From b8438c59cf230b87a9e63c3feb918a179c1edfd0 Mon Sep 17 00:00:00 2001 From: aparnajyothi-y <147696841+aparnajyothi-y@users.noreply.github.com> Date: Tue, 29 Jul 2025 12:06:45 +0530 Subject: [PATCH 01/10] Update dependabot.yml --- .github/dependabot.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 853bc0a13..bc993e209 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -11,7 +11,7 @@ updates: directory: '/' # Check the npm registry for updates every day (weekdays) schedule: - interval: 'weekly' + interval: 'daily' # Enable version updates for GitHub Actions - package-ecosystem: 'github-actions' @@ -19,4 +19,4 @@ updates: # You don't need to specify `/.github/workflows` for `directory`. You can use `directory: "/"`. directory: '/' schedule: - interval: 'weekly' + interval: 'daily' From 640f150959e3f0b7b4d4c9b6927fede68494356a Mon Sep 17 00:00:00 2001 From: aparnajyothi-y <147696841+aparnajyothi-y@users.noreply.github.com> Date: Tue, 29 Jul 2025 12:09:09 +0530 Subject: [PATCH 02/10] Update dependabot.yml --- .github/dependabot.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index bc993e209..d7fddade6 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -3,7 +3,7 @@ # Please see the documentation for all configuration options: # https://docs.github.com/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file -version: 2 +version: 3 updates: # Enable version updates for npm - package-ecosystem: 'npm' From 59ca4daa316696d23e72aef453b2d3b614faf3ac Mon Sep 17 00:00:00 2001 From: aparnajyothi-y <147696841+aparnajyothi-y@users.noreply.github.com> Date: Tue, 29 Jul 2025 12:09:30 +0530 Subject: [PATCH 03/10] Update dependabot.yml --- .github/dependabot.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index d7fddade6..bc993e209 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -3,7 +3,7 @@ # Please see the documentation for all configuration options: # https://docs.github.com/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file -version: 3 +version: 2 updates: # Enable version updates for npm - package-ecosystem: 'npm' From 882d464547f2ba094d336050d71806a86be3dc2e Mon Sep 17 00:00:00 2001 From: aparnajyothi-y <147696841+aparnajyothi-y@users.noreply.github.com> Date: Tue, 29 Jul 2025 12:12:12 +0530 Subject: [PATCH 04/10] Update dependabot.yml --- .github/dependabot.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index bc993e209..d7fddade6 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -3,7 +3,7 @@ # Please see the documentation for all configuration options: # https://docs.github.com/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file -version: 2 +version: 3 updates: # Enable version updates for npm - package-ecosystem: 'npm' From f432b9eede0bd0722994dae23ab761491ff9a7c9 Mon Sep 17 00:00:00 2001 From: aparnajyothi-y <147696841+aparnajyothi-y@users.noreply.github.com> Date: Tue, 29 Jul 2025 12:12:39 +0530 Subject: [PATCH 05/10] Update dependabot.yml --- .github/dependabot.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index d7fddade6..bc993e209 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -3,7 +3,7 @@ # Please see the documentation for all configuration options: # https://docs.github.com/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file -version: 3 +version: 2 updates: # Enable version updates for npm - package-ecosystem: 'npm' From c8c8666bec24d0557e8acc876144d21f0834b83a Mon Sep 17 00:00:00 2001 From: aparnajyothi-y <147696841+aparnajyothi-y@users.noreply.github.com> Date: Tue, 29 Jul 2025 12:24:28 +0530 Subject: [PATCH 06/10] Update dependabot.yml --- .github/dependabot.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index bc993e209..932b6a357 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -11,7 +11,7 @@ updates: directory: '/' # Check the npm registry for updates every day (weekdays) schedule: - interval: 'daily' + interval: 'Weekly' # Enable version updates for GitHub Actions - package-ecosystem: 'github-actions' @@ -19,4 +19,4 @@ updates: # You don't need to specify `/.github/workflows` for `directory`. You can use `directory: "/"`. directory: '/' schedule: - interval: 'daily' + interval: 'Weekly' From 35df57196da60fa3e9f302dc0700feac76d5ee56 Mon Sep 17 00:00:00 2001 From: aparnajyothi-y <147696841+aparnajyothi-y@users.noreply.github.com> Date: Tue, 29 Jul 2025 13:47:18 +0530 Subject: [PATCH 07/10] Update dependabot.yml --- .github/dependabot.yml | 26 ++++++++++++++++---------- 1 file changed, 16 insertions(+), 10 deletions(-) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 932b6a357..cbdc555a9 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -1,22 +1,28 @@ -# To get started with Dependabot version updates, you'll need to specify which -# package ecosystems to update and where the package manifests are located. -# Please see the documentation for all configuration options: -# https://docs.github.com/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file +# Basic `dependabot.yml` file with +# minimum configuration for three package managers version: 2 updates: # Enable version updates for npm - - package-ecosystem: 'npm' + - package-ecosystem: "npm" # Look for `package.json` and `lock` files in the `root` directory - directory: '/' + directory: "/" # Check the