Skip to content

[Snyk] Upgrade: , commander, dotenv, inquirer, octokit#301

Open
X-oss-byte wants to merge 1 commit intomasterfrom
snyk-upgrade-668a92466b13dd4f74297b982e0819ef
Open

[Snyk] Upgrade: , commander, dotenv, inquirer, octokit#301
X-oss-byte wants to merge 1 commit intomasterfrom
snyk-upgrade-668a92466b13dd4f74297b982e0819ef

Conversation

@X-oss-byte
Copy link
Owner

@X-oss-byte X-oss-byte commented Sep 16, 2024

snyk-top-banner

Snyk has created this PR to upgrade multiple dependencies.

👯 The following dependencies are linked and will therefore be updated together.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

Name Versions Released on

@octokit/rest
from 16.39.0 to 16.43.2 | 12 versions ahead of your current version | 4 years ago
on 2020-06-24
commander
from 4.1.0 to 4.1.1 | 1 version ahead of your current version | 5 years ago
on 2020-02-03
dotenv
from 8.2.0 to 8.6.0 | 5 versions ahead of your current version | 3 years ago
on 2021-05-05
inquirer
from 7.0.4 to 7.3.3 | 9 versions ahead of your current version | 4 years ago
on 2020-07-23
octokit
from 1.0.0-hello-world to 1.8.1 | 21 versions ahead of your current version | 2 years ago
on 2022-06-22

Release notes
Package name: @octokit/rest
  • 16.43.2 - 2020-06-24

    16.43.2 (2020-06-24)

    Bug Fixes

    • typescript: return type for octokit.hook.wrap callback (#1770) (0798dcd)
  • 16.43.1 - 2020-02-03
  • 16.43.0 - 2020-02-03
  • 16.42.2 - 2020-02-03
  • 16.42.1 - 2020-02-03
  • 16.42.0 - 2020-02-03
  • 16.41.2 - 2020-02-02
  • 16.41.1 - 2020-01-31
  • 16.41.0 - 2020-01-31
  • 16.40.2 - 2020-01-30
  • 16.40.1 - 2020-01-29
  • 16.40.0 - 2020-01-28
  • 16.39.0 - 2020-01-27
from @octokit/rest GitHub release notes
Package name: commander
  • 4.1.1 - 2020-02-03

    Fixed

    • TypeScript definition for .action() should include Promise for async ([#1157])
  • 4.1.0 - 2020-01-06

    Added

    • two routines to change how option values are handled, and eliminate name clashes with command properties (#933 #1102)
      • see storeOptionsAsProperties and passCommandToAction in README
    • .parseAsync to use instead of .parse if supply async action handlers (#806 #1118)

    Fixed

    • Remove trailing blanks from wrapped help text (#1096)

    Changed

    • update dependencies
    • extend security coverage for Commander 2.x to 2020-02-03
    • improvements to README
    • improvements to TypeScript definition documentation
    • move old versions out of main CHANGELOG
    • removed explicit use of ts-node in tests
from commander GitHub release notes
Package name: dotenv from dotenv GitHub release notes
Package name: inquirer
  • 7.3.3 - 2020-07-23
  • 7.3.2 - 2020-07-13
  • 7.3.1 - 2020-07-10
  • 7.3.0 - 2020-07-02
  • 7.2.0 - 2020-06-15
  • 7.1.0 - 2020-03-10
  • 7.0.7 - 2020-03-10
  • 7.0.6 - 2020-03-04
  • 7.0.5 - 2020-02-29
  • 7.0.4 - 2020-01-25
from inquirer GitHub release notes
Package name: octokit
  • 1.8.1 - 2022-06-22

    1.8.1 (2022-06-22)

