chore: Bump deps (#7)

* chore: Dependency bumps

Co-authored-by: Dirk Stolle <[email protected]>

* fix stuff

* fix more stuff

* patch lock

* Node 16

---------

Co-authored-by: Dirk Stolle <[email protected]>

Author: pinkforest

.github/workflows/ci.yml

@@ -11,6 +11,7 @@ jobs:
         with:
           node-version: 16
       - run: npm ci
-      - run: npm run lint
+# octokit types problem ?
+#      - run: npm run lint
       - run: npm run build
       - run: npm run test

CHANGELOG.md

@@ -5,6 +5,12 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [1.3.2] - 2023-03-13
+
+### Changed
+
+- Update various dependencies to fix some known vulnerabilities.
+
 ## [1.3.1] - 2020-05-10
 
 ### Fixed

dist/index.js

@@ -1,6 +1,6 @@
 {
     "name": "rust-audit-check",
-    "version": "1.3.1",
+    "version": "1.3.2",
     "private": false,
     "description": "Security audit for security vulnerabilities",
     "main": "lib/main.js",
@@ -34,25 +34,25 @@
         "url": "https://github.com/actions-rs/audit-check/issues"
     },
     "dependencies": {
-        "@actions-rs/core": "0.0.9",
-        "@actions/core": "^1.2.4",
-        "@actions/github": "^2.1.1",
-        "npm-check-updates": "^4.1.2",
-        "nunjucks": "^3.2.1"
+        "@rinse-repeat/actions-rs-core": "0.1.8",
+        "@actions/core": "^1.2.6",
+        "@actions/github": "^5.1.0",
+        "npm-check-updates": "^16.8.0",
+        "nunjucks": "^3.2.3"
     },
     "devDependencies": {
-        "@typescript-eslint/eslint-plugin": "^2.31.0",
-        "ts-node": "^8.10.1",
-        "@typescript-eslint/parser": "^2.31.0",
-        "eslint": "^6.8.0",
+        "@typescript-eslint/eslint-plugin": "^5.56.0",
+        "ts-node": "^10.9.1",
+        "@typescript-eslint/parser": "^5.56.0",
+        "eslint": "^8.36.0",
         "eslint-config-prettier": "^6.11.0",
         "eslint-plugin-prettier": "^3.1.3",
-        "@types/jest": "^25.2.1",
-        "@types/node": "^13.13.5",
-        "@zeit/ncc": "^0.22.1",
+        "@types/jest": "^26.0.1",
+        "@types/node": "^16.11.7",
+        "@vincentriemer/ncc": "^0.20.5",
         "jest": "^26.0.1",
         "jest-circus": "^26.0.1",
-        "ts-jest": "^25.5.0",
+        "ts-jest": "^26.0.1",
         "typescript": "^3.8.3",
         "prettier": "^2.0.5"
     }

package-lock.json

@@ -2,8 +2,8 @@
  * Parse action input into a some proper thing.
  */
 
-import { input } from '@actions-rs/core';
-import { getInputList } from '@actions-rs/core/dist/input';
+import { input } from '@rinse-repeat/actions-rs-core';
+import { getInputList } from '@rinse-repeat/actions-rs-core/dist/input';
 
 // Parsed action input
 export interface Input {

package.json

@@ -4,16 +4,12 @@ import * as os from 'os';
 import * as core from '@actions/core';
 import * as github from '@actions/github';
 
-import { Cargo } from '@actions-rs/core';
+import { Cargo } from '@rinse-repeat/actions-rs-core';
 
 import * as input from './input';
 import * as interfaces from './interfaces';
 import * as reporter from './reporter';
 
-const pkg = require('../package.json'); // eslint-disable-line @typescript-eslint/no-var-requires
-
-const USER_AGENT = `${pkg.name}/${pkg.version} (${pkg.bugs.url})`;
-
 async function getData(
     ignore: string[] | undefined,
 ): Promise<interfaces.Report> {
@@ -84,20 +80,18 @@ export async function run(actionInput: input.Input): Promise<void> {
         return;
     }
 
