From 3ad2ca61d0302a67b7a3b80ed999a3bf09567a16 Mon Sep 17 00:00:00 2001 From: StepSecurity Bot Date: Sat, 17 May 2025 15:14:19 +0000 Subject: [PATCH 1/2] [StepSecurity] ci: Harden GitHub Actions Signed-off-by: StepSecurity Bot --- .github/workflows/ci.yml | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 45655c24..71a28cce 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -24,9 +24,9 @@ jobs: name: Lint runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Setup Node.js - uses: actions/setup-node@v4 + uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0 with: node-version: 'lts/*' @@ -164,7 +164,7 @@ jobs: node-version: "23" steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Install Node.js ${{ matrix.node-version }} shell: bash -eo pipefail -l {0} @@ -229,7 +229,7 @@ jobs: - name: Upload code coverage if: steps.list_env.outputs.nyc != '' - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 with: name: coverage-node-${{ matrix.node-version }} path: ./coverage/lcov.info @@ -242,14 +242,14 @@ jobs: contents: read checks: write steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Install lcov shell: bash run: sudo apt-get -y install lcov - name: Collect coverage reports - uses: actions/download-artifact@v4 + uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0 with: path: ./coverage pattern: coverage-node-* @@ -259,7 +259,7 @@ jobs: run: find ./coverage -name lcov.info -exec printf '-a %q\n' {} \; | xargs lcov -o ./lcov.info - name: Upload coverage report - uses: coverallsapp/github-action@v2 + uses: coverallsapp/github-action@648a8eb78e6d50909eff900e4ec85cab4524a45b # v2.3.6 with: github-token: ${{ secrets.GITHUB_TOKEN }} file: ./lcov.info \ No newline at end of file From 5f473ff28a8549851aaaae3190b88c6e744bdb28 Mon Sep 17 00:00:00 2001 From: Sebastian Beltran Date: Sat, 17 May 2025 12:14:54 -0500 Subject: [PATCH 2/2] ping supertest in ci Signed-off-by: Sebastian Beltran --- .github/workflows/ci.yml | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 71a28cce..69305611 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -113,31 +113,34 @@ jobs: - name: Node.js 8.x node-version: "8" - npm-i: mocha@7.2.0 nyc@14.1.1 + npm-i: mocha@7.2.0 nyc@14.1.1 supertest@6.1.6 - name: Node.js 9.x node-version: "9" - npm-i: mocha@7.2.0 nyc@14.1.1 + npm-i: mocha@7.2.0 nyc@14.1.1 supertest@6.1.6 - name: Node.js 10.x node-version: "10" - npm-i: mocha@8.4.0 + npm-i: mocha@8.4.0 supertest@6.1.6 - name: Node.js 11.x node-version: "11" - npm-i: mocha@8.4.0 + npm-i: mocha@8.4.0 supertest@6.1.6 - name: Node.js 12.x node-version: "12" + npm-i: "supertest@6.1.6" - name: Node.js 13.x node-version: "13" + npm-i: "supertest@6.1.6" - name: Node.js 14.x node-version: "14" - name: Node.js 15.x node-version: "15" + npm-i: "supertest@6.1.6" - name: Node.js 16.x node-version: "16"