Update CHANGELOG

Bumps [crazy-max/ghaction-github-labeler](https://github.com/crazy-max/ghaction-github-labeler) from v3.0.0 to v3.1.0.
- [Release notes](https://github.com/crazy-max/ghaction-github-labeler/releases)
- [Changelog](https://github.com/crazy-max/ghaction-github-labeler/blob/master/CHANGELOG.md)
- [Commits](https://github.com/crazy-max/ghaction-github-labeler/compare/v3.0.0...dbccbd0ebd1178b5942ba419c921b36525829588)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

.github/CONTRIBUTING.md

@@ -7,11 +7,11 @@ Contributions to this project are [released](https://help.github.com/articles/gi
 ## Submitting a pull request
 
 1. [Fork](https://github.com/crazy-max/ghaction-upx/fork) and clone the repository
-2. Configure and install the dependencies: `npm install`
-3. Make sure the tests pass on your machine: `npm run test`
+2. Configure and install the dependencies: `yarn install`
+3. Make sure the tests pass on your machine: `yarn run test`
 4. Create a new branch: `git checkout -b my-branch-name`
 5. Make your change, add tests, and make sure the tests still pass
-6. Run pre-checkin: `npm run pre-checkin`
+6. Run pre-checkin: `yarn run pre-checkin`
 7. Push to your fork and [submit a pull request](https://github.com/crazy-max/ghaction-upx/compare)
 8. Pat your self on the back and wait for your pull request to be reviewed and merged.
 

.github/dependabot.yml

@@ -1,6 +1,6 @@
 version: 2
 updates:
-  - package-ecosystem: "npm"
+  - package-ecosystem: "github-actions"
     directory: "/"
     schedule:
       interval: "daily"
@@ -9,3 +9,14 @@ updates:
     labels:
       - ":game_die: dependencies"
       - ":robot: bot"
+  - package-ecosystem: "npm"
+    directory: "/"
+    schedule:
+      interval: "daily"
+      time: "06:00"
+      timezone: "Europe/Paris"
+    allow:
+      - dependency-type: "production"
+    labels:
+      - ":game_die: dependencies"
+      - ":robot: bot"

.github/labels.yml

@@ -1,4 +1,8 @@
 ## more info https://github.com/crazy-max/ghaction-github-labeler
+- # automerge
+  name: ":bell: automerge"
+  color: "8f4fbc"
+  description: ""
 - # bot
   name: ":robot: bot"
   color: "69cde9"

.github/workflows/automerge.yml

@@ -1,46 +0,0 @@
-name: automerge
-
-on:
-  pull_request:
-    types:
-      - labeled
-      - unlabeled
-      - synchronize
-      - unlocked
-  check_suite:
-    types:
-      - completed
-  status: {}
-
-jobs:
-  dependabot:
-    runs-on: ubuntu-latest
-    if: github.actor == 'dependabot[bot]' || github.actor == 'dependabot-preview[bot]'
-    steps:
-      -
-        name: Approve
-        uses: actions/github-script@0.9.0
-        with:
-          github-token: ${{secrets.GITHUB_TOKEN}}
-          script: |
-            await github.pulls.createReview({
-              owner: context.payload.repository.owner.login,
-              repo: context.payload.repository.name,
-              pull_number: context.payload.pull_request.number,
-              event: 'APPROVE'
-            })
-      -
-        name: Wait
-        run: sleep 3
-      -
-        name: Merge
-        uses: actions/github-script@0.9.0
-        with:
-          github-token: ${{secrets.GITHUB_TOKEN}}
-          script: |
-            await github.pulls.merge({
-              owner: context.payload.repository.owner.login,
-              repo: context.payload.repository.name,
-              pull_number: context.payload.pull_request.number,
-              merge_method: 'squash'
-            })

