From 4d1a0ce232bd1b232c895354de6d25009589e1fe Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?S=C3=A9bastien=20Lorber?= Date: Thu, 2 Apr 2026 18:21:44 +0200 Subject: [PATCH 1/4] feat(ci): improve npm supply chain security - improve Dependabot config (#11874) --- .github/dependabot.yml | 26 ++ .github/workflows/argos.yml | 4 +- .github/workflows/build-blog-only.yml | 2 +- .github/workflows/build-hash-router.yml | 2 +- .github/workflows/build-perf.yml | 2 +- .github/workflows/continuous-releases.yml | 4 +- .github/workflows/lighthouse-report.yml | 2 +- .github/workflows/lint-autofix.yml | 2 +- .github/workflows/lint.yml | 4 - .github/workflows/publish.yml | 2 +- .github/workflows/security-supply-chain.yml | 87 +++++++ .github/workflows/showcase-test.yml | 2 +- .github/workflows/tests-e2e.yml | 14 +- .github/workflows/tests-swizzle.yml | 2 +- .github/workflows/tests-windows.yml | 2 +- .github/workflows/tests.yml | 2 +- package.json | 1 + yarn.lock | 249 +++++++++++++++++++- 18 files changed, 378 insertions(+), 31 deletions(-) create mode 100644 .github/workflows/security-supply-chain.yml diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 4ea6b1d34006..5411526df90a 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -1,5 +1,7 @@ version: 2 updates: + ######################## + # GITHUB ACTIONS UPDATES - package-ecosystem: github-actions directory: '/' schedule: @@ -7,12 +9,36 @@ updates: open-pull-requests-limit: 99 labels: - 'pr: dependencies' + + ######################## + # NPM SECURITY UPDATES - package-ecosystem: 'npm' directory: '/' + exclude-paths: + - 'examples/**' schedule: interval: 'daily' # Disable version updates for npm dependencies + # This is what restricts Dependabot to security updates only # https://docs.github.com/en/code-security/dependabot/dependabot-security-updates/configuring-dependabot-security-updates#overriding-the-default-behavior-with-a-configuration-file open-pull-requests-limit: 0 labels: - 'pr: dependencies' + + ######################## + # NPM VERSION UPDATES + - package-ecosystem: 'npm' + directory: '/' + exclude-paths: + - 'examples/**' + schedule: + interval: 'weekly' + # Do not spam too much, we'll adjust this setting if needed + open-pull-requests-limit: 5 + labels: + - 'pr: dependencies' + cooldown: + default-days: 5 + semver-major-days: 30 + semver-minor-days: 7 + semver-patch-days: 7 diff --git a/.github/workflows/argos.yml b/.github/workflows/argos.yml index 5e4eedafd906..fc4bb1fdabb5 100644 --- a/.github/workflows/argos.yml +++ b/.github/workflows/argos.yml @@ -36,10 +36,10 @@ jobs: cache: yarn - name: Install dependencies - run: yarn || yarn || yarn + run: yarn install --frozen-lockfile || yarn install --frozen-lockfile || yarn install --frozen-lockfile - name: Install Playwright browsers - run: npx playwright install --with-deps chromium + run: yarn playwright install --with-deps chromium - name: Build website fast run: yarn argos:build diff --git a/.github/workflows/build-blog-only.yml b/.github/workflows/build-blog-only.yml index a5afdd8519aa..7365a36c7952 100644 --- a/.github/workflows/build-blog-only.yml +++ b/.github/workflows/build-blog-only.yml @@ -29,7 +29,7 @@ jobs: node-version: lts/* cache: yarn - name: Installation - run: yarn || yarn || yarn + run: yarn install --frozen-lockfile || yarn install --frozen-lockfile || yarn install --frozen-lockfile - name: Build blog-only run: yarn workspace website build:blogOnly env: diff --git a/.github/workflows/build-hash-router.yml b/.github/workflows/build-hash-router.yml index dc53f5f0edcf..1f48b3f38f9f 100644 --- a/.github/workflows/build-hash-router.yml +++ b/.github/workflows/build-hash-router.yml @@ -32,7 +32,7 @@ jobs: node-version: lts/* cache: yarn - name: Installation - run: yarn || yarn || yarn + run: yarn install --frozen-lockfile || yarn install --frozen-lockfile || yarn install --frozen-lockfile - name: Build Hash Router run: yarn build:website:fast diff --git a/.github/workflows/build-perf.yml b/.github/workflows/build-perf.yml index f34605f68ef5..ceedd2dc575e 100644 --- a/.github/workflows/build-perf.yml +++ b/.github/workflows/build-perf.yml @@ -81,7 +81,7 @@ jobs: node-version: lts/* cache: yarn - name: Installation - run: yarn || yarn || yarn + run: yarn install --frozen-lockfile || yarn install --frozen-lockfile || yarn install --frozen-lockfile # Ensure build with a cold cache does not increase too much - name: Build (cold cache) diff --git a/.github/workflows/continuous-releases.yml b/.github/workflows/continuous-releases.yml index 985b32bfecef..40330663d71b 100644 --- a/.github/workflows/continuous-releases.yml +++ b/.github/workflows/continuous-releases.yml @@ -27,7 +27,7 @@ jobs: cache: yarn - name: Installation - run: yarn || yarn || yarn + run: yarn install --frozen-lockfile || yarn install --frozen-lockfile || yarn install --frozen-lockfile - name: Build packages run: yarn build:packages @@ -38,4 +38,4 @@ jobs: yarn create-docusaurus template/docusaurus-classic-ts classic --typescript -p npm - name: Release - run: npx pkg-pr-new@0.0.20 publish './packages/*' --template './template/*' --compact --comment=off + run: yarn pkg-pr-new publish './packages/*' --template './template/*' --compact --comment=off diff --git a/.github/workflows/lighthouse-report.yml b/.github/workflows/lighthouse-report.yml index d001b8591e8c..1113bac5d6f7 100644 --- a/.github/workflows/lighthouse-report.yml +++ b/.github/workflows/lighthouse-report.yml @@ -30,7 +30,7 @@ jobs: cache: yarn - name: Install dependencies - run: yarn || yarn || yarn + run: yarn install --frozen-lockfile || yarn install --frozen-lockfile || yarn install --frozen-lockfile - name: Build website fast run: yarn build:website:fast diff --git