diff --git a/.github/workflows/checks.yml b/.github/workflows/checks.yml index 4b6ce6f..bedfac6 100644 --- a/.github/workflows/checks.yml +++ b/.github/workflows/checks.yml @@ -16,12 +16,12 @@ jobs: steps: - name: Harden Runner - uses: step-security/harden-runner@fe104658747b27e96e4f7e80cd0a94068e53901d # v2.16.1 + uses: step-security/harden-runner@9af89fc71515a100421586dfdb3dc9c984fbf411 # v2.19.4 with: egress-policy: audit - name: Check out code - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 with: fetch-depth: 2 # Recommended by turbo team diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index f43ca35..8cfbba2 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -25,12 +25,12 @@ jobs: steps: - name: Harden Runner - uses: step-security/harden-runner@fe104658747b27e96e4f7e80cd0a94068e53901d # v2.16.1 + uses: step-security/harden-runner@9af89fc71515a100421586dfdb3dc9c984fbf411 # v2.19.4 with: egress-policy: audit - name: Check out code - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 with: fetch-depth: 1 @@ -40,13 +40,13 @@ jobs: skip-compact: "true" - name: Initialize CodeQL - uses: github/codeql-action/init@c10b8064de6f491fea524254123dbe5e09572f13 # v4 + uses: github/codeql-action/init@87557b9c84dde89fdd9b10e88954ac2f4248e463 # v4 with: languages: ${{ matrix.language }} # We can add custom queries later when needed # queries: security-extended - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@c10b8064de6f491fea524254123dbe5e09572f13 # v4 + uses: github/codeql-action/analyze@87557b9c84dde89fdd9b10e88954ac2f4248e463 # v4 with: category: "/language:${{ matrix.language }}" diff --git a/.github/workflows/release-publish.yml b/.github/workflows/release-publish.yml index b6beb43..8344a98 100644 --- a/.github/workflows/release-publish.yml +++ b/.github/workflows/release-publish.yml @@ -33,7 +33,7 @@ jobs: steps: - name: Get github app token - uses: actions/create-github-app-token@f8d387b68d61c58ab83c6c016672934102569859 # v3.0.0 + uses: actions/create-github-app-token@bcd2ba49218906704ab6c1aa796996da409d3eb1 # v3.2.0 id: gh-app-token with: app-id: ${{ vars.GH_APP_ID }} @@ -45,7 +45,7 @@ jobs: # The compact-npm-prod environment approval is the security gate, not the # branch ref. - name: Check out target ref - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 with: fetch-depth: 0 ref: ${{ github.event_name == 'pull_request' && github.event.pull_request.merge_commit_sha || github.ref }} @@ -100,7 +100,7 @@ jobs: } >> $GITHUB_STEP_SUMMARY - name: Setup Node.js - uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6.1.0 + uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0 with: node-version-file: ".nvmrc" package-manager-cache: false # Prevent cache poisoning issues diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 6f1f301..6a4ff18 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -32,14 +32,14 @@ jobs: steps: - name: Get github app token - uses: actions/create-github-app-token@f8d387b68d61c58ab83c6c016672934102569859 # v3.0.0 + uses: actions/create-github-app-token@bcd2ba49218906704ab6c1aa796996da409d3eb1 # v3.2.0 id: gh-app-token with: app-id: ${{ vars.GH_APP_ID }} private-key: ${{ secrets.GH_APP_PRIVATE_KEY }} - name: Check out code - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 with: fetch-depth: 0 token: ${{ steps.gh-app-token.outputs.token }} @@ -105,7 +105,7 @@ jobs: fi - name: Commit version bump - uses: iarekylew00t/verified-bot-commit@934fa64df2191ab067d0c0d73f422239b6933392 # v2.2.1 + uses: iarekylew00t/verified-bot-commit@5b4e8852dc472093935b8debcb81459bb79f7986 # v2.3.2 with: message: "release: ${{ inputs.package }} v${{ steps.version.outputs.new }}" token: ${{ steps.gh-app-token.outputs.token }} diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 557c373..a9cc22d 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -30,11 +30,11 @@ jobs: # actions: read steps: - name: Harden Runner - uses: step-security/harden-runner@fe104658747b27e96e4f7e80cd0a94068e53901d # v2.16.1 + uses: step-security/harden-runner@9af89fc71515a100421586dfdb3dc9c984fbf411 # v2.19.4 with: egress-policy: audit - name: Checkout code - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v4.5.4 + uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 with: persist-credentials: false - name: Run analysis @@ -46,12 +46,12 @@ jobs: # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF # format to the repository Actions tab. - name: Upload artifact - uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 with: name: SARIF file path: results.sarif retention-days: 5 - name: Upload SARIF to GitHub Code Scanning - uses: github/codeql-action/upload-sarif@c10b8064de6f491fea524254123dbe5e09572f13 # v3.29.5 + uses: github/codeql-action/upload-sarif@87557b9c84dde89fdd9b10e88954ac2f4248e463 # v4 with: sarif_file: results.sarif diff --git a/package.json b/package.json index da6f810..52160b2 100644 --- a/package.json +++ b/package.json @@ -16,11 +16,11 @@ "clean": "turbo run clean" }, "devDependencies": { - "@biomejs/biome": "2.4.15", + "@biomejs/biome": "2.4.16", "@types/node": "25.9.1", "ts-node": "^10.9.2", "turbo": "^2.9.14", - "typescript": "^5.9.3", + "typescript": "^6.0.3", "vitest": "^4.1.6" } } diff --git a/packages/builder/package.json b/packages/builder/package.json index 5420c0f..62cd15c 100644 --- a/packages/builder/package.json +++ b/packages/builder/package.json @@ -43,7 +43,7 @@ "@tsconfig/node24": "^24.0.3", "@types/node": "25.9.1", "@types/shell-quote": "^1.7.5", - "typescript": "^5.9.3", + "typescript": "^6.0.3", "vitest": "^4.0.15" }, "dependencies": { diff --git a/packages/cli/package.json b/packages/cli/package.json index 64637d2..0408b5d 100644 --- a/packages/cli/package.json +++ b/packages/cli/package.json @@ -42,7 +42,7 @@ "devDependencies": { "@tsconfig/node24": "^24.0.3", "@types/node": "25.9.1", - "typescript": "^5.9.3", + "typescript": "^6.0.3", "vitest": "^4.1.6" }, "dependencies": { diff --git a/packages/simulator/package.json b/packages/simulator/package.json index d8f22f6..e17e2f2 100644 --- a/packages/simulator/package.json +++ b/packages/simulator/package.json @@ -43,7 +43,7 @@ "@tsconfig/node24": "^24.0.3", "@types/node": "25.9.1", "fast-check": "^4.5.2", - "typescript": "^5.8.2", + "typescript": "^6.0.3", "vitest": "^4.1.6" }, "dependencies": { diff --git a/yarn.lock b/yarn.lock index 39cbe5d..1777295 100644 --- a/yarn.lock +++ b/yarn.lock @@ -5,18 +5,18 @@ __metadata: version: 8 cacheKey: 10 -"@biomejs/biome@npm:2.4.15": - version: 2.4.15 - resolution: "@biomejs/biome@npm:2.4.15" +"@biomejs/biome@npm:2.4.16": + version: 2.4.16 + resolution: "@biomejs/biome@npm:2.4.16" dependencies: - "@biomejs/cli-darwin-arm64": "npm:2.4.15" - "@biomejs/cli-darwin-x64": "npm:2.4.15" - "@biomejs/cli-linux-arm64": "npm:2.4.15" - "@biomejs/cli-linux-arm64-musl": "npm:2.4.15" - "@biomejs/cli-linux-x64": "npm:2.4.15" - "@biomejs/cli-linux-x64-musl": "npm:2.4.15" - "@biomejs/cli-win32-arm64": "npm:2.4.15" - "@biomejs/cli-win32-x64": "npm:2.4.15" + "@biomejs/cli-darwin-arm64": "npm:2.4.16" + "@biomejs/cli-darwin-x64": "npm:2.4.16" + "@biomejs/cli-linux-arm64": "npm:2.4.16" + "@biomejs/cli-linux-arm64-musl": "npm:2.4.16" + "@biomejs/cli-linux-x64": "npm:2.4.16" + "@biomejs/cli-linux-x64-musl": "npm:2.4.16" + "@biomejs/cli-win32-arm64": "npm:2.4.16" + "@biomejs/cli-win32-x64": "npm:2.4.16" dependenciesMeta: "@biomejs/cli-darwin-arm64": optional: true @@ -36,62 +36,62 @@ __metadata: optional: true bin: biome: bin/biome - checksum: 10/1b48c62fb4d26de515599cfd3ab51fae16aa0b93e686e496ffc837d3a59887898b4a21d6653ae1a90751f52ae120078f0f998e370e35fa4af9faa3febd3d6e14 + checksum: 10/364343b58ac4d739e70fc20c90b9d386736eeda4b06a52f4dde90b21342a38ce41b475fe0be05b720b95f6b7c261a2e7fc0bc93d70573a55a3ac96097091eca9 languageName: node linkType: hard -"@biomejs/cli-darwin-arm64@npm:2.4.15": - version: 2.4.15 - resolution: "@biomejs/cli-darwin-arm64@npm:2.4.15" +"@biomejs/cli-darwin-arm64@npm:2.4.16": + version: 2.4.16 + resolution: "@biomejs/cli-darwin-arm64@npm:2.4.16" conditions: os=darwin & cpu=arm64 languageName: node linkType: hard -"@biomejs/cli-darwin-x64@npm:2.4.15": - version: 2.4.15 - resolution: "@biomejs/cli-darwin-x64@npm:2.4.15" +"@biomejs/cli-darwin-x64@npm:2.4.16": + version: 2.4.16 + resolution: "@biomejs/cli-darwin-x64@npm:2.4.16" conditions: os=darwin & cpu=x64 languageName: node linkType: hard -"@biomejs/cli-linux-arm64-musl@npm:2.4.15": - version: 2.4.15 - resolution: "@biomejs/cli-linux-arm64-musl@npm:2.4.15" +"@biomejs/cli-linux-arm64-musl@npm:2.4.16": + version: 2.4.16 + resolution: "@biomejs/cli-linux-arm64-musl@npm:2.4.16" conditions: os=linux & cpu=arm64 & libc=musl languageName: node linkType: hard -"@biomejs/cli-linux-arm64@npm:2.4.15": - version: 2.4.15 - resolution: "@biomejs/cli-linux-arm64@npm:2.4.15" +"@biomejs/cli-linux-arm64@npm:2.4.16": + version: 2.4.16 + resolution: "@biomejs/cli-linux-arm64@npm:2.4.16" conditions: os=linux & cpu=arm64 & libc=glibc languageName: node linkType: hard -"@biomejs/cli-linux-x64-musl@npm:2.4.15": - version: 2.4.15 - resolution: "@biomejs/cli-linux-x64-musl@npm:2.4.15" +"@biomejs/cli-linux-x64-musl@npm:2.4.16": + version: 2.4.16 + resolution: "@biomejs/cli-linux-x64-musl@npm:2.4.16" conditions: os=linux & cpu=x64 & libc=musl languageName: node linkType: hard -"@biomejs/cli-linux-x64@npm:2.4.15": - version: 2.4.15 - resolution: "@biomejs/cli-linux-x64@npm:2.4.15" +"@biomejs/cli-linux-x64@npm:2.4.16": + version: 