Bump rimraf from 3.0.2 to 5.0.1

.github/ISSUE_TEMPLATE/bug_report.md

@@ -0,0 +1,38 @@
+---
+name: Bug report
+about: Create a report to help us improve
+title: ''
+labels: ''
+assignees: ''
+
+---
+
+**Describe the bug**
+A clear and concise description of what the bug is.
+
+**To Reproduce**
+Steps to reproduce the behavior:
+1. Go to '...'
+2. Click on '....'
+3. Scroll down to '....'
+4. See error
+
+**Expected behavior**
+A clear and concise description of what you expected to happen.
+
+**Screenshots**
+If applicable, add screenshots to help explain your problem.
+
+**Desktop (please complete the following information):**
+ - OS: [e.g. iOS]
+ - Browser [e.g. chrome, safari]
+ - Version [e.g. 22]
+
+**Smartphone (please complete the following information):**
+ - Device: [e.g. iPhone6]
+ - OS: [e.g. iOS8.1]
+ - Browser [e.g. stock browser, safari]
+ - Version [e.g. 22]
+
+**Additional context**
+Add any other context about the problem here.

.github/ISSUE_TEMPLATE/custom.md

@@ -0,0 +1,10 @@
+---
+name: Custom issue template
+about: Describe this issue template's purpose here.
+title: ''
+labels: ''
+assignees: ''
+
+---
+
+

.github/ISSUE_TEMPLATE/feature_request.md

@@ -0,0 +1,20 @@
+---
+name: Feature request
+about: Suggest an idea for this project
+title: ''
+labels: ''
+assignees: ''
+
+---
+
+**Is your feature request related to a problem? Please describe.**
+A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]
+
+**Describe the solution you'd like**
+A clear and concise description of what you want to happen.
+
+**Describe alternatives you've considered**
+A clear and concise description of any alternative solutions or features you've considered.
+
+**Additional context**
+Add any other context or screenshots about the feature request here.

.github/workflows/automerge-dependencies.yml

@@ -68,7 +68,7 @@ jobs:
 
       # Because we get far too much spam ;_;
       - name: Lock conversations
-        uses: actions/github-script@2b34a689ec86a68d8ab9478298f91d5401337b7d
+        uses: actions/github-script@060d68304cc19ea84d828af10e34b9c6ca7bdb31
         env:
           PR_NUMBER: ${{ github.event.pull_request.number }}
         with:

.github/workflows/azure-preview-env-deploy.yml

@@ -112,7 +112,7 @@ jobs:
       - if: ${{ env.IS_INTERNAL_BUILD == 'true' }}
         name: Determine which docs-early-access branch to clone
         id: 'check-early-access'
-        uses: actions/github-script@2b34a689ec86a68d8ab9478298f91d5401337b7d
+        uses: actions/github-script@060d68304cc19ea84d828af10e34b9c6ca7bdb31
         env:
           BRANCH_NAME: ${{ env.BRANCH_NAME }}
         with:

.github/workflows/azure-prod-build-deploy.yml

@@ -98,7 +98,7 @@ jobs:
 
       # Watch canary slot instances to see when all the instances are ready
       - name: Check that canary slot is ready
-        uses: actions/github-script@2b34a689ec86a68d8ab9478298f91d5401337b7d
+        uses: actions/github-script@060d68304cc19ea84d828af10e34b9c6ca7bdb31
         env:
           CHECK_INTERVAL: 10000
         with:

.github/workflows/azure-staging-build-deploy.yml

@@ -114,7 +114,7 @@ jobs:
 
       # Watch deployment slot instances to see when all the instances are ready
       - name: Check that deployment slot is ready
-        uses: actions/github-script@2b34a689ec86a68d8ab9478298f91d5401337b7d
+        uses: actions/github-script@060d68304cc19ea84d828af10e34b9c6ca7bdb31
         env:
           CHECK_INTERVAL: 10000
         with:

.github/workflows/check-all-english-links.yml

@@ -106,7 +106,7 @@ jobs:
       - if: ${{ failure() }}
         name: Create issue from file
         id: broken-link-report
-        uses: peter-evans/create-issue-from-file@b4f9ee0a9d4abbfc6986601d9b1a4f8f8e74c77e
+        uses: peter-evans/create-issue-from-file@a3df6e8d05c713a7b690f3513bcf7d8f06eeef66
         with:
           token: ${{ env.GITHUB_TOKEN }}
           title: ${{ steps.check.outputs.title }}

