diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 0159322ba6c64..46961d3fc6872 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -174,7 +174,7 @@ jobs: run: | git commit --all --amend --no-edit || true git push --force-with-lease - echo "::set-output name=sha::$(git rev-parse HEAD)" + echo "sha=$(git rev-parse HEAD)" >> $GITHUB_OUTPUT - name: Get Workflow Job uses: actions/github-script@v6 if: steps.commit.outputs.sha @@ -255,7 +255,7 @@ jobs: else result="success" fi - echo "::set-output name=result::$result" + echo "result=$result" >> $GITHUB_OUTPUT - name: Conclude Check uses: LouisBrunner/checks-action@v1.3.1 if: needs.update.outputs.check-id && always() @@ -334,7 +334,6 @@ jobs: - name: Get Needs Result id: needs-result run: | - result="" if [[ "${{ contains(needs.*.result, 'failure') }}" == "true" ]]; then result="x" elif [[ "${{ contains(needs.*.result, 'cancelled') }}" == "true" ]]; then @@ -342,7 +341,7 @@ jobs: else result="white_check_mark" fi - echo "::set-output name=result::$result" + echo "result=$result" >> $GITHUB_OUTPUT - name: Update Release PR Comment uses: actions/github-script@v6 env: @@ -363,7 +362,8 @@ jobs: if (updateComment) { console.log('Found comment to update:', JSON.stringify(updateComment, null, 2)) let body = updateComment.body.replace(/Workflow run: :[a-z_]+:/, `Workflow run: :${RESULT}:`) - if (RESULT === 'x') { + const tagCodeowner = RESULT !== 'white_check_mark' + if (tagCodeowner) { body += `\n\n:rotating_light:` body += ` @npm/cli-team: The post-release workflow failed for this release.` body += ` Manual steps may need to be taken after examining the workflow output` diff --git a/SECURITY.md b/SECURITY.md index 4e7c26c66ebd9..9cd2deaf4fd34 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -4,11 +4,10 @@ GitHub takes the security of our software products and services seriously, inclu If you believe you have found a security vulnerability in this GitHub-owned open source repository, you can report it to us in one of two ways. -If the vulnerability you have found is *not* [in scope for the GitHub Bug Bounty Program](https://bounty.github.com/#scope) or if you do not wish to be considered for a bounty reward, please report the issue to us directly using [private vulnerability reporting](https://docs.github.com/en/code-security/security-advisories/guidance-on-reporting-and-writing/privately-reporting-a-security-vulnerability). +If the vulnerability you have found is *not* [in scope for the GitHub Bug Bounty Program](https://bounty.github.com/#scope) or if you do not wish to be considered for a bounty reward, please report the issue to us directly through [opensource-security@github.com](mailto:opensource-security@github.com). If the vulnerability you have found is [in scope for the GitHub Bug Bounty Program](https://bounty.github.com/#scope) and you would like for your finding to be considered for a bounty reward, please submit the vulnerability to us through [HackerOne](https://hackerone.com/github) in order to be eligible to receive a bounty award. **Please do not report security vulnerabilities through public GitHub issues, discussions, or pull requests.