[Snyk] Upgrade: , , , semver, , ,

[ashly1111111]

Snyk has created this PR to upgrade multiple dependencies.

👯 The following dependencies are linked and will therefore be updated together.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

Name	Versions	Released on

@actions/core
from 1.6.0 to 1.10.1 | 8 versions ahead of your current version | a year ago
on 2023-09-11
@actions/io
from 1.0.2 to 1.1.3 | 4 versions ahead of your current version | a year ago
on 2023-03-15
@actions/exec
from 1.1.0 to 1.1.1 | 1 version ahead of your current version | 2 years ago
on 2022-03-17
semver
from 6.1.2 to 6.3.1 | 4 versions ahead of your current version | a year ago
on 2023-07-10
@actions/cache
from 1.0.7 to 1.0.11 | 4 versions ahead of your current version | 2 years ago
on 2022-03-24
@actions/glob
from 0.2.0 to 0.5.0 | 4 versions ahead of your current version | 25 days ago
on 2024-08-15
@actions/tool-cache
from 1.5.4 to 1.7.2 | 6 versions ahead of your current version | 2 years ago
on 2022-03-17

Issues fixed by the recommended upgrade:

	Issue	Score	Exploit Maturity
	Improper Input Validation SNYK-JS-ACTIONSCORE-2980270	389	No Known Exploit
	Improper Input Validation SNYK-JS-ACTIONSCORE-2980270	389	No Known Exploit
	Information Exposure SNYK-JS-NODEFETCH-2342118	389	No Known Exploit
	Prototype Pollution SNYK-JS-XML2JS-5414874	389	Proof of Concept
	Prototype Pollution SNYK-JS-TOUGHCOOKIE-5672873	389	Proof of Concept
	Prototype Pollution SNYK-JS-TOUGHCOOKIE-5672873	389	Proof of Concept
	Improper Input Validation SNYK-JS-ACTIONSCORE-1015402	389	No Known Exploit

Release notes

Package name: @actions/core

• 1.10.1 - 2023-09-11
• 1.10.0 - 2022-09-29
• 1.9.1 - 2022-08-08
• 1.9.0 - 2022-06-15
• 1.8.2 - 2022-05-13
• 1.8.1 - 2022-05-12
• 1.8.0 - 2022-05-05
• 1.7.0 - 2022-04-25
• 1.6.0 - 2021-09-28

from @actions/core GitHub release notes

Package name: @actions/io

• 1.1.3 - 2023-03-15
• 1.1.2 - 2022-03-17
• 1.1.1 - 2021-06-07
  

  • Prepend http:// to http(s)_proxy env if missing

  • Formatting

  • Fix linting

• 1.1.0 - 2021-04-02
  

  @ actions/[email protected]

• 1.0.2 - 2020-01-10

from @actions/io GitHub release notes

Package name: @actions/exec

• 1.1.1 - 2022-03-17
  

  • Prepend http:// to http(s)_proxy env if missing

  • Formatting

  • Fix linting

• 1.1.0 - 2021-06-07
  

  @ actions/[email protected]

from @actions/exec GitHub release notes

Package name: semver

• 6.3.1 - 2023-07-10
  

  6.3.1 (2023-07-10)

  Bug Fixes

  • 928e56d #591 better handling of whitespace (#591) (@ lukekarrys, @ joaomoreno, @ nicolo-ribaudo)
• 6.3.0 - 2019-07-23
• 6.2.0 - 2019-07-01
• 6.1.3 - 2019-07-01
• 6.1.2 - 2019-06-24

from semver GitHub release notes

Package name: @actions/cache

• 1.0.11 - 2022-03-24
• 1.0.10 - 2022-03-17
• 1.0.9 - 2022-02-08
• 1.0.8 - 2021-11-19
• 1.0.7 - 2021-04-09

from @actions/cache GitHub release notes

Package name: @actions/glob

• 0.5.0 - 2024-08-15
• 0.4.0 - 2023-01-25
• 0.3.0 - 2022-04-18
• 0.2.1 - 2022-03-17
• 0.2.0 - 2021-06-07

from @actions/glob GitHub release notes

Package name: @actions/tool-cache

• 1.7.2 - 2022-03-17
• 1.7.1 - 2021-06-07
• 1.7.0 - 2021-05-27
• 1.6.1 - 2020-11-13
• 1.6.0 - 2020-07-16
• 1.5.5 - 2020-05-19
• 1.5.4 - 2020-05-18

from @actions/tool-cache GitHub release notes

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• This PR was automatically created by Snyk using the credentials of a real user.
• Max score is 1000. Note that the real score may have changed since the PR was raised.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

• 🧐 View latest project report
• 📜 Customise PR templates
• 🛠 Adjust upgrade PR settings
• 🔕 Ignore this dependency or unsubscribe from future upgrade PRs