.github/workflows/ci.yml

@@ -1,12 +1,16 @@
 name: ci
 
 on:
+  schedule:
+    - cron: '0 10 * * *' # everyday at 10am
   pull_request:
     branches:
       - master
+      - releases/v*
   push:
     branches:
       - master
+      - releases/v*
 
 jobs:
   ci:
@@ -28,7 +32,7 @@ jobs:
     steps:
       -
         name: Checkout
-        uses: actions/checkout@v2
+        uses: actions/checkout@v2.3.3
       -
         name: Download file
         id: download

.github/workflows/labels.yml

@@ -14,10 +14,7 @@ jobs:
     steps:
       -
         name: Checkout
-        uses: actions/checkout@v2
+        uses: actions/checkout@v2.3.3
       -
         name: Run Labeler
-        if: success()
-        uses: crazy-max/ghaction-github-labeler@v2
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        uses: crazy-max/ghaction-github-labeler@v3.1.0

.github/workflows/lint.yml

@@ -1,24 +0,0 @@
-name: lint
-
-on:
-  pull_request:
-    paths:
-      - '.github/workflows/lint.yml'
-      - 'src/*'
-
-jobs:
-  lint:
-    runs-on: ubuntu-latest
-    steps:
-      -
-        name: Checkout
-        uses: actions/checkout@v2
-      -
-        name: Set up Node
-        uses: actions/setup-node@v1
-      -
-        name: Setup TS
-        run: npm install tslint typescript -g
-      -
-        name: Lint check
-        run: tslint './src/*.ts'

.github/workflows/master.yml

@@ -1,36 +0,0 @@
-name: master
-
-on:
-  push:
-    branches:
-      - master
-
-jobs:
-  prune:
-    runs-on: ubuntu-latest
-    steps:
-      -
-        name: Checkout
-        uses: actions/checkout@v2
-      -
-        name: Build
-        run: |
-          npm install
-          npm run format
-          npm run build
-      -
-        name: Set up Git
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        run: |
-          git config user.name "${GITHUB_ACTOR}"
-          git config user.email "${GITHUB_ACTOR}@users.noreply.github.com"
-          git remote set-url origin https://x-access-token:${GITHUB_TOKEN}@github.com/${GITHUB_REPOSITORY}.git
-      -
-        name: Commit and push changes
-        run: |
-          git add .
-          if output=$(git status --porcelain) && [ ! -z "$output" ]; then
-            git commit -m 'Update generated content'
-            git push
-          fi

.github/workflows/pre-checkin.yml

@@ -0,0 +1,30 @@
+name: pre-checkin
+
+on:
+  push:
+    paths-ignore:
+      - '**.md'
+  pull_request:
+    paths-ignore:
+      - '**.md'
+
+jobs:
+  pre-checkin:
+    runs-on: ubuntu-latest
+    steps:
+      -
+        name: Checkout
+        uses: actions/checkout@v2.3.3
+      -
+        name: Install
+        run: yarn install
+      -
+        name: Pre-checkin
+        run: yarn run pre-checkin
+      -
+        name: Check for uncommitted changes
+        run: |
+          if [[ `git status --porcelain` ]]; then
+            git status --porcelain
+            echo "::warning::Found changes. Please run 'yarn run pre-checkin' and push"
+          fi

.github/workflows/test.yml

@@ -1,12 +1,15 @@
 name: test
 
 on:
-  pull_request:
-    branches:
-      - master
   push:
     branches:
       - master
+      - releases/v*
+    paths-ignore:
+      - '**.md'
+  pull_request:
+    paths-ignore:
+      - '**.md'
 
 jobs:
   test:
@@ -20,16 +23,16 @@ jobs:
     steps:
       -
         name: Checkout
-        uses: actions/checkout@v2
+        uses: actions/checkout@v2.3.3
       -
         name: Install
-        run: npm install
+        run: yarn install
       -
         name: Test
-        run: npm run test
+        run: yarn run test
       -
         name: Upload coverage
-        uses: codecov/codecov-action@v1
+        uses: codecov/codecov-action@v1.0.13
         if: success()
         with:
           token: ${{ secrets.CODECOV_TOKEN }}

CHANGELOG.md

@@ -1,5 +1,9 @@
 # Changelog
 
+## 1.3.3 (2020/10/01)
+
+* Fix CVE-2020-15228
+
 ## 1.3.2 (2020/05/11)
 
 * Update README

README.md

@@ -9,6 +9,16 @@
 
 GitHub Action for [UPX](https://github.com/upx/upx), the Ultimate Packer for eXecutables.
 