    Bug Fixes

  • 1.8.0 - 2022-06-15

    Features

    • .rest.dependabot.addSelectedRepoToOrgSecret()
    • .rest.dependabot.removeSelectedRepoFromOrgSecret()
    • .rest.teams.listLinkedExternalIdpGroupsToTeamForOrg()
    • .rest.teams.linkExternalIdpGroupToTeamForOrg()
    • .rest.teams.unlinkExternalIdpGroupFromTeamForOrg()
    • .rest.enterpriseAdmin.listLabelsForSelfHostedRunnerForEnterprise()
    • .rest.enterpriseAdmin.addCustomLabelsToSelfHostedRunnerForEnterprise()
    • .rest.enterpriseAdmin.setCustomLabelsForSelfHostedRunnerForEnterprise()
    • .rest.enterpriseAdmin.removeAllCustomLabelsFromSelfHostedRunnerForEnterprise()
    • .rest.actions.listLabelsForSelfHostedRunnerForOrg()
    • .rest.actions.addCustomLabelsToSelfHostedRunnerForOrg()
    • .rest.actions.setCustomLabelsForSelfHostedRunnerForOrg()
    • .rest.actions.removeAllCustomLabelsFromSelfHostedRunnerForOrg()
    • .rest.actions.listLabelsForSelfHostedRunnerForRepo()
    • .rest.actions.addCustomLabelsToSelfHostedRunnerForRepo()
    • .rest.actions.setCustomLabelsForSelfHostedRunnerForRepo()
    • .rest.actions.removeAllCustomLabelsFromSelfHostedRunnerForRepo()
    • .rest.codespaces.listInRepositoryForAuthenticatedUser()
    • .rest.codespaces.createWithRepoForAuthenticatedUser()
    • .rest.repos.listTagProtection()
    • .rest.repos.createTagProtection()
    • .rest.codespaces.listForAuthenticatedUser()
    • .rest.codespaces.createForAuthenticatedUser()
    • .rest.codespaces.listSecretsForAuthenticatedUser()
    • .rest.codespaces.getPublicKeyForAuthenticatedUser()
    • .rest.codespaces.getSecretForAuthenticatedUser()
    • .rest.codespaces.createOrUpdateSecretForAuthenticatedUser()
    • .rest.codespaces.deleteSecretForAuthenticatedUser()
    • .rest.codespaces.listRepositoriesForSecretForAuthenticatedUser()
    • .rest.codespaces.setRepositoriesForSecretForAuthenticatedUser()
    • .rest.codespaces.addRepositoryForSecretForAuthenticatedUser()
    • .rest.codespaces.removeRepositoryForSecretForAuthenticatedUser()
    • .rest.codespaces.getForAuthenticatedUser()
    • .rest.codespaces.updateForAuthenticatedUser()
    • .rest.codespaces.deleteForAuthenticatedUser()
    • .rest.codespaces.exportForAuthenticatedUser()
    • .rest.codespaces.getExportDetailsForAuthenticatedUser()
    • .rest.codespaces.codespaceMachinesForAuthenticatedUser()
    • .rest.codespaces.startForAuthenticatedUser()
    • .rest.codespaces.stopForAuthenticatedUser()
    • .rest.dependabot.getOrgSecret()
    • .rest.dependabot.createOrUpdateOrgSecret()
    • .rest.dependabot.deleteOrgSecret()
    • .rest.codespaces.getRepoSecret()
    • .rest.codespaces.createOrUpdateRepoSecret()
    • .rest.codespaces.deleteRepoSecret()
    • .rest.dependabot.getRepoSecret()
    • .rest.dependabot.createOrUpdateRepoSecret()
    • .rest.dependabot.deleteRepoSecret()
    • .rest.actions.getGithubActionsDefaultWorkflowPermissionsOrganization()
    • .rest.actions.setGithubActionsDefaultWorkflowPermissionsOrganization()
    • .rest.dependabot.listSelectedReposForOrgSecret()
    • .rest.dependabot.setSelectedReposForOrgSecret()
    • .rest.actions.getWorkflowAccessToRepository()
    • .rest.actions.setWorkflowAccessToRepository()
    • .rest.actions.getGithubActionsDefaultWorkflowPermissionsRepository()
    • .rest.actions.setGithubActionsDefaultWorkflowPermissionsRepository()
    • .rest.orgs.listCustomRoles()
    • .rest.actions.getActionsCacheUsageForOrg()
    • .rest.enterpriseAdmin.removeCustomLabelFromSelfHostedRunnerForEnterprise()
    • .rest.actions.removeCustomLabelFromSelfHostedRunnerForOrg()
    • .rest.actions.removeCustomLabelFromSelfHostedRunnerForRepo()