.github/workflows/check-broken-links-github-github.yml

@@ -96,7 +96,7 @@ jobs:
       - if: ${{ failure() && env.FREEZE != 'true'}}
         name: Create issue from file
         id: github-github-broken-link-report
-        uses: peter-evans/create-issue-from-file@b4f9ee0a9d4abbfc6986601d9b1a4f8f8e74c77e
+        uses: peter-evans/create-issue-from-file@a3df6e8d05c713a7b690f3513bcf7d8f06eeef66
         with:
           token: ${{ env.GITHUB_TOKEN }}
           title: ${{ steps.check.outputs.title }}

.github/workflows/check-for-spammy-issues.yml

@@ -17,7 +17,7 @@ jobs:
     if: github.repository == 'github/docs'
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/github-script@2b34a689ec86a68d8ab9478298f91d5401337b7d
+      - uses: actions/github-script@060d68304cc19ea84d828af10e34b9c6ca7bdb31
         with:
           github-token: ${{ secrets.DOCUBOT_READORG_REPO_WORKFLOW_SCOPES }}
           script: |

.github/workflows/confirm-internal-staff-work-in-docs.yml

@@ -23,7 +23,7 @@ jobs:
     if: github.repository == 'github/docs' && github.actor != 'docs-bot'
     steps:
       - id: membership_check
-        uses: actions/github-script@2b34a689ec86a68d8ab9478298f91d5401337b7d
+        uses: actions/github-script@060d68304cc19ea84d828af10e34b9c6ca7bdb31
         env:
           TEAM_CONTENT_REPO: ${{ secrets.TEAM_CONTENT_REPO }}
         with:

.github/workflows/copy-api-issue-to-internal.yml

@@ -19,7 +19,7 @@ jobs:
     if: (github.event.label.name == 'rest-description' || github.event.label.name == 'graphql-description') && github.repository == 'github/docs'
     steps:
       - name: Check if this run was triggered by a member of the docs team
-        uses: actions/github-script@2b34a689ec86a68d8ab9478298f91d5401337b7d
+        uses: actions/github-script@060d68304cc19ea84d828af10e34b9c6ca7bdb31
         id: triggered-by-member
         with:
           github-token: ${{secrets.DOCUBOT_READORG_REPO_WORKFLOW_SCOPES}}

.github/workflows/first-responder-docs-content.yml

@@ -24,7 +24,7 @@ jobs:
 
     steps:
       - name: Check if the event originated from a team member
-        uses: actions/github-script@2b34a689ec86a68d8ab9478298f91d5401337b7d
+        uses: actions/github-script@060d68304cc19ea84d828af10e34b9c6ca7bdb31
         id: set-result
         with:
           github-token: ${{secrets.DOCUBOT_READORG_REPO_WORKFLOW_SCOPES}}
@@ -71,7 +71,7 @@ jobs:
 
     steps:
       - name: Remove card from project
-        uses: actions/github-script@2b34a689ec86a68d8ab9478298f91d5401337b7d
+        uses: actions/github-script@060d68304cc19ea84d828af10e34b9c6ca7bdb31
         with:
           github-token: ${{secrets.DOCUBOT_READORG_REPO_WORKFLOW_SCOPES}}
           result-encoding: string

.github/workflows/hubber-contribution-help.yml

@@ -21,7 +21,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - id: membership_check
-        uses: actions/github-script@2b34a689ec86a68d8ab9478298f91d5401337b7d
+        uses: actions/github-script@060d68304cc19ea84d828af10e34b9c6ca7bdb31
         with:
           github-token: ${{ secrets.DOCUBOT_READORG_REPO_WORKFLOW_SCOPES }}
           script: |

.github/workflows/merged-notification.yml

@@ -18,7 +18,7 @@ jobs:
     if: github.repository == 'github/docs' && github.event.pull_request.merged && github.event.pull_request.base.ref == github.event.repository.default_branch && github.event.pull_request.user.login != 'Octomerger'
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/github-script@2b34a689ec86a68d8ab9478298f91d5401337b7d
+      - uses: actions/github-script@060d68304cc19ea84d828af10e34b9c6ca7bdb31
         with:
           script: |
             github.issues.createComment({

.github/workflows/move-existing-issues-to-the-correct-repo.yml

@@ -15,7 +15,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - id: move_to_correct_repo
-        uses: actions/github-script@2b34a689ec86a68d8ab9478298f91d5401337b7d
+        uses: actions/github-script@060d68304cc19ea84d828af10e34b9c6ca7bdb31
         env:
           TEAM_ENGINEERING_REPO: ${{ secrets.TEAM_ENGINEERING_REPO }}
           TEAM_CONTENT_REPO: ${{ secrets.TEAM_CONTENT_REPO }}

