fix: security issue (#6)

* fix: keyword in package.json

* chore: upgrade runtime and packages, add workflow

* fix: pull request links

* fix: formatting

.github/pull_request_template.md

@@ -6,7 +6,10 @@
 
 <!-- please check all items and add your own -->
 
-- [ ] Read the contribution [guide](../CONTRIBUTING.md) and accept the [code](../CODE_OF_CONDUCT.md)
+- [x] Read the contribution
+      [guide](https://github.com/webbertakken/docusaurus-plugin-content-gists/blob/main/CONTRIBUTING.md)
+      and accept the
+      [code](https://github.com/webbertakken/docusaurus-plugin-content-gists/blob/main/CODE_OF_CONDUCT.md)
       of conduct
 - [ ] Readme (updated or not needed)
 - [ ] Tests (added, updated or not needed)

.github/workflows/main.yaml

@@ -0,0 +1,48 @@
+name: Main 🚢
+
+on:
+  push:
+    branches: [main]
+
+jobs:
+  checks:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Install package manager (from package.json)
+        run: |
+          corepack enable
+          corepack install
+
+      - name: Setup Node
+        uses: actions/setup-node@v4
+        with:
+          node-version-file: package.json
+          cache: 'yarn'
+
+      - name: Install deps
+        run: yarn install --frozen-lockfile --immutable
+
+      #      - name: Tests
+      #        run: yarn coverage
+
+      #      - name: Upload coverage reports to Codecov
+      #        uses: codecov/codecov-action@v3
+      #        with:
+      #          token: ${{ secrets.CODECOV_TOKEN }}
+
+      #      - name: Code styles
+      #        run: yarn lint
+
+      - name: Formatting
+        run: yarn prettier --check .
+
+      #      - name: Typecheck
+      #        run: yarn typecheck
+
+      - name: Build
+        run: yarn build
+        env:
+          NODE_ENV: production

.github/workflows/pull-request.yaml

@@ -0,0 +1,48 @@
+name: PR 🚀
+
+on:
+  pull_request:
+    branches: [main]
+
+jobs:
+  checks:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Install package manager (from package.json)
+        run: |
+          corepack enable
+          corepack install
+
+      - name: Setup Node
+        uses: actions/setup-node@v4
+        with:
+          node-version-file: package.json
+          cache: 'yarn'
+
+      - name: Install deps
+        run: yarn install --frozen-lockfile --immutable
+
+      #      - name: Tests
+      #        run: yarn coverage
+
+      #      - name: Upload coverage reports to Codecov
+      #        uses: codecov/codecov-action@v3
+      #        with:
+      #          token: ${{ secrets.CODECOV_TOKEN }}
+
+      #      - name: Code styles
+      #        run: yarn lint
+
+      - name: Formatting
+        run: yarn prettier --check .
+
+      #      - name: Typecheck
+      #        run: yarn typecheck
+
+      - name: Build
+        run: yarn build
+        env:
+          NODE_ENV: production

.yarnrc.yml

@@ -1 +1,5 @@
+compressionLevel: mixed
+
+enableGlobalCache: false
+
 nodeLinker: node-modules

CONTRIBUTING.md

@@ -16,13 +16,10 @@ When fixing a bug it is fine to submit a pull request right away.
 
 ### Tools
 
-You need the following tools to be installed.
+You need the following tools to be installed
 
-- [Node](https://nodejs.org/) installed at v16.X.
-- [Yarn](https://yarnpkg.com/) at v1.22.4+.
-
-> **Tip:** _Use [nvm](https://github.com/nvm-sh/nvm) or [n](https://github.com/tj/n) or
-> [nodenv](https://github.com/nodenv/nodenv) to manage Node.js versions on your machine._
+- [Volta](https://volta.sh/) or both [Node](https://nodejs.org/) installed at v20 and
+  [Yarn](https://yarnpkg.com/) at v4.
 
 ### Plugins
 

package.json

@@ -1,9 +1,9 @@
 {
   "name": "docusaurus-plugin-content-gists",
-  "version": "3.0.0",
+  "version": "3.1.0",
   "description": "Display gists from GitHub as content in Docusaurus",
   "keywords": [
-    "cocusaurus",
+    "docusaurus",
     "plugin",
     "theme",
     "github",
@@ -29,34 +29,35 @@
     "build:assets": "node scripts/copyUntypedFiles.mjs"
   },
   "dependencies": {
-    "@docusaurus/core": "^3.0.1",
-    "@docusaurus/theme-classic": "^3.0.1",
-    "@docusaurus/theme-common": "^3.0.1",
-    "@docusaurus/theme-translations": "^3.0.1",
-    "@docusaurus/types": "^3.0.1",
-    "@docusaurus/utils-validation": "^3.0.1",
-    "octokit": "^1.8.1"
+    "@docusaurus/core": "^3.1.1",
+    "@docusaurus/theme-classic": "^3.1.1",
+    "@docusaurus/theme-common": "^3.1.1",
+    "@docusaurus/theme-translations": "^3.1.1",
+    "@docusaurus/types": "^3.1.1",
+    "@docusaurus/utils-validation": "^3.1.1",
+    "octokit": "^3.1.2"
   },
   "devDependencies": {
-    "@docusaurus/module-type-aliases": "^3.0.1",
-    "@docusaurus/tsconfig": "^3.0.1",
-    "@docusaurus/types": "^3.0.1",
-    "@octokit/types": "^6.34.0",
-    "@types/node": "^20.10.4",
-    "@types/react": "^18.2.45",
-    "chokidar": "^3.5.3",
+    "@docusaurus/module-type-aliases": "^3.1.1",
+    "@docusaurus/tsconfig": "^3.1.1",
+    "@docusaurus/types": "^3.1.1",
+    "@octokit/types": "^12.6.0",
+    "@types/node": "^20.11.30",
+    "@types/react": "^18.2.67",
+    "chokidar": "^3.6.0",
     "concurrently": "^8.2.2",
     "fs-extra": "^11.2.0",
-    "prettier": "^3.1.1",
-    "typescript": "^5.3.3",
+    "prettier": "^3.2.5",
+    "typescript": "^5.4.2",
     "yalc": "^1.0.0-pre.53"
   },
   "peerDependencies": {
     "react": "^17.0.0||^18.0.0||^19.0.0",
     "react-dom": "*"
   },
   "volta": {
-    "node": "20.10.0",
-    "yarn": "3.7.0"
-  }
+    "node": "20.11.1",
+    "yarn": "4.1.1"
+  },
+  "packageManager": "yarn@4.1.1"
 }