Modernize dependencies and fix vulnerabilities#306
Open
ehuelsmann wants to merge 298 commits into
Open
Conversation
….2.2 chore(deps-dev): bump chai from 4.2.0 to 6.2.2
Bumps [openapi-types](https://github.com/kogosoftwarellc/open-api) from 9.2.0 to 12.1.3. - [Release notes](https://github.com/kogosoftwarellc/open-api/releases) - [Commits](kogosoftwarellc/open-api@v9.2.0...v12.1.3) --- updated-dependencies: - dependency-name: openapi-types dependency-version: 12.1.3 dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
This fixes TS2345 errors caused by two incompatible versions of openapi-types being installed: 9.2.0 at root (for openapi-response-validator/openapi-schema-validator) and 12.1.3 locally in packages/openapi-validator/node_modules. With yarn resolutions forcing 12.1.3 everywhere, TypeScript sees a single type source and the incompatibility errors in AbstractOpenApiSpec.ts and openApiSpecFactory.ts are resolved. Agent-Logs-Url: https://github.com/ehuelsmann/OpenAPIValidators/sessions/957b8e67-fe23-496f-85ce-aa4d74c2227d Co-authored-by: ehuelsmann <2326559+ehuelsmann@users.noreply.github.com>
…i-types-12.1.3 chore(deps-dev): bump openapi-types from 9.2.0 to 12.1.3
Bumps [eslint-plugin-chai-friendly](https://github.com/ihordiachenko/eslint-plugin-chai-friendly) from 0.6.0 to 1.2.0. - [Release notes](https://github.com/ihordiachenko/eslint-plugin-chai-friendly/releases) - [Commits](ihordiachenko/eslint-plugin-chai-friendly@v0.6.0...v1.2.0) --- updated-dependencies: - dependency-name: eslint-plugin-chai-friendly dependency-version: 1.2.0 dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps [express](https://github.com/expressjs/express) and [@types/express](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/express). These dependencies needed to be updated together. Updates `express` from 4.22.0 to 5.2.1 - [Release notes](https://github.com/expressjs/express/releases) - [Changelog](https://github.com/expressjs/express/blob/master/History.md) - [Commits](expressjs/express@4.22.0...v5.2.1) Updates `@types/express` from 4.17.13 to 5.0.6 - [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases) - [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/express) --- updated-dependencies: - dependency-name: express dependency-version: 5.2.1 dependency-type: direct:development update-type: version-update:semver-major - dependency-name: "@types/express" dependency-version: 5.0.6 dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
…-plugin-chai-friendly-1.2.0 chore(deps-dev): bump eslint-plugin-chai-friendly from 0.6.0 to 1.2.0
Bumps [openapi-response-validator](https://github.com/kogosoftwarellc/open-api) from 9.2.0 to 12.1.3. - [Release notes](https://github.com/kogosoftwarellc/open-api/releases) - [Commits](kogosoftwarellc/open-api@v9.2.0...v12.1.3) --- updated-dependencies: - dependency-name: openapi-response-validator dependency-version: 12.1.3 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
…n permissions Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
…i-response-validator-12.1.3 chore(deps): bump openapi-response-validator from 9.2.0 to 12.1.3
Potential fix for code scanning alert no. 1: Workflow does not contain permissions
…b251156d90 chore(deps-dev): bump express and @types/express
Bumps [jest](https://github.com/jestjs/jest/tree/HEAD/packages/jest) and [@types/jest](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/jest). These dependencies needed to be updated together. Updates `jest` from 29.7.0 to 30.3.0 - [Release notes](https://github.com/jestjs/jest/releases) - [Changelog](https://github.com/jestjs/jest/blob/main/CHANGELOG.md) - [Commits](https://github.com/jestjs/jest/commits/v30.3.0/packages/jest) Updates `@types/jest` from 29.5.14 to 30.0.0 - [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases) - [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/jest) --- updated-dependencies: - dependency-name: jest dependency-version: 30.3.0 dependency-type: direct:development update-type: version-update:semver-major - dependency-name: "@types/jest" dependency-version: 30.0.0 dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
… fix CI syntax errors Agent-Logs-Url: https://github.com/ehuelsmann/OpenAPIValidators/sessions/969585e6-21b1-4ad8-aa06-ec42daf412af Co-authored-by: ehuelsmann <2326559+ehuelsmann@users.noreply.github.com>
…d4eba38f0e chore(deps-dev): bump jest and @types/jest
Bumps [eslint-plugin-jest](https://github.com/jest-community/eslint-plugin-jest) from 24.1.0 to 29.15.2. - [Release notes](https://github.com/jest-community/eslint-plugin-jest/releases) - [Changelog](https://github.com/jest-community/eslint-plugin-jest/blob/main/CHANGELOG.md) - [Commits](jest-community/eslint-plugin-jest@v24.1.0...v29.15.2) --- updated-dependencies: - dependency-name: eslint-plugin-jest dependency-version: 29.15.2 dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
Agent-Logs-Url: https://github.com/ehuelsmann/OpenAPIValidators/sessions/4a568a0e-11b8-4e57-b3b3-2c3f77f8f9f2 Co-authored-by: ehuelsmann <2326559+ehuelsmann@users.noreply.github.com>
…e and disable jest/require-hook Agent-Logs-Url: https://github.com/ehuelsmann/OpenAPIValidators/sessions/c9a78299-f413-4406-b4e9-8dc2726fce4d Co-authored-by: ehuelsmann <2326559+ehuelsmann@users.noreply.github.com>