a/.github/workflows/lint-autofix.yml b/.github/workflows/lint-autofix.yml index 1c250f2810e0..3b610ae856ba 100644 --- a/.github/workflows/lint-autofix.yml +++ b/.github/workflows/lint-autofix.yml @@ -25,7 +25,7 @@ jobs: ref: ${{ github.head_ref }} - name: Installation - run: yarn || yarn || yarn + run: yarn install --frozen-lockfile || yarn install --frozen-lockfile || yarn install --frozen-lockfile - name: AutoFix Format run: yarn format diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index 82eec82d236c..fb8f5e8b5035 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -31,10 +31,6 @@ jobs: - name: Check immutable yarn.lock run: git diff --exit-code - - name: Check for suspicious yarn.lock - # for allowed aliases, see https://github.com/yargs/cliui/pull/139/files#r1670711112 - run: yarn lockfile-lint --path yarn.lock --type yarn --allowed-hosts yarn --validate-https --validate-package-names --validate-integrity --empty-hostname=false --allowed-package-name-aliases react-loadable react-helmet-async string-width-cjs strip-ansi-cjs wrap-ansi-cjs - - name: Lint run: | echo "::add-matcher::.github/workflows/cspell-problem-matcher.json" diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index d16c448c9aac..56121503d221 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -56,7 +56,7 @@ jobs: git config --global user.name "Docusaurus" git config --global user.email "github@docusaurus.io" - name: Installation - run: yarn || yarn || yarn + run: yarn install --frozen-lockfile || yarn install --frozen-lockfile || yarn install --frozen-lockfile # TODO Docusaurus v4: remove after we upgrade the Node version - name: Upgrade Lerna run: | diff --git a/.github/workflows/security-supply-chain.yml b/.github/workflows/security-supply-chain.yml new file mode 100644 index 000000000000..2c594cde6b3c --- /dev/null +++ b/.github/workflows/security-supply-chain.yml @@ -0,0 +1,87 @@ +name: Security + +on: + schedule: + - cron: '0 3 * * *' # every day at 03:00 UTC + workflow_dispatch: + push: + branches: + - main + - docusaurus-v** + pull_request: + branches: + - main + - docusaurus-v** + +concurrency: + group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }} + cancel-in-progress: true + +permissions: + contents: read + +jobs: + supply-chain-checks: + name: Supply Chain Checks + timeout-minutes: 30 + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + + - name: Use Node.js + uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0 + with: + node-version: lts/* + # No cache on purpose! We want SFW to fetch packages + + # See https://socket.dev/blog/introducing-socket-firewall + - name: Install Socket Firewall Free + run: npm install -g sfw@2.0.4 + + # Ensure our monorepo gets scanned by SFW + - name: Install monorepo dependencies with SFW + run: sfw yarn install --frozen-lockfile + + # Check for malicious lockfile injections + # See https://github.com/lirantal/npm-security-best-practices#4-prevent-npm-lockfile-injection + - name: Check for suspicious yarn.lock + # for allowed aliases, see https://github.com/yargs/cliui/pull/139/files#r1670711112 + run: yarn lockfile-lint --path yarn.lock --type yarn --allowed-hosts yarn --validate-https --validate-package-names --validate-integrity --empty-hostname=false --allowed-package-name-aliases react-loadable react-helmet-async string-width-cjs strip-ansi-cjs wrap-ansi-cjs + + # Generate init template + - name: Generate test-website project against main branch + run: yarn create-docusaurus ../test-website classic --javascript --skip-install + + # Ensure our init template gets scanned by SFW + - name: Install test-website project with SFW + run: sfw yarn install --frozen-lockfile + working-directory: ../test-website + + # Ensure no unexpected lifecycle (preintall/postinstall scripts) + # Only pnpm 10+ has options to fail a build on suspicious lifecycles + - name: Forbid lifecycle scripts + working-directory: ../test-website + run: | + rm -rf node_modules + + npm install -g pnpm@10.33.0 + + cat > pnpm-workspace.yaml <<'YAML' + + blockExoticSubdeps: true + + strictDepBuilds: true + allowBuilds: + '@swc/core': true + core-js-pure: true + core-js: true + + trustPolicy: no-downgrade + trustPolicyExclude: + - 'detect-port@1.6.1' + - 'semver@6.3.1' + + YAML + + pnpm install diff --git a/.github/workflows/showcase-test.yml b/.github/workflows/showcase-test.yml index a5dca7fdc050..bfc1f8d5d1cf 100644 --- a/.github/workflows/showcase-test.yml +++ b/.github/workflows/showcase-test.yml @@ -29,6 +29,6 @@ jobs: node-version: lts/* cache: yarn - name: Installation - run: yarn || yarn || yarn + run: yarn install --frozen-lockfile || yarn install --frozen-lockfile || yarn install --frozen-lockfile - name: Test run: yarn test website/src/data/__tests__/user.test.ts diff --git a/.github/workflows/tests-e2e.yml b/.github/workflows/tests-e2e.yml index dbd9012baf5c..5ec3f0066e00 100644 --- a/.github/workflows/tests-e2e.yml +++ b/.github/workflows/tests-e2e.yml @@ -50,11 +50,11 @@ jobs: node-version: ${{ matrix.node }} cache: yarn - name: Installation - run: yarn || yarn || yarn + run: yarn install --frozen-lockfile || yarn install --frozen-lockfile || yarn install --frozen-lockfile - name: Generate test-website project against main branch run: yarn test:build:website -s - name: Install test-website project with Yarn v1 - run: yarn || yarn || yarn + run: yarn install --frozen-lockfile || yarn install --frozen-lockfile || yarn install --frozen-lockfile working-directory: ../test-website env: npm_config_registry: http://localhost:4873 @@ -87,13 +87,13 @@ jobs: node-version: lts/* cache: yarn - name: Installation - run: yarn || yarn || yarn + run: yarn install --frozen-lockfile || yarn install --frozen-lockfile || yarn install --frozen-lockfile - name: Generate test-website project against main branch # Not using test-release.sh => no verdaccio docker image on Windows # run: bash ./admin/scripts/test-release.sh -s run: yarn create-docusaurus test-website-in-workspace classic --typescript - name: Install test-website project with Yarn v1 - run: yarn || yarn || yarn + run: yarn install --frozen-lockfile || yarn install --frozen-lockfile || yarn install --frozen-lockfile working-directory: test-website-in-workspace - name: Start test-website project run: yarn start --no-open @@ -133,7 +133,7 @@ jobs: node-version: lts/* cache: yarn - name: Installation - run: yarn || yarn || yarn + run: yarn install --frozen-lockfile || yarn install --frozen-lockfile || yarn install --frozen-lockfile - name: Generate test-website project with ${{ matrix.variant }} against main branch run: yarn test:build:website ${{ matrix.variant }} - name: Install test-website project with Yarn Berry and nodeLinker = ${{ matrix.nodeLinker }} @@ -212,7 +212,7 @@ jobs: node-version: lts/* cache: yarn - name: Installation - run: yarn || yarn || yarn + run: yarn install --frozen-lockfile || yarn install --frozen-lockfile || yarn install --frozen-lockfile - name: Generate test-website project against main branch run: yarn test:build:website -st - name: Install test-website project with npm @@ -252,7 +252,7 @@ jobs: node-version: lts/* cache: yarn - name: Installation - run: yarn || yarn || yarn + run: yarn install --frozen-lockfile || yarn install --frozen-lockfile || yarn install --frozen-lockfile - name: Generate test-website project against main branch run: yarn test:build:website -st - name: Install test-website project with pnpm diff --git a/.github/workflows/tests-swizzle.yml b/.github/workflows/tests-swizzle.yml index 8c66ddc272f9..1408e792d24d 100644 --- a/.github/workflows/tests-swizzle.yml +++ b/.github/workflows/tests-swizzle.yml @@ -33,7 +33,7 @@ jobs: node-version: lts/* cache: yarn - name: Installation - run: yarn || yarn || yarn + run: yarn install --frozen-lockfile || yarn install --frozen-lockfile || yarn install --frozen-lockfile # Swizzle all the theme components - name: Swizzle (${{matrix.action}} - ${{matrix.variant}}) diff --git a/.github/workflows/tests-windows.yml b/.github/workflows/tests-windows.yml index e766abd9cb78..e703108b376f 100644 --- a/.github/workflows/tests-windows.yml +++ b/.github/workflows/tests-windows.yml @@ -40,7 +40,7 @@ jobs: node-version: ${{ matrix.node }} cache: yarn - name: Installation - run: yarn || yarn || yarn + run: yarn install --frozen-lockfile || yarn install --frozen-lockfile || yarn install --frozen-lockfile - name: Docusaurus Jest Tests run: yarn test - name: Create a deep path diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index 05e3f3c173f9..1c1a085cb22c 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -38,7 +38,7 @@ jobs: node-version: ${{ matrix.node }} cache: yarn - name: Installation - run: yarn || yarn || yarn + run: yarn install --frozen-lockfile || yarn install --frozen-lockfile || yarn install --frozen-lockfile - name: Test run: yarn test - name: Remove Theme Internal Re-export diff --git a/package.json b/package.json index 90f0fa334570..f663367ac7a4 100644 --- a/package.json +++ b/package.json @@ -118,6 +118,7 @@ "lockfile-lint": "^4.14.0", "npm-run-all": "^4.1.5", "patch-package": "^8.0.0", + "pkg-pr-new": "^0.0.66", "postinstall-postinstall": "^2.1.0", "prettier": "^2.8.8", "react": "^19.2.4", diff --git a/yarn.lock b/yarn.lock index cd8205f52113..8fc314315e12 100644 --- a/yarn.lock +++ b/yarn.lock @@ -2,6 +2,34 @@ # yarn lockfile v1 +"@actions/core@^3.0.0": + version "3.0.0" + resolved "https://registry.yarnpkg.com/@actions/core/-/core-3.0.0.tgz#89cb07c119e9b46a649ad5f355e77de9b3108cf8" + integrity sha512-zYt6cz+ivnTmiT/ksRVriMBOiuoUpDCJJlZ5KPl2/FRdvwU3f7MPh9qftvbkXJThragzUZieit2nyHUyw53Seg== + dependencies: + "@actions/exec" "^3.0.0" + "@actions/http-client" "^4.0.0" + +"@actions/exec@^3.0.0": + version "3.0.0" + resolved "https://registry.yarnpkg.com/@actions/exec/-/exec-3.0.0.tgz#8c3464d20f0aa4068707757021d7e3c01a7ee203" + integrity sha512-6xH/puSoNBXb72VPlZVm7vQ+svQpFyA96qdDBvhB8eNZOE8LtPf9L4oAsfzK/crCL8YZ+19fKYVnM63Sl+Xzlw== + dependencies: + "@actions/io" "^3.0.2" + +"@actions/http-client@^4.0.0": + version "4.0.0" + resolved "https://registry.yarnpkg.com/@actions/http-client/-/http-client-4.0.0.tgz#f9754133c22802466482bf96321d42f2dba1fc82" + integrity sha512-QuwPsgVMsD6qaPD57GLZi9sqzAZCtiJT8kVBCDpLtxhL5MydQ4gS+DrejtZZPdIYyB1e95uCK9Luyds7ybHI3g== + dependencies: + tunnel "^0.0.6" + undici "^6.23.0" + +"@actions/io@^3.0.2": + version "3.0.2" + resolved "https://registry.yarnpkg.com/@actions/io/-/io-3.0.2.tgz#6f89b27a159d109836d983efa283997c23b92284" + integrity sha512-nRBchcMM+QK1pdjO7/idu86rbJI5YHUKCvKs0KxnSYbVe3F51UfGxuZX4Qy/fWlp6l7gWFwIkrOzN+oUK03kfw== + "@adobe/css-tools@^4.4.0": version "4.4.4" resolved "https://registry.yarnpkg.com/@adobe/css-tools/-/css-tools-4.4.4.tgz#2856c55443d3d461693f32d2b96fb6ea92e1ffa9" @@ -2600,6 +2628,16 @@ "@jridgewell/resolve-uri" "^3.1.0" "@jridgewell/sourcemap-codec" "^1.4.14" +"@jsdevtools/ez-spawn@^3.0.4": + version "3.0.4" + resolved "https://registry.yarnpkg.com/@jsdevtools/ez-spawn/-/ez-spawn-3.0.4.tgz#5641eb26fee6d31ec29f6788eba849470c52c7ff" + integrity sha512-f5DRIOZf7wxogefH03RjMPMdBF7ADTWUMoOs9kaJo06EfwF+aFhMZMDZxHg/Xe12hptN9xoZjGso2fdjapBRIA== + dependencies: + call-me-maybe "^1.0.1" + cross-spawn "^7.0.3" + string-argv "^0.3.1" + type-detect "^4.0.8" + "@jsonjoy.com/base64@^1.1.2": version "1.1.2" resolved "https://registry.yarnpkg.com/@jsonjoy.com/base64/-/base64-1.1.2.tgz#cf8ea9dcb849b81c95f14fc0aaa151c6b54d2578" @@ -3037,11 +3075,36 @@ resolved "https://registry.yarnpkg.com/@nx/nx-win32-x64-msvc/-/nx-win32-x64-msvc-16.10.0.tgz#7410a51d0f8be631eec9552f01b2e5946285927c" integrity sha512-5iV2NKZnzxJwZZ4DM5JVbRG/nkhAbzEskKaLBB82PmYGKzaDHuMHP1lcPoD/rtYMlowZgNA/RQndfKvPBPwmXA== +"@octokit/action@^6.1.0": + version "6.1.0" + resolved "https://registry.yarnpkg.com/@octokit/action/-/action-6.1.0.tgz#4e7609a096cdecb02f9b5ea61e4c6f8355114505" + integrity sha512-lo+nHx8kAV86bxvOVOI3vFjX3gXPd/L7guAUbvs3pUvnR2KC+R7yjBkA1uACt4gYhs4LcWP3AXSGQzsbeN2XXw== + dependencies: + "@octokit/auth-action" "^4.0.0" + "@octokit/core" "^5.0.0" + "@octokit/plugin-paginate-rest" "^9.0.0" + "@octokit/plugin-rest-endpoint-methods" "^10.0.0" + "@octokit/types" "^12.0.0" + undici "^6.0.0" + +"@octokit/auth-action@^4.0.0": + version "4.1.0" + resolved "https://registry.yarnpkg.com/@octokit/auth-action/-/auth-action-4.1.0.tgz#46d149f6f0b78238f79d247219e96a8458b36e7f" + integrity sha512-m+3t7K46IYyMk7Bl6/lF4Rv09GqDZjYmNg8IWycJ2Fa3YE3DE7vQcV6G2hUPmR9NDqenefNJwVtlisMjzymPiQ== + dependencies: + "@octokit/auth-token" "^4.0.0" + "@octokit/types" "^13.0.0" + "@octokit/auth-token@^3.0.0": version "3.0.4" resolved "https://registry.yarnpkg.com/@octokit/auth-token/-/auth-token-3.0.4.tgz#70e941ba742bdd2b49bdb7393e821dea8520a3db" integrity sha512-TWFX7cZF2LXoCvdmJWY7XVPi74aSY0+FfBZNSXEXFkMpjcqsQwDSYVv5FhRFaI0V1ECnwbz4j59T/G+rXNWaIQ== +"@octokit/auth-token@^4.0.0": + version "4.0.0" + resolved "https://registry.yarnpkg.com/@octokit/auth-token/-/auth-token-4.0.0.tgz#40d203ea827b9f17f42a29c6afb93b7745ef80c7" + integrity sha512-tY/msAuJo6ARbK6SPIxZrPBms3xPbfwBrulZe0Wtr/DIY9lje2HeV1uoebShn6mx7SjCHif6EjMvoREj+gZ+SA== + "@octokit/core@^4.2.1": version "4.2.4" resolved "https://registry.yarnpkg.com/@octokit/core/-/core-4.2.4.tgz#d8769ec2b43ff37cc3ea89ec4681a20ba58ef907" @@ -3055,6 +3118,19 @@ before-after-hook "^2.2.0" universal-user-agent "^6.0.0" +"@octokit/core@^5.0.0": + version "5.2.2" + resolved "https://registry.yarnpkg.com/@octokit/core/-/core-5.2.2.tgz#252805732de9b4e8e4f658d34b80c4c9b2534761" + integrity sha512-/g2d4sW9nUDJOMz3mabVQvOGhVa4e/BN/Um7yca9Bb2XTzPPnfTWHWQg+IsEYO7M3Vx+EXvaM/I2pJWIMun1bg== + dependencies: + "@octokit/auth-token" "^4.0.0" + "@octokit/graphql" "^7.1.0" + "@octokit/request" "^8.4.1" + "@octokit/request-error" "^5.1.1" + "@octokit/types" "^13.0.0" + before-after-hook "^2.2.0" + universal-user-agent "^6.0.0" + "@octokit/endpoint@^7.0.0": version "7.0.6" resolved "https://registry.yarnpkg.com/@octokit/endpoint/-/endpoint-7.0.6.tgz#791f65d3937555141fb6c08f91d618a7d645f1e2" @@ -3064,6 +3140,14 @@ is-plain-object "^5.0.0" universal-user-agent "^6.0.0" +"@octokit/endpoint@^9.0.6": + version "9.0.6" + resolved "https://registry.yarnpkg.com/@octokit/endpoint/-/endpoint-9.0.6.tgz#114d912108fe692d8b139cfe7fc0846dfd11b6c0" + integrity sha512-H1fNTMA57HbkFESSt3Y9+FBICv+0jFceJFPWDePYlR/iMGrwM5ph+Dd4XRQs+8X+PUFURLQgX9ChPfhJ/1uNQw== + dependencies: + "@octokit/types" "^13.1.0" + universal-user-agent "^6.0.0" + "@octokit/graphql@^5.0.0": version "5.0.6" resolved "https://registry.yarnpkg.com/@octokit/graphql/-/graphql-5.0.6.tgz#9eac411ac4353ccc5d3fca7d76736e6888c5d248" @@ -3073,11 +3157,30 @@ "@octokit/types" "^9.0.0" universal-user-agent "^6.0.0" +"@octokit/graphql@^7.1.0": + version "7.1.1" + resolved "https://registry.yarnpkg.com/@octokit/graphql/-/graphql-7.1.1.tgz#79d9f3d0c96a8fd13d64186fe5c33606d48b79cc" + integrity sha512-3mkDltSfcDUoa176nlGoA32RGjeWjl3K7F/BwHwRMJUW/IteSa4bnSV8p2ThNkcIcZU2umkZWxwETSSCJf2Q7g== + dependencies: + "@octokit/request" "^8.4.1" + "@octokit/types" "^13.0.0" + universal-user-agent "^6.0.0" + "@octokit/openapi-types@^18.0.0": version "18.1.1" resolved "https://registry.yarnpkg.com/@octokit/openapi-types/-/openapi-types-18.1.1.tgz#09bdfdabfd8e16d16324326da5148010d765f009" integrity sha512-VRaeH8nCDtF5aXWnjPuEMIYf1itK/s3JYyJcWFJT8X9pSNnBtriDf7wlEWsGuhPLl4QIH4xM8fqTXDwJ3Mu6sw== +"@octokit/openapi-types@^20.0.0": + version "20.0.0" + resolved "https://registry.yarnpkg.com/@octokit/openapi-types/-/openapi-types-20.0.0.tgz#9ec2daa0090eeb865ee147636e0c00f73790c6e5" + integrity sha512-EtqRBEjp1dL/15V7WiX5LJMIxxkdiGJnabzYx5Apx4FkQIFgAfKumXeYAqqJCj1s+BMX4cPFIFC4OLCR6stlnA== + +"@octokit/openapi-types@^24.2.0": + version "24.2.0" + resolved "https://registry.yarnpkg.com/@octokit/openapi-types/-/openapi-types-24.2.0.tgz#3d55c32eac0d38da1a7083a9c3b0cca77924f7d3" + integrity sha512-9sIH3nSUttelJSXUrmGzl7QUBFul0/mB8HRYl3fOlgHbIWG+WnYDXU3v/2zMtAvuzZ/ed00Ei6on975FhBfzrg== + "@octokit/plugin-enterprise-rest@6.0.1": version "6.0.1" resolved "https://registry.yarnpkg.com/@octokit/plugin-enterprise-rest/-/plugin-enterprise-rest-6.0.1.tgz#e07896739618dab8da7d4077c658003775f95437" @@ -3091,11 +3194,25 @@ "@octokit/tsconfig" "^1.0.2" "@octokit/types" "^9.2.3" +"@octokit/plugin-paginate-rest@^9.0.0": + version "9.2.2" + resolved "https://registry.yarnpkg.com/@octokit/plugin-paginate-rest/-/plugin-paginate-rest-9.2.2.tgz#c516bc498736bcdaa9095b9a1d10d9d0501ae831" + integrity sha512-u3KYkGF7GcZnSD/3UP0S7K5XUFT2FkOQdcfXZGZQPGv3lm4F2Xbf71lvjldr8c1H3nNbF+33cLEkWYbokGWqiQ== + dependencies: + "@octokit/types" "^12.6.0" + "@octokit/plugin-request-log@^1.0.4": version "1.0.4" resolved "https://registry.yarnpkg.com/@octokit/plugin-request-log/-/plugin-request-log-1.0.4.tgz#5e50ed7083a613816b1e4a28aeec5fb7f1462e85" integrity sha512-mLUsMkgP7K/cnFEw07kWqXGF5LKrOkD+lhCrKvPHXWDywAwuDUeDwWBpc69XK3pNX0uKiVt8g5z96PJ6z9xCFA== +"@octokit/plugin-rest-endpoint-methods@^10.0.0": + version "10.4.1" + resolved "https://registry.yarnpkg.com/@octokit/plugin-rest-endpoint-methods/-/plugin-rest-endpoint-methods-10.4.1.tgz#41ba478a558b9f554793075b2e20cd2ef973be17" + integrity sha512-xV1b+ceKV9KytQe3zCVqjg+8GTGfDYwaT1ATU5isiUyVtlVAO3HNdzpS4sr4GBx4hxQ46s7ITtZrAsxG22+rVg== + dependencies: + "@octokit/types" "^12.6.0" + "@octokit/plugin-rest-endpoint-methods@^7.1.2": version "7.2.3" resolved "https://registry.yarnpkg.com/@octokit/plugin-rest-endpoint-methods/-/plugin-rest-endpoint-methods-7.2.3.tgz#37a84b171a6cb6658816c82c4082ac3512021797" @@ -3112,6 +3229,15 @@ deprecation "^2.0.0" once "^1.4.0" +"@octokit/request-error@^5.1.1": + version "5.1.1" + resolved "https://registry.yarnpkg.com/@octokit/request-error/-/request-error-5.1.1.tgz#b9218f9c1166e68bb4d0c89b638edc62c9334805" + integrity sha512-v9iyEQJH6ZntoENr9/yXxjuezh4My67CBSu9r6Ve/05Iu5gNgnisNWOsoJHTP6k0Rr0+HQIpnH+kyammu90q/g== + dependencies: + "@octokit/types" "^13.1.0" + deprecation "^2.0.0" + once "^1.4.0" + "@octokit/request@^6.0.0": version "6.2.8" resolved "https://registry.yarnpkg.com/@octokit/request/-/request-6.2.8.tgz#aaf480b32ab2b210e9dadd8271d187c93171d8eb" @@ -3124,6 +3250,16 @@ node-fetch "^2.6.7" universal-user-agent "^6.0.0" +"@octokit/request@^8.4.1": + version "8.4.1" + resolved "https://registry.yarnpkg.com/@octokit/request/-/request-8.4.1.tgz#715a015ccf993087977ea4365c44791fc4572486" + integrity sha512-qnB2+SY3hkCmBxZsR/MPCybNmbJe4KAlfWErXq+rBKkQJlbjdJeS85VI9r8UqeLYLvnAenU8Q1okM/0MBsAGXw== + dependencies: + "@octokit/endpoint" "^9.0.6" + "@octokit/request-error" "^5.1.1" + "@octokit/types" "^13.1.0" + universal-user-agent "^6.0.0" + "@octokit/rest@19.0.11": version "19.0.11" resolved "https://registry.yarnpkg.com/@octokit/rest/-/rest-19.0.11.tgz#2ae01634fed4bd1fca5b642767205ed3fd36177c" @@ -3146,6 +3282,20 @@ dependencies: "@octokit/openapi-types" "^18.0.0" +"@octokit/types@^12.0.0", "@octokit/types@^12.6.0": + version "12.6.0" + resolved "https://registry.yarnpkg.com/@octokit/types/-/types-12.6.0.tgz#8100fb9eeedfe083aae66473bd97b15b62aedcb2" + integrity sha512-1rhSOfRa6H9w4YwK0yrf5faDaDTb+yLyBUKOCV4xtCDB5VmIPqd/v9yr9o6SAzOAlRxMiRiCic6JVM1/kunVkw== + dependencies: + "@octokit/openapi-types" "^20.0.0" + +"@octokit/types@^13.0.0", "@octokit/types@^13.1.0": + version "13.10.0" + resolved "https://registry.yarnpkg.com/@octokit/types/-/types-13.10.0.tgz#3e7c6b19c0236c270656e4ea666148c2b51fd1a3" + integrity sha512-ifLaO34EbbPj0Xgro4G5lP5asESjwHracYJvVaPIyXMuiuXLlhic3S47cBdTb+jfODkTE5YtGCLt3Ay3+J97sA== + dependencies: + "@octokit/openapi-types" "^24.2.0" + "@octokit/types@^9.0.0", "@octokit/types@^9.2.3": version "9.3.2" resolved "https://registry.yarnpkg.com/@octokit/types/-/types-9.3.2.tgz#3f5f89903b69f6a2d196d78ec35f888c0013cac5" @@ -6168,6 +6318,11 @@ call-bound@^1.0.3: call-bind-apply-helpers "^1.0.1" get-intrinsic "^1.2.6" +call-me-maybe@^1.0.1: + version "1.0.2" + resolved "https://registry.yarnpkg.com/call-me-maybe/-/call-me-maybe-1.0.2.tgz#03f964f19522ba643b1b0693acb9152fe2074baa" + integrity sha512-HpX65o1Hnr9HH25ojC1YGs7HCQLq0GCOibSaWER0eNpgJ/Z1MZv2mTc7+xh6WOPxbRVcmgbv4hGU+uSQ/2xFZQ== + callsites@^3.0.0, callsites@^3.1.0: version "3.1.0" resolved "https://registry.yarnpkg.com/callsites/-/callsites-3.1.0.tgz#b3630abd8943432f54b3f0519238e33cd7df2f73" @@ -7761,6 +7916,11 @@ decode-named-character-reference@^1.0.0: dependencies: character-entities "^2.0.0" +decode-uri-component@^0.4.1: + version "0.4.1" + resolved "https://registry.yarnpkg.com/decode-uri-component/-/decode-uri-component-0.4.1.tgz#2ac4859663c704be22bf7db760a1494a49ab2cc5" + integrity sha512-+8VxcR21HhTy8nOt6jf20w0c9CADrw1O8d+VZ/YzzCt4bJ3uBjw+D1q2osAB8RnpwwaeYBxy0HyKQxD5JBMuuQ== + decompress-response@^6.0.0: version "6.0.0" resolved "https://registry.yarnpkg.com/decompress-response/-/decompress-response-6.0.0.tgz#ca387612ddb7e104bd16d85aab00d5ecf09c66fc" @@ -9111,6 +9271,11 @@ fill-range@^7.1.1: dependencies: to-regex-range "^5.0.1" +filter-obj@^5.1.0: + version "5.1.0" + resolved "https://registry.yarnpkg.com/filter-obj/-/filter-obj-5.1.0.tgz#5bd89676000a713d7db2e197f660274428e524ed" + integrity sha512-qWeTREPoT7I0bifpPUXtxkZJ1XJzxWtfoWWkdVGqa+eCr3SHW/Ocp89o8vLvbUuQnadybJpjOKu4V+RwO6sGng== + finalhandler@1.1.2: version "1.1.2" resolved "https://registry.yarnpkg.com/finalhandler/-/finalhandler-1.1.2.tgz#b7e7d000ffd11938d0fdb053506f6ebabe9f587d" @@ -10337,7 +10502,7 @@ ignore-walk@^6.0.0: dependencies: minimatch "^9.0.0" -ignore@^5.0.4, ignore@^5.2.0, ignore@^5.2.1, ignore@^5.2.4: +ignore@^5.0.4, ignore@^5.2.0, ignore@^5.2.1, ignore@^5.2.4, ignore@^5.3.1: version "5.3.2" resolved "https://registry.yarnpkg.com/ignore/-/ignore-5.3.2.tgz#3cd40e729f3643fd87cb04e50bf0eb722bc596f5" integrity sha512-hsBTNUqQTDwkWtcdYI2i06Y/nUBEsNEDJKjWdigLvegy8kDuJAS8uRlpkkcQpyEXL0Z/pjDy5HBmMjRCJ2gq+g== @@ -10941,6 +11106,11 @@ isarray@~1.0.0: resolved "https://registry.yarnpkg.com/isarray/-/isarray-1.0.0.tgz#bb935d48582cba168c06834957a54a3e07124f11" integrity sha512-VLghIWNM6ELQzo7zwmcg0NmTVyWKYjvIeM83yjp0wRDTmUnrM678fQbcKBo6n2CJEF0szoG//ytg+TKla89ALQ== +isbinaryfile@^5.0.2: + version "5.0.7" + resolved "https://registry.yarnpkg.com/isbinaryfile/-/isbinaryfile-5.0.7.tgz#19a73f2281b7368dca9d3b3ac8a0434074670979" + integrity sha512-gnWD14Jh3FzS3CPhF0AxNOJ8CxqeblPTADzI38r0wt8ZyQl5edpy75myt08EG2oKvpyiqSqsx+Wkz9vtkbTqYQ== + isexe@^2.0.0: version "2.0.0" resolved "https://registry.yarnpkg.com/isexe/-/isexe-2.0.0.tgz#e8fbf374dc556ff8947a10dcb0572d633f2cfa10" @@ -14546,7 +14716,21 @@ pkg-dir@^7.0.0: dependencies: find-up "^6.3.0" -pkg-types@^1.3.0: +pkg-pr-new@^0.0.66: + version "0.0.66" + resolved "https://registry.yarnpkg.com/pkg-pr-new/-/pkg-pr-new-0.0.66.tgz#3fe088bcf969faa29171342f4527a3942f8b68a0" + integrity sha512-t+rZ2DY9Bp7v2NSFZciqChb6DGPdo9YhQeuW/GSdMsUx634gnqe+baJq2ZQgVtXaIxUbnPPBmtFJb6qnQ0uVUA== + dependencies: + "@actions/core" "^3.0.0" + "@jsdevtools/ez-spawn" "^3.0.4" + "@octokit/action" "^6.1.0" + ignore "^5.3.1" + isbinaryfile "^5.0.2" + pkg-types "^1.1.1" + query-registry "^3.0.1" + tinyglobby "^0.2.9" + +pkg-types@^1.1.1, pkg-types@^1.3.0: version "1.3.1" resolved "https://registry.yarnpkg.com/pkg-types/-/pkg-types-1.3.1.tgz#bd7cc70881192777eef5326c19deb46e890917df" integrity sha512-/Jm5M4RvtBFVkKWRu2BLUTNP8/M2a+UwuAX+ae4770q1qVGtfjG+WTCupoZixokjmHiry8uI+dlY8KXYV5HVVQ== @@ -15381,6 +15565,27 @@ quansync@^0.2.7, quansync@^0.2.8: resolved "https://registry.yarnpkg.com/quansync/-/quansync-0.2.10.tgz#32053cf166fa36511aae95fc49796116f2dc20e1" integrity sha512-t41VRkMYbkHyCYmOvx/6URnN80H7k4X0lLdBMGsz+maAwrJQYB1djpV6vHrQIBE0WBSGqhtEHrK9U3DWWH8v7A== +query-registry@^3.0.1: + version "3.0.1" + resolved "https://registry.yarnpkg.com/query-registry/-/query-registry-3.0.1.tgz#04fca7bfd11a914ed1c630bcf546e468d4be09e8" + integrity sha512-M9RxRITi2mHMVPU5zysNjctUT8bAPx6ltEXo/ir9+qmiM47Y7f0Ir3+OxUO5OjYAWdicBQRew7RtHtqUXydqlg== + dependencies: + query-string "^9.0.0" + quick-lru "^7.0.0" + url-join "^5.0.0" + validate-npm-package-name "^5.0.1" + zod "^3.23.8" + zod-package-json "^1.0.3" + +query-string@^9.0.0: + version "9.3.1" + resolved "https://registry.yarnpkg.com/query-string/-/query-string-9.3.1.tgz#d0c93e6c7fb7c17bdf04aa09e382114580ede270" + integrity sha512-5fBfMOcDi5SA9qj5jZhWAcTtDfKF5WFdd2uD9nVNlbxVv1baq65aALy6qofpNEGELHvisjjasxQp7BlM9gvMzw== + dependencies: + decode-uri-component "^0.4.1" + filter-obj "^5.1.0" + split-on-first "^3.0.0" + queue-microtask@^1.2.2: version "1.2.3" resolved "https://registry.yarnpkg.com/queue-microtask/-/queue-microtask-1.2.3.tgz#4929228bbc724dfac43e0efb058caf7b6cfb6243" @@ -15401,6 +15606,11 @@ quick-lru@^5.1.1: resolved "https://registry.yarnpkg.com/quick-lru/-/quick-lru-5.1.1.tgz#366493e6b3e42a3a6885e2e99d18f80fb7a8c932" integrity sha512-WuyALRjWPDGtt/wzJiadO5AXY+8hZ80hVpe6MyivgraREW751X3SbhRvG3eLKOYN+8VEvqLcf3wdnt44Z4S4SA== +quick-lru@^7.0.0: + version "7.3.0" + resolved "https://registry.yarnpkg.com/quick-lru/-/quick-lru-7.3.0.tgz#2af7e0fc72b66b7496251f6226cc723662c50665" + integrity sha512-k9lSsjl36EJdK7I06v7APZCbyGT2vMTsYSRX1Q2nbYmnkBqgUhRkAuzH08Ciotteu/PLJmIF2+tti7o3C/ts2g== + randombytes@^2.1.0: version "2.1.0" resolved "https://registry.yarnpkg.com/randombytes/-/randombytes-2.1.0.tgz#df6f84372f0270dc65cdf6291349ab7a473d4f2a" @@ -16863,6 +17073,11 @@ spdy@^4.0.2: select-hose "^2.0.0" spdy-transport "^3.0.0" +split-on-first@^3.0.0: + version "3.0.0" + resolved "https://registry.yarnpkg.com/split-on-first/-/split-on-first-3.0.0.tgz#f04959c9ea8101b9b0bbf35a61b9ebea784a23e7" + integrity sha512-qxQJTx2ryR0Dw0ITYyekNQWpz6f8dGd7vffGNflQQ3Iqj9NJ6qiZ7ELpZsJ/QBhIVAiDfXdag3+Gp8RvWa62AA== + split2@^3.2.2: version "3.2.2" resolved "https://registry.yarnpkg.com/split2/-/split2-3.2.2.tgz#bf2cf2a37d838312c249c89206fd7a17dd12365f" @@ -17554,7 +17769,7 @@ tinyexec@^0.3.2: resolved "https://registry.yarnpkg.com/tinyexec/-/tinyexec-0.3.2.tgz#941794e657a85e496577995c6eef66f53f42b3d2" integrity sha512-KQQR9yN7R5+OSwaK0XQoj22pwHoTlgYqmUscPYoknOoWCWfj/5/ABTMRi69FrKU5ffPVh5QcFikpWJI/P1ocHA== -tinyglobby@^0.2.12: +tinyglobby@^0.2.12, tinyglobby@^0.2.9: version "0.2.15" resolved "https://registry.yarnpkg.com/tinyglobby/-/tinyglobby-0.2.15.tgz#e228dd1e638cea993d2fdb4fcd2d4602a79951c2" integrity sha512-j2Zq4NyQYG5XMST4cbs02Ak8iJUdxRM0XI5QyxXuZOzKOINmWurp3smXu3y5wDcJrptwpSjgXHzIQxR0omXljQ== @@ -17750,6 +17965,11 @@ tunnel-agent@^0.6.0: dependencies: safe-buffer "^5.0.1" +tunnel@^0.0.6: + version "0.0.6" + resolved "https://registry.yarnpkg.com/tunnel/-/tunnel-0.0.6.tgz#72f1314b34a5b192db012324df2cc587ca47f92c" + integrity sha512-1h/Lnq9yajKY2PEbBadPXj3VxsDDu844OnaAo52UVmIzIvwwtBPIuNvkjuzBlTWpfJyUbG3ez0KSBibQkj4ojg== + type-check@^0.4.0, type-check@~0.4.0: version "0.4.0" resolved "https://registry.yarnpkg.com/type-check/-/type-check-0.4.0.tgz#07b8203bfa7056c0657050e3ccd2c37730bab8f1" @@ -17762,7 +17982,7 @@ type-detect@4.0.8: resolved "https://registry.yarnpkg.com/type-detect/-/type-detect-4.0.8.tgz#7646fb5f18871cfbb7749e69bd39a6388eb7450c" integrity sha512-0fr/mIH1dlO+x7TlcMy+bIDqKPsw/70tVyeHW787goQjhmqaZe10uwLujubK9q9Lg6Fiho1KUKDYz0Z7k7g5/g== -type-detect@^4.0.0: +type-detect@^4.0.0, type-detect@^4.0.8: version "4.1.0" resolved "https://registry.yarnpkg.com/type-detect/-/type-detect-4.1.0.tgz#deb2453e8f08dcae7ae98c626b13dddb0155906c" integrity sha512-Acylog8/luQ8L7il+geoSxhEkazvkslg7PSNKOX59mbB9cOveP5aq9h74Y7YU8yDpJwetzQQrfIwtf4Wp4LKcw== @@ -17916,6 +18136,11 @@ undici-types@~6.21.0: resolved "https://registry.yarnpkg.com/undici-types/-/undici-types-6.21.0.tgz#691d00af3909be93a7faa13be61b3a5b50ef12cb" integrity sha512-iwDZqg0QAGrg9Rav5H4n0M64c3mkR59cJ6wQp+7C4nI0gsmExaedaYLNO44eT4AtBBwjbTiGPMlt2Md0T9H9JQ== +undici@^6.0.0, undici@^6.23.0: + version "6.24.1" + resolved "https://registry.yarnpkg.com/undici/-/undici-6.24.1.tgz#9df1425cede20b836d95634347946f79578b7e71" + integrity sha512-sC+b0tB1whOCzbtlx20fx3WgCXwkW627p4EA9uM+/tNNPkSS+eSEld6pAs9nDv7WbY1UUljBMYPtu9BCOrCWKA== + unicode-canonical-property-names-ecmascript@^2.0.0: version "2.0.1" resolved "https://registry.yarnpkg.com/unicode-canonical-property-names-ecmascript/-/unicode-canonical-property-names-ecmascript-2.0.1.tgz#cb3173fe47ca743e228216e4a3ddc4c84d628cc2" @@ -18189,6 +18414,11 @@ uri-js@^4.2.2: dependencies: punycode "^2.1.0" +url-join@^5.0.0: + version "5.0.0" + resolved "https://registry.yarnpkg.com/url-join/-/url-join-5.0.0.tgz#c2f1e5cbd95fa91082a93b58a1f42fecb4bdbcf1" + integrity sha512-n2huDr9h9yzd6exQVnH/jU5mr+Pfx08LRXXZhkLLetAMESRj+anQsTAh940iMrIetKAmry9coFuZQ2jY8/p3WA== + url-loader@^4.1.1: version "4.1.1" resolved "https://registry.yarnpkg.com/url-loader/-/url-loader-4.1.1.tgz#28505e905cae158cf07c92ca622d7f237e70a4e2" @@ -18279,7 +18509,7 @@ validate-npm-package-name@^3.0.0: dependencies: builtins "^1.0.3" -validate-npm-package-name@^5.0.0: +validate-npm-package-name@^5.0.0, validate-npm-package-name@^5.0.1: version "5.0.1" resolved "https://registry.yarnpkg.com/validate-npm-package-name/-/validate-npm-package-name-5.0.1.tgz#a316573e9b49f3ccd90dbb6eb52b3f06c6d604e8" integrity sha512-OljLrQ9SQdOUqTaQxqL5dEfZWrXExyyWsozYlAWFawPVNuD83igl7uJD2RTkNMbniIYgt8l81eCJGIdQF7avLQ== @@ -19103,12 +19333,19 @@ yocto-queue@^1.0.0: resolved "https://registry.yarnpkg.com/yocto-queue/-/yocto-queue-1.0.0.tgz#7f816433fb2cbc511ec8bf7d263c3b58a1a3c251" integrity sha512-9bnSc/HEW2uRy67wc+T8UwauLuPJVn28jb+GtJY16iiKWyvmYJRXVT4UamsAEGQfPohgr2q4Tq0sQbQlxTfi1g== +zod-package-json@^1.0.3: + version "1.2.0" + resolved "https://registry.yarnpkg.com/zod-package-json/-/zod-package-json-1.2.0.tgz#a6f9df035555e0c6c6387dbee0555c2acc050f98" + integrity sha512-tamtgPM3MkP+obfO2dLr/G+nYoYkpJKmuHdYEy6IXRKfLybruoJ5NUj0lM0LxwOpC9PpoGLbll1ecoeyj43Wsg== + dependencies: + zod "^3.25.64" + zod-validation-error@^3.0.3: version "3.4.0" resolved "https://registry.yarnpkg.com/zod-validation-error/-/zod-validation-error-3.4.0.tgz#3a8a1f55c65579822d7faa190b51336c61bee2a6" integrity sha512-ZOPR9SVY6Pb2qqO5XHt+MkkTRxGXb4EVtnjc9JpXUOtUB1T9Ru7mZOT361AN3MsetVe7R0a1KZshJDZdgp9miQ== -zod@^3.22.4: +zod@^3.22.4, zod@^3.23.8, zod@^3.25.64: version "3.25.76" resolved "https://registry.yarnpkg.com/zod/-/zod-3.25.76.tgz#26841c3f6fd22a6a2760e7ccb719179768471e34" integrity sha512-gzUt/qt81nXsFGKIFcC3YnfEAx5NkunCfnDlvuBSSFS02bcXu4Lmea0AFIUwbLWxWPx3d9p8S5QoaujKcNQxcQ== From 49f4f071ed114b76a9ed7528414e8039cb9f4b5b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?S=C3=A9bastien=20Lorber?= Date: Thu, 2 Apr 2026 18:46:14 +0200 Subject: [PATCH 2/4] fix(ci): fix Dependabot error (#11879) --- .github/dependabot.yml | 15 --------------- 1 file changed, 15 deletions(-) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 5411526df90a..76540fd93166 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -10,21 +10,6 @@ updates: labels: - 'pr: dependencies' - ######################## - # NPM SECURITY UPDATES - - package-ecosystem: 'npm' - directory: '/' - exclude-paths: - - 'examples/**' - schedule: - interval: 'daily' - # Disable version updates for npm dependencies - # This is what restricts Dependabot to security updates only - # https://docs.github.com/en/code-security/dependabot/dependabot-security-updates/configuring-dependabot-security-updates#overriding-the-default-behavior-with-a-configuration-file - open-pull-requests-limit: 0 - labels: - - 'pr: dependencies' - ######################## # NPM VERSION UPDATES - package-ecosystem: 'npm' From d31d6a1dd8309bdd18150813177ce261afc5b918 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 2 Apr 2026 18:59:17 +0200 Subject: [PATCH 3/4] chore(deps): bump fs-extra and @types/fs-extra (#11880) Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- package.json | 2 +- yarn.lock | 13 +++---------- 2 files changed, 4 insertions(+), 11 deletions(-) diff --git a/package.json b/package.json index f663367ac7a4..a4032b534a23 100644 --- a/package.json +++ b/package.json @@ -83,7 +83,7 @@ "@testing-library/dom": "^10.4.1", "@testing-library/jest-dom": "^6.9.1", "@testing-library/react": "^16.3.2", - "@types/fs-extra": "^9.0.13", + "@types/fs-extra": "^11.0.4", "@types/jest": "^30.0.0", "@types/lodash": "^4.14.197", "@types/node": "^20.19.37", diff --git a/yarn.lock b/yarn.lock index 8fc314315e12..5a047e0a14c2 100644 --- a/yarn.lock +++ b/yarn.lock @@ -4534,13 +4534,6 @@ "@types/jsonfile" "*" "@types/node" "*" -"@types/fs-extra@^9.0.13": - version "9.0.13" - resolved "https://registry.yarnpkg.com/@types/fs-extra/-/fs-extra-9.0.13.tgz#7594fbae04fe7f1918ce8b3d213f74ff44ac1f45" - integrity sha512-nEnwB++1u5lVDM2UI4c1+5R+FYaKfaAzS4OococimjVm3nQw3TuzH5UNsocrcTBbhnerblyHj4A49qXbIiZdpA== - dependencies: - "@types/node" "*" - "@types/geojson@*": version "7946.0.16" resolved "https://registry.yarnpkg.com/@types/geojson/-/geojson-7946.0.16.tgz#8ebe53d69efada7044454e3305c19017d97ced2a" @@ -9437,9 +9430,9 @@ fs-constants@^1.0.0: integrity sha512-y6OAwoSIf7FyjMIv94u+b5rdheZEjzR63GTyZJm5qh4Bi+2YgwLCcI/fPFZkL5PSixOt6ZNKm+w+Hfp/Bciwow== fs-extra@^11.1.0, fs-extra@^11.1.1, fs-extra@^11.2.0: - version "11.2.0" - resolved "https://registry.yarnpkg.com/fs-extra/-/fs-extra-11.2.0.tgz#e70e17dfad64232287d01929399e0ea7c86b0e5b" - integrity sha512-PmDi3uwK5nFuXh7XDTlVnS17xJS7vW36is2+w3xcv8SVxiB4NyATf4ctkVY5bkSjX0Y4nbvZCq1/EjtEyr9ktw== + version "11.3.4" + resolved "https://registry.yarnpkg.com/fs-extra/-/fs-extra-11.3.4.tgz#ab6934eca8bcf6f7f6b82742e33591f86301d6fc" + integrity sha512-CTXd6rk/M3/ULNQj8FBqBWHYBVYybQ3VPBw0xGKFe3tuH7ytT6ACnvzpIQ3UZtB8yvUKC2cXn1a+x+5EVQLovA== dependencies: graceful-fs "^4.2.0" jsonfile "^6.0.1" From 3a674ce4fd8d76e39fefa6e996a8af8b09a4a5e1 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 2 Apr 2026 18:59:55 +0200 Subject: [PATCH 4/4] chore(deps): bump @babel/core from 7.28.6 to 7.29.0 (#11882) Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- yarn.lock | 70 +++++++++++++++++++++++++++---------------------------- 1 file changed, 35 insertions(+), 35 deletions(-) diff --git a/yarn.lock b/yarn.lock index 5a047e0a14c2..4185826e1bee 100644 --- a/yarn.lock +++ b/yarn.lock @@ -316,10 +316,10 @@ "@babel/highlight" "^7.25.7" picocolors "^1.0.0" -"@babel/code-frame@^7.0.0", "@babel/code-frame@^7.10.4", "@babel/code-frame@^7.12.13", "@babel/code-frame@^7.27.1", "@babel/code-frame@^7.28.6": - version "7.28.6" - resolved "https://registry.yarnpkg.com/@babel/code-frame/-/code-frame-7.28.6.tgz#72499312ec58b1e2245ba4a4f550c132be4982f7" - integrity