diff --git a/.circleci/config.yml b/.circleci/config.yml index 982475dddac0..fe606922e7fc 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -1,8 +1,8 @@ version: 2.1 orbs: - browser-tools: circleci/browser-tools@1.4.8 - codecov: codecov/codecov@5.0.0 + browser-tools: circleci/browser-tools@1.5.0 + codecov: codecov/codecov@5.0.3 macos: circleci/macos@2.5.2 node: circleci/node@6.3.0 diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 09160f77f7d0..ba41c88e58cf 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -29,21 +29,21 @@ jobs: steps: - name: Harden Runner - uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1 + uses: step-security/harden-runner@c95a14d0e5bab51a9f56296a4eb0e416910cd350 # v2.10.3 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - name: Checkout repository - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@f779452ac5af1c261dce0346a8f964149f49322b # v3.26.13 + uses: github/codeql-action/init@48ab28a6f5dbc2a99bf1e0131198dd8f1df78169 # v3.28.0 with: config-file: ./.github/codeql/config.yml languages: ${{ matrix.language }} - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@f779452ac5af1c261dce0346a8f964149f49322b # v3.26.13 + uses: github/codeql-action/analyze@48ab28a6f5dbc2a99bf1e0131198dd8f1df78169 # v3.28.0 with: category: '/language:${{matrix.language}}' diff --git a/.github/workflows/cross-platform-builds.yml b/.github/workflows/cross-platform-builds.yml index 75e9836b916a..6a0474bee157 100644 --- a/.github/workflows/cross-platform-builds.yml +++ b/.github/workflows/cross-platform-builds.yml @@ -19,14 +19,14 @@ jobs: runs-on: ${{ matrix.platform }}-latest steps: - name: Harden Runner - uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1 + uses: step-security/harden-runner@c95a14d0e5bab51a9f56296a4eb0e416910cd350 # v2.10.3 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - name: Checkout Repo - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Set Up Node - uses: actions/setup-node@0a44ba7841725637a19e28fa30b79a866c81b0a6 # v4.0.4 + uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0 with: node-version: lts/* - name: Install Dependencies @@ -44,11 +44,11 @@ jobs: environment: create_issue_on_error steps: - name: Harden Runner - uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1 + uses: step-security/harden-runner@c95a14d0e5bab51a9f56296a4eb0e416910cd350 # v2.10.3 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Create issue on error uses: JasonEtco/create-an-issue@1b14a70e4d8dc185e5cc76d3bec9eab20257b2c5 # v2.9.2 diff --git a/.github/workflows/cut-nightly.yml b/.github/workflows/cut-nightly.yml index f053b0cc0f40..179163daee71 100644 --- a/.github/workflows/cut-nightly.yml +++ b/.github/workflows/cut-nightly.yml @@ -20,17 +20,17 @@ jobs: steps: - name: Harden Runner - uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1 + uses: step-security/harden-runner@c95a14d0e5bab51a9f56296a4eb0e416910cd350 # v2.10.3 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - name: Checkout Repo - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: fetch-depth: 100 - name: Set Up Node - uses: actions/setup-node@0a44ba7841725637a19e28fa30b79a866c81b0a6 # v4.0.4 + uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0 with: node-version: lts/* @@ -55,11 +55,11 @@ jobs: environment: create_issue_on_error steps: - name: Harden Runner - uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1 + uses: step-security/harden-runner@c95a14d0e5bab51a9f56296a4eb0e416910cd350 # v2.10.3 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Create issue on error uses: JasonEtco/create-an-issue@1b14a70e4d8dc185e5cc76d3bec9eab20257b2c5 # v2.9.2 diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml index 9ad36ee2b313..9859b2805438 100644 --- a/.github/workflows/dependency-review.yml +++ b/.github/workflows/dependency-review.yml @@ -17,11 +17,11 @@ jobs: runs-on: ubuntu-latest steps: - name: Harden Runner - uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1 + uses: step-security/harden-runner@c95a14d0e5bab51a9f56296a4eb0e416910cd350 # v2.10.3 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - name: 'Checkout Repository' - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: 'Dependency Review' - uses: actions/dependency-review-action@5a2ce3f5b92ee19cbb1541a4984c76d921601d7c # v4.3.4 + uses: actions/dependency-review-action@3b139cfc5fae8b618d3eae3675e383bb1769c019 # v4.5.0 diff --git a/.github/workflows/release-tagger.yml b/.github/workflows/release-tagger.yml index 13c821d93ffe..44f643bd9db3 100644 --- a/.github/workflows/release-tagger.yml +++ b/.github/workflows/release-tagger.yml @@ -26,14 +26,14 @@ jobs: runs-on: ubuntu-latest steps: - name: Harden Runner - uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1 + uses: step-security/harden-runner@c95a14d0e5bab51a9f56296a4eb0e416910cd350 # v2.10.3 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - - uses: actions/setup-node@0a44ba7841725637a19e28fa30b79a866c81b0a6 # v4.0.4 + - uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0 