fix: Upgrade to Node 16

.github/dependabot.yml

@@ -7,3 +7,9 @@ updates:
     # Check the npm registry for updates every day (weekdays)
     schedule:
       interval: 'daily'
+
+  # Maintain dependencies for GitHub Actions
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "weekly"

.github/workflows/ci.yml

@@ -11,25 +11,25 @@ jobs:
     runs-on: ubuntu-latest
     strategy:
       matrix:
-        node-version: ["14", "16"]
+        node-version: ["16", "18"]
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.2.0
         with:
           fetch-depth: 0
 
-      - uses: actions/setup-node@v2
+      - uses: actions/setup-node@8c91899e586c5b171469028077307d293428b516 # v3.5.1
         with:
           node-version: ${{ matrix.node-version }}
       - name: Install dependencies
         run: yarn install --ignore-engines
 
       - name: Check format and lint
-        if: matrix.node-version == 14 
+        if: matrix.node-version == 16
         run: yarn run format-check && yarn run lint
 
       - name: Run tests
         run: yarn test
 
       - name: Build and package
-        if: matrix.node-version == 14 
+        if: matrix.node-version == 16
         run: yarn run build

.github/workflows/codeql.yml

@@ -17,10 +17,10 @@ jobs:
         uses: actions/checkout@v2
 
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@v1
+        uses: github/codeql-action/init@896079047b4bb059ba6f150a5d87d47dde99e6e5
 
       - name: Autobuild
-        uses: github/codeql-action/autobuild@v1
+        uses: github/codeql-action/autobuild@896079047b4bb059ba6f150a5d87d47dde99e6e5
 
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@v1
+        uses: github/codeql-action/analyze@896079047b4bb059ba6f150a5d87d47dde99e6e5

.github/workflows/dependabot.yml

@@ -0,0 +1,38 @@
+name: Dependabot auto approve
+on: pull_request
+
+permissions:
+  pull-requests: write
+  contents: write
+
+jobs:
+  dependabot:
+    runs-on: [self-hosted, linux, X64, philips]
+    if: ${{ github.actor == 'dependabot[bot]' }}
+    steps:
+      - name: Dependabot metadata
+        id: metadata
+        uses: dependabot/fetch-metadata@5ef00187930bafb52d529e0b9c3dff045dfa9851 # v1.3.5
+        with:
+          github-token: "${{ secrets.GITHUB_TOKEN }}"
+      - name: Checkout
+        uses: actions/checkout@v3
+      - name: Install gh cli
+        run: .github/bin/gh.sh
+      - name: Approve a PR
+        run: gh pr review --approve "$PR_URL"
+        env:
+          PR_URL: ${{ github.event.pull_request.html_url }}
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      - name: Enable auto-merge Dependabot PRs for dev dependencies patch / minor
+        if: ${{ contains(steps.metadata.outputs.dependency-type, ':development') && steps.metadata.outputs.update-type != 'version-update:semver-major' }}
+        run: gh pr merge --auto --merge "$PR_URL"
+        env:
+          PR_URL: ${{ github.event.pull_request.html_url }}
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      - name: Enable auto-merge Dependabot PRs for production dependencies minor
+        if: ${{ contains(steps.metadata.outputs.dependency-type, ':production') && steps.metadata.outputs.update-type == 'version-update:semver-patch' }}
+        run: gh pr merge --auto --merge "$PR_URL"
+        env:
+          PR_URL: ${{ github.event.pull_request.html_url }}
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/release.yml

@@ -12,23 +12,23 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.2.0
         with:
           fetch-depth: 0
           persist-credentials: false
 
-      - uses: actions/setup-node@v2
+      - uses: actions/setup-node@8c91899e586c5b171469028077307d293428b516 # v3.5.1
         with:
-          node-version: 14.18.1
+          node-version: 16
 
       - name: Install dependencies
         run: yarn 
 
       - name: Run checks
         run: yarn run test && yarn lint && yarn run build
 
-      - name: Get installation token
-        uses: npalm/action-app-token@v1.0.0
+      - name: Get app installation token
+        uses: npalm/action-app-token@dd4bb16d91ced5659bc618705c96b822c5a42136 # v1.1.0
         id: app-token
         with:
           appId: ${{ secrets.APP_ID }}

.github/workflows/sonar.yml

@@ -11,28 +11,28 @@ jobs:
   build: 
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.2.0
         with:
           fetch-depth: 0
 
       - name: Get info
         id: info
         run: |
-          echo ::set-output name=repo_name::$(echo $GITHUB_REPOSITORY| cut -d / -f 2)
-          echo ::set-output name=repo_owner::$(echo $GITHUB_REPOSITORY| cut -d / -f 1)
+          echo "repo_name=$(echo $GITHUB_REPOSITORY| cut -d / -f 2)" >> $GITHUB_OUTPUT
+          echo "repo_owner=$(echo $GITHUB_REPOSITORY| cut -d / -f 1)" >> $GITHUB_OUTPUT
           
-      - uses: actions/setup-node@v2
+      - uses: actions/setup-node@8c91899e586c5b171469028077307d293428b516 # v3.5.1
         with:
-          node-version: 14.18.1
+          node-version: 16
       - name: Install dependencies
         run: yarn install
 
       - name: Run all checks and build
         run: yarn run all
 
       - name: SonarCloud Scan
-        if: matrix.node-version == 14 
-        uses: sonarsource/sonarcloud-github-action@master
+        if: matrix.node-version == 16
+        uses: sonarsource/sonarcloud-github-action@cb201f3b2d7a38231a8c042dfea4539c8bea180b # v1.8
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}