** Thanks for helping make GitHub safe for everyone. - diff --git a/docs/package.json b/docs/package.json index a1ea4711b6e84..6f959c258d988 100644 --- a/docs/package.json +++ b/docs/package.json @@ -22,7 +22,7 @@ "devDependencies": { "@isaacs/string-locale-compare": "^1.1.0", "@npmcli/eslint-config": "^4.0.0", - "@npmcli/template-oss": "4.11.4", + "@npmcli/template-oss": "4.12.0", "front-matter": "^4.0.2", "ignore-walk": "^6.0.1", "jsdom": "^21.1.0", @@ -56,7 +56,7 @@ "//@npmcli/template-oss": "This file is partially managed by @npmcli/template-oss. Edits may be overwritten.", "ciVersions": "latest", "engines": "^14.17.0 || ^16.13.0 || >=18.0.0", - "version": "4.11.4", + "version": "4.12.0", "content": "../scripts/template-oss/index.js", "workspaceRepo": { "add": { diff --git a/mock-registry/package.json b/mock-registry/package.json index 85d50ce808ece..31d93c0411130 100644 --- a/mock-registry/package.json +++ b/mock-registry/package.json @@ -34,7 +34,7 @@ }, "templateOSS": { "//@npmcli/template-oss": "This file is partially managed by @npmcli/template-oss. Edits may be overwritten.", - "version": "4.11.4" + "version": "4.12.0" }, "tap": { "no-coverage": true, @@ -46,7 +46,7 @@ "devDependencies": { "@npmcli/arborist": "^6.1.1", "@npmcli/eslint-config": "^4.0.1", - "@npmcli/template-oss": "4.11.4", + "@npmcli/template-oss": "4.12.0", "nock": "^13.3.0", "npm-package-arg": "^10.1.0", "pacote": "^15.0.8", diff --git a/package-lock.json b/package-lock.json index 39caf3dc9a0a9..4e5ca62622048 100644 --- a/package-lock.json +++ b/package-lock.json @@ -161,7 +161,7 @@ "@npmcli/git": "^4.0.1", "@npmcli/mock-registry": "^1.0.0", "@npmcli/promise-spawn": "^6.0.2", - "@npmcli/template-oss": "4.11.4", + "@npmcli/template-oss": "4.12.0", "licensee": "^10.0.0", "nock": "^13.3.0", "npm-packlist": "^7.0.4", @@ -182,7 +182,7 @@ "devDependencies": { "@isaacs/string-locale-compare": "^1.1.0", "@npmcli/eslint-config": "^4.0.0", - "@npmcli/template-oss": "4.11.4", + "@npmcli/template-oss": "4.12.0", "front-matter": "^4.0.2", "ignore-walk": "^6.0.1", "jsdom": "^21.1.0", @@ -207,7 +207,7 @@ "devDependencies": { "@npmcli/arborist": "^6.1.1", "@npmcli/eslint-config": "^4.0.1", - "@npmcli/template-oss": "4.11.4", + "@npmcli/template-oss": "4.12.0", "nock": "^13.3.0", "npm-package-arg": "^10.1.0", "pacote": "^15.0.8", @@ -2220,9 +2220,9 @@ "link": true }, "node_modules/@npmcli/template-oss": { - "version": "4.11.4", - "resolved": "https://registry.npmjs.org/@npmcli/template-oss/-/template-oss-4.11.4.tgz", - "integrity": "sha512-PtUacQfLt5yl+OuUb9XW9Bw3ZGMwDnV5dCbtUVFr4J+Ig5RVMyDjB0VmI3Uu4v9ntBNBINzvNBP1Hb3UCzoA4Q==", + "version": "4.12.0", + "resolved": "https://registry.npmjs.org/@npmcli/template-oss/-/template-oss-4.12.0.tgz", + "integrity": "sha512-siPUfzR2EZXfOI98X/OfBa0OgVVeuWzV8Z5+DoziRIEr+pJVBY9tLcwE4oQd6idabUQQyc1DuCQ+OQ0B2loIZA==", "dev": true, "hasInstallScript": true, "dependencies": { @@ -14941,7 +14941,7 @@ "@npmcli/eslint-config": "^4.0.0", "@npmcli/mock-registry": "^1.0.0", "@npmcli/promise-spawn": "^6.0.2", - "@npmcli/template-oss": "4.11.4", + "@npmcli/template-oss": "4.12.0", "http-proxy": "^1.18.1", "just-extend": "^6.2.0", "just-safe-set": "^4.2.1", @@ -14996,7 +14996,7 @@ }, "devDependencies": { "@npmcli/eslint-config": "^4.0.0", - "@npmcli/template-oss": "4.11.4", + "@npmcli/template-oss": "4.12.0", "benchmark": "^2.1.4", "chalk": "^4.1.0", "minify-registry-metadata": "^3.0.0", @@ -15024,7 +15024,7 @@ }, "devDependencies": { "@npmcli/eslint-config": "^4.0.0", - "@npmcli/template-oss": "4.11.4", + "@npmcli/template-oss": "4.12.0", "tap": "^16.3.4" }, "engines": { @@ -15041,7 +15041,7 @@ "devDependencies": { "@npmcli/eslint-config": "^4.0.0", "@npmcli/mock-registry": "^1.0.0", - "@npmcli/template-oss": "4.11.4", + "@npmcli/template-oss": "4.12.0", "nock": "^13.3.0", "tap": "^16.3.4" }, @@ -15065,7 +15065,7 @@ }, "devDependencies": { "@npmcli/eslint-config": "^4.0.0", - "@npmcli/template-oss": "4.11.4", + "@npmcli/template-oss": "4.12.0", "tap": "^16.3.4" }, "engines": { @@ -15092,7 +15092,7 @@ "devDependencies": { "@npmcli/eslint-config": "^4.0.0", "@npmcli/mock-registry": "^1.0.0", - "@npmcli/template-oss": "4.11.4", + "@npmcli/template-oss": "4.12.0", "bin-links": "^4.0.1", "just-extend": "^6.2.0", "just-safe-set": "^4.2.1", @@ -15111,7 +15111,7 @@ }, "devDependencies": { "@npmcli/eslint-config": "^4.0.0", - "@npmcli/template-oss": "4.11.4", + "@npmcli/template-oss": "4.12.0", "tap": "^16.3.4" }, "engines": { @@ -15127,7 +15127,7 @@ }, "devDependencies": { "@npmcli/eslint-config": "^4.0.0", - "@npmcli/template-oss": "4.11.4", + "@npmcli/template-oss": "4.12.0", "nock": "^13.3.0", "tap": "^16.3.4" }, @@ -15144,7 +15144,7 @@ }, "devDependencies": { "@npmcli/eslint-config": "^4.0.0", - "@npmcli/template-oss": "4.11.4", + "@npmcli/template-oss": "4.12.0", "minipass": "^4.0.2", "nock": "^13.3.0", "tap": "^16.3.4" @@ -15164,7 +15164,7 @@ }, "devDependencies": { "@npmcli/eslint-config": "^4.0.0", - "@npmcli/template-oss": "4.11.4", + "@npmcli/template-oss": "4.12.0", "nock": "^13.3.0", "spawk": "^1.7.1", "tap": "^16.3.4" @@ -15188,7 +15188,7 @@ "devDependencies": { "@npmcli/eslint-config": "^4.0.0", "@npmcli/mock-registry": "^1.0.0", - "@npmcli/template-oss": "4.11.4", + "@npmcli/template-oss": "4.12.0", "lodash.clonedeep": "^4.5.0", "nock": "^13.3.0", "tap": "^16.3.4" @@ -15205,7 +15205,7 @@ }, "devDependencies": { "@npmcli/eslint-config": "^4.0.0", - "@npmcli/template-oss": "4.11.4", + "@npmcli/template-oss": "4.12.0", "nock": "^13.3.0", "tap": "^16.3.4" }, @@ -15222,7 +15222,7 @@ }, "devDependencies": { "@npmcli/eslint-config": "^4.0.0", - "@npmcli/template-oss": "4.11.4", + "@npmcli/template-oss": "4.12.0", "nock": "^13.3.0", "tap": "^16.3.4" }, @@ -15242,7 +15242,7 @@ }, "devDependencies": { "@npmcli/eslint-config": "^4.0.0", - "@npmcli/template-oss": "4.11.4", + "@npmcli/template-oss": "4.12.0", "require-inject": "^1.4.4", "tap": "^16.3.4" }, diff --git a/package.json b/package.json index fa3474142f0c5..5afe0723bf7a4 100644 --- a/package.json +++ b/package.json @@ -194,7 +194,7 @@ "@npmcli/git": "^4.0.1", "@npmcli/mock-registry": "^1.0.0", "@npmcli/promise-spawn": "^6.0.2", - "@npmcli/template-oss": "4.11.4", + "@npmcli/template-oss": "4.12.0", "licensee": "^10.0.0", "nock": "^13.3.0", "npm-packlist": "^7.0.4", @@ -248,7 +248,7 @@ }, "templateOSS": { "//@npmcli/template-oss": "This file