diff --git a/.github/workflows/auto-unassign.yml b/.github/workflows/auto-unassign.yml index 82f18a74f..55cc2f4a9 100644 --- a/.github/workflows/auto-unassign.yml +++ b/.github/workflows/auto-unassign.yml @@ -14,7 +14,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Check assigned issues and unassign stale ones - uses: actions/github-script@v9 + uses: actions/github-script@v7 with: github-token: ${{ secrets.GITHUB_TOKEN }} script: | diff --git a/.github/workflows/automated-tests.yml b/.github/workflows/automated-tests.yml index 22438c06d..a20fe39e4 100644 --- a/.github/workflows/automated-tests.yml +++ b/.github/workflows/automated-tests.yml @@ -13,14 +13,14 @@ jobs: steps: - name: Checkout Code Repository Layers - uses: actions/checkout@v7 + uses: actions/checkout@v4 - - uses: pnpm/action-setup@v6 + - uses: pnpm/action-setup@v4 with: - version: 11 + version: 9 - name: Initialize Node.js Environment - uses: actions/setup-node@v6 + uses: actions/setup-node@v4 with: node-version: 22 cache: 'pnpm' diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 428bb6922..50c9b220d 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -17,12 +17,12 @@ jobs: name: Type check runs-on: ubuntu-latest steps: - - uses: actions/checkout@v7 + - uses: actions/checkout@v4 - - uses: pnpm/action-setup@v6 + - uses: pnpm/action-setup@v4 with: - version: 11 - - uses: actions/setup-node@v6 + version: 9 + - uses: actions/setup-node@v4 with: node-version: 22 cache: pnpm @@ -37,12 +37,12 @@ jobs: name: Lint runs-on: ubuntu-latest steps: - - uses: actions/checkout@v7 + - uses: actions/checkout@v4 - - uses: pnpm/action-setup@v6 + - uses: pnpm/action-setup@v4 with: - version: 11 - - uses: actions/setup-node@v6 + version: 9 + - uses: actions/setup-node@v4 with: node-version: 22 cache: pnpm @@ -60,12 +60,12 @@ jobs: contents: read id-token: write steps: - - uses: actions/checkout@v7 + - uses: actions/checkout@v4 - - uses: pnpm/action-setup@v6 + - uses: pnpm/action-setup@v4 with: - version: 11 - - uses: actions/setup-node@v6 + version: 9 + - uses: actions/setup-node@v4 with: node-version: 22 cache: pnpm @@ -84,7 +84,7 @@ jobs: - name: Upload coverage to Codecov if: hashFiles('coverage/lcov.info') != '' - uses: codecov/codecov-action@v7 + uses: codecov/codecov-action@v4 with: files: ./coverage/lcov.info flags: unit @@ -106,12 +106,12 @@ jobs: SUPABASE_SERVICE_ROLE_KEY: placeholder-service-key NEXT_PUBLIC_APP_URL: http://localhost:3000 steps: - - uses: actions/checkout@v7 + - uses: actions/checkout@v4 - - uses: pnpm/action-setup@v6 + - uses: pnpm/action-setup@v4 with: - version: 11 - - uses: actions/setup-node@v6 + version: 9 + - uses: actions/setup-node@v4 with: node-version: 22 cache: pnpm @@ -126,12 +126,12 @@ jobs: name: Dependency audit runs-on: ubuntu-latest steps: - - uses: actions/checkout@v7 + - uses: actions/checkout@v4 - - uses: pnpm/action-setup@v6 + - uses: pnpm/action-setup@v4 with: - version: 11 - - uses: actions/setup-node@v6 + version: 9 + - uses: actions/setup-node@v4 with: node-version: 22 cache: pnpm @@ -146,7 +146,7 @@ jobs: name: Environment security check runs-on: ubuntu-latest steps: - - uses: actions/checkout@v7 + - uses: actions/checkout@v4 - name: Check SERVICE_ROLE_KEY exposure run: bash scripts/check-env-security.sh diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 75e41c1a0..1c03ae1bc 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -24,7 +24,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@v7 + uses: actions/checkout@v4 - name: Initialize CodeQL uses: github/codeql-action/init@v4 diff --git a/.github/workflows/duplicate-issue-check.yml b/.github/workflows/duplicate-issue-check.yml index 0baeb6a23..916f67a6f 100644 --- a/.github/workflows/duplicate-issue-check.yml +++ b/.github/workflows/duplicate-issue-check.yml @@ -12,7 +12,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Check for duplicate issues - uses: actions/github-script@v9 + uses: actions/github-script@v7 with: script: | const issue = context.payload.issue; diff --git a/.github/workflows/e2e.yml b/.github/workflows/e2e.yml index 99da69366..5be7f9ab7 100644 --- a/.github/workflows/e2e.yml +++ b/.github/workflows/e2e.yml @@ -26,12 +26,12 @@ jobs: PLAYWRIGHT_SERVER_MODE: start CI: true steps: - - uses: actions/checkout@v7 + - uses: actions/checkout@v4 - - uses: pnpm/action-setup@v6 + - uses: pnpm/action-setup@v4 with: - version: 11 - - uses: actions/setup-node@v6 + version: 9 + - uses: actions/setup-node@v4 with: node-version: 22 cache: pnpm diff --git a/.github/workflows/gssoc-labels.yml b/.github/workflows/gssoc-labels.yml index ed7795dfd..d7db1c705 100644 --- a/.github/workflows/gssoc-labels.yml +++ b/.github/workflows/gssoc-labels.yml @@ -18,12 +18,12 @@ jobs: if: github.event_name == 'pull_request_target' steps: - name: Checkout - uses: actions/checkout@v7 + uses: actions/checkout@v4 with: fetch-depth: 0 - name: Detect and apply type labels - uses: actions/github-script@v9 + uses: actions/github-script@v7 with: github-token: ${{ secrets.GITHUB_TOKEN }} script: | @@ -106,7 +106,7 @@ jobs: } - name: Post admin checklist comment - uses: actions/github-script@v9 + uses: actions/github-script@v7 if: github.event.action == 'opened' with: github-token: ${{ secrets.GITHUB_TOKEN }} @@ -147,7 +147,7 @@ jobs: github.event.review.state == 'approved' steps: - name: Check for gssoc:approved label - uses: actions/github-script@v9 + uses: actions/github-script@v7 with: github-token: ${{ secrets.GITHUB_TOKEN }} script: | diff --git a/.github/workflows/issue-assignment.yml b/.github/workflows/issue-assignment.yml index 64966cf2b..17e0d8a31 100644 --- a/.github/workflows/issue-assignment.yml +++ b/.github/workflows/issue-assignment.yml @@ -15,7 +15,7 @@ jobs: if: github.event.issue.pull_request == null steps: - name: Handle assignment request - uses: actions/github-script@v9 + uses: actions/github-script@v7 with: github-token: ${{ secrets.GITHUB_TOKEN }} script: | diff --git a/.github/workflows/issue-closed-star.yml b/.github/workflows/issue-closed-star.yml index 11a85ec2b..a676483bf 100644 --- a/.github/workflows/issue-closed-star.yml +++ b/.github/workflows/issue-closed-star.yml @@ -12,7 +12,7 @@ jobs: if: github.event.issue.state_reason == 'completed' runs-on: ubuntu-latest steps: - - uses: actions/github-script@v9 + - uses: actions/github-script@v7 with: script: | await github.rest.issues.createComment({ diff --git a/.github/workflows/labeler.yml b/.github/workflows/labeler.yml index 28a0bcacb..08e6fbf23 100644 --- a/.github/workflows/labeler.yml +++ b/.github/workflows/labeler.yml @@ -9,8 +9,8 @@ jobs: issues: write runs-on: ubuntu-latest steps: - - uses: actions/checkout@v7 - - uses: actions/labeler@v6 + - uses: actions/checkout@v4 + - uses: actions/labeler@v5 continue-on-error: true with: repo-token: "${{ secrets.GITHUB_TOKEN }}" diff --git