Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
115 commits
Select commit Hold shift + click to select a range
eff1dcf
Bump tar-fs from 2.1.2 to 2.1.3 (#124)
dependabot[bot] Jul 24, 2025
be2f445
Bump webpack-dev-server from 5.1.0 to 5.2.1 (#125)
dependabot[bot] Jul 24, 2025
35326de
Bump form-data from 4.0.2 to 4.0.4 (#127)
dependabot[bot] Jul 24, 2025
47462bf
Add workflow to autorun npm audit fix (#128)
ElizabethSamuel-MSFT Aug 19, 2025
4d8cf36
Automatically run npm audit fix (#129)
AlexJerabek Sep 2, 2025
baa260d
Automatically run npm audit fix
invalid-email-address Oct 1, 2025
72e69c9
Merge pull request #131 from OfficeDev/autorun-npm-audit-fix
Rick-Kirkham Oct 8, 2025
c68aab5
Bump tar-fs from 2.1.3 to 2.1.4
dependabot[bot] Oct 8, 2025
98ee8c6
Bump validator from 13.15.15 to 13.15.20
dependabot[bot] Oct 28, 2025
9a7532b
Merge pull request #132 from OfficeDev/dependabot/npm_and_yarn/valida…
Rick-Kirkham Oct 28, 2025
cf41d03
Bump js-yaml from 4.1.0 to 4.1.1
dependabot[bot] Nov 15, 2025
b04d07c
Merge pull request #133 from OfficeDev/dependabot/npm_and_yarn/js-yam…
Rick-Kirkham Nov 16, 2025
78e203a
Bump glob from 10.4.5 to 10.5.0 (#135)
dependabot[bot] Nov 19, 2025
a950626
Bump on-headers, morgan and office-addin-sso (#134)
dependabot[bot] Nov 19, 2025
9fb62bf
Merge branch 'master' into dependabot/npm_and_yarn/tar-fs-2.1.4
AlexJerabek Nov 22, 2025
b87918d
Automatically run npm audit fix
invalid-email-address Dec 1, 2025
4da86dc
Merge pull request #137 from OfficeDev/autorun-npm-audit-fix
Rick-Kirkham Dec 2, 2025
513351f
Merge branch 'master' into dependabot/npm_and_yarn/tar-fs-2.1.4
Rick-Kirkham Dec 2, 2025
7a9dd38
Merge pull request #130 from OfficeDev/dependabot/npm_and_yarn/tar-fs…
Rick-Kirkham Dec 3, 2025
156d7ec
Bump jws from 3.2.2 to 3.2.3 (#139)
dependabot[bot] Dec 4, 2025
f96507b
Add ability to manually run npm-audit-fix workflow (#140)
ElizabethSamuel-MSFT Dec 16, 2025
3122551
Bump qs and express (#141)
dependabot[bot] Jan 2, 2026
ac9817d
Bump tar from 7.5.2 to 7.5.3 (#142)
dependabot[bot] Jan 20, 2026
11ec961
Bump tar from 7.5.3 to 7.5.6
dependabot[bot] Jan 21, 2026
39006d4
Merge pull request #143 from OfficeDev/dependabot/npm_and_yarn/tar-7.5.6
Rick-Kirkham Jan 23, 2026
b6451ba
Bump lodash from 4.17.21 to 4.17.23
dependabot[bot] Jan 23, 2026
0c0f3dd
Merge pull request #144 from OfficeDev/dependabot/npm_and_yarn/lodash…
Rick-Kirkham Jan 24, 2026
b3cea7c
Bump tar from 7.5.6 to 7.5.7
dependabot[bot] Jan 29, 2026
2d27f4f
Merge pull request #145 from OfficeDev/dependabot/npm_and_yarn/tar-7.5.7
Rick-Kirkham Jan 29, 2026
708ca28
Automatically run npm audit fix
invalid-email-address Feb 1, 2026
1766d2e
Merge pull request #146 from OfficeDev/autorun-npm-audit-fix
Rick-Kirkham Feb 2, 2026
1f137f2
Bump webpack from 5.98.0 to 5.105.0
dependabot[bot] Feb 7, 2026
48df637
Merge pull request #147 from OfficeDev/dependabot/npm_and_yarn/webpac…
Rick-Kirkham Feb 7, 2026
e5c989e
Bump qs from 6.14.1 to 6.14.2
dependabot[bot] Feb 14, 2026
9bcc959
Merge pull request #148 from OfficeDev/dependabot/npm_and_yarn/qs-6.14.2
Rick-Kirkham Feb 14, 2026
6207638