is partially managed by @npmcli/template-oss. Edits may be overwritten.", - "version": "4.11.4", + "version": "4.12.0", "content": "./scripts/template-oss/root.js" }, "license": "Artistic-2.0", diff --git a/smoke-tests/package.json b/smoke-tests/package.json index 42db7ab00bda5..9ee681f46f76e 100644 --- a/smoke-tests/package.json +++ b/smoke-tests/package.json @@ -21,7 +21,7 @@ "@npmcli/eslint-config": "^4.0.0", "@npmcli/mock-registry": "^1.0.0", "@npmcli/promise-spawn": "^6.0.2", - "@npmcli/template-oss": "4.11.4", + "@npmcli/template-oss": "4.12.0", "http-proxy": "^1.18.1", "just-extend": "^6.2.0", "just-safe-set": "^4.2.1", @@ -32,7 +32,7 @@ "license": "ISC", "templateOSS": { "//@npmcli/template-oss": "This file is partially managed by @npmcli/template-oss. Edits may be overwritten.", - "version": "4.11.4", + "version": "4.12.0", "content": "../scripts/template-oss/index.js" }, "tap": { diff --git a/workspaces/arborist/package.json b/workspaces/arborist/package.json index fbba48b8ea661..31e4442cb97a7 100644 --- a/workspaces/arborist/package.json +++ b/workspaces/arborist/package.json @@ -39,7 +39,7 @@ }, "devDependencies": { "@npmcli/eslint-config": "^4.0.0", - "@npmcli/template-oss": "4.11.4", + "@npmcli/template-oss": "4.12.0", "benchmark": "^2.1.4", "chalk": "^4.1.0", "minify-registry-metadata": "^3.0.0", @@ -98,7 +98,7 @@ }, "templateOSS": { "//@npmcli/template-oss": "This file is partially managed by @npmcli/template-oss. Edits may be overwritten.", - "version": "4.11.4", + "version": "4.12.0", "content": "../../scripts/template-oss/index.js" } } diff --git a/workspaces/config/package.json b/workspaces/config/package.json index 38c063e358beb..42bd2dfb7e87c 100644 --- a/workspaces/config/package.json +++ b/workspaces/config/package.json @@ -33,7 +33,7 @@ }, "devDependencies": { "@npmcli/eslint-config": "^4.0.0", - "@npmcli/template-oss": "4.11.4", + "@npmcli/template-oss": "4.12.0", "tap": "^16.3.4" }, "dependencies": { @@ -50,6 +50,6 @@ }, "templateOSS": { "//@npmcli/template-oss": "This file is partially managed by @npmcli/template-oss. Edits may be overwritten.", - "version": "4.11.4" + "version": "4.12.0" } } diff --git a/workspaces/libnpmaccess/package.json b/workspaces/libnpmaccess/package.json index ae4cb8b21eb4b..30f83a49e5f2b 100644 --- a/workspaces/libnpmaccess/package.json +++ b/workspaces/libnpmaccess/package.json @@ -17,7 +17,7 @@ "devDependencies": { "@npmcli/eslint-config": "^4.0.0", "@npmcli/mock-registry": "^1.0.0", - "@npmcli/template-oss": "4.11.4", + "@npmcli/template-oss": "4.12.0", "nock": "^13.3.0", "tap": "^16.3.4" }, @@ -41,7 +41,7 @@ ], "templateOSS": { "//@npmcli/template-oss": "This file is partially managed by @npmcli/template-oss. Edits may be overwritten.", - "version": "4.11.4", + "version": "4.12.0", "content": "../../scripts/template-oss/index.js" }, "tap": { diff --git a/workspaces/libnpmdiff/package.json b/workspaces/libnpmdiff/package.json index a3d7c8e98d936..900518ad84cf9 100644 --- a/workspaces/libnpmdiff/package.json +++ b/workspaces/libnpmdiff/package.json @@ -42,7 +42,7 @@ }, "devDependencies": { "@npmcli/eslint-config": "^4.0.0", - "@npmcli/template-oss": "4.11.4", + "@npmcli/template-oss": "4.12.0", "tap": "^16.3.4" }, "dependencies": { @@ -58,7 +58,7 @@ }, "templateOSS": { "//@npmcli/template-oss": "This file is partially managed by @npmcli/template-oss. Edits may be overwritten.", - "version": "4.11.4", + "version": "4.12.0", "content": "../../scripts/template-oss/index.js" }, "tap": { diff --git a/workspaces/libnpmexec/package.json b/workspaces/libnpmexec/package.json index f4e20e3d1a851..ad9a08ced131f 100644 --- a/workspaces/libnpmexec/package.json +++ b/workspaces/libnpmexec/package.json @@ -52,7 +52,7 @@ "devDependencies": { "@npmcli/eslint-config": "^4.0.0", "@npmcli/mock-registry": "^1.0.0", - "@npmcli/template-oss": "4.11.4", + "@npmcli/template-oss": "4.12.0", "bin-links": "^4.0.1", "just-extend": "^6.2.0", "just-safe-set": "^4.2.1", @@ -75,7 +75,7 @@ }, "templateOSS": { "//@npmcli/template-oss": "This file is partially managed by @npmcli/template-oss. Edits may be overwritten.", - "version": "4.11.4", + "version": "4.12.0", "content": "../../scripts/template-oss/index.js" } } diff --git a/workspaces/libnpmfund/package.json b/workspaces/libnpmfund/package.json index ab3017b53b089..0f0a3d896463a 100644 --- a/workspaces/libnpmfund/package.json +++ b/workspaces/libnpmfund/package.json @@ -41,7 +41,7 @@ }, "devDependencies": { "@npmcli/eslint-config": "^4.0.0", - "@npmcli/template-oss": "4.11.4", + "@npmcli/template-oss": "4.12.0", "tap": "^16.3.4" }, "dependencies": { @@ -52,7 +52,7 @@ }, "templateOSS": { "//@npmcli/template-oss": "This file is partially managed by @npmcli/template-oss. Edits may be overwritten.", - "version": "4.11.4", + "version": "4.12.0", "content": "../../scripts/template-oss/index.js" }, "tap": { diff --git a/workspaces/libnpmhook/package.json b/workspaces/libnpmhook/package.json index 493b64359cc22..cd3fb93a3401e 100644 --- a/workspaces/libnpmhook/package.json +++ b/workspaces/libnpmhook/package.json @@ -35,7 +35,7 @@ }, "devDependencies": { "@npmcli/eslint-config": "^4.0.0", - "@npmcli/template-oss": "4.11.4", + "@npmcli/template-oss": "4.12.0", "nock": "^13.3.0", "tap": "^16.3.4" }, @@ -44,7 +44,7 @@ }, "templateOSS": { "//@npmcli/template-oss": "This file is partially managed by @npmcli/template-oss. Edits may be overwritten.", - "version": "4.11.4", + "version": "4.12.0", "content": "../../scripts/template-oss/index.js" }, "tap": { diff --git a/workspaces/libnpmorg/package.json b/workspaces/libnpmorg/package.json index 97d957492eae9..28ed6b7a3cf41 100644 --- a/workspaces/libnpmorg/package.json +++ b/workspaces/libnpmorg/package.json @@ -28,7 +28,7 @@ ], "devDependencies": { "@npmcli/eslint-config": "^4.0.0", - "@npmcli/template-oss": "4.11.4", + "@npmcli/template-oss": "4.12.0", "minipass": "^4.0.2", "nock": "^13.3.0", "tap": "^16.3.4" @@ -49,7 +49,7 @@ }, "templateOSS": { "//@npmcli/template-oss": "This file is partially managed by @npmcli/template-oss. Edits may be overwritten.", - "version": "4.11.4", + "version": "4.12.0", "content": "../../scripts/template-oss/index.js" }, "tap": { diff --git a/workspaces/libnpmpack/package.json b/workspaces/libnpmpack/package.json index 790afe152b1c4..bad829dff7622 100644 --- a/workspaces/libnpmpack/package.json +++ b/workspaces/libnpmpack/package.json @@ -23,7 +23,7 @@ }, "devDependencies": { "@npmcli/eslint-config": "^4.0.0", - "@npmcli/template-oss": "4.11.4", + "@npmcli/template-oss": "4.12.0", "nock": "^13.3.0", "spawk": "^1.7.1", "tap": "^16.3.4" @@ -46,7 +46,7 @@ }, "templateOSS": { "//@npmcli/template-oss": "This file is partially managed by @npmcli/template-oss. Edits may be overwritten.", - "version": "4.11.4", + "version": "4.12.0", "content": "../../scripts/template-oss/index.js" }, "tap": { diff --git a/workspaces/libnpmpublish/package.json b/workspaces/libnpmpublish/package.json index 1b6a53eae6156..8efd30c4798f1 100644 --- a/workspaces/libnpmpublish/package.json +++ b/workspaces/libnpmpublish/package.json @@ -25,7 +25,7 @@ "devDependencies": { "@npmcli/eslint-config": "^4.0.0", "@npmcli/mock-registry": "^1.0.0", - "@npmcli/template-oss": "4.11.4", + "@npmcli/template-oss": "4.12.0", "lodash.clonedeep": "^4.5.0", "nock": "^13.3.0", "tap": "^16.3.4" @@ -51,7 +51,7 @@ }, "templateOSS": { "//@npmcli/template-oss": "This file is partially managed by @npmcli/template-oss. Edits may be overwritten.", - "version": "4.11.4", + "version": "4.12.0", "content": "../../scripts/template-oss/index.js" }, "tap": { diff --git a/workspaces/libnpmsearch/package.json b/workspaces/libnpmsearch/package.json index 51e1d0adf9348..8ccd77541e71c 100644 --- a/workspaces/libnpmsearch/package.json +++ b/workspaces/libnpmsearch/package.json @@ -26,7 +26,7 @@ }, "devDependencies": { "@npmcli/eslint-config": "^4.0.0", - "@npmcli/template-oss": "4.11.4", + "@npmcli/template-oss": "4.12.0", "nock": "^13.3.0", "tap": "^16.3.4" }, @@ -45,7 +45,7 @@ }, "templateOSS": { "//@npmcli/template-oss": "This file is partially managed by @npmcli/template-oss. Edits may be overwritten.", - "version": "4.11.4", + "version": "4.12.0", "content": "../../scripts/template-oss/index.js" }, "tap": { diff --git a/workspaces/libnpmteam/package.json b/workspaces/libnpmteam/package.json index 4d98dc9dc52f3..333647b127e59 100644 --- a/workspaces/libnpmteam/package.json +++ b/workspaces/libnpmteam/package.json @@ -16,7 +16,7 @@ }, "devDependencies": { "@npmcli/eslint-config": "^4.0.0", - "@npmcli/template-oss": "4.11.4", + "@npmcli/template-oss": "4.12.0", "nock": "^13.3.0", "tap": "^16.3.4" }, @@ -39,7 +39,7 @@ }, "templateOSS": { "//@npmcli/template-oss": "This file is partially managed by @npmcli/template-oss. Edits may be overwritten.", - "version": "4.11.4", + "version": "4.12.0", "content": "../../scripts/template-oss/index.js" }, "tap": { diff --git a/workspaces/libnpmversion/package.json b/workspaces/libnpmversion/package.json index 8fce14cebff38..2e80f8c3c1a01 100644 --- a/workspaces/libnpmversion/package.json +++ b/workspaces/libnpmversion/package.json @@ -32,7 +32,7 @@ }, "devDependencies": { "@npmcli/eslint-config": "^4.0.0", - "@npmcli/template-oss": "4.11.4", + "@npmcli/template-oss": "4.12.0", "require-inject": "^1.4.4", "tap": "^16.3.4" }, @@ -48,7 +48,7 @@ }, "templateOSS": { "//@npmcli/template-oss": "This file is partially managed by @npmcli/template-oss. Edits may be overwritten.", - "version": "4.11.4", + "version": "4.12.0", "content": "../../scripts/template-oss/index.js" } }