    • .rest.reactions.deleteForRelease()
    • .rest.repos.deleteTagProtection()
    • .rest.enterpriseAdmin.getServerStatistics()
    • .rest.actions.getActionsCacheUsageForEnterprise()
    • .rest.actions.getGithubActionsDefaultWorkflowPermissionsEnterprise()
    • .rest.enterpriseAdmin.listSelfHostedRunnerGroupsForEnterprise() - visible-to-organization paramter
    • .rest.secretScanning.listAlertsForEnterprise()
    • .rest.billing.getGithubAdvancedSecurityBillingGhe()
    • .rest.actions.getActionsCacheUsageByRepoForOrg()
    • .rest.actions.listSelfHostedRunnerGroupsForOrg() - new parameter: visible_to_repository
    • .rest.codeScanning.listAlertsForOrg()
    • .rest.orgs.listSamlSsoAuthorizations() - new parameters: per_page, page, login
    • .rest.dependabot.getOrgPublicKey()
    • .rest.dependabot.listOrgSecrets()
    • .rest.teams.externalIdpGroupInfoForOrg()
    • .rest.teams.listExternalIdpGroupsForOrg()
    • .rest.secretScanning.listAlertsForOrg() - new parameters: sort, direction
    • .rest.billing.getGithubAdvancedSecurityBillingOrg()
    • .rest.repos.codeownersErrors()
    • .rest.codespaces.listDevcontainersInRepositoryForAuthenticatedUser()
    • .rest.codespaces.repoMachinesForAuthenticatedUser()
    • .rest.codespaces.getRepoPublicKey()
    • .rest.codespaces.listRepoSecrets()
    • .rest.dependabot.getRepoPublicKey()
    • .rest.dependabot.listRepoSecrets()
    • .rest.dependencyGraph.diffRange()
    • .rest.reactions.listForRelease()
    • .rest.secretScanning.listLocationsForAlert()
    • .rest.actions.updateSelfHostedRunnerGroupForOrg() - new parameters: allows_public_repositories, restricted_to_workflows, selected_workflows
    • .rest.orgs.update() - new parameter: members_can_fork_private_repositories
    • .rest.actions.createSelfHostedRunnerGroupForOrg() - new parameters: allows_public_repositories, restricted_to_workflows, selected_workflows
    • .rest.migrations.startForOrg() - new parrameters: exclude_metadata, exclude_git_data, org_metadata_only
    • .rest.repos.createInOrg() - new parameter: use_squash_pr_title_as_default
    • .rest.actions.reRunJobForWorkflowRun()
    • .rest.actions.reRunWorkflowFailedJobs()
    • .rest.codespaces.createWithPrForAuthenticatedUser()
    • .rest.migrations.startForAuthenticatedUser() - new parrameters: exclude_metadata, exclude_git_data, org_metadata_only
    • .rest.actions.setGithubActionsDefaultWorkflowPermissionsEnterprise()
    • .rest.orgs.convertMemberToOutsideCollaborator() - new parameter: async
    • .rest.actions.getActionsCacheUsage()
    • .rest.actions.listWorkflowRunsForRepo(): new parameter: check_suite_id
    • .rest.actions.listWorkflowRuns(): new parameter: check_suite_id
    • .rest.codeScanning.listAlertsForRepo(): new parameters: direction, sort
    • .rest.repos.getAllEnvironments(): new parameters: per_page, page
    • .rest.secretScanning.listAlertsForRepo(): new parameters: direction, sort
    • .rest.repos.updatePullRequestReviewProtection(): new parameters: dismissal_restrictions.apps, bypass_pull_request_allowances
    • .rest.repos.updateStatusCheckProtection(): new parameter: checks
    • .rest.codeScanning.updateAlert(): new parameter: dismissed_comment
    • .rest.repos.update(): secret_scanning_push_protection, use_squash_pr_title_as_default
    • .rest.actions.reRunWorkflow(): new parameter: enable_debug_logging
    • .rest.users.createGpgKeyForAuthenticatedUser(): new parameter: name
    • .rest.repos.updateBranchProtection(): new parameter: required_status_checks.checks, required_pull_request_reviews.{apps,bypass_pull_request_allowances}, block_creations

