fix: osv permissions

fix: reset lock files after bad dependabot merge
Merge pull request #11 from zhom/dependabot/npm_and_yarn/frontend-dependencies-852ce57221
2026-06-11 17:27:54 +02:00 · 2025-06-03 15:33:45 +04:00 · 2025-06-03 15:33:03 +04:00 · 2025-06-03 15:26:21 +04:00 · 2025-06-03 11:24:36 +00:00
5 changed files with 35 additions and 15 deletions
@@ -44,10 +44,9 @@ on:
      - "nodecar/package-lock.json"

 permissions:
-  # Require writing security events to upload SARIF file to security tab
  security-events: write
-  # Read commit contents
  contents: read
+  actions: read

 jobs:
  scan-scheduled:
@@ -7,10 +7,9 @@ on:
    branches: ["main"]

 permissions:
-  # Required for OSV scanner to upload SARIF file to security tab
  security-events: write
-  # Read commit contents
  contents: read
+  actions: read

 jobs:
  lint-js:
@@ -24,6 +24,7 @@
    "reqwest",
    "rlib",
    "rustc",
+    "SARIF",
    "serde",
    "shadcn",
    "signon",
@@ -38,8 +38,8 @@ importers:

 packages:

-  '@babel/generator@7.27.3':
-    resolution: {integrity: sha512-xnlJYj5zepml8NXtjkG0WquFUv8RskFqyFcVgTBp5k+NaA/8uw/K+OSVf8AMGw5e9HKP2ETd5xpK5MLZQD6b4Q==}
+  '@babel/generator@7.27.5':
+    resolution: {integrity: sha512-ZGhA37l0e/g2s1Cnzdix0O3aLYm66eF8aufiVteOgnwxgnRP8GoyMj7VWsgWnQbVKXyge7hqrFh2K2TQM6t1Hw==}
    engines: {node: '>=6.9.0'}

  '@babel/helper-string-parser@7.27.1':
@@ -50,8 +50,8 @@ packages:
    resolution: {integrity: sha512-D2hP9eA+Sqx1kBZgzxZh0y1trbuU+JoDkiEwqhQ36nodYqJwyEIhPSdMNd7lOm/4io72luTPWH20Yda0xOuUow==}
    engines: {node: '>=6.9.0'}

-  '@babel/parser@7.27.4':
-    resolution: {integrity: sha512-BRmLHGwpUqLFR2jzx9orBuX/ABDkj2jLKOXrHDTN2aOKL+jFDDKaRNo9nyYsIl9h/UE/7lMKdDjKQQyxKKDZ7g==}
+  '@babel/parser@7.27.5':
+    resolution: {integrity: sha512-OsQd175SxWkGlzbny8J3K8TnnDD0N3lrIUtB92xwyRpzaenGZhxDvxN/JgU00U3CDZNj9tPuDJ5H0WS4Nt3vKg==}
    engines: {node: '>=6.0.0'}
    hasBin: true

@@ -668,9 +668,9 @@ packages:

 snapshots:

-  '@babel/generator@7.27.3':
+  '@babel/generator@7.27.5':
    dependencies:
-      '@babel/parser': 7.27.4
+      '@babel/parser': 7.27.5
      '@babel/types': 7.27.3
      '@jridgewell/gen-mapping': 0.3.8
      '@jridgewell/trace-mapping': 0.3.25
@@ -680,7 +680,7 @@ snapshots:

  '@babel/helper-validator-identifier@7.27.1': {}

-  '@babel/parser@7.27.4':
+  '@babel/parser@7.27.5':
    dependencies:
      '@babel/types': 7.27.3

@@ -746,8 +746,8 @@ snapshots:

  '@yao-pkg/pkg@6.5.1':
    dependencies:
-      '@babel/generator': 7.27.3
-      '@babel/parser': 7.27.4
+      '@babel/generator': 7.27.5
+      '@babel/parser': 7.27.5
      '@babel/types': 7.27.3
      '@yao-pkg/pkg-fetch': 3.5.23
      into-stream: 6.0.0
@@ -201,6 +201,10 @@ packages:
    resolution: {integrity: sha512-xnlJYj5zepml8NXtjkG0WquFUv8RskFqyFcVgTBp5k+NaA/8uw/K+OSVf8AMGw5e9HKP2ETd5xpK5MLZQD6b4Q==}
    engines: {node: '>=6.9.0'}