Bump fast-xml-parser from 5.3.4 to 5.3.6 (#149)
dependabot[bot] Feb 18, 2026
5f636e7
Bump tar from 7.5.7 to 7.5.9 (#150)
dependabot[bot] Feb 18, 2026
009626b
Bump minimatch
dependabot[bot] Feb 28, 2026
fb34060
Merge pull request #151 from OfficeDev/dependabot/npm_and_yarn/multi-…
Rick-Kirkham Mar 3, 2026
3faa0d0
Bump fast-xml-parser from 5.3.6 to 5.4.1
dependabot[bot] Mar 3, 2026
5f4aeed
Merge pull request #152 from OfficeDev/dependabot/npm_and_yarn/fast-x…
Rick-Kirkham Mar 3, 2026
9384540
Bump tar from 7.5.9 to 7.5.10 (#154)
dependabot[bot] Mar 6, 2026
b86e7a8
Bump tar from 7.5.10 to 7.5.11 (#155)
dependabot[bot] Mar 11, 2026
ecd47b0
Bump fast-xml-parser from 5.4.1 to 5.5.6
dependabot[bot] Mar 18, 2026
21cfdbf
Merge pull request #156 from OfficeDev/dependabot/npm_and_yarn/fast-x…
Rick-Kirkham Mar 18, 2026
27f0a78
Bump fast-xml-parser from 5.5.6 to 5.5.7
dependabot[bot] Mar 20, 2026
537e21c
Merge pull request #157 from OfficeDev/dependabot/npm_and_yarn/fast-x…
Rick-Kirkham Mar 20, 2026
3b1e072
Bump flatted from 3.3.3 to 3.4.2
dependabot[bot] Mar 20, 2026
3c7f5b6
Merge pull request #158 from OfficeDev/dependabot/npm_and_yarn/flatte…
Rick-Kirkham Mar 20, 2026
f1746eb
Bump picomatch from 2.3.1 to 2.3.2
dependabot[bot] Mar 25, 2026
9c7fbd2
Merge pull request #159 from OfficeDev/dependabot/npm_and_yarn/picoma…
Rick-Kirkham Mar 26, 2026
8bf83a7
Bump handlebars from 4.7.8 to 4.7.9
dependabot[bot] Mar 27, 2026
8583001
Merge pull request #160 from OfficeDev/dependabot/npm_and_yarn/handle…
Rick-Kirkham Mar 27, 2026
a8da781
Bump node-forge from 1.3.2 to 1.4.0
dependabot[bot] Mar 27, 2026
8d5c419
Merge pull request #161 from OfficeDev/dependabot/npm_and_yarn/node-f…
Rick-Kirkham Mar 27, 2026
4281599
Bump path-to-regexp from 0.1.12 to 0.1.13 (#162)
dependabot[bot] Mar 31, 2026
f452fb4
Bump @xmldom/xmldom from 0.8.11 to 0.8.12
dependabot[bot] Apr 1, 2026
86376df
Merge pull request #163 from OfficeDev/dependabot/npm_and_yarn/xmldom…
Rick-Kirkham Apr 1, 2026
05fdcbd
Bump lodash from 4.17.23 to 4.18.1
dependabot[bot] Apr 10, 2026
e832d85
Merge pull request #165 from OfficeDev/dependabot/npm_and_yarn/lodash…
Rick-Kirkham Apr 10, 2026
ab70259
Bump axios from 1.13.4 to 1.15.0
dependabot[bot] Apr 10, 2026
6b8a66d
Merge pull request #166 from OfficeDev/dependabot/npm_and_yarn/axios-…
Rick-Kirkham Apr 10, 2026
f9da79c
Bump follow-redirects from 1.15.11 to 1.16.0
dependabot[bot] Apr 15, 2026
d29e667
Merge pull request #167 from OfficeDev/dependabot/npm_and_yarn/follow…
Rick-Kirkham Apr 15, 2026
92b84f5
Bump @xmldom/xmldom from 0.8.12 to 0.8.13
dependabot[bot] Apr 23, 2026
b3cc87f
Merge pull request #168 from OfficeDev/dependabot/npm_and_yarn/xmldom…
Rick-Kirkham Apr 23, 2026
7339440
Bump fast-xml-parser from 5.5.7 to 5.7.1 (#169)
dependabot[bot] Apr 23, 2026
5a67fe6
Automatically run npm audit fix
invalid-email-address May 1, 2026
0ab88fb
Update autorun-npm-audit-fix workflow: checkout@v6, setup-node@v6, no…
ElizabethSamuel-MSFT May 1, 2026
5263824
Merge pull request #170 from OfficeDev/update-autorun-npm-audit-fix-w…
Rick-Kirkham May 1, 2026
45d9236
Merge branch 'master' into autorun-npm-audit-fix
