From 06a6e4985e17e999c2e42180e61d64530409a6e2 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 9 Dec 2024 19:16:25 +0000 Subject: [PATCH 1/6] Bump lru-cache from 10.4.3 to 11.0.2 Bumps [lru-cache](https://github.com/isaacs/node-lru-cache) from 10.4.3 to 11.0.2. - [Changelog](https://github.com/isaacs/node-lru-cache/blob/main/CHANGELOG.md) - [Commits](https://github.com/isaacs/node-lru-cache/compare/v10.4.3...v11.0.2) --- updated-dependencies: - dependency-name: lru-cache dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index d106f3a..f76156d 100644 --- a/package.json +++ b/package.json @@ -66,7 +66,7 @@ "jiti": "^1.21.6", "lilconfig": "^2.1.0", "lines-and-columns": "^2.0.4", - "lru-cache": "^10.4.3", + "lru-cache": "^11.0.2", "merge2": "^1.4.1", "micromatch": "^4.0.8", "minimatch": "^10.0.1", From f8b4d3e5297a9afb8b9ca6b71e158630cc1a3c22 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 9 Dec 2024 19:16:30 +0000 Subject: [PATCH 2/6] Bump readdirp from 3.6.0 to 4.0.2 Bumps [readdirp](https://github.com/paulmillr/readdirp) from 3.6.0 to 4.0.2. - [Release notes](https://github.com/paulmillr/readdirp/releases) - [Commits](https://github.com/paulmillr/readdirp/compare/3.6.0...4.0.2) --- updated-dependencies: - dependency-name: readdirp dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index d106f3a..2f61de7 100644 --- a/package.json +++ b/package.json @@ -94,7 +94,7 @@ "postcss-value-parser": "^4.2.0", "queue-microtask": "^1.2.3", "read-cache": "^1.0.0", - "readdirp": "^3.6.0", + "readdirp": "^4.0.2", "resolve": "^1.22.8", "reusify": "^1.0.4", "run-parallel": "^1.2.0", From 7247cec5aed718f529fb06bc5b14dbc692710a3f Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 9 Dec 2024 19:16:35 +0000 Subject: [PATCH 3/6] Bump balanced-match from 1.0.2 to 3.0.1 Bumps [balanced-match](https://github.com/juliangruber/balanced-match) from 1.0.2 to 3.0.1. - [Release notes](https://github.com/juliangruber/balanced-match/releases) - [Commits](https://github.com/juliangruber/balanced-match/compare/v1.0.2...v3.0.1) --- updated-dependencies: - dependency-name: balanced-match dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index d106f3a..8dbe7a3 100644 --- a/package.json +++ b/package.json @@ -30,7 +30,7 @@ "any-promise": "^1.3.0", "anymatch": "^3.1.3", "arg": "^5.0.2", - "balanced-match": "^1.0.2", + "balanced-match": "^3.0.1", "binary-extensions": "^2.3.0", "brace-expansion": "^2.0.1", "braces": "^3.0.3", From 6d45b3f339497d679682589234a614adbdfb8be1 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 9 Dec 2024 19:16:39 +0000 Subject: [PATCH 4/6] Bump isexe from 2.0.0 to 3.1.1 Bumps [isexe](https://github.com/isaacs/isexe) from 2.0.0 to 3.1.1. - [Commits](https://github.com/isaacs/isexe/compare/v2.0.0...v3.1.1) --- updated-dependencies: - dependency-name: isexe dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index d106f3a..e898b0c 100644 --- a/package.json +++ b/package.json @@ -61,7 +61,7 @@ "is-fullwidth-code-point": "^3.0.0", "is-glob": "^4.0.3", "is-number": "^7.0.0", - "isexe": "^2.0.0", + "isexe": "^3.1.1", "jackspeak": "^3.4.3", "jiti": "^1.21.6", "lilconfig": "^2.1.0", From 0747db52bb2e361d60f8df717abbf452e7f81dfe Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 9 Dec 2024 19:16:45 +0000 Subject: [PATCH 5/6] Bump postcss-load-config from 4.0.2 to 6.0.1 Bumps [postcss-load-config](https://github.com/postcss/postcss-load-config) from 4.0.2 to 6.0.1. - [Release notes](https://github.com/postcss/postcss-load-config/releases) - [Changelog](https://github.com/postcss/postcss-load-config/blob/main/CHANGELOG.md) - [Commits](https://github.com/postcss/postcss-load-config/compare/v4.0.2...6.0.1) --- updated-dependencies: - dependency-name: postcss-load-config dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index d106f3a..424b11f 100644 --- a/package.json +++ b/package.json @@ -88,7 +88,7 @@ "pirates": "^4.0.6", "postcss-import": "^15.1.0", "postcss-js": "^4.0.1", - "postcss-load-config": "^4.0.2", + "postcss-load-config": "^6.0.1", "postcss-nested": "^7.0.2", "postcss-selector-parser": "^6.1.2", "postcss-value-parser": "^4.2.0", From efb61ed10e690d16c81a20c0a75c31aa30c89c23 Mon Sep 17 00:00:00 2001 From: Aidan Date: Mon, 9 Dec 2024 21:23:47 -0500 Subject: [PATCH 6/6] Create codacy.yml --- .github/workflows/codacy.yml | 61 ++++++++++++++++++++++++++++++++++++ 1 file changed, 61 insertions(+) create mode 100644 .github/workflows/codacy.yml diff --git a/.github/workflows/codacy.yml b/.github/workflows/codacy.yml new file mode 100644 index 0000000..3808b7e --- /dev/null +++ b/.github/workflows/codacy.yml @@ -0,0 +1,61 @@ +# This workflow uses actions that are not certified by GitHub. +# They are provided by a third-party and are governed by +# separate terms of service, privacy policy, and support +# documentation. + +# This workflow checks out code, performs a Codacy security scan +# and integrates the results with the +# GitHub Advanced Security code scanning feature. For more information on +# the Codacy security scan action usage and parameters, see +# https://github.com/codacy/codacy-analysis-cli-action. +# For more information on Codacy Analysis CLI in general, see +# https://github.com/codacy/codacy-analysis-cli. + +name: Codacy Security Scan + +on: + push: + branches: [ "main" ] + pull_request: + # The branches below must be a subset of the branches above + branches: [ "main" ] + schedule: + - cron: '35 8 * * 2' + +permissions: + contents: read + +jobs: + codacy-security-scan: + permissions: + contents: read # for actions/checkout to fetch code + security-events: write # for github/codeql-action/upload-sarif to upload SARIF results + actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status + name: Codacy Security Scan + runs-on: ubuntu-latest + steps: + # Checkout the repository to the GitHub Actions runner + - name: Checkout code + uses: actions/checkout@v4 + + # Execute Codacy Analysis CLI and generate a SARIF output with the security issues identified during the analysis + - name: Run Codacy Analysis CLI + uses: codacy/codacy-analysis-cli-action@d840f886c4bd4edc059706d09c6a1586111c540b + with: + # Check https://github.com/codacy/codacy-analysis-cli#project-token to get your project token from your Codacy repository + # You can also omit the token and run the tools that support default configurations + project-token: ${{ secrets.CODACY_PROJECT_TOKEN }} + verbose: true + output: results.sarif + format: sarif + # Adjust severity of non-security issues + gh-code-scanning-compat: true + # Force 0 exit code to allow SARIF file generation + # This will handover control about PR rejection to the GitHub side + max-allowed-issues: 2147483647 + + # Upload the SARIF file generated in the previous step + - name: Upload SARIF results file + uses: github/codeql-action/upload-sarif@v3 + with: + sarif_file: results.sarif