with: node-version: lts/* - - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - run: bash ./.github/workflows/install_dependencies.sh - name: Run tagger run: | @@ -56,11 +56,11 @@ jobs: environment: create_issue_on_error steps: - name: Harden Runner - uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1 + uses: step-security/harden-runner@c95a14d0e5bab51a9f56296a4eb0e416910cd350 # v2.10.3 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Create issue on error uses: JasonEtco/create-an-issue@1b14a70e4d8dc185e5cc76d3bec9eab20257b2c5 # v2.9.2 diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 81784684028b..c5870df85509 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -32,12 +32,12 @@ jobs: steps: - name: Harden Runner - uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1 + uses: step-security/harden-runner@c95a14d0e5bab51a9f56296a4eb0e416910cd350 # v2.10.3 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - name: 'Checkout code' - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: persist-credentials: false @@ -64,7 +64,7 @@ jobs: # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF # format to the repository Actions tab. - name: 'Upload artifact' - uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 + uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0 with: name: SARIF file path: results.sarif @@ -72,6 +72,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: 'Upload to code-scanning' - uses: github/codeql-action/upload-sarif@f779452ac5af1c261dce0346a8f964149f49322b # v3.26.13 + uses: github/codeql-action/upload-sarif@48ab28a6f5dbc2a99bf1e0131198dd8f1df78169 # v3.28.0 with: sarif_file: results.sarif diff --git a/.github/workflows/status-page.yml b/.github/workflows/status-page.yml index 1d126e19f1c0..456d0c6c99b7 100644 --- a/.github/workflows/status-page.yml +++ b/.github/workflows/status-page.yml @@ -14,14 +14,14 @@ jobs: environment: status_page steps: - name: Harden Runner - uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1 + uses: step-security/harden-runner@c95a14d0e5bab51a9f56296a4eb0e416910cd350 # v2.10.3 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - - uses: actions/setup-node@0a44ba7841725637a19e28fa30b79a866c81b0a6 # v4.0.4 + - uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0 with: node-version: lts/* - - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Add progress comment to cherry-pick issue for Stable and LTS if: github.event_name == 'issues' && github.event.action == 'opened' run: | @@ -52,11 +52,11 @@ jobs: environment: create_issue_on_error steps: - name: Harden Runner - uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1 + uses: step-security/harden-runner@c95a14d0e5bab51a9f56296a4eb0e416910cd350 # v2.10.3 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Create issue on error uses: JasonEtco/create-an-issue@1b14a70e4d8dc185e5cc76d3bec9eab20257b2c5 # v2.9.2 diff --git a/.github/workflows/update-session-issues.yml b/.github/workflows/update-session-issues.yml index 2f22bca167b6..d82f068dd28b 100644 --- a/.github/workflows/update-session-issues.yml +++ b/.github/workflows/update-session-issues.yml @@ -21,12 +21,12 @@ jobs: runs-on: ubuntu-latest steps: - name: Harden Runner - uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1 + uses: step-security/harden-runner@c95a14d0e5bab51a9f56296a4eb0e416910cd350 # v2.10.3 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - name: Checkout Repo - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Update Session Issues run: | node ./build-system/common/update-session-issues diff --git a/extensions/amp-access/0.1/iframe-api/package.json b/extensions/amp-access/0.1/iframe-api/package.json index 1dfefac8e1ac..7248fdb4f407 100644 --- a/extensions/amp-access/0.1/iframe-api/package.json +++ b/extensions/amp-access/0.1/iframe-api/package.json @@ -16,7 +16,7 @@ "devDependencies": { "babel-plugin-external-helpers": "6.22.0", "babel-preset-env": "1.7.0", - "rollup": "4.24.0", + "rollup": "4.30.1", "@rollup/plugin-babel": "6.0.4", "rollup-plugin-cleanup": "3.2.1" } diff --git a/third_party/amp-toolbox-cache-url/package.json b/third_party/amp-toolbox-cache-url/package.json index 3dc2cddac0ee..70fa2a6eb9cd 100644 --- a/third_party/amp-toolbox-cache-url/package.json +++ b/third_party/amp-toolbox-cache-url/package.json @@ -33,20 +33,20 @@ }, "devDependencies": { "@ampproject/rollup-plugin-closure-compiler": "0.27.0", - "eslint": "9.13.0", + "eslint": "9.17.0", "eslint-config-google": "0.14.0", - "jasmine": "5.4.0", + "jasmine": "5.5.0", "karma": "6.4.4", "karma-chrome-launcher": "3.2.0", "karma-jasmine": "5.1.0", - "npm-run-all2": "6.2.4", - "rollup": "4.24.0", + "npm-run-all2": "6.2.6", + "rollup": "4.30.1", "rollup-plugin-commonjs": "10.1.0", "rollup-plugin-filesize": "10.0.0", "rollup-plugin-ignore": "1.0.10", "rollup-plugin-json": "4.0.0", "rollup-plugin-node-builtins": "2.1.2", - "@rollup/plugin-node-resolve": "15.3.0", + "@rollup/plugin-node-resolve": "15.3.1", "rollup-plugin-serve": "3.0.0", "semver": "7.6.3" }