2.4.16 + resolution: "@biomejs/cli-linux-x64@npm:2.4.16" conditions: os=linux & cpu=x64 & libc=glibc languageName: node linkType: hard -"@biomejs/cli-win32-arm64@npm:2.4.15": - version: 2.4.15 - resolution: "@biomejs/cli-win32-arm64@npm:2.4.15" +"@biomejs/cli-win32-arm64@npm:2.4.16": + version: 2.4.16 + resolution: "@biomejs/cli-win32-arm64@npm:2.4.16" conditions: os=win32 & cpu=arm64 languageName: node linkType: hard -"@biomejs/cli-win32-x64@npm:2.4.15": - version: 2.4.15 - resolution: "@biomejs/cli-win32-x64@npm:2.4.15" +"@biomejs/cli-win32-x64@npm:2.4.16": + version: 2.4.16 + resolution: "@biomejs/cli-win32-x64@npm:2.4.16" conditions: os=win32 & cpu=x64 languageName: node linkType: hard @@ -214,7 +214,7 @@ __metadata: log-symbols: "npm:^7.0.0" ora: "npm:^9.0.0" shell-quote: "npm:^1.8.4" - typescript: "npm:^5.9.3" + typescript: "npm:^6.0.3" vitest: "npm:^4.0.15" languageName: unknown linkType: soft @@ -228,7 +228,7 @@ __metadata: "@types/node": "npm:25.9.1" chalk: "npm:^5.6.2" ora: "npm:^9.0.0" - typescript: "npm:^5.9.3" + typescript: "npm:^6.0.3" vitest: "npm:^4.1.6" bin: compact-builder: dist/runBuilder.js @@ -245,7 +245,7 @@ __metadata: "@tsconfig/node24": "npm:^24.0.3" "@types/node": "npm:25.9.1" fast-check: "npm:^4.5.2" - typescript: "npm:^5.8.2" + typescript: "npm:^6.0.3" vitest: "npm:^4.1.6" languageName: unknown linkType: soft @@ -682,11 +682,11 @@ __metadata: version: 0.0.0-use.local resolution: "compact-tools-monorepo@workspace:." dependencies: - "@biomejs/biome": "npm:2.4.15" + "@biomejs/biome": "npm:2.4.16" "@types/node": "npm:25.9.1" ts-node: "npm:^10.9.2" turbo: "npm:^2.9.14" - typescript: "npm:^5.9.3" + typescript: "npm:^6.0.3" vitest: "npm:^4.1.6" languageName: unknown linkType: soft @@ -1388,23 +1388,23 @@ __metadata: languageName: node linkType: hard -"typescript@npm:^5.8.2, typescript@npm:^5.9.3": - version: 5.9.3 - resolution: "typescript@npm:5.9.3" +"typescript@npm:^6.0.3": + version: 6.0.3 + resolution: "typescript@npm:6.0.3" bin: tsc: bin/tsc tsserver: bin/tsserver - checksum: 10/c089d9d3da2729fd4ac517f9b0e0485914c4b3c26f80dc0cffcb5de1719a17951e92425d55db59515c1a7ddab65808466debb864d0d56dcf43f27007d0709594 + checksum: 10/0ef2357a4cffd916b52b683a021cdab0f81eea4e9aa35f2d254581c9a5106da02224e3392e1b0ed42b7a48f80c966e5f52b8e1a27941fa0523c1705a9c2e0330 languageName: node linkType: hard -"typescript@patch:typescript@npm%3A^5.8.2#optional!builtin, typescript@patch:typescript@npm%3A^5.9.3#optional!builtin": - version: 5.9.3 - resolution: "typescript@patch:typescript@npm%3A5.9.3#optional!builtin::version=5.9.3&hash=5786d5" +"typescript@patch:typescript@npm%3A^6.0.3#optional!builtin": + version: 6.0.3 + resolution: "typescript@patch:typescript@npm%3A6.0.3#optional!builtin::version=6.0.3&hash=5786d5" bin: tsc: bin/tsc tsserver: bin/tsserver - checksum: 10/696e1b017bc2635f4e0c94eb4435357701008e2f272f553d06e35b494b8ddc60aa221145e286c28ace0c89ee32827a28c2040e3a69bdc108b1a5dc8fb40b72e3 + checksum: 10/22b67a18dafedf9b1468b64ca20d9aa02ea61d449b65413d8aa6552aeb63f52ef369e86beb25b6b4c91a803d9726ee5c196f391a9b64201263263410a4223ee6 languageName: node linkType: hard