.github/workflows/move-new-issues-to-correct-docs-repo.yml

@@ -21,7 +21,7 @@ jobs:
     if: github.repository == 'github/docs-internal'
     steps:
       - id: move_to_correct_repo
-        uses: actions/github-script@2b34a689ec86a68d8ab9478298f91d5401337b7d
+        uses: actions/github-script@060d68304cc19ea84d828af10e34b9c6ca7bdb31
         env:
           TEAM_ENGINEERING_REPO: ${{ secrets.TEAM_ENGINEERING_REPO }}
           TEAM_CONTENT_REPO: ${{ secrets.TEAM_CONTENT_REPO }}

.github/workflows/move-reopened-issues-to-triage.yaml

@@ -17,7 +17,7 @@ jobs:
     if: github.repository == 'github/docs'
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/github-script@2b34a689ec86a68d8ab9478298f91d5401337b7d
+      - uses: actions/github-script@060d68304cc19ea84d828af10e34b9c6ca7bdb31
         with:
           script: |
             const issueNumber = context.issue.number;

.github/workflows/notify-when-maintainers-cannot-edit.yaml

@@ -17,7 +17,7 @@ jobs:
     if: github.repository == 'github/docs'
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/github-script@2b34a689ec86a68d8ab9478298f91d5401337b7d
+      - uses: actions/github-script@060d68304cc19ea84d828af10e34b9c6ca7bdb31
         with:
           script: |
             const query = `

.github/workflows/nowsecure.yml

@@ -0,0 +1,52 @@
+# This workflow uses actions that are not certified by GitHub.
+# They are provided by a third-party and are governed by
+# separate terms of service, privacy policy, and support
+# documentation.
+#
+# NowSecure: The Mobile Security Experts <https://www.nowsecure.com/>.
+#
+# To use this workflow, you must be an existing NowSecure customer with GitHub Advanced Security (GHAS) enabled for your
+# repository.
+#
+# If you *are not* an existing customer, click here to contact us for licensing and pricing details:
+# <https://info.nowsecure.com/github-request>.
+#
+# Instructions:
+#
+# 1. In the settings for your repository, click "Secrets" then "New repository secret". Name the secret "NS_TOKEN" and
+#    paste in your Platform token. If you do not have a Platform token, or wish to create a new one for GitHub, visit
+#    NowSecure Platform and go to "Profile & Preferences" then create a token labelled "GitHub".
+#
+# 2. Follow the annotated workflow below and make any necessary modifications then save the workflow to your repository
+#    and review the "Security" tab once the action has run.
+
+name: "NowSecure"
+
+on:
+  push:
+    branches: [ "main" ]
+  pull_request:
+    branches: [ "main" ]
+
+jobs:
+  nowsecure:
+    name: NowSecure
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v3
+
+      - name: Build your application
+        run: ./gradlew assembleDebug              # Update this to build your Android or iOS application
+
+      - name: Run NowSecure
+        uses: nowsecure/nowsecure-action@3b439db31b6dce857b09f5222fd13ffc3159ad26
+        with:
+          token: ${{ secrets.NS_TOKEN }}
+          app_file: app-debug.apk                 # Update this to a path to your .ipa or .apk
+          group_id: {{ groupId }}                 # Update this to your desired Platform group ID
+
+      - name: Upload SARIF file
+        uses: github/codeql-action/upload-sarif@v2
+        with:
+          sarif_file: NowSecure.sarif

.github/workflows/os-ready-for-review.yml

@@ -19,7 +19,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Check if this run was triggered by a member of the docs team
-        uses: actions/github-script@2b34a689ec86a68d8ab9478298f91d5401337b7d
+        uses: actions/github-script@060d68304cc19ea84d828af10e34b9c6ca7bdb31
         id: triggered-by-member
         with:
           github-token: ${{secrets.DOCUBOT_READORG_REPO_WORKFLOW_SCOPES}}

.github/workflows/repo-sync-stalls.yml

@@ -18,7 +18,7 @@ jobs:
     steps:
       - if: github.repository == 'github/docs-internal' || github.repository == 'github/docs'
         name: Check if repo sync is stalled
-        uses: actions/github-script@2b34a689ec86a68d8ab9478298f91d5401337b7d
+        uses: actions/github-script@060d68304cc19ea84d828af10e34b9c6ca7bdb31
         with:
           script: |
             let pulls;

.github/workflows/repo-sync.yml

@@ -41,7 +41,7 @@ jobs:
 