+  '@babel/generator@7.27.5':
+    resolution: {integrity: sha512-ZGhA37l0e/g2s1Cnzdix0O3aLYm66eF8aufiVteOgnwxgnRP8GoyMj7VWsgWnQbVKXyge7hqrFh2K2TQM6t1Hw==}
+    engines: {node: '>=6.9.0'}
+
  '@babel/helper-compilation-targets@7.27.2':
    resolution: {integrity: sha512-2+1thGUUWWjLTYTHZWK1n8Yga0ijBz1XAhUXcKy81rd5g6yh7hGqMp45v7cadSbEHc9G3OTv45SyneRN3ps4DQ==}
    engines: {node: '>=6.9.0'}
@@ -240,6 +244,11 @@ packages:
    engines: {node: '>=6.0.0'}
    hasBin: true

+  '@babel/parser@7.27.5':
+    resolution: {integrity: sha512-OsQd175SxWkGlzbny8J3K8TnnDD0N3lrIUtB92xwyRpzaenGZhxDvxN/JgU00U3CDZNj9tPuDJ5H0WS4Nt3vKg==}
+    engines: {node: '>=6.0.0'}
+    hasBin: true
+
  '@babel/plugin-transform-react-jsx-self@7.27.1':
    resolution: {integrity: sha512-6UzkCs+ejGdZ5mFFC/OCUrv028ab2fp1znZmCZjAOBKiBK2jXD1O+BPSfX8X2qjJ75fZBMSnQn3Rq2mrBJK2mw==}
    engines: {node: '>=6.9.0'}
@@ -3617,6 +3626,14 @@ snapshots:
      '@jridgewell/trace-mapping': 0.3.25
      jsesc: 3.1.0

+  '@babel/generator@7.27.5':
+    dependencies:
+      '@babel/parser': 7.27.5
+      '@babel/types': 7.27.3
+      '@jridgewell/gen-mapping': 0.3.8
+      '@jridgewell/trace-mapping': 0.3.25
+      jsesc: 3.1.0
+
  '@babel/helper-compilation-targets@7.27.2':
    dependencies:
      '@babel/compat-data': 7.27.3
@@ -3658,6 +3675,10 @@ snapshots:
    dependencies:
      '@babel/types': 7.27.3

+  '@babel/parser@7.27.5':
+    dependencies:
+      '@babel/types': 7.27.3
+
  '@babel/plugin-transform-react-jsx-self@7.27.1(@babel/core@7.27.4)':
    dependencies:
      '@babel/core': 7.27.4
@@ -4889,8 +4910,8 @@ snapshots:

  '@yao-pkg/pkg@6.5.1':
    dependencies:
-      '@babel/generator': 7.27.3
-      '@babel/parser': 7.27.4
+      '@babel/generator': 7.27.5
+      '@babel/parser': 7.27.5
      '@babel/types': 7.27.3
      '@yao-pkg/pkg-fetch': 3.5.23
      into-stream: 6.0.0
Author	SHA1	Message	Date
zhom	4c42099661	fix: osv permissions	2025-06-03 15:33:45 +04:00
zhom	4c4aa10d8c	fix: reset lock files after bad dependabot merge	2025-06-03 15:33:03 +04:00
zhom	a1a6ef63e4	Merge pull request #11 from zhom/dependabot/npm_and_yarn/frontend-dependencies-852ce57221 deps(deps): bump the frontend-dependencies group across 1 directory with 12 updates	2025-06-03 15:26:21 +04:00
dependabot[bot]	bd7b9f1d9f	deps(deps): bump the frontend-dependencies group across 1 directory with 12 updates Bumps the frontend-dependencies group with 1 update in the / directory: [@jridgewell/trace-mapping](https://github.com/jridgewell/trace-mapping). Updates `@jridgewell/trace-mapping` from 0.3.9 to 0.3.25 - [Release notes](https://github.com/jridgewell/trace-mapping/releases) - [Commits](https://github.com/jridgewell/trace-mapping/compare/v0.3.9...v0.3.25) Updates `ansi-regex` from 5.0.1 to 6.1.0 - [Release notes](https://github.com/chalk/ansi-regex/releases) - [Commits](https://github.com/chalk/ansi-regex/compare/v5.0.1...v6.1.0) Updates `chownr` from 1.1.4 to 3.0.0 - [Commits](https://github.com/isaacs/chownr/compare/v1.1.4...v3.0.0) Updates `emoji-regex` from 8.0.0 to 9.2.2 - [Commits](https://github.com/mathiasbynens/emoji-regex/compare/v8.0.0...v9.2.2) Updates `has-flag` from 3.0.0 to 4.0.0 - [Release notes](https://github.com/sindresorhus/has-flag/releases) - [Commits](https://github.com/sindresorhus/has-flag/compare/v3.0.0...v4.0.0) Updates `is-fullwidth-code-point` from 3.0.0 to 4.0.0 - [Release notes](https://github.com/sindresorhus/is-fullwidth-code-point/releases) - [Commits](https://github.com/sindresorhus/is-fullwidth-code-point/compare/v3.0.0...v4.0.0) Updates `isarray` from 1.0.0 to 2.0.5 - [Release notes](https://github.com/juliangruber/isarray/releases) - [Commits](https://github.com/juliangruber/isarray/compare/v1.0.0...v2.0.5) Updates `string-width` from 4.2.3 to 7.2.0 - [Release notes](https://github.com/sindresorhus/string-width/releases) - [Commits](https://github.com/sindresorhus/string-width/compare/v4.2.3...v7.2.0) Updates `strip-ansi` from 6.0.1 to 7.1.0 - [Release notes](https://github.com/chalk/strip-ansi/releases) - [Commits](https://github.com/chalk/strip-ansi/compare/v6.0.1...v7.1.0) Updates `strip-json-comments` from 2.0.1 to 3.1.1 - [Release notes](https://github.com/sindresorhus/strip-json-comments/releases) - [Commits](https://github.com/sindresorhus/strip-json-comments/compare/v2.0.1...v3.1.1) Updates `supports-color` from 5.5.0 to 7.2.0 - [Release notes](https://github.com/chalk/supports-color/releases) - [Commits](https://github.com/chalk/supports-color/compare/v5.5.0...v7.2.0) Updates `wrap-ansi` from 7.0.0 to 9.0.0 - [Release notes](https://github.com/chalk/wrap-ansi/releases) - [Commits](https://github.com/chalk/wrap-ansi/compare/v7.0.0...v9.0.0) --- updated-dependencies: - dependency-name: "@jridgewell/trace-mapping" dependency-version: 0.3.25 dependency-type: indirect update-type: version-update:semver-patch dependency-group: frontend-dependencies - dependency-name: ansi-regex dependency-version: 6.1.0 dependency-type: indirect update-type: version-update:semver-major dependency-group: frontend-dependencies - dependency-name: chownr dependency-version: 3.0.0 dependency-type: indirect update-type: version-update:semver-major dependency-group: frontend-dependencies - dependency-name: emoji-regex dependency-version: 9.2.2 dependency-type: indirect update-type: version-update:semver-major dependency-group: frontend-dependencies - dependency-name: has-flag dependency-version: 4.0.0 dependency-type: indirect update-type: version-update:semver-major dependency-group: frontend-dependencies - dependency-name: is-fullwidth-code-point dependency-version: 4.0.0 dependency-type: indirect update-type: version-update:semver-major dependency-group: frontend-dependencies - dependency-name: isarray dependency-version: 2.0.5 dependency-type: indirect update-type: version-update:semver-major dependency-group: frontend-dependencies - dependency-name: string-width dependency-version: 7.2.0 dependency-type: indirect update-type: version-update:semver-major dependency-group: frontend-dependencies - dependency-name: strip-ansi dependency-version: 7.1.0 dependency-type: indirect update-type: version-update:semver-major dependency-group: frontend-dependencies - dependency-name: strip-json-comments dependency-version: 3.1.1 dependency-type: indirect update-type: version-update:semver-major dependency-group: frontend-dependencies - dependency-name: supports-color dependency-version: 7.2.0 dependency-type: indirect update-type: version-update:semver-major dependency-group: frontend-dependencies - dependency-name: wrap-ansi dependency-version: 9.0.0 dependency-type: indirect update-type: version-update:semver-major dependency-group: frontend-dependencies ... Signed-off-by: dependabot[bot] <support@github.com>	2025-06-03 11:24:36 +00:00