a/.github/workflows/pr-merged-star.yml b/.github/workflows/pr-merged-star.yml index 112bdf8ec..24aed70fe 100644 --- a/.github/workflows/pr-merged-star.yml +++ b/.github/workflows/pr-merged-star.yml @@ -12,7 +12,7 @@ jobs: if: github.event.pull_request.merged == true runs-on: ubuntu-latest steps: - - uses: actions/github-script@v9 + - uses: actions/github-script@v7 with: script: | await github.rest.issues.createComment({ diff --git a/.github/workflows/pr-star-required.yml b/.github/workflows/pr-star-required.yml index 53ce21220..3e9c4226e 100644 --- a/.github/workflows/pr-star-required.yml +++ b/.github/workflows/pr-star-required.yml @@ -15,7 +15,7 @@ jobs: name: Star required runs-on: ubuntu-latest steps: - - uses: actions/github-script@v9 + - uses: actions/github-script@v7 with: github-token: ${{ secrets.GITHUB_TOKEN }} script: | diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml index 9ca08b5b9..63ec77b15 100644 --- a/.github/workflows/stale.yml +++ b/.github/workflows/stale.yml @@ -9,7 +9,7 @@ jobs: stale: runs-on: ubuntu-latest steps: - - uses: actions/stale@v10 + - uses: actions/stale@v9 with: stale-issue-message: > This issue has been inactive for 21 days. If you are still working on it or it is still relevant, please leave a comment — otherwise it will be closed in 7 days. diff --git a/.github/workflows/visual-regression.yml b/.github/workflows/visual-regression.yml index 401300788..b28e11b3c 100644 --- a/.github/workflows/visual-regression.yml +++ b/.github/workflows/visual-regression.yml @@ -40,14 +40,14 @@ jobs: steps: - name: Checkout - uses: actions/checkout@v7 + uses: actions/checkout@v4 - - uses: pnpm/action-setup@v6 + - uses: pnpm/action-setup@v4 with: - version: 11 + version: 9 - name: Setup Node - uses: actions/setup-node@v6 + uses: actions/setup-node@v4 with: node-version: 22 cache: pnpm @@ -65,7 +65,7 @@ jobs: run: npx playwright test -c playwright.visual.config.mjs - name: Upload visual regression artifacts - uses: actions/upload-artifact@v7 + uses: actions/upload-artifact@v4 if: failure() with: name: visual-regression-artifacts diff --git a/.github/workflows/welcome.yml b/.github/workflows/welcome.yml index 448cc6936..5362816f1 100644 --- a/.github/workflows/welcome.yml +++ b/.github/workflows/welcome.yml @@ -14,7 +14,7 @@ jobs: welcome: runs-on: ubuntu-latest steps: - - uses: actions/github-script@v9 + - uses: actions/github-script@v7 with: github-token: ${{ secrets.GITHUB_TOKEN }} script: | diff --git a/package.json b/package.json index 7a4549cba..845a81609 100644 --- a/package.json +++ b/package.json @@ -118,13 +118,10 @@ "@scarf/scarf", "@sentry/cli", "@swc/core", - "@tree-sitter-grammars/tree-sitter-yaml", "core-js-pure", "core-js", "esbuild", "sharp", - "tree-sitter-json", - "tree-sitter", "unrs-resolver" ] } diff --git a/src/lib/ssrf-protection.ts b/src/lib/ssrf-protection.ts index 3547600fd..81f7ece4b 100644 --- a/src/lib/ssrf-protection.ts +++ b/src/lib/ssrf-protection.ts @@ -14,7 +14,7 @@ function ipToNumber(ip: string): number { if (parts.length !== 4) return NaN; const numParts = parts.map(Number); if (numParts.some((n) => isNaN(n) || n < 0 || n > 255 || !Number.isInteger(n))) return NaN; - return ((numParts[0] << 24) | (numParts[1] << 16) | (numParts[2] << 8) | numParts[3]) >>> 0; + return (numParts[0] * 16777216) + (numParts[1] * 65536) + (numParts[2] * 256) + numParts[3]; } function isPrivateIP(ip: string): boolean {