Bump the npm_and_yarn group across 1 directory with 13 updates

[dependabot]

Description

Changes made in this PR:

• Updated the version of "@actions/core" from "1.2.4" to "1.9.1".
• Added new dependencies for "@actions/core":
  • "@actions/http-client": "^2.0.1"
  • "uuid": "^8.3.2"
• Updated the version of "@actions/http-client" to "2.2.1" and added new dependencies:
  • "tunnel": "^0.0.6"
  • "undici": "^5.25.4"
• Updated the version of "uuid" to "8.3.2".
• Updated the version of "@babel/helper-environment-visitor" to "7.22.20".
• Updated the version of "@babel/helper-hoist-variables" to "7.22.5".
• Updated the version of "@babel/helper-validator-identifier" to "7.22.20".
• Updated the version of "@babel/types" to "7.24.0".
• Updated the version of "@babel/helper-string-parser" to "7.24.1".
• Updated the version of "@babel/parser" to "7.24.1".
• Updated the version of "@babel/template" to "7.24.0".
• Updated the version of "@babel/types" to "7.24.0".
• Updated the version of "@babel/traverse" to "7.24.1".
• Updated the version of "chai" to "4.2.0".
• Updated the version of "lodash" to "4.17.21".
• Updated the version of "nodemon" to "2.0.12".
• Updated the version of "qs" to "6.5.3".
• Updated the version of "semver" to "6.3.1".
• Updated the version of "ws" to "5.2.3".
• Updated the version of "y18n" to "4.0.3".

These changes include updating package versions, adding new dependencies, and ensuring compatibility with the latest versions available.

[cr-gpt]

Seems you are using me but didn't get OPENAI_API_KEY seted in Variables/Secrets for this repo. you could follow readme for more information

[code-companion-ai]

Processing PR updates...

[performance-testing-bot]

Unable to locate .performanceTestingBot config file

[gitginie]

@dependabot[bot]
Thank you for your contribution to this repository! We appreciate your effort in opening pull request.
Happy coding!

[git-greetings]

Thanks @dependabot[bot] for opening this PR!

For COLLABORATOR only :

• To add labels, comment on the issue
  /label add label1,label2,label3

• To remove labels, comment on the issue
  /label remove label1,label2,label3

[secure-code-warrior-for-github]

Micro-Learning Topic: OS command injection (Detected by phrase)

Matched on "command injection"

What is this? (2min video)

In many situations, applications will rely on OS provided functions, scripts, macros and utilities instead of reimplementing them in code. While functions would typically be accessed through a native interface library, the remaining three OS provided features will normally be invoked via the command line or launched as a process. If unsafe inputs are used to construct commands or arguments, it may allow arbitrary OS operations to be performed that can compromise the server.

Try a challenge in Secure Code Warrior

Helpful references

• OWASP Command Injection - OWASP community page with comprehensive information about command injection, and links to various OWASP resources to help detect or prevent it.
• OWASP testing for Command Injection - This article is focused on providing testing techniques for identifying command injection flaws in your applications

Micro-Learning Topic: Prototype pollution (Detected by phrase)

Matched on "prototype pollution"

What is this? (2min video)

By adding or modifying attributes of an object prototype, it is possible to create attributes that exist on every object, or replace critical attributes with malicious ones. This can be problematic if the software depends on existence or non-existence of certain attributes, or uses pre-defined attributes of object prototype (such as hasOwnProperty, toString or valueOf).

Try a challenge in Secure Code Warrior

[coderabbitai]

Important

Auto Review Skipped

Bot user detected.

To trigger a single review, invoke the @coderabbitai review command.

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

Share

• X
• Mastodon
• Reddit
• LinkedIn

---

Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>.
  • Generate unit-tests for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit tests for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai generate interesting stats about this repository and render them as a table.
  • @coderabbitai show all the console.log statements in this repository.
  • @coderabbitai read src/utils.ts and generate unit tests.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (invoked as PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger a review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai help to get help.

Additionally, you can add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.

CodeRabbit Configration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• The JSON schema for the configuration file is available here.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/coderabbit-overrides.v2.json

CodeRabbit Discord Community

Join our Discord Community to get help, request features, and share feedback.

