.github/workflows/codeql.yml

@@ -3,6 +3,8 @@ name: "Code scanning - action"
 on:
   push:
   pull_request:
+    branches-ignore:
+      - "dependabot/**"
   schedule:
     - cron: '0 19 * * 0'
 
@@ -14,7 +16,7 @@ jobs:
 
     steps:
     - name: Checkout repository
-      uses: actions/checkout@v2
+      uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # tag=v3
       with:
         # We must fetch at least the immediate parents so that if this is
         # a pull request then we can checkout the head.
@@ -27,15 +29,15 @@ jobs:
 
     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL
-      uses: github/codeql-action/init@v1
+      uses: github/codeql-action/init@3f62b754e23e0dd60f91b744033e1dc1654c0ec6 # tag=v2
       # Override language selection by uncommenting this and choosing your languages
       # with:
       #   languages: go, javascript, csharp, python, cpp, java
 
     # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
     # If this step fails, then you should remove it and run the build manually (see below)
     - name: Autobuild
-      uses: github/codeql-action/autobuild@v1
+      uses: github/codeql-action/autobuild@3f62b754e23e0dd60f91b744033e1dc1654c0ec6 # tag=v2
 
     # ℹ️ Command-line programs to run using the OS shell.
     # 📚 https://git.io/JvXDl
@@ -49,4 +51,4 @@ jobs:
     #   make release
 
     - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v1
+      uses: github/codeql-action/analyze@3f62b754e23e0dd60f91b744033e1dc1654c0ec6 # tag=v2

.github/workflows/release.yml

@@ -12,10 +12,11 @@ jobs:
     name: release
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v2
-      - uses: actions/setup-node@v2
+      - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # tag=v3
+      - uses: actions/setup-node@eeb10cff27034e7acf239c5d29f62154018672fd # tag=v3
         with:
-          node-version: "12.x"
+          node-version: 16
+          cache: npm
       - run: npm ci
       - run: npm run build
       - run: npx semantic-release

.github/workflows/test.yml

@@ -13,16 +13,16 @@ jobs:
     strategy:
       matrix:
         node_version:
-          - 10
-          - 12
           - 14
           - 16
+          - 18
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # tag=v3
       - name: "Use Node.js ${{ matrix.node_version }}"
-        uses: actions/setup-node@v2
+        uses: actions/setup-node@eeb10cff27034e7acf239c5d29f62154018672fd # tag=v3
         with:
           node-version: "${{ matrix.node_version }}"
+          cache: npm
       - name: Install
         run: npm ci
       - name: Test

.github/workflows/update-prettier.yml

@@ -1,23 +1,24 @@
 name: Update Prettier
-on:
+"on":
   push:
     branches:
-      - "renovate/prettier-*"
+      - renovate/prettier-*
 jobs:
   update_prettier:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@master
-      - uses: actions/setup-node@v2
+      - uses: actions/setup-node@eeb10cff27034e7acf239c5d29f62154018672fd # tag=v3
         with:
-          version: 12
+          cache: npm
+          node-version: 16
       - run: npm ci
       - run: npm run lint:fix
       - uses: gr2m/create-or-update-pull-request-action@v1.x
         env:
           GITHUB_TOKEN: ${{ secrets.OCTOKITBOT_PAT }}
         with:
-          title: "Prettier updated"
-          body: "An update to prettier required updates to your code."
+          title: Prettier updated
+          body: An update to prettier required updates to your code.
           branch: ${{ github.ref }}
           commit-message: "style: prettier"

README.md

@@ -38,9 +38,6 @@ const { RequestError } = require("@octokit/request-error");
 
 ```js
 const error = new RequestError("Oops", 500, {
-  headers: {
-    "x-github-request-id": "1:2:3:4",
-  }, // response headers
   request: {
     method: "POST",
     url: "https://api.github.com/foo",
@@ -51,14 +48,21 @@ const error = new RequestError("Oops", 500, {
       authorization: "token secret123",
     },
   },
+  response: {
+    status: 500,
+    url: "https://api.github.com/foo"
+    headers: {
+      "x-github-request-id": "1:2:3:4",
+    },
+    data: {
+      foo: "bar"
+    }
+  },
 });
 
 error.message; // Oops
 error.status; // 500
-error.request.method; // POST
-error.request.url; // https://api.github.com/foo
-error.request.body; // { bar: 'baz' }
-error.request.headers; // { authorization: 'token [REDACTED]' }
+error.request; // { method, url, headers, body }
 error.response; // { url, status, headers, data }
 ```
 

SECURITY.md

@@ -0,0 +1,12 @@
+# Security Policy
+
+Thanks for helping make GitHub Open Source Software safe for everyone.
+
+GitHub takes the security of our software products and services seriously, including all of the open source code repositories managed through our GitHub organizations, such as [Octokit](https://github.com/octokit).
+
+Even though [open source repositories are outside of the scope of our bug bounty program](https://bounty.github.com/index.html#scope) and therefore not eligible for bounty rewards, we want to make sure that your finding gets passed along to the maintainers of this project for remediation. 
+
+
+## Reporting a Vulnerability
+
+Since this source is part of [Octokit](https://github.com/octokit) (a GitHub organization) we ask that you follow the guidelines [here](https://github.com/github/.github/blob/master/SECURITY.md#reporting-security-issues) to report anything that you might've found.