AlexJerabek May 4, 2026
3f79858
Merge pull request #171 from OfficeDev/autorun-npm-audit-fix
Rick-Kirkham May 4, 2026
a610f82
Bump fast-xml-builder from 1.1.5 to 1.2.0
dependabot[bot] May 8, 2026
b43fd40
Merge pull request #173 from OfficeDev/dependabot/npm_and_yarn/fast-x…
Rick-Kirkham May 8, 2026
ac99038
Bump ip-address and express-rate-limit
dependabot[bot] May 8, 2026
96aad5e
Bump fast-uri from 3.0.6 to 3.1.2
dependabot[bot] May 8, 2026
7ee198a
Merge pull request #174 from OfficeDev/dependabot/npm_and_yarn/fast-u…
Rick-Kirkham May 9, 2026
d0cc569
Merge branch 'master' into dependabot/npm_and_yarn/multi-7bdfbe8666
Rick-Kirkham May 9, 2026
f883a02
Bump hono from 4.12.16 to 4.12.18
dependabot[bot] May 9, 2026
ffa003e
Merge pull request #175 from OfficeDev/dependabot/npm_and_yarn/hono-4…
Rick-Kirkham May 9, 2026
8f3efc4
Merge branch 'master' into dependabot/npm_and_yarn/multi-7bdfbe8666
Rick-Kirkham May 9, 2026
b7b6f49
Bump @babel/plugin-transform-modules-systemjs from 7.25.9 to 7.29.4
dependabot[bot] May 9, 2026
11245a8
Merge pull request #176 from OfficeDev/dependabot/npm_and_yarn/babel/…
Rick-Kirkham May 9, 2026
8db4d5e
Merge branch 'master' into dependabot/npm_and_yarn/multi-7bdfbe8666
AlexJerabek May 11, 2026
672ade6
Bump @opentelemetry/sdk-node and @azure/monitor-opentelemetry
dependabot[bot] May 16, 2026
2cb9f65
Bump @opentelemetry/exporter-prometheus and @azure/monitor-opentelemetry
dependabot[bot] May 16, 2026
feea6b7
Merge pull request #177 from OfficeDev/dependabot/npm_and_yarn/multi-…
Rick-Kirkham May 18, 2026
85eb9e6
Merge branch 'master' into dependabot/npm_and_yarn/multi-e82fe9b04e
Rick-Kirkham May 18, 2026
a76a29e
Bump webpack-dev-server from 5.2.1 to 5.2.4
dependabot[bot] May 18, 2026
7543426
Merge pull request #178 from OfficeDev/dependabot/npm_and_yarn/multi-…
Rick-Kirkham May 19, 2026
8ddaef7
Merge branch 'master' into dependabot/npm_and_yarn/webpack-dev-server…
Rick-Kirkham May 19, 2026
b0bee59
Merge pull request #179 from OfficeDev/dependabot/npm_and_yarn/webpac…
Rick-Kirkham May 20, 2026
43df11b
Merge branch 'master' into dependabot/npm_and_yarn/multi-7bdfbe8666
Rick-Kirkham May 21, 2026
5b0dfd0
Merge pull request #172 from OfficeDev/dependabot/npm_and_yarn/multi-…
Rick-Kirkham May 21, 2026
3ce81a9
Bump qs and express (#180)
dependabot[bot] May 26, 2026
ba90803
Bump axios from 1.15.2 to 1.16.1 (#181)
dependabot[bot] May 29, 2026
0db3143
Automatically run npm audit fix
invalid-email-address Jun 1, 2026
bede260
Merge pull request #182 from OfficeDev/autorun-npm-audit-fix
Rick-Kirkham Jun 8, 2026
65d4722
Bump shell-quote from 1.8.2 to 1.8.4
dependabot[bot] Jun 9, 2026
d78707e
Merge pull request #184 from OfficeDev/dependabot/npm_and_yarn/shell-…
Rick-Kirkham Jun 9, 2026
adbb6a8
Bump launch-editor from 2.10.0 to 2.14.1 (#185)
dependabot[bot] Jun 19, 2026
c642088
Bump webpack-dev-server from 5.2.4 to 5.2.5
dependabot[bot] Jun 19, 2026
b73909e
Merge pull request #186 from OfficeDev/dependabot/npm_and_yarn/webpac…
Rick-Kirkham Jun 19, 2026
b928db1
Bump @babel/core, @babel/preset-env and babel-loader
