Merge pull request #115 from kommitters/v1.2

Release v1.2.4
kommitters · Jan 16, 2023 · ed0c3f6 · ed0c3f6
2 parents 9ee34f7 + 97d0b4c
commit ed0c3f6
Show file tree

Hide file tree

Showing 9 changed files with 1,702 additions and 1,064 deletions.
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -14,11 +14,16 @@ jobs:
     runs-on: ubuntu-latest
     steps:
     - name: Harden Runner
-      uses: step-security/harden-runner@ebacdc22ef6c2cfb85ee5ded8f2e640f4c776dd5 # v2.0.0
+      uses: step-security/harden-runner@18bf8ad2ca49c14cbb28b91346d626ccfb00c518 # v2.1.0
       with:
-        egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs
+        disable-sudo: true
+        egress-policy: block
+        allowed-endpoints: >
+          coveralls.io:443
+          github.com:443
+          registry.yarnpkg.com:443
 
-    - uses: actions/checkout@dc323e67f16fb5f7663d20ff7941f27f5809e9b6 # v2.6.0
+    - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0
     - name: Install modules
       run: yarn
     - name: Run tests

diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
@@ -41,12 +41,17 @@ jobs:
 
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@ebacdc22ef6c2cfb85ee5ded8f2e640f4c776dd5 # v2.0.0
+        uses: step-security/harden-runner@18bf8ad2ca49c14cbb28b91346d626ccfb00c518 # v2.1.0
         with:
-          egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs
+          disable-sudo: true
+          egress-policy: block
+          allowed-endpoints: >
+            api.github.com:443
+            github.com:443
+            uploads.github.com:443
 
       - name: Checkout repository
-        uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.2.0
+        uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0
 
       # Initializes the CodeQL tools for scanning.
       - name: Initialize CodeQL

diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml
@@ -10,13 +10,18 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@ebacdc22ef6c2cfb85ee5ded8f2e640f4c776dd5 # v2.0.0
+        uses: step-security/harden-runner@18bf8ad2ca49c14cbb28b91346d626ccfb00c518 # v2.1.0
         with:
-          egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs
+          disable-sudo: true
+          egress-policy: block
+          allowed-endpoints: >
+            github.com:443
+            registry.npmjs.org:443
+            registry.yarnpkg.com:443
 
-      - uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.2.0
+      - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0
       # Setup .npmrc file to publish to npm
-      - uses: actions/setup-node@8c91899e586c5b171469028077307d293428b516 # v3.5.1
+      - uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # v3.6.0
         with:
           node-version: "16.x"
           registry-url: "https://registry.npmjs.org"

diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml
@@ -22,17 +22,27 @@ jobs:
 
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@ebacdc22ef6c2cfb85ee5ded8f2e640f4c776dd5 # v2.0.0
+        uses: step-security/harden-runner@18bf8ad2ca49c14cbb28b91346d626ccfb00c518 # v2.1.0
         with:
-          egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs
+          disable-sudo: true
+          egress-policy: block
+          allowed-endpoints: >
+            api.github.com:443
+            api.osv.dev:443
+            api.securityscorecards.dev:443
+            bestpractices.coreinfrastructure.org:443
+            fulcio.sigstore.dev:443
+            github.com:443
+            rekor.sigstore.dev:443
+            sigstore-tuf-root.storage.googleapis.com:443
 
       - name: "Checkout code"
-        uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # v3.0.2
+        uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0
         with:
           persist-credentials: false
 
       - name: "Run analysis"
-        uses: ossf/scorecard-action@99c53751e09b9529366343771cc321ec74e9bd3d # v2.0.6
+        uses: ossf/scorecard-action@e38b1902ae4f44df626f11ba0734b14fb91f8f86 # v2.1.2
         with:
           results_file: results.sarif
           results_format: sarif
@@ -51,14 +61,14 @@ jobs:
       # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
       # format to the repository Actions tab.
       - name: "Upload artifact"
-        uses: actions/upload-artifact@3cea5372237819ed00197afe530f5a7ea3e805c8 # v3.1.0
+        uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2
         with:
           name: SARIF file
           path: results.sarif
           retention-days: 5
 
       # Upload the results to GitHub's code scanning dashboard.
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@c7f292ea4f542c473194b33813ccd4c207a6c725 # v2.1.21
+        uses: github/codeql-action/upload-sarif@959cbb7472c4d4ad70cdfe6f4976053fe48ab394 # v2.1.37
         with:
           sarif_file: results.sarif
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,5 +1,11 @@
 # Changelog
 
+## 1.2.4 (16.01.2023)
+
+* Update all dependencies.
+* Block egress traffic in GitHub Actions.
+* Add stability badge in README.
+
 ## 1.2.3 (28.12.2022)
 
 * Add Renovate as dependency update tool.

diff --git a/README.md b/README.md
@@ -1,4 +1,6 @@
 # EditorJS Unsplash Inline Image Tool
+
+![stability-stable](https://img.shields.io/badge/stability-stable-green.svg)
 ![](https://badgen.net/badge/Editor.js/v2.0/blue)
 [![Coverage Status](https://coveralls.io/repos/github/kommitters/editorjs-inline-image/badge.svg)](https://coveralls.io/github/kommitters/editorjs-inline-image)
 [![OpenSSF Best Practices](https://bestpractices.coreinfrastructure.org/projects/6469/badge)](https://bestpractices.coreinfrastructure.org/projects/6469)

diff --git a/package.json b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "editorjs-inline-image",
-  "version": "1.2.3",
+  "version": "1.2.4",
   "keywords": [
     "tool",
     "image",
@@ -27,22 +27,23 @@
     "@babel/core": "^7.17.8",
     "@babel/preset-env": "^7.10.1",
     "@testing-library/jest-dom": "^5.9.0",
-    "babel-jest": "^27.5.1",
-    "babel-loader": "^8.0.5",
+    "babel-jest": "^29.0.0",
+    "babel-loader": "^9.0.0",
     "css-loader": "^6.5.1",
-    "eslint": "7.32.0",
-    "eslint-config-airbnb-base": "^14.2.1",
+    "eslint": "8.31.0",
+    "eslint-config-airbnb-base": "^15.0.0",
     "eslint-plugin-import": "^2.25.2",
-    "eslint-plugin-jest": "^23.13.2",
-    "jest": "^27.5.1",
-    "nock": "^12.0.3",
+    "eslint-plugin-jest": "^27.0.0",
+    "jest": "^29.0.0",
+    "jest-environment-jsdom": "^29.3.1",
+    "nock": "^13.0.0",
     "style-loader": "^3.3.0",
     "svg-inline-loader": "^0.8.2",
     "webpack": "^5.53.0",
-    "webpack-cli": "^4.8.0"
+    "webpack-cli": "^5.0.0"
   },
   "dependencies": {
-    "axios": "0.26.0",
+    "axios": "1.2.2",
     "intrinsic-scale": "^3.0.4"
   },
   "jest": {

diff --git a/test/config/assetsTransform.js b/test/config/assetsTransform.js
@@ -1,6 +1,6 @@
 module.exports = {
   process() {
-    return 'module.exports = {};';
+    return { code: 'module.exports = {};' };
   },
   getCacheKey() {
     return 'assetsTransform';