    Bug Fixes

    • .rest.apps.createFromManifest() has no request body
    • .rest.projects.getPermissionForUser(): correct response type and example
    • .rest.repos.update(): visibility parameter cannot be set to visibility
    • .rest.actions.reRunWorkflow(): no longer deprecated
    • remove defunkt .rest.reactions.deleteLegacy()
    • remove defunkt .rest.apps.createContentAttachment()
  • 1.7.2 - 2022-06-08

    1.7.2 (2022-06-08)

    Bug Fixes

  • 1.7.1 - 2021-11-22

    1.7.1 (2021-11-22)

    Bug Fixes

    • docs: correct proxy servers headline not rendering (#2169) (163f925)
  • 1.7.0 - 2021-10-07

    1.7.0 (2021-10-07)

    Features

    • .actions.downloadWorkflowRunAttemptLogs(), .actions.getWorkflowRunAttempt(), .repos.generateReleaseNotes(), .checks.rerequestRun(). Graduate nebula, zzzax, switcheroo, baptiste previews. Removes defunkt /repos/{owner}/{repo}/actions/runs/{run_id}/retry endpoint. Renames methods to have consistent AuthenticatedUser() suffix, deprecates previous method names (#2163) (e02541c)
  • 1.6.2 - 2021-09-30

    1.6.2 (2021-09-30)

    Bug Fixes

    • removes defunkt endpoints: GET /repos/{owner}/{repo}/community/code_of_conduct, DELETE /reactions/{reaction_id}. encrypted_value and key_id parameters are required for .rest.actions.{createOrUpdateEnvironmentSecret,setSelectedReposForOrgSecret}(). access_token parameter is required for .rest.apps.deleteAuthorization(). Previews graduated: ant-man, flash, scarlet-witch, squirrel-girl (03e3055)
    • deps: luke-cage preview graduated (#2158) (6864592)
  • 1.6.1 - 2021-09-24

    1.6.1 (2021-09-24)

    Bug Fixes

    • graduate previews dorian, inertia, london, lydian, wyandotte (#2157) (6d878ac)
  • 1.6.0 - 2021-09-22

    1.6.0 (2021-09-22)

    Features

    • octokit.rest.repos.{enable,disable}LfsForRepo(), octokit.rest.repos.mergeUpstream({ owner, repo, branch }) (7e3cd91)
  • 1.5.0 - 2021-08-31

    1.5.0 (2021-08-31)

    Features

    • typescript: .rest.packages.deletePackageForUser(), .rest.packages.deletePackageVersionForUser(), .rest.packages.restorePackageForUser(), .rest.packages.restorePackageVersionForUser(), .rest.secretScanning.listAlertsForOrg() (#2150) (670986f)

    Bug Fixes

    • typescript: fix type for labels parameter in .issues.{add,set}Labels() (#2150) (670986f)
  • 1.4.0 - 2021-08-10

    1.4.0 (2021-08-10)

    Features

    • typescript: permissions key in responses now consistently include maintain and triage roles (#2145) (b47bf5c)
  • 1.3.0 - 2021-08-03
  • 1.2.0 - 2021-08-02
  • 1.1.0 - 2021-06-23
  • 1.0.6 - 2021-06-11
  • 1.0.5 - 2021-05-18
  • 1.0.4 - 2021-05-07
  • 1.0.3 - 2021-04-18
  • 1.0.3-debug.1 - 2021-04-25
  • 1.0.2 - 2021-04-15
  • 1.0.1 - 2021-04-13
  • 1.0.0 - 2021-04-08
  • 1.0.0-hello-world - 2018-05-31
from octokit GitHub release notes

Important

  • Check the changes in this PR to ensure they won't cause issues with your project.
  • This PR was automatically created by Snyk using the credentials of a real user.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

@snyk-bot
fix: upgrade multiple dependencies with Snyk
f835148 
Snyk has created this PR to upgrade:
  - @octokit/rest from 16.39.0 to 16.43.2.
    See this package in npm: https://www.npmjs.com/package/@octokit/rest
  - commander from 4.1.0 to 4.1.1.
    See this package in npm: https://www.npmjs.com/package/commander
  - dotenv from 8.2.0 to 8.6.0.
    See this package in npm: https://www.npmjs.com/package/dotenv
  - inquirer from 7.0.4 to 7.3.3.
    See this package in npm: https://www.npmjs.com/package/inquirer
  - octokit from 1.0.0-hello-world to 1.8.1.
    See this package in npm: https://www.npmjs.com/package/octokit

See this project in Snyk:
https://app.snyk.io/org/sammytezzy/project/19d599fd-9f38-4c7f-95ca-753ff5501349?utm_source=github&utm_medium=referral&page=upgrade-pr
@bolt-new-by-stackblitz
Copy link

bolt-new-by-stackblitz bot commented Sep 16, 2024

Review PR in StackBlitz Codeflow Run & review this pull request in StackBlitz Codeflow.

@changeset-bot
Copy link

changeset-bot bot commented Sep 16, 2024

⚠️ No Changeset found

Latest commit: f835148

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

sourcery-ai[bot]
sourcery-ai bot reviewed Sep 16, 2024
View reviewed changes
Copy link

@sourcery-ai sourcery-ai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We have skipped reviewing this pull request. Here's why:

  • It seems to have been created by a bot ('[Snyk]' found in title). We assume it knows what it's doing!
  • We don't review packaging changes - Let us know if you'd like us to change this.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@sourcery-ai sourcery-ai[bot] sourcery-ai[bot] left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@X-oss-byte @snyk-bot