				
					
						
							
							
								 
						
							
								fd47087372 
								
							 
						 
						
							
							
								
								codeql should analyze lib not dist ( #620 )  
							
							
							
						 
						
							2021-10-20 15:11:24 -05:00  
				
					
						
							
							
								 
						
							
								3d677ac575 
								
							 
						 
						
							
							
								
								script to generate license info ( #614 )  
							
							
							
						 
						
							2021-10-19 14:30:04 -05:00  
				
					
						
							
							
								 
						
							
								826ba42d6c 
								
							 
						 
						
							
							
								
								npm audit fix ( #612 )  
							
							
							
						 
						
							2021-10-19 10:05:28 -05:00  
				
					
						
							
							
								 
						
							
								eb8a193c1d 
								
							 
						 
						
							
							
								
								update dev dependencies and react to new linting rules ( #611 )  
							
							
							
						 
						
							2021-10-19 09:52:57 -05:00  
				
					
						
							
							
								 
						
							
								c49af7ca1f 
								
							 
						 
						
							
							
								
								Create codeql-analysis.yml ( #602 )  
							
							
							
						 
						
							2021-10-18 16:28:25 -05:00  
				
					
						
							
							
								 
						
							
								1e204e9a92 
								
							 
						 
						
							
							
								
								update licensed check ( #606 )  
							
							
							
						 
						
							2021-10-13 16:22:03 -05:00  
				
					
						
							
							
								 
						
							
								0299a0d2b6 
								
							 
						 
						
							
							
								
								update dist ( #605 )  
							
							
							
						 
						
							2021-10-13 16:07:05 -05:00  
				
					
						
							
							
								 
						
							
								be0f448456 
								
							 
						 
						
							
							
								
								Bump ws from 5.2.2 to 5.2.3 ( #604 )  
							
							... 
							
							
							
							Bumps [ws](https://github.com/websockets/ws ) from 5.2.2 to 5.2.3.
- [Release notes](https://github.com/websockets/ws/releases )
- [Commits](https://github.com/websockets/ws/compare/5.2.2...5.2.3 )
---
updated-dependencies:
- dependency-name: ws
  dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> 
							
						 
						
							2021-10-13 09:14:20 -05:00  
				
					
						
							
							
								 
						
							
								56c00a7b1f 
								
							 
						 
						
							
							
								
								Bump tmpl from 1.0.4 to 1.0.5 ( #588 )  
							
							... 
							
							
							
							Bumps [tmpl](https://github.com/daaku/nodejs-tmpl ) from 1.0.4 to 1.0.5.
- [Release notes](https://github.com/daaku/nodejs-tmpl/releases )
- [Commits](https://github.com/daaku/nodejs-tmpl/commits/v1.0.5 )
---
updated-dependencies:
- dependency-name: tmpl
  dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> 
							
						 
						
							2021-10-13 09:13:31 -05:00  
				
					
						
							
							
								 
						
							
								85e47d1a2b 
								
							 
						 
						
							
							
								
								Bump path-parse from 1.0.6 to 1.0.7 ( #568 )  
							
							... 
							
							
							
							Bumps [path-parse](https://github.com/jbgutierrez/path-parse ) from 1.0.6 to 1.0.7.
- [Release notes](https://github.com/jbgutierrez/path-parse/releases )
- [Commits](https://github.com/jbgutierrez/path-parse/commits/v1.0.7 )
---
updated-dependencies:
- dependency-name: path-parse
  dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> 
							
						 
						
							2021-10-13 09:13:04 -05:00  
				
					
						
							
							
								 
						
							
								3fc17f8645 
								
							 
						 
						
							
							
								
								Bump hosted-git-info from 2.8.5 to 2.8.9 ( #500 )  
							
							... 
							
							
							
							Bumps [hosted-git-info](https://github.com/npm/hosted-git-info ) from 2.8.5 to 2.8.9.
- [Release notes](https://github.com/npm/hosted-git-info/releases )
- [Changelog](https://github.com/npm/hosted-git-info/blob/v2.8.9/CHANGELOG.md )
- [Commits](https://github.com/npm/hosted-git-info/compare/v2.8.5...v2.8.9 )
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> 
							
						 
						
							2021-10-13 09:11:06 -05:00  
				
					
						
							
							
								 
						
							
								e3bc06d986 
								
							 
						 
						
							
							
								
								Bump lodash from 4.17.15 to 4.17.21 ( #499 )  
							
							... 
							
							
							
							Bumps [lodash](https://github.com/lodash/lodash ) from 4.17.15 to 4.17.21.
- [Release notes](https://github.com/lodash/lodash/releases )
- [Commits](https://github.com/lodash/lodash/compare/4.17.15...4.17.21 )
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> 
							
						 
						
							2021-10-13 09:08:31 -05:00  
				
					
						
							
							
								 
						
							
								442567ba57 
								
							 
						 
						
							
							
								
								Bump handlebars from 4.5.3 to 4.7.7 ( #497 )  
							
							... 
							
