Upgrade dependencies
vasanthdharmaraj opened this issue · 2 comments
We use Enterprise GitHub and our company scans actions for vulnerabilities before it pulls them in our GitHub Instance. Since the multi-module support #49 was added I tried to clone this action. The tool complained about some vulnerabilities which I think will be mostly resolved if the node dependencies are updated.
Here are the version that needs updates:
@actions/github ^4.0.0 → ^5.1.1
@types/jest ^26.0.20 → ^29.5.3
@typescript-eslint/eslint-plugin ^5.62.0 → ^6.2.0
eslint-config-prettier ^8.8.0 → ^8.9.0
eslint-plugin-import ^2.27.5 → ^2.28.0
jest ^26.6.3 → ^29.6.2
webpack ^5.74.0 → ^5.88.2
webpack-cli ^4.10.0 → ^5.1.4
xml2js ^0.6.0 → ^0.6.2
I can create PRs to update these. Is the preferred approach to create a PR per dependency?
Thanks @vasanthdharmaraj :)
But I am already updating these to the latest versions in milestone v1.6. This should be publicly available in the first week of August.
May be I will also add something like dependabot to this repo, so we can keep all dependencies up-to-date.
Awesome! Thanks.