Skip to content
Node.js Dependency Watchdog

Chore: Bump undici from 6.26.0 to 6.27.0 #165

Sign in to view logs

Chore: Bump undici from 6.26.0 to 6.27.0

Chore: Bump undici from 6.26.0 to 6.27.0 #165

Workflow file for this run

.github/workflows/node-dependency-watchdog.yml at 0a5415d
name: Node.js Dependency Watchdog
on:
pull_request:
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
jobs:
path-filter:
permissions:
pull-requests: read # dorny/paths-filter
runs-on: ubuntu-latest
outputs:
changes: ${{ steps.filter.outputs.changes }}
steps:
- uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
with:
persist-credentials: false
- id: filter
uses: dorny/paths-filter@fbd0ab8f3e69293af611ebaee6363fc25e6d187d # v4.0.1
with:
# TODO(cemmer): this is broken, have to use the 'push' event
base: ${{ github.ref }}
filters: |
changes:
- 'package*.json'
node-install-hold:
needs:
- path-filter
if: ${{ needs.path-filter.outputs.changes == 'true' }}
permissions:
contents: read # actions/checkout
pull-requests: write # thollander/actions-comment-pull-request
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
with:
persist-credentials: false
- uses: volta-cli/action@615a78f6c83e116339c53b94f3f82b4d6c0b7d18 # v5.0.0
- id: npm-cache-dir
shell: bash
run: echo "dir=$(npm config get cache)" >> "${GITHUB_OUTPUT}"
- uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5
with:
path: ${{ steps.npm-cache-dir.outputs.dir }}
key: ${{ runner.os }}-npm-${{ hashFiles('**/package-lock.json') }}
restore-keys: |
${{ runner.os }}-npm-
${{ runner.os }}-
- run: npm ci
- id: dependency-hold
run: |
EOF=$(dd if=/dev/urandom bs=15 count=1 status=none | base64)
{
echo "JSON<<$EOF"
npm run --silent deps:hold
echo "$EOF"
} >> "${GITHUB_OUTPUT}"
- uses: thollander/actions-comment-pull-request@24bffb9b452ba05a4f3f77933840a6a841d1b32b # v3.0.1
with:
message: |
## :hand: Dependency holds
A `package*.json` file changed in this pull request. As a notice, these dependencies are potentially being held back by the project's minimum supported Node.js version:
```json
${{ steps.dependency-hold.outputs.JSON }}
```
_Comment generated by the [${{ github.workflow }}](https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}/attempts/${{ github.run_attempt }}) workflow._
mode: ${{ steps.dependency-hold.outputs.JSON && 'upsert' || 'delete' }}
create-if-not-exists: ${{ steps.dependency-hold.outputs.JSON && 'true' || 'false' }}
comment-tag: package-hold
node-deprecated-dependencies:
needs:
- path-filter
if: ${{ needs.path-filter.outputs.changes == 'true' }}
permissions:
contents: read # actions/checkout
pull-requests: write # thollander/actions-comment-pull-request
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
with:
persist-credentials: false
- uses: volta-cli/action@615a78f6c83e116339c53b94f3f82b4d6c0b7d18 # v5.0.0
- id: npm-cache-dir
shell: bash
run: echo "dir=$(npm config get cache)" >> "${GITHUB_OUTPUT}"
- uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5
with:
path: ${{ steps.npm-cache-dir.outputs.dir }}
key: ${{ runner.os }}-npm-${{ hashFiles('**/package-lock.json') }}
restore-keys: |
${{ runner.os }}-npm-
${{ runner.os }}-
- run: npm ci
- id: dependency-deprecated
run: |
EOF=$(dd if=/dev/urandom bs=15 count=1 status=none | base64)
{
echo "JSON<<$EOF"
npm run --silent deps:deprecated
echo "$EOF"
} >> "${GITHUB_OUTPUT}"
- uses: thollander/actions-comment-pull-request@24bffb9b452ba05a4f3f77933840a6a841d1b32b # v3.0.1
with:
message: |
## :skull: Deprecated dependencies
A `package*.json` file changed in this pull request. As a notice, these dependencies are deprecated or have not released a new version in over two years:
```json
${{ steps.dependency-deprecated.outputs.JSON }}
```
_Comment generated by the [${{ github.workflow }}](https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}/attempts/${{ github.run_attempt }}) workflow._
mode: ${{ steps.dependency-deprecated.outputs.JSON && 'upsert' || 'delete' }}
create-if-not-exists: ${{ steps.dependency-deprecated.outputs.JSON && 'true' || 'false' }}
comment-tag: package-deprecated
node-vulnerabilities:
needs:
- path-filter
if: ${{ needs.path-filter.outputs.changes == 'true' }}
permissions:
contents: read # actions/checkout
pull-requests: write # thollander/actions-comment-pull-request
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
with:
persist-credentials: false
- uses: volta-cli/action@615a78f6c83e116339c53b94f3f82b4d6c0b7d18 # v5.0.0
- id: npm-cache-dir
shell: bash
run: echo "dir=$(npm config get cache)" >> "${GITHUB_OUTPUT}"
- uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5
with:
path: ${{ steps.npm-cache-dir.outputs.dir }}
key: ${{ runner.os }}-npm-${{ hashFiles('**/package-lock.json') }}
restore-keys: |
${{ runner.os }}-npm-
${{ runner.os }}-
- run: npm ci
- id: dependency-vulnerabilities
run: |
EOF=$(dd if=/dev/urandom bs=15 count=1 status=none | base64)
{
echo "JSON<<$EOF"
npm run --silent deps:vulnerabilities
echo "$EOF"
} >> "${GITHUB_OUTPUT}"
- uses: thollander/actions-comment-pull-request@24bffb9b452ba05a4f3f77933840a6a841d1b32b # v3.0.1
with:
message: |
## :warning: Vulnerable dependencies
A `package*.json` file changed in this pull request. As a notice, these dependencies have known security vulnerabilities:
```json
${{ steps.dependency-vulnerabilities.outputs.JSON }}
```
_Comment generated by the [${{ github.workflow }}](https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}/attempts/${{ github.run_attempt }}) workflow._
mode: ${{ steps.dependency-vulnerabilities.outputs.JSON && 'upsert' || 'delete' }}
create-if-not-exists: ${{ steps.dependency-vulnerabilities.outputs.JSON && 'true' || 'false' }}
comment-tag: package-vulnerabilities