[sweetr-dev]

Changes on package-lock.json 33f6ab2

Name	Type	Previous	New
@actions/core		1.2.4	1.9.1
@babel/helper-function-name		7.9.5	-
@babel/helper-get-function-arity		7.8.3	-
@babel/traverse		7.9.5	7.24.1
ajv		6.12.0	6.12.6
decode-uri-component		0.2.0	0.2.2
json5		2.1.3	2.2.3
lodash		4.17.15	4.17.21
minimist		1.2.5	1.2.8
qs		6.5.2	6.5.3
semver		6.3.0	6.3.1
ws		5.2.2	5.2.3
y18n		4.0.0	4.0.3
@babel/helper-environment-visitor		-	7.22.20
@babel/helper-hoist-variables		-	7.22.5
@babel/helper-string-parser		-	7.24.1
@fastify/busboy		-	2.1.1
@jridgewell/gen-mapping		-	0.3.5
@jridgewell/resolve-uri		-	3.1.2
@jridgewell/set-array		-	1.2.1
@jridgewell/sourcemap-codec		-	1.4.15
@jridgewell/trace-mapping		-	0.3.25
chownr		-	1.1.4
fs-minipass		-	1.2.7
ini		-	1.3.8
minipass		-	2.9.0
minizlib		-	1.3.3
picocolors		-	1.0.0
tar		-	4.4.19
undici		-	5.28.3
yallist		-	3.1.1
				by sweetr.dev

How is this helpful?

[git-greetings]

First PR by @dependabot[bot]

PR Details of @dependabot[bot] in actions-stale :

OPEN	CLOSED	TOTAL
1	0	1

[code-companion-ai]

Description has been updated!

[codesyncapp]

Check out the playback for this Pull Request here.

[socket-security]

New and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package	New capabilities	Transitives	Size	Publisher
npm/@actions/core@1.9.1	environment, filesystem Transitive: network	+2	263 kB	thboop
npm/@babel/helper-environment-visitor@7.22.20	None	0	6.56 kB	nicolo-ribaudo
npm/@babel/helper-hoist-variables@7.22.5	Transitive: environment	+2	2.47 MB	nicolo-ribaudo
npm/@babel/helper-string-parser@7.24.1	None	0	31.7 kB	nicolo-ribaudo
npm/@babel/traverse@7.24.1	Transitive: environment	+8	3.18 MB	nicolo-ribaudo
npm/@fastify/busboy@2.1.1	None	0	80.2 kB	gurgunday
npm/@jridgewell/gen-mapping@0.3.5	None	0	81.6 kB	jridgewell
npm/@jridgewell/resolve-uri@3.1.2	None	0	53.2 kB	jridgewell
npm/@jridgewell/set-array@1.2.1	None	0	17.9 kB	jridgewell
npm/@jridgewell/sourcemap-codec@1.4.15	None	0	45.9 kB	jridgewell
npm/@jridgewell/trace-mapping@0.3.25	None	0	169 kB	jridgewell
npm/ajv@6.12.6	eval	0	929 kB	esp
npm/chownr@1.1.4	filesystem	0	5.71 kB	isaacs
npm/decode-uri-component@0.2.2	None	0	6.09 kB	samverschueren
npm/fs-minipass@1.2.7	filesystem	0	13.1 kB	isaacs
npm/ini@1.3.8	None	0	9.3 kB	isaacs
npm/json5@2.2.3	None	0	235 kB	jordanbtucker
npm/lodash@4.17.21	None	0	1.41 MB	bnjmnt4n
npm/minimist@1.2.8	None	0	54.5 kB	ljharb
npm/minipass@2.9.0	None	0	36.5 kB	isaacs
npm/minizlib@1.3.3	None	0	16.2 kB	isaacs
npm/picocolors@1.0.0	environment	0	5.66 kB	alexeyraspopov
npm/qs@6.5.3	None	0	126 kB	ljharb
npm/semver@6.3.1	None	0	68.3 kB	lukekarrys
npm/tar@4.4.19	environment, filesystem	+1	183 kB	isaacs
npm/undici@5.28.3	environment, network, unsafe	0	1.17 MB	matteo.collina
npm/ws@5.2.3	network	0	99.5 kB	lpinca
npm/y18n@4.0.3	filesystem	0	11 kB	oss-bot
npm/yallist@3.1.1	None	0	14.8 kB	isaacs

🚮 Removed packages: npm/@actions/core@1.2.4, npm/@babel/helper-function-name@7.9.5, npm/@babel/helper-get-function-arity@7.8.3, npm/@babel/traverse@7.9.5, npm/ajv@6.12.0, npm/decode-uri-component@0.2.0, npm/json5@2.1.3, npm/lodash@4.17.15, npm/minimist@1.2.5, npm/qs@6.5.2, npm/semver@6.3.0, npm/ws@5.2.2, npm/y18n@4.0.0

View full report↗︎

[performance-testing-bot]

There was an issue running the performance test