fix(deps-dev): resolve minimatch ReDoS vulnerability (CVE-2026-27903)… #272
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| name: Test Run | |
| on: | |
| workflow_dispatch: | |
| inputs: | |
| update_readme: | |
| description: "Update README?" | |
| default: "yes" | |
| required: false | |
| push: | |
| branches: | |
| - main | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.ref }} | |
| cancel-in-progress: true | |
| jobs: | |
| test_run: | |
| runs-on: ubuntu-latest | |
| environment: test-run | |
| name: Test run | |
| steps: | |
| - name: Checkout sources | |
| uses: actions/[email protected] | |
| - name: Install node 18 | |
| uses: actions/[email protected] | |
| with: | |
| node-version: "18" | |
| cache: npm | |
| - name: Install project modules | |
| run: npm ci | |
| - name: Grab my user stats | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.TEST_RUN_TOKEN }} | |
| run: > | |
| printf "\n\`\`\`json\n" > my_stats | |
| && node ./src/cli.js contribs >> my_stats | |
| && printf "\`\`\`\n\n" >> my_stats | |
| - name: Grab my repo stats | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.TEST_RUN_TOKEN }} | |
| run: > | |
| printf "\n\`\`\`json\n" > my_repo | |
| && node ./src/cli.js repo aioswitcher >> my_repo | |
| && printf "\`\`\`\n\n" >> my_repo | |
| - name: Upload statistics artifact | |
| uses: actions/[email protected] | |
| if: >- | |
| github.event_name == 'workflow_dispatch' && | |
| github.event.inputs.update_readme == 'yes' | |
| with: | |
| name: stats-artifact | |
| path: | | |
| ./my_stats | |
| ./my_repo | |
| update_readme: | |
| runs-on: ubuntu-latest | |
| environment: update-docs | |
| name: Update README | |
| needs: test_run | |
| if: >- | |
| github.event_name == 'workflow_dispatch' && | |
| github.event.inputs.update_readme == 'yes' | |
| steps: | |
| - name: Checkout sources | |
| uses: actions/[email protected] | |
| with: | |
| ssh-key: ${{ secrets.DEPLOY_KEY }} | |
| - name: Download statistics artifact | |
| uses: actions/download-artifact@v8 | |
| with: | |
| name: stats-artifact | |
| - name: Configure git | |
| run: | | |
| git config user.name "github-actions[bot]" | |
| git config user.email "41898282+github-actions[bot]@users.noreply.github.com" | |
| - name: Setup SSH signing | |
| run: | | |
| mkdir -p ~/.ssh | |
| echo "${{ secrets.SIGNING_KEY }}" > ~/.ssh/signing_key | |
| chmod 600 ~/.ssh/signing_key | |
| git config gpg.format ssh | |
| git config user.signingkey ~/.ssh/signing_key | |
| git config commit.gpgsign true | |
| - name: Update user block | |
| run: | | |
| sed -i -ne '/<!--START OF STATS-->/ {p; r my_stats' -e ':a; n; /<!--END OF STATS-->/ {p; b}; ba}; p' README.md | |
| - name: Update repo block | |
| run: | | |
| sed -i -ne '/<!--START OF REPO-->/ {p; r my_repo' -e ':a; n; /<!--END OF REPO-->/ {p; b}; ba}; p' README.md | |
| - name: Check for README diff | |
| id: got_diff | |
| continue-on-error: true # exits non zero if diff found | |
| run: git diff -s --exit-code README.md | |
| - name: Commit and push README | |
| if: steps.got_diff.outcome == 'failure' # failure means found diff | |
| run: | | |
| git add README.md | |
| git commit -m "docs: updated README with new stats [skip ci]" | |
| git push |