sha512-JYgintcMjRiCvS8mMECzaEn+m3PfoQiyqukOMCCVQtoJGYJw8j/8LBJEiqkHLkfwCcs74E3pbAUFNg7d9VNJ+Q== +"@babel/code-frame@^7.0.0", "@babel/code-frame@^7.10.4", "@babel/code-frame@^7.12.13", "@babel/code-frame@^7.27.1", "@babel/code-frame@^7.28.6", "@babel/code-frame@^7.29.0": + version "7.29.0" + resolved "https://registry.yarnpkg.com/@babel/code-frame/-/code-frame-7.29.0.tgz#7cd7a59f15b3cc0dcd803038f7792712a7d0b15c" + integrity sha512-9NhCeYjq9+3uxgdtp20LSiJXJvN0FeCtNGpJxuMFZ1Kv3cWUNb6DOhJwUvcVCzKGR66cw4njwM6hrJLqgOwbcw== dependencies: "@babel/helper-validator-identifier" "^7.28.5" js-tokens "^4.0.0" @@ -331,19 +331,19 @@ integrity sha512-2lfu57JtzctfIrcGMz992hyLlByuzgIk58+hhGCxjKZ3rWI82NnVLjXcaTqkI2NvlcvOskZaiZ5kjUALo3Lpxg== "@babel/core@^7.21.3", "@babel/core@^7.23.9", "@babel/core@^7.24.4", "@babel/core@^7.25.9", "@babel/core@^7.27.4": - version "7.28.6" - resolved "https://registry.yarnpkg.com/@babel/core/-/core-7.28.6.tgz#531bf883a1126e53501ba46eb3bb414047af507f" - integrity sha512-H3mcG6ZDLTlYfaSNi0iOKkigqMFvkTKlGUYlD8GW7nNOYRrevuA46iTypPyv+06V3fEmvvazfntkBU34L0azAw== + version "7.29.0" + resolved "https://registry.yarnpkg.com/@babel/core/-/core-7.29.0.tgz#5286ad785df7f79d656e88ce86e650d16ca5f322" + integrity sha512-CGOfOJqWjg2qW/Mb6zNsDm+u5vFQ8DxXfbM09z69p5Z6+mE1ikP2jUXw+j42Pf1XTYED2Rni5f95npYeuwMDQA== dependencies: - "@babel/code-frame" "^7.28.6" - "@babel/generator" "^7.28.6" + "@babel/code-frame" "^7.29.0" + "@babel/generator" "^7.29.0" "@babel/helper-compilation-targets" "^7.28.6" "@babel/helper-module-transforms" "^7.28.6" "@babel/helpers" "^7.28.6" - "@babel/parser" "^7.28.6" + "@babel/parser" "^7.29.0" "@babel/template" "^7.28.6" - "@babel/traverse" "^7.28.6" - "@babel/types" "^7.28.6" + "@babel/traverse" "^7.29.0" + "@babel/types" "^7.29.0" "@jridgewell/remapping" "^2.3.5" convert-source-map "^2.0.0" debug "^4.1.0" @@ -351,13 +351,13 @@ json5 "^2.2.3" semver "^6.3.1" -"@babel/generator@^7.25.9", "@babel/generator@^7.27.5", "@babel/generator@^7.28.6": - version "7.28.6" - resolved "https://registry.yarnpkg.com/@babel/generator/-/generator-7.28.6.tgz#48dcc65d98fcc8626a48f72b62e263d25fc3c3f1" - integrity sha512-lOoVRwADj8hjf7al89tvQ2a1lf53Z+7tiXMgpZJL3maQPDxh0DgLMN62B2MKUOFcoodBHLMbDM6WAbKgNy5Suw== +"@babel/generator@^7.25.9", "@babel/generator@^7.27.5", "@babel/generator@^7.29.0": + version "7.29.1" + resolved "https://registry.yarnpkg.com/@babel/generator/-/generator-7.29.1.tgz#d09876290111abbb00ef962a7b83a5307fba0d50" + integrity sha512-qsaF+9Qcm2Qv8SRIMMscAvG4O3lJ0F1GuMo5HR/Bp02LopNgnZBC/EkbevHFeGs4ls/oPz9v+Bsmzbkbe+0dUw== dependencies: - "@babel/parser" "^7.28.6" - "@babel/types" "^7.28.6" + "@babel/parser" "^7.29.0" + "@babel/types" "^7.29.0" "@jridgewell/gen-mapping" "^0.3.12" "@jridgewell/trace-mapping" "^0.3.28" jsesc "^3.0.2" @@ -539,12 +539,12 @@ js-tokens "^4.0.0" picocolors "^1.0.0" -"@babel/parser@^7.1.0", "@babel/parser@^7.20.7", "@babel/parser@^7.23.9", "@babel/parser@^7.24.4", "@babel/parser@^7.28.6": - version "7.28.6" - resolved "https://registry.yarnpkg.com/@babel/parser/-/parser-7.28.6.tgz#f01a8885b7fa1e56dd8a155130226cd698ef13fd" - integrity sha512-TeR9zWR18BvbfPmGbLampPMW+uW1NZnJlRuuHso8i87QZNq2JRF9i6RgxRqtEq+wQGsS19NNTWr2duhnE49mfQ== +"@babel/parser@^7.1.0", "@babel/parser@^7.20.7", "@babel/parser@^7.23.9", "@babel/parser@^7.24.4", "@babel/parser@^7.28.6", "@babel/parser@^7.29.0": + version "7.29.2" + resolved "https://registry.yarnpkg.com/@babel/parser/-/parser-7.29.2.tgz#58bd50b9a7951d134988a1ae177a35ef9a703ba1" + integrity sha512-4GgRzy/+fsBa72/RZVJmGKPmZu9Byn8o4MoLpmNe1m8ZfYnz5emHLQz3U4gLud6Zwl0RZIcgiLD7Uq7ySFuDLA== dependencies: - "@babel/types" "^7.28.6" + "@babel/types" "^7.29.0" "@babel/plugin-bugfix-firefox-class-in-computed-class-key@^7.25.9": version "7.25.9" @@ -1305,23 +1305,23 @@ "@babel/parser" "^7.28.6" "@babel/types" "^7.28.6" -"@babel/traverse@^7.25.9", "@babel/traverse@^7.26.5", "@babel/traverse@^7.26.9", "@babel/traverse@^7.28.6": - version "7.28.6" - resolved "https://registry.yarnpkg.com/@babel/traverse/-/traverse-7.28.6.tgz#871ddc79a80599a5030c53b1cc48cbe3a5583c2e" - integrity sha512-fgWX62k02qtjqdSNTAGxmKYY/7FSL9WAS1o2Hu5+I5m9T0yxZzr4cnrfXQ/MX0rIifthCSs6FKTlzYbJcPtMNg== +"@babel/traverse@^7.25.9", "@babel/traverse@^7.26.5", "@babel/traverse@^7.26.9", "@babel/traverse@^7.28.6", "@babel/traverse@^7.29.0": + version "7.29.0" + resolved "https://registry.yarnpkg.com/@babel/traverse/-/traverse-7.29.0.tgz#f323d05001440253eead3c9c858adbe00b90310a" + integrity sha512-4HPiQr0X7+waHfyXPZpWPfWL/J7dcN1mx9gL6WdQVMbPnF3+ZhSMs8tCxN7oHddJE9fhNE7+lxdnlyemKfJRuA== dependencies: - "@babel/code-frame" "^7.28.6" - "@babel/generator" "^7.28.6" + "@babel/code-frame" "^7.29.0" + "@babel/generator" "^7.29.0" "@babel/helper-globals" "^7.28.0" - "@babel/parser" "^7.28.6" + "@babel/parser" "^7.29.0" "@babel/template" "^7.28.6" - "@babel/types" "^7.28.6" + "@babel/types" "^7.29.0" debug "^4.3.1" -"@babel/types@^7.0.0", "@babel/types@^7.20.7", "@babel/types@^7.21.3", "@babel/types@^7.25.9", "@babel/types@^7.27.3", "@babel/types@^7.28.6", "@babel/types@^7.4.4": - version "7.28.6" - resolved "https://registry.yarnpkg.com/@babel/types/-/types-7.28.6.tgz#c3e9377f1b155005bcc4c46020e7e394e13089df" - integrity sha512-0ZrskXVEHSWIqZM/sQZ4EV3jZJXRkio/WCxaqKZP1g//CEWEPSfeZFcms4XeKBCHU0ZKnIkdJeU/kF+eRp5lBg== +"@babel/types@^7.0.0", "@babel/types@^7.20.7", "@babel/types@^7.21.3", "@babel/types@^7.25.9", "@babel/types@^7.27.3", "@babel/types@^7.28.6", "@babel/types@^7.29.0", "@babel/types@^7.4.4": + version "7.29.0" + resolved "https://registry.yarnpkg.com/@babel/types/-/types-7.29.0.tgz#9f5b1e838c446e72cf3cd4b918152b8c605e37c7" + integrity sha512-LwdZHpScM4Qz8Xw2iKSzS+cfglZzJGvofQICy7W7v4caru4EaAmyUuO6BGrbyQ2mYV11W0U8j5mBhd14dd3B0A== dependencies: "@babel/helper-string-parser" "^7.27.1" "@babel/helper-validator-identifier" "^7.28.5"