+___
+
+* [Usage](#usage)
+* [Customizing](#customizing)
+  * [inputs](#inputs)
+* [Keep up-to-date with GitHub Dependabot](#keep-up-to-date-with-github-dependabot)
+* [Limitation](#limitation)
+* [How can I help?](#how-can-i-help)
+* [License](#license)
+
 ## Usage
 
 ```yaml
@@ -46,11 +56,27 @@ Following inputs can be used as `step.with` keys
 | `file`        | String  |           | File to compress (**required**) |
 | `args`        | String  |           | Arguments to pass to UPX        |
 
+## Keep up-to-date with GitHub Dependabot
+
+Since [Dependabot](https://docs.github.com/en/github/administering-a-repository/keeping-your-actions-up-to-date-with-github-dependabot)
+has [native GitHub Actions support](https://docs.github.com/en/github/administering-a-repository/configuration-options-for-dependency-updates#package-ecosystem),
+to enable it on your GitHub repo all you need to do is add the `.github/dependabot.yml` file:
+
+```yaml
+version: 2
+updates:
+  # Maintain dependencies for GitHub Actions
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "daily"
+```
+
 ## Limitation
 
 This action is only available for Linux and Windows [virtual environments](https://help.github.com/en/articles/virtual-environments-for-github-actions#supported-virtual-environments-and-hardware-resources).
 
-## How can I help ?
+## How can I help?
 
 All kinds of contributions are welcome :raised_hands:! The most basic way to show your support is to star :star2: the project, or to raise issues :speech_balloon: You can also support this project by [**becoming a sponsor on GitHub**](https://github.com/sponsors/crazy-max) :clap: or by making a [Paypal donation](https://www.paypal.me/crazyws) to ensure this journey continues indefinitely! :rocket:
 

package.json

@@ -7,8 +7,7 @@
     "test": "jest --coverage",
     "format": "prettier --write **/*.ts",
     "format-check": "prettier --check **/*.ts",
-    "cleanup-paths": "removeNPMAbsolutePaths ./ --force --fields _where _args",
-    "pre-checkin": "npm run format && npm run cleanup-paths && npm run build"
+    "pre-checkin": "yarn run format && yarn run build"
   },
   "repository": {
     "type": "git",
@@ -21,22 +20,21 @@
   "author": "CrazyMax",
   "license": "MIT",
   "dependencies": {
-    "@actions/core": "^1.2.4",
+    "@actions/core": "^1.2.6",
     "@actions/exec": "^1.0.4",
     "@actions/http-client": "^1.0.8",
-    "@actions/tool-cache": "^1.3.4"
+    "@actions/tool-cache": "^1.6.0"
   },
   "devDependencies": {
-    "@types/jest": "^25.2.1",
-    "@types/node": "^13.13.5",
-    "@zeit/ncc": "^0.22.1",
-    "jest": "^25.5.4",
-    "jest-circus": "^25.5.4",
-    "jest-runtime": "^25.5.4",
-    "prettier": "^2.0.5",
-    "removeNPMAbsolutePaths": "^2.0.0",
-    "ts-jest": "^25.5.1",
-    "typescript": "^3.8.3",
+    "@types/jest": "^26.0.14",
+    "@types/node": "^14.11.2",
+    "@vercel/ncc": "^0.24.1",
+    "jest": "^26.4.2",
+    "jest-circus": "^26.4.2",
+    "jest-runtime": "^26.4.2",
+    "prettier": "^2.1.2",
+    "ts-jest": "^26.4.1",
+    "typescript": "^4.0.3",
     "typescript-formatter": "^7.2.2"
   }
 }