From acbb43bf2ddd418713296d7a9d41e27077213a3c Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Tue, 19 Mar 2024 13:03:16 -0700 Subject: [PATCH 1/4] ci(action): update actions/add-to-project action to v0.6.1 (#396) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- .github/workflows/add_to_octokit_project.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/add_to_octokit_project.yml b/.github/workflows/add_to_octokit_project.yml index e1c533150..84f2877e3 100644 --- a/.github/workflows/add_to_octokit_project.yml +++ b/.github/workflows/add_to_octokit_project.yml @@ -12,7 +12,7 @@ jobs: runs-on: ubuntu-latest continue-on-error: true steps: - - uses: actions/add-to-project@v0.6.0 + - uses: actions/add-to-project@v0.6.1 with: project-url: https://github.com/orgs/octokit/projects/10 github-token: ${{ secrets.OCTOKITBOT_PROJECT_ACTION_TOKEN }} From d9c975100423be1b03dc84d4937bcff98c74ccd0 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Wed, 27 Mar 2024 11:35:01 -0700 Subject: [PATCH 2/4] ci(action): update actions/add-to-project action to v1 Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- .github/workflows/add_to_octokit_project.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/add_to_octokit_project.yml b/.github/workflows/add_to_octokit_project.yml index 84f2877e3..0ac7fd7b4 100644 --- a/.github/workflows/add_to_octokit_project.yml +++ b/.github/workflows/add_to_octokit_project.yml @@ -12,7 +12,7 @@ jobs: runs-on: ubuntu-latest continue-on-error: true steps: - - uses: actions/add-to-project@v0.6.1 + - uses: actions/add-to-project@v1.0.0 with: project-url: https://github.com/orgs/octokit/projects/10 github-token: ${{ secrets.OCTOKITBOT_PROJECT_ACTION_TOKEN }} From 90b46a34cc8e72fcd852966abe7dbe46342bf5b6 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Wed, 3 Apr 2024 10:42:37 -0700 Subject: [PATCH 3/4] chore(deps): update dependency @octokit/types to v13 Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- package-lock.json | 46 ++++++++++++++++++++++++++++++++++++++-------- package.json | 2 +- 2 files changed, 39 insertions(+), 9 deletions(-) diff --git a/package-lock.json b/package-lock.json index 5b3abc5e7..72f21bc44 100644 --- a/package-lock.json +++ b/package-lock.json @@ -11,7 +11,7 @@ "devDependencies": { "@octokit/request": "^9.0.0", "@octokit/tsconfig": "^3.0.0", - "@octokit/types": "^12.0.0", + "@octokit/types": "^13.0.0", "@types/fetch-mock": "^7.3.8", "@types/jest": "^29.0.0", "esbuild": "^0.20.0", @@ -1856,6 +1856,21 @@ "node": ">= 18" } }, + "node_modules/@octokit/endpoint/node_modules/@octokit/openapi-types": { + "version": "20.0.0", + "resolved": "https://registry.npmjs.org/@octokit/openapi-types/-/openapi-types-20.0.0.tgz", + "integrity": "sha512-EtqRBEjp1dL/15V7WiX5LJMIxxkdiGJnabzYx5Apx4FkQIFgAfKumXeYAqqJCj1s+BMX4cPFIFC4OLCR6stlnA==", + "dev": true + }, + "node_modules/@octokit/endpoint/node_modules/@octokit/types": { + "version": "12.6.0", + "resolved": "https://registry.npmjs.org/@octokit/types/-/types-12.6.0.tgz", + "integrity": "sha512-1rhSOfRa6H9w4YwK0yrf5faDaDTb+yLyBUKOCV4xtCDB5VmIPqd/v9yr9o6SAzOAlRxMiRiCic6JVM1/kunVkw==", + "dev": true, + "dependencies": { + "@octokit/openapi-types": "^20.0.0" + } + }, "node_modules/@octokit/endpoint/node_modules/universal-user-agent": { "version": "7.0.2", "resolved": "https://registry.npmjs.org/universal-user-agent/-/universal-user-agent-7.0.2.tgz", @@ -2056,6 +2071,12 @@ "@octokit/openapi-types": "^18.0.0" } }, + "node_modules/@octokit/request/node_modules/@octokit/openapi-types": { + "version": "20.0.0", + "resolved": "https://registry.npmjs.org/@octokit/openapi-types/-/openapi-types-20.0.0.tgz", + "integrity": "sha512-EtqRBEjp1dL/15V7WiX5LJMIxxkdiGJnabzYx5Apx4FkQIFgAfKumXeYAqqJCj1s+BMX4cPFIFC4OLCR6stlnA==", + "dev": true + }, "node_modules/@octokit/request/node_modules/@octokit/request-error": { "version": "6.0.1", "resolved": "https://registry.npmjs.org/@octokit/request-error/-/request-error-6.0.1.tgz", @@ -2068,6 +2089,15 @@ "node": ">= 18" } }, + "node_modules/@octokit/request/node_modules/@octokit/types": { + "version": "12.6.0", + "resolved": "https://registry.npmjs.org/@octokit/types/-/types-12.6.0.tgz", + "integrity": "sha512-1rhSOfRa6H9w4YwK0yrf5faDaDTb+yLyBUKOCV4xtCDB5VmIPqd/v9yr9o6SAzOAlRxMiRiCic6JVM1/kunVkw==", + "dev": true, + "dependencies": { + "@octokit/openapi-types": "^20.0.0" + } + }, "node_modules/@octokit/request/node_modules/universal-user-agent": { "version": "7.0.2", "resolved": "https://registry.npmjs.org/universal-user-agent/-/universal-user-agent-7.0.2.tgz", @@ -2081,18 +2111,18 @@ "dev": true }, "node_modules/@octokit/types": { - "version": "12.0.0", - "resolved": "https://registry.npmjs.org/@octokit/types/-/types-12.0.0.tgz", - "integrity": "sha512-EzD434aHTFifGudYAygnFlS1Tl6KhbTynEWELQXIbTY8Msvb5nEqTZIm7sbPEt4mQYLZwu3zPKVdeIrw0g7ovg==", + "version": "13.0.0", + "resolved": "https://registry.npmjs.org/@octokit/types/-/types-13.0.0.tgz", + "integrity": "sha512-jSOgEoFZvjg78txlb7cuRTAEvyyQkIEB4Nujg5ZN7E1xaICsr8A0X045Nwb1wUWNrBUHBHZNtcsDIhk8d8ipCw==", "dev": true, "dependencies": { - "@octokit/openapi-types": "^19.0.0" + "@octokit/openapi-types": "^21.0.0" } }, "node_modules/@octokit/types/node_modules/@octokit/openapi-types": { - "version": "19.0.0", - "resolved": "https://registry.npmjs.org/@octokit/openapi-types/-/openapi-types-19.0.0.tgz", - "integrity": "sha512-PclQ6JGMTE9iUStpzMkwLCISFn/wDeRjkZFIKALpvJQNBGwDoYYi2fFvuHwssoQ1rXI5mfh6jgTgWuddeUzfWw==", + "version": "21.0.0", + "resolved": "https://registry.npmjs.org/@octokit/openapi-types/-/openapi-types-21.0.0.tgz", + "integrity": "sha512-B6/NBvsNQT5UWYWSFcUT55XTMZBHyflNke7Ryvhs3dLe3I2TTPwpGPMib70YS1Ha5Iccc5CtXTLU7lHstC5e3Q==", "dev": true }, "node_modules/@pkgjs/parseargs": { diff --git a/package.json b/package.json index 913993bb2..4df553583 100644 --- a/package.json +++ b/package.json @@ -25,7 +25,7 @@ "devDependencies": { "@octokit/request": "^9.0.0", "@octokit/tsconfig": "^3.0.0", - "@octokit/types": "^12.0.0", + "@octokit/types": "^13.0.0", "@types/fetch-mock": "^7.3.8", "@types/jest": "^29.0.0", "esbuild": "^0.20.0", From f97b06bbed33b5c1c22f2fb2a75bc5b51113663a Mon Sep 17 00:00:00 2001 From: Aaron Dewes Date: Wed, 3 Apr 2024 20:16:49 +0200 Subject: [PATCH 4/4] feat(security): Add provenance (#402) * Enable provenance in package.json * Add necessary permissions to the release workflow --- .github/workflows/release.yml | 7 +++++++ package.json | 3 ++- 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 836c32357..bbe8c5bd7 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -6,6 +6,13 @@ name: Release - next - beta - "*.x" +# These are recommended by the semantic-release docs: https://github.com/semantic-release/npm#npm-provenance +permissions: + contents: write # to be able to publish a GitHub release + issues: write # to be able to comment on released issues + pull-requests: write # to be able to comment on released pull requests + id-token: write # to enable use of OIDC for npm provenance + jobs: release: name: release diff --git a/package.json b/package.json index 4df553583..d9ee8452f 100644 --- a/package.json +++ b/package.json @@ -1,7 +1,8 @@ { "name": "@octokit/auth-token", "publishConfig": { - "access": "public" + "access": "public", + "provenance": true }, "type": "module", "version": "0.0.0-development",