npm registry for updates every day (weekdays) schedule: - interval: 'Weekly' + interval: "daily" + + # Enable version updates for Docker + - package-ecosystem: "docker" + # Look for a `Dockerfile` in the `root` directory + directory: "/" + # Check for updates once a week + schedule: + interval: "daily" # Enable version updates for GitHub Actions - - package-ecosystem: 'github-actions' + - package-ecosystem: "github-actions" # Workflow files stored in the default location of `.github/workflows` # You don't need to specify `/.github/workflows` for `directory`. You can use `directory: "/"`. - directory: '/' + directory: "/" schedule: - interval: 'Weekly' + interval: "daily" From 5b63fe5085a47013a9d6302519434ec3c3bccd3f Mon Sep 17 00:00:00 2001 From: aparnajyothi-y <147696841+aparnajyothi-y@users.noreply.github.com> Date: Tue, 29 Jul 2025 13:47:45 +0530 Subject: [PATCH 08/10] Update dependabot.yml --- .github/dependabot.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index cbdc555a9..b408e2a97 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -25,4 +25,4 @@ updates: # You don't need to specify `/.github/workflows` for `directory`. You can use `directory: "/"`. directory: "/" schedule: - interval: "daily" + interval: "weekly" From e77b9315a28bcd3d90eea7235c1bf6e9214472aa Mon Sep 17 00:00:00 2001 From: Aparna Jyothi Date: Fri, 25 Jul 2025 19:30:53 +0530 Subject: [PATCH 09/10] fix for dependabot alert #27 --- package-lock.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package-lock.json b/package-lock.json index 336c19e70..d3335b359 100644 --- a/package-lock.json +++ b/package-lock.json @@ -5751,4 +5751,4 @@ } } } -} +} \ No newline at end of file From ac868c299ddb23670319da8858d172d058706fc2 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 21 Aug 2025 12:46:20 +0000 Subject: [PATCH 10/10] Bump semver and @types/semver Bumps [semver](https://github.com/npm/node-semver) and [@types/semver](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/semver). These dependencies needed to be updated together. Updates `semver` from 7.7.1 to 7.7.2 - [Release notes](https://github.com/npm/node-semver/releases) - [Changelog](https://github.com/npm/node-semver/blob/main/CHANGELOG.md) - [Commits](https://github.com/npm/node-semver/compare/v7.7.1...v7.7.2) Updates `@types/semver` from 7.5.8 to 7.7.0 - [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases) - [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/semver) --- updated-dependencies: - dependency-name: semver dependency-version: 7.7.2 dependency-type: direct:production update-type: version-update:semver-patch - dependency-name: "@types/semver" dependency-version: 7.7.0 dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- package-lock.json | 21 +++++++++++---------- package.json | 4 ++-- 2 files changed, 13 insertions(+), 12 deletions(-) diff --git a/package-lock.json b/package-lock.json index d3335b359..545ced4f5 100644 --- a/package-lock.json +++ b/package-lock.json @@ -16,13 +16,13 @@ "@actions/http-client": "^2.2.3", "@actions/io": "^1.0.2", "@actions/tool-cache": "^2.0.1", - "semver": "^7.6.0", + "semver": "^7.7.2", "xmlbuilder2": "^2.4.0" }, "devDependencies": { "@types/jest": "^29.5.14", "@types/node": "^24.1.0", - "@types/semver": "^7.5.8", + "@types/semver": "^7.7.0", "@typescript-eslint/eslint-plugin": "^8.35.1", "@typescript-eslint/parser": "^8.35.1", "@vercel/ncc": "^0.38.1", @@ -1680,10 +1680,11 @@ } }, "node_modules/@types/semver": { - "version": "7.5.8", - "resolved": "https://registry.npmjs.org/@types/semver/-/semver-7.5.8.tgz", - "integrity": "sha512-I8EUhyrgfLrcTkzV3TSsGyl1tSuPrEDzr0yd5m90UgNxQkyDXULk3b6MlQqTCpZpNtWe1K0hzclnZkTcLBe2UQ==", - "dev": true + "version": "7.7.0", + "resolved": "https://registry.npmjs.org/@types/semver/-/semver-7.7.0.tgz", + "integrity": "sha512-k107IF4+Xr7UHjwDc7Cfd6PRQfbdkiRabXGRjo07b4WyPahFBZCZ1sE+BNxYIJPPg73UkfOsVOLwqVc/6ETrIA==", + "dev": true, + "license": "MIT" }, "node_modules/@types/stack-utils": { "version": "2.0.3", @@ -5138,9 +5139,9 @@ "integrity": "sha512-0s+oAmw9zLl1V1cS9BtZN7JAd0cW5e0QH4W3LWEK6a4LaLEA2OTpGYWDY+6XasBLtz6wkm3u1xRw95mRuJ59WA==" }, "node_modules/semver": { - "version": "7.7.1", - "resolved": "https://registry.npmjs.org/semver/-/semver-7.7.1.tgz", - "integrity": "sha512-hlq8tAfn0m/61p4BVRcPzIGr6LKiMwo4VM6dGi6pt4qcRkmNzTcWq6eCEjEh+qXjkMDvPlOFFSGwQjoEa6gyMA==", + "version": "7.7.2", + "resolved": "https://registry.npmjs.org/semver/-/semver-7.7.2.tgz", + "integrity": "sha512-RF0Fw+rO5AMf9MAyaRXI4AV0Ulj5lMHqVxxdSgiVbixSCXoEmmX/jk0CuJw4+3SqroYO9VoUh+HcuJivvtJemA==", "license": "ISC", "bin": { "semver": "bin/semver.js" @@ -5751,4 +5752,4 @@ } } } -} \ No newline at end of file +} diff --git a/package.json b/package.json index bccf03214..5eab02289 100644 --- a/package.json +++ b/package.json @@ -36,13 +36,13 @@ "@actions/http-client": "^2.2.3", "@actions/io": "^1.0.2", "@actions/tool-cache": "^2.0.1", - "semver": "^7.6.0", + "semver": "^7.7.2", "xmlbuilder2": "^2.4.0" }, "devDependencies": { "@types/jest": "^29.5.14", "@types/node": "^24.1.0", - "@types/semver": "^7.5.8", + "@types/semver": "^7.7.0", "@typescript-eslint/eslint-plugin": "^8.35.1", "@typescript-eslint/parser": "^8.35.1", "@vercel/ncc": "^0.38.1",