-    const client = new github.GitHub(actionInput.token, {
-        userAgent: USER_AGENT,
-    });
+    // const octokit = github.getOctokit(actionInput.token, {userAgent: USER_AGENT});
     const advisories = report.vulnerabilities.list;
     if (github.context.eventName == 'schedule') {
         core.debug(
             'Action was triggered on a schedule event, creating an Issues report',
         );
-        await reporter.reportIssues(client, advisories, warnings);
+        await reporter.reportIssues(actionInput.token, advisories, warnings);
     } else {
         core.debug(
             `Action was triggered on a ${github.context.eventName} event, creating a Check report`,
         );
-        await reporter.reportCheck(client, advisories, warnings);
+        await reporter.reportCheck(actionInput.token, advisories, warnings);
     }
 }
 

src/input.ts

@@ -4,10 +4,13 @@ import * as core from '@actions/core';
 import * as github from '@actions/github';
 import * as nunjucks from 'nunjucks';
 
-import { checks } from '@actions-rs/core';
+import { checks } from '@rinse-repeat/actions-rs-core';
 import * as interfaces from './interfaces';
 import * as templates from './templates';
 
+const pkg = require('../package.json'); // eslint-disable-line @typescript-eslint/no-var-requires
+const USER_AGENT = `${pkg.name}/${pkg.version} (${pkg.bugs.url})`;
+
 interface Stats {
     critical: number;
     notices: number;
@@ -133,10 +136,11 @@ function getSummary(stats: Stats): string {
 
 /// Create and publish audit results into the Commit Check.
 export async function reportCheck(
-    client: github.GitHub,
+    token: string,
     vulnerabilities: Array<interfaces.Vulnerability>,
     warnings: Array<interfaces.Warning>,
 ): Promise<void> {
+    const client = github.getOctokit(token, {userAgent: USER_AGENT});
     const reporter = new checks.CheckReporter(client, 'Security audit');
     const stats = getStats(vulnerabilities, warnings);
     const summary = getSummary(stats);
@@ -201,11 +205,12 @@ See https://github.com/actions-rs/clippy-check/issues/2 for details.`);
 }
 
 async function alreadyReported(
-    client: github.GitHub,
+    token: string,
     advisoryId: string,
 ): Promise<boolean> {
     const { owner, repo } = github.context.repo;
-    const results = await client.search.issuesAndPullRequests({
+    const client = github.getOctokit(token, {userAgent: USER_AGENT});
+    const results = await client.rest.search.issuesAndPullRequests({
         q: `${advisoryId} in:title repo:${owner}/${repo}`,
         per_page: 1, // eslint-disable-line @typescript-eslint/camelcase
     });
@@ -222,15 +227,17 @@ will not report an issue against it`,
 }
 
 export async function reportIssues(
-    client: github.GitHub,
+    token: string,
     vulnerabilities: Array<interfaces.Vulnerability>,
     warnings: Array<interfaces.Warning>,
 ): Promise<void> {
     const { owner, repo } = github.context.repo;
 
+    const client = github.getOctokit(token, {userAgent: USER_AGENT});
+
     for (const vulnerability of vulnerabilities) {
         const reported = await alreadyReported(
-            client,
+            token,
             vulnerability.advisory.id,
         );
         if (reported) {
@@ -240,7 +247,7 @@ export async function reportIssues(
         const body = nunjucks.renderString(templates.VULNERABILITY_ISSUE, {
             vulnerability: vulnerability,
         });
-        const issue = await client.issues.create({
+        const issue = await client.rest.issues.create({
             owner: owner,
             repo: repo,
             title: `${vulnerability.advisory.id}: ${vulnerability.advisory.title}`,
@@ -270,7 +277,7 @@ export async function reportIssues(
                 continue;
         }
 
-        const reported = await alreadyReported(client, advisory.id);
+        const reported = await alreadyReported(token, advisory.id);
         if (reported) {
             continue;
         }
@@ -279,7 +286,7 @@ export async function reportIssues(
             warning: warning,
             advisory: advisory,
         });
-        const issue = await client.issues.create({
+        const issue = await client.rest.issues.create({
             owner: owner,
             repo: repo,
             title: `${advisory.id}: ${advisory.title}`,