octokit · Sep 17, 2021 · Sep 17, 2021 · Sep 20, 2021 · Sep 27, 2021 · Oct 4, 2021
Showing with 16,685 additions and 2,344 deletions.

+6 −9 .github/workflows/codeql.yml

+3 −3 .github/workflows/release.yml

+6 −7 .github/workflows/test.yml

+5 −5 .github/workflows/update-prettier.yml

+11 −0 SECURITY.md

+16,641 −2,313 package-lock.json

+13 −7 package.json
diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
@@ -2,6 +2,8 @@ name: "Code scanning - action"
 
 on:
   push:
+    branches-ignore:
+      - "dependabot/**"
   pull_request:
   schedule:
     - cron: '0 19 * * 0'
@@ -14,28 +16,23 @@ jobs:
 
     steps:
     - name: Checkout repository
-      uses: actions/checkout@v2
+      uses: actions/checkout@v3
       with:
         # We must fetch at least the immediate parents so that if this is
         # a pull request then we can checkout the head.
         fetch-depth: 2
-
-    # If this run was triggered by a pull request event, then checkout
-    # the head of the pull request instead of the merge commit.
-    - run: git checkout HEAD^2
-      if: ${{ github.event_name == 'pull_request' }}
 
     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL
-      uses: github/codeql-action/init@v1
+      uses: github/codeql-action/init@v2
       # Override language selection by uncommenting this and choosing your languages
       # with:
       #   languages: go, javascript, csharp, python, cpp, java
 
     # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
     # If this step fails, then you should remove it and run the build manually (see below)
     - name: Autobuild
-      uses: github/codeql-action/autobuild@v1
+      uses: github/codeql-action/autobuild@v2
 
     # ℹ️ Command-line programs to run using the OS shell.
     # 📚 https://git.io/JvXDl
@@ -49,4 +46,4 @@ jobs:
     #   make release
 
     - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v1
+      uses: github/codeql-action/analyze@v2
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -12,10 +12,10 @@ jobs:
     name: release
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v2
-      - uses: actions/setup-node@v2
+      - uses: actions/checkout@v3
+      - uses: actions/setup-node@v3
         with:
-          node-version: "12.x"
+          node-version: 16
           cache: npm
       - run: npm ci
       - run: npm run build

diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
@@ -14,19 +14,18 @@ jobs:
     strategy:
       matrix:
         node_version:
-          - 10
-          - 12
           - 14
           - 16
+          - 18
 
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v3
       - name: Setup Node v${{ matrix.node_version }}
-        uses: actions/setup-node@v2
+        uses: actions/setup-node@v3
         with:
           node-version: ${{ matrix.node_version }}
           cache: npm
-      - uses: actions/cache@v2
+      - uses: actions/cache@v3
         with:
           path: ~/.npm
           key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }}
@@ -39,8 +38,8 @@ jobs:
     runs-on: ubuntu-latest
     needs: test_matrix
     steps:
-      - uses: actions/checkout@v2
-      - uses: actions/setup-node@v2
+      - uses: actions/checkout@v3
+      - uses: actions/setup-node@v3
         with:
           node-version: 16
           cache: npm

diff --git a/.github/workflows/update-prettier.yml b/.github/workflows/update-prettier.yml
@@ -8,17 +8,17 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@master
-      - uses: actions/setup-node@v2
+      - uses: actions/setup-node@v3
         with:
-          version: 12
           cache: npm
+          node-version: 16
       - run: npm ci
-      - run: "npm run lint:fix"
+      - run: npm run lint:fix
       - uses: gr2m/create-or-update-pull-request-action@v1.x
         env:
-          GITHUB_TOKEN: "${{ secrets.OCTOKITBOT_PAT }}"
+          GITHUB_TOKEN: ${{ secrets.OCTOKITBOT_PAT }}
         with:
           title: Prettier updated
           body: An update to prettier required updates to your code.
-          branch: "${{ github.ref }}"
+          branch: ${{ github.ref }}
           commit-message: "style: prettier"
diff --git a/SECURITY.md b/SECURITY.md
@@ -0,0 +1,11 @@
+# Security Policy
+
+Thanks for helping make GitHub Open Source Software safe for everyone.
+
+GitHub takes the security of our software products and services seriously, including all of the open source code repositories managed through our GitHub organizations, such as [Octokit](https://github.com/octokit).
+
+Even though [open source repositories are outside of the scope of our bug bounty program](https://bounty.github.com/index.html#scope) and therefore not eligible for bounty rewards, we want to make sure that your finding gets passed along to the maintainers of this project for remediation.
+
+## Reporting a Vulnerability
+
+Since this source is part of [Octokit](https://github.com/octokit) (a GitHub organization) we ask that you follow the guidelines [here](https://github.com/github/.github/blob/master/SECURITY.md#reporting-security-issues) to report anything that you might've found.