…-plugin-jest-29.15.2 chore(deps-dev): bump eslint-plugin-jest from 24.1.0 to 29.15.2
…nse-validator Agent-Logs-Url: https://github.com/ehuelsmann/OpenAPIValidators/sessions/bb0917d3-a120-4b5c-ab36-674a6e39b0d6 Co-authored-by: ehuelsmann <2326559+ehuelsmann@users.noreply.github.com>
…ullish coalescing Agent-Logs-Url: https://github.com/ehuelsmann/OpenAPIValidators/sessions/6bb60f01-b6bf-43d6-8790-f5a5dd53275f Co-authored-by: ehuelsmann <2326559+ehuelsmann@users.noreply.github.com>
…e-validator-patch Remove stale openapi-response-validator v9 patch (dependency now on v12)
…ructions Agent-Logs-Url: https://github.com/ehuelsmann/OpenAPIValidators/sessions/8461a199-2928-4262-83df-576c0ecbbb6d Co-authored-by: ehuelsmann <2326559+ehuelsmann@users.noreply.github.com>
Remove additional DTS build
Bumps [typescript](https://github.com/microsoft/TypeScript) from 5.9.3 to 6.0.3. - [Release notes](https://github.com/microsoft/TypeScript/releases) - [Commits](microsoft/TypeScript@v5.9.3...v6.0.3) --- updated-dependencies: - dependency-name: typescript dependency-version: 6.0.3 dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
…ript-6.0.3 chore(deps-dev): bump typescript from 5.9.3 to 6.0.3
Rely on tsconfig.json -- don't override settings in package.json
Remove empty forwarder module
Resolve linter warning about spurious warning suppression
…orwarder Now that the empty forwarder module is deleted, adjust 'rootDir'
* Update package version(s) to v0.18.0 -- due to upgrade to TS6 * Update package version(s) to 0.18.0 -- because v0.18.0 isn't acceptable * Update package version(s) to 0.18.0 -- because v0.18.0 isn't acceptable
Bumps [actions/checkout](https://github.com/actions/checkout) from 6 to 7. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](actions/checkout@v6...v7) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: '7' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
…ions/checkout-7 chore(deps): bump actions/checkout from 6 to 7
Bumps [axios](https://github.com/axios/axios) from 1.16.1 to 1.18.0. - [Release notes](https://github.com/axios/axios/releases) - [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md) - [Commits](axios/axios@v1.16.1...v1.18.0) --- updated-dependencies: - dependency-name: axios dependency-version: 1.18.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
…-1.18.0 chore(deps): bump axios from 1.16.1 to 1.18.0
Bumps [@typescript-eslint/parser](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser) from 8.61.0 to 8.61.1. - [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases) - [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/parser/CHANGELOG.md) - [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.61.1/packages/parser) --- updated-dependencies: - dependency-name: "@typescript-eslint/parser" dependency-version: 8.61.1 dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
…cript-eslint/parser-8.61.1 chore(deps-dev): bump @typescript-eslint/parser from 8.61.0 to 8.61.1
Bumps [eslint](https://github.com/eslint/eslint) from 10.4.1 to 10.5.0. - [Release notes](https://github.com/eslint/eslint/releases) - [Commits](eslint/eslint@v10.4.1...v10.5.0) --- updated-dependencies: - dependency-name: eslint dependency-version: 10.5.0 dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
…t-10.5.0 chore(deps-dev): bump eslint from 10.4.1 to 10.5.0
Bumps [@typescript-eslint/eslint-plugin](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/eslint-plugin) from 8.59.2 to 8.61.1. - [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases) - [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/eslint-plugin/CHANGELOG.md) - [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.61.1/packages/eslint-plugin) --- updated-dependencies: - dependency-name: "@typescript-eslint/eslint-plugin" dependency-version: 8.61.1 dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
…cript-eslint/eslint-plugin-8.61.1 chore(deps-dev): bump @typescript-eslint/eslint-plugin from 8.59.2 to 8.61.1
Bumps [eslint-plugin-chai-friendly](https://github.com/ihordiachenko/eslint-plugin-chai-friendly) from 1.2.0 to 1.2.1. - [Release notes](https://github.com/ihordiachenko/eslint-plugin-chai-friendly/releases) - [Commits](ihordiachenko/eslint-plugin-chai-friendly@v1.2.0...v1.2.1) --- updated-dependencies: - dependency-name: eslint-plugin-chai-friendly dependency-version: 1.2.1 dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
…t-plugin-chai-friendly-1.2.1 chore(deps-dev): bump eslint-plugin-chai-friendly from 1.2.0 to 1.2.1
Bumps the npm_and_yarn group with 1 update in the / directory: [form-data](https://github.com/form-data/form-data). Updates `form-data` from 4.0.5 to 4.0.6 - [Changelog](https://github.com/form-data/form-data/blob/master/CHANGELOG.md) - [Commits](form-data/form-data@v4.0.5...v4.0.6) --- updated-dependencies: - dependency-name: form-data dependency-version: 4.0.6 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>
…nd_yarn-650b74d069 chore(deps): bump form-data from 4.0.5 to 4.0.6 in the npm_and_yarn group across 1 directory
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
There are 99+ vulnerabilities reported by Dependabot on my fork. I've been working to fix them. Here's my progress.