       - name: Close pull request if unwanted
         if: ${{ github.repository == 'github/docs' && steps.find-pull-request.outputs.number }}
-        uses: actions/github-script@2b34a689ec86a68d8ab9478298f91d5401337b7d
+        uses: actions/github-script@060d68304cc19ea84d828af10e34b9c6ca7bdb31
         with:
           github-token: ${{ secrets.DOCS_BOT_SPAM_VISION }}
           script: |
@@ -147,7 +147,7 @@ jobs:
       # Because we get far too much spam ;_;
       - name: Lock conversations
         if: ${{ github.repository == 'github/docs' && steps.find-pull-request.outputs.number }}
-        uses: actions/github-script@2b34a689ec86a68d8ab9478298f91d5401337b7d
+        uses: actions/github-script@060d68304cc19ea84d828af10e34b9c6ca7bdb31
         with:
           script: |
             try {
@@ -165,7 +165,7 @@ jobs:
       # There are cases where the branch becomes out-of-date in between the time this workflow began and when the pull request is created/updated
       - name: Update branch
         if: ${{ steps.find-pull-request.outputs.number }}
-        uses: actions/github-script@2b34a689ec86a68d8ab9478298f91d5401337b7d
+        uses: actions/github-script@060d68304cc19ea84d828af10e34b9c6ca7bdb31
         with:
           github-token: ${{ secrets.OCTOMERGER_PAT_WITH_REPO_AND_WORKFLOW_SCOPE }}
           script: |
@@ -214,7 +214,7 @@ jobs:
 
       - name: Check pull request file count after updating
         if: ${{ steps.find-pull-request.outputs.number }}
-        uses: actions/github-script@2b34a689ec86a68d8ab9478298f91d5401337b7d
+        uses: actions/github-script@060d68304cc19ea84d828af10e34b9c6ca7bdb31
         id: pr-files
         env:
           PR_NUMBER: ${{ steps.find-pull-request.outputs.number }}

.github/workflows/stackhawk.yml

@@ -0,0 +1,63 @@
+# This workflow uses actions that are not certified by GitHub.
+# They are provided by a third-party and are governed by
+# separate terms of service, privacy policy, and support
+# documentation.
+
+#           🦅 STACKHAWK        https://stackhawk.com
+
+# The StackHawk HawkScan action makes it easy to integrate dynamic application security testing (DAST) into your
+# CI pipeline. See the Getting Started guide (https://docs.stackhawk.com/hawkscan/) to get up and running with
+# StackHawk quickly.
+
+# To use this workflow, you must:
+#
+# 1.  Create an API Key and Application: Sign up for a free StackHawk account to obtain an API Key and
+#     create your first app and configuration file at https://app.stackhawk.com.
+#
+# 2.  Save your API Key as a Secret: Save your API key as a GitHub Secret named HAWK_API_KEY.
+#
+# 3.  Add your Config File: Add your stackhawk.yml configuration file to the base of your repository directory.
+#
+# 4.  Set the Scan Failure Threshold: Add the hawk.failureThreshold configuration option
+#     (https://docs.stackhawk.com/hawkscan/configuration/#hawk) to your stackhawk.yml configuration file. If your scan
+#     produces alerts that meet or exceed the hawk.failureThreshold alert level, the scan will return exit code 42
+#     and trigger a Code Scanning alert with a link to your scan results.
+#
+# 5.  Update the "Start your service" Step: Update the "Start your service" step in the StackHawk workflow below to
+#     start your service so that it can be scanned with the "Run HawkScan" step.
+
+
+name: "StackHawk"
+
+on:
+  push:
+    branches: [ "main" ]
+  pull_request:
+    branches: [ "main" ]
+  schedule:
+    - cron: '24 2 * * 1'
+
+permissions:
+  contents: read
+
+jobs:
+  stackhawk:
+    permissions:
+      contents: read # for actions/checkout to fetch code
+      security-events: write # for stackhawk/hawkscan-action to upload code scanning alert info
+    name: StackHawk
+    runs-on: ubuntu-20.04
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v3
+
+      - name: Start your service
+        run: ./your-service.sh &                  # ✏️ Update this to run your own service to be scanned
+
+      - name: Run HawkScan
+        uses: stackhawk/hawkscan-action@4c3258cd62248dac6d9fe91dd8d45928c697dee0
+        continue-on-error: true                   # ✏️ Set to false to break your build on scan errors
+        with:
+          apiKey: ${{ secrets.HAWK_API_KEY }}
+          codeScanningAlerts: true
+          githubToken: ${{ github.token }}