[Snyk] Upgrade actions-toolkit from 4.0.0 to 6.0.1

[trustcloud-bot]

Snyk has created this PR to upgrade actions-toolkit from 4.0.0 to 6.0.1.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

⚠️ Warning: This PR contains major version upgrade(s), and may be a breaking change.

• The recommended version is 3 versions ahead of your current version.

• The recommended version was released on 4 years ago.

Issues fixed by the recommended upgrade:

	Issue	Score	Exploit Maturity
	Missing Release of Resource after Effective Lifetime SNYK-JS-INFLIGHT-6095116	631	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-3050818	631	No Known Exploit

Release notes

Package name: actions-toolkit

• 6.0.1 - 2020-10-01
  

  Just a couple of dependency updates for security!

  What’s Changed

  • Bump node-fetch from 2.6.0 to 2.6.1 (#132) @ dependabot
  • Bump @ actions/core from 1.2.4 to 1.2.6 (#133) @ dependabot
• 6.0.0 - 2020-08-09
  

  This release includes two TypeScript changes - in an abundance of caution I've marked it as a new major version, but there aren't any changes other than the two PRs below. Have fun!

  What’s Changed

  • Improve types for context.issue/pull_request (#131) @ JasonEtco
  • fix: return never from exit functions (#129) @ likern
• 5.0.0 - 2020-06-08
  

  Breaking Changes

  There are a couple of major improvements that are unfortunately breaking changes:

  tools.context.issue returns a different object

  Thanks to @ mheap, tools.context.issue now returns { owner, repo, issue_number } instead of { owner, repo, number }. This is due to a change in the Octokit SDK. To have parity with pull requests, there is now also tools.context.pullRequest, which returns { owner, repo, pull_number }.

  See #118 for more information!

  Toolkit#getFile is now Toolkit#readFile

  The getFile method has been renamed to readFile, and the behavior has changed. It now uses fs.promises.readFile under the hood, so it returns a promise:

  const tools = new Toolkit({ ... })
  const contents = await tools.readFile('README.md')

  See #121 for more information!

  tools.store has been removed

  This feature was added before the Actions runtime had a way to share data between actions. That now exists in the platform, as "outputs"! See #125 for the removal of Store, and #120 for it's "replacement", tools.outputs (thanks to @ abouroubi ✨):

  tools.outputs.example = 'foo'

  Toolkit#runInWorkspace is now Toolkit#exec

  This method was useful, but @ actions/exec is built more with the Actions runner in mind. So, now Toolkit#exec calls @ actions/exec! This will be more stable for the finicky, ephemeral environments of Actions.

  See #123 for more information!

  ---

  What’s Changed

  • Fix deprecated issue/pull number context (#118) @ mheap
  • Moar tests (#126) @ JasonEtco
  • Toolkit#runInWorkspace => Toolkit#exec (#123) @ JasonEtco
  • Remove Store (#125) @ JasonEtco
  • Support github_token input in addition to env.GITHUB_TOKEN (#124) @ JasonEtco
  • feat(outputs): add outputs proxy to the toolkit (#120) @ abouroubi
  • Improve Toolkit#readFile (#121) @ JasonEtco
  • Updoots (#122) @ JasonEtco
• 4.0.0 - 2020-04-04
  

  This release only upgrades the bundled version of @ octokit/rest tov17. See #109 for more details, but the breaking changes are best found in the @ octokit/rest release!

from actions-toolkit GitHub release notes

---

Important

• Warning: This PR contains a major version upgrade, and may be a breaking change.
• Check the changes in this PR to ensure they won't cause issues with your project.
• This PR was automatically created by Snyk using the credentials of a real user.
• Max score is 1000. Note that the real score may have changed since the PR was raised.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

• 🧐 View latest project report
• 📜 Customise PR templates
• 🛠 Adjust upgrade PR settings
• 🔕 Ignore this dependency or unsubscribe from future upgrade PRs