							
							
							Bumps [handlebars](https://github.com/wycats/handlebars.js ) from 4.5.3 to 4.7.7.
- [Release notes](https://github.com/wycats/handlebars.js/releases )
- [Changelog](https://github.com/handlebars-lang/handlebars.js/blob/master/release-notes.md )
- [Commits](https://github.com/wycats/handlebars.js/compare/v4.5.3...v4.7.7 )
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> 
							
						 
						
							2021-10-13 09:07:45 -05:00  
				
					
						
							
							
								 
						
							
								7f00b66d06 
								
							 
						 
						
							
							
								
								Bump y18n from 4.0.0 to 4.0.1 ( #469 )  
							
							... 
							
							
							
							Bumps [y18n](https://github.com/yargs/y18n ) from 4.0.0 to 4.0.1.
- [Release notes](https://github.com/yargs/y18n/releases )
- [Changelog](https://github.com/yargs/y18n/blob/master/CHANGELOG.md )
- [Commits](https://github.com/yargs/y18n/commits )
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> 
							
						 
						
							2021-10-13 09:07:05 -05:00  
				
					
						
							
							
								 
						
							
								eccf386318 
								
							 
						 
						
							
							
								
								Bump @actions/core from 1.1.3 to 1.2.6 ( #361 )  
							
							... 
							
							
							
							Bumps [@actions/core](https://github.com/actions/toolkit/tree/HEAD/packages/core ) from 1.1.3 to 1.2.6.
- [Release notes](https://github.com/actions/toolkit/releases )
- [Changelog](https://github.com/actions/toolkit/blob/main/packages/core/RELEASES.md )
- [Commits](https://github.com/actions/toolkit/commits/HEAD/packages/core )
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> 
							
						 
						
							2021-10-13 08:57:33 -05:00  
				
					
						
							
							
								 
						
							
								2bd2911be9 
								
							 
						 
						
							
							
								
								Bump acorn from 5.7.3 to 5.7.4 ( #186 )  
							
							... 
							
							
							
							Bumps [acorn](https://github.com/acornjs/acorn ) from 5.7.3 to 5.7.4.
- [Release notes](https://github.com/acornjs/acorn/releases )
- [Commits](https://github.com/acornjs/acorn/compare/5.7.3...5.7.4 )
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> 
							
						 
						
							2021-10-13 08:55:25 -05:00  
				
					
						
							
							
								 
						
							
								afe4af09a7 
								
							 
						 
						
							
							
								
								Create check-dist.yml ( #566 )  
							
							... 
							
							
							
							* Add check-dist.yml
* Don't need to mv to git diff
* Upload the whole dist/ directory as an artifact
* Update .github/workflows/check-dist.yml 
							
						 
						
							2021-08-17 16:08:22 -04:00  
				
					
						
							
							
								 
						
							
								25a956c84d 
								
							 
						 
						
							
							
								
								Create CODEOWNERS  
							
							
							
						 
						
							2021-02-04 12:25:41 -05:00  
				
					
						
							
							
								 
						
							
								5a4ac9002d 
								
							 
						 
						
							
							
								
								Add missing `await`s ( #379 )  
							
							... 
							
							
							
							* auth-helper: properly await replacement of the token value in the config
After writing the `.extraheader` config, we manually replace the token
with the actual value. This is done in an `async` function, but we were
not `await`ing the result.
In our tests, this commit fixes a flakiness we observed where
`remote.origin.url` sometimes (very rarely, actually) is not set for
submodules. Our interpretation is that the configs are in the process of
being rewritten with the correct token value _while_ another `git
config` that wants to set the `insteadOf` value is reading the config,
which is currently empty.
A more idiomatic way to fix this in Typescript would use
`Promise.all()`, like this:
      await Promise.all(
        configPaths.map(async configPath => {
          core.debug(`Replacing token placeholder in '${configPath}'`)
          await this.replaceTokenPlaceholder(configPath)
        })
      )
However, during review of https://github.com/actions/checkout/pull/379 
it was decided to keep the `for` loop in the interest of simplicity.
Reported by Ian Lynagh.
Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
* downloadRepository(): await the result of recursive deletions
Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
* Ask ESLint to report floating Promises
This rule is quite helpful in avoiding hard-to-debug missing `await`s.
Note: there are two locations in `src/main.ts` that trigger warnings:
the `run()` and the `cleanup()` function are called without `await` and
without any `.catch()` clause.
In the initial version of https://github.com/actions/checkout/pull/379 ,
this was addressed by adding `.catch()` clauses. However, it was
determined that this is boilerplate code that will need to be fixed in a
broader way.
Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
* Rebuild
This trick was brought to you by `npm ci && npm run build`. Needed to
get the PR build to pass.
Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de> 
							
						 
						
							2020-11-03 09:44:09 -05:00