dependabot[bot] Jun 19, 2026
ef792b3
Merge pull request #191 from OfficeDev/dependabot/npm_and_yarn/multi-…
Rick-Kirkham Jun 19, 2026
c56d447
Bump hono from 4.12.23 to 4.12.26 (#190)
dependabot[bot] Jun 20, 2026
04e58be
Bump form-data from 4.0.5 to 4.0.6
dependabot[bot] Jun 20, 2026
912e9ef
Bump js-yaml from 4.1.1 to 4.2.0
dependabot[bot] Jun 20, 2026
f64cd30
Automatically run npm audit fix
invalid-email-address Jun 22, 2026
7f30b22
Merge pull request #187 from OfficeDev/dependabot/npm_and_yarn/form-d…
Rick-Kirkham Jun 22, 2026
5c178b3
Merge branch 'master' into dependabot/npm_and_yarn/js-yaml-4.2.0
Rick-Kirkham Jun 22, 2026
448ddb5
Merge branch 'master' into autorun-npm-audit-fix
Rick-Kirkham Jun 22, 2026
e25d444
Merge pull request #188 from OfficeDev/dependabot/npm_and_yarn/js-yam…
Rick-Kirkham Jun 23, 2026
cb8fc63
Merge branch 'master' into autorun-npm-audit-fix
Rick-Kirkham Jun 23, 2026
b7e80da
Merge pull request #192 from OfficeDev/autorun-npm-audit-fix
Rick-Kirkham Jun 23, 2026
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
63 changes: 63 additions & 0 deletions .github/workflows/autorun-npm-audit-fix.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,63 @@
name: autorun-npm-audit-fix
run-name: Automatically run npm audit fix
on:
schedule:
- cron: '45 08 1 * *' # Run at 1:45 AM PDT on the 1st of every month
workflow_dispatch:
jobs:
autorun-npm-audit-fix:
runs-on: ubuntu-latest
permissions:
contents: write
defaults:
run:
shell: bash
working-directory: ./
steps:
- name: Check out repository
uses: actions/checkout@v6
- name: Set up node
uses: actions/setup-node@v6
with:
node-version: 'lts/*'
- name: Get whether autorun-npm-audit-fix branch exists
run: |
echo "Getting whether autorun-npm-audit-fix branch exists"
git config user.name github-actions
git config user.email github-actions@github.com
{
echo 'git_ls_remote_origin_autorun_npm_audit_fix<<EOF'
git ls-remote origin autorun-npm-audit-fix
echo EOF
} >> "$GITHUB_OUTPUT"
id: run_git_ls_remote_origin_autorun_npm_audit_fix
- name: Delete autorun-npm-audit-fix if it exists
if: ${{ contains(steps.run_git_ls_remote_origin_autorun_npm_audit_fix.outputs.git_ls_remote_origin_autorun_npm_audit_fix, '/autorun-npm-audit-fix') }}
run: |
echo "Deleting remote autorun-npm-audit-fix branch"
git push origin --delete autorun-npm-audit-fix
- name: Run npm audit fix
run: |
echo "Running npm audit fix (breaking changes will need to be addressed manually)"
npm audit fix || true
- name: Add any changes
run: |
echo "Determining if there are any changes"
git config user.name github-actions
git config user.email github-actions@github.com
git checkout -b autorun-npm-audit-fix
git add .
- name: Run git status
run: |
{
echo 'git_status<<EOF'
git status
echo EOF
} >> "$GITHUB_OUTPUT"
id: run_git_status
- name: Commit and push changes if any
if: ${{ !contains(steps.run_git_status.outputs.git_status, 'nothing to commit, working tree clean') }}
run: |
echo "Committing and pushing changes to autorun-npm-audit-fix branch"
git commit -m "Automatically run npm audit fix"
git push --set-upstream origin autorun-npm-audit-fix
Loading