Skip to content

chore(deps): bump jsonpath-plus to ^10.0.0 to mitigate CVE-2024-21534 #1755

chore(deps): bump jsonpath-plus to ^10.0.0 to mitigate CVE-2024-21534

chore(deps): bump jsonpath-plus to ^10.0.0 to mitigate CVE-2024-21534 #1755

# This action is centrally managed in https://github.com/asyncapi/.github/
# Don't make changes to this file in this repo as they will be overwritten with changes made to the same file in above mentioned repo
# It does magic only if there is package.json file in the root of the project
name: PR testing - if Node project
on:
pull_request:
types: [opened, reopened, synchronize, ready_for_review]
jobs:
test-nodejs-pr:
name: Test NodeJS PR - ${{ matrix.os }}
runs-on: ${{ matrix.os }}
strategy:
matrix:
# Using macos-13 instead of latest (macos-14) due to an issue with Puppeteer and such runner.
# See: https://github.com/puppeteer/puppeteer/issues/12327 and https://github.com/asyncapi/parser-js/issues/1001
os: [ubuntu-latest, macos-13, windows-latest]
steps:
- if: >
!github.event.pull_request.draft && !(
(github.actor == 'asyncapi-bot' && (
startsWith(github.event.pull_request.title, 'ci: update of files from global .github repo') ||
startsWith(github.event.pull_request.title, 'chore(release):')
)) ||
(github.actor == 'asyncapi-bot-eve' && (
startsWith(github.event.pull_request.title, 'ci: update of files from global .github repo') ||
startsWith(github.event.pull_request.title, 'chore(release):')
)) ||
(github.actor == 'allcontributors[bot]' &&
startsWith(github.event.pull_request.title, 'docs: add')
)
)
id: should_run
name: Should Run
run: echo "shouldrun=true" >> $GITHUB_OUTPUT
shell: bash
- if: steps.should_run.outputs.shouldrun == 'true'
name: Set git to use LF #to once and for all finish neverending fight between Unix and Windows
run: |
git config --global core.autocrlf false
git config --global core.eol lf
shell: bash
- if: steps.should_run.outputs.shouldrun == 'true'
name: Checkout repository
uses: actions/checkout@v4
- if: steps.should_run.outputs.shouldrun == 'true'
name: Check if Node.js project and has package.json
id: packagejson
run: test -e ./package.json && echo "exists=true" >> $GITHUB_OUTPUT || echo "exists=false" >> $GITHUB_OUTPUT
shell: bash
- if: steps.packagejson.outputs.exists == 'true'
name: Check package-lock version
uses: asyncapi/.github/.github/actions/get-node-version-from-package-lock@master
id: lockversion
- if: steps.packagejson.outputs.exists == 'true'
name: Setup Node.js
uses: actions/setup-node@v4
with:
node-version: "${{ steps.lockversion.outputs.version }}"
- if: steps.lockversion.outputs.version == '18' && matrix.os == 'windows-latest'
#npm cli 10 is buggy because of some cache issue
name: Install npm cli 8
shell: bash
run: npm install -g npm@8.19.4
- if: steps.packagejson.outputs.exists == 'true'
name: Install dependencies
shell: bash
run: npm ci
- if: steps.packagejson.outputs.exists == 'true'
name: Test
run: npm test --if-present
- if: steps.packagejson.outputs.exists == 'true' && matrix.os == 'ubuntu-latest'
#linting should run just one and not on all possible operating systems
name: Run linter
run: npm run lint --if-present
- if: steps.packagejson.outputs.exists == 'true'
name: Run release assets generation to make sure PR does not break it
shell: bash
run: npm run generate:assets --if-present