From d663c43f6da577f790d67c5835a9d2c519a1edc4 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 6 Aug 2021 07:24:15 +0000
Subject: [PATCH 1/2] Bump axios from 0.20.0 to 0.21.1 in /web
Bumps [axios](https://github.com/axios/axios) from 0.20.0 to 0.21.1.
- [Release notes](https://github.com/axios/axios/releases)
- [Changelog](https://github.com/axios/axios/blob/master/CHANGELOG.md)
- [Commits](https://github.com/axios/axios/compare/v0.20.0...v0.21.1)
---
updated-dependencies:
- dependency-name: axios
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com>
---
web/package-lock.json | 14 +++++++-------
web/package.json | 2 +-
2 files changed, 8 insertions(+), 8 deletions(-)
diff --git a/web/package-lock.json b/web/package-lock.json
index 6343ab8..5977497 100644
--- a/web/package-lock.json
+++ b/web/package-lock.json
@@ -8,7 +8,7 @@
"name": "anylink-web",
"version": "0.1.0",
"dependencies": {
- "axios": "^0.20.0",
+ "axios": "^0.21.1",
"caniuse-lite": "^1.0.30001242",
"chokidar": "^3.5.2",
"core-js": "^3.6.5",
@@ -2683,9 +2683,9 @@
"dev": true
},
"node_modules/axios": {
- "version": "0.20.0",
- "resolved": "https://registry.npm.taobao.org/axios/download/axios-0.20.0.tgz?cache=0&sync_timestamp=1597979608919&other_urls=https%3A%2F%2Fregistry.npm.taobao.org%2Faxios%2Fdownload%2Faxios-0.20.0.tgz",
- "integrity": "sha1-BXujDwSIRpSZOozQf6OUz/EcUL0=",
+ "version": "0.21.1",
+ "resolved": "https://registry.npmjs.org/axios/-/axios-0.21.1.tgz",
+ "integrity": "sha512-dKQiRHxGD9PPRIUNIWvZhPTPpl1rf/OxTYKsqKUDjBwYylTvV7SjSHJb9ratfyzM6wCdLCOYLzs73qpg5c4iGA==",
"dependencies": {
"follow-redirects": "^1.10.0"
}
@@ -16435,9 +16435,9 @@
"dev": true
},
"axios": {
- "version": "0.20.0",
- "resolved": "https://registry.npm.taobao.org/axios/download/axios-0.20.0.tgz?cache=0&sync_timestamp=1597979608919&other_urls=https%3A%2F%2Fregistry.npm.taobao.org%2Faxios%2Fdownload%2Faxios-0.20.0.tgz",
- "integrity": "sha1-BXujDwSIRpSZOozQf6OUz/EcUL0=",
+ "version": "0.21.1",
+ "resolved": "https://registry.npmjs.org/axios/-/axios-0.21.1.tgz",
+ "integrity": "sha512-dKQiRHxGD9PPRIUNIWvZhPTPpl1rf/OxTYKsqKUDjBwYylTvV7SjSHJb9ratfyzM6wCdLCOYLzs73qpg5c4iGA==",
"requires": {
"follow-redirects": "^1.10.0"
}
diff --git a/web/package.json b/web/package.json
index 740422f..12aeb85 100644
--- a/web/package.json
+++ b/web/package.json
@@ -8,7 +8,7 @@
"lint": "vue-cli-service lint"
},
"dependencies": {
- "axios": "^0.20.0",
+ "axios": "^0.21.1",
"caniuse-lite": "^1.0.30001242",
"chokidar": "^3.5.2",
"core-js": "^3.6.5",
From af9845a012a364294c5a3c3e32649e2cab673fc3 Mon Sep 17 00:00:00 2001
From: bjdgyc <bjdgyc@163.com>
Date: Fri, 6 Aug 2021 15:25:35 +0800
Subject: [PATCH 2/2] Create codeql-analysis.yml
---
.github/workflows/codeql-analysis.yml | 71 +++++++++++++++++++++++++++
1 file changed, 71 insertions(+)
create mode 100644 .github/workflows/codeql-analysis.yml
diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
new file mode 100644
index 0000000..7134848
--- /dev/null
+++ b/.github/workflows/codeql-analysis.yml
@@ -0,0 +1,71 @@
+# For most projects, this workflow file will not need changing; you simply need
+# to commit it to your repository.
+#
+# You may wish to alter this file to override the set of languages analyzed,
+# or to provide custom queries or build logic.
+#
+# ******** NOTE ********
+# We have attempted to detect the languages in your repository. Please check
+# the `language` matrix defined below to confirm you have the correct set of
+# supported CodeQL languages.
+#
+name: "CodeQL"
+
+on:
+ push:
+ branches: [ main ]
+ pull_request:
+ # The branches below must be a subset of the branches above
+ branches: [ main ]
+ schedule:
+ - cron: '32 12 * * 5'
+
+jobs:
+ analyze:
+ name: Analyze
+ runs-on: ubuntu-latest
+ permissions:
+ actions: read
+ contents: read
+ security-events: write
+
+ strategy:
+ fail-fast: false
+ matrix:
+ language: [ 'go', 'javascript' ]
+ # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python' ]
+ # Learn more:
+ # https://docs.github.com/en/free-pro-team@latest/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning#changing-the-languages-that-are-analyzed
+
+ steps:
+ - name: Checkout repository
+ uses: actions/checkout@v2
+
+ # Initializes the CodeQL tools for scanning.
+ - name: Initialize CodeQL
+ uses: github/codeql-action/init@v1
+ with:
+ languages: ${{ matrix.language }}
+ # If you wish to specify custom queries, you can do so here or in a config file.
+ # By default, queries listed here will override any specified in a config file.
+ # Prefix the list here with "+" to use these queries and those in the config file.
+ # queries: ./path/to/local/query, your-org/your-repo/queries@main
+
+ # Autobuild attempts to build any compiled languages (C/C++, C#, or Java).
+ # If this step fails, then you should remove it and run the build manually (see below)
+ - name: Autobuild
+ uses: github/codeql-action/autobuild@v1
+
+ # âšī¸ Command-line programs to run using the OS shell.
+ # đ https://git.io/JvXDl
+
+ # âī¸ If the Autobuild fails above, remove it and uncomment the following three lines
+ # and modify them (or add more) to build your code if your project
+ # uses a compiled language
+
+ #- run: |
+ # make bootstrap
+ # make release
+
+ - name: Perform CodeQL Analysis
+